Pmalek (OP)
Legendary
 Offline
Activity: 2758
Merit: 7137
|
 |
January 28, 2021, 04:09:32 PM |
|
One month ago, I asked the Development & Technical Discussion sub-forum members if they have the habit of checking the open-source code of the software they use. I intentionally created the poll in that board, because I wanted to know if the more technically advanced users perform code audits. You can find the thread and the discussion here. A total of 22 users voted on my question: Do you manually verify the code of the open-source software you use?12 users (54.5%) answered, Yes. 4 users (18.2%) answered, No. 6 users (27.3%) answered they trust that others verified it. 0 users answered that they don't use open-source software.I would now like to ask the general Bitcointalk public the same question. Do you check, and do you know how to check the code of the open-source software you use? Please vote honestly! |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
|
|
|
|
|
|
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
hd49728
Legendary
Offline
Activity: 2086
Merit: 1028
|
|
January 28, 2021, 04:14:11 PM |
|
Open sourced softwares don't mean they have threats, malwares, trojans, viruses and will steal your data if you install and use it on your computer.
A software will good reputation is a must to think of and consider to use it. After choose a good reputation software, verify it if you can (I don't advice OP as he has more time in crypto than me).
It is bad if quickly accept any software and cracked software.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 2968
Merit: 2147
|
|
January 28, 2021, 04:18:01 PM |
|
I don't believe that people who say "yes" actually verify every line of code on every open source software that they use. Some programs, like for example Linux, have millions lines of codes, and these days there are so many programming languages that it's impossible to know them all on a high enough level to verify the code. Software audit takes months to do by professional team, how can you expect regular users to do it?
If it's a small 100-line program, then yeah, it's possible to check it if you know the language. Other than that, we have to put trust in maintainers and contributors to the project, which is why I avoid any projects with very low development activity and community.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
January 28, 2021, 04:21:12 PM |
|
I answered "yes" but I could've answered both thst and depend on other users.
If I don't have time to run something from source with line hopping (or don't want to) then I often just check some significant parts and check things are in order and resemble other stuff. There's also the advantage that other users provide as a large user base in an open source piece of software often means quite a few people have looked at individual modules on their own and worked out how they worked at least and enough have probably done that anyway.
|
|
|
|
|
masulum
Legendary
Offline
Activity: 2226
Merit: 1592
hmph..
|
|
January 28, 2021, 04:55:58 PM |
|
When I'm installed an open sourced software, I'm not checked it, because I don't know much about the programming code, just a basic. I just checking by scanning using anti virus that maybe false to detect. But, even I'm not checking the code, I always careful to deciding to choose, so I'm using community power to find the answer if it save or not. Also, I decide to choose for the lates update on repo and sometimes also check the rates (even maybe fake), Luckly with this way I never found any issue with my PC's (at least till today). Of course this is not the right ways, at least I do something to keep safe my pc from unwanted programs
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1597
|
|
January 28, 2021, 05:06:07 PM |
|
I highly depend on the trust of other auditors. The best thing I can honestly do is just verify the signature of a file before installing it into my system. To protect myself from day-0 exploits and malicious codelines, I usually just wait a few days/weeks after the release of a file before downloading and running it. Other than that, as I know nothing besides basic stuff about coding, I can't do much to protect myself and my identity.
I have also considered learning programming languages to audit codes by myself.. but never found time to do so.
|
|
|
|
|
The Cryptovator
Legendary
Offline
Activity: 2240
Merit: 2174
Need PR/CMC & CG? TG @The_Cryptovator
|
|
January 28, 2021, 05:55:28 PM |
|
I vote for "I trust that others verified it". Because I am not a tech guy and no idea about coding. But personally, I believe when an open-source platform launched officially, then a lot of expert research about that. Otherwise, the team behind the platform would cheat if no one there to audit it. Somehow someone will be revealed if something wrong. For example, I have been using Electrum, which is an open-source bitcoin wallet. I believe many forum experts already audit it and its proven open-source wallet. But of course, it's better if we learn to audit. So we don't need to depend on others.
|
|
|
|
Asuspawer09
Sr. Member
Offline
Activity: 1652
Merit: 426
Cashback 15%
|
|
January 28, 2021, 06:49:30 PM |
|
That's hard to believe  probably most of us do not even check all of the codes or sometimes we don't even visit it, personally, I don't even reach those lines, as well as not everyone could reach programming language. Most likely some applications or software that is open source we just need to see some feedback from the community, after that it's good to go already. There are so many open source applications that are used and trusted by the community that you might probably already using did you read the source code of that one? I don't think so. |
.
HUGE | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
OgNasty
Donator
Legendary
Offline
Activity: 4732
Merit: 4248
Leading Crypto Sports Betting & Casino Platform
|
|
January 28, 2021, 07:00:39 PM |
|
I check the source code of anything that seems like it could potentially be scammy. Obviously I'm not checking the source code of everything I download, but if it's not being used by millions of people, it's worth a quick once over, or at the very least a few searches of the code for potentially harmful lines. For example, if the code calls for copying a wallet.dat file and it's software for playing mp3's, you probably shouldn't be using it.
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
Insanerman
|
|
January 28, 2021, 08:20:03 PM |
|
I don't believe that people who say "yes" actually verify every line of code on every open source software that they use.
I voted yes and I actually do this  There are open source software that just uses some libraries which is already popular and tested by the others so knowing those would already count. Then, the main code of a software is often simple yet turns to have complex when you would read the objects and classes that contains the main logic and algorithm. Practice in coding and even code development in general is already a huge step towards not having a difficulty understanding a software's code. Also, checking it doesn't really means to know it line by line, as most codes already have their comments and documentation before being published to the public. Somehow, coding would make this act a normal thing for you. Because most of the times, learning to code also came from learning how to read and understand other people's codes -- which if you do for months and years, checking codes would turn to be normal for you. |
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2506
Merit: 3649
Buy/Sell crypto at BestChange
|
|
January 29, 2021, 09:14:57 AM |
|
you gave a general question, so everyone who answers yes is a liar or does not give accurate data.
Ask about a specific application and then you will get more accurate answers.
Also, not everyone who has read every line of code knows how to spot or predict vulnerabilities that they need to know a technology that 99% of people do not have.
|
|
|
|
Pmalek (OP)
Legendary
Offline
Activity: 2758
Merit: 7137
|
|
January 29, 2021, 10:02:33 AM |
|
I don't believe that people who say "yes" actually verify every line of code on every open source software that they use. Me neither. I think (and some users also confirmed) that they mostly verify new GitHub commits, binaries, and the bitcoin libraries they need or are interested in checking at that particular time. For example, if the code calls for copying a wallet.dat file and it's software for playing mp3's, you probably shouldn't be using it. It's good for those who have the skills to detect such irregularities. Can you notice such things personally? Should i vote again if i already make a vote on previous thread? Sure, why not. The results wouldn't be credible if only people who don't verify code vote and vice versa. I also voted in both threads. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 2968
Merit: 2147
|
|
January 31, 2021, 11:47:18 PM |
|
For example, if the code calls for copying a wallet.dat file and it's software for playing mp3's, you probably shouldn't be using it. It's good for those who have the skills to detect such irregularities. Can you notice such things personally? There's so many ways that hackers can inject malicious code into software that it's really not a simple task to verify an open source software. A good example is a failed attempt to backdoor Linux kernel by changing a single character to introduce a privilege escalation bug - and it failed because it was done as a commit. If someone was reviewing the whole repo from scratch, it would be easy to overlook it. There are also techniques for code obfuscation which would allow hackers to hide malicious code from searching for potentially dangerous code, like using file system, internet connection, etc. If reviewing code was so easy, software development companies wouldn't have to hire as many programmers. |
|
|
|
lovesmayfamilis
Legendary
Offline
Activity: 2086
Merit: 4291
✿♥‿♥✿
|
|
February 01, 2021, 05:01:34 AM |
|
I will not dissemble. I answered no. I do not check, but I trust. Moreover, I have been working with Linux systems for several years, and compared to Windows, these systems seem to be very stable. But unfortunately, I do not have the knowledge to check all the programs I use. But be that as it may, I know that open source software is regularly checked by numerous people, and all any errors, if found in such programs, are fixed very quickly - unlike proprietary software.
I am well aware that working with open source programs can always be risky, since the developers are not responsible, and any attacker can find a vulnerability in the programs. Therefore, you cannot rely on anyone other than yourself for the security of your data.
|
|
|
|
|
libert19
|
|
February 01, 2021, 05:38:38 AM |
|
Nope, because I can't understand the code. But, when something is open source I tend to believe it's secure thinking someone must have checked the code.
|
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
|
akirasendo17
|
|
February 01, 2021, 06:50:48 AM |
|
One month ago, I asked the Development & Technical Discussion sub-forum members if they have the habit of checking the open-source code of the software they use. I intentionally created the poll in that board, because I wanted to know if the more technically advanced users perform code audits. You can find the thread and the discussion here. A total of 22 users voted on my question: Do you manually verify the code of the open-source software you use?12 users (54.5%) answered, Yes. 4 users (18.2%) answered, No. 6 users (27.3%) answered they trust that others verified it. 0 users answered that they don't use open-source software.I would now like to ask the general Bitcointalk public the same question. Do you check, and do you know how to check the code of the open-source software you use? Please vote honestly! I do check the software but never check the codes, since I use ubuntu for my pc and testing, those were surely tested before being available for community use, what I get were safe PPA, mostly you may know if there something wrong with the software, for 4-5 years using Ubuntu and other software needed never encounter any issue, same with windows, mostly software that have threats were unknown or downloaded from torrent sometimes, also if there are hidden scripts in your pc I think you can feel it since your unit will experience something that is not usual before. |
|
|
|
|
nelson4lov
|
|
February 01, 2021, 08:42:33 AM |
|
I just voted for "I trust that others verified it". My initial thought was to vote Yes but it's not every time I scroll through the codebase of open source softwares. Nope, because I can't understand the code. But, when something is open source I tend to believe it's secure thinking someone must have checked the code.
This is true for more open source projects. Codes don't get merged into the main codebase or main branch without reviews from other community members. That's the beauty with open source softwares. There's only a small chance of someone slipping malicious codes into it. |
|
|
|
Pmalek (OP)
Legendary
Offline
Activity: 2758
Merit: 7137
|
|
February 01, 2021, 02:10:48 PM |
|
I will not dissemble. I answered no. I do not check, but I trust. In that case, maybe I trust that others verified it would have been a more suitable answer for you. I am well aware that working with open source programs can always be risky, since the developers are not responsible, and any attacker can find a vulnerability in the programs. That is the beauty of open-source software, but it is also a a double-edged sword. Those with good intentions can identify vulnerabilities injected by those with bad intentions. But it goes the other way around as well. Those who have bad intentions, can discover flaws in the code and try to take the advantage of it. Everything is server on a silver platter. It just depends on who is looking. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10558
|
|
February 02, 2021, 04:49:06 AM |
|
Nope, because I can't understand the code. But, when something is open source I tend to believe it's secure thinking someone must have checked the code.
This is a dangerous assumption that is abused by some scammers in the past to spread malware (eg. spreading fake Electrum through a GitHub repository!). Instead of making such assumptions you should perform basic checks. For example the age of the repository, number of contributors, number of stars, watchers and forks (shown on top right corner on GitHub), number of commits, ... this way you can get a better estimate of the popularity of the project. For example bitcoin core has 48k stars, 778 contributors and 27k commits. A scam project usually have no stars, less than 5 commits and only 1 contributor. But keep in mind that an unpopular but legit project can also have the same low stats which is why this is just an estimate. After that you have to go to a public forum and ask others to give you feedback about the project you have found. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
10_sjdovn_10
Member
Offline
Activity: 100
Merit: 30
Stay humble, be cool, make world better place.
|
|
February 05, 2021, 12:30:44 PM |
|
Since i'm not programmer i don't check source code.
It is good to check for data integrity via developer public key and .asc file when downloading an open-source software.
It is always good to check via checksum sha256 or md5 too.
What is important is to always download a open-source software from a official website because it's official developer build it's software package and publishes.
|
|
|
|
|
|
Poll
