As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
This is more a philosophical question but its one I've been pondering for some time now.
I don't know anything about computer security or how computers are broken into. I thought hackers used disassembling software on executable software to create malware and other things.
My question is would making some software open source make it vulnerable to hackers or do I have reverse engineering confused with hacking?
Making something open source does not inherently make it more vulnerable. Trying to hide what you are doing is known as Security Through Obscurity, and it doesn't work very well.
Making something open source makes things easier for casual hackers, since they can see how your app works more easily. On the other hand, making it open source also lets anyone who is interested look through your code and report security vulnerabilities. They're two sides of the same coin.
For the most advanced threats, they'll get through regardless of whether your code is open source or not. On the other hand, honest volunteers are much less likely to bother trying to find and fix bugs in a closed source product.
So basically, it depends. In general, you're better off open sourcing things if you think people are actually going to be interested in the project.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Having a program that has several distinct parts is usual.By part I mean a graphical part that has its own windows and functionalities.(About non graphical part, I think creating a library is the preferable solution)
How do you prefer to separate them ?
Is it better to make each of them a static library and use them in the main program?
Or the better solution is to create an executable file of each one and load them in the main program?
Or even better solution?
I suggest that you read Code Complete or something simlar. This book and others go into the best practices or even how to know which of the best practices you should look into when you create a product.
The problem is one of scope. You need to know your specifications and the parts that join together, as well as which design practices you are going to use before you can answer this question.
I am also inclined to think that there is no right or wrong answer (depending on HOW wrong you are) and that no-one else can answer that question for you, especially since you are likely to be one of the main players in maintaining the code.
Hope that gives you some food for thought :-)
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
As a programming novice, I often run into trouble when trying to install packages, use virtualenv, and basically do anything even mildly complex using the command line.
What are some good references out there to help me UNDERSTAND things like my path, environment, shell scripts, etc?
Basically, I'm tired of copying and pasting. I want to really understand what's going on.
Thanks!
I used Linux in a Nutshell by O'Reilly. It helps you get past the initial beginners stage. Obviously there are a ton more links and tutorials, lists of keystrokes online, easily found with a Google search, but this will help you get going, and nice to read when you are on the bus or at lunch or whatever, to give you some ideas you might not just happen on in normal everyday life.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I was wondering since all updated operating systems guard against stack and heap type overflows via ASLR, Canary Checks, and other such methods, are memory corruption exploits still prevalent? Given that the administrator of the system is competent and protects the system from brute force or libc attacks, I honestly can't see many other ways. They only thing that I can possibly imagine for someone to attack a system is to overwrite function pointers on the stack but thats about it. Maybe if someone found a clever way of predicting random numbers, the schemes that rely on random results could be defeated, however it seems unlikely. It seems the only way to exploit someone else's system given now a days is to trick root or the admin into installing your software. Are the old days of code injection over? I'm at this from the perspective of breaking updated protected systems.
You do not need to trick the admin into installing your software if vulnerable software is already installed.
It is much easier to use higher-level constructs to have a OS command injected.
E.g.: a web application allowing to upload a file to arbitrary location, a web application using user-controllable input to build an OS command.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I'm currently searching for as many material as possible on the formats above for a paper. Currently, all I've come up with are websites concerning the matter, now the question is; are there sophisticated other sources of information on that topic? Preferrably written stuff - I'm especially intereseted in the actual application of such graphic formats for display in browsers and alike.
The main reason is, that I don't want my whole bibliography to be made up with websites -- profs dun like that no much -- so I was hoping for some "hard" information, as they say...
Most of the standards for web formats in particular, but file formats in general are written by organisations and published via the internet. For instance, SVG is under the jurisdiction of the W3C as is WebCGM. I would expect that references to these sorts of organisations should be fine for academics, though make sure you use the permanent links to the exact document you are citing (ie, not the links I've provided which are the 'up to the minute' links).
eg:
Bad: http://w3.org/TR/SVG
Good: http://www.w3.org/TR/2010/WD-SVG11-20100622/
The main reason for this is that these documents are always under review, and change almost constantly. Keeping printed copies would just be a huge burden and not very helpful in the long run.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I want to work with the Linux kernel, but I have no idea where to start. Is there a sort of ticketing system somewhere where bugs and such are distributed? Where can I get ideas for potentially useful contributions?
EDIT: Yes I know what I'm doing. I've been writing my own modifications for a good while now, and I'm doing an independent project under one of the operating systems researchers at my university next semester.
The reason I ask is I'd like to contribute my expertise to the dev process, and I don't know where to start in terms of organization. In terms of technical matters, I'm just about there.
Start with these: Kernel Bugs involving typo.
(Search everyday until you find something promising).
Search that bug database with keywords like "comment", "typo", "documentation", "minor bug", etc.
Also, search under the category Documentation here.
Learn the process first. Then, attempt to contribute something significant.
Pick a subsystem and subscribe to the relevant mailing list. Spend some time studying the subsystem. Start small and fix simple bugs then gradually do work of higher significance. You may want to look at the TODO files in the kernel source directory, especially for drivers in staging.
Get a GIT tutorial. You may also watch this