Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don’t use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I’d left off in Chrome. I couldn’t believe my eyes.

  • wizardbeard@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    9 months ago

    If no one is actually auditing that code, or somehow confirming that the binaries shipped by your package manager match what the code compiles to, then you’re still playing a trust game.

    Trusting in open source software devs rather than a capitalist corporation definitely makes sense, but it isn’t some panacea for “safe, nonspying software”.

    Also, dependencies on linux absolutely include programs I don’t want. They just tend to be less obtrusive terminal programs and libraries rather than full blown UI based shit. Less visible, but far easier to sneak under the radar.

    • max@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      4
      ·
      9 months ago

      is why the mostly trust :3 as always run code at ur own risk

      and the utility programs thatr part of thhe dependencies r often there so its easier for devs to use depenancies, so they do sorta gotta be there !

    • msage@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      9 months ago

      That’s why I use Gentoo. I don’t read the code, even just Firefox is absolutely bonkers, but being able to flag out parts of code just feels nice. I know it’s not absolute, but -telemetry gives me a nice warm feeling inside.

    • jarfil@beehaw.org
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      9 months ago

      somehow confirming that the binaries shipped by your package manager match what the code compiles to

      Indeed, that’s why: https://reproducible-builds.org/

      Right now, Debian seems to be leading with over 95% of packages being reproducible.