On Aug 22, 2019, at 21:18, Larry Rothman <ac293@...> wrote:
Carsten,
From your statement, it sounds like you only like OS s/w.
This is less of a matter of liking, but more a matter of some 40 years of experiencing the ¡°illusion of vendor support¡± (RFC 873, September 1982).
Did you compile the compiler you use to create s/w exe¡¯s?
Yes.
If you do, what did you use - another compiler?
Yes.
Who compiled that one?
Apple.
How can you trust your compiler - or its compiler - or its assembler if you can¡¯t see back to point zero?
I can¡¯t prove anything here (see Ken Thomson¡¯s 1984 Turing award acceptance speech ¡°Reflections On Trusting Trust¡±, ).
On the other hand, a lot of people look at the compilation results from Apple¡¯s compilers.
Did you inspect the firmware that was already installed in the NanoVNA?
Did you verify that it only provides a serial interface, and that it does not have a hidden HID interface that can inject keystrokes so fast, you¡¯d never notice?
My NanoVNA is stuck in customs at the moment.
But I¡¯m happy that I get to examine and compile its firmware on my own, should I choose to.
I do computer security and if you¡¯re going to be paranoid and not trust just about everything 'out there' you won't get anything done.
I teach information security (of which computer security is a part). Paranoia is a medical condition that is often confused by medical laymen with the mental state someone gets into who starts to understand information security.
How about all the Hams that have created closed source software for the great test equipment
they¡¯ve come up with?
It is their prerogative to do so. It¡¯s just not very bright.
What we have learned in the field of computer science is that open source software leads to standing on the shoulders of giants, closed source software leads to others standing on your feet.
(Besides, if you want to, it turns out it is easier these days to monetize the visibility you get from a good open source project than to turn a closed source software project into money. Except for very few situations that need full attention and lots, *lots* of random luck.)
Your statement ¡°Being trusted always creates a liability." just doesn't cut it.
Not sure you understood it. My point is that you can always choose to ¡°trust" someone.
In daily personal interactions, trust may seem like a good thing for the trusted person.
In reality, it also creates a liability for the trusted person: to actually be trustworthy.
And that is not just about acting conscientiously, but also about being skilled enough not to get compromised.
Here we don¡¯t know how that liability is being filled, which makes the trust questionable.
With open source software, more people can share that liability, which can (but need not) make the trust less questionable.
Gr¨¹?e, Carsten
