In today's open source roundup: A redditor wants to know why open source software is more secure. Plus: Mozilla releases Firefox 41. And Fedora 23 beta released Why is open source software more secure? Open source software has long had a reputation of being more secure than its closed source counterparts. But what is it that makes open source software more secure? A redditor recently asked that question and got some interesting answers. Parasymphatetic asked his question in the Linux subreddit: So there is a common argument that Linux and open source software is more secure than their windows counterparts. Now, as an open source and total Linux newbie I have the following question: How so? How do you know that the compiled program you download is exactly like the source code they provided? And does anyone actually check ten thousands of lines of code provided by someone? Do you? And don’t you put the same trust into the people of Valve and Blender like the frowned upon Windows users trust Microsoft? More at Reddit His fellow Linux redditors responded with their thoughts about why open source software is more secure: Bushwacker: ”It’s all available for inspection. You can build the code yourself, including the kernel. Now about backdoors in compilers, that’s another story.” AiwendilH: ”It’s not that opensource software is necessarily better engineered…it is that without the sourcecode it is impossible to see what a program does. So opensource software is seen as more secure as it is the only kind of software that can be checked for security at all without needing to blindly trust someone…everything not open-source can’t be checked and by this has to be seen as insecure.” Daemonpenguin: ”Open source is not automatically more secure than closed source. The difference is with open source code you can verify for yourself (or pay someone to verify for you) whether the code is secure. With closed source programs you need to take it on faith that a piece of code works properly, open source allows the code to be tested and verified to work properly. Open source also allows anyone to fix broken code, while closed source can only be fixed by the vendor. Over time this means open source projects (like the Linux kernel) tend to become more secure people more people are testing and fixing the code. Anyone who makes a general statement like “Open source software is more secure,” is wrong. What they should say is, “Open source software can be audited and fixed when its behaviour or security is in doubt.” Does anyone check the code? A lot of people do, especially on larger projects like Linux, the C library, Firefox, etc. Do I? Usually no, but I have done a few audits on code I was running to make sure it worked properly. I usually don’t trust Microsoft or Valve or any other closed source software. And I usually only really trust open source projects that have been proactive when it comes to security.” Toemme: ”Currently Debian is attempting to get their packages build reproducibly[1] , so you can check if the binary you get is really built from the source code they show you.” Eingaica: ”Most (if not all) binary distributions compile software and don’t use pre-compiled binaries provided by the developers. At least that’s the case for free/open source software. Whether you can trust that the binaries you get from your distro are identical to what you would get by compiling yourself is a different problem (see e.g. Debian’s reproducible builds project).” OMGTokin: ”…it is true that you are installing binaries and putting a lot of trust in upstream. Pretty soon as others have mentioned there will be reproducible builds, but luckily for you most software you install has a git repository which will allow you to pull source code to aduit and compile yourself.” Sendme: ”The level of paranoia you’re talking about is pretty far out there. The problem with closed source software as far as security is concerned is that only a few people can view the source code and try to fix it. FOSS has a lot more developers looking at the code so hopefully that yields more bugfixes.” Tymanthius: ”Here’s the thing, unless you’re going to back up SEVERAL layers deep to make compilers, you have to start trusting somewhere. Also, there’s the plain & simple fact that most of us just aren’t that important/interesting to spy on.” Justcs: ”License does not dictate code quality.” Whotookmynick: ”…you can’t trust any large amount of code for another you can use tools like wireshark, strace etc. Apple and MS (and valve) are USA based companies, so if their government told them to do something they would have to comply. Another thing is the german government that actually makes trojans legally. As for personal security beyond that, your router filters out most of the threats unless your computer opens a port itself, you should be fine under linux/bsd X can open one, sshd opens one, vnc, skype/irc/whatever but they have to have vulnerabilities exploitable over a connection” More at Reddit Firefox 41 released The Firefox developers at Mozilla have been cranking away on the next version of the popular browser, and now it’s here. Firefox 41 is available and comes with the option to create a profile picture, as well as memory fixes for Adblock Plus. Silviu Stahie reports for Softpedia: According to the changelog, users should now be able to set a profile picture for the Firefox Account, Firefox Hello comes with support for instant messaging, SVG images can be used as favicons, type 2 add-ons that were not signed by Mozilla will be disabled by default, memory overhead of AdBlock Plus has been reduced, the image decoding process has been refined, and the viewport can no longer be modified by picture elements. A number of other developer and HTML5 changes have been added as well. Firefox had problems with memory management for a long time, and many users recognized this as one of the biggest issues with the browser from Mozilla. The fact that devs are finally taking some steps to correct this problem is a good sign for the future of this application. More at Softpedia Fedora 23 beta released The Fedora developers have also been hard at work on their next release, and the beta version of Fedora 23 is now available. Fedora Magazine has details about the Fedora 23 beta: …GNOME is getting an upgrade, with Fedora 23 containing a preview of the upcoming GNOME 3.18 release, which is easier to use than ever. There are also many enhancements on the way, such as: Improvements to next-generation graphics stack Wayland, preparing it to be the default graphical server in a future release. This includes mixed HiDPI support, to provide a better experience when moving apps between HiDPI and non-HiDPI monitors Support for ambient backlight drivers, so brightness responds to the environment on laptops with the required hardware The Software application is smarter about metered Internet connections, and can now update system firmware More at Fedora Magazine Did you miss a roundup? Check the Eye On Open home page to get caught up with the latest news about open source and Linux. Software DevelopmentOpen Source