kinggo | # 41 | 2018-05-05, 14:48 | Report

sorry, but how is that better for ~98% of the people who doesn't know anything about coding? I mean, I do know how to compile some basic stuff on linux, use AUR or svn or git...... But I still have to trust that source the same way I trust precompiled binary.

pichlo | # 42 | 2018-05-05, 17:15 | Report

Exactly! Forget the 98℅, published sources hardly help even the expert programmers. Who on earth has the time or expertise to review 5 million lines of code?

Having said that, I agree with juiceme on one point. I don't really care about the application being provided in source or binary, but the API should definitely be open and public. Otherwise you never know what even the intention is, let alone the implementation.

pichlo | # 43 | 2018-05-05, 17:21 | Report

That is a very old skool way of thinking. No one gives a damn about root any more, especially on a mobile device. User level is where all the important stuff is: your address books, your emails, your login details to various services including online banking... What can root give you on top of that? Install a new driver? So what?

nthn | # 44 | 2018-05-05, 17:43 | Report

You could say the same thing about ingredient lists or expiry dates on food items, they only show what should be in there, but still someone might have poisoned your cookies. It's reasonable to assume that there are no real lies on the package, that your cookies will contain exactly and only those things listed in the ingredients and that they didn't expire five years ago. This doesn't prevent the cookie company from telling any lies (companies being called to court for false advertising is not uncommon), but it creates some trust that otherwise wouldn't have been there. I don't extensively read the ingredients on my cookies, but knowing they're there sufficiently satisfies my curiosity (side note: I'm thinking interpassivity may be at play here) and I don't think I would have bought them if there were no ingredients listed at all. Of course, this in itself doesn't explain why I would eat anything at a restaurant or at a friend's place, because usually the ingredients of the food aren't listed there.

nthn | # 45 | 2018-05-05, 17:49 | Report

I agree, but I think root access is still relevant for installing hidden Bitcoin miners or DDoS applications and such, so situations where the attacker is not interested in data, only money or whatever the intentions behind DDoS attacks are.

pichlo | # 46 | 2018-05-05, 17:52 | Report

@nthn, I agree, although if I get it right, you compare published ingredients to published code. I would compare them to a published interface. A published code would be an equipment to a full recipe, including the order of adding the ingredients and cooking times. You get basic nutrition information (API) on most food packages but the exact recipes (source code) are usually a trade secret.

nieldk | # 47 | 2018-05-05, 17:53 | Report

for bitcoin miners, really, you dont need root.

as for the open source part mentioned by @juiceme - i agree with juiceme. Without sources its damn difficult to figure out watch going on. Sure, ordinairy users dont care probably. But having the sources is way more easy auditing. Its old-school, but damn right necessary.

pichlo | # 48 | 2018-05-05, 17:57 | Report

It is also relevant on servers that store personal data of thousands of users. Root will give you access to other users' data. I believe this is where juiceme was coming from, which is why I emphasised mobile devices. You raise and interesting point, though I am not sure how relevant bitcoin mining is on mobiles.

nthn | # 49 | 2018-05-05, 18:07 | Report

I'd say every bit helps.

It is actually a problem, though.

kinggo | # 50 | 2018-05-05, 18:25 | Report

while all that might be true, an Average Joe will know the difference between banana or strawberry flavour on the very first bite. With codes...... not so much.
In so many situations we just have to trust the other party first and then time will tell....
But what really surprise me is that even with every bit of code open and with unhackable encryption you are still at mercy of your service provider or government because they can shut your service down or block acces. And even if you would want to build alternative infrastructure, you can't because all that is or needs to be regulated by the state.
At the end, it's jut the question of who do you trust more with your data. App developer, HW manufacturer, service provider, your govenment....... or when your ex hits you with revenge porn Because in the end even the person from the other side of that encrypted something can betray your trust.