Which of the two are you referring to

> [?]Light » 2026-02-22 @light@noc.social

@lxo Do you genuinely honestly actually audit the source code of every single piece of software running on your system and compile it all yourself, including web code? Either you have a lot of time on your hands and a lot of skill, or you're running a very minimal system, or you actually don't.

... [?]Light » 2026-02-22 @light@noc.social

@lxo And even if you do, most people* can't. So for them, they need third-party audits, which as I have previously pointed out, can be done without source code. Or otherwise they try to get their software from sources they trust.

*For example, rocket scientists and brain surgeons

2 0 ↺ [?]Alexandre Oliva » 2026-02-22 @lxo@snac.lx.oliva.nom.br

I don't have to. that's the power of community. security doesn't work in absolutes, and auditability is an imperfect deterrent, but it's infinitely better than the moves to prevent auditability that hostile vendors adopt

I do audit the rare cases of web blobs that are imposed on me, because I can't count on community for those, and my security depends on it even when my freedom has been unjustly taken away

... [?]Light » 2026-02-22 @light@noc.social

@lxo Then you personally know other programmers that you trust to audit it for you. Again, most people don't have that.

... 2 0 ↺ [?]Alexandre Oliva » 2026-02-22 @lxo@snac.lx.oliva.nom.br

that's missing the point. auditability alone is already quite a deterrent. that some of us actually engage in auditing is a bonus that benefits everyone, even if it doesn't happen very often. it's kind of the panopticon effect, but for the better.

You’re correct about seeds, but peers who are also downloading will often stop sharing with you if you stop sharing with them. Seeds generally are configured to try to give different pieces to different peers so that they can send them to each other and reduce load on the seed; they don’t want to give you the entire file directly unless you’re the only person downloading. And peers prioritize and filter which other ones they’ll send pieces to based on reciprocity.

You will probably get the data eventually, and it really depends on the composition and configuration of the swarm, but generally, you do need to upload if you want to ensure the fastest and most reliable download.

Long-running torrents are mostly populated by seeders. Bit torrent was originally designed for a lot of downloaders to get a file at the same time with limited seeding bandwidth, so leechers would need to trade with each other a lot, but that's not really the situation most torrents are in today.

It depends what you’re downloading. Peer prioritization mechanics have been relevant for a lot of my recent downloads.