> the bonus point is that I can have access to its source code
Are you actually reading all the code before you run it? Are you re-reading it for each update? If not, then what's the point of bragging about having access to the source?
The point of sandboxing is that it's impractical to reliably audit, on a continuous basis, the massive volume of software that the average person runs. It's more economical to apply the least-privileged principle, and only give apps access to the things they need to function.
> Are you actually reading all the code before you run it? Are you re-reading it for each update? If not, then what's the point of bragging about having access to the source?
Not every user needs to read everything. We can read pieces of what we use and trust others to also read pieces of what they use. We can also place some amount of trust that there's a body of people that have read code before we started using it, and that it's only the new changes that need the more review. People can also use reputation to make safety in review more economical.
Sandboxing is not bad, but it's not the only way that security can be achieved. Having a good social infrastructure also helps.
Not every user has to read every line of code, but I do sometimes wonder how many open source products have never been read by anyone outside of the people who wrote/maintain it, and for those projects where anyone has reviewed the code, how many of them were really qualified to understand what they were seeing?
I still believe that having the code available for review is important, but I don't think it's a reliable means of saving people from insecure or malicious software.
> I still believe that having the code available for review is important, but I don't think it's a reliable means of saving people from insecure or malicious software.
Just having the code available, in and of itself, is probably not. However, the presence of the source is not the only thing you have to provide reliance. For Archlinux, for example, different package repos have different requirements and provide different levels of safety. You can put more trust in packages in core than you can those in extra, and you can trust those in extra more than you can those in the AUR. Anyone can push packages to the AUR, and so can they to other package repos like those of different languages (rubygems, hackage, etc.). Different languages will have different communities and you can get a feel for how trustworthy they are as a whole, based on their requirements, etc. This is like the difference in safety in different cities. You can check the author and get some kind of idea as to how much reputation they're holding. You can also check the package maintainer and get some kind of idea as to how much reputation they're holding. You can check how many other people trust that software, and if there's any particular notable ones. You can see how well established and widely-adopted the development process is formulated in the homepage/github/etc. You can also review the source yourself, and even if you're not some security expert, that doesn't mean your review is absolutely worthless. It's got a score. Put a score on every source of trust, add them up, and check with your risk tolerance.
You don't need to do everything. If I decide to walk on a street, I'm not checking the crime statistics there, the internal state of the nearby police department, etc. I'm mostly deciding based on the city/neighborhood I'm in, how populated the street is, the state of the people there at a glance, and that's generally more than enough for most people.
> but I do sometimes wonder how many open source products have never been read by anyone outside of the people who wrote/maintain it, and for those projects where anyone has reviewed the code, how many of them were really qualified to understand what they were seeing?
In case my point was lost in my ramble, you don't have to base your decision on trusting a particular piece of open source software based on how much you trust the whole body of open source software in existence. You can decide to e.g. trust the official repos of a distro based on how that curation works, so trust the packages in it and not the software outside it (e.g. the AUR or random Github repos), and you can decide to trust based on other signs of your choice like that, too.
GNOME? Don't even think about it. The next version of the file manager will probably remove icons all together in favour of a single, big button that opens a random file in your home directory.
GNOME is that user interface where out of the box everything is super eye-candy and cool, and yet you can't really do anything unless you install a billion extensions and swap out a few builtin programs for some other that look like shite but at least have the basic features everyone expects.
GNOME has been putting the entirety of its efforts and focus on UI only for the last 11 years, and that has cause the whole UX to become a total nightmare. GNOME 2 was incredible, it was a pinnacle in UX and it's a shame the GNOME devs got carried away and destroyed basically everything in their attempt at beating Apple at its own game.
The visual design of KDE was annoying and distracting to me, too. (Ditto the other non-GNOME DEs I tried.) If I had continued
to use it instead of abandoning it after 5
minutes, it would've become much less annoying, but some of the annoyance would've persisted indefinitely.
So I've been using GNOME for the last year and a half. In many ways it is worse than the GUI of MacOS or Windows, but it looks great.
Yeah. I vote for the next 5 million dollars to go towards resolving the file-roller drag-n-drop issue[1]. Well, maybe better make it 10 million! Next month this issue will be 4 years old after all.
Yes, I agree. I've run into some great subreddits and extremely helpful people there. Reddit imo is the best social media experience, almost like the old usenet, if the 'engagey' subreddits are removed from one's list.
To each their own I guess, to me reddit is a feces filled dumpster fire, even the smart/tech subs lack critical thought and are full of bad/wrong information that gets upvoted.
Reddit is the best build your own bubble adventure game in all of human history. A few good subreddits here and there don’t make up for the epic toxicity of the broader site. Not to mention it’s functionally unusable unless you happen to know to browse the old.Reddit site. The “main” site is an abomination against the internet.
Nah, they decided some subreddits are "bad for advertisers" during the covid time, and /r/conspiracy got put on a long list of "undesirables". The precedent for the was /r/the_donald before that).
Some more radical pro-censorship subreddits decided to just ban anyone posting on any of those subreddits, and the sentiment spread to larger subreddits, like eg. /r/pics).
Combine conspiracies and covid, and "spreading covid fake news" was the official reason to ban people just by posting to any of such subreddits.
