Anon witnesses excellent security
-
Whenever I hear about shit like this I wonder if I should just start a company and package free software lol. Could like donate a bunch of the profit to the actual projects.
The issue here is you'd be selling it to morons who, when shit inevitably happens, would sue your pants off. So that means having lawyers that can protect you, probably on staff. Not sure it's worth it. You'd need to do the maths I guess
-
This has nothing to do with security, and everything to do with liability.
You can't really sue an open source project using a proper license, they disclaim any liability or warranty, meaning the buck stops with you.
If you hire a software development firm and pay for them to build software for you, you will have a different license, the software company can just repackage open source software into their own UI and branding, take the money and declare bankruptcy if their customers try to sue them.
The customers are mostly happy, they get to tick the box that they have a support contract for the software and a company is liable if shit hits the fan. The software development company is happy, they get money for doing very little actual work.
The open source project probably doesn't know about the abuse of the license and thus mostly doesn't care.
I've been in these meetings and you're on the money. Insurance (the concept, not necessarily the product) is almost always the reason any time you see some stupid policy.
When I was young and naive I thought the technologically correct way to do things was the best. In the business world that's seldom the case, though.
-
The issue here is you'd be selling it to morons who, when shit inevitably happens, would sue your pants off. So that means having lawyers that can protect you, probably on staff. Not sure it's worth it. You'd need to do the maths I guess
Now I wonder if one could pull a scam by selling some packaged software and closing the company the next month, simultaneously announcing End of Support
-
And don't forget required 2-factor authentication, in an age where that becomes 1-factor authentication as soon as someone has your phone, because both factors are accessible there!
2FA is utterly worthless in the age of smartphones, and whenever my employer tries to implement it, I refuse and tell them that, if they want me to do 2FA, they can either provide me with a work phone, or they can give me a USB key that is just going to sit in my desk drawer.
There are other ways to 2FA, such as having a physical key on yourself /srs
-
It's "more secure" because there's a specific company to blame when it goes wrong.
wrote last edited by [email protected]Sure but what if they have "we can at best refund you, no more liability from us" in the EULA?
Like, when the $10 "Yeblie PDF Censorship Tool" turns out to just have drawn a black rectangle and kept the CEO's SSN underneath copiable, what's stopping Yeblie from just forking over the $10 (and perhaps rebranding to Gtriik for good measure)?
-
So they essentially hired you for no reason and then had to come up with something for you to do?
It's more common than you think.
-
It's "more secure" because there's a specific company to blame when it goes wrong.
That would make some sense if the company was purchasing a solution, not a tool. Or a contract/SaaS model or something. Instead, it's like banning known screwdriver brands and expecting people to still have no problem loosening and tightening screws...
-
This has nothing to do with security, and everything to do with liability.
You can't really sue an open source project using a proper license, they disclaim any liability or warranty, meaning the buck stops with you.
If you hire a software development firm and pay for them to build software for you, you will have a different license, the software company can just repackage open source software into their own UI and branding, take the money and declare bankruptcy if their customers try to sue them.
The customers are mostly happy, they get to tick the box that they have a support contract for the software and a company is liable if shit hits the fan. The software development company is happy, they get money for doing very little actual work.
The open source project probably doesn't know about the abuse of the license and thus mostly doesn't care.
At one place I worked we couldn't use eclipse licensed things because the license mentioned indemnification or something. I don't really understand what that meant because I think some other licenses mentioned it too. Plus literally all of us used Eclipse IDE.
-
how thoroughly was it followed through? how was ensured that no free beer software was used?
I've had some workplaces where they instituted overly heavy-handed crackdowns through IT Policy then rolled them back after a couple of weeks because someone in upper-manglement needed to see the impacts in the real world that they already were already warned of before they could be convinced that their genius new policy wasn't such a good idea
-
There are other ways to 2FA, such as having a physical key on yourself /srs
Hence why I tell my employers that I'm good with h
That option (see the last bit of the comment to which you replied) the problem is that this method of 2FA is not implemented commonly, and so most systems I've encountered bug out when trying to set it up.
