Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
sSam15017y@DuckyMcDuckFace what does it matter? You can't check what's running on the server anyways.
-
Uhm... mate, just open up their website with view-source://, make your own certificate,install it on your pc and analyse the traffic.
But yeah,you are right to a point.: They could use more than one hidden rpc layers. -
I agree to @Linux here. I don't care much about free or paid software. But I want to know the software they use (open source) so I don't have to take their privacy concerns on face value, I should be able to vet the software in case I am in doubt.
-
@sSam I was just confused why OP was upset over some nonfree JavaScript on a service where literally the entire codebase is nonfree.
-
Froot75547y@irene THANK YOU!
So many people miss the watch part of open source. It can be open source but if noone reads it it won't matter -
Froot75547y@fun2code You mean the SVR search engine? No thanks, I'd rather just straight up send my data to NSA than use that.
-
@yendenikhil I'd like to remind you that they have a business to run and a search engine's source code is their entire business almost.
Sure, they should just give it to you so you can "vet it". This makes the wild assumption that you're actually competent enough, and have enough free time, and also don't have anything better to do, than to "vet" massive pieces of software over a wide range of topics and problem spaces in multiple languages written by thousands of different people with different coding styles, from algorithms used in search engines to video encoding and decoding, to all kinds of crypto code etc.
Even if a service on the web gives you their entire source code, for which there exists absolutely no reason, you still will need to trust that in actual production that's all they run. Alternatively, you can host it yourself but you'd have no money to do that because you're spending all your time vetting stuff instead of having a job. 😁 -
@mzeffect I mean vet as community and not personally me, I neither have patience nor skill enough in security to do so. There are projects which are much bigger and more complex than the meager search engine which are open source. Also there are ways to make sure the production code version is the version we saw in repo.
I've no idea about their business model, so I can't comment on it, though there are many open source business model which are tremendously successful (thought I don't know any (yet) in search engine space tbh)
tldr
One need not do it, but complete transparency is way to go. To build trust and improve the core with the help of open source community.
Related Rants
Why the FUCK does DuckDuckGo use NON-FREE JAVASCRIPT!
undefined
gnu/linux