Kdenlive failed on me :( - cannot open my last project for the TROM II second part....neither the appimage or repo. What is true is that I have added a fuck ton of videos, thousands in total....luckily an older appimage works so I can continue the work. I reported it and usually the kdenlive devs are quick to answer, let's see...
I am testing Kddenlive to the max, with a 6h documentary, 4 parts, tens of thousands of clips, over 1TB project....lots of effects, custom stuff, and so on...
So far, generally, all good. #tromlive
This entry was edited (3 years ago)
Speak softly love 🇱🇰 likes this.
reshared this
Rokosun
in reply to Tio • • •inference likes this.
Dr. Percy reshared this.
Tio
in reply to Rokosun • •I don't think that's the case tho...I have used several video editors in the past that were big names and proprietary, on windows, they too crashed and had lots of issues...all software is buggy, but when is FOSS people tend to be more critical of it I realized. I know people who tried TROMjaro and then they saw a little bug and were like "oh is because is open source and not good quality...." and the same people experience even worse bugs with macos yet they think they themselves did something wrong. It is like when google services are slow or not work properly and you blame your internet connection, yet when one of our websites is slow you blame it and not your internet, simply because you expect these big names (software wise) to always work.
I think it is a bias. When I made the first TROM with Sony Vegas I had it crash multiple times, more often than perhaps Kdenlive, and at one point I could not open my old projects with it anymore....so...
like this
Rokosun, Mark and Liwott like this.
reshared this
Rokosun and Mark reshared this.
Rokosun
in reply to Tio • • •Tio likes this.
inference
in reply to Rokosun • • •bits :waifu: :Win: likes this.
Mark doesn't like this.
Dr. Percy reshared this.
Tio
in reply to inference • •Like what? I am creating a huge documentary as I said above and Kdenlive does great.....yes it crashes rarely and such, but so did other proprietary software I used in the past to create videos...
I use my TROMjaro Linux 24/7. I never shut down my laptop. I wrote books that are thousands of pages long with Libre Office and edited them (designed) with Libre Office Draw. Again thousands of pages...I edited tens of thousands of images with Krita/GIMP, I do backups, maintain 30-40 websites and I need tools for that....I mange projects....what else!?
So what are you unable to do with Open Source?
like this
Rokosun and Mark like this.
Dr. Percy reshared this.
Rokosun
in reply to Tio • • •Dr. Percy reshared this.
Rokosun
in reply to Rokosun • • •Dr. Percy reshared this.
Tio
in reply to Rokosun • •like this
Mark and Rokosun like this.
Dr. Percy reshared this.
Rokosun
in reply to Tio • • •Dr. Percy reshared this.
Tio
in reply to Rokosun • •Rokosun likes this.
inference
in reply to Tio • • •Liwott likes this.
Tio
in reply to inference • •You are saying this "cult" is mean and all that, but you seem very mean to me. That was a genuine question you can simply answer nicely.
Compilers compile that code, right? And if the code is open source, then should add an advantage. At least is not worse than proprietary, right?
Rokosun likes this.
inference
in reply to Tio • • •> you seem very mean to me.
I get called this a lot just for telling it how it is. I get literally attacked and threatened because I don't just blindly agree with FOSS cultists.
> Compilers compile that code, right? And if the code is open source, then should add an advantage. At least is not worse than proprietary, right?
Not exactly. Security doesn't just mean backdoored. That's not what security is; security is the collective state of whether unauthorised actors can get in. Compilers can add unintentional backdoors and other security issues. There are many examples of this online. Just because you write code a specific way doesn't mean it will execute that way.
Tio
in reply to inference • •Being right doesn't have to also mean being a jerk with people. What is your beef again with FOSS? FOSS provides full transparency, anyone can fork these pieces of software, creates a better community, more variety. If you are saying that when the open source code gets compiled "bad things" can happen, then ok. I cannot say anything because I do not know if you are right or not. But it won't invalidate the security that comes from the code being open for all to see.
Rokosun likes this.
inference
in reply to Tio • • •I never said FOSS doesn't provide freedom or transparency; not a single time; in fact, I always say the opposite. The fact (not opinion) remains that open source does not mean secure or private, and closed source does not mean insecure or not private.
Do you audit every line of code of every package and app on every system you use, without help, and with zero trust? No, you don't, because that's not humanly possible; even the OS would take your entire lifetime to audit, and that's before it updates next week and you have to start over.
Tio
in reply to inference • •Rokosun likes this.
inference
in reply to Tio • • •For the most part, yes. Again, compilers can change how the code ends up after changing it during compilation and linking, and source code almost never runs as written when compiled to a binary. Closed source can also be packet sniffed and reverse engineered.
I recommend you read this great article by Seirdy to understand what I'm saying:
seirdy.one/posts/2022/02/02/fl…
The right thing for the wrong reasons: FLOSS doesn't imply security
Seirdy's HomeTio
in reply to inference • •like this
inference and Rokosun like this.
inference
in reply to Tio • • •I'm not saying that auditing the code isn't important, it just doesn't mean what you're seeing is how it runs as a binary, and it also doesn't mean it can't be tampered with in other ways.
Simply, don't rely exclusively on software being open source to be secure or not; there are many variables to consider.
Rokosun
in reply to inference • • •> I get called this a lot just for telling it how it is. I get literally attacked and threatened because I don't just blindly agree with FOSS cultists.
I think you've had some bad experience with some tech folks, but you shouldn't assume everyone who uses FOSS software is like that, its a diverse group of people with different perspectives and stuff like that. And me and @tio are not in any cult, LMAO 🤣
Mark likes this.
inference
in reply to Rokosun • • •> you shouldn't assume everyone who uses FOSS software is like that
I don't. Not everyone is part of the FOSS cult. The cultists are the ones who are closed minded and are hellbent on making sure their ideology is the only one which exists. I'm an open source advocate, but you'll never hear me say it's the only way and always the best tool for the job; it's not.
Rokosun
in reply to inference • • •Because you mention compilers changing the code I want to ask you about this thing called Reproducible builds. What do you think of that? Wouldn't it solve this problem that you're addressing here?
Relevant links:
en.wikipedia.org/wiki/Reproduc…
reproducible-builds.org/
@tio
Reproducible Builds
reproducible-builds.orglike this
inference and Mark like this.
inference
in reply to Rokosun • • •inference
in reply to inference • • •Rokosun
in reply to inference • • •OK I understand. But I think the main goal here is to ensure trust that the source code they released is the actuall source code of the official binary. And so I think they're succeeding in that regards.
I know briarproject.org uses reproducible builds, that's how I found out about it actually. I feel like Briar is one of those few FOSS projects that gives utmost importance to security and stuff like that, at least that's the impression I get. everythcial.trom.tf
Secure messaging, anywhere - Briar
briarproject.orgRokosun
in reply to Tio • • •@inference
like this
inference, Illumicati (MOVED) and Mark like this.
inference
in reply to Rokosun • • •inference
in reply to Rokosun • • •I advise you to read this:
en.wikipedia.org/wiki/Underhan…
As you can see, it is very possible to hide malicious code in open source code which looks perfectly fine, without anyone noticing. There are even contests for it.
programming contest for malicious code that looks like an honest mistake
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)Rokosun
in reply to inference • • •@tio
inference likes this.
Rokosun
in reply to Rokosun • • •So I guess if someone's really motivated then he can break all kinds of security measures in place, even if the code is public.
In the case of FOSS, I don't think this is that common though, if someone wants to make profit then proprietary software is the easier route. I guess maybe accidental security holes would be much more common in FOSS than malicious ones..... 🤔
@tio
inference likes this.
Tio
in reply to Rokosun • •like this
Rokosun and Mark like this.
Rokosun reshared this.
Rokosun
in reply to Tio • • •like this
Tio, inference and Illumicati (MOVED) like this.
inference
in reply to Rokosun • • •As someone who is, you could say, both addicted and obsessed, with security, and does almost nothing else, this is entirely true. There will even be people out there who can defeat my security.
There is high security, but there is never full security; it does not exist.
There is always a hole, usually multiple. There are always flaws. There is always a way in.
Question is, can you keep them out?
Illumicati (MOVED) likes this.
Tio
in reply to inference • •I think that it is important indeed to make sure the software is secure, however if we as a society want to make real progress in this regards, we have to look at what motivates others to "breach" this security. For example I originally come from a very well known town where most people do all sort of scams and hacks. And they do them because they are quite poor, and also influenced by the dumb movies to want new cars and shit like that.
My point is that a saner society is safer. If we were to take care of humans and treat them well, then you will remove their incentive to "hack". Another example is that many "hackers" find exploits and sell them to the highest bidder.
So ultimately it is the society that breeds these behaviors. We shall not forget that.
Rokosun likes this.
inference
in reply to Tio • • •This is what threat modelling is for.
- What are you trying to protect?
- Who are you trying to protect it from?
- Why are they trying to access it?
- What are the consequences if I fail?
- What are my budget and other resources?
Just applying mindless blanket security will never work, because you can never secure everything; the only way to keep people out and focus on the actual holes are to know who is trying to get in, and how you can keep those specific people out. If you're not worried about your neighbour hacking you, and they have no reason to, you don't need to put effort into keeping them out, you need to put effort into the people who *are* trying to get in.
inference
in reply to Rokosun • • •My point with that article was to say it is possible (even if difficult and rare) to add malicious code without anyone realising it. You can obscure open source code.
So, if you're relying solely on code being open, you're doing it wrong.
Rokosun
in reply to inference • • •@tio
Tio likes this.
inference
in reply to Rokosun • • •Tio
in reply to inference • •Rokosun likes this.
inference
in reply to Tio • • •I don't think it matters whether it's happened or not; the fact is, it can. Relying on "it's never happened before" is exactly the same as saying "I've never been in a car crash before so I don't need to wear a seatbelt". If it happens, you'll wish you did wear the seatbelt.
And yes, there are examples of it. Too many for me to post here. Use your search engine of choice and you'll find many.
Tio
in reply to inference • •Not a good analogy. I am wearing a seatbelt - I use open source software from official repos and from trusted sources. I was thinking you may give me some examples at least. I do not know any. And I am sure there are, don't get me wrong.
EDIT: to add to that, very likely most people (normal regular users) who are using open source software use it the same way. Only tech savvy people compile them and such, and they may be better equipped to smell the danger while doing that.
Rokosun likes this.
inference
in reply to Tio • • •Define "trusted". What if I personally trust some proprietary software more than open source alternatives? In many cases, I do.
Trust is subjective, so my analogy holds up very well. The most important thing about security is reducing trust and replacing it with provability. You "trusting" a repo or a dev means literally nothing when anyone can break that trust, and be successful because you were wide open trusting them.
bits :waifu: :Win: likes this.
Tio
in reply to inference • •Rokosun likes this.
Rokosun
in reply to Tio • • •Tio likes this.
Tio
in reply to Rokosun • •That's a great way to summarize this I think :D
Rokosun likes this.
inference
in reply to Tio • • •If you're blindly trusting an open source repo without auditing it yourself, there is zero difference between that and using proprietary, because you didn't bother to audit the code, anyway.
And, personally, I prefer to trust someone who knows what they're doing, such as Google or Microsoft, with my work files, than someone who just wrote their first block of code and turned it into software from their basement.
like this
itzzenxx :heart_trans: :heart_lesb: and bits :waifu: :Win: like this.
Rokosun
in reply to inference • • •Auditing the code yourself is always best, but when it comes to proprietary software no one can audit it, not you or anyone except the one who wrote it.
> I prefer to trust someone who knows what they're doing, such as Google or Microsoft, with my work files, than someone who just wrote their first block of code
This is of course your choice, and I get it. However I don't think all FOSS devs are noobs though, some might even work for google/microsoft, lol
@tio
Tio likes this.
Tio
in reply to inference • •I disagree. The fact that the code is open source it means others may have looked at it. So my trust is in the one who published the code + the ones who may have looked/tested it. With proprietary my trust is ONLY in the one who made the code. So Open Source is at least a bit better in that regards. It may be a lot more, idk.
Most of the times is not about trusting their expertise, but their intention too. I trusted Google Drive with 2TB of files until it decided to delete my entire account, gmail included, and I got no answer as to why. And they charged me for 3 months before restoring my account. I trusted Facebook to not sell my data, and they did. I trusted lots of other big companies with proprietary software, and I got screwed. So...
like this
Binkle, Rokosun, Greyshley :agummyhug:, Abandoned account and Frost, wolf of winter 🐺🎄 like this.
reshared this
Illumicati (MOVED), Greyshley :agummyhug: and Abandoned account reshared this.
inference
in reply to Tio • • •You're trusting more than 1 party when you blindly trust an open source project and people to audit it (which may not even have happened so you're talking ghost people who don't even exist). That's completely illogical and dangerous to me; why would you just *hope* someone has audited the code? Do you even know who the people are *if* they have audited it? You're blindly trusting them, too. What if they're all in cahoots?
As for what you said about Google or Microsoft deleting/suspending your account, that's not related to source availability; even open source Codeberg or Proton Drive could do that. You're mixing these things up.
Tio
in reply to inference • •Software A is FOSS, software B is proprietary. It is a simple music player. Which one can I trust more?
If I had the time/skills I could check the Software A in more detail, but never Software B. Software A, if popular, is very likely to have been checked by others for malicious code. Again, never for software B, unless you trust the company behind it blindly.
Second, from my experience, people doing FOSS have a lot less incentive to do anything "bad" to your system, simply because they put that software for free mostly. They do not want anything from you.
Proprietary? Has a lot of incentive to milk me for my data, currency, attention (ads), make me buy premium features and such. Scripts will be added for tracking, stats, and more. Why would the developer of Software B make it proprietary if he/she would simply want to create a music player?
So yah, I trust FOSS a lot more because of these reasons. I should ask myself the opposite: why would I trust a proprietary music player (or any software) more than a FOSS one? I don't see a reason why.
... Show more...Software A is FOSS, software B is proprietary. It is a simple music player. Which one can I trust more?
If I had the time/skills I could check the Software A in more detail, but never Software B. Software A, if popular, is very likely to have been checked by others for malicious code. Again, never for software B, unless you trust the company behind it blindly.
Second, from my experience, people doing FOSS have a lot less incentive to do anything "bad" to your system, simply because they put that software for free mostly. They do not want anything from you.
Proprietary? Has a lot of incentive to milk me for my data, currency, attention (ads), make me buy premium features and such. Scripts will be added for tracking, stats, and more. Why would the developer of Software B make it proprietary if he/she would simply want to create a music player?
So yah, I trust FOSS a lot more because of these reasons. I should ask myself the opposite: why would I trust a proprietary music player (or any software) more than a FOSS one? I don't see a reason why.
It is about trust. They say one thing, and do another. You gave them as examples of entities that you trust. I told you why they are not worthy of trust. And those are small examples, I wrote books showcasing how they fuck people over, and lie so much. I cannot trust Google, Facebook, Twitter and so on, as pieces of software that say they do this, when in fact they do more, and not the "good things more".
You have not convinced me that proprietary software is more secure than Open Source, at worst they can be the same when we rely solely on trust. A trusty entity + an open source code, is better than a trusty entity + a closed source code.
Rokosun likes this.
Rokosun reshared this.
inference
in reply to Tio • • •I don't need to convince you that proprietary software is more secure than open source, because it's untrue. Likewise for the opposite.
Source availability should not be the only factor in determining security or privacy. I made this very clear in previous posts.
Rokosun reshared this.
Tio
in reply to inference • •An no one disagreed or said otherwise. I never said being open source should be the only factor, but it sure is a plus. And a huge one from my knowledge.
Rokosun likes this.
inference
in reply to Tio • • •Open source allows transparency (but not easy viewing of whether the code is malicious or not, since I showed that it is possible to hide malicious code in open source code), auditing, and freedom to modify the code. It also has the nice advantage of being able to study and learn from it.
Despite proprietary code not having these possibilities, it *is* possible to reverse engineer the binaries back into source code, even if it is difficult to do so, and it is very possible and even preferable to perform red team/security analysis on closed source binaries because both open source code and proprietary code run as closed source binaries once on the system and that's the state the software is actually used in.
Other than source availability, questions to ask are:
... Show more...- Does the software have security mechanisms? Which ones does it have? How are they implemented?
- Does the software have control-flow integrity? If so, forward-edge or backward-edge? Does it take advantage of CPU and other hardware security such as Intel CET or AMD Shadow Stack?
- What ciphers, hashes,
Open source allows transparency (but not easy viewing of whether the code is malicious or not, since I showed that it is possible to hide malicious code in open source code), auditing, and freedom to modify the code. It also has the nice advantage of being able to study and learn from it.
Despite proprietary code not having these possibilities, it *is* possible to reverse engineer the binaries back into source code, even if it is difficult to do so, and it is very possible and even preferable to perform red team/security analysis on closed source binaries because both open source code and proprietary code run as closed source binaries once on the system and that's the state the software is actually used in.
Other than source availability, questions to ask are:
- Does the software have security mechanisms? Which ones does it have? How are they implemented?
- Does the software have control-flow integrity? If so, forward-edge or backward-edge? Does it take advantage of CPU and other hardware security such as Intel CET or AMD Shadow Stack?
- What ciphers, hashes, and other algorithms, does the software use?
- Has the software been through professional audits?
- How well has the developer done in the past? Do they hide security issues from users, or do they admit them and fix them? You'd be surprised at how many proprietary pieces of software do actually care about this and provably do fix these issues.
This is not an exhaustive list.
It's also dependent on what your threat model is and where and how you are using the software. Nothing wrong with using proprietary Edge in a business, because you probably have a support contract with Microsoft, and you can keep people out using SDSM. For personal usage, you probably want Chromium proper, or Tor Browser, for more private usage. It's completely your choice and there is never a right or wrong one.
I don't care which side someone on or what their ideology is, no one should be shaming people over software.
Rokosun reshared this.
Rokosun
in reply to inference • • •> Source availability should not be the only factor in determining security or privacy.
Yes, I actually agree with this. Just because a piece of software is open source doesn't automatically make it secure. This is not a new idea to me, see this - fosstodon.org/@futureisfoss/10…
> Being open source doesn't make an app magically secure. Open source is about transparency and trust, the security of the app depends on how many people are looking for vulnerabilities in the source code.
@tio
Rokosun (@futureisfoss@fosstodon.org)
FosstodonRokosun
in reply to inference • • •> As for what you said about Google or Microsoft deleting/suspending your account, that's not related to source availability; even open source Codeberg or Proton Drive could do that. You're mixing these things up.
I think here @tio meant that commercial companies often decide quick to paywall features and stuff like that, so you'll lose your account or some features you were using. This is not directly related to FOSS, but most of them are not commercialized, so less chance of this.
Tio
in reply to Rokosun • •Rokosun
in reply to inference • • •@tio
Tio likes this.
Liwott
in reply to inference • • •It's actually the same as saying "There never was any car crash", which is a much stronger statement. "It doesn't happen" is different from "it happens only to others"
Rokosun
in reply to inference • • •inference likes this.
Rokosun
in reply to Rokosun • • •Tio
in reply to Rokosun • •like this
Rokosun and Mark like this.
Mark reshared this.
Rokosun
in reply to Tio • • •Tio likes this.
Tio
in reply to Rokosun • •Rokosun likes this.
inference
in reply to Rokosun • • •> I know the tech community can be real toxic sometimes, but no one should be telling you what you do on your computer.
This is true for everything. The issue is, it's mostly the open source advocates who behave this way, putting you down and making you feel like you're doing everything wrong, just because of a choice you made. It's complete bullshit. You want to use open source Signal? Go ahead. You want to use closed source WhatsApp? Go ahead. I don't care, and I never will; it's your decision to make. You want me to tell you what to eat and drink, too?
The toxicity of the FOSS community (what I term the "FOSS cult") is what makes me skeptical of a lot of FOSS projects; they don't correctly implement security or privacy, and the code being open in that case is literally useless; it means nothing.
Tio
in reply to inference • •You sound defensive to me. :) - so be aware of this too. Here's the thing, probably many people who discover FOSS are too excited about it and really want to tell the others about it. This excitement can turn into them being "too much" and becoming annoying.
For example I suffer from over-excitement too when it comes to this, simply because I realize how important FOSS is form so many perspectives. Combine that with the fact that most people have no clue about it, and makes me more vocal. Like people use Zoom and their data is collected, their video chat is limited, and so on, but there is Jitsi Meet that is purely for that purpose: video conference. Works amazingly great and no limitations. So naturally I want to tell people about it :D.
But of course, use whatever you want. However there are objective arguments of why FOSS is a better approach than proprietary software. Proprietary means: limits the access for po
... Show more...You sound defensive to me. :) - so be aware of this too. Here's the thing, probably many people who discover FOSS are too excited about it and really want to tell the others about it. This excitement can turn into them being "too much" and becoming annoying.
For example I suffer from over-excitement too when it comes to this, simply because I realize how important FOSS is form so many perspectives. Combine that with the fact that most people have no clue about it, and makes me more vocal. Like people use Zoom and their data is collected, their video chat is limited, and so on, but there is Jitsi Meet that is purely for that purpose: video conference. Works amazingly great and no limitations. So naturally I want to tell people about it :D.
But of course, use whatever you want. However there are objective arguments of why FOSS is a better approach than proprietary software. Proprietary means: limits the access for poor people who have to pay for it; incentivizes profit over community; adds many unnecessary features fir the sake of selling it; non-transparent; and so forth.
Adamas Nemesis
in reply to inference • • •inference
in reply to Adamas Nemesis • • •Jakub Konečný likes this.
Adamas Nemesis
in reply to Rokosun • • •Rokosun
Unknown parent • • •Did you know that tailsOS was my first linux distro? Can you believe that? LMAO 🤣
I couldn't install it on hardware ofcourse, but it gave me enough experience with the linux ISO thing - how to make a bootable USB, boot into it, etc. So it was actually a very good first step for me, I don't know if I would have had a positive experience if I started with a full-on distro like ubuntu/manjaro because I had lots of issues getting it installed on my system, UEFI issues
Rokosun
Unknown parent • • •Artix Linux - Home
artixlinux.orgRokosun
Unknown parent • • •@tio @inference
Tio
Unknown parent • •like this
Linux in a Bit 🐧 and Rokosun like this.