Brought to you by the VNCViewer team: One of the dumbest blogs you’ll ever read
Imagine a software company advocating for security by obscurity in 2020
Dude… you freaked me out… your link has the ‘success=true’ follow-through thing that presents a “Your comment has been received” message… I thought I had clicked on malicious/viral link that was spamming someone in my name.
I saved it to archive.org, thank me later in 10 years.
With proprietary software, you can pick up the phone, send an email, or use a live chat knowing that a dedicated and highly trained person will get back to you as soon as possible, and do everything they can to help: in fact, helping you solve a problem is literally their job. Additionally, customer service agents are made accountable for the advice they provide – on a forum, an anonymous username can very easily give deliberately wrong or harmful ‘advice’ with no consequences.
#BAAAAAAAAAAAAAAAAAAAAAAAAAAAHAHWHAHAHAHAHAHAHAHAHAHAHAHAHAHA!
This is clearly a biased article which is meant to sell the VNCviewer software. I have no quarrel with this approach, but too little effort was put in this article, and I feel like it misses the mark.
A part of the article deals with security, and one of the arguments is that open-source software implies no liability, so if you have a security breach while using it, you are on your own.
That is a valid argument, and is important for some business, but the post does not explain how (or even if) VNCviewer is different: does VNCVIEWER provides a security guarantee? How much would be covered? How long does it take the support to reply if I have such a problem?
Because the article stays on the surface of the issue, they present it as “open-source bad, closed-source good”, which is just not true. It would be more “depending on your use case, you might find that closed-source software is a better fit than open-source one”.
But once again, because of the low effort of the blog, it does not give enough elements for the reader to make an informed decision, in my opinion missing its objective.
Every argument in this article can be easily debunked. They’re not even trying
This makes it far less vulnerable than open source, as not just anyone can scrutinize the code, therefore making it much more difficult to crack into.
Nah it just excludes OSS devs from improving the software. Large corps and governments with billions on the budget will just reverse engineer the code and hack it anyways.
I was somewhat with the author until the part about 8 character passwords.
This article really does suck.
While most users in the community will be purely focused on improving the software, some will be examining the code for ways to exploit and hack into any vulnerabilities.
People do this, open source or not.
While a community with a broad range of skills and expertise can be great for finding solutions to problems you’re encountering, it can also have its downsides. Every user on a support forum for open source software is a volunteer. They have no obligation to respond to queries, or to even check for new questions in the first place.
However, there’s usually at least one person chiming in, and if it’s a popular issue, you’ll get a lot more opinions on the matter. Sure, paid support is great most of the time and will get you fast responses - that’s a very obvious selling point for most software/SaaS solutions nowadays.
As open source software isn’t owned by anyone, and is offered under a General Public License (GPL), there isn’t a company to guarantee for its security (or lack thereof). If a data breach happens through that software, it’s all on the user, aka you or your business.
This company also waives responsibility for these matters.
Open source software can be added to by anyone, with no thorough testing or vetting, and is not compliant with regulations by default. This not only negates the savings of using free software by requiring custom code (skillful coders aren’t cheap!) but can also leave you vulnerable through a lack of updates.
This point is just complete horse shit. Open source maintainers, as well as active contributors, read through PRs before merging them, to ensure they do only what they’re intended to do, while following the mission statement. What a load of bollocks.
Open source projects are primarily built and updated with only developers in mind, so the usability for people less technologically savvy can suffer considerably.
I’m glad they left the most ridiculous point til last.
This makes it far less vulnerable than open source, as not just anyone can scrutinize the code, therefore making it much more difficult to crack into. Think of it like trying to complete a 10,000-piece jigsaw in the dark – it’s still technically possible to do, but it’ll be a lot easier if the light is on!
And that, children, is why there was never a single security vulnerability in proprietary software. And they lived happy ever after. The End.
First: imagine having a computer that runs open source and proprietary code at the same time??? /s
Second: this author could use a piece of advice that was very helpful to me when I started publishing creative work; “sleep on it”. There is a lot in this article that is screaming for editing, but specifically…The idea that someone would write “stranger in the van of candy” doesn’t shock me…the fact that no one in the chain pointed at that sentence concerns me.
WOW that author is dumb. I had a coworker who thought this way too, where he was like “all open source is insecure it’s easily hacked! You get what you pay for!”
I’ve used TightVNC for 15+ years and never had an issue.
The best part of this article has to be the Publicity of Exploits section.
“We know how shitty our code is, but don’t worry, we won’t tell anyone”
I don’t get it why there’s no a better, faster, lighter FOSS alternative to VNC. It takes so much bandwidth. It consumes a lot of CPU time. Sadly, the only acceptable solutions are proprietary like AnyDesk, TeamViewer, Chrome Remote Desktop, and RDP.
WOW, that is asinine. Makes me want to uninstall their viewers and servers everywhere.
Are there any good FLOSS alternatives that let you VNC over the internet (and dare I ask, on your phone)?
RealVNC hasn’t been relevant in a long time…?
Lots of better options
“20 years later, Karen wakes up from a deep coma. The last thing she can remember is a conversation she was having with her boss at Microsoft’s PR department…”
Looks like they took it down.
To be fair, this was 2019, when security by obscurity totally worked.
/s