For the uninitiated, this is a representation of the Survivorship Bias.
Essentially, the red dots represent bullet holes from aircraft which returned from battle.
If you were to ask someone which places should be reinforced with armour, someone who has the Survivorship Bias would say “where the red dots are”, whereas people who know anything about engineering would say “everywhere else!”
It’s like saying: “why are you wearing a helmet? I’ve met hundreds of soldiers and none of them have ever been shot in the head, helmets are a waste of good armour.”
A true fact:
Did you know wearing a helmet increases your chances of dying of cancer.
What are you saying? That there are people doing the top version (“I want a backdoor / I ask the corpo to grant me access”) for FOSS but they’re less likely to get caught if they don’t do all the gymnastics?
OP is referring to a backdoor that was found. It apparently modified behaviour in a way that was noticeable to humans, suggesting that it was built by an unskilled adversary.
It’s a safe bet that there are others (in FOSS) that remain undiscovered. We know that skilled adversaries can produce pretty amazing attacks (e.g. stuxnet), so it seems likely that similar vulnerabilities remain in other FOSS packages.
It’s a safe bet that there are others (in FOSS) that remain undiscovered.
I agree, but I don’t think that image (about survivors’ bias) applies to the op meme then, as that would imply that it only seems like open source backdoors are convoluted because we’ve not found the simple/obvious ones
Survivorship bias or survival bias is the logical error of concentrating on entities that passed a selection process while overlooking those that did not. This can lead to incorrect conclusions because of incomplete data.
In this case, the selection process is discovering human-evident back doors. It fits by my reading.
Stuxnet was done by a literal army assembled by state actors with massive funding hoarding zero days. If an attack like that came at you there is very little you can do.
deleted by creator
For the uninitiated, this is a representation of the Survivorship Bias.
Essentially, the red dots represent bullet holes from aircraft which returned from battle.
If you were to ask someone which places should be reinforced with armour, someone who has the Survivorship Bias would say “where the red dots are”, whereas people who know anything about engineering would say “everywhere else!”
It’s like saying: “why are you wearing a helmet? I’ve met hundreds of soldiers and none of them have ever been shot in the head, helmets are a waste of good armour.”
A true fact: Did you know wearing a helmet increases your chances of dying of cancer.
Rofl I love this. Great comment
What are you saying? That there are people doing the top version (“I want a backdoor / I ask the corpo to grant me access”) for FOSS but they’re less likely to get caught if they don’t do all the gymnastics?
OP is referring to a backdoor that was found. It apparently modified behaviour in a way that was noticeable to humans, suggesting that it was built by an unskilled adversary.
It’s a safe bet that there are others (in FOSS) that remain undiscovered. We know that skilled adversaries can produce pretty amazing attacks (e.g. stuxnet), so it seems likely that similar vulnerabilities remain in other FOSS packages.
I agree, but I don’t think that image (about survivors’ bias) applies to the op meme then, as that would imply that it only seems like open source backdoors are convoluted because we’ve not found the simple/obvious ones
In this case, the selection process is discovering human-evident back doors. It fits by my reading.
Stuxnet was done by a literal army assembled by state actors with massive funding hoarding zero days. If an attack like that came at you there is very little you can do.