As always, that depends on your threat model. I'm definitely not an expert on the matter, but in the last couple of months there were a number of vulnerabilities in electron apps, including Slack, Discord, and Microsoft teams. The Signal desktop app is also electron based, so I wouldn't be surprised if some vulnerability was published in the next couple of months.
Additionally, I have no idea how exactly the signal desktop app stores its data, and how easy it would be to extract it.
Personally, I'd stay away from the desktop app if I (or the source) were actively targeted by someone with enough resources to spend on either electron bugs, or other ways of accessing my computer. That includes spear phishing.
I'm a bit confused by the "open source but not free" statement in the readme. How common is it to refer to software with public source code as "open source"? I always thought the "open source" label applied only to those licenses officially certified as open source.
The original wording was "It's open source, but it's not free". It can be understood as "It's open source software, but the copies are sold for a fee" if you stick with the standard terms, and yes, it's pretty common, but the actual meaning here was "the source is available, but not under a FOSS license", and it's also not unusual (for example, license with commercial restrictions).
Even your comment is ambiguous. I'm not really sure whether you've understood the context (and I'm not sure I've understood you, either) due to the ambiguity. This is exactly why I said the phase "open source" is a misuse and it's important to stick with the standard terms.
Can you name some examples? According to the internet for most practical purposes the terms "open source" and "free software" refer to the same set of licenses [0]
It's hard to sell air, until you compress it and put it in a tank. And it's hard to sell sand, until you put it in a bag. So the air and sand is free, but then it varies: Open core, dual licenses, packed with proprietary software, license clause's, etc.
Why not just ask for a license fee? And why can't something be open source when it's not free as in free beer? So yes, what I mean is there are open source software that is not free as in libre, and there are open source software that are not free as in free beer. So why can't this software be called open source, when the source is... open? Open source comes with many advantages, not just that it's free as in free beer but also that you can fix issues yourself, and it makes it easier to create plugins, mods, etc.
> And why can't something be open source when it's not free as in free beer
There is nothing preventing you from charging a fee for Open Source or even for Free Software. You only need to distribute source code to users of your software. That means it does not need to be publicly available on a site like Github. You need to remember that users who receive the software and source code are still allowed to distribute your software for a fee or even free. This method of selling software is not common at all though, so I can't really name any successful projects doing it.
> So why can't this software be called open source, when the source is... open?
The reason you can't call software like that as Open Source is because Open Source has a clear definition as defined by the Open Source Initiative[1]. Free Software has a definition as well[2]. The Open Source definition is a more expanded and detailed version of the Free Software's Four Freedoms. If the license you use for your software does not allow the things as described by those definitions, you can't call it Open Source or Free Software.
It's becoming more and more common, because giving casual words a specific meaning was a failure from the beginning. Now the newer generation of devs are growing up and are not indoctrinated enough yet to know this or care about it, and such things happen more and more.
One of my guesses is security. The story behind the discovery of MS08-067 reads like a strong argument in favour of some telemetry. The TLDR is that someone at Microsoft noticed a strange crash in some telemetry bucket, and it turned out to be a wormable zero-day. There's a write up at https://docs.microsoft.com/en-us/archive/blogs/johnla/the-in..., for those interested, and even though that story is twelve years old by now the general premise still stands.
Yep. Every year the Windows security team catches 0days that are under development from the crash logs telemetry and is able to patch them before they're mass exploited.
Location: Germany
Remote: No
Willing to relocate: Yes, Absolutely. I'm explicitly looking for opportunities outside of Germany.
Technologies: Android, Linux, Django, React, Docker, Squeak, AFL, Kali, Metasploit
Résumé/CV: https://dimeo.dev/cv.pdf
Email: contact@dimeo.dev
I am a German computer science student in the process of finishing my bachelor degree. I'm very interested in cybersecurity and want to to take an internship of ideally half a year, focused on cybersecurity, outside of Germany after finishing my degree this June. I'm eager to pick up new tech and tools, and willing to extensively prepare for a position.
I remember reading this. I also remember reading a compelling argument that the conclusions drawn by those studies were wrong, and that the actual cause for the difference in walking speed is age. People in big cities tend to be younger (due to urban migration, and whatnot), and with lower age comes faster walking speed.
I can't remember where that argument was made, and I never fact checked it, so take it with a grain of salt. However, it seems much more convincing than the 'pace of life' argument.
To add some context, the German constitution states that the German military may not operate within German borders (with some exceptions, e.g. disaster relief during natural disasters). Seeing armed soldiers would be very out of the ordinary.
The video surprised me to, so I took a closer look at this weapons system. The promotional material looks like it came straight out of the eighties because it does. According to wikipedia[0] this is a late eighties tech. Maybe it'd make sense to add that somewhere to the submission?
Personally, I'd stay away from the desktop app if I (or the source) were actively targeted by someone with enough resources to spend on either electron bugs, or other ways of accessing my computer. That includes spear phishing.