The main point is that you give the source to the blobs, so it’s not a black box anymore - new maintainers knowing what the blob does (and how) saves a HUGE amount of time prodding the black box (blob) to infer its behaviour.
And it doesn’t pose a security risk - if anything, more eyes on the code is better. Security through obscurity has been proven a myth since open code has more eyes on it. Security researches have smarter things to do than prod some binary blob when there’s so much code that’s either open source in the first place or at least only they got access to closed code.
What obscurity does is limit the eyes on the code, but the share of bad actors hoping to strike gold to researches looking at it outdoes any benefit.
Will your technically-challenged great-Aunt switch to post-support build when her phone hits EoL
She won’t. But you as her niece/nephew might. And the local repair tech might when she comes to ask. Abd she’s not an idiot, just the technology isn’t mature enough in the societal sense: people don’t think of bringing their phone to a repair shop like they do their cars, which is a fixable issue - even without much advocacy groups time will fix this issue.
hackers [will] be able to remote control her banking app and take away your inheritance before the community can even patch it
You might be mixing apples and orabnes here: why and how is the community expected to “fix” a banking app?
A banking app is a closed blob just like phobes nowadays. It’s a parasitic relationship: blobbed phones are used to justify blobbed apps and vice versa. It’s like saying “well, the foubdation of the building is bad, but to fix it we’d need to also deal with the crumbling walls” - so instead of fixing, it often is better to do a fresh start. But you’re suggesting we should continue making buildings with bad walls and foubdations because we have the wall materials lying around, so why not use them?
Then there could also be licensed code
This is a recipe for disaster. I hope you’re trolling.
The Internet wouldn’t work if DNS were centralized, and the only thing DNS is used for is translating key pairs (basically). Now a single point of failure would have to do code vetting?
It’s the totalitarian dream! Oh, and absolutely out of touch with reality.
The main point is that you give the source to the blobs, so it’s not a black box anymore - new maintainers knowing what the blob does (and how) saves a HUGE amount of time prodding the black box (blob) to infer its behaviour.
And it doesn’t pose a security risk - if anything, more eyes on the code is better. Security through obscurity has been proven a myth since open code has more eyes on it. Security researches have smarter things to do than prod some binary blob when there’s so much code that’s either open source in the first place or at least only they got access to closed code.
What obscurity does is limit the eyes on the code, but the share of bad actors hoping to strike gold to researches looking at it outdoes any benefit.
She won’t. But you as her niece/nephew might. And the local repair tech might when she comes to ask. Abd she’s not an idiot, just the technology isn’t mature enough in the societal sense: people don’t think of bringing their phone to a repair shop like they do their cars, which is a fixable issue - even without much advocacy groups time will fix this issue.
You might be mixing apples and orabnes here: why and how is the community expected to “fix” a banking app?
A banking app is a closed blob just like phobes nowadays. It’s a parasitic relationship: blobbed phones are used to justify blobbed apps and vice versa. It’s like saying “well, the foubdation of the building is bad, but to fix it we’d need to also deal with the crumbling walls” - so instead of fixing, it often is better to do a fresh start. But you’re suggesting we should continue making buildings with bad walls and foubdations because we have the wall materials lying around, so why not use them?
This is a recipe for disaster. I hope you’re trolling.
The Internet wouldn’t work if DNS were centralized, and the only thing DNS is used for is translating key pairs (basically). Now a single point of failure would have to do code vetting?
It’s the totalitarian dream! Oh, and absolutely out of touch with reality.