Closed Thread
Thread Tools
Posts: 1,298 | Thanked: 2,277 times | Joined on May 2011
#841
Originally Posted by Lumiaman View Post
How is open source more secure??
It has more potential to discover vulnerabilities. Recent revelations about backdoors in commercial closed code demonstrate it. It's much harder to discover such thing in a black box code.
 

The Following 6 Users Say Thank You to shmerl For This Useful Post:
Posts: 1,341 | Thanked: 708 times | Joined on Feb 2010
#842
Originally Posted by jalyst View Post
Being 100% open source is no anti-dote, they've actively gone after those models too.*
The only (slight) advantage, is that vulnerabilities would be found/closed more quickly.
Yes, but I would say it actually IS anti-dote. It just isn't 100% working anti-dote or sometimes it takes time to work.

It could be said based on the recent (hero) Snowden's revelations, open source IS THE ONLY WAY to be potentially spy-free and backdoor-free.
More encryption won't be the answer, more open source can be.

One of the most famous so far found security weakness in an open source software was the SSL weakness in Debian found couple of years back. A good lesson to all open source developers. It is a shame it wasn't found already then when two lines of code was removed between two revisions. That is why diff patches are for, not need to audit every line of code from start to end every time, just the changed lines.
https://www.schneier.com/blog/archiv..._number_b.html
Code:
	MD_Update(&m,buf,j);
	[ .. ]
	MD_Update(&m,buf,j); /* purify complains */
Back when the NSA was routinely weakening commercial cryptography, their favorite technique was reducing the entropy of the random number generator. (written 2008 by Bruce Schneier)
Originally Posted by mikecomputing View Post
to repeat what said already, take a look here what IS open:
Is there a same kind of lists of software which is IS NOT going to be OPEN (already known) in the Jolla Sailfish devices?

I remember there being re-license-request-tags in the bugs.maemo.org ("product=Licensing Change Requests").

Last edited by zimon; 2013-09-08 at 20:35.
 

The Following 4 Users Say Thank You to zimon For This Useful Post:
Posts: 1,298 | Thanked: 2,277 times | Joined on May 2011
#843
Originally Posted by zimon View Post
Is there a same kind of lists of software which is IS NOT going to be OPEN (already known) in the Jolla Sailfish devices?
Nothing like that is to be expected before the release. After the release such list can be compiled.
 

The Following User Says Thank You to shmerl For This Useful Post:
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#844
Originally Posted by zimon View Post
Yes, but I would say it actually IS anti-dote. It just isn't 100% working anti-dote or sometimes it takes time to work.
Well that means it isn't a anti-dote. My point still remains, I don't dispute it being better for security, I dispute it being a "panacea".

Last edited by jalyst; 2013-09-09 at 16:36. Reason: clarification
 

The Following User Says Thank You to jalyst For This Useful Post:
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#845
Originally Posted by shmerl View Post
Nothing like that is to be expected before the release. After the release such list can be compiled.
The open/closed make-up was broken down into quite a bit of detail in at least 1 thread a mth or 2 ago.
Do you know where to put you hand on that, that's what we can show him, for now at least...
 

The Following User Says Thank You to jalyst For This Useful Post:
Posts: 1,341 | Thanked: 708 times | Joined on Feb 2010
#846
Originally Posted by jalyst View Post
Well that means it isn't a anti-dote, my point still remains, I don't dispute it being better for security, I dispute it being a "panacea".
There is vaccines in medicine, which do not give you 100% cover against some virus, but where more people are vaccinated when time goes by, more changes the virus won't spread more quickly than it is terminated, and eventually the virus dies away.

So ok, call it vaccine then instead of anti-dote :-)

Same thing with security with open source software. There may be a backdoor somewhere, but giving time, chances someone finds the backdoor are increasing. If it is closed source, the backdoor will more probably stay there forever (IIABDNFI).

For example, the famous SSL weakness in Debian 2008. If it would have been closed source (MS Windows) the weakness would most probably still be there.

Last edited by zimon; 2013-09-09 at 16:11.
 

The Following 3 Users Say Thank You to zimon For This Useful Post:
Posts: 1,298 | Thanked: 2,277 times | Joined on May 2011
#847
Originally Posted by jalyst View Post
The open/closed make-up was broken down into quite a bit of detail in at least 1 thread a mth or 2 ago.
Do you know where to put you hand on that, that's what we can show him, for now at least...
Not sure how that was possible, since Jolla published no information about most applications they are working on. For example e-mail client and the like. The last time I've heard from them, info on those being open / closed and etc. will be avaialble only after the release simply because there is no info on them at all before the release. I probably missed that thread as well by the way, can you please link to it?
 

The Following User Says Thank You to shmerl For This Useful Post:
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#848
Originally Posted by zimon View Post
So ok, call it vaccine then instead of anti-dote :-).
Lets not get into semantics here, it's called an "expression"...
Folks know what is meant when such an expression is used, unless their English isn't very good of course.
As for the rest of your post, you seem to be arguing with me when I've already stated that I agree with the main thrust of what you said.

Originally Posted by shmerl View Post
Not sure how that was possible, since Jolla published no information about most applications they are working on. For example e-mail client and the like. The last time I've heard from them, info on those being open / closed and etc. will be avaialble only after the release simply because there is no info on them at all before the release. I probably missed that thread as well by the way, can you please link to it?
No time ATM, if anyone else has an idea where it is please share, TIA!

Last edited by jalyst; 2013-09-09 at 16:36.
 

The Following User Says Thank You to jalyst For This Useful Post:
Posts: 3,464 | Thanked: 5,107 times | Joined on Feb 2010 @ Gothenburg in Sweden
#849
Originally Posted by shmerl View Post
It depends. One can be 100% open source, if one finds way to be profitable. Examples include Red Hat, Mozilla and others. Jolla are a startup, and are still figuring things out. I hope they'll find a way to make Sailfish 100% open source (I'm not talking about driver blobs here).

About NSA and etc. Things go way deeper than many even think. It's way beyond Google and co. already.
See http://www.theguardian.com/world/201...e-surveillance
I dont say NSA is something I like. But thing is most people are stupid *****s and dont care. They will continue to use facebook, buy android phones etc...

And about FOSS not possible. Yes I take that back, some companys can, but thats way different sectors than mobile/embedded markets where you depends on alot more manufactors to realese FOSS drivers etc.. As I already has stated in an old post: Jolla is to small get drivers or write FOSS drivers themself.


Jolla has to have another bussines plan if they want to be fully open. Licensing SailfishOS if fully open source will def not work.
__________________
Keep safe and healthy
 

The Following User Says Thank You to mikecomputing For This Useful Post:
Posts: 1,298 | Thanked: 2,277 times | Joined on May 2011
#850
Originally Posted by mikecomputing View Post
And about FOSS not possible. Yes I take that back, some companys can, but thats way different sectors than mobile/embedded markets where you depends on alot more manufactors to realese FOSS drivers etc.. As I already has stated in an old post: Jolla is to small get drivers or write FOSS drivers themself.


Jolla has to have another bussines plan if they want to be fully open. Licensing SailfishOS if fully open source will def not work.
I'm OK with drivers being closed. Writing their own drivers is probably impossible for Jolla. Even if they'll get into reverse engineering, there can also be potential patent pitfalls there and etc. But I was talking about higher level. Making the OS besides the hw adaptation fully open can be a possibility. In the future Jolla should expand anyway. I hope they will.
 

The Following 3 Users Say Thank You to shmerl For This Useful Post:
Closed Thread

Tags
jolla, nokia-again?, not-so-open, totally closed, zipper is open

Thread Tools

 
Forum Jump


All times are GMT. The time now is 14:59.