Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] AeroFS



"Edward Ned Harvey (blu)" <blu at nedharvey.com> writes:

>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Tom Metro
>> 
>> Uses closed-source, proprietary software. Nullifies the first point.
>
> Disagree.  Both windows and mac are closed-source OSes, which provide
> standard crypto libraries to the application layer.  The fact that
> your OS is closed source immediately nullifies your above
> nullification argument, because it's literally impossible for you to
> run a completely open source stack, unless you switch to a different
> OS.

Then don't use closed source OSes? I guess then you have to ask whether
the layer underneath that and the compiler bootstrapping was
compromised.

>
> More: While we all agree that more eyes and more scrutiny (open
> source) are good for security of a crypto library, the honest truth
> is, it's more *trained* and dedicated eyes that matters.  And you can
> only count the ones who want to help.  The flip side is that the bad
> guys also get the open source, and sometimes they keep their
> discoveries secret.
>
> The honest truth is, flaws exist in both open and closed source.  Some
> of each are great.  Some of each are crap.  Some were accidental, and
> some were planted by the NSA coercing Linus (or whoever).
>
> As a software developer, who develops closed source software that does
> (amongst other things) encryption and transport of user files, I can
> say this: I scrutinize all the open and closed source libraries and
> applications that I use.  I care greatly about using them correctly,
> and ensuring strong crypto to the best of my abilities.  It is
> *appalling* how often I look at open source, as well as closed source
> stuff, and determine that it's bad crypto.

How do you examine closed source crypto? It's a fair argument that the
code being available isn't sufficient to have all its bugs (intentional
or normal) found, but if the code's not available at all...




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org