Incoming from Curtis Sloan: > DISCLAIMER: I have been in rant mode about security lately, I don't know why. > Take all of the following with a grain of salt. :-) > > Ugh, propaganda just drives me nuts; it sells an agenda, not the > product/service/ideal/whatever. Now, I admit, I'm not a marketer. But I am > all for Open Source, and some of these claims are just seem a little too far > out there to resonate with me: > > 4) "It's simply going to be more secure than proprietary software." > > There's no evidence to support this. Open Source software can be more secure;
Well yes, there is evidence of it. I've seen it first hand. Patches for discovered exploits are available within days in OSS, where in Microsoft's case, you may not even be told the problem exists until people start getting rooted. Then MS sends out an advisory saying a patch will soon be available for the "problem", and when the patch is finally released, MS now calls it a "critical security flaw." Then you wait on the edge of your seat to see if the "patch" was actually a patch, or if the "patch" now needs to be patched! OSS can at least vet fixes. We have to take closed source fixes on faith. I don't know how religious you are, but that sort of thing makes me gag. :-) > it can also be much worse than closed source. Secure software has little > to do with whether it's open or not; good software design and adhering If anyone anywhere can download and look at the source, that's the potential for finding the flaw _at all_. No such potential exists in closed source. Yes, you can develop secure code in closed source; that's not the issue. > "When a programmer develops a new cryptographic system, he or she wants to > publish the specifications so that as many people as possible can try to > crack it." > > Yes, but that's not Open Source. That a published cryptographic algorithm. > At best it's analogous. The principle is the same (openness fosters > strengthening), but the principle wasn't stated. :-P That's an argument against closed source. In open source, we can check the implementation and see for ourselves whether the implementation securely implements the system. We've no assurance of the same in closed source. > 5) "Open source benefits from anti-American sentiments." > > Why phrase it like this? It has political overtones. Why not just say, "Open > Source is international" or "knows no borders" or something? There are lots of people out there who see MS as simply yet another of the many tentacles of "Yanqui Imperialism," and judging by the DoJ's actions, they're right. This produces an incentive in the rest of the world to not use MS' expensive, proprietary, insecure, and potentially anti-secure systems for foreign businesses and governments. They may be paranoid, or maybe they're not. Do the overlords in the PRC want to trust MS that the latter isn't going to be supplying the CIA with crypto backdoors to supposedly secure communications? I wouldn't. > Maybe I'm just being picky, but last I checked the *BSDs were open source and > ran on Intel. Mostly it sounds like a marketing scam based on the good name > of Linux. Last time I checked, the *BSDs were more free than FLOSS; they make no bones about you doing anything you damned well please with BSD code. Gnu/Linux is hamstringed in comparison. I thought Andreeson's comments were just some light convention babble. Too bad he's a visionary, since everything those people say gets taken up as a banner by the infantry. "An idea is not responsible for the people who hold it." -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
