On Monday 9. November 2015 14.48.18 Werner Almesberger wrote: > Paul Boddie wrote: > > It would be interesting to read the review,
Sorry for the delay in responding, by the way! > Waiting for a response to the request for permission to publish > it. > > The review has mostly negative points. Let me paraphrase them: > > 1) not clearly within OTF's purview, > 2) we didn't explain how we plan to achieve market dominance, > 3) we didn't explain in detail what users are doing wrong today > and how that would change, > 4) our cost and time estimates look reasonable, but > 5) it's not clear how the project would sustain itself. > > 1) is indeed a valid concern, especially since Open Hardware is > still something new, so even if it meets the objectives of some > funding program, it may simply not have been considered when > defining the details. I guess they want stuff that gets deployed surreptitiously within dictatorships, not stuff that keeps the average American safe from criminal exploitation (amongst other things). > 2) sounds like an exaggerated criticism, and aiming to create a > monopoly and thus monoculture sounds like a rather dangerous > proposition when it comes to security. Indeed. > 3) also seems exaggerated, given that what we submitted was a > "concept note", not a doctoral thesis. I'll come back to this in a moment. > 4) phew :) :-) > 5) is a fair point. We mentioned that the next step would be > crowdfunding but didn't talk about what's beyond. But then, the > form for the concept note didn't ask about a business plan or > sustainability considerations, so I expected such questions to > be raised at a later point. Besides, they could just have asked. Indeed. > To sum it up, I'd consider 1) the weak spot of our proposal. We > can try to suggest why it may fit despite outward appearances, > but we can't demand that they widen their scope for us. The > other points all seem a little unfair and shall be challenged. If you had said that it's for people living in dictatorships unaligned with US interests (if I may be cynical for a moment), then maybe the attitude would have been rather different. > > perhaps because we might get a > > feeling for what the reviewers feel is worthy in this day and age, > > The folks over at the Core Infrastructure Initiative (sounds > like what's before been at OTF. Did they move ?) have a brief > but interesting discussion here: > > http://lists.coreinfrastructure.org/pipermail/cii-discuss/ > > There, the main point is sustainability. So the beancounters > may have a lot of weight in the discussion, which may not be a > bad thing in this case. This echoes point 5) from the review. Sustainability has multiple aspects, as we all know. Keeping yourselves funded so that you see things through to completion is just one of those. I think the open hardware aspect, where other people can make sure that the dream lives on, is another. > > Maybe they think that password and credentials management is a > > solved problem, > > Yes, the review mentions that there are other password managers > and tokens, so this may indeed be considered a "solved" problem. > As if ... :-) I was reading Which? magazine again recently (it's like the UK version of Consumer Reports, I guess), and in their exposé of bad Internet banking practices, they singled out password strength testing as something various banks weren't doing, thus getting them deductions from their eventual percentage-based scores. However, I didn't see any mention of people managing strong passwords using password managers, which means that this problem isn't even on their radar yet. *That* is how close this is to being a "solved" problem. Paul P.S. Another thing that came up about banks was that they weren't necessarily using their special code generator gadgets as much as they perhaps should have been. I came away from all of this being fairly unsurprised that UK banks seem to be common "phishing" targets. _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
