OK - now we actually have a detail disagreement. Please show me evidence of Silent Circle "malpractice"..
That's a big leap from disagreeing with a practice or declaring a best practice as you see fit and negligence or even blatant disregard. Context matters. -Ali On Tue, Nov 6, 2012 at 2:22 PM, Nadim Kobeissi <[email protected]> wrote: > Ali, > Of course I would publicize my complaints. That's how you get your voice > heard. I repeat that my only concern here if Silent Circle shipping > questionably secure software and going against the open sourcing of > cryptography software. I don't care if it's, as you say "a bit of 'look at > me!'", This is not my concern. My concern is for Silent Circle to stop its > malpractice. When Bruce Schneier critiques software, it's not because he > wants people to pay attention to him, it's because he wants the software to > be fixed. I am trying to follow his example as much as I can here. > > Also, to answer your question: I have no problem with who funds or founds > Silent Circle. This is not the source of my complaint. > > > NK > > > > On Tue, Nov 6, 2012 at 2:16 PM, Ali-Reza Anghaie <[email protected]>wrote: > >> It's not just me who interprets it that way - the only reason I responded >> was that after Nadim's first post I was approached by former colleagues who >> are still in the DoD circles. They all wondered if these complaints, that >> seemed awfully specific to ~one~ player in the industry, were born from >> Anonymous or other political movements because of the Navy SEALs involved >> in the founding. >> >> I explained I trusted people would judge Silent Circle more on actions >> and the history of PZ and Jon Callas but hey, that's still my speculation.. >> >> Nadim also posted this on his Twitter timeline - it's hardly a "without >> publicity" move, and he quickly engaged CSoghoian too. It's not a stretch >> to say it was a bit of "look at me!".. >> >> However, with all that said, it WOULD be a stretch to say that Nadim is >> ~wrong~ in his eventual technocratic position here. I'm just arguing the >> tactical value of it given the very wide problem sets we all have. >> >> -Ali >> >> >> >> On Tue, Nov 6, 2012 at 2:11 PM, Greg Norcie <[email protected]> wrote: >> >>> Nadim, >>> >>> You are correct - the website (nor the whois) mention you. But your post >>> on this mailing list does. >>> >>> You seem like a very intelligent guy - if you had intended this to be an >>> anonymous critique, I doubt you'd have used your real name to post the >>> link :) >>> -- >>> Greg Norcie ([email protected]) >>> GPG key: 0x1B873635 >>> >>> On 11/6/12 2:06 PM, Nadim Kobeissi wrote: >>> > Greg, >>> > The website does not mention me at all, it's purely meant as a >>> complaint >>> > against Silent Circle's policy. I've already written a lengthy post >>> > regarding Silent Circle (http://log.nadim.cc/?p=89) and yet have >>> > received no reply. >>> > >>> > >>> > NK >>> > >>> > >>> > On Tue, Nov 6, 2012 at 2:04 PM, Greg Norcie <[email protected] >>> > <mailto:[email protected]>> wrote: >>> > >>> > Nadim >>> > >>> > I understand your position, but actions like this website won't >>> help >>> > your cause. >>> > >>> > Can you understand how actions like setting up this web site might >>> be >>> > viewed as a way to call attention to oneself, rather than champion >>> the >>> > (respectable) ideals of the open source movement? >>> > -- >>> > Greg Norcie ([email protected] <mailto:[email protected]>) >>> > GPG key: 0x1B873635 >>> > >>> > On 11/6/12 1:53 PM, Nadim Kobeissi wrote: >>> > > Ali, >>> > > The issue is trust. Security software verifiability should not >>> have to >>> > > depend on Silent Circle (or who they hire to audit, for example >>> > Veracode.) >>> > > >>> > > >>> > > NK >>> > > >>> > > >>> > > On Tue, Nov 6, 2012 at 1:51 PM, Ali-Reza Anghaie >>> > <[email protected] <mailto:[email protected]> >>> > > <mailto:[email protected] <mailto:[email protected]>>> >>> wrote: >>> > > >>> > > Nobody would dispute that - that's not quite the same thing >>> as >>> > FOSS >>> > > default positions or some of the other criticisms. >>> > > >>> > > For example, I'd contend a paid Veracode audit would in all >>> > > likelihood be better than any typical FOSS audit. Had they >>> > done that >>> > > (heck, they might have but I doubt it) and still announced >>> the >>> > > intent of opening the codebase - I wager that would not have >>> > stopped >>> > > the criticism. >>> > > >>> > > It appears to be a deep-seeded cultural divide more than any >>> > of the >>> > > other factors combined. >>> > > >>> > > -Al >>> > > >>> > > >>> > > >>> > > On Tue, Nov 6, 2012 at 1:43 PM, Yosem Companys >>> > > <[email protected] <mailto:[email protected]> >>> > <mailto:[email protected] <mailto:[email protected]>>> >>> wrote: >>> > > >>> > > Security audits are always important, especially when >>> people's >>> > > lives are at risk. >>> > > >>> > > On Tue, Nov 6, 2012 at 10:37 AM, Nadim Kobeissi >>> > <[email protected] >>> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: >>> > > >>> > > Hi Ali, >>> > > There is no "agenda," and there needn't be one if you >>> > are to >>> > > critique security software. No need to be so >>> aggressive. >>> > > My qualms against Silent Circle are detailed >>> > > here: http://log.nadim.cc/?p=89 >>> > > >>> > > >>> > > NK >>> > > >>> > > >>> > > >>> > > On Tue, Nov 6, 2012 at 1:34 PM, Ali-Reza Anghaie >>> > > <[email protected] <mailto:[email protected]> >>> > <mailto:[email protected] <mailto:[email protected]>>> wrote: >>> > > >>> > > Seriously - what's your agenda? >>> > > >>> > > Where are the domains for the other tens of >>> providers >>> > > who charge arms and legs based on closed >>> protocols >>> > even? >>> > > >>> > > What's the nit with Silent Circle specifically? >>> > Because >>> > > they're accessible? Because it's easier to use? >>> > Because >>> > > the founders have good track records of standing >>> up to >>> > > Government too? >>> > > >>> > > Being absolutist about everything isn't helping >>> anyone >>> > > who ~needs~ it - it's a privilege of the "haves" >>> > that we >>> > > can have these conversations over and over again. >>> > > >>> > > Shouldn't we have taken the "fight" to carriers, >>> Apple >>> > > iOS T&Cs, etc. harder and longer ago? And why do >>> > we keep >>> > > expecting private entities to fight our >>> Government >>> > > battles for us? It's a losing proposition and >>> > increases >>> > > the costs-per-individual to untenable levels when >>> > we mix >>> > > absolutely all their enterprise with civil >>> liberty >>> > issues. >>> > > >>> > > There has got to be a better way than this >>> ridiculous >>> > > trolling and bickering. Someone? Anyone? >>> > > >>> > > Again, seriously, what's the agenda against >>> Silent >>> > > Circle specifically? >>> > > >>> > > -Ali >>> > > >>> > > >>> > > >>> > > On Tue, Nov 6, 2012 at 1:20 PM, Nadim Kobeissi >>> > > <[email protected] <mailto:[email protected] >>> > <mailto:[email protected]>>> wrote: >>> > > >>> > > http://issilentcircleopensourceyet.com/ >>> > > >>> > > NK >>> > > >>> > > -- >>> > > Unsubscribe, change to digest, or change >>> password >>> > > at: >>> > > >>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > > >>> > > >>> > > >>> > > -- >>> > > Unsubscribe, change to digest, or change >>> password at: >>> > > >>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > > >>> > > >>> > > >>> > > -- >>> > > Unsubscribe, change to digest, or change password at: >>> > > >>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > > >>> > > >>> > > >>> > > -- >>> > > Unsubscribe, change to digest, or change password at: >>> > > >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > > >>> > > >>> > > >>> > > -- >>> > > Unsubscribe, change to digest, or change password at: >>> > > https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > > >>> > > >>> > > >>> > > >>> > > -- >>> > > Unsubscribe, change to digest, or change password at: >>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > > >>> > -- >>> > Unsubscribe, change to digest, or change password at: >>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > >>> > >>> > >>> > >>> > -- >>> > Unsubscribe, change to digest, or change password at: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> > >>> -- >>> Unsubscribe, change to digest, or change password at: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> >> >> >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
