At the risk of getting swept up in this by consciously saying something
unpopular, I want to put my shoulder against the wheel of the "open source
process produces more secure software" machine. The reasons for software
licensing are complex, as we all know, but I'm certainly more confident in
the overall security of silent circle in its first release than I was in
the overall security of cryptocat 1. Why? Because there are much more
experienced people involved (not meant as a jab Nadim - PZ had about a 25
year head start if not more) and also because they have judiciously sought
the review of experts prior to release. If you have to choose between open
and closed in terms of the potential for building a secure architecture, of
course open is overall better, but there are many other factors at play,
including the resources and expertise an organization is able to devote to
the problem. Apple, for example, has an overall great security track
record, with most of that code closed source. Having $100 million in the
bank helps. A lot. It helps a lot more than the license. In fact the
overall number of eyes on the code is likely the more relevant factor - the
precise area where open source ostensibly scores such a resounding victory,
but only if in fact more experienced eyes review the code than they do
comparable closed source systems.
It just seems healthier to recognize this is a complex issue, and I don't
think reducing it to open versus closed source does that complexity justice.
-Adam
On Wednesday, February 6, 2013, Nadim Kobeissi wrote:
> What I'm trying to point out is that Silent Circle can call itself a
> super-group creating unbreakable encryption, market closed-source software
> towards activists, and some experts will still speak out for
> them favourably.
>
>
> NK
>
>
> On Wed, Feb 6, 2013 at 11:21 PM, Brian Conley
> <bri...@smallworldnews.tv<javascript:_e({}, 'cvml',
> 'bri...@smallworldnews.tv');>
> > wrote:
>
>> C'mon Nadim, that's a bit of a cheap shot, no? Do you disagree
>> fundamentally with anything he said there?
>>
>> Brian
>>
>> On Feb 6, 2013, at 19:56, Nadim Kobeissi <na...@nadim.cc<javascript:_e({},
>> 'cvml', 'na...@nadim.cc');>>
>> wrote:
>>
>> Chris Soghoian gives Silent Circle's unbreakable encryption an entire
>> article's worth of lip service here, it must be really unbreakable:
>>
>> http://www.theverge.com/2013/2/6/3950664/phil-zimmermann-wants-to-save-you-from-your-phone
>>
>>
>> NK
>>
>>
>> On Wed, Feb 6, 2013 at 10:49 PM, Brian Conley
>> <bri...@smallworldnews.tv<javascript:_e({}, 'cvml',
>> 'bri...@smallworldnews.tv');>
>> > wrote:
>>
>>> I heard they have a super secret crypto clubhouse in the belly of an
>>> extinct volcano.
>>>
>>> Other rumors suggest they built their lab in the liberated tunnels
>>> beneath bin ladens secret lair in Pakistan...
>>>
>>> Sent from my iPad
>>>
>>> On Feb 6, 2013, at 19:42, Nadim Kobeissi <na...@nadim.cc<javascript:_e({},
>>> 'cvml', 'na...@nadim.cc');>>
>>> wrote:
>>>
>>> Actual headline.
>>>
>>>
>>> http://www.extremetech.com/mobile/147714-cryptography-super-group-creates-unbreakable-encryption-designed-for-mass-market
>>>
>>>
>>> NK
>>>
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>>
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
--
Sent from Gmail Mobile
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
