Forgot your password?
Open Source

Confidence Shaken In Open Source Security Idealism 264

Posted by Soulskill
from the with-many-eyes-something-something dept.
iONiUM writes: According to a few news articles, the general public has taken notice of all the recent security breaches in open source software. From the article: "Hackers have shaken the free-software movement that once symbolized the Web's idealism. Several high-profile attacks in recent months exploited security flaws found in the "open-source" software created by volunteers collaborating online, building off each other's work."

While it's true that open source means you can review the actual code to ensure there's no data-theft, loggers, or glaring security holes, that idealism doesn't really help out most people who simply don't have time, or the knowledge, to do it. As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?"

Comment: Time for anew distro? (Score 1) 302

by jd (#48100237) Attached to: What's Been the Best Linux Distro of 2014?

I have often wondered if it would be worth building a new distribution. The existing ones all seem to make weird design decisions, none have conquered the desktop (I blame OSDL), they're nowhere near as high performance as they could/should be, and Linux Base is not necessarily the most secure layout. It's certainly problematic for multi-versioning.

Comment: Re:If true - imagine the consequenses (Score 1) 335

by jd (#48095359) Attached to: US Says It Can Hack Foreign Servers Without Warrants

The US are only allowed access to the SWIFT criminal database in Europe because Europe got fed up with the US hacking into it.

The US stands accused of unlawfully accessing Airbus commercially sensitive documents and selling them to Boeing, during the Echelon affair.

So, yes, they do believe they can break into any server at any time, for law enforcement purposes or financial gain through unlawful activity. I see no evidence of any serious attempt to keep this within any sort of reason. Indeed, the Manning Files and Snowden Files, together with the John Poindexter/Oliver North scandal and strong implications of CIA drug smuggling, suggest industrial espionage and economic crime are a mainstay of government activity.

I have no objections to espionage for genuine security, but accusations of CIA drug running when combined with the takedown of Silk Road sounds to be much less about anyone's security and much more about protecting market prices. If that is the case, then this isn't law enforcement but white collar crime. Further, Silk Road - whilst certainly a criminal enterprise - was not a matter of national or world security. It was also not a legally recognized context for extra-jurisdictional action.

This was a situation that could have been resolved lawfully and with integrity. The authorities chose neither, which is suggestive of them being incompetent or corrupt. Now, one should never ascribe to malice that which is adequately explained by incompetence, but corruption isn't really malice, it's just a perversion and everyone has at least one of those.

Comment: Search and seizure (Score 1) 335

by jd (#48094929) Attached to: US Says It Can Hack Foreign Servers Without Warrants

I was unaware that the Fourth Amendment stipulated geographical boundaries. I was rather under the impression that the rules stating what the government and its agents shall not do were quite explicit about it being the actions that were prohibited, not where or to whom.

In fact, I see nothing in the Constitution that grants any exemptions for the government or its agents with regards to extraterritorial activities or the affairs of extranational citizens. Now, there are reasonable limits (well, there are supposed to be) on interpreting the Constitution. No rational person believes politicians should be free to say anything at all. But this isn't a claim of fair exception, but of inapplicability. Quite a different matter. The Constitution defines what the government may lawfully do. It does not say "except on weekends", it does not say "except on the Internet", it does not say "except when it's convenient". Reasonable situations are, by definition, reasonable. If you choose to argue reasonable situations do not exist, that is fine. Zero is still a number. But the government cannot simply argue (with any validity) that it can arbitrarily create entire classes of exemption with no reasonableness shown or claimed.

I'm purposefully ignoring the Silk Road aspect. If that isn't claimed as a legitimate exemption, then that is immaterial to the debate.

Comment: You never know the quality of such sources (Score 1) 54

by jd (#48057163) Attached to: James Bamford Releases DOJ Report On NSA Warrantless Wiretapping From 1976

A book isn't right merely by being published. It is always wise to be prudent about what you believe.

However, in this case, the Church Committee is known to have had strong views. It is also a matter of record that Echelon involved all of the Five Eyes members spying on electronic communications. Further, allegations at that time of other spying operations at that time (including telephonic and domestic wireless intercepts) are certainly mirrored by the Snowden Files.

These matters, and some horribly rudimentary inside information on the British army signals post in Cyprus in the 50s tells me the basics are accurate enough, regardless of the accuracy of the high adventure.

There have been past allegations about how Reagan won the election. If the claims are entirely legit, that might get revisited.

The birth certificate claim is troublesome. It means the President has no authority over the NSA. At all.

Comment: Re: Antecdotes != Evidence (Score 1) 577

by jd (#48043385) Attached to: Will Windows 10 Finally Address OS Decay?

Agreed about anecdotes. However, I can say that I have to reboot my Windows 7 PC weekly because of serious degradation in performance. I have installed a fair bit of software (the PATH can no longer be extended) but there's only about three games (Freeciv, Kerbal Space Program, Elite: Dangerous) and no apps, toolbars or junk. The rest of the software on there? MariaDB, Ingres, GRASS, QGIS (OSGEO is basically Cygwin, so I've now three incompatible Cygwin distros on Windows), HOL 4, Active Python, Active Perl, Erlang, Rust, Blender, PoVRay, BMRT - the sort of stuff you'd expect to find on any PC, nothing fancy.

And Netscape. Which is a horrible resource hog and is honestly not usable in its current form. I have abandoned all efforts to get Chrome usable. I'll probably deinstall both and switch to Amaya. Which barely does anything, but it does it tolerably.

Heuristics are bug ridden by definition. If they didn't have bugs, then they'd be algorithms.