Comment Re:A "secure" area (Score 1) 180
"beware of the leopard"
I didn't know anyone in the government used a mac!
"beware of the leopard"
I didn't know anyone in the government used a mac!
I'm not defending Cisco, I'm not saying the FSF is wrong. I'm saying there's a big part of the story that seems to be missing and should be discussed.
You misunderstand. Just because you release the code, it doesn't magically become as secure because it's "open source". Open Source is secure because it goes through a process. A process this code didn't see. That process allows for corrections when errors are made. This process takes time. And what I said in my original post is that there is going to be a window between when we, the community, improve the quality of product up to other open source standards, and when the source code is released, during which time there is an elevated threat.
Nearly all software products have vulnerabilities. With open source products, those vulnerabilities get fixed faster, making them more secure. They get developed in ways that are security conscience because the community is watching. With closed source vulnerabilities get discovered slower, but get fixed slower so there's no gain. Additionally, they don't go through the same focus and scrutiny during development, so they tend to have more vulnerabilities at release. Taking something that was developed in secret, widely implemented and then divulging the source doesn't get you any of the benefits of either. Vulnerabilities and exploits are near instantly apparent and discovered, and you don't have the benefit of open development.
If just having the source open to everyone is more secure, then don't ever bother to update firefox or whatever browser your running ever again. Keep doing your banking online with it. Knowing something has security holes is one thing. Telling the world what those security holes are is another thing, especially since there's not development process ready to respond to the vulnerabilities yet. This is like taking a browser that hasn't been patched for two years and pushing it to every third computer in the US. There's going to be a race to patch the system to make it secure and exploit the vulnerabilities and I'm not sure that's something I like.
kinda like "They're violating our patents but we won't tell you which ones" right?
I wouldn't worry about being taken to trail for this, I'd be worried about search warrants being issued based on this data. In other words, if you fall into a community downloading mixed materials, some public domain, some copyrighted, a conviction on one member of the community would be used to subpoena the other members. The idea of "Because you are part of a community illegally distributing protected works, we want to search your hard drive for illegal obtained data" doesn't seem like it would be too far of a leap for the courts. By that time they're done, you've lost productivity and probably hired a lawyer... so just the accusation is a big enough pain that it'd be a hassle.
Of course I don't see how this program protects you from that. It simply obscures which data and connections are important to you, but it doesn't hide the connections. I would imagine that you'd want to identify a person by "his connections contain this subset" and that answer would still be true with or without the program.
The fact that all the evidence the RIAA offers shows a link to the computer AND NOT THE USER seems to be something that people (lawyers, judges) IGNORE shows they don't actually care about the FACTS. Until you start taking photos of people through their webcams as they do naughty things, or come up with a way to show exclusive use of a devise or connection, then this still happens to be evidence wrongly taken into consideration.
"History is a tool used by politicians to justify their intentions." -- Ted Koppel