Re: "Once We Squeeze All We Can Out of the United States, It Can Dry Up and Blow Away."

From: nemo_outis (abc_at_xyz.com)
Date: 09/21/05

• Next message: Hurt: "Re: How To Abandon Microsoft"
• Previous message: Ari Silversteinn: "Re: "Once We Squeeze All We Can Out of the United States, It Can Dry Up and Blow Away.""
• In reply to: Jeffrey F. Bloss: "Re: "Once We Squeeze All We Can Out of the United States, It Can Dry Up and Blow Away.""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 21 Sep 2005 14:55:51 GMT

"Jeffrey F. Bloss" <jbloss@tampabay.mapson.rr.com> wrote in
news:1284232.GM1tOFCg9M@wrench.yi.org:

>
> Is open source perfect? No, nothing ever is. But it's light years
> beyond trying to reverse engineer closed source applications. So far
> removed in fact, that yes, it *does* instill a high level of trust in
> most people. Deservedly so.
>

Open-source seems a very attractive feature. However, it is based on two
premises:

1. Competent people will actually examine the source code

2. "Bad guys" will be dissuaded from attempting compromise because of
premise 1 (or, at least their threshold of required competence to sneak by
will be raised quite a bit)

As for premise 1, I know *I* haven't examined the code in detail and I
certainly don't have the cryptographic competence to check that there
aren't subtle flaws (not just outright coding errors or obvious backdoors
but subtler stuff like code that facilitates timing attacks, etc.)

So if we are all depending on some "other guy" to examine the source code
thoroughly, it seems that the potential benefit will largely evaporate.

And the above logic - to the extent it is true - also greatly weakens
reliance on premise 2.

So, yes, open-source has great *potential* for eliminating flaws and
backdoors. But is that potential being realized?

Regards,

PS I have posted in the past regarding Ross Anderson's thoughts on the
overselling of open-source.

---

• Next message: Hurt: "Re: How To Abandon Microsoft"
• Previous message: Ari Silversteinn: "Re: "Once We Squeeze All We Can Out of the United States, It Can Dry Up and Blow Away.""
• In reply to: Jeffrey F. Bloss: "Re: "Once We Squeeze All We Can Out of the United States, It Can Dry Up and Blow Away.""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: "Once We Squeeze All We Can Out of the United States, It Can Dry Up and Blow Away." ... > Open-source seems a very attractive feature. ... Competent people will actually examine the source code ... at least their threshold of required competence to sneak by ... I recently had a discussion with a prolific open source ... (alt.privacy) Re: Javascript help ... perhaps someone could provide a reference to back up this claim? ... That would depend on the competence of the poster. ... Nobody forces people to release source code. ... (comp.programming) Re: tweak "write" message so that it includes the date ... That's the beauty of open-source -- you can edit the source code to ... (comp.os.linux.misc) Re: Commercial file-server software ... This will be used with proprietary software (ours and ... We cannot use open-source because once you combine ... The GPL only requires that you supply source code if you distribute it outside ... (comp.os.linux.networking) Re: Open Source developers are not to be thrusted says article ... >From an auditing point of view, isn't open-source better since auditors at the ... user site can in fact look at the source code whereas when you buy ... (comp.os.vms)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2005-09