Zak McGregor on Mon, 3 Feb 2003 14:40:21 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> anti-piracy goons considered harmful


On Fri, 31 Jan 2003 09:18:36 -0500
Francis Hwang <sera@fhwang.net> wrote:

> There's no question that Microsoft products are generally much less 
> secure than anything else, but being able to see the source code does 
> you no good if you don't understand it. Computer security is a 
> difficult, arcane endeavor. Any human rights organization -- either 
> in a developing country or in the U.S. -- would be extremely lucky to 
> get their hands on a hacker with the geek-fu to be capable of a code 
> audit.

However with open source it is more than likely - even perhaps inevitable
- that that code *is* going to be scrutinised by people with the technical
know-how to notice certain weaknesses or deliberate circumventions or
backdoors. The same certainly cannot be said of closed source software
especially when such security issues may well be part of
company/state/"national interest" policy.
 
> Also, many security breaches don't actually occur because of software 
> failures -- they occur because people aren't naturally as distrustful 
> about this stuff as they should be. A really expensive security 
> system does you no good if Bill picks "bill" as his password. Or, if 
> you can call him up at home pretending to be somebody else, and ask 
> for his password because you need to look at a file on his machine. 
> That's a problem whether you're running Windows or Linux or BSD or 
> whatever.

True, but a seperate issue. This doesn't invalidate any of the points that
make open source a prerequisite for secure computing, or rather disqualify
closed source from the equation altogether.

Ciao

Zak




#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net