Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: A more fundamental issue..
From: Barry Fitzgerald (bkfsecsdf.lonestar.org)
Date: Thu Nov 13 2003 - 15:13:19 CST
Jeroen van Drie wrote:
>Barry I agree with what you wrote.
>I tried to be ironic in my post with this paragraph about the NSA. Did the NSA
>think they could get away with releasing such great secure code under the GPL
>without getting fallout for it? "What were they thinking?" I think they knew
>what they were doing, consciously chose the GPL over the BSD license; a bit
>of a political test balloon as well.
>To me, freedom and democracy are higher goods than "free enterprise and fair
>competition"; China proves it; they have quite a lot of free enterprise and
>fair competition without providing their own citizens with freedom and
>But a government that develops GPL code and hands it out to redhat, suse, et
>all .. isn't that government in competition with Microsoft? How could MS ever
>integrate such code?
>My belief is that when a government (co)develops software and does not release
>the source for its citizens benefit the only excuse is national security.
>Embedded in government developed source code is a democratic process and
>hence it is important citizens can both review and freely use that process.
>In fact as operating systems and libraries become part of the social
>infrastructure I think it is vital for organisations like the NSA to get
>involved doing their bit to secure that infrastructure from people who would
>take advantage of it. Fortunately they're still hosting
I firmly agree with everything you've said above. Thanks for the
clarification. :) I apologize for the misunderstanding, but you know
how many people out there have actually made that argument seriously. :)
As far as how MS could integrate such code, it's pretty simple
actually - they can GPL their products. Of course, many people will say
that it's not freedom to try to force them to do this, but then - we
can't integrate their code, either. So...
I define freedom as having as many rights as one possibly can
without having the right to take away the rights of others. That is
really the only functional way to have sustainable freedom.
Actually, the real irony and the way to stem this back into
security is that proprietary software is itself a barrier to ensuring
national security in this way. It's not that the license has any direct
relationship to the quality of code. Surely, there are a great body of
GNU GPL'ed programs out there that are absolutely horrible from a
security perspective. However, what I am concerned with is progressive
systems. If we can't share information openly, our systems will
ultimately be less progressive than they otherwise could have been.
Simply look at the recent cases where the DMCA is being leveraged to
halt security research. There is a very good set of examples of
proprietary interests attempting to undermine the interests of
progressing the security of the system for their own profit-driven goals.
It really isn't the proprietary software itself, but rather the
interests of proprietary thought that are the enemy of security. The
paradigm is social, not technical - as is the solution. And in that
way, we have far more fundamental security issues than we realize at
this moment in time.