Stories
Slash Boxes
Comments

SoylentNews is people

ZeroDB Encrypted Database Now Open Source

posted by martyb on Friday December 11 2015, @07:21AM   Printer-friendly
from the hidden-in-plain-site dept.

The Mighty Buzzard writes:

From the fine folks over at net-security.org comes this interesting announcement:

ZeroDB, an end-to-end encrypted database whose release was announced earlier this year, is now open source.

Developers MacLane Wilkison and Michael Egorov changed the license from proprietary to AGPLv3 on Monday, and invited the public to use it: "Try it, build awesome things with it, break it. Then tell us about it."

ZeroDB is based on the eponymous protocol that allows end-to-end encrypted queries, which in turn allows encrypted data to be stored on untrusted servers (e.g. in a public cloud).

[...] "In ZeroDB, the client is responsible for the database logic. Data encryption, decryption and compression also happen client side. Therefore, the server never has any knowledge about the data, its structure or order," it is explained in the documentation.

"Since the server has no insight into the nature of the data, the risk of a server-side data breach is eliminated. Even if attackers successfully infiltrate the server, they won't have access to the cleartext data," the developers pointed out.

No, NCommander, we don't need to switch databases twice in a year. Wait till 2016 at least.

Original Submission

 
This discussion has been archived. No new comments can be posted.
ZeroDB Encrypted Database Now Open Source | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by NCommander on Friday December 11 2015, @10:22AM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday December 11 2015, @10:22AM (#274909) Homepage Journal

    Ugh, this is why I shouldn't post when I'm half dead. I posted the text of Apache2 in that spot. The actual patent text from the GPLv3 is:

    You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.

    It's the reading of the term "import" which suggests it applies when incorporated as part of a larger distribution. The fact is I'm not a lawyer, and I'll go dig out the revelant threads from the FreeBSD mailing list when I'm less zombie. I'm going to bail out of this until tomorrow after I've slept a good 8 hours.

    --
    Still always moving
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Friday December 11 2015, @12:00PM

    by Anonymous Coward on Friday December 11 2015, @12:00PM (#274929)

    It's the reading of the term "import" which suggests it applies when incorporated as part of a larger distribution.

    When has "import" ever been used to mean "incorporated as part of a larger distribution" in a legal context? The GPL is a legal document, not a programming one.

    Personally, I can't see how "import" in this context could be interpreted as meaning anything other than "transfer from one legal jurisdiction to another". For example: "libfoo is developed and licensed for the EU. If you wish to use libfoo in the US, you must license our patents or we will sue".

  • (Score: 4, Informative) by Anonymous Coward on Friday December 11 2015, @01:26PM

    by Anonymous Coward on Friday December 11 2015, @01:26PM (#274953)

    Evidence that you're misreading:

    GPLv3, [www.gnu.de] section 5, last paragraph

    A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.

    So the license states quite explicitly that the license does not apply to other parts of a distribution which are independent of the covered work (i.e. the GPLv3-licensed code). Of course if the license does not apply, then this is true for any clause of the license, including the patent clause.

    In short: If you distribute a GPLv3 GCC with your OS, then the rest of the OS will not automatically be covered by the GPL, except for code that makes explicit use of GCC's code.

    Now if you compile with GCC, other considerations come into play, because the compiled code explicitly contains code from the GCC runtime library. However, that library contains the following exception:

    You have permission to propagate a work of Target Code formed by combining the Runtime Library with Independent Modules, even if such propagation would otherwise violate the terms of GPLv3, provided that all Target Code was generated by Eligible Compilation Processes. You may then convey such a combination under terms of your choice, consistent with the licensing of the Independent Modules.

    See https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html [gnu.org] for details.