Stories
Slash Boxes
Comments

SoylentNews is people

ZeroDB Encrypted Database Now Open Source

posted by martyb on Friday December 11 2015, @07:21AM   Printer-friendly
from the hidden-in-plain-site dept.

The Mighty Buzzard writes:

From the fine folks over at net-security.org comes this interesting announcement:

ZeroDB, an end-to-end encrypted database whose release was announced earlier this year, is now open source.

Developers MacLane Wilkison and Michael Egorov changed the license from proprietary to AGPLv3 on Monday, and invited the public to use it: "Try it, build awesome things with it, break it. Then tell us about it."

ZeroDB is based on the eponymous protocol that allows end-to-end encrypted queries, which in turn allows encrypted data to be stored on untrusted servers (e.g. in a public cloud).

[...] "In ZeroDB, the client is responsible for the database logic. Data encryption, decryption and compression also happen client side. Therefore, the server never has any knowledge about the data, its structure or order," it is explained in the documentation.

"Since the server has no insight into the nature of the data, the risk of a server-side data breach is eliminated. Even if attackers successfully infiltrate the server, they won't have access to the cleartext data," the developers pointed out.

No, NCommander, we don't need to switch databases twice in a year. Wait till 2016 at least.

Original Submission

 
This discussion has been archived. No new comments can be posted.
ZeroDB Encrypted Database Now Open Source | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by darkfeline on Friday December 11 2015, @10:51AM

    by darkfeline (1030) on Friday December 11 2015, @10:51AM (#274919) Homepage

    I think you misunderstand the GPL, the AGPL, the FSF, and RMS.

    All you would need to do is this:

    1. Someone asks you for the source.
    2. You tell them to go look at the official ZeroDB sources. You offer to look up the exact version used if said person is willing to pay you for the time you spend doing so (perfectly valid according to the *GPL).
    3a. Said person goes to look at sources.
    3b. Said person pays you for your time.
    4. You do a quick package version check on the servers.
    5. You send the person the exact version and a link to the exact version of ZeroDB sources.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 1) by WillR on Friday December 11 2015, @05:09PM

    by WillR (2012) on Friday December 11 2015, @05:09PM (#275029)
    We're 30 years into this, and it's still not really clear whether "we didn't modify libfoo, here's a link to their source code repo" is a legally acceptable answer to a GPL request.

    • (Score: 0) by Anonymous Coward on Friday December 11 2015, @11:32PM

      by Anonymous Coward on Friday December 11 2015, @11:32PM (#275221)

      Well, the GPL is clear that you are allowed to download a copy of libfoo on their behalf and charge them for the service.

    • (Score: 2) by TheRaven on Monday December 14 2015, @11:54AM

      by TheRaven (270) on Monday December 14 2015, @11:54AM (#276069) Journal
      The answer to that is clear: It is acceptable with GPLv3, it is not acceptable with GPLv2. With GPLv2, you are required to provide the source along with the distribution or an offer good for three years to provide the source (if paid a reasonable copying fee). If you received the binary along with an offer, then you can simply forward this offer.
      --
      sudo mod me up