SoylentNews is people
SoylentNews
posted by
CoolHand
on Saturday April 25 2015, @04:16PM
from the we-can-trust-the-gubmint-for-encryption-and-security dept.
from the we-can-trust-the-gubmint-for-encryption-and-security dept.
A study by European IT security experts suggests that the EU should also fund or participate in the development of open source software to ensure end-to-end encryption solutions. Using open source is not a universal remedy, they state, but it is an “important ingredient in an EU strategy for more security and technological independence.” The experts say support for open source will increase the EU’s technological independence.
A second study for this committee meeting argues that the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance.
https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D
This discussion has been archived.
No new comments can be posted.
The EU Should Finance Key Open Source Tools
|
Log In/Create an Account
| Top
| 27 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Hey, wait a minute!! I want a divorce!! ... you're not Clint Eastwood!!
(Score: 3, Insightful) by frojack on Saturday April 25 2015, @07:20PM
The real problem is deciding who is worthy of receiving funds
That is a problem, to be sure.
But a far bigger problem is the crazy notion that government should be trusted to protect the people from the government.
You can not remove the tendency of those in power to attempt to acquire more power. Its pretty much human nature to do so.
Therefore, entrusting the funding of opensource to the government is just another form of embrace, extend, and extinguish, in the hands of a far more powerful group, with far more sinister goals.
The best you can hope for is creating a structure to incentiveze end-users to fund open source, and to allocate the
funding to various projects.
Neither of these tasks should be in the hands of the government. Any Government. The best you can hope for is a tax write-off for such contributions. But then who gets the money?
Most end users don't have the knowledge to properly decide which projects should get how much money. But then, neither do the governments (and government's opinion should immediately be considered suspect). How many of us knew there was serious problems in encryption libraries? How many governments knew?
There exists no suitable body to make these allocations today. Maybe FSF comes closest, but will they fund OpenBSD as well as encryption projects? Or will they just become captured by Sievers and Poettering backed by Red Hat lobying?
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by Anonymous Coward on Saturday April 25 2015, @07:58PM
ISTM you're extrapolating the failures of the USA's broken-by-design power-hoarding governmental design across every nation.
The parliamentary systems across northern Europe seem to be doing a significantly better job at pretty much everything.
Investing money into your own economy by using local talent to produce the things that gov't needs seems like a no-brainer.
(Keynes' Multiplier Effect)
Exporting cash to get a product that features padlocks to which you don't hold the keys couldn't be farther from my idea of right.
The perfect is the enemy of the good.
Let's get headed in the right direction and see where that takes us.
Reevaluate as necessary.
-- gewg_
(Score: 2, Flamebait) by frojack on Saturday April 25 2015, @08:16PM
ISTM you're extrapolating the failures of the USA's broken-by-design power-hoarding governmental design across every nation.
The parliamentary systems across northern Europe seem to be doing a significantly better job at pretty much everything.
-- gewg_
Seriously? You are going to start with your "The grass is always greener anywhere but the US" argument?
Did you forget that the Parliamentary systems of Germany an the UK and France have more intrusive and invasive spying systems in place than the US?
Did you fail to notice there are as many states contemplating exiting the EU as joining it? Or that its member states live every day in violation of their own charter of human rights?
My post above was deliberately non-nationalistic in nature. And you pile on with your Hate America crap!
No, you are mistaken. I've always had this sig.
(Score: 1, Insightful) by Anonymous Coward on Saturday April 25 2015, @10:23PM
Wait. You're saying there's something worse than "Collect it all"??
Now it's you who is doing the placard hoisting^W^W flag waving.
My post above was deliberately non-nationalistic
...if one ignores the countries that are ALREADY making sure that open standards and open source software work for their people.
The Netherlands and India have, for example, recently made headlines.
Years ago, Norway made the news.
your Hate America crap
I don't hate America.
There's some pretty great stuff that goes on here.
I can't, however, stand the USA Gov't with its thin veneer that allows it to pretend it's a democracy.
...as well as the way a tiny cadre of rich white males purposely set it up so that it would be incredibly difficult to change that.
Someone was just mentioning the NIH nature of RedHat in another set of comments.
It applies in spades to USA.
The results they get in northern Europe with parliamentary systems seem to be significantly better for Joe Average there than what we get here.
Gratis education and universal heathcare for starters and reasonable worker rights to continue.
So, what exactly is wrong with me pointing out examples of folks doing it better?
Sometimes those examples are the USA doing it right--in the distant past.
-- gewg_
(Score: 2) by maxwell demon on Saturday April 25 2015, @08:12PM
Even if that initialtive would result in backdoored Open Source code, the only alternative we currently have is backdoored proprietary code. In backdoored Open Source, we have a better chance to eventually find the backdoors, and a much better chance to get them fixed after they are found.
So backdoored Open Source is still better than backdoored proprietary.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by frojack on Saturday April 25 2015, @09:38PM
Perhaps you are right.
But all those eyes failed on the Elliptical Curve [cryptographyengineering.com] random number generator fiasco.
Just as likely, it will be illegal to change the government approved back-doors, and every distro will be obligated to propagate them, and removal instructions will become illegal to publish. Look at the lengths governments have gone to to shut down TPB and Wikileaks.
Governments will always put government priorities ahead of yours, and with government money comes government regulations.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by maxwell demon on Sunday April 26 2015, @07:14AM
Ultimately it was found. It probably wouldn't have been found if the algorithm hadn't been publicly documented. And with Open Source, you now can check that it indeed doesn't use elliptical curves. With proprietary code you have to trust the vendor's claim that it doesn't.
With Open Source, you'd have to be very explicit about that requirement. And being explicit about that requirement would probably be political suicide.
With proprietary software, all you'll have to do is to make decompiling/changing a crime (with copyright and malware as an excuse). No problem to sell that to the general public.
With TPB and Wikileaks it was a well-defined target. With Open Source, they'd have to target everyone.
But the most important goal of every government is to continue being the government. In a democracy, this means to at least pay lip service to the wishes of the public. And in the field of backdoors, Open Source makes it much harder to pay lip service while doing the opposite.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2, Informative) by Hairyfeet on Saturday April 25 2015, @10:49PM
Sigh...that is why the world had to spend billions on the BASHing that was Shellshock and Heartbleed. The problem is too many pieces of critical FOSS has been ignored under the "many eyes myth" which is a classic "is/ought" fallacy in that everybody assumes because the code IS out there somebody with the years of experience in low level coding and penetration testing OUGHT to have gone through the code...heartbleed and Shellshock put a stake in that particular lie.
Bad FOSS code isn't magically better than good proprietary because somebody, somewhere, sometime, which you have ZERO proof of, MIGHT have looked at the code. You can decompile pretty much any code and Wireshark will show you quickly enough if that program is connecting to places you don't want it to. But if you think merely having the code will magically make it automatically audited on every release by people with the skills to do so? Bash is the most used piece of FOSS on the entire planet by far...and it still get pwned.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by maxwell demon on Sunday April 26 2015, @07:20AM
What part of "better chance" did you not understand?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hairyfeet on Sunday April 26 2015, @10:13PM
Again you are simply using an "is ought" fallacy because you have absolutely ZERO PROOF that anybody other than the ones who wrote it have looked at it...none, zero, zipola, nada. You are saying because the code IS there it OUGHT to have been audited...perhaps Wikipedia [wikipedia.org] can help you understand why your argument makes as much sense as "because there IS books on vampires there OUGHT to be real vampires"...with "is ought" fallacies you take a single fact (there is source code) and jump to a conclusion with zero evidence to support it (it OUGHT to have gone through an extensive code audit) with no basis in fact....NOW do you understand friend?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by maxwell demon on Monday April 27 2015, @06:26PM
Could you please show me where I do claim that? Because I cannot find it.
OTOH, you seem to imply that closed source code is always audited (and moreover, that it is always audited to not have a backdoor).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hairyfeet on Monday April 27 2015, @07:40PM
And then you go for the classic and you are lynching negroes [wikipedia.org] which is a tu quoque argument used to attempt tp change the subject, which was NOT about closed source software but about how having source does NOT in ANY way, shape, or form, provide you with ANY increased security, it just provides you with source. To claim otherwise is to claim an "is ought" with zero basis in proof nor evidence.
Anymore fallacies or logic hoops you care to jump through chief?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 1, Offtopic) by maxwell demon on Monday April 27 2015, @08:35PM
I see, you are not able to answer my question. Not that I had expected that you are. EOD
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hairyfeet on Tuesday April 28 2015, @09:33PM
I don't follow games of moving the goalposts, nor will I jump for logic fallacies, especially when you provide ZERO proof or ZERO evidence to back up your cloaim. You say ":having source is better"...lets see the proof chief, because I can provide TONS of proof that having source means nothing more than....drumroll...you have the source! There is Shellshock (which just FYI attacked the most viewed piece of code on the planet which curb stomps the "many eyes" myth) and there is Heartbleed, and lets not forget that open source Linux has 4 times more vulnerabilites than close source Windows [betanews.com]. I've provided MY evidence...lets see something other than logic fallacies and moving the goalposts from you...but I bet you can't, because Linux is built on "is ought" fallacies and bullshit.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.