posted by
CoolHand
on Saturday April 25 2015, @04:16PM
from the we-can-trust-the-gubmint-for-encryption-and-security dept.
from the we-can-trust-the-gubmint-for-encryption-and-security dept.
A study by European IT security experts suggests that the EU should also fund or participate in the development of open source software to ensure end-to-end encryption solutions. Using open source is not a universal remedy, they state, but it is an “important ingredient in an EU strategy for more security and technological independence.” The experts say support for open source will increase the EU’s technological independence.
A second study for this committee meeting argues that the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance.
https://joinup.ec.europa.eu/community/osor/news/ep-study-%E2%80%9Ceu-should-finance-key-open-source-tools%E2%80%9D
This discussion has been archived.
No new comments can be posted.
The EU Should Finance Key Open Source Tools
|
Log In/Create an Account
| Top
| 27 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 3, Interesting) by BsAtHome on Saturday April 25 2015, @05:46PM
If the member countries could agree to close some of the loopholes in the tax system(s), lets say by 10^9 Euro, and channel that to FLOSS, then you could fund many, many projects.
The real problem is deciding who is worthy of receiving funds and how that is done. Standard EU bureaucratic methods and services would be quite out of alignment with the projects they would support.
(Score: 3, Insightful) by Anonymous Coward on Saturday April 25 2015, @06:02PM
Europe, being able to see past their own nose is heading in the right direction. I, for one, would welcome even a closed-source European (mainland Europe, excluding U.K) alternative to American back-doored, front-doored, closed -or- (pwned) open source software.
I would also appreciate open-source modern processor architectures (hardware) that are not back-doored at the hardware level to let the government in.
(Score: 3, Insightful) by frojack on Saturday April 25 2015, @07:20PM
The real problem is deciding who is worthy of receiving funds
That is a problem, to be sure.
But a far bigger problem is the crazy notion that government should be trusted to protect the people from the government.
You can not remove the tendency of those in power to attempt to acquire more power. Its pretty much human nature to do so.
Therefore, entrusting the funding of opensource to the government is just another form of embrace, extend, and extinguish, in the hands of a far more powerful group, with far more sinister goals.
The best you can hope for is creating a structure to incentiveze end-users to fund open source, and to allocate the
funding to various projects.
Neither of these tasks should be in the hands of the government. Any Government. The best you can hope for is a tax write-off for such contributions. But then who gets the money?
Most end users don't have the knowledge to properly decide which projects should get how much money. But then, neither do the governments (and government's opinion should immediately be considered suspect). How many of us knew there was serious problems in encryption libraries? How many governments knew?
There exists no suitable body to make these allocations today. Maybe FSF comes closest, but will they fund OpenBSD as well as encryption projects? Or will they just become captured by Sievers and Poettering backed by Red Hat lobying?
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by Anonymous Coward on Saturday April 25 2015, @07:58PM
ISTM you're extrapolating the failures of the USA's broken-by-design power-hoarding governmental design across every nation.
The parliamentary systems across northern Europe seem to be doing a significantly better job at pretty much everything.
Investing money into your own economy by using local talent to produce the things that gov't needs seems like a no-brainer.
(Keynes' Multiplier Effect)
Exporting cash to get a product that features padlocks to which you don't hold the keys couldn't be farther from my idea of right.
The perfect is the enemy of the good.
Let's get headed in the right direction and see where that takes us.
Reevaluate as necessary.
-- gewg_
(Score: 2, Flamebait) by frojack on Saturday April 25 2015, @08:16PM
ISTM you're extrapolating the failures of the USA's broken-by-design power-hoarding governmental design across every nation.
The parliamentary systems across northern Europe seem to be doing a significantly better job at pretty much everything.
-- gewg_
Seriously? You are going to start with your "The grass is always greener anywhere but the US" argument?
Did you forget that the Parliamentary systems of Germany an the UK and France have more intrusive and invasive spying systems in place than the US?
Did you fail to notice there are as many states contemplating exiting the EU as joining it? Or that its member states live every day in violation of their own charter of human rights?
My post above was deliberately non-nationalistic in nature. And you pile on with your Hate America crap!
No, you are mistaken. I've always had this sig.
(Score: 1, Insightful) by Anonymous Coward on Saturday April 25 2015, @10:23PM
Wait. You're saying there's something worse than "Collect it all"??
Now it's you who is doing the placard hoisting^W^W flag waving.
My post above was deliberately non-nationalistic
...if one ignores the countries that are ALREADY making sure that open standards and open source software work for their people.
The Netherlands and India have, for example, recently made headlines.
Years ago, Norway made the news.
your Hate America crap
I don't hate America.
There's some pretty great stuff that goes on here.
I can't, however, stand the USA Gov't with its thin veneer that allows it to pretend it's a democracy.
...as well as the way a tiny cadre of rich white males purposely set it up so that it would be incredibly difficult to change that.
Someone was just mentioning the NIH nature of RedHat in another set of comments.
It applies in spades to USA.
The results they get in northern Europe with parliamentary systems seem to be significantly better for Joe Average there than what we get here.
Gratis education and universal heathcare for starters and reasonable worker rights to continue.
So, what exactly is wrong with me pointing out examples of folks doing it better?
Sometimes those examples are the USA doing it right--in the distant past.
-- gewg_
(Score: 2) by maxwell demon on Saturday April 25 2015, @08:12PM
Even if that initialtive would result in backdoored Open Source code, the only alternative we currently have is backdoored proprietary code. In backdoored Open Source, we have a better chance to eventually find the backdoors, and a much better chance to get them fixed after they are found.
So backdoored Open Source is still better than backdoored proprietary.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by frojack on Saturday April 25 2015, @09:38PM
Perhaps you are right.
But all those eyes failed on the Elliptical Curve [cryptographyengineering.com] random number generator fiasco.
Just as likely, it will be illegal to change the government approved back-doors, and every distro will be obligated to propagate them, and removal instructions will become illegal to publish. Look at the lengths governments have gone to to shut down TPB and Wikileaks.
Governments will always put government priorities ahead of yours, and with government money comes government regulations.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by maxwell demon on Sunday April 26 2015, @07:14AM
Ultimately it was found. It probably wouldn't have been found if the algorithm hadn't been publicly documented. And with Open Source, you now can check that it indeed doesn't use elliptical curves. With proprietary code you have to trust the vendor's claim that it doesn't.
With Open Source, you'd have to be very explicit about that requirement. And being explicit about that requirement would probably be political suicide.
With proprietary software, all you'll have to do is to make decompiling/changing a crime (with copyright and malware as an excuse). No problem to sell that to the general public.
With TPB and Wikileaks it was a well-defined target. With Open Source, they'd have to target everyone.
But the most important goal of every government is to continue being the government. In a democracy, this means to at least pay lip service to the wishes of the public. And in the field of backdoors, Open Source makes it much harder to pay lip service while doing the opposite.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2, Informative) by Hairyfeet on Saturday April 25 2015, @10:49PM
Sigh...that is why the world had to spend billions on the BASHing that was Shellshock and Heartbleed. The problem is too many pieces of critical FOSS has been ignored under the "many eyes myth" which is a classic "is/ought" fallacy in that everybody assumes because the code IS out there somebody with the years of experience in low level coding and penetration testing OUGHT to have gone through the code...heartbleed and Shellshock put a stake in that particular lie.
Bad FOSS code isn't magically better than good proprietary because somebody, somewhere, sometime, which you have ZERO proof of, MIGHT have looked at the code. You can decompile pretty much any code and Wireshark will show you quickly enough if that program is connecting to places you don't want it to. But if you think merely having the code will magically make it automatically audited on every release by people with the skills to do so? Bash is the most used piece of FOSS on the entire planet by far...and it still get pwned.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by maxwell demon on Sunday April 26 2015, @07:20AM
What part of "better chance" did you not understand?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hairyfeet on Sunday April 26 2015, @10:13PM
Again you are simply using an "is ought" fallacy because you have absolutely ZERO PROOF that anybody other than the ones who wrote it have looked at it...none, zero, zipola, nada. You are saying because the code IS there it OUGHT to have been audited...perhaps Wikipedia [wikipedia.org] can help you understand why your argument makes as much sense as "because there IS books on vampires there OUGHT to be real vampires"...with "is ought" fallacies you take a single fact (there is source code) and jump to a conclusion with zero evidence to support it (it OUGHT to have gone through an extensive code audit) with no basis in fact....NOW do you understand friend?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by maxwell demon on Monday April 27 2015, @06:26PM
Could you please show me where I do claim that? Because I cannot find it.
OTOH, you seem to imply that closed source code is always audited (and moreover, that it is always audited to not have a backdoor).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hairyfeet on Monday April 27 2015, @07:40PM
And then you go for the classic and you are lynching negroes [wikipedia.org] which is a tu quoque argument used to attempt tp change the subject, which was NOT about closed source software but about how having source does NOT in ANY way, shape, or form, provide you with ANY increased security, it just provides you with source. To claim otherwise is to claim an "is ought" with zero basis in proof nor evidence.
Anymore fallacies or logic hoops you care to jump through chief?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 1, Offtopic) by maxwell demon on Monday April 27 2015, @08:35PM
I see, you are not able to answer my question. Not that I had expected that you are. EOD
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hairyfeet on Tuesday April 28 2015, @09:33PM
I don't follow games of moving the goalposts, nor will I jump for logic fallacies, especially when you provide ZERO proof or ZERO evidence to back up your cloaim. You say ":having source is better"...lets see the proof chief, because I can provide TONS of proof that having source means nothing more than....drumroll...you have the source! There is Shellshock (which just FYI attacked the most viewed piece of code on the planet which curb stomps the "many eyes" myth) and there is Heartbleed, and lets not forget that open source Linux has 4 times more vulnerabilites than close source Windows [betanews.com]. I've provided MY evidence...lets see something other than logic fallacies and moving the goalposts from you...but I bet you can't, because Linux is built on "is ought" fallacies and bullshit.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 4, Insightful) by Adamsjas on Saturday April 25 2015, @07:34PM
Quote BsAtHome: "If the member countries could agree to close some of the loopholes in the tax system(s)"
The quickest way to doom any good suggestion is to make it contingent upon changes in government.
You have to work around, under, over or through entrenched institutions. They won't change for you.
If you wait for that, you've abandoned all hope.
(Score: 2) by frojack on Saturday April 25 2015, @11:10PM
The quickest way to doom any good suggestion is to make it contingent upon changes in government.
Have to agree with that.
There are so many here that glibly assume into existence entire infrastructures or capabilities when faced with any problem, or as a way of achieving their personal nirvana. None take into account the blood and treasure that would need to be spent to achieve their oh so naive new governments.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by aristarchus on Saturday April 25 2015, @11:41PM
You are making me depressed, frojack! Now I see why Reagan went on to prove that government is the problem. I guess there is no way that a people could ever come together to solve problems in common for the benefit of all, so it is just better to leave ourselves to the tender mercies of reliable self-interested for-profit private corporations. They, at least, do not pretend to be here to help! And the rest of us are just solitary, poore, nasty, brutish and short.
(Score: 2, Disagree) by frojack on Sunday April 26 2015, @03:27AM
Open source has mostly been avoided by for-profit corporations. It should probably stay that way, don't you think?
No, you are mistaken. I've always had this sig.
(Score: 2) by aristarchus on Sunday April 26 2015, @04:34AM
Agreed. Your point?
(Score: 3, Insightful) by TheRaven on Sunday April 26 2015, @06:04PM
Open source has mostly been avoided by for-profit corporations
Huh? I guess you missed the few billions that were invested in open source development last year, or the massive companies that have built their businesses on open source software.
It should probably stay that way, don't you think?
No, I quite like being paid thanks.
sudo mod me up
(Score: 2) by frojack on Monday April 27 2015, @05:58PM
Open source has mostly been avoided by for-profit corporations
Huh? I guess you missed the few billions that were invested in open source development last year, or the massive companies that have built their businesses on open source software.
Actually, I said that badly...
What I meant to say is that Big corporations use open source, because its free, and more trustworthy than Windows.
But other than a small-ish number of companies that actually have it as their CORE business to develop opensource software, (Red Hat, Canonical, etc), most companies do very little to support opensource.
Some, it is true, might employ a developer or two, and not assign them any major tasks, allowing them time to work on Linux. (Hell, even Microsoft does that). But it is seldom a big budget item.
Oracle does some things. But look at how OpenOffice, and MySQL worked out for them, and how poorly they handled both.
Red Hat force fed us Systemd, and pretty much abandoned their free Linux.
IBM contributes code to several projects, give them credit for that.
Novell fell on their sword of OpenSuse, and it pretty much killed them as a company.
Apple takes opensource private (BSD), and only started contributing back when browbeaten into it, (Kongueror), while killing off feature of purchased OS projects other than what they need (CUPS).
But most companies don't do much for Opensource, other than use it for free.
No, you are mistaken. I've always had this sig.
(Score: 2) by TheRaven on Tuesday April 28 2015, @01:03PM
But other than a small-ish number of companies that actually have it as their CORE business to develop opensource software, (Red Hat, Canonical, etc), most companies do very little to support opensource
That's not true, in my experience. A lot of the consulting work I've done has been working for relatively small companies for whom open source is not part of their core business (often mostly proprietary shops) who want to have some extra feature added to an open source project. Upstreaming is usually part of the contract, because they don't want to maintain a private fork.
Apple takes opensource private (BSD), and only started contributing back when browbeaten into it,
As a FreeBSD and LLVM developer, I'd say that's a fairly gross mischaracterisation of Apple's interactions with open source. They'll happily engage with existing communities and release code (they've even changed licenses of things on request for us in the past and offered to do so again).
sudo mod me up
(Score: 2, Interesting) by AnonTechie on Sunday April 26 2015, @08:15AM
The government solution to a problem is usually as bad as the problem. - Milton Friedman
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 3, Insightful) by maxwell demon on Sunday April 26 2015, @11:51AM
1) That Milton Friedman said it doesn't prove it right.
2) The sentence as quoted says "usually", thus even Milton Friedman accepted that sometimes the government solution is an improvement.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by fritsd on Sunday April 26 2015, @12:24PM
That's why the Dutch government decided to accept the new metric system that its enemy, the French revolutionary government, had devised, in 1820.
The government rammed through this newfangled metrification idea, whereas everyone was used to weighing their cheeses with the Dutch pound (~ 480 g) or the Amsterdam pound (494 g) or the Flemish pound (~ 433 g) or the Gentish pound (430 g) or the Gorkumish pound (466 g) or the Utrecht pound (497 g) or several others depending on city or region or fraudulence of the cheesemongers.