[liberationtech] issilentcircleopensourceyet.com
Ali-Reza Anghaie
ali at packetknife.com
Tue Nov 6 11:27:04 PST 2012
OK - now we actually have a detail disagreement.
Please show me evidence of Silent Circle "malpractice"..
That's a big leap from disagreeing with a practice or declaring a best
practice as you see fit and negligence or even blatant disregard.
Context matters.
-Ali
On Tue, Nov 6, 2012 at 2:22 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> Ali,
> Of course I would publicize my complaints. That's how you get your voice
> heard. I repeat that my only concern here if Silent Circle shipping
> questionably secure software and going against the open sourcing of
> cryptography software. I don't care if it's, as you say "a bit of 'look at
> me!'", This is not my concern. My concern is for Silent Circle to stop its
> malpractice. When Bruce Schneier critiques software, it's not because he
> wants people to pay attention to him, it's because he wants the software to
> be fixed. I am trying to follow his example as much as I can here.
>
> Also, to answer your question: I have no problem with who funds or founds
> Silent Circle. This is not the source of my complaint.
>
>
> NK
>
>
>
> On Tue, Nov 6, 2012 at 2:16 PM, Ali-Reza Anghaie <ali at packetknife.com>wrote:
>
>> It's not just me who interprets it that way - the only reason I responded
>> was that after Nadim's first post I was approached by former colleagues who
>> are still in the DoD circles. They all wondered if these complaints, that
>> seemed awfully specific to ~one~ player in the industry, were born from
>> Anonymous or other political movements because of the Navy SEALs involved
>> in the founding.
>>
>> I explained I trusted people would judge Silent Circle more on actions
>> and the history of PZ and Jon Callas but hey, that's still my speculation..
>>
>> Nadim also posted this on his Twitter timeline - it's hardly a "without
>> publicity" move, and he quickly engaged CSoghoian too. It's not a stretch
>> to say it was a bit of "look at me!"..
>>
>> However, with all that said, it WOULD be a stretch to say that Nadim is
>> ~wrong~ in his eventual technocratic position here. I'm just arguing the
>> tactical value of it given the very wide problem sets we all have.
>>
>> -Ali
>>
>>
>>
>> On Tue, Nov 6, 2012 at 2:11 PM, Greg Norcie <greg at norcie.com> wrote:
>>
>>> Nadim,
>>>
>>> You are correct - the website (nor the whois) mention you. But your post
>>> on this mailing list does.
>>>
>>> You seem like a very intelligent guy - if you had intended this to be an
>>> anonymous critique, I doubt you'd have used your real name to post the
>>> link :)
>>> --
>>> Greg Norcie (greg at norcie.com)
>>> GPG key: 0x1B873635
>>>
>>> On 11/6/12 2:06 PM, Nadim Kobeissi wrote:
>>> > Greg,
>>> > The website does not mention me at all, it's purely meant as a
>>> complaint
>>> > against Silent Circle's policy. I've already written a lengthy post
>>> > regarding Silent Circle (http://log.nadim.cc/?p=89) and yet have
>>> > received no reply.
>>> >
>>> >
>>> > NK
>>> >
>>> >
>>> > On Tue, Nov 6, 2012 at 2:04 PM, Greg Norcie <greg at norcie.com
>>> > <mailto:greg at norcie.com>> wrote:
>>> >
>>> > Nadim
>>> >
>>> > I understand your position, but actions like this website won't
>>> help
>>> > your cause.
>>> >
>>> > Can you understand how actions like setting up this web site might
>>> be
>>> > viewed as a way to call attention to oneself, rather than champion
>>> the
>>> > (respectable) ideals of the open source movement?
>>> > --
>>> > Greg Norcie (greg at norcie.com <mailto:greg at norcie.com>)
>>> > GPG key: 0x1B873635
>>> >
>>> > On 11/6/12 1:53 PM, Nadim Kobeissi wrote:
>>> > > Ali,
>>> > > The issue is trust. Security software verifiability should not
>>> have to
>>> > > depend on Silent Circle (or who they hire to audit, for example
>>> > Veracode.)
>>> > >
>>> > >
>>> > > NK
>>> > >
>>> > >
>>> > > On Tue, Nov 6, 2012 at 1:51 PM, Ali-Reza Anghaie
>>> > <ali at packetknife.com <mailto:ali at packetknife.com>
>>> > > <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>>
>>> wrote:
>>> > >
>>> > > Nobody would dispute that - that's not quite the same thing
>>> as
>>> > FOSS
>>> > > default positions or some of the other criticisms.
>>> > >
>>> > > For example, I'd contend a paid Veracode audit would in all
>>> > > likelihood be better than any typical FOSS audit. Had they
>>> > done that
>>> > > (heck, they might have but I doubt it) and still announced
>>> the
>>> > > intent of opening the codebase - I wager that would not have
>>> > stopped
>>> > > the criticism.
>>> > >
>>> > > It appears to be a deep-seeded cultural divide more than any
>>> > of the
>>> > > other factors combined.
>>> > >
>>> > > -Al
>>> > >
>>> > >
>>> > >
>>> > > On Tue, Nov 6, 2012 at 1:43 PM, Yosem Companys
>>> > > <companys at stanford.edu <mailto:companys at stanford.edu>
>>> > <mailto:companys at stanford.edu <mailto:companys at stanford.edu>>>
>>> wrote:
>>> > >
>>> > > Security audits are always important, especially when
>>> people's
>>> > > lives are at risk.
>>> > >
>>> > > On Tue, Nov 6, 2012 at 10:37 AM, Nadim Kobeissi
>>> > <nadim at nadim.cc
>>> > > <mailto:nadim at nadim.cc <mailto:nadim at nadim.cc>>> wrote:
>>> > >
>>> > > Hi Ali,
>>> > > There is no "agenda," and there needn't be one if you
>>> > are to
>>> > > critique security software. No need to be so
>>> aggressive.
>>> > > My qualms against Silent Circle are detailed
>>> > > here: http://log.nadim.cc/?p=89
>>> > >
>>> > >
>>> > > NK
>>> > >
>>> > >
>>> > >
>>> > > On Tue, Nov 6, 2012 at 1:34 PM, Ali-Reza Anghaie
>>> > > <ali at packetknife.com <mailto:ali at packetknife.com>
>>> > <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>> wrote:
>>> > >
>>> > > Seriously - what's your agenda?
>>> > >
>>> > > Where are the domains for the other tens of
>>> providers
>>> > > who charge arms and legs based on closed
>>> protocols
>>> > even?
>>> > >
>>> > > What's the nit with Silent Circle specifically?
>>> > Because
>>> > > they're accessible? Because it's easier to use?
>>> > Because
>>> > > the founders have good track records of standing
>>> up to
>>> > > Government too?
>>> > >
>>> > > Being absolutist about everything isn't helping
>>> anyone
>>> > > who ~needs~ it - it's a privilege of the "haves"
>>> > that we
>>> > > can have these conversations over and over again.
>>> > >
>>> > > Shouldn't we have taken the "fight" to carriers,
>>> Apple
>>> > > iOS T&Cs, etc. harder and longer ago? And why do
>>> > we keep
>>> > > expecting private entities to fight our
>>> Government
>>> > > battles for us? It's a losing proposition and
>>> > increases
>>> > > the costs-per-individual to untenable levels when
>>> > we mix
>>> > > absolutely all their enterprise with civil
>>> liberty
>>> > issues.
>>> > >
>>> > > There has got to be a better way than this
>>> ridiculous
>>> > > trolling and bickering. Someone? Anyone?
>>> > >
>>> > > Again, seriously, what's the agenda against
>>> Silent
>>> > > Circle specifically?
>>> > >
>>> > > -Ali
>>> > >
>>> > >
>>> > >
>>> > > On Tue, Nov 6, 2012 at 1:20 PM, Nadim Kobeissi
>>> > > <nadim at nadim.cc <mailto:nadim at nadim.cc
>>> > <mailto:nadim at nadim.cc>>> wrote:
>>> > >
>>> > > http://issilentcircleopensourceyet.com/
>>> > >
>>> > > NK
>>> > >
>>> > > --
>>> > > Unsubscribe, change to digest, or change
>>> password
>>> > > at:
>>> > >
>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Unsubscribe, change to digest, or change
>>> password at:
>>> > >
>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Unsubscribe, change to digest, or change password at:
>>> > >
>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Unsubscribe, change to digest, or change password at:
>>> > >
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Unsubscribe, change to digest, or change password at:
>>> > > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Unsubscribe, change to digest, or change password at:
>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> > >
>>> > --
>>> > Unsubscribe, change to digest, or change password at:
>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121106/bfcec209/attachment.html>
More information about the liberationtech
mailing list