[liberationtech] issilentcircleopensourceyet.com
Nadim Kobeissi
nadim at nadim.cc
Tue Nov 6 11:28:36 PST 2012
I believe that releasing closed-source, unreviewed and centralized crypto
software and then marketing it as secure to be malpractice. That is simply
my point.
NK
On Tue, Nov 6, 2012 at 2:27 PM, Ali-Reza Anghaie <ali at packetknife.com>wrote:
> OK - now we actually have a detail disagreement.
>
> Please show me evidence of Silent Circle "malpractice"..
>
> That's a big leap from disagreeing with a practice or declaring a best
> practice as you see fit and negligence or even blatant disregard.
>
> Context matters.
>
> -Ali
>
>
>
> On Tue, Nov 6, 2012 at 2:22 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
>
>> Ali,
>> Of course I would publicize my complaints. That's how you get your voice
>> heard. I repeat that my only concern here if Silent Circle shipping
>> questionably secure software and going against the open sourcing of
>> cryptography software. I don't care if it's, as you say "a bit of 'look at
>> me!'", This is not my concern. My concern is for Silent Circle to stop its
>> malpractice. When Bruce Schneier critiques software, it's not because he
>> wants people to pay attention to him, it's because he wants the software to
>> be fixed. I am trying to follow his example as much as I can here.
>>
>> Also, to answer your question: I have no problem with who funds or founds
>> Silent Circle. This is not the source of my complaint.
>>
>>
>> NK
>>
>>
>>
>> On Tue, Nov 6, 2012 at 2:16 PM, Ali-Reza Anghaie <ali at packetknife.com>wrote:
>>
>>> It's not just me who interprets it that way - the only reason I
>>> responded was that after Nadim's first post I was approached by former
>>> colleagues who are still in the DoD circles. They all wondered if these
>>> complaints, that seemed awfully specific to ~one~ player in the industry,
>>> were born from Anonymous or other political movements because of the Navy
>>> SEALs involved in the founding.
>>>
>>> I explained I trusted people would judge Silent Circle more on actions
>>> and the history of PZ and Jon Callas but hey, that's still my speculation..
>>>
>>> Nadim also posted this on his Twitter timeline - it's hardly a "without
>>> publicity" move, and he quickly engaged CSoghoian too. It's not a stretch
>>> to say it was a bit of "look at me!"..
>>>
>>> However, with all that said, it WOULD be a stretch to say that Nadim is
>>> ~wrong~ in his eventual technocratic position here. I'm just arguing the
>>> tactical value of it given the very wide problem sets we all have.
>>>
>>> -Ali
>>>
>>>
>>>
>>> On Tue, Nov 6, 2012 at 2:11 PM, Greg Norcie <greg at norcie.com> wrote:
>>>
>>>> Nadim,
>>>>
>>>> You are correct - the website (nor the whois) mention you. But your post
>>>> on this mailing list does.
>>>>
>>>> You seem like a very intelligent guy - if you had intended this to be an
>>>> anonymous critique, I doubt you'd have used your real name to post the
>>>> link :)
>>>> --
>>>> Greg Norcie (greg at norcie.com)
>>>> GPG key: 0x1B873635
>>>>
>>>> On 11/6/12 2:06 PM, Nadim Kobeissi wrote:
>>>> > Greg,
>>>> > The website does not mention me at all, it's purely meant as a
>>>> complaint
>>>> > against Silent Circle's policy. I've already written a lengthy post
>>>> > regarding Silent Circle (http://log.nadim.cc/?p=89) and yet have
>>>> > received no reply.
>>>> >
>>>> >
>>>> > NK
>>>> >
>>>> >
>>>> > On Tue, Nov 6, 2012 at 2:04 PM, Greg Norcie <greg at norcie.com
>>>> > <mailto:greg at norcie.com>> wrote:
>>>> >
>>>> > Nadim
>>>> >
>>>> > I understand your position, but actions like this website won't
>>>> help
>>>> > your cause.
>>>> >
>>>> > Can you understand how actions like setting up this web site
>>>> might be
>>>> > viewed as a way to call attention to oneself, rather than
>>>> champion the
>>>> > (respectable) ideals of the open source movement?
>>>> > --
>>>> > Greg Norcie (greg at norcie.com <mailto:greg at norcie.com>)
>>>> > GPG key: 0x1B873635
>>>> >
>>>> > On 11/6/12 1:53 PM, Nadim Kobeissi wrote:
>>>> > > Ali,
>>>> > > The issue is trust. Security software verifiability should not
>>>> have to
>>>> > > depend on Silent Circle (or who they hire to audit, for example
>>>> > Veracode.)
>>>> > >
>>>> > >
>>>> > > NK
>>>> > >
>>>> > >
>>>> > > On Tue, Nov 6, 2012 at 1:51 PM, Ali-Reza Anghaie
>>>> > <ali at packetknife.com <mailto:ali at packetknife.com>
>>>> > > <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>>
>>>> wrote:
>>>> > >
>>>> > > Nobody would dispute that - that's not quite the same thing
>>>> as
>>>> > FOSS
>>>> > > default positions or some of the other criticisms.
>>>> > >
>>>> > > For example, I'd contend a paid Veracode audit would in all
>>>> > > likelihood be better than any typical FOSS audit. Had they
>>>> > done that
>>>> > > (heck, they might have but I doubt it) and still announced
>>>> the
>>>> > > intent of opening the codebase - I wager that would not have
>>>> > stopped
>>>> > > the criticism.
>>>> > >
>>>> > > It appears to be a deep-seeded cultural divide more than any
>>>> > of the
>>>> > > other factors combined.
>>>> > >
>>>> > > -Al
>>>> > >
>>>> > >
>>>> > >
>>>> > > On Tue, Nov 6, 2012 at 1:43 PM, Yosem Companys
>>>> > > <companys at stanford.edu <mailto:companys at stanford.edu>
>>>> > <mailto:companys at stanford.edu <mailto:companys at stanford.edu>>>
>>>> wrote:
>>>> > >
>>>> > > Security audits are always important, especially when
>>>> people's
>>>> > > lives are at risk.
>>>> > >
>>>> > > On Tue, Nov 6, 2012 at 10:37 AM, Nadim Kobeissi
>>>> > <nadim at nadim.cc
>>>> > > <mailto:nadim at nadim.cc <mailto:nadim at nadim.cc>>> wrote:
>>>> > >
>>>> > > Hi Ali,
>>>> > > There is no "agenda," and there needn't be one if
>>>> you
>>>> > are to
>>>> > > critique security software. No need to be so
>>>> aggressive.
>>>> > > My qualms against Silent Circle are detailed
>>>> > > here: http://log.nadim.cc/?p=89
>>>> > >
>>>> > >
>>>> > > NK
>>>> > >
>>>> > >
>>>> > >
>>>> > > On Tue, Nov 6, 2012 at 1:34 PM, Ali-Reza Anghaie
>>>> > > <ali at packetknife.com <mailto:ali at packetknife.com>
>>>> > <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>> wrote:
>>>> > >
>>>> > > Seriously - what's your agenda?
>>>> > >
>>>> > > Where are the domains for the other tens of
>>>> providers
>>>> > > who charge arms and legs based on closed
>>>> protocols
>>>> > even?
>>>> > >
>>>> > > What's the nit with Silent Circle specifically?
>>>> > Because
>>>> > > they're accessible? Because it's easier to use?
>>>> > Because
>>>> > > the founders have good track records of
>>>> standing up to
>>>> > > Government too?
>>>> > >
>>>> > > Being absolutist about everything isn't helping
>>>> anyone
>>>> > > who ~needs~ it - it's a privilege of the "haves"
>>>> > that we
>>>> > > can have these conversations over and over
>>>> again.
>>>> > >
>>>> > > Shouldn't we have taken the "fight" to
>>>> carriers, Apple
>>>> > > iOS T&Cs, etc. harder and longer ago? And why do
>>>> > we keep
>>>> > > expecting private entities to fight our
>>>> Government
>>>> > > battles for us? It's a losing proposition and
>>>> > increases
>>>> > > the costs-per-individual to untenable levels
>>>> when
>>>> > we mix
>>>> > > absolutely all their enterprise with civil
>>>> liberty
>>>> > issues.
>>>> > >
>>>> > > There has got to be a better way than this
>>>> ridiculous
>>>> > > trolling and bickering. Someone? Anyone?
>>>> > >
>>>> > > Again, seriously, what's the agenda against
>>>> Silent
>>>> > > Circle specifically?
>>>> > >
>>>> > > -Ali
>>>> > >
>>>> > >
>>>> > >
>>>> > > On Tue, Nov 6, 2012 at 1:20 PM, Nadim Kobeissi
>>>> > > <nadim at nadim.cc <mailto:nadim at nadim.cc
>>>> > <mailto:nadim at nadim.cc>>> wrote:
>>>> > >
>>>> > > http://issilentcircleopensourceyet.com/
>>>> > >
>>>> > > NK
>>>> > >
>>>> > > --
>>>> > > Unsubscribe, change to digest, or change
>>>> password
>>>> > > at:
>>>> > >
>>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> > >
>>>> > >
>>>> > >
>>>> > > --
>>>> > > Unsubscribe, change to digest, or change
>>>> password at:
>>>> > >
>>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> > >
>>>> > >
>>>> > >
>>>> > > --
>>>> > > Unsubscribe, change to digest, or change password
>>>> at:
>>>> > >
>>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> > >
>>>> > >
>>>> > >
>>>> > > --
>>>> > > Unsubscribe, change to digest, or change password at:
>>>> > >
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> > >
>>>> > >
>>>> > >
>>>> > > --
>>>> > > Unsubscribe, change to digest, or change password at:
>>>> > >
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> > >
>>>> > >
>>>> > >
>>>> > >
>>>> > > --
>>>> > > Unsubscribe, change to digest, or change password at:
>>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> > >
>>>> > --
>>>> > Unsubscribe, change to digest, or change password at:
>>>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >
>>>> --
>>>> Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>
>>>
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121106/e866e908/attachment.html>
More information about the liberationtech
mailing list