Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] issilentcircleopensourceyet.com

Ali-Reza Anghaie ali at packetknife.com
Tue Nov 6 11:27:04 PST 2012


OK - now we actually have a detail disagreement.

Please show me evidence of Silent Circle "malpractice"..

That's a big leap from disagreeing with a practice or declaring a best
practice as you see fit and negligence or even blatant disregard.

Context matters.

-Ali



On Tue, Nov 6, 2012 at 2:22 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> Ali,
> Of course I would publicize my complaints. That's how you get your voice
> heard. I repeat that my only concern here if Silent Circle shipping
> questionably secure software and going against the open sourcing of
> cryptography software. I don't care if it's, as you say "a bit of 'look at
> me!'", This is not my concern. My concern is for Silent Circle to stop its
> malpractice. When Bruce Schneier critiques software, it's not because he
> wants people to pay attention to him, it's because he wants the software to
> be fixed. I am trying to follow his example as much as I can here.
>
> Also, to answer your question: I have no problem with who funds or founds
> Silent Circle. This is not the source of my complaint.
>
>
> NK
>
>
>
> On Tue, Nov 6, 2012 at 2:16 PM, Ali-Reza Anghaie <ali at packetknife.com>wrote:
>
>> It's not just me who interprets it that way - the only reason I responded
>> was that after Nadim's first post I was approached by former colleagues who
>> are still in the DoD circles. They all wondered if these complaints, that
>> seemed awfully specific to ~one~ player in the industry, were born from
>> Anonymous or other political movements because of the Navy SEALs involved
>> in the founding.
>>
>> I explained I trusted people would judge Silent Circle more on actions
>> and the history of PZ and Jon Callas but hey, that's still my speculation..
>>
>> Nadim also posted this on his Twitter timeline - it's hardly a "without
>> publicity" move, and he quickly engaged CSoghoian too. It's not a stretch
>> to say it was a bit of "look at me!"..
>>
>> However, with all that said, it WOULD be a stretch to say that Nadim is
>> ~wrong~ in his eventual technocratic position here. I'm just arguing the
>> tactical value of it given the very wide problem sets we all have.
>>
>> -Ali
>>
>>
>>
>> On Tue, Nov 6, 2012 at 2:11 PM, Greg Norcie <greg at norcie.com> wrote:
>>
>>> Nadim,
>>>
>>> You are correct - the website (nor the whois) mention you. But your post
>>> on this mailing list does.
>>>
>>> You seem like a very intelligent guy - if you had intended this to be an
>>> anonymous critique, I doubt you'd have used your real name to post the
>>> link :)
>>> --
>>> Greg Norcie (greg at norcie.com)
>>> GPG key: 0x1B873635
>>>
>>> On 11/6/12 2:06 PM, Nadim Kobeissi wrote:
>>> > Greg,
>>> > The website does not mention me at all, it's purely meant as a
>>> complaint
>>> > against Silent Circle's policy. I've already written a lengthy post
>>> > regarding Silent Circle (http://log.nadim.cc/?p=89) and yet have
>>> > received no reply.
>>> >
>>> >
>>> > NK
>>> >
>>> >
>>> > On Tue, Nov 6, 2012 at 2:04 PM, Greg Norcie <greg at norcie.com
>>> > <mailto:greg at norcie.com>> wrote:
>>> >
>>> >     Nadim
>>> >
>>> >     I understand your position, but actions like this website won't
>>> help
>>> >     your cause.
>>> >
>>> >     Can you understand how actions like setting up this web site might
>>> be
>>> >     viewed as a way to call attention to oneself, rather than champion
>>> the
>>> >     (respectable) ideals of the open source movement?
>>> >     --
>>> >     Greg Norcie (greg at norcie.com <mailto:greg at norcie.com>)
>>> >     GPG key: 0x1B873635
>>> >
>>> >     On 11/6/12 1:53 PM, Nadim Kobeissi wrote:
>>> >     > Ali,
>>> >     > The issue is trust. Security software verifiability should not
>>> have to
>>> >     > depend on Silent Circle (or who they hire to audit, for example
>>> >     Veracode.)
>>> >     >
>>> >     >
>>> >     > NK
>>> >     >
>>> >     >
>>> >     > On Tue, Nov 6, 2012 at 1:51 PM, Ali-Reza Anghaie
>>> >     <ali at packetknife.com <mailto:ali at packetknife.com>
>>> >     > <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>>
>>> wrote:
>>> >     >
>>> >     >     Nobody would dispute that - that's not quite the same thing
>>> as
>>> >     FOSS
>>> >     >     default positions or some of the other criticisms.
>>> >     >
>>> >     >     For example, I'd contend a paid Veracode audit would in all
>>> >     >     likelihood be better than any typical FOSS audit. Had they
>>> >     done that
>>> >     >     (heck, they might have but I doubt it) and still announced
>>> the
>>> >     >     intent of opening the codebase - I wager that would not have
>>> >     stopped
>>> >     >     the criticism.
>>> >     >
>>> >     >     It appears to be a deep-seeded cultural divide more than any
>>> >     of the
>>> >     >     other factors combined.
>>> >     >
>>> >     >     -Al
>>> >     >
>>> >     >
>>> >     >
>>> >     >     On Tue, Nov 6, 2012 at 1:43 PM, Yosem Companys
>>> >     >     <companys at stanford.edu <mailto:companys at stanford.edu>
>>> >     <mailto:companys at stanford.edu <mailto:companys at stanford.edu>>>
>>> wrote:
>>> >     >
>>> >     >         Security audits are always important, especially when
>>> people's
>>> >     >         lives are at risk.
>>> >     >
>>> >     >         On Tue, Nov 6, 2012 at 10:37 AM, Nadim Kobeissi
>>> >     <nadim at nadim.cc
>>> >     >         <mailto:nadim at nadim.cc <mailto:nadim at nadim.cc>>> wrote:
>>> >     >
>>> >     >             Hi Ali,
>>> >     >             There is no "agenda," and there needn't be one if you
>>> >     are to
>>> >     >             critique security software. No need to be so
>>> aggressive.
>>> >     >             My qualms against Silent Circle are detailed
>>> >     >             here: http://log.nadim.cc/?p=89
>>> >     >
>>> >     >
>>> >     >             NK
>>> >     >
>>> >     >
>>> >     >
>>> >     >             On Tue, Nov 6, 2012 at 1:34 PM, Ali-Reza Anghaie
>>> >     >             <ali at packetknife.com <mailto:ali at packetknife.com>
>>> >     <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>> wrote:
>>> >     >
>>> >     >                 Seriously - what's your agenda?
>>> >     >
>>> >     >                 Where are the domains for the other tens of
>>> providers
>>> >     >                 who charge arms and legs based on closed
>>> protocols
>>> >     even?
>>> >     >
>>> >     >                 What's the nit with Silent Circle specifically?
>>> >     Because
>>> >     >                 they're accessible? Because it's easier to use?
>>> >     Because
>>> >     >                 the founders have good track records of standing
>>> up to
>>> >     >                 Government too?
>>> >     >
>>> >     >                 Being absolutist about everything isn't helping
>>> anyone
>>> >     >                 who ~needs~ it - it's a privilege of the "haves"
>>> >     that we
>>> >     >                 can have these conversations over and over again.
>>> >     >
>>> >     >                 Shouldn't we have taken the "fight" to carriers,
>>> Apple
>>> >     >                 iOS T&Cs, etc. harder and longer ago? And why do
>>> >     we keep
>>> >     >                 expecting private entities to fight our
>>> Government
>>> >     >                 battles for us? It's a losing proposition and
>>> >     increases
>>> >     >                 the costs-per-individual to untenable levels when
>>> >     we mix
>>> >     >                 absolutely all their enterprise with civil
>>> liberty
>>> >     issues.
>>> >     >
>>> >     >                 There has got to be a better way than this
>>> ridiculous
>>> >     >                 trolling and bickering. Someone? Anyone?
>>> >     >
>>> >     >                 Again, seriously, what's the agenda against
>>> Silent
>>> >     >                 Circle specifically?
>>> >     >
>>> >     >                 -Ali
>>> >     >
>>> >     >
>>> >     >
>>> >     >                 On Tue, Nov 6, 2012 at 1:20 PM, Nadim Kobeissi
>>> >     >                 <nadim at nadim.cc <mailto:nadim at nadim.cc
>>> >     <mailto:nadim at nadim.cc>>> wrote:
>>> >     >
>>> >     >                     http://issilentcircleopensourceyet.com/
>>> >     >
>>> >     >                     NK
>>> >     >
>>> >     >                     --
>>> >     >                     Unsubscribe, change to digest, or change
>>> password
>>> >     >                     at:
>>> >     >
>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >     >
>>> >     >
>>> >     >
>>> >     >                 --
>>> >     >                 Unsubscribe, change to digest, or change
>>> password at:
>>> >     >
>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >     >
>>> >     >
>>> >     >
>>> >     >             --
>>> >     >             Unsubscribe, change to digest, or change password at:
>>> >     >
>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >     >
>>> >     >
>>> >     >
>>> >     >         --
>>> >     >         Unsubscribe, change to digest, or change password at:
>>> >     >
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >     >
>>> >     >
>>> >     >
>>> >     >     --
>>> >     >     Unsubscribe, change to digest, or change password at:
>>> >     >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >     >
>>> >     >
>>> >     >
>>> >     >
>>> >     > --
>>> >     > Unsubscribe, change to digest, or change password at:
>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >     >
>>> >     --
>>> >     Unsubscribe, change to digest, or change password at:
>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> >
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121106/bfcec209/attachment.html>


More information about the liberationtech mailing list