Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] issilentcircleopensourceyet.com

Nadim Kobeissi nadim at nadim.cc
Tue Nov 6 11:28:36 PST 2012


I believe that releasing closed-source, unreviewed and centralized crypto
software and then marketing it as secure to be malpractice. That is simply
my point.


NK


On Tue, Nov 6, 2012 at 2:27 PM, Ali-Reza Anghaie <ali at packetknife.com>wrote:

> OK - now we actually have a detail disagreement.
>
> Please show me evidence of Silent Circle "malpractice"..
>
> That's a big leap from disagreeing with a practice or declaring a best
> practice as you see fit and negligence or even blatant disregard.
>
> Context matters.
>
> -Ali
>
>
>
> On Tue, Nov 6, 2012 at 2:22 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
>
>> Ali,
>> Of course I would publicize my complaints. That's how you get your voice
>> heard. I repeat that my only concern here if Silent Circle shipping
>> questionably secure software and going against the open sourcing of
>> cryptography software. I don't care if it's, as you say "a bit of 'look at
>> me!'", This is not my concern. My concern is for Silent Circle to stop its
>> malpractice. When Bruce Schneier critiques software, it's not because he
>> wants people to pay attention to him, it's because he wants the software to
>> be fixed. I am trying to follow his example as much as I can here.
>>
>> Also, to answer your question: I have no problem with who funds or founds
>> Silent Circle. This is not the source of my complaint.
>>
>>
>> NK
>>
>>
>>
>> On Tue, Nov 6, 2012 at 2:16 PM, Ali-Reza Anghaie <ali at packetknife.com>wrote:
>>
>>> It's not just me who interprets it that way - the only reason I
>>> responded was that after Nadim's first post I was approached by former
>>> colleagues who are still in the DoD circles. They all wondered if these
>>> complaints, that seemed awfully specific to ~one~ player in the industry,
>>> were born from Anonymous or other political movements because of the Navy
>>> SEALs involved in the founding.
>>>
>>> I explained I trusted people would judge Silent Circle more on actions
>>> and the history of PZ and Jon Callas but hey, that's still my speculation..
>>>
>>> Nadim also posted this on his Twitter timeline - it's hardly a "without
>>> publicity" move, and he quickly engaged CSoghoian too. It's not a stretch
>>> to say it was a bit of "look at me!"..
>>>
>>> However, with all that said, it WOULD be a stretch to say that Nadim is
>>> ~wrong~ in his eventual technocratic position here. I'm just arguing the
>>> tactical value of it given the very wide problem sets we all have.
>>>
>>> -Ali
>>>
>>>
>>>
>>> On Tue, Nov 6, 2012 at 2:11 PM, Greg Norcie <greg at norcie.com> wrote:
>>>
>>>> Nadim,
>>>>
>>>> You are correct - the website (nor the whois) mention you. But your post
>>>> on this mailing list does.
>>>>
>>>> You seem like a very intelligent guy - if you had intended this to be an
>>>> anonymous critique, I doubt you'd have used your real name to post the
>>>> link :)
>>>> --
>>>> Greg Norcie (greg at norcie.com)
>>>> GPG key: 0x1B873635
>>>>
>>>> On 11/6/12 2:06 PM, Nadim Kobeissi wrote:
>>>> > Greg,
>>>> > The website does not mention me at all, it's purely meant as a
>>>> complaint
>>>> > against Silent Circle's policy. I've already written a lengthy post
>>>> > regarding Silent Circle (http://log.nadim.cc/?p=89) and yet have
>>>> > received no reply.
>>>> >
>>>> >
>>>> > NK
>>>> >
>>>> >
>>>> > On Tue, Nov 6, 2012 at 2:04 PM, Greg Norcie <greg at norcie.com
>>>> > <mailto:greg at norcie.com>> wrote:
>>>> >
>>>> >     Nadim
>>>> >
>>>> >     I understand your position, but actions like this website won't
>>>> help
>>>> >     your cause.
>>>> >
>>>> >     Can you understand how actions like setting up this web site
>>>> might be
>>>> >     viewed as a way to call attention to oneself, rather than
>>>> champion the
>>>> >     (respectable) ideals of the open source movement?
>>>> >     --
>>>> >     Greg Norcie (greg at norcie.com <mailto:greg at norcie.com>)
>>>> >     GPG key: 0x1B873635
>>>> >
>>>> >     On 11/6/12 1:53 PM, Nadim Kobeissi wrote:
>>>> >     > Ali,
>>>> >     > The issue is trust. Security software verifiability should not
>>>> have to
>>>> >     > depend on Silent Circle (or who they hire to audit, for example
>>>> >     Veracode.)
>>>> >     >
>>>> >     >
>>>> >     > NK
>>>> >     >
>>>> >     >
>>>> >     > On Tue, Nov 6, 2012 at 1:51 PM, Ali-Reza Anghaie
>>>> >     <ali at packetknife.com <mailto:ali at packetknife.com>
>>>> >     > <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>>
>>>> wrote:
>>>> >     >
>>>> >     >     Nobody would dispute that - that's not quite the same thing
>>>> as
>>>> >     FOSS
>>>> >     >     default positions or some of the other criticisms.
>>>> >     >
>>>> >     >     For example, I'd contend a paid Veracode audit would in all
>>>> >     >     likelihood be better than any typical FOSS audit. Had they
>>>> >     done that
>>>> >     >     (heck, they might have but I doubt it) and still announced
>>>> the
>>>> >     >     intent of opening the codebase - I wager that would not have
>>>> >     stopped
>>>> >     >     the criticism.
>>>> >     >
>>>> >     >     It appears to be a deep-seeded cultural divide more than any
>>>> >     of the
>>>> >     >     other factors combined.
>>>> >     >
>>>> >     >     -Al
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >     On Tue, Nov 6, 2012 at 1:43 PM, Yosem Companys
>>>> >     >     <companys at stanford.edu <mailto:companys at stanford.edu>
>>>> >     <mailto:companys at stanford.edu <mailto:companys at stanford.edu>>>
>>>> wrote:
>>>> >     >
>>>> >     >         Security audits are always important, especially when
>>>> people's
>>>> >     >         lives are at risk.
>>>> >     >
>>>> >     >         On Tue, Nov 6, 2012 at 10:37 AM, Nadim Kobeissi
>>>> >     <nadim at nadim.cc
>>>> >     >         <mailto:nadim at nadim.cc <mailto:nadim at nadim.cc>>> wrote:
>>>> >     >
>>>> >     >             Hi Ali,
>>>> >     >             There is no "agenda," and there needn't be one if
>>>> you
>>>> >     are to
>>>> >     >             critique security software. No need to be so
>>>> aggressive.
>>>> >     >             My qualms against Silent Circle are detailed
>>>> >     >             here: http://log.nadim.cc/?p=89
>>>> >     >
>>>> >     >
>>>> >     >             NK
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >             On Tue, Nov 6, 2012 at 1:34 PM, Ali-Reza Anghaie
>>>> >     >             <ali at packetknife.com <mailto:ali at packetknife.com>
>>>> >     <mailto:ali at packetknife.com <mailto:ali at packetknife.com>>> wrote:
>>>> >     >
>>>> >     >                 Seriously - what's your agenda?
>>>> >     >
>>>> >     >                 Where are the domains for the other tens of
>>>> providers
>>>> >     >                 who charge arms and legs based on closed
>>>> protocols
>>>> >     even?
>>>> >     >
>>>> >     >                 What's the nit with Silent Circle specifically?
>>>> >     Because
>>>> >     >                 they're accessible? Because it's easier to use?
>>>> >     Because
>>>> >     >                 the founders have good track records of
>>>> standing up to
>>>> >     >                 Government too?
>>>> >     >
>>>> >     >                 Being absolutist about everything isn't helping
>>>> anyone
>>>> >     >                 who ~needs~ it - it's a privilege of the "haves"
>>>> >     that we
>>>> >     >                 can have these conversations over and over
>>>> again.
>>>> >     >
>>>> >     >                 Shouldn't we have taken the "fight" to
>>>> carriers, Apple
>>>> >     >                 iOS T&Cs, etc. harder and longer ago? And why do
>>>> >     we keep
>>>> >     >                 expecting private entities to fight our
>>>> Government
>>>> >     >                 battles for us? It's a losing proposition and
>>>> >     increases
>>>> >     >                 the costs-per-individual to untenable levels
>>>> when
>>>> >     we mix
>>>> >     >                 absolutely all their enterprise with civil
>>>> liberty
>>>> >     issues.
>>>> >     >
>>>> >     >                 There has got to be a better way than this
>>>> ridiculous
>>>> >     >                 trolling and bickering. Someone? Anyone?
>>>> >     >
>>>> >     >                 Again, seriously, what's the agenda against
>>>> Silent
>>>> >     >                 Circle specifically?
>>>> >     >
>>>> >     >                 -Ali
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >                 On Tue, Nov 6, 2012 at 1:20 PM, Nadim Kobeissi
>>>> >     >                 <nadim at nadim.cc <mailto:nadim at nadim.cc
>>>> >     <mailto:nadim at nadim.cc>>> wrote:
>>>> >     >
>>>> >     >                     http://issilentcircleopensourceyet.com/
>>>> >     >
>>>> >     >                     NK
>>>> >     >
>>>> >     >                     --
>>>> >     >                     Unsubscribe, change to digest, or change
>>>> password
>>>> >     >                     at:
>>>> >     >
>>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >                 --
>>>> >     >                 Unsubscribe, change to digest, or change
>>>> password at:
>>>> >     >
>>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >             --
>>>> >     >             Unsubscribe, change to digest, or change password
>>>> at:
>>>> >     >
>>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >         --
>>>> >     >         Unsubscribe, change to digest, or change password at:
>>>> >     >
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >     --
>>>> >     >     Unsubscribe, change to digest, or change password at:
>>>> >     >
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     > --
>>>> >     > Unsubscribe, change to digest, or change password at:
>>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >     >
>>>> >     --
>>>> >     Unsubscribe, change to digest, or change password at:
>>>> >     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>> >
>>>> --
>>>> Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>
>>>
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121106/e866e908/attachment.html>


More information about the liberationtech mailing list