Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The great open-source balancing act

Griffin Boyce griffin at cryptolab.net
Sun Sep 1 12:06:21 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Douglas Lucas wrote:
> Periodic reminder that despite promises and people's positive emotional
> investments in Phil Zimmerman, Silent Circle is still not open source.
>
> We need an IsHemlisOpenSourceYet.com

  I think that this is the most difficult balancing act that anyone has
as a developer.  If you offer open-source software, the very act of
being more transparent directly impacts your bottom line. And not every
side-effect is a positive one.

  So from a business perspective, I can respect that both Silent Circle
and Hemlis have made the decision not to offer their full source.  But I
am also in a position to choose -- I choose not to support Silent Circle
-or- Hemlis and to openly caution people about the risks of using
closed-source communication software.  There's too much opportunity to
fail quietly (silently, even), either through bad code or outside
pressure or various legal quandries or greed.  Too many times people
have put their faith into something that is closed-source and
for-profit, only to have unforeseen security problems crop up later.

  But it's a balancing act - perhaps particularly if you're a service. 
If you open-source all of your code, someone could create a competing
service.  If a company is transparent about receiving a subpoena for
customer data, they run the risk of users leaving.  It's easy to say "no
big deal" when it's not your rent money.  But on balance, I would much
rather support organizations who are willing to take that risk and put
faith in their users.  Silent Circle is clearly not willing to give a
potential user like me the benefit of the doubt.  So while I like the
idea of us all using cypherpunk walkie-talkies, I'd rather code my own
solution than give my money and my voice to Silent Circle.  Again, it
has nothing to do with them as people, and everything to do with their
business practices.

  I don't come at this discussion lightly.  I use closed-source software
every day.  I've built stuff that uses Twilio, which is a closed-source
communications API.  Other people feel differently about this topic and
that is Okay.

~Griffin

- -- 
"Cypherpunks write code not flame wars." --Jurre van Bergen
#REDACTED / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de

My posts are my own, not my employers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJSI5ArAAoJEOMx/SmueSyX7AcP/i4bLALt4TsUF9Z/qgPiCcMl
Ub6auMYa3wTO5aiuwD9613PtQ8iLZF/OHq/3ldAYUlKdqrwTEMPgqNoLBzl+6Xjo
17gmBtjC0aH4faZAbq62O7dxKu1kjCM9DTtUQ8tA192b10Kph5t1Q/lPvsHDT6sz
u4hRMCxxk3MdZTZdb53yWgrZVlp805ZRVZ3I20YmdakIiL4fr4lA7s3xk4gNpmmu
5FvBi41tDaIxEwtKuSN1KnrlM0PhlYVAsm4gHp+E/N5sYrVrF6K6kxKtvJNmkr6T
l8UlBgf+rTrJVK4C62enCix92BnbD8MwR9e+yvaJy0O8WPM9RJPjw/NRj+6K+mzD
/+7LpYGaGJ5IJB/tmkrBaguJMux5MF4Yq1/aZKtmtuZc/GeYjPgzQhTp2px38zin
JQfiEDIqltSo4ot67B0Kj2quCMwdRB2EpE54M8okrY7sD7MKvkAtL6s11I/an6bL
Jz/eHpp/VRx4RmA6gWZi+UvJ+QjFqgnpoDb7WWJYaBSlfeIEkqHlzuReKfQSteOQ
iN4hE1lxBxcKrU/mgnRdC/WTrdZfuKDgBhnRguVaez0SYEVJjQ/rWR7R830JKbmo
OD/kiDrO48yYJdQEr/s4VSNTtA2gBYPbx5r6+CMc8jFTr9jcWW5ZhvsPQEPB8r+R
jZ1iaJGgFXxo83IWmJ7G
=oQzE
-----END PGP SIGNATURE-----




More information about the liberationtech mailing list