Sat Jul 13 04:08:36 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2013-07-01

HANGOUT

2024-07-13 | 2024-06-13 | 2024-05-13 | 2024-04-13 | 2024-03-13 | 2024-02-13 | 2024-01-13 | 2023-12-13 | 2023-11-13 | 2023-10-13 | 2023-09-13 | 2023-08-13 | 2023-07-13 | 2023-06-13 | 2023-05-13 | 2023-04-13 | 2023-03-13 | 2023-02-13 | 2023-01-13 | 2022-12-13 | 2022-11-13 | 2022-10-13 | 2022-09-13 | 2022-08-13 | 2022-07-13 | 2022-06-13 | 2022-05-13 | 2022-04-13 | 2022-03-13 | 2022-02-13 | 2022-01-13 | 2021-12-13 | 2021-11-13 | 2021-10-13 | 2021-09-13 | 2021-08-13 | 2021-07-13 | 2021-06-13 | 2021-05-13 | 2021-04-13 | 2021-03-13 | 2021-02-13 | 2021-01-13 | 2020-12-13 | 2020-11-13 | 2020-10-13 | 2020-09-13 | 2020-08-13 | 2020-07-13 | 2020-06-13 | 2020-05-13 | 2020-04-13 | 2020-03-13 | 2020-02-13 | 2020-01-13 | 2019-12-13 | 2019-11-13 | 2019-10-13 | 2019-09-13 | 2019-08-13 | 2019-07-13 | 2019-06-13 | 2019-05-13 | 2019-04-13 | 2019-03-13 | 2019-02-13 | 2019-01-13 | 2018-12-13 | 2018-11-13 | 2018-10-13 | 2018-09-13 | 2018-08-13 | 2018-07-13 | 2018-06-13 | 2018-05-13 | 2018-04-13 | 2018-03-13 | 2018-02-13 | 2018-01-13 | 2017-12-13 | 2017-11-13 | 2017-10-13 | 2017-09-13 | 2017-08-13 | 2017-07-13 | 2017-06-13 | 2017-05-13 | 2017-04-13 | 2017-03-13 | 2017-02-13 | 2017-01-13 | 2016-12-13 | 2016-11-13 | 2016-10-13 | 2016-09-13 | 2016-08-13 | 2016-07-13 | 2016-06-13 | 2016-05-13 | 2016-04-13 | 2016-03-13 | 2016-02-13 | 2016-01-13 | 2015-12-13 | 2015-11-13 | 2015-10-13 | 2015-09-13 | 2015-08-13 | 2015-07-13 | 2015-06-13 | 2015-05-13 | 2015-04-13 | 2015-03-13 | 2015-02-13 | 2015-01-13 | 2014-12-13 | 2014-11-13 | 2014-10-13 | 2014-09-13 | 2014-08-13 | 2014-07-13 | 2014-06-13 | 2014-05-13 | 2014-04-13 | 2014-03-13 | 2014-02-13 | 2014-01-13 | 2013-12-13 | 2013-11-13 | 2013-10-13 | 2013-09-13 | 2013-08-13 | 2013-07-13 | 2013-06-13 | 2013-05-13 | 2013-04-13 | 2013-03-13 | 2013-02-13 | 2013-01-13 | 2012-12-13 | 2012-11-13 | 2012-10-13 | 2012-09-13 | 2012-08-13 | 2012-07-13 | 2012-06-13 | 2012-05-13 | 2012-04-13 | 2012-03-13 | 2012-02-13 | 2012-01-13 | 2011-12-13 | 2011-11-13 | 2011-10-13 | 2011-09-13 | 2011-08-13 | 2011-07-13 | 2011-06-13 | 2011-05-13 | 2011-04-13 | 2011-03-13 | 2011-02-13 | 2011-01-13 | 2010-12-13 | 2010-11-13 | 2010-10-13 | 2010-09-13 | 2010-08-13 | 2010-07-13 | 2010-06-13 | 2010-05-13 | 2010-04-13 | 2010-03-13 | 2010-02-13 | 2010-01-13 | 2009-12-13 | 2009-11-13 | 2009-10-13 | 2009-09-13 | 2009-08-13 | 2009-07-13 | 2009-06-13 | 2009-05-13 | 2009-04-13 | 2009-03-13 | 2009-02-13 | 2009-01-13 | 2008-12-13 | 2008-11-13 | 2008-10-13 | 2008-09-13 | 2008-08-13 | 2008-07-13 | 2008-06-13 | 2008-05-13 | 2008-04-13 | 2008-03-13 | 2008-02-13 | 2008-01-13 | 2007-12-13 | 2007-11-13 | 2007-10-13 | 2007-09-13 | 2007-08-13 | 2007-07-13 | 2007-06-13 | 2007-05-13 | 2007-04-13 | 2007-03-13 | 2007-02-13 | 2007-01-13 | 2006-12-13 | 2006-11-13 | 2006-10-13 | 2006-09-13 | 2006-08-13 | 2006-07-13 | 2006-06-13 | 2006-05-13 | 2006-04-13 | 2006-03-13 | 2006-02-13 | 2006-01-13 | 2005-12-13 | 2005-11-13 | 2005-10-13 | 2005-09-13 | 2005-08-13 | 2005-07-13 | 2005-06-13 | 2005-05-13 | 2005-04-13 | 2005-03-13 | 2005-02-13 | 2005-01-13 | 2004-12-13 | 2004-11-13 | 2004-10-13 | 2004-09-13 | 2004-08-13 | 2004-07-13 | 2004-06-13 | 2004-05-13 | 2004-04-13 | 2004-03-13 | 2004-02-13 | 2004-01-13 | 2003-12-13 | 2003-11-13 | 2003-10-13 | 2003-09-13 | 2003-08-13 | 2003-07-13 | 2003-06-13 | 2003-05-13 | 2003-04-13 | 2003-03-13 | 2003-02-13 | 2003-01-13 | 2002-12-13 | 2002-11-13 | 2002-10-13 | 2002-09-13 | 2002-08-13 | 2002-07-13 | 2002-06-13 | 2002-05-13 | 2002-04-13 | 2002-03-13 | 2002-02-13 | 2002-01-13 | 2001-12-13 | 2001-11-13 | 2001-10-13 | 2001-09-13 | 2001-08-13 | 2001-07-13 | 2001-06-13 | 2001-05-13 | 2001-04-13 | 2001-03-13 | 2001-02-13 | 2001-01-13 | 2000-12-13 | 2000-11-13 | 2000-10-13 | 2000-09-13 | 2000-08-13 | 2000-07-13 | 2000-06-13 | 2000-05-13 | 2000-04-13 | 2000-03-13 | 2000-02-13 | 2000-01-13 | 1999-12-13

Key: Value:

Key: Value:

MESSAGE
DATE 2013-07-23
FROM Ruben Safir
SUBJECT Subject: [NYLXS - HANGOUT] open everything

http://www.infoworld.com/d/data-center/the-coming-push-open-source-everything-223011

The coming push for open source everything
By Paul Venezia
Created 2013-07-22 03:00AM

TITLE

Frankly, I can't say I was surprised when I read that RIM's BlackBerry
10 transmits user email account credentials to RIM servers [1], which
then log into the account. Obviously someone at RIM thought this would
be a good idea, but anyone who does anything that requires keeping email
private -- say, an executive discussing sensitive negotiation strategies
with colleagues, or a doctor or other health care worker, or, well, just
about everyone -- should be appalled that RIM covertly collects their
username and password, then logs into the account.

With the news about PRISM and other clandestine data-vacuuming
operations in place all over the world, it's clear there's a problem.
It's not just about hoovering up information from millions of people --
it's the vast number of devices that can no longer be trusted for use in
business and government. When the code running anywhere along a data
path is not open source, there's a chance it's doing something you can't
know about and potentially transmitting data to someone who shouldn't
have it. That possibility should serve to upset even nontechnical
executives, to say nothing about governments all over the world.

[ Also on InfoWorld: The firewall threat you don't know [2] | The
perfect Trojan horse [3] | Keep up with key security issues with
InfoWorld's Security Adviser blog [4] and Security Central newsletter
[5]. ]

Last year I wrote about how easy it is to place backdoors within
corporate networks [6] using Swiss Army knife-type tools, but those
still require someone to physically place them within a building or at
least to be hooked up to a network jack. Wouldn't it be easier for the
spies to make sure the network devices you purchase, such as routers and
firewalls, are already backdoored [7]?

This goes well beyond the software or firmware layer. This goes straight
into the chips themselves. The code on proprietary commercial firewall
chips is unlikely to be accessible to security admins; even if it were,
it's unlikely they would be able or allowed to perform rigorous code
audits.

I'm sure some extraordinarily sensitive organizations do this or take
similar action for extraordinarily sensitive deployments, but you can
bet that the costs explode. Vendors like Cisco aren't going to let just
anyone sniff around their IP unless it's a huge contract. Even then, the
vigilance must be maintained to ensure that every single device is
running the very same code. All of this has to be done all the way up
the stack, across every device that will touch the network.

Open source closes the backdoors
With open source, the veil is already lifted, and an army of developers
inspects the code all the time. The potential for hidden backdoors is
dramatically reduced. But that doesn't really matter if you go deep
enough.

Sure, you can install pfSense on a server and know it's not backdoored,
but what about the hardware within the server itself? What about the TCP
offloading code in the NICs? Or the BIOS? It could contain a nefarious
element that you simply can't trust -- unless, of course, all that code
were open source as well.

Options for open source
At some point in the near future, concerns over this type of corporate
and governmental espionage may force larger organizations to make hard
decisions. There would seem to be three options.

Companies could increase their IT budgets dramatically to counter
this threat by validating every since piece of commercial code in use
anywhere on the network.
They could start building their own hardware and writing their own
software, from desktop OS through to the ICs in their routers.
They could turn to open source solutions the whole way around.

The first two options are not possible for the vast majority of
organizations, but the last one certainly is. If significant dollars
start flowing in that direction, there will be a bumper crop of
companies that will mold and develop open source solutions and sell the
hardware and support for them, while giving away the code for free.

Detractors will say that this will potentially open up security threats
in the form of bugs and unintentional exploits, but that's always been
the case with software of any flavor, open source or otherwise. At least
with open source solutions, when a compromise is discovered, it's
usually made public and patched quickly.

As far as cloud computing goes, that's outside of the hands of the
business and can't be completely trusted. However, the use of open
source encryption can mediate that threat to a degree. But make no
mistake -- these concerns are only going to make the argument for cloud
computing more difficult. As an example, think of how trivial it is to
capture data flowing into and out of a cloud server instance at the
hypervisor level, straight down into encryption instructions delivered
to the virtual CPU.

If we're at a point where no piece of commercial hardware or software
can be trusted, then the only reasonable option is to rely on large
communities of like-minded people to develop, extend, and inspect freely
available code on a continuous basis. Essentially, we may need to open
source everything.

This story, "The coming push for open source everything," was originally
published at InfoWorld.com [8]. Read more of Paul Venezia's The Deep End
blog [9] at InfoWorld.com. For the latest business technology news,
follow InfoWorld.com on Twitter [10].

Data Center
Security
Data Center
Networking
Security

Source URL (retrieved on 2013-07-22 10:14PM):
http://www.infoworld.com/d/data-center/the-coming-push-open-source-everything-223011

Links:
[1] http://frank.geekheim.de/?p=2379
[2]
http://www.infoworld.com/d/data-center/the-firewall-threat-you-dont-know-196161?source=fssr
[3]
http://www.infoworld.com/d/data-center/the-perfect-trojan-horse-199242?source=fssr
[4] http://www.infoworld.com/d/security/blogs?source=fssr
[5]
http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_sec_rpt&source=ifwelg_fssr
[6]
http://www.infoworld.com/d/data-center/the-perfect-trojan-horse-199242
[7]
http://www.infoworld.com/d/data-center/the-firewall-threat-you-dont-know-196161
[8] http://www.infoworld.com/?source=footer
[9] http://www.infoworld.com/blogs/paul-venezia?source=footer
[10] http://twitter.com/infoworld

  1. 2013-07-01 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Wished you were there...
  2. 2013-07-04 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] video miracles
  3. 2013-07-10 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] [group-digests-at-linkedin.com: The OU Job Board will be running a
  4. 2013-07-11 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] bad day at the office
  5. 2013-07-14 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Digital Revolution Stage II
  6. 2013-07-14 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] charter fishing
  7. 2013-07-14 Paul Robert Marino <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Digital Revolution Stage II
  8. 2013-07-15 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] getting a college education
  9. 2013-07-15 einker <eminker-at-gmail.com> Subject: [NYLXS - HANGOUT] Dell Add-in cards for Workstations and Dell Dimension PCs
  10. 2013-07-15 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Dell Add-in cards for Workstations and Dell
  11. 2013-07-15 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Dell Add-in cards for Workstations and Dell
  12. 2013-07-16 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Dell Add-in cards for Workstations and Dell Dimension PCs
  13. 2013-07-16 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Dell Add-in cards for Workstations and Dell Dimension PCs
  14. 2013-07-17 Paul Robert Marino <prmarino1-at-gmail.com> Subject: [NYLXS - HANGOUT] Weird Linux network question
  15. 2013-07-17 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Weird Linux network question
  16. 2013-07-21 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] all your phones be mine
  17. 2013-07-21 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] all your phones be mine
  18. 2013-07-21 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] all your phones be mine
  19. 2013-07-22 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Big Brother is Watching You
  20. 2013-07-22 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Lt Gov caught getting blown by secretary at 100MPH by black box
  21. 2013-07-23 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] linux in government
  22. 2013-07-23 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] open everything
  23. 2013-07-23 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Free Software Jobs
  24. 2013-07-23 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Attempt Patent the World Wide Web - win $100mil
  25. 2013-07-24 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] wall street
  26. 2013-07-24 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Gnome Blow up
  27. 2013-07-24 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Prying Eyes
  28. 2013-07-26 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] death by iphone
  29. 2013-07-26 Robert Menes <viewtiful.icchan-at-gmail.com> Re: [NYLXS - HANGOUT] death by iphone
  30. 2013-07-26 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] death by iphone
  31. 2013-07-28 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Cure Suicide Now - More Coffee
  32. 2013-07-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] career moves
  33. 2013-07-29 Robert Menes <viewtiful.icchan-at-gmail.com> Re: [NYLXS - HANGOUT] career moves
  34. 2013-07-29 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] career moves
  35. 2013-07-29 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] career moves
  36. 2013-07-29 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] career moves
  37. 2013-07-31 Paul Robert Marino <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Free Software Jobs
  38. 2013-07-31 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Free Software Jobs
  39. 2013-07-31 Paul Robert Marino <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Big Brother is Watching You

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!