Online Meeting
Salwan
salwanmax at gmail.com
Mon Jul 4 09:09:51 UTC 2011
On 7/4/2011 9:45 AM, Processing Qbits wrote:
> I agree with what you say, but you didn't argue about my approach, you
> debated another point which is very interesting to me too.
>
> Who knows if the OpenSource really doesn't have backdoors? If you want
> to take the risk, you can just depend on whoever checks the source
> code....if you don't want to take the risk, you could check
> it...moreover, Who knows if the OS compiled on your machine is the
> same? Again, that's another choice to make, do I compile it? Do I
> trust whoever did?
>
> Currently, in my stage, I'm still developing/reading the source code
> of a famous microkernel...Minix....which should take me to a tougher
> kernel, perhaps Linux...or another Microkernel....but until then, I
> have no choice....unless perhaps to compile the ubuntu source
> code....which seems rather pointless because I don't know what I've
> compiled....That's my personal story
>
> The original debate's reply with an added challenge....Even if we
> checked and compiled every single OpenSource program on our PC's and
> Cellphones, we would still have ClosedSource software to deal
> with....not to mention the hardware....even if you tamper with the
> hardware, which is not possible in all cases....there might be a
> misleading chip that you do not know much about, if you remove it, it
> would disable the cellphone...what would you do then?
>
> All these questions and challenges lead us to one answer.....Do What
> You Can! If you can do something to protect yourself, anything, do
> it....taking the risk isn't a good option, it shouldn't be an option
> in the first place, but let's just say it's not a good option.
>
> Security theoretically doesn't exist in a pure form, as a challenge,
> people say that there is doesn't exist a 100% secure system....though
> things like OTP (which are very old but still used in secret agencies)
> (I know that because I've read an article yesterday and had a debate
> over it, I'm not a security expert)...challenge that very sentence,
> but let's just say "There isn't a 100% secure system"...
>
> Ok, we accepted that....but does that mean, since everything can be
> hacked, that we don't need security? What do we do?...the answer is
> "Do What You Can!"
>
> So allow me to collectively answer your email with that sentence....no
> need to kill yourself over security and in the end there are ways to
> still bypass your methods, but "Do What You Can!"
>
> Google's power isn't ok for me, I prefer distributing parts of my
> e-life around so that no one has it all....there are ways for people
> to go around it, but "I'm Doing What I Can!"...at least concerning the
> google issue
>
> On Mon, Jul 4, 2011 at 3:30 AM, Amahdy AbdElAziz <amahdy7 at gmail.com
> <mailto:amahdy7 at gmail.com>> wrote:
>
> In fact, and you know that, Android and Simbian are OpenSource,
> and you can have full control on your small computer (the smart
> phone) if you are using any of those OS's. But following the
> "mo2mra" theory, one of the phone manufactures decided to put an
> extra tracking/spying piece of code (or hardware), you can never
> tell, and you have to relay on the QC (FCC, FDA, ...etc).
>
> The men responsible of pen tracing the Linux code, may get paid
> (following the mo2mra theory also), to let a piece of spying code
> be installed on all of our machines. (Anybody can pen trace, but
> nobody does ... and nobody is able to do that for the ISO that you
> download from Ubuntu or Fedora for example, it's already compiled
> and closed ,,, only few who get a kernel source, compile it, and
> compile on top of it all what they need, but they can never read
> all the source code of everything to make sure that there isn't a
> spy code somewhere). Did you read this
> <http://marc.info/?l=openbsd-tech&m=129236621626462&w=2> before?
> OpenBSD contained a backdoor "in the opensource implementation of
> IPSec" for TEN years.
>
> I'll remind you what I said before, Google's power is ok for me as
> far as it's not the only power and there is good potential and
> competitive alternatives.
>
> So let's imagine this situation, (who knows may it will happen one
> day =)), you are the CEO of Google and you want to please your
> concepts, so what would you change in Google's strategies? putting
> in mind that you have the responsibility of:
> (1) Getting a good revenue for the company to survive.
> (2) Getting a good impact from the company to grow (not disappear
> like MySpace for example).
>
>
>
> -- Amahdy AbdElAziz
> http://www.amahdy.net
>
>
>
> On Sun, Jul 3, 2011 at 05:29, Processing Qbits
> <processingqbits at gmail.com <mailto:processingqbits at gmail.com>> wrote:
>
> I believe businessmen usually do have more than one cellphone
> (though they have it for a different reason and that reason is
> probably fading with cellphones having the capability to use
> more than one chip) but then again, a cellphone is more like a
> computer
> Why do I choose Linux over Windows? It gives me more control
> over my computer....anything that goes wrong, anything that I
> wish to change...I am able to
> So if I have similar control over my cellphone, I believe it
> would be like my computer...
>
> As much as I respect google, I fear that it is gaining too
> much power, but I guess I have to respect other people's
> opinions too...while your approach is "if you don't want your
> secret to be out there, don't put it there"....my approach
> would be "if you don't want one company to hold all your
> secrets, give a piece to each so that none has it all"
>
> Your approach: Security by Obscurity
> My approach is similar to anonymous emails through 2 or more
> remailers....the first will have your real email but your
> encrypted message....the last will have your real message and
> the person it is being sent to but not your own email
>
> So I'll just agree to disagree!
>
> On Sun, Jul 3, 2011 at 3:25 AM, Amahdy AbdElAziz
> <amahdy7 at gmail.com <mailto:amahdy7 at gmail.com>> wrote:
>
> +Islam: Yes I see your point, I mean the mobile that you
> mentioned, usually contains very sensitive data maybe more
> than the whole web (it contains phone numbers of family,
> friends, SMS, ..etc) and the more advanced is the phone,
> the more information it has, (like emails, businesses,
> calendar, memo, ... NFC? ... location, pictures, ...etc)
> Ok so Google is a bad company, I'm not going to use
> Android, I'm going to use what? Simbian? Windows7? iOS?
> RIM? ...etc? it's all the same, the individual IMO has to
> choose a company and relay on it (give it some trust) [[of
> course to some extend, I'm saying being cautious from the
> beginning]]. IMO also, I won't get Android for family
> usage, iOS for business, Simbian for friends ...etc, no
> I'll choose one only company at my own risk... or else
> everybody should not use technology because it's risky.
>
> One more interesting example of what Google does, is the
> monthly email they send to me about "Your Latitude Service
> is ON, be careful!" it's like asking "So,, are you going
> to turn off the latitude account?" my answer is always NO
> keep it ON, I'll never go near "El Haram Street" so I'm ok
> with that =))
>
> -- Amahdy AbdElAziz
> http://www.amahdy.net
>
>
>
> 2011/7/2 Islam Hassan <eng.islam_hassan at hotmail.com
> <mailto:eng.islam_hassan at hotmail.com>>
>
> @Amahdy: I'm not saying that they're doing that or
> they're gonna do that, I'm just, as I said, imagining
> what they can do with it and no one can say they
> can't. In my opinion, why should any one take the
> risk, as developers or engineers, we always consider
> the worst case.
>
> ------------------------------------------------------------------------
> From: amahdy7 at gmail.com <mailto:amahdy7 at gmail.com>
> Date: Sat, 2 Jul 2011 05:57:52 +0300
> Subject: Re: Online Meeting
> To: ubuntu-eg at lists.ubuntu.com
> <mailto:ubuntu-eg at lists.ubuntu.com>
>
> +Islam: I believe NOT in the "mo2amra" theory :D, if
> I'm one of America's enemy then my e-life doesn't add
> for them anything. Yes Google may decide to spy on me,
> but who may not? I don't have the capability to
> fabricate my own cell phone yet so I have to relay on
> some companies to do that for me ... :))
>
> One of the interesting things made by G+ (yes -so far-
> they listen and they care up to a very high limit):
> /
> /
>
> /If you're sharing a post with a small circle of
> people, you can prevent resharing. Click the arrow
> at the top-right of the post and choose "Disable
> reshare."/
>
>
> Will solve the "Send something private to someone, and
> he FWD's it".
> This is not an ultimate solution BTW, he still can
> copy the content and post it again...
>
> -- Amahdy AbdElAziz
> http://www.amahdy.net
>
>
>
> 2011/7/2 Islam Hassan <eng.islam_hassan at hotmail.com
> <mailto:eng.islam_hassan at hotmail.com>>
>
> @Amahdy:
> * You say you don't mind if any body else knows
> what you're doing, that doesn't mean every on
> feels the same.
> * Google CAN know what's going on in your house
> and between you and your friends. How? Google
> Android @ Home and Google open accessories CAN
> CONTROL what happens in your home.
> * Imagine that google or the american government
> for example has an enemy. they can track his
> location and even kill him and make it look like
> an accident. and by enemy I mean any one who'd be
> a pain in the throat like some activist or
> something like that ( I'm just going as far as I
> can imagine). let's say the american government
> decide to keep track of all arabs or muslims
> inside the US for security purposes or something.
> they can listen to what you do by activating the
> microphone in your android phone or any thing like
> that. use your imagination, as I said, when I
> watched google IO day 1 key note, suddenly, I
> robot's VIKI jumped into my mind.
>
> --
> Ubuntu-eg mailing list
> Ubuntu-eg at lists.ubuntu.com
> <mailto:Ubuntu-eg at lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg
>
>
>
> -- Ubuntu-eg mailing list Ubuntu-eg at lists.ubuntu.com
> <mailto:Ubuntu-eg at lists.ubuntu.com> Modify settings or
> unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg
>
> --
> Ubuntu-eg mailing list
> Ubuntu-eg at lists.ubuntu.com
> <mailto:Ubuntu-eg at lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg
>
>
>
> --
> Ubuntu-eg mailing list
> Ubuntu-eg at lists.ubuntu.com <mailto:Ubuntu-eg at lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg
>
>
>
> --
> Ubuntu-eg mailing list
> Ubuntu-eg at lists.ubuntu.com <mailto:Ubuntu-eg at lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg
>
>
>
> --
> Ubuntu-eg mailing list
> Ubuntu-eg at lists.ubuntu.com <mailto:Ubuntu-eg at lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg
>
>
The way I see it, open source mentality was never about making
absolutely perfect secure software. (that's an impossibility actually)
It was rather a way to share code and build things as a community by
helping each other and building upon each other's knowledge and
experience. Nothing more and nothing less.
Most open source software is driven by the desire to build something
better than what's available for a specific task, or just to have fun :)
[warning] rant about closed source thinking follows...
But why did the open source mentality even exist and become a thing?
because there is the opposite.....
Everytime I see a developer who thinks that what he writes is sacred
Alchemy only he can ever figure out and create.. I feel sorry, that kind
of mentality can only take him so far. Furthermore, I noticed two common
traits that come with it, the absolute irrational devotion to one and
only one closed software solution, and that they usually dream about
working for Microsoft/Oracle one day.
Coding for them is a secret, not a way of life.
The ones I know are even very proud about their closeness, I even heard
a term that a "closed" friend coined to describe that mentality: the
black box.
Now, don't get me wrong I'm ok with closeness on the basis that it's a
personal point of view whether for individuals or companies, why would I
even care? However,... I care when I see a closed developer deliberately
misleading a newbie and throwing him into infinite loops, I get angry
and have to do something about it.</rant>
In the end, if you really really don't like your software (whatever it
was) you are the only one stopping you from developing your own stuff.
If you suspect open source software X of having a backdoor and that's
really really important for you, clone the repo and start reading :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-eg/attachments/20110704/b0520fd2/attachment.html>
More information about the Ubuntu-eg
mailing list