[haiku] Re: Haiku as the easy-to-use, free, open, secure OS

  • From: gs@xxxxxxxxxxx
  • To: haiku@xxxxxxxxxxxxx
  • Date: Fri, 06 Sep 2013 23:09:23 +0200

Ryan Leavengood <leavengood@xxxxxxxxx> writes:

> Unless you are hiding under a rock, you have heard about what the evil
> American NSA has been up to (as an American, I am ashamed about what
> our government has become.)
>
> As a long time Haiku proponent and developer, I see an opportunity here:
>
> Haiku should become the premier, all-in-one, easy-to-use, open-source
> SECURE operating system.
I think it's a mistake to put too much faith in the ``open source''
philosophy. While having access to source and rights to redistribute it
is a precondition for security and privacy, there is nothing inherently
secure or private about it. You also need to address the ethical aspect
of whom the software is supposed to ultimately serve; the user, or
someone else? It's this precise ethical discussion that the ``open
source'' movement has always distanced itself from, and it's the exact
ethical discussion we need to be having now.

> I've thought about our keychain system and intend to build a Haiku
> crypto API using the latest and best technologies. 
I'm not that familiar with the issue, What features in particular are
missing from Haiku's crypto libs?

> While there has been a lot of fear-mongering, it appears that good old
> symmetric encryption is still very secure.
Yes. The main concern now seems to be with forward secrecy and
deniability. An XMPP client with OTR support would be nice. I haven't
checked if there are any, but one of the command line ones might be
ported with little effort.

> At the risk of starting a massive bike shed, I'm curious to here other
> opinions on this and what else we might do to make Haiku more secure.
A multi-user permissions model would be necessary, even for a desktop
computer with a single physical user. I think this may be in the
pipeline already.

--gs

Other related posts:

  1. Home
  2. haiku
  3. Archive
  4. 09-2013