[haiku] Re: Haiku as the easy-to-use, free, open, secure OS
- From: Ryan Leavengood <leavengood@xxxxxxxxx>
- To: Haiku ML <haiku@xxxxxxxxxxxxx>
- Date: Fri, 6 Sep 2013 18:05:11 -0400
On Fri, Sep 6, 2013 at 5:09 PM, <gs@xxxxxxxxxxx> wrote:
>
> I think it's a mistake to put too much faith in the ``open source''
> philosophy. While having access to source and rights to redistribute it
> is a precondition for security and privacy, there is nothing inherently
> secure or private about it. You also need to address the ethical aspect
> of whom the software is supposed to ultimately serve; the user, or
> someone else? It's this precise ethical discussion that the ``open
> source'' movement has always distanced itself from, and it's the exact
> ethical discussion we need to be having now.
I agree, but that discussion isn't necessarily relevant to Haiku. I do
think we have strived to create Haiku to serve the user and the user
alone.
Overall though I think we can agree that open source is pretty much a
requirement to at least have some assurance that there are not
backdoors or blatant purposeful security holes.
> I'm not that familiar with the issue, What features in particular are
> missing from Haiku's crypto libs?
There is no official Haiku crypto library at the moment. We need that
to actually encrypt and secure the Keychain system, which is why that
system has not yet gotten much attention or use. I'm very interested
in NaCl from Dan Bernstein as the possible back-end for a simple Haiku
crypto API:
http://nacl.cr.yp.to/
Or we could just wrap some parts of OpenSSL. I intend to keep it very
simple to begin with, primarily to solve the problem of encrypting the
keychain files.
> Yes. The main concern now seems to be with forward secrecy and
> deniability. An XMPP client with OTR support would be nice. I haven't
> checked if there are any, but one of the command line ones might be
> ported with little effort.
There have been various efforts on Haiku IM clients over the years,
such as the IM Kit and more recently Caya:
http://haikuware.com/directory/view-details/internet-network/chat-irc/caya-development
I would think support for OTR could be added to the Jabber/XMPP module.
> A multi-user permissions model would be necessary, even for a desktop
> computer with a single physical user. I think this may be in the
> pipeline already.
To some extent. It is certainly kept in mind for things like the
package management system.
I would like to see us be able to have a reasonable permissions system
without some of the complications or annoyances of other multi-user
systems. There may be some room for innovation here. Many Haiku fans
have expressed they don't like the idea of Haiku going full
multi-user.
--
Regards,
Ryan
Other related posts:
- » [haiku] Haiku as the easy-to-use, free, open, secure OS- Ryan Leavengood
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- gs
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- Stefano Ceccherini
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS - Ryan Leavengood
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- Ryan Leavengood
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- Sean Collins
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- gs
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- Adrien Destugues
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- gs
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- Sean Collins
- » [haiku] Re: Haiku as the easy-to-use, free, open, secure OS- Michael Mounteney
