On Fri, Sep 6, 2013 at 5:09 PM, <gs@xxxxxxxxxxx> wrote: > > I think it's a mistake to put too much faith in the ``open source'' > philosophy. While having access to source and rights to redistribute it > is a precondition for security and privacy, there is nothing inherently > secure or private about it. You also need to address the ethical aspect > of whom the software is supposed to ultimately serve; the user, or > someone else? It's this precise ethical discussion that the ``open > source'' movement has always distanced itself from, and it's the exact > ethical discussion we need to be having now. I agree, but that discussion isn't necessarily relevant to Haiku. I do think we have strived to create Haiku to serve the user and the user alone. Overall though I think we can agree that open source is pretty much a requirement to at least have some assurance that there are not backdoors or blatant purposeful security holes. > I'm not that familiar with the issue, What features in particular are > missing from Haiku's crypto libs? There is no official Haiku crypto library at the moment. We need that to actually encrypt and secure the Keychain system, which is why that system has not yet gotten much attention or use. I'm very interested in NaCl from Dan Bernstein as the possible back-end for a simple Haiku crypto API: http://nacl.cr.yp.to/ Or we could just wrap some parts of OpenSSL. I intend to keep it very simple to begin with, primarily to solve the problem of encrypting the keychain files. > Yes. The main concern now seems to be with forward secrecy and > deniability. An XMPP client with OTR support would be nice. I haven't > checked if there are any, but one of the command line ones might be > ported with little effort. There have been various efforts on Haiku IM clients over the years, such as the IM Kit and more recently Caya: http://haikuware.com/directory/view-details/internet-network/chat-irc/caya-development I would think support for OTR could be added to the Jabber/XMPP module. > A multi-user permissions model would be necessary, even for a desktop > computer with a single physical user. I think this may be in the > pipeline already. To some extent. It is certainly kept in mind for things like the package management system. I would like to see us be able to have a reasonable permissions system without some of the complications or annoyances of other multi-user systems. There may be some room for innovation here. Many Haiku fans have expressed they don't like the idea of Haiku going full multi-user. -- Regards, Ryan