Jump to content

Free software brings transparency


bogz
 Share

Recommended Posts

http://www.physorg.com/news116173009.html

 

The idea began in 2005, when Stein was an assistant professor at Harvard University.

 

"For about 10 years I had been really unhappy with the state of mathematical software," Stein said. The big commercial programs – Matlab, Maple, Mathematica and Magma – charge license fees. The Mathematica Web page, for example, charges $2,495 for a regular license. For another program, a collaborator in Colombia was quoted about $550, a special "Third World" discount price, to buy a license to use a particular tool, Stein said.

 

The frustrations weren't only financial. Commercial programs don't always reveal how the calculations are performed. This means that other mathematicians can't scrutinize the code to see how a computer-based calculation arrived at a result.

 

"Not being able to check the code of a computer-based calculation is like not publishing proofs for a mathematical theorem," Stein said. "It's ludicrous."

 

 

"I think we can be better than the commercial versions," he said. "I really want it to be the best mathematical software in the world."

 

The Sage project page is at http://www.sagemath.org

Link to comment
Share on other sites

  • Replies 7
  • Created
  • Last Reply

Top Posters In This Topic

Hi bogz,

 

Here is a question I have about open software when it comes to security of an "open" OS. How do you ensure security of an "open" OS since the code is available for anyone to view and thereby identify means to potentially compromise security in any instance of the OS... or even introduce a change to the OS which provides their own "back door"?

 

I think about this not only from the OS level, but also from application level when it comes to data encryption. How can we be CERTAIN we are secure when using open source products?

 

Thanks for any thoughts you can shed on this...

 

RMT

 

 

Link to comment
Share on other sites

Here is a question I have about open software when it comes to security of an "open" OS. How do you ensure security of an "open" OS since the code is available for anyone to view and thereby identify means to potentially compromise security in any instance of the OS... or even introduce a change to the OS which provides their own "back door"?

 

I think about this not only from the OS level, but also from application level when it comes to data encryption. How can we be CERTAIN we are secure when using open source products?

My opinion is that since closed source software typically prohibits people from examining binaries and hunting for exploits, only malicious users will attempt to find weaknesses. A case of if guns are outlawed, only outlaws will have guns. With open source software, law abiding citizens get to participate in the hunt for flaws. They also get to review any code they use to their satisfaction to make sure it is safe before they compile it.

 

Most users do not run applications that listen for connections from the outside world. The most popular way to deliver malicious payloads to this group is through their web browser or email client. Most of the time the delivery mechanism has to be customized to the browser or email client so I am more a fan of security through diversity than obscurity. Not running the most common software has it's benefits, making it harder for hackers to deliver their code to you.

 

This leads me to allowing 3rd party content onto the website you are viewing. I block as much 3rd party content as possible when I browse so I only load content from the server I visited, not from 3rd party sources. I generally trust the sites I'm visiting, just not content that can be added to the site without the owners approval such as some types of banner advertising services. Using Firefox + AdBlock I have not seen a banner advertisement on my PC in over two years. When I sit down on someone elses PC that doesn't block ads, I'm just so surprised at how different the experience looks.

 

Changes to open source products are tightly controlled. People submit patches and they are carefully merged by someone closely associated with the project. The general public doesn't have write access to the source code so it's safe from tampering.

 

Encryption is sometimes compromised when mathematical discoveries are made that expose a weakness in an algorithm making it easier(faster) to decrypt something using brute force. MD5 for instance was a good way to give a data a tamper proof seal. Methods have recently been discovered to find collisions in the MD5 algorithm and so by adding certain bytes to the end of a file you can give it any desired MD5 signature.

 

Open source projects tend to be more proactive and close source proprietary software can get away with being reactionary. Anyone using MD5 in an open source project is suddenly pressured to upgrade their code the instant knowledge of a weakness surfaces. A race ensues that anyone can join and the winner gets recognition for their efforts, they can even receive financial compensation ( see Sun Microsystems recent open source initiatives). Any closed source proprietary commercial software using MD5 doesn't have to spend any money to fix their old code until the general public discovers they are affected.

 

The peer review process is the best way to be CERTAIN that your software is secure.

 

 

Link to comment
Share on other sites

  • 4 weeks later...

Bogz,

 

I may sound like a "wacko" but have you ever heard of "RTC" as in Remote Transmission Control?

 

I have reviewed some laboratory documents a long time ago which dictates that people with 'extreme' scientific methods are/were building "RTC" machines in 1999 and earlier. These people claim these machines initiatly scans computer frequencies from all over the world and attempts to "merge" with those frequences in order to successfully "hack" computers.

 

Any idea if that could be true? IF so, then its going to be a one heck of a scary world. I do know for a fact that the FBI has a "RTC" machine that picks up monitor transmissions. Thought this would be a interesting topic to discuss after reading this PDF file from UK.

 

http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf

 

SAVE this FILE FAST AS YOU CAN before IT GETS DELETED. :)

 

open sourced OSes and closed sourced OSes wouldnt matter if this type of technology were to be continously developed. HMM... just IMO! :)

 

 

Link to comment
Share on other sites

  • 3 weeks later...

Hey bogz,

 

I was just made aware of these folks who have developed an open Real Time Operating System (RTOS).

 

http://www.openlicensesociety.org/drupal55/node/39

 

We at Northrop-Grumman are looking at it. If it can meet stringent industry standards (ARINC 653 is the industry standard for ApEx) it could very well be a big benefit!

 

RMT

 

 

Link to comment
Share on other sites

  • 2 weeks later...

Hey bogz,

 

I've never done any RT coding but I'll check that out for sure if I ever start.

Perhaps when I finally take the leap into semi-retirement (no more direct employee, bur rather consulting), we might be able to combine forces and work together on something? In my biz when you put together a good systems engineer with a good software engineer, you've got a combination that becomes very attractive to big customers. And the model-based systems engineering development paradigm that I use can lead to some strong AI implementations of semantic reasoners that will allow a system to reason about itself! Cool stuff.

 

RMT

 

 

Link to comment
Share on other sites

Perhaps when I finally take the leap into semi-retirement (no more direct employee, bur rather consulting), we might be able to combine forces and work together on something?

I'd be very excited about working on any kind of project with you. Should I start reading up on realtime programming sooner rather than later? :)

 

the model-based systems engineering development paradigm that I use can lead to some strong AI implementations of semantic reasoners that will allow a system to reason about itself!

Does that imply a system that has a fault occuring can look at various sources of information (error logs, performance metrics for instance) and figure out not only what is broken, but try to fix it, autonomously?

 

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...