Originally posted by jntesteves
View Post
Announcement
Collapse
No announcement yet.
Maxthon Web Browser Being Ported To Linux
Collapse
X
-
Originally posted by uid313 View PostIf other people want to use it fine, if they don't, then fine with me, I don't care what other people use.
Windows is hundred times bigger than Linux. Yet Linux have more free software than Windows.
Why is this?
If Linux were to have greater proprietary influence with more proprietary software, then the result may be less free software.
The free software is the part of Linux that appeals to me.
I can run an operating system and everything can be free open source software. That is very appealing to me.
If Linux wasn't free software, or the Linux software eco system wasn't so strongly centered and focused around free software, then I probably wouldn't use Linux.
The great thing about Linux is free software.
Technically Windows is a superior operating system. It is more much stable, crashes less often, everything just works, you don't have audio glitches, the graphics performance is better, there is much less bugs and regressions, etc.
Comment
-
Originally posted by schmidtbag View PostYes but WHY do you want that? Maxthon is free to use, just not open source. If the product is free to use, why do you personally care if it's open source? I understand the idea of having an entirely free OS (maybe you can't afford for paid alternatives) but what I don't get is why you demand open source when I'm sure you have never edited a single line of code from a well known program.
Now this isn't really an issue on trivial programs, like games and such. But when it comes to things like operating systems, all kernel side code, build systems, compilers... and also, anything that you have to trust with outgoing communications - especially if you use it in a context where you have to type your personal information - online banking comes to mind... then yes, we should demand open source software.
However, I don't really care that there exists closed source programs for these things. If someone wants to use them, that's their problem, not mine. I don't want to "ban" them from Linux and, there isn't any real way of doing such a thing, anyway - Linux is free software, but the GPL license doesn't care about userland at all, anyone can port whatever userland applications they want on it and release/sell them under whatever license they want. If this weren't possible, Linux would never succeed as a platform, that's just how it is.
Linux distros should still favor open-source software whenever possible, but they shouldn't make it impossible or hard to install proprietary software if the user so wants. I think at some point we just have to trust the users to know what they want to run on their own computers.
Comment
-
Originally posted by dee. View PostThere's a very good reason to prefer open source software in some things: security. Even if you yourself won't touch the code, you can be confident that a lot of people who are very knowledgeable will, and if there's anything shady in it they'll find it. It's strength in numbers. Especially now that we know that NSA has the capability to force companies to install backdoors in their software, and to mandate them to keep it secret from the public.
Now this isn't really an issue on trivial programs, like games and such. But when it comes to things like operating systems, all kernel side code, build systems, compilers... and also, anything that you have to trust with outgoing communications - especially if you use it in a context where you have to type your personal information - online banking comes to mind... then yes, we should demand open source software.
However, I don't really care that there exists closed source programs for these things. If someone wants to use them, that's their problem, not mine. I don't want to "ban" them from Linux and, there isn't any real way of doing such a thing, anyway - Linux is free software, but the GPL license doesn't care about userland at all, anyone can port whatever userland applications they want on it and release/sell them under whatever license they want. If this weren't possible, Linux would never succeed as a platform, that's just how it is.
Linux distros should still favor open-source software whenever possible, but they shouldn't make it impossible or hard to install proprietary software if the user so wants. I think at some point we just have to trust the users to know what they want to run on their own computers.
Truecrypt, the software so many people trust to keep their data safe, provides binaries and this is what most people use when they use truecrypt. However, a team of security researchers could not find any means of reproducing the binaries that truecrypt provide and on top of that, found that the "Truecrypt Foundation" resides at a fake address and there's no information about who they are. Now add to this the recent revelations that most common encryption protocols were supposedly bypassed by NSA and GCHQ, makes for an interesting thought.
So take a more considered approach when you talk about the "security" of open source.
Comment
-
Originally posted by scottishduck View PostDo you realise that open source is not a sign of security? Unless you personally check all of the code you cannot know it's secure and don't think for a moment that the "community" does this either, because they don't.
Truecrypt, the software so many people trust to keep their data safe, provides binaries and this is what most people use when they use truecrypt. However, a team of security researchers could not find any means of reproducing the binaries that truecrypt provide and on top of that, found that the "Truecrypt Foundation" resides at a fake address and there's no information about who they are. Now add to this the recent revelations that most common encryption protocols were supposedly bypassed by NSA and GCHQ, makes for an interesting thought.
So take a more considered approach when you talk about the "security" of open source.
Comment
-
Originally posted by dee. View PostSure they do. At least code that is being properly maintained, gets seen by many developers constantly. The more people see the code, the harder it is to get away with shady things.
I don't use truecrypt. Of course you still have to consider the developers of the software, if the source is shady, if the development process is closed and sources only get published with releases, that's of course a sign to be careful.
Comment
-
Adobe/Microsoft subscription software is worst-case nonfree greed
Originally posted by finalzone View PostNewer version of Adobe Photoshop is part of Creative Cloud meaning subscription only unless someone is willing to pirate a copy.
That is an example of application Linux system does not need.
I am never in favor of trying to make someone's locked, corporate software impossible to run on a distro, that would be acting like Apple. On the other hand, I do feel that distros should provide zero support to such things. I will make one exception to that: Steam, on the grounds that they are a toy and not productivity software, with a record of causing people to keep a Windows install. If Microsoft wanted to make Office365 run on my private fork of UbuntuStudio and Mint, I would not lift a finger to help them, same for Adobe's subscription software. Free software means they have the freedom to do it themselves, and we have the freedom to ignore them, and ignore any service or network tied to their products. In my machines, I normally remove any software that adds support for a paid product. With Flash I break the DRM support by avoiding installing Flash and Hal on the same box and keeping .macromedia cleaned out.
Never forget-there are a LOT of people out there that want to turn your computer into a cable box and the Internet into another cable TV. What do you think this whole push to "cloud computing" is all about? It's about getting you to give major corporations control of your data and everything you do with it, while your computer becomes a thin client to Corporate America and by extension not only the NSA but every two-bit police department with a warrant and every crooked private investigator.
Comment
-
Originally posted by vk512 View Post...Maxthon . . . has been leading html5 compatibility tests for quite some time - html5test.com
ex. https://twitter.com/rakaz/status/220489915186688000Last edited by eidolon; 29 September 2013, 12:12 AM.
Comment
-
NSA bypasses implementations, not methods of encryption
Originally posted by scottishduck View PostDo you realise that open source is not a sign of security? Unless you personally check all of the code you cannot know it's secure and don't think for a moment that the "community" does this either, because they don't.
Truecrypt, the software so many people trust to keep their data safe, provides binaries and this is what most people use when they use truecrypt. However, a team of security researchers could not find any means of reproducing the binaries that truecrypt provide and on top of that, found that the "Truecrypt Foundation" resides at a fake address and there's no information about who they are. Now add to this the recent revelations that most common encryption protocols were supposedly bypassed by NSA and GCHQ, makes for an interesting thought.
So take a more considered approach when you talk about the "security" of open source.
The typical way the NSA is believed to bypass closed commercial encryption products is by getting the authors to limit the keyspace. If the keyspace is fixed, as in AES-128/192/256, tampering with the random number generator can limit the number of keys. Remember that OpenSSH key generation issue, where most of the randomness had been commented out, and all keys from those versions had to be blacklisted? Similar things, done on purpose and known to the NSA, can easily bypass any encryption protocol. When the NSA themselves use AES, they simply would make sure to use a non-tampered random number generator for making any keys where random numbers are used. A closed-source product can also get away with using an outright keylogger to store the passphrase somewhere.
OK, let's talk open source. An attempt by the NSA to keylogger DM-crypt would mean having to drop a keylogger into the Linux kernel, the Cryptsetup binary, or the "cryptroot" script. In the script it would be caught within hours. In the binary it would require obfuscated code-but obfuscated code in source code for encryption triggers automatic suspicion. One reason many trusted GPG but not PGP in the middle of the last decade was 8 lines of code for PGP that activist hackers could not figure out the purpose of. A "contributor" attempting to add a non-obfuscated keylogger to the Cryptsetup code would be caught. Trying to drop a keylogger into the Linux kernel would be REALLY asking to get caught.
The compromised random number generator method won't work against raw DM-crypt/cryptsetup, as a key made by hashing the passphrase doesn't need the random number generator (/dev/random or /dev/urandom for lower security work). On the other hand, a poorly chosen passphrase becomes vulnerable to dictionary attacks. With LUKS, a dictionary attack becomes much more difficult due to the long compute time to unlock the key with the passphrase, but the security of /dev/random must be good. It seems to me that to compromise /dev/random or even weaken /dev/urandom in the closely watched linux kernel would be really asking to get caught, especially after the OpenSSH issue. If LUKS uses its own system to generate random numbers, that would be even more closely watched, and someone would surely try to match up source with binaries.
Comment
Comment