Page 2 of 3

Posted: Mon Feb 26, 2007 11:35 am
by russellhltn
michaelcox wrote:She has to be a female.


Correct!

MLS will not let you make a brother a Primary President. It's not a flaw, it's simply reflecting church policy.

Protocols

Posted: Thu Mar 01, 2007 3:26 pm
by dragev
thedqs wrote:The problem I was pointing out was the transfer protocol to church headquarters... Church HQ believes that it is interacting with a real MLS when really it is a malicious 3rd party


I guess then, in the process of open sourcing certain software, the communications layer should be abstracted and the proprietary protocol implementation removed. This way, the Church can still keep the communication stream proprietary, yet enjoy all the benefits of an open source project.

Posted: Thu Mar 01, 2007 10:51 pm
by thedqs
dragev wrote:I guess then, in the process of open sourcing certain software, the communications layer should be abstracted and the proprietary protocol implementation removed. This way, the Church can still keep the communication stream proprietary, yet enjoy all the benefits of an open source project.


Of course, although this might require a few more resources then the church can put forth at this time because of the projects that are just about to be released.

Posted: Tue Mar 06, 2007 12:47 pm
by portseven-p40
I think you are getting mixed up between data, protocols and source code.

There will be no more danger to securing user data or the transmission of that data by opening the source code. When you open the source of the program you are not giving people the keys to your data, only the program code itself.

There are many examples of this, Apache the worlds most popular web-server is open source, yet it hosts many secure websites and even though the code of the program is open to peer review, the data which it serves and stores is not available.

Another one is the SSH protocol & software, this is a program that allows you to remotley logon to a machine over a network, it is a secure version of telnet and it employs various methods to secure the transmission of the data. Yet it is seen as a very secure system and no-ones data is at risk.

In fact there are compelling arguments that say that by opening your source code as by doing this you get many eyes looking at your code and discovering (and fixing!) any security issues. On the other hand keeping the code closed and locked away you are hoping that the small team of developers looking after that code have spotted all the flaws.

There is an old adage that goes 'Security through obscurity is no security at all'. So I say open the code and benefit from the talent that is in the community to make your systems better.

Posted: Sun Feb 03, 2008 8:51 pm
by AdrianLP-p40
thedqs wrote:The only problem is that the church encrypted data stream that MLS uses to send updates, could potentially be hacked and then false information could be uploaded to the servers, effectively ruining the entire chruch database. I support some of the projects but not all for the reasons of privacy and security in those cases.


MLS seems to use SSH for stream encapsulation. SSH is open source :)

Open source security methods are actually more secure, not less. Knowing that encryption is done with factors of really large prime numbers doesn't really help you "hack" (lets me proper and use the phrase Crack shall we) the stream.

Security by obscurity is a *very* dangerous way of doing security.

Most of the standard encryption methods are open source, and fairly well documented in RFCs and the like.

Posted: Sun Feb 03, 2008 8:52 pm
by AdrianLP-p40
portseven wrote:I think ...



Grrrr, beat me to it!!!

Posted: Sun Feb 03, 2008 9:00 pm
by AdrianLP-p40
tomw wrote:Let's not let this discussion get bogged down into a debate over open source vs proprietary software.


hrm, I think the issue is that with open source software more of us can contribute, and more eyes on the code which transmits *our* personal information.

I think this is a perfectly valid and fair point, no?

PS: Emacs is cruft and vim rules :)

Posted: Sun Feb 03, 2008 11:53 pm
by russellhltn
AdrianLP wrote:hrm, I think the issue is that with open source software more of us can contribute, and more eyes on the code which transmits *our* personal information.

I think this is a perfectly valid and fair point, no?


It's ok as long as we're not debating church policy.

Posted: Mon Feb 04, 2008 6:20 am
by AdrianLP-p40
RussellHltn wrote:It's ok as long as we're not debating church policy.


Nope, I don't think church policy covers this situation, its not a public website :)

Its not even accessible outside authentication.

PS: You don't want to get me started on church policy, their security procedures are very weak in terms of MLS and Windows.

Posted: Mon Feb 04, 2008 6:28 am
by WelchTC
AdrianLP wrote:hrm, I think the issue is that with open source software more of us can contribute, and more eyes on the code which transmits *our* personal information.

I think this is a perfectly valid and fair point, no?

PS: Emacs is cruft and vim rules :)


Contributions does not equal open source. The Church could enlist people to help work on code without that code being open sourced. People have very strong feelings about open source vs proprietary software.

The Church does use and continues to use open source software in a variety of ways. The Church also uses proprietary solutions when open source alternatives or very high level support issues demand it.

Tom