Trusting Open Source for Production...
-
I've never called MS for support once in my entire IT career.
-
@travisdh1 said:
@BRRABill said:
I still have the "fear" that an open source product will just go away, where MS Office just won't.
Though since they decommission it, it might as well, right?
How can any open source product "go away"? Even if it's completely dropped from development, IE TrueCrypt, if it's a useful tool someone will pickup it up and continue on, IE VeraCrypt. Whereas if Microsoft decides to drop MS Office, you are up a creek and nobody will be working with the code anymore.
I know how it feels, but it's just feelings. Open source is much more likely to stick around long after the original developers are no longer around.
It's funny, TC was actually the product that he had brought up. I want to write a paper on the TC story because it is one of the best possible examples of why open source matters. TC was closed source, not open, and they vendor (we think) tried to make it go away. But accidentally let the code slip into the public domain and become de facto open source and the product was protected from the evils of closed source because the code owner attempted to hide which effectively gave up his code ownership.
TC shows how dangerous closed source can be and how open source is the only protection against those fears. No example could be better, really. You never know when a closed source company is going to have an agenda that you don't understand and take their product away because it suits some other purpose.
-
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
@scottalanmiller said:
Let's also compare MS Office to LibreOffice. I get every type of support for LibreOffice that you can get for MS Office plus more. Again, the real world examples hold up that open source encourages better and broader support options. Closed source just gives you... less.
I still have the "fear" that an open source product will just go away, where MS Office just won't.
Though since they decommission it, it might as well, right?
I don't follow. As we had discussed offline, open source cannot go away. It's literally impossible. The fear of going away is purely a closed source concern. You were confused about which was which when we were discussing this. Open source is the only means of protecting against the fear that you have. Commercial products that people are still using actually go away all of the time. Open source cannot. It is as simple as that.
A great example would be Office 2003. That software isn't supported or available for sale anymore. And while OpenOffice in it's old form isn't really there any more, it's been replaced by LibreOffice.
Not replaced. OO is still very modern and up to date and competes with LO. OO is developed by the Apache Group.
-
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
@scottalanmiller said:
Let's also compare MS Office to LibreOffice. I get every type of support for LibreOffice that you can get for MS Office plus more. Again, the real world examples hold up that open source encourages better and broader support options. Closed source just gives you... less.
I still have the "fear" that an open source product will just go away, where MS Office just won't.
Though since they decommission it, it might as well, right?
I don't follow. As we had discussed offline, open source cannot go away. It's literally impossible. The fear of going away is purely a closed source concern. You were confused about which was which when we were discussing this. Open source is the only means of protecting against the fear that you have. Commercial products that people are still using actually go away all of the time. Open source cannot. It is as simple as that.
A great example would be Office 2003. That software isn't supported or available for sale anymore. And while OpenOffice in it's old form isn't really there any more, it's been replaced by LibreOffice.
Not replaced. OO is still very modern and up to date and competes with LO. OO is developed by the Apache Group.
oh, did they catch back up? I know when someone else took over the project for a while it went south, which is why LibreOffice even exists. I was unaware they had returned to parity, or near parity.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
@scottalanmiller said:
Let's also compare MS Office to LibreOffice. I get every type of support for LibreOffice that you can get for MS Office plus more. Again, the real world examples hold up that open source encourages better and broader support options. Closed source just gives you... less.
I still have the "fear" that an open source product will just go away, where MS Office just won't.
Though since they decommission it, it might as well, right?
I don't follow. As we had discussed offline, open source cannot go away. It's literally impossible. The fear of going away is purely a closed source concern. You were confused about which was which when we were discussing this. Open source is the only means of protecting against the fear that you have. Commercial products that people are still using actually go away all of the time. Open source cannot. It is as simple as that.
A great example would be Office 2003. That software isn't supported or available for sale anymore. And while OpenOffice in it's old form isn't really there any more, it's been replaced by LibreOffice.
Not replaced. OO is still very modern and up to date and competes with LO. OO is developed by the Apache Group.
oh, did they catch back up? I know when someone else took over the project for a while it went south, which is why LibreOffice even exists. I was unaware they had returned to parity, or near parity.
LO split off many years ago when Oracle bought Sun and got OpenOffice with the purchase. Oracle was not maintaining it well and so a group split off to form LibreOffice to protect OO from Oracle. The two were and have been developed in parallel ever since. Oracle immediately realized what they had done and donated the OpenOffice project to the Apache group who have run it for a very long time now. OO and LO now compete but there is talk of merging them as they are ideologically aligned.
-
One of the examples that I had used about why closed source was risky... Microsoft used to have a couple different operating systems including DOS and Xenix. Both were closed source and both did not fit into the Microsoft "world view". Neither is available today, in any form. Just gone.
IBM, likewise, did the same thing with OS/2 which was an extremely popular operating system.
Also BeOS, an independent operating system was closed source and when the company failed the OS and the entire ecosystem collapsed as there was no way to update, patch or maintain the system.
Closed source encourages "dead ends" in code. And even the vendors you feel like you can trust, Microsoft, IBM, Google, etc. shut down projects and products all of the time. It's a very false sense of security to feel that MS will not stop making or supporting products that no longer make sense to their bottom line. MS is a business and supporting old software is extremely expensive. And often old software isn't just expensive to maintain but might actively compete with newer products (which is why Xenix was killed off.)
-
@scottalanmiller said:
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
Hey that looks just like TC.
-
Another great example... at NTG we were one of the first ten Microsoft Small Business Accounting customers, and the very first to work with SBA and ADP for payroll integration. We used every SBA version from the first to... the last. Microsoft killed it off. It only ever had about three releases. It was a good product, far better than QB which was the only competitor at the time. We invested heavily in it and were "all in" in the Microsoft ecosystem using the products that they recommend and we were left dead in the water with no accounting package.
Not only was this a mainline MS product, it was a core part of the MS Office family. Microsoft most certain kills off products and few could be as high profile and critical from a non-server perspective as killing off the accounting and financial member of their MS Office family! If they were willing to discontinue SBA suddenly, nothing is safe.
-
@BRRABill said:
@scottalanmiller said:
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
Hey that looks just like TC.
Mostly, it is. Some newer encryption options is about the only difference.
-
@travisdh1 said:
@BRRABill said:
@scottalanmiller said:
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
Hey that looks just like TC.
Mostly, it is. Some newer encryption options is about the only difference.
Does it support booting in UEFI based OSes yet?
-
@Dashrender said:
@travisdh1 said:
@BRRABill said:
@scottalanmiller said:
For those wondering where TrueCrypt went, it is now VeraCrypt as was mentioned above. Because the owners accidentally let TC fall into the PD it became de facto open source and got picked up and maintained instantly and audits continued making it still one of the most secure, most audited encryption suites out there. The open source project is hosted by none other than Microsoft themselves on CodePlex.
Hey that looks just like TC.
Mostly, it is. Some newer encryption options is about the only difference.
Does it support booting in UEFI based OSes yet?
I don't think so, at least not yet. I'm not sure that they are trying to get a UEFI key from Microsoft or not.
-
I think that pretty typically people are using it on data partitions and not on boot ones. Keep all data secured in one place but not worrying about the OS itself.
-
I searched their site but found no reference to UEFI supported or otherwise.
-
I always thought TrueCrypt was for File Level encryption rather than FDE.
-
See in my craziness I like FDE because I'm always worried about what products leave behind.
-
@Jason said:
I always thought TrueCrypt was for File Level encryption rather than FDE.
TC supported FDE Through at least XP if not through 7. But I know it never supported Windows 8/8.1 etc.
-
What timing... Microsoft "pulls a TrueCrypt" with Windows 7. You thought it couldn't happen with Microsoft? It just did.
Remember, it is closed source that allows this to happen. Open Source is protected from this kind of thing.
http://www.forbes.com/sites/gordonkelly/2016/01/02/microsoft-windows-7-problems/
-
@scottalanmiller said:
What timing... Microsoft "pulls a TrueCrypt" with Windows 7. You thought it couldn't happen with Microsoft? It just did.
Remember, it is closed source that allows this to happen. Open Source is protected from this kind of thing.
http://www.forbes.com/sites/gordonkelly/2016/01/02/microsoft-windows-7-problems/
WHAT? I have to call BS @scottalanmiller. They did not pull a TrueCrypt. It's not like this morning we woke up to find a sign on MS.com that said - Windows 7 is not secure/trustable/whatever TC's site said the day the developers decided to get out of that game.
Is MS pushing people - users - to Windows 10, heck yeah they are, and they are shoving hard. But considering Windows XP, and how long it took the majority to move to Windows 7/8/8.1, can you blame them?
And in this situation, you have one similar to Linux - a free path to a new version. There isn't even any cost involved.
Of course that last part - we know that's BS, there's cost involved. Your time, internet bandwidth, your failout plan, etc... these things aren't free, even if they don't cost you dollars from your wallet, they cost you in other ways.
I'm guessing that OS X users in very high numbers upgrade to the latest version of OS X shortly after it comes out, otherwise I'm guessing Apple would find some way to force them to move or remain unsupported to minimize their support requirements.
Look at the number of Android 2.x devices that are still out in the world that will NEVER be updated, yet are vulnerable to attack. It's basically another platform akin to Windows XP non SP, or SP1 that just became virus spewing monsters
Yes we as a society are being shoved forward, but frankly I don't have an issue with this.
-
@Dashrender said:
WHAT? I have to call BS @scottalanmiller. They did not pull a TrueCrypt. It's not like this morning we woke up to find a sign on MS.com that said - Windows 7 is not secure/trustable/whatever TC's site said the day the developers decided to get out of that game.
What TC did was make crazy claims that their software was insecure in the hopes that people would move to a different product (we don't know who encouraged them to do this or what their agenda was but it was totally obvious what happened) based on a lack of adequate ongoing code updates for things that had not yet been discovered.
That's exactly what MS did here, right? Exactly. Except that in the MS case we know which product they are doing this to promote rather than having to guess.
TC was not insecure. Nor is Windows 7. In both cases, the vendors claimed that they were vulnerable due to a lack of future patches or updates or technologies for issues not yet arisen.
I see them as completely the same. In what way to they differ other than the trivial fact that MS has to provide "support" but that is very limited and does not cover most security concerns and that TC fell to public domain and was able to be supported and the entire concern bypassed? That makes TC the lesser of the two problems here, in reality.