$20 from Texas Jim.
Posted on 08/18/2012 11:59:23 AM PDT by ShadowAce
One of the biggest lies told about open source is that it's insecure.
In letting just anyone use your code, that has to include the bad guys. They're bound to find a way to compromise it, the thinking goes.
But that's not the way it works in real life. Having every potential victim working on your neighborhood code watch turns out to deliver more security, not less.
Having everyone who might be the victim of an online break-in organized, finding bugs, writing and testing fixes, constantly improving security tools, works.
Don't believe me? Well, maybe you'll believe the National Security Agency or the Department of Homeland Security. The open source process works for them, too.
For a decade, one of the most popular intrusion prevention and detection systems has been Snort, created by Martin Roesch. But the company he built around that software, Sourcefire, only gives away the basic package. If you need extensions, if you want a more complete system, you have to pay. That code is controlled by Sourcefire.
There is nothing unusual in that. Many open-source businesses create free community and paid "enterprise" editions of their software. This is what Red Hat(RHT) is all about -- you can download Fedora Linux free or buy Red Hat Enterprise Linux. In both cases you get to see the code, but with the paid version you get the support needed to run it professionally.
But this model didn't work with Snort. The Department of Homeland Security, the military, and the NSA could not be "held hostage" to Sourcefire for improvements to the code, or for the specialized suite needed to protect the nation.
So the Department of Homeland Security got together with major contractors and formed their own open source project, the Open Information Security Foundation. OISF has its own intrusion system, called Suricata, whose syntax is based on Snort, so if you are accustomed to one you can use the other.
But Suricata will be a complete system, not just a "sniffer," as intrusion detection products are colloquially known. The whole Suricata suite will be open source. This process is now expanding, as I noted here at TheStreet.com on Monday.
In May, the National Security Agency co-hosted an Open Source Security Industry Day at a Johns Hopkins facility in Fort Meade, Md. As ZDNet's Steven J. Vaughan-Nichols reported, agency people described their needs for open source and urged suppliers to include open source in their offerings.
John Weathersby of the OSS-Institute, which is now affiliated with Georgia Tech in Atlanta, told me most of the day was devoted to small "breakout" sessions, where contractors answered hard, detailed questions put to them by key government customers. The affair wasn't just a series of sales pitches, he said. It was the first step in a negotiation.
Among the open source projects the NSA supports is Security Enhanced Linux (SE-Linux), for which it has developed an access control module called Flask, hosted at the University of Utah. Open source and security, in other words, do go together.
Open source can only provide tools. Procedures are also needed to assure that people maintain security. So the Cloud Security Alliance offers an integrated stack of such procedures, called the GRC Stack. GRC stands for Governance, Risk management and Compliance. This is maintained in an open process with the support of both contractors and software vendors.
Point is, open source and security do mix. They mix well. With more businesses moving toward cloud technology, much of it based on open source software, they are going to be doing a lot more mixing.
Thank you very much, Aquamarine!! God bless.
Woo hoo!! Thank you both very much!! GO, FReepers!!
Pray for the Republic folks.
Twice this month was that last month.....let’s look to our future. In for $50, Jim.
I also respect the fact that Jim Robinson, even though he has stated he will not vote for Romney, does not condemn other Freepers for doing so and has basically called for a truce between the ABR folks and those who believe that Romney, despite his shortcomings, is better than Obama and thus will vote for him.
What I can't respect are those few posters who spam every single thread with their anti-Romney vitriol and attack other Freepers as turncoats and RINOs for deciding to vote for Romney - despite the fact that Romney was the first choice of virtually zero Freepers. I believe they are counter-productive. They aren't going to win anybody over to their point of view with their line of attack and they are driving a wedge in Free Republic that need not be there. Who knows how many good Freepers they have driven away.
Well they won't drive me away but neither will I engage them and add to the infighting that is already going on.
I've been here 15 years and been through some tough times here - we'll get through this time as well.
Getting back to the exchange between Jim Robinson and Don-o regarding Freepathon ads, I side with Jim. The Freepathon ads do not annoy me and compared to most websites, the advertising here (if you can call it that) is very unobtrusive. Much credit needs to go to the Free Republic Freepathon crew who keeps this forum in operation. Anti-Freepers have been standing on the sidelines for years, wishing for us to go under, chortling at every Freepathon that gets to its goal slowly. But we always find a way to hit our target and stay alive for another few months. The Freepathon crew cannot be thanked enough.
I've been giving $30 a month to Free Republic for a number of years and it's pretty painless. I wouldn't say I'm wealthy or anything - probably I'm on par with the average Freeper with respect to household income. If everybody who came to this site on a regular basis donated at least $10 a month, we'd probably never have another Freepathon again and who knows, maybe the monthly Freepers would start getting swag like coffee mugs and T-shirts again, like in the old days - if more regular Freepers kicked in.
Sorry for the long-winded reply but one more suggestion that might help. Maybe we could do something to set the monthly donors apart - like having their screen name show up in bold red on the board or something like that. This would identify the monthly donors in the forum and might help entice others to want to get that special touch to their screen names as well.
Thank you very much, SamAdams76!! Well said and greatly appreciated.
This is so true. And you'll be known in places which may surprise you. For example, I have a website. I just recently tried to access it in the Guangzhou airport(CAN) in commie China. Couldn't. They block it. HA! That is a compliment.
Aloha and thank you very much, BIGLOOK!!
I don’t have a problem with the way Freepathons are conducted, but I also think that it might help to have a permanent banner (?) or something asking to help keep the lights on (not to be confused with a Freepathon campaign). I wouldn’t mind seeing this at the top of FR home and the forums. It seems that once a Freepathon is over, there is little or no suggestion of donations.
Jim I will be writing out a check for 40 dollars tomorrow. Thanks for everything you do. Sometimes I ‘need a gentle tap on the shoulder.
I’m checking. You and Jim must be communicating.
God bless and keep you, dearest houeto!!!!
Thank you very much, houeto!!
Just posted this to the FReepathon thread and we’re about $299 from the Yellow and more coming in now:
Woo hoo!!
And this just in:
$35.00 from California
$50.00 from Hawaii
$25.00 from Georgia
$50.00 from Texas
$25.00 from Illinois
Thank you all very much!!
FReepers are absolutely the greatest!!
Less than $300 to the YELLOW!! Then it’s down the homestretch to the GREEN!! We can do this.
Thank you very much, windcliff!! God bless.
“This is so true. And you’ll be known in places which may surprise you. For example, I have a website. I just recently tried to access it in the Guangzhou airport(CAN) in commie China. Couldn’t. They block it. HA! That is a compliment.”
You are banned in China - you must have a great website. I’ve been to mainland China for one day and took a shower as soon as I got back to my hotel in Hong Kong. China is a dirty place. Plus, the mainland Chinese kept pointing to me because my hair was blonde. Someone had to tell me that’s why they were pointing.
It’s travelling to you Jim Rob. I use snail mail. Bless you for all you’re doint.
As new people come on the board they will go through this learning curve. FR provides a good and valuable service. I believe you will be able to keep the good fight going. Good luck to you and us, and God Bless America.
It’s been a very frustrating 3+ years for conservatives. Even with big wins in the 2010 election, our agenda is frustrated by Obama and by Republican career politicians who have grown fat and wealthy feeding at the government trough.
But, we haven’t seen anything yet. If Obama wins this fall, he will use the powers ceded to him by the Congress to rule by fiat in a way never before seen in this country. He will defy the Congress to do anything to stop him, and they oblige by ranting and raving and caving like a cheap suitcase. Voters, not politicians, can stop this, but we must start by defeating Obama. Did I mention that we have to defeat Obama? No other outcome will suffice.
$20 from Texas Jim.
I agree with you about the dirt. The airport was dirty. The airline, China Southern Air, was dirty AND DANGEROUS. Not enough hydration and too crowded to move. That is a sure recipe for DVT and other problems.
We won’t be doing that route again.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.