July/August 2018 issue of acmqueue The July/August issue of acmqueue is out now
Subscribers and ACM Professional members login here



The Bike Shed

Security

  Download PDF version of this article PDF

Error 526 Ray ID: 46c080764d4c99f8 • 2018-10-19 04:29:06 UTC

Invalid SSL certificate

You

Browser

Working
Newark

Cloudflare

Working
deliverybot.acm.org

Host

Error

What happened?

The origin web server does not have a valid SSL certificate.

What can I do?

If you're a visitor of this website:

Please try again in a few minutes.

If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here.

acmqueue

Originally published in Queue vol. 12, no. 6
see this item in the ACM Digital Library


Tweet



Related:

Rich Bennett, Craig Callahan, Stacy Jones, Matt Levine, Merrill Miller, Andy Ozment - How to Live in a Post-Meltdown and -Spectre World
Learn from the past to prepare for the next battle.


Arvind Narayanan, Jeremy Clark - Bitcoin's Academic Pedigree
The concept of cryptocurrencies is built from forgotten ideas in research literature.


Geetanjali Sampemane - Internal Access Controls
Trust, but Verify


Thomas Wadlow - Who Must You Trust?
You must have some trust if you want to get anything done.



Comments

(newest first)

Displaying 10 most recent comments. Read the full list here

CK Raju | Tue, 09 Dec 2014 06:51:29 UTC

Box Toxen and Poul-Henning Kamp make certain viewpoints with regard to the role of funds in secure software. Can anyone generalise and formulate a theory using aberrations as examples ? I think the method deployed by Poul-Henning is wrong. While funds may contribute to secureness of software, proprietary-ness of software will effectively prevent anyone from knowing what's really going behind the scene. When patches could be effectively used to alter the functionality of a given proprietary software, how could anyone verify truthfulness of a software to a function based on mere claims ? Access to software sources must be a extended in order to conclusively verify absence of mischievious code. Another perspective stems from the fact that proprietary software can only be improved at the developer's place. The case with Free Software is different, as any student could pick up a sample project and go on to complete the project as part of academic work - an exercise which is normally impossible with proprietary software.


Carlos | Mon, 18 Aug 2014 16:42:39 UTC

@Fellow Traveler. "If you want the companies to fund the development, just use the GPL" I don't think that's the problem. See the Apache Foundation. The truth, companies are takers, open-source is the mean, not the end for those companies. So, they usually contribute when they can use the software in their private business freely without having to open their own code and when that open-source software is a core part of their business, so they need to maintain it. The problem with most of those "take-a-lot-contribute-little" companies is a matter of *assumptions*, which is a very common problem in engineering: "it is open-source -> it is robust and tested -> we can trust".


Fellow Traveler | Sun, 17 Aug 2014 22:03:16 UTC

If you want the companies to fund the development, just use the GPL. This enforces a consortium-like arrangement where all the companies feel safe to contribute to open source, and are incentivized to do so. Notice that most of the pull requests to Linux are funded by large corporations who are otherwise in business competition with each other.

The problem is not funding for open-source. Rather, the problem is funding for BSD-style open-source. Because when it's GPL, the problem ceases to exist.


David | Sat, 16 Aug 2014 08:49:33 UTC

This problem I think is a mirror of that faced by artists: viz commissions, grants and the open market. The importance of federal funding of the arts is clear, but (in these narrow contexts) FOSS is not art as it does not contribute to 'a richer cultural life'. It contributes to a richer software-based economy.

Perhaps a tax on business to fund a department of FOSS that would disburse grants independently. We could call it an OpenLevy :)


Alex Henzell | Fri, 15 Aug 2014 23:41:31 UTC

Tax redirection:

Howabout the option for companies to pay, say, 10% of their tax to FOSS projects of their choice rather than the government.


Pierre | Fri, 15 Aug 2014 22:29:18 UTC

I think it's more accurate to say that you don't get what you don't pay for.

(Did the buyers of Enron, Bre-X or Worldcom stock "get what they paid for"?)


Joel A. Seely | Fri, 15 Aug 2014 20:49:09 UTC

The better analogy I've heard about Open Source Software is that it is "Free" as in "Puppy". Sure the little scamp is cute in the box at the grocery store, but don't forget you're going to need to train it, feed it, groom it, and take it to the vets. All of that takes time and money. It's the same for free software.


Lodewijk | Fri, 15 Aug 2014 20:47:49 UTC

Don't you think the strict maintainer structure is the cause of much grief?

Aside from practical and simple it's really anti-control-your-own-software. Shouldn't we fund features and forks more directly?

And why should you give the software to these large companies for free? Do you realize that the PHB is just an honest manifestation of capitalism in this case? In Dilbert the guy usually makes bad choices, but if he says "No." to giving money away for no profit that seems about right to me. It's the right individual choice in a game theory problem.

I see you think, but it would be much better if they /did/ fund it. And I agree. But gametheory doesn't work that way, and neither does reality. So, what can we do to keep software open but still require some sort of funding?


Stanny | Fri, 15 Aug 2014 20:37:04 UTC

I have never seen the amount of money spent have any effect whatsoever on software quality. Quality software is written by quality programmers, and it's a rare thing -- regardless of how much money you wave around.


Logan | Sat, 21 Jun 2014 14:21:18 UTC

Your TV? It has a Linux or {Net|Free}BSD computer inside it. So does the copier-printer/multifunction machine at the office, as do the entertainment consoles in your car and in your kids' bedrooms. <- Quite a few printers also has OpenBSD inside:

https://www.google.mu/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0CDIQFjAE&url=http%3A%2F%2Fsupport.ricoh.com%2Fbb_v1oi%2Fpub_e%2Foi%2F0001027%2F0001027949%2FVB2227858%2FB2227858.pdf&ei=GoalU9aiC8iC4gSpv4CQCQ&usg=AFQjCNFNHKTv6O7ZOS5UY4VFi4BBW9pC3Q&bvm=bv.69411363,d.bGE

That said, awesome article :-)


Displaying 10 most recent comments. Read the full list here
Leave this field empty

Post a Comment:







© 2018 ACM, Inc. All Rights Reserved.