I think Stephen and Jp have adequately responded to Forum_Account's concerns. Not only can such attacks be conducted now (hell, you could clone the pager interface with BYOND itself) but open-sourcing doesn't make the attacks considerably easier. Jeff and Stephen also both noted that forking a project isn't trivial and while using a Replace Text function from "Dragonball" to "Naruto" across all code files might work in within the DM language, that's not exactly how things work in a real project.

Iain's concern is a real one (though again, with a bit of effort it's not something that couldn't be circumvented now). The hub throws a wrench in the idea of opening the software- would they open the site as well? Probably not. Instead, we might follow what Google does with the Chromium project- "OpenBYOND" could be worked with the not require the hub whereas the "real BYOND" would be a bit of a more proprietary version with hub integration. I think this is a valid point of discussion, one that hasn't really been brought up because we rarely get past Tom or Lummox saying "ugh. our code ugly. no open source."


SAx: Sorry, I should have made it more apparent, the combination of point 6 and the title of the post was supposed to imply that I will personally send Tom one thousand dollars if he releases BYOND under either of those OSI approved licenses.

I doubt it's easier to make a convincing replica of the pager using existing BYOND source than it would be to create one from scratch. If the code is as bad as they say, nevermind effort in setting up a developer environment, then most people would be better off recreating it from scratch in DM or some other language.

Either way, Stephen's point stands. If you're using your "real" BYOND credentials on software you did not download from the real BYOND, then it's completely your fault anyway.

Forum_account wrote:

I think Stephen and Jp have adequately responded to Forum_Account's concerns. Not only can such attacks be conducted now (hell, you could clone the pager interface with BYOND itself) but open-sourcing doesn't make the attacks considerably easier.

Having the source code to the program makes it a lot easier to produce a convincing replica of the pager (or of the entire software suite). If Jp's response was directed at me it needs more explanation, I don't understand what he means.

There are many valid concerns about making the project open source. I'm sure it would take a non-trivial amount of work on Tom's part to set it up, all for the chance that a whiz developer might come along and make great contributions. It's nice that you're optimistic but I don't think you have a realistic view of how non-trivial it would be to open source the project.

What I meant was that someone sufficiently motivated to steal login credentials can already carry out the attack you describe (by modifying the assembly generated by the BYOND executable - this is not as hard as you might think). Open-sourcing it makes the attack slightly easier, but I still think it doesn't bring it in range of enough people that it's a problem.

Furthermore, the attack can be prevented by having the hub authenticate clients. I don't think there's a 100% effective cryptographically-secure approach here, but you can bring the difficulty back up to futzing-with-the-assembly levels.

I think security concerns are basically meaningless here.

Jp wrote:

Furthermore, the attack can be prevented by having the hub authenticate clients. I don't think there's a 100% effective cryptographically-secure approach here, but you can bring the difficulty back up to futzing-with-the-assembly levels.

Something like a signed certificate system might work- keep in mind, everyone, open-source doesn't necessarily mean open-configuration. For example, reddit.com is open-source but that doesn't mean they distribute their configurations for authentication or database access. In addition to a signing system, Diffie-Hellman key exchange might be appropriate for actual secure data transmission, though I'm admittedly not a huge security guy. But now we're getting off-topic.

I agree that security concerns are moot.

you can't say that security concerns are already moot.

But I can, and I did, as we've already discussed. Opening the source leads to no more security concerns than those that already exist. If it does, it's only a matter of time until someone finds those security issues, anyway. Who knows what Slurm and Hobnob found when making their decompilers. Be glad someone a little more evil didn't decide to dig into the depths of BYOND.

The problem is not that security problems cannot be fixed, the problem is that fixing them takes time.

As we've said repeatedly, the security concerns are already there, right now. The developers are not fixing existing security concerns. The developers don't have time for much at all, it seems. Open the source and let the community use their own time.

Making BYOND open source would not be trivial like you suggest.

Step 1) Make Google Code page
Step 2) Commit Code
Step 3) ???
Step 4) Profit

Worst case, they gain nothing. No one ever submits any decent patch. Tom and Lummox lost about five minutes by creating the page and uploading the code.

Reasonable case, once in a while something contributes something worthwhile. Tom and Lummox take a half hour to review the documented patch. Something got done in less time than it would have taken them to do.

Best case, the knowledgeable members of the community frequently fix bugs and add features that Tom and Lummox have put "On the list". Patches not on the list may be approved as Tom and Lummox have time to review them. New developers join the project- "Wow, an open source 2d game development framework, awesome!" Development booms, Tom and Lummox are so busy reviewing new features and bug fixes, they don't have time to develop- no big deal, it's no longer necessary.

What you need to explain is not how security issues can be fixed, you need to explain how its worth the time.

I don't need to justify time that's not theirs (see above). The developers aren't going to fix the security problems whether the code is open our not. They're busy with other things, not authenticating hub clients or locking down passport functionality.

They need to explain why it isn't worth the time to release the code. I've already said why it is.