[Interest] Qt free software policy
roland at logikalsolutions.com
Mon Aug 19 14:29:08 CEST 2019
On 8/19/19 5:00 AM, Thiago Macieira wrote:
>>>> To start with, there is no version of OpenSSL which is secure. Whoever
>>>> is using Qt just because it makes using SSL easy(ier) shouldn't be using
>>>> Qt anyway because they are releasing an insecure app they incorrectly
>>>> feel is secure.
>>> That's very disingenuous.
>> Honestly, it is a_completely_ accurate statement. Hopefully you had
>> time to watch the "60 Minutes" report on "Pegasus" tonight.
> You're going from disingenuous to actively counterproductive.
No, I'm being highly productive. I'm sorry if it is an inconvenient
truth, but SSL is not secure. Too many in here are buying the BS in the
name "Secure Socket Layer" and knee-jerk using it then claiming their
application is "secure." The truth is they haven't even attempted security.
> We know OpenSSL has problems. My point is that all problems are fixed as soon
> as they are known. We can't prove mathematically that there are no problems,
> so the best we can do is fix as soon as possible and upgrade.
It has an architectural flaw which cannot be fixed. Flaws in OpenSource
have a history of going multiple decades before being outed to the
general public (ala the Bash bug which allowed anyone with access to a
Guest account to become root user on the machine.)
> And there's no better option.
There are many better options. None of them are one and done unless you
purchase a security package of some sort, be it a private VPN or a
library which allows your app to create its own private VPN.
For the no-license-no-money you have to roll your own rotating book code
and recipe servers. No two packets in any transmission use the same key.
No consecutive packets use the same encryption. Taking it to the
extreme, none of the data is sent complete or logically grouped. At the
end of each book is the server and creds to obtain the next book. Please
don't confuse "book" with there being a requirement for using an actual
> I never claimed that using OpenSSL will make your software magically secure.
No you haven't and thank you for that. Others, two in particular who
know less than nothing about most things, especially security, have made
such a claim to someone who actually asked the question. Others will
find that thread, read it, and release an insecure system.
> The crypto itself has never been broken.
That would be an incorrect statement.
> Quick note: before reading any patents, consult your lawyer.
Actually, I have the lawyer read the patents. <Grin>
> I somehow think that 25 years of knowledge of the segment and close
> relationship with very big consulting companies like KDAB and ICS would have
> told them if it was enough.
> So I think you're wrong. You're probably underestimating how much money they
> could make off consulting alone.
No. I'm thinking your definition of "very big" needs to be upgraded.
Estimated Annual Revenue
$ < 1M
I consider the one I like to deal with "small"
Estimated Annual Revenue
Having said that, I can say that the "consulting" services provided to
one of my clients before I joined the project (at no small fee)
attempted to use a state machine (because it was brand new) to solve a
problem which was so completely inappropriate for a state machine even a
first year IT student wouldn't have tried to use it. The code, if
printed on Charmin, still wouldn't have served a purpose.
The reason I bring that up is that yes, if that is the level of
"consulting" the "new" owners of Qt are still providing they won't earn
a plug nickle and rightly so.
> PS: Electron, containing Chromium, has FAR MORE licenses inside than Qt.
> Including a copy of FFMPEG, which contains multimedia codecs that may be
Yeah, but the Script Kiddies creating idiot phone apps never bother
reading them. They just hack something out and hurl it up on the Google
App store, firmly believing that Google, the largest copyright infringer
and book pirate in the known universe (google books) won't press the
issue. If they do then it is possible that __finally__ Google execs and
board of directors will go to prison where they should very well be.
PS. The Internet Archive is now attempting to take the copyright
infringement and piracy crown from Google.
Roland Hughes, President
More information about the Interest