There is no reason to believe that open source software would be any less secure than proprietary software: http://oss-watch.ac.uk/resources/securityintro#is-open-source-less-secure-than-closed-source
If you are self-hosting, you may want to pay someone with expertise on setting it up correctly and securely in any case, but just becuase you can't see the code doesn't mean its more secure!
I would go so far as to suggest that given the right resources/expertise it is possible to be more confident in the security of free/libre software than proprietary software.
However security rarely means what people think it means.
I totally agree, something paid doesn't necessarily mean it is more secure.
As a FOSS advocate (see my profile) I thought of replying to the FUD you are spreading. Then noticed that you joined moodle.org just to write this post, spent full 2 minutes in this huge and busy site, then left. So decided not to waste my time.
Now developers have replied, this discussion got my attention again. Then found that you have written extensively on the topic of video conferencing, long before the present crisis. (You are welcome to link them in your profile, if you wish.) Below are the reasons why I think your post is just FUD.
1. Sloppy language
"security is a major concern". What do you mean by 'security'? It is a generic word used in countless contexts and unfortunately also a mean one. It is the single most common word used term by IT professionals to leverage the helpless end user.
2. Vast generalizations
" for business meetings, I recommend". May be you know only one business. Anybody who has lived in a capitalistic society knows that there are businesses and businesses.
3. A specific solution to an unspecified question
"I recommend use of paid and secured quality tools like on premise R-HUB HD video" What is the problem your solution just solved?
For full transparency, you should have mentioned your relationship with R-HUB (never heard before), or explicitly said No, if there is none.
Given that Microsoft has pledged to turn away from the Dark Side, that the new Edge is a knock-off of Chrome, that a basic version, at least, of Windows 11 is likely to be Open Source, I would suggest that a lot of the peripheral programs will also become Open Source. That more money is now likely to go into BBB and Zoom and others, possibly from crowd-funding, perhaps from donation, or government awards or other sources, I suspect it won't be long before such nebulous issues as "security" will become a thing of the past. Imagine what would happen if the European Community governments decided to toss a million Euros each to BBB, cheap funding for them and major benefit for everyone. That would be a game changer.
One benefit would be that we wouldn't have to put up with company employees, likely a sales rep for the company, spruiking things like R-HUB HD Video. Likely they won't exist because their business model can't transcend into the new paradigm of Open Source based technologies. And btw, I was recently involved in a video conference via Zoom, with over 200 participants. That would be a problem for R-HUB, they can only manage 100... it seems from the advertising on their site, anyway. To me, that seems a little.... mmmm... inadequate. Expensive "inadequate" at that, too.
On the other hand, the GUI from both Crapple and the Dark Side heavily influenced the development of the various Linux GUIs. When Linux was seen as a real geeky thing, it was losing to Windoze, so Linux devs have simplified many things and while it still has a more powerful CLI than Windoze, it is still catching up in some areas of the GUI, but it is getting closer. My nginx and Ubuntu screens have clear differences, but they also have many common features in the interface. Same with Win7 and Win 10. The nginx is at the heart of the DSM in the NAS I have and the others are all run in VMWare. Depends on what I am doing for whom as to which one I am using. Did try to get an OS-X VM running but couldn't get it to work.... been told it's simple, but I fumbled it..
History is full of such parallels here, the motor car, Ford, GM, BMW, Renault, Toyota, even Tesla all "borrow" good ideas from each other, often by "reverse engineering," whatever that is, apparently, maybe... possibly, so I am led to suspect but couldn't possibly confirm. Late model Zils looked a lot like Cadillacs. But then, all hammers look the same. A flat part at the front that might be round or even octagonal in cross section, some have different bits at the rear, depending on requirements a claw, a prise or a pien. All have a handle to swing the head with, doesn't matter who makes it, it still hurts your thumb when you miss.
That does not correspond to my understanding of events at Apple.
"which was really a direct knock off from Linux? "
OSX used a Unix derived subsystem, Linux is based on cloning the functionality of Unix. One of the most significant components of OSX was the interface. Describing OSX as a knock off from Linux bears no relation to reality.
Or were you being humorous?
- The Complete History of Linux (Abridged)
- 24C3: Inside the Mac OS X Kernel, Debunking Mac OS Myths
"rants are coming too easily these days"! Same here. Trying to be cautious but this is at the core of how I experienced the history as it evolved. In fact I made a course titled History of Linux and Free Software for Moodle a long time ago. But history is notoriously boring. And in the case of Unix it is so complicated that I saw somebody selling a wall-size chart. Run a web search on "evolution history Unix chart" to see it in bits and pieces. The Linux-branch from the beginning in 1991 to early 2007 is attached below. (source https://www.cyberciti.biz/). The GNU/Linux subset is well presented in this film Revolution OS https://www.youtube.com/watch?foo=bar&v=vjMZssWMweA. They are lighter to watch than coming straight from the brains who made them. If you are not allergic to such characters, here is youthful Linus Torvalds telling his story, The Origin of Linux https://www.youtube.com/watch?foo=bar&v=WVTWCPoUt8w
Both Jobs and Scully were salesmen but Scully was more of a businessman. Jobs genius was recognising what he saw at Xerox Parc, his flaw was not respecting the Apple II was essential to keeping Apple afloat.
Jobs was not a nice person, people who liked him called him a 'Terrorist', but successful people are frequently not nice. He was so arrogant that it made a major contribution to his early death.
Jobs used to say that he wanted to make a dent in the universe.
I believe people like us, supporters of the Moodle project are also making a dent in the universe.
Myth: macOS is based on Linux or BSD
― Steve Jobs
That's how his legacy should be? Tells a lot about the person.
As for OSX, I understood the X was a bit of a joke on Job's part, as OSX was supposed to be the last word in Linux, but I can't find the reference for where that came from so it might have been an original bit of "fake news".
Seriously off topic now..;)
Seriously OT ... this just in ... fake news? Don't think so. But ... something of which to be aware ...
Microsoft will not support PHP 8.0 for Windows in 'any capacity'
Yours, in the 'spirit of sharing',
Yes, yes, saw the dust patch on /. https://developers.slashdot.org/story/20/07/12/1756237/microsoft-announces-it-wont-be-the-ones-building-php-80-for-windows. So much about the "mutual influence has always been a real benefit to everyone". Give me a single reason, a single case, of a body swimming in oozes of money lifted a hard working guy who lives by selling his time/toil due to humanitarian reasons.
Well, in this case, if that guy has chosen Windows as his server, then he earned it.
Just in case anyone read this out of context quote and didn't bother to read the article attached, this is not an announcement that PHP 8.0 will not work in Windows.
This is an announcement that Microsoft will no longer be building and distributing the PHP library themselves from PHP 8.0 onwards.
I'm pretty amazed to learn that it was Microsoft that is building the Windows version of PHP at the moment.
If there is a need for PHP to continue being available under Windows, then someone else will certainly step in to provide it. The article does seem to suggest that the Linux elements that Microsoft are bringing in to Windows (WSL) may make a Windows native version of PHP irrelevant anyway.
This important points from a Moodle point of view are: a) Moodle is a long way off requiring PHP 8.0+, b) if you are running Moodle on a Windows server (which is not, as I understand it, the best way to do it, but it is possible) then by the time Moodle does require PHP 8.0+ there will almost certainly be a supported way of running that version of PHP under Windows (either natively or via WSL).
As for the rest of the discussion about the history of Linux + debates about free/open software, maybe this is something to continue over in the "Lounge" forum instead? https://moodle.org/mod/forum/view.php?id=6801
I second the suggestion to continue, or even better, split the thread at https://moodle.org/mod/forum/discuss.php?d=405261#p1640017 and moving it to the Lounge. Proposed new subject line: For business open source software is not recommended?
We can understand why this may be, Visvanath. It's not just marketing and glossy brochures that have sucked people in, it is also the promise of a "no worries" agreement. Management, administrators et al, don't have to concern themselves with the actual supporting of programs, they buy it, they run it, they don't have to do anything else to it. That's all "taken care of" by the vendor. This comes back to Mark's point right at the beginning.
Look at Office 365, Adobe CC, Instructure and others. Because of SAAS arrangements, organisations have less to worry about, everything else is taken care of by suppliers. Microsoft Adobe, Instructure can provide services, protect copyright, make oodles of cash. With Open Source, users have to set up servers, maintain databases, maintain security and worst of all, really employ people to do these things. That is, they have to spend money when it is cheaper to get someone else to do that. Suppliers can apply economies of scale that most organisations cant.
It may be that MoodleCloud is becoming a real SAAS - it has to for Moodle to survive. So maybe mutual influence is benefiting everyone here.
You mean, "For business, Open Source software is not recommended", SAAS is the way to go?
Well, not for me. I come from a Software Freedom background (and could put it to effective use in my time). I am generally cautious in telling what others should do - unless I am asked for. A hint to avoid future confusion: I am not a vendor, in cases where I "sell", I don't sell one medicine for all ills.
The trouble, I suggest, lies with ethics as a very small segment of most business courses. Solutions to problems are derived and implemented on the basis of "do they work to solve this issue" and are unlikely to be assessed with the concept of ethical or moral standards in mind. These same people become CEOs, and/or go into politics or become born-agains, taking those same standards with them. Look at Robert McNamara, Donald Trump and that paragon of virtue and ethical journalism, Rupert Murdoch.
Are you disheartened? We two are long enough on this planet to recognize that today's king is tomorrow's beggar.
Well, that may not be a consolation - in a specific case. The weapon against "an ultra powerful monolith be stopped from overwhelming, steamrolling, anything in its way" is the sovereign state, democracy in the free world. And that is _we_. Read https://news.slashdot.org/story/20/09/27/2338219/report-us-anti-trust-regulators-will-accuse-google-of-crushing-competition-to-maintain-monopoly two days later.
When you say, "We tend to go with the "easiest" solution, I suspect mainly because most of us are not that interested in what's under the hood,", who are "we" or "most of us"? You and me? Definitely not me.
Talking of rising monopolies, there have been empires - all of them fallen. Technology is the new battle ground, ruthless tech companies have built up their empires and initially there was only infight in a power vacuum. They overplayed, the BIG four definitely. Now the state is waking up slowly. They are continuously in the news, see https://arstechnica.com/tech-policy/2020/09/facebook-warns-data-protection-rules-could-force-european-shutdown/ for an example. The catch is, the state is you and me. If you give up, there'll only be me.
The local Murdoch agents, to whom we laughingly refer to as our Government, have introduced laws that require the social media companies and such to pay royalties to media organizations here for displaying Australian news. How they expect to enforce it, especially Facebook, Twitter, SnapChat, etc, let alone Google, I have no idea. But I suspect that the response will be to shutdown any and all Australian connections, eventually. Their argument will be that it is the only way they can comply with an unfair and unjust law. Anything is likely to happen.
I wouldn't count on it. The TikTok case shows a worrying trend.
TikTok shows short videos, many of young people imitating dance moves, but also social commentary and satire. It is wildly popular and makes YouTube look archaic and ad infested.
It is owned by ByteDance, a Chinese company which has done all it can to alleviate concerns about Chinese spying. Data is stored outside China and the board contains nonChinese directors. Nevertheless, the US government wants to ban the app completely unless all IP is handed over to make it a fully US controlled company.
Many may think that is fair enough for the treatment of foreign companies in China. However a precedent is being set. The US government is using its power to crush a foreign competitor that challenges US dominance of the internet and only the naive would believe it is to protect users.
The US government has filed charges against Google, accusing the company of abusing its dominance to preserve a monopoly over internet searches and online advertising.
But we did say the same about the Dark Side when it was taken to court over breaking anti-trust rules with Windows, Internet Exploder and MSOffice in the late 1990s. What happened there? Nothing much. There were two obvious solutions, the Boeing or Bell cases decisions. The Boeing decision essentially separated the engine and air frame divisions, the Bell decision broke Ma Bell into lots of baby Bells. Each gave open competition a chance, and the benefits were obvious.
Separating Windows as an OS and everything else as applications would have had a similar impact, I suggest. When it comes to Google and Facebook, etc., though, they've just gotten too big, making too much money. They've become careless, too close to their clientele, too indifferent to their users.
BTW, I heard that there are only two industries that refer to their clients as "Users" so I must wonder which is more destructive.
And then come the corrections unthinkable until yesterday. In the mind of the BIGs one can only survive if all the others are dead. Well, no more. See https://apple.slashdot.org/story/20/10/25/180214/apple-google-and-a-deal-that-controls-the-internet !
If this posting had turned up in General Help I would just have deleted it as unsolicited advertising. Which is pretty much all it deserved...
You claim that open source video conferencing software is insecure. Let's unpack that claim:
Re: free & open source software for business, more than 50% of the world's websites are built on Wordpress, which is typically installed on Linux (96.55%), Apache (44.3%)/Nginx (41.0%), MySQL/PostgreSQL/MariaDB (?), & PHP (78.8%). The % numbers represent total webserver market share for those types of applications.
Re: video/multimedia webservers, they're also mostly built on Linux but with Apache Tomcat, Red5 media server, & whatever WebRTC & additional management software that runs on top of this.
Any web system is only as secure as its weakest link. A security vulnerability in any of the underlying software presents an opportunity to compromise the entire server to some degree.
So, what you're arguing is that the web systems that most of the world uses, including government security agencies & probably including the service that your post is promoting are insecure because they're running on free & open source software.
Are you sure you want to tell us that your R-HUB HD video conferencing servers are insecure? This is terrible news! We should all take to Twitter to tell the world to stay away from R-HUB! (Only joking! You knew before you posted this that we, on the Moodle.org community, would never do something like that.)
I don't think open-source software is unsafe, but personally, I prefer to purchase license tools for :
a) intellectual property reasons
b) they have technical support and regular updates that won't crash your computer.
For example, we asked students to install worktime software to monitor their activities during the exams, and all went well. The open-source tools we've tried before didn't show such good results.
And if the licensed software wasn't really bad at times, there wouldn't be videos like this:
What do you mean by that?
___________________________ /| /| | | ||__|| | Please don't | / O O\__ feed | / \ the trolls | / \ \ | / _ \ \ ---------------------- / |\____\ \ || / | | | |\____/ || / \|_|_|/ | __|| / / \ |____| || / | | /| | --| | | |// |____ --| * _ | |_|_|_| | \-/ *-- _--\ _ \ // | / _ \\ _ // | / * / \_ /- | - | | * ___ c_c_c_C/ \C_c_c_c____________Mr Jack Thomson joined with a 10 min "spam-free" e-mail from ttirv.org for the sole purpose of posting this in 7 min? Don't waste your time!