[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Leverage in licensing discussions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Josselin Mouette wrote:
> Le vendredi 07 novembre 2008 à 00:27 +0100, Michelle Konzack a écrit :
>> The problem is, that even if it is mass production since  some  time,  I
>> can not distribute the firmware as  open  source  since  it  change  the
>> behavour of the hardware which then can distrurb the GSM network.
> 
> This reasoning, as any security-by-obscurity one, is completely flawed.
> As long as the firmware is distributed separately, you can modify it,
> whether it is open source or not. Not having the source never prevented
> people from making modifications.

Even if it is no guarantee for prevention of modifications, it makes
those much more difficult.

> This is precisely a reason why manufacturers should actually distribute
> the sources for such firmware files. Having the source available helps
> fixing bugs and in the end you can make a new, improved firmware that
> can be submitted, if necessary in your country, to the local authorities
> for being allowed for use on production hardware.

It is not a bug that certain _hardware_ has more capabilities than is
reasonable to offer the user to tweak. Even if a physical radio
transmitter (wifi, cell phone, radio,) is technically capable of
transmitting/receiving at many frequencies, it is usually not desirable
to have any average user actually _use_ it at any frequency they wish.

I'm fully in favour of open source and people tweaking the code running
on their computers, but I'd have to stop leaving the house, if people
started to mess with the software controlling the breaks of their cars...

> Le vendredi 07 novembre 2008 à 00:48 +0100, Michelle Konzack a écrit :
>> ???  --  I am willing  to  do  this!  It  is  EUROPEAN  LAW  which  make
>> HARDWARE manufacturer responsable if someone MODIFY Firmware and disturb
>> public e.g. GSM networks...
> 
> Bullshit. You’ll have a hard time finding a court that will conclude
> that the manufacturer is liable instead of the person who has actually
> modified and distributed the firmware. Especially if the manufacturer
> disclaims clearly any responsibility for modifying it in the
> documentation.

You'll have a hard time to prove that it was some modified firmware...
 - that killed the person with the pace maker or

 - that caused the accident by differently controlling the car's
   electronics or

 - that causes the connection problems in your flat (via neighbours
   trying to increase the range of their wireless).

>> Such sensibel stuff must be protected...
> 
> It will NEVER be protected by ideas as stupid as just keeping the source
> closed.

Closed source might not indefinitely protect it. But open source in some
cases might outright jeopardize it.

Don't forget that there is good reason why even our beloved Debian
employs 'security by obscurity' before the DSA is out and patched
packages are available...

Again that's not to say that closed source guarantees security. But maybe
it helps in certain cases.

Just my 2ct,

Johannes

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkUaaAACgkQC1NzPRl9qEUkgwCbBfUWcbzxscPzq/s0JDD49Jpe
vqoAmwRammq95ThAyMfE7m/BbBxt74CG
=8hr/
-----END PGP SIGNATURE-----
Reply to: