On Fri, Aug 1, 2014 at 12:02 PM, Doug Barton <dougb(_at_)dougbarton(_dot_)us>
wrote:
On 08/01/2014 01:21 AM, Alessandro Vesely wrote:
I wonder whether it is at all possible to stand somewhere in
between liberty and industrial support, rather than taking a firm stand
on either side.
Some of us call that, "The BSD License." :)
Or "The MIT License" says this person who had something to do with its
drafting... ;-)
The NSA TAO catalog of exploits from the NSA have pushed me much closer to
Stallman (I remain skeptical that you can enforce open code by license
successfully).
Any binary blob in a software system is a problem, from the view of
security, from the view of latent bugs (which can be catastrophic at
times), and, most subtlety, make long term support of systems very, very
difficult or impossible, often encouraging insecure systems to remain
deployed *long* after their sell by (or rotten by) date, lacking updates.
See my talk "(In)Security in Home Embedded Devices"
http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys
You could strike the word "home" from that talk and it would very likely
apply to most of what is out there today.
Unfortunately, home routers (and related devices such as modems) arrive
woefully out of date and rot in your house thereafter. This is also true
for most of the other devices you buy for your home network (with a few
exceptions: I've seen pretty regular updates for my Nest thermostats, for
example, but wonder for how many years I'll see them). As to why, see my
talk.
Also read Bruce Schneier's and Dan Geer's articles linked to from that
abstract; both articles I instigated by presenting them with the material
that
talk covers. Had Dan's article been available at the time I submitted the
abstract, I would have also highlighted it.
"Friends don't let friends run factory firmware"....
- Jim