LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Similar in spirit?

Similar in spirit?

Posted Oct 5, 2006 7:44 UTC (Thu) by ortalo (subscriber, #4654)
Parent article: Similar in spirit?

There is another problem I foresee with locked down embedded systems. Their producers may make false claims about their device (especially in the security area) while simultaneously denying us the ability to make counter claims.
This is not very annoying in the DRM area. We don't really bother if our media player, our TV box or our children play station has some vulnerability that may defeat the device security and that the vendor does not want to disclose for mere marketing reasons.
But there are other areas where we do care about this: who really knows about the (internal) security of smart cards, of mobile phones, of voting machines, of public institutions databases, of embeded devices driving our car's braking system, or our plane network system, even today? Don't you think believing vendors security marketing without them delivering any factual guarantees (not to speak about the original source code) is playing Candide?
And whatabout tomorrow when all these systems will become even more open and more generalized?
The same vendors or institutions that try to hide their own vulnerabilities may be those who will adopt Linux under the cover tomorrow. I am tempted, like the FSF probably, to remind them that this implies more than just swapping their actual (possibly deficient) software platform.

(Log in to post comments)

Similar in spirit?

Posted Oct 5, 2006 15:51 UTC (Thu) by sepreece (subscriber, #19270) [Link]

I'm not sure what your point is. The argument is about requirements that affect whether modified code can be installed in the device by the user, NOT about visibility of the code. I think the GPLv2 and GPLv3 sub-communities agree completely on the requirement that source code for modifications to GPLed code must be available to users.

Check the provided sources

Posted Oct 6, 2006 13:57 UTC (Fri) by man_ls (subscriber, #15091) [Link]

Not having the crypto keys might prevent the owner from knowing what is inside the device, e.g. to verify that the program was actually built from the provided sources. But you are right, it seems a bit far-fetched.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds