LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.

Recent Features

Notes on the Viacom ruling

LWN.net Weekly Edition for July 3, 2008

More DTrace envy

LWN.net Weekly Edition for June 26, 2008

Symbian to be another open mobile platform

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Oh, geez, not this again.

Oh, geez, not this again.

Posted Mar 26, 2008 8:07 UTC (Wed) by drag (subscriber, #31333)
In reply to: Oh, geez, not this again. by sbergman27
Parent article: Protecting the Internet Without Wrecking It (Boston Review) 

> Looks like we might be dealing with a case of differing personal definitions of the word
"crackpot".  Dogmatic, insistent, and stubborn are arguably good qualifications for the status
of crackpot.

What your calling 'crackpot' basically describes most of the forward thinking people,
visionaries, and remarkable thinkers that ever had the good wisdom to question their society's
status quo in the face of wide-spread opposition. In other words your saying that in order to
not be a crackpot a person must be a conformist...

So what if the guy is wrong sometimes? (or a lot of the times)

Then thank god for all the crackpots in the world, because without them there would be almost
zero forward progress for humanity. 



Frankly I am on the side of RMS for this one. Jonathan Zittrain's solution is a incredibly
poor one.

Even on a very base technical terms it's very bad... Any sort of software can be subverted.
Who watches the watchers? If you have a kernel-level root kit on a PC then it's impossible to
trust any sort of monitoring software. So you would have to make extraordinary changes to the
PC platform to make some sort of hardware/software mixture for monitoring your OS... which
itself is still going to be vulnerable; everything has bugs. 

And, how exactly, is having some huge and complex piece of software/hardware that monitors and
analyzes _running_software_  as it's executed (which is the only way it could possibly work,
since otherwise it would be completely blind to any runtime vulnerabilities) could ever
possibly be 'unobtrusive'? 

Also all of this must work completely out of the control of a user, or be tied into a central
authority.. because if it's not then it will easily be abused by malicious users to fool other
people into a false sense of security (in order to create a environment were they are
vulnerable to further attacks) and send faulty or malicious information to them. This sort of
thing is why you can't hand out signed SSL certificates like candy and expect them to be any
use at all.

If this system itself is subverted by a attacker or abused by a authority then it could cause
all sorts of problems and cause a exponentially more damage then any sort of threat it could
combat.

It's the same sort of thing people are trying to do with DRM. And it will have the same
problems and same flaws and I have the same general objections to allowing that sort of thing
on my computer.


(and speaking of visionary-ism people like RMS and Eben Moglen said the true problem for Free
software in the near future is not going to be from DRM, but from the computer security
industry. DRM is easy (essentially a solved problem) in  comparison to the potential problems
caused by surrendering freedoms/privacy/responsibility for the sake of imaginary security.
This sort of thing described by this guy is what they have been talking about for quite some
time now. It's a pervasive attitude.)


Personally I would not want to submit myself to this sort of thing. Thank god for Free
software so I don't have to.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.