Jason Miller, 2004-12-01
Trust with hardware vendors for open source systems is becoming a one-way street, where in exchange for support they offer a closed source binary solution with no provision to audit security.
Colapse all |
Post comment
Closed Source Hardware
2004-12-03
JTC (1 replies)
JTC (1 replies)
Closed Source Hardware - Clarifications
2004-12-03
Jason V. Miller (Author) (4 replies)
Jason V. Miller (Author) (4 replies)
> If I understand the wireless card issue correctly (and I may not), vendors of
> these cards are beginning to distribute the card's firmware as a piece of
> software that the OS uploads into the device as opposed to having the firmware
> permanently placed into the device itself. There's really ...
[ more ] [ reply ]
> these cards are beginning to distribute the card's firmware as a piece of
> software that the OS uploads into the device as opposed to having the firmware
> permanently placed into the device itself. There's really ...
[ more ] [ reply ]
Closed Source Hardware - Clarifications
2004-12-04
anonymous elf
anonymous elf
I agree that there are two seperate issues here. Prism cards, I use a Netgear WG511, require a firmware file. Netgear packed it with the installer for windows, and so put it in a .cab file that makes opening it directly with Linux difficult. Add to that the reluctance of the companies to release the...
[ more ] [ reply ]
[ more ] [ reply ]
Closed Source Hardware - Clarifications
2004-12-04
Anonymous (1 replies)
Anonymous (1 replies)
Hello.
I googleed a bit but can't find any concrete
info on closed HALs and "open source"
OSes which use them. I would be very grateful
if you could provide some links.
Thank you....
[ more ] [ reply ]
I googleed a bit but can't find any concrete
info on closed HALs and "open source"
OSes which use them. I would be very grateful
if you could provide some links.
Thank you....
[ more ] [ reply ]
Closed Source Hardware - Clarifications
2004-12-06
Jason V. Miller (Author) (1 replies)
Jason V. Miller (Author) (1 replies)
The following links can provide you with some background information on the Atheros-related issue that I'm talking about here, where operating systems are using an in-kernel closed-source component to allow the operating system to communicate with the hardware.
MADwifi FAQ
http://www.mattfoster....
[ more ] [ reply ]
MADwifi FAQ
http://www.mattfoster....
[ more ] [ reply ]
An Opening and Motive for Spyware in Drivers
2004-12-08
Anonymous (1 replies)
Anonymous (1 replies)
This is a cool idea for getting even more marketing info on all us internet users. Include info gathering code in the driver for the NIC or wireless card, basically put spyware in the driver. Lexmark already put some on their installation CD for one of their printers (maybe more, just not detected...
[ more ] [ reply ]
[ more ] [ reply ]
Closed Source Hardware - Clarifications
2004-12-07
Andreas Mohr (1 replies)
Andreas Mohr (1 replies)
While it doesn't really help security issues of in-kernel proprietary HALs, I'd much rather have a binary vendor HAL from a quite supporting vendor rather than no vendor support AT ALL (as is the case with my ACX1xx wireless cards project, http://acx100.sf.net).
Regarding "the only cards that I'...
[ more ] [ reply ]
Regarding "the only cards that I'...
[ more ] [ reply ]
Closed Source Hardware - Clarifications
2004-12-07
Jason V. Miller (Author)
Jason V. Miller (Author)
First of all, thanks for your work on the Linux drivers. Although they won't benefit me personally, it's only because of people like yourself that drivers such as these even exist.
?While it doesn't really help security issues of in-kernel proprietary HALs, I'd much rather have a binary vendor HA...
[ more ] [ reply ]
?While it doesn't really help security issues of in-kernel proprietary HALs, I'd much rather have a binary vendor HA...
[ more ] [ reply ]
Closed Source Hardware
2004-12-07
Mace Moneta (1 replies)
Mace Moneta (1 replies)
"What's possibly even more disturbing, is that we're talking about a chunk of code in the operating system, running with the highest possible level of privilege (the kernel), which is supplied by a third-party vendor."
The firmware files do not run in the host operating system (BSD, Linux, etc....
[ more ] [ reply ]
The firmware files do not run in the host operating system (BSD, Linux, etc....
[ more ] [ reply ]
Closed Source Hardware
2004-12-07
Jason V. Miller (Author)
Jason V. Miller (Author)
"The firmware files do not run in the host operating system (BSD, Linux, etc.). To those operating systems, the firmware is data, not executable code. That data is transferred to the target device; it executes in the device."
Again, this (firmware) is a different issue. I'm discussing a binary HA...
[ more ] [ reply ]
Again, this (firmware) is a different issue. I'm discussing a binary HA...
[ more ] [ reply ]
Closed Source Hardware (and software)
2004-12-07
GreyGeek (1 replies)
GreyGeek (1 replies)
Excellent article!
I noticed that in the URL you referenced,
http://kerneltrap.org/node/view/4118, a comment was made by Theo de Raadt that "One guy at Intel claims that Mandrake Linux has "signed" this contract. In the past I might have found that fascinating, **but increasingly I am not surpr...
[ more ] [ reply ]
I noticed that in the URL you referenced,
http://kerneltrap.org/node/view/4118, a comment was made by Theo de Raadt that "One guy at Intel claims that Mandrake Linux has "signed" this contract. In the past I might have found that fascinating, **but increasingly I am not surpr...
[ more ] [ reply ]
Closed Source Hardware (and software)
2004-12-07
dph (1 replies)
dph (1 replies)
I would point out that this is something that they are inherently allowed to do. There is nothing that prohibits them or restricting your right to redistribute the compiled binaries. They only must make all the source and their modifications available. Whether the whole system is as useable if you c...
[ more ] [ reply ]
[ more ] [ reply ]
Closed Source Hardware (and software)
2004-12-08
Anonymous
Anonymous
I would point out that this is something that they are inherently allowed to do. There is nothing that prohibits them or restricting your right to redistribute the compiled binaries. They only must make all the source and their modifications available.
Apparently you don't understand what the...
[ more ] [ reply ]
Apparently you don't understand what the...
[ more ] [ reply ]
Closed Source Hardware
2004-12-07
lsi
lsi
It's valid to question the hardware. Open-source improves the featureset and efficiency of the code as well as its security. Closed-source is simply an invitation to the vendors to provide low-quality code.
Let's not forget it was a little matter concerning a closed-source (printer) device driv...
[ more ] [ reply ]
Let's not forget it was a little matter concerning a closed-source (printer) device driv...
[ more ] [ reply ]
Jailing a driver
2004-12-07
Jack Carroll
Jack Carroll
There will probably always be some degree of need to run closed source drivers, which obviously can't be trusted. The potential for damage could be limited if they could be placed in a virtual environment that allows them to see only the memory and I/O space allocated to them, and where the higher ...
[ more ] [ reply ]
[ more ] [ reply ]
If I understand the wireless card issue correctly (and I may not), vendors of these cards are beginning to distribute...
[ more ] [ reply ]