, 2004-12-01
Trust with hardware vendors for open source systems is becoming a one-way street, where in exchange for support they offer a closed source binary solution with no provision to audit security.
Expand all |
Post comment
Closed Source Hardware (and software)
2004-12-07
GreyGeek (1 replies)
GreyGeek (1 replies)
> these cards are beginning to distribute the card's firmware as a piece of
> software that the OS uploads into the device as opposed to having the firmware
> permanently placed into the device itself. There's really no difference between
> these cards and previous cards, except for where the firmware lives.
I just want to clarify this statement, as I'm sure others may draw the same
conclusion here.
This is a different issue. The issue that I'm talking about is with respect to
the Atheros cards, in which case the vendor has supplied a closed source HAL
(Hardware Abstraction Layer), which instead of being uploaded to the card, is
actually a chunk of code that runs in the operating system's kernel (something
like an LKM).
Sorry if this was unclear... I may not have provided enough background
information, and I apologize if I was vague; the two issues, although different,
can probably be confused easily.
The firmware-related issues are a different can of worms entirely, and are
getting some press lately with regard to OpenBSD's vendor activism.
Again, I apologize if this is unclear. Drop me a line personally if you have
any questions. Perhaps I'll throw some references up here if this does end up
being a point of confusion.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/281/29338#29338