[governance] Maybe something good might come out of all of this

Norbert Bollow nb at bollow.ch
Tue Jul 23 05:28:38 EDT 2013


Upgrading the firmware to a known open source version will help resolve
the trust issue only if independent third parties are able to verify
that the firmware upgrade process truly gets rid of all previously
installed firmware. If hardware is distributed with pre-installed
firmware-based backdoors, presumably hardware measures might have been
taken to protect that backdoor firmware against being deactivated by
the standard firmware upgrade process.

Greetings,
Norbert


Ian Peter <ian.peter at ianpeter.com> wrote:

> A firmware upgrade?
> 
> 
> Norbert Bollow <nb at bollow.ch> wrote:
> 
> >Hmm.. when the concern is about the possibility of backdoors in the
> >chips themselves, I wonder whether it is possible to reliably
> >compare a chip with what it should be like according to its source
> >code.
> >
> >What kind of equipment is needed for doing that? An electron
> >microscope?
> >
> >Greetings,
> >Norbert
> >
> >
> >Am Tue, 23 Jul 2013 10:05:28 +0530
> >schrieb "michael gurstein" <gurstein at gmail.com>:
> >
> >> Thanks for this Ian… It seems to me to be an interesting and
> >> reasonable approach and even something that CS could look to
> >> include in it's PRISM/surveillance policy response framework…
> >> 
> >>  
> >> 
> >> I'm wondering what the downsides might be?
> >> 
> >>  
> >> 
> >> M
> >> 
> >>  
> >> 
> >> From: governance-request at lists.igcaucus.org
> >> [mailto:governance-request at lists.igcaucus.org] On Behalf Of Ian
> >> Peter Sent: Tuesday, July 23, 2013 2:20 AM To:
> >> governance at lists.igcaucus.org Subject: [governance] Maybe
> >> something good might come out of all of this
> >> 
> >>  
> >> 
> >> Interesting article on open source futures in response to PRISM et
> >> al
> >> 
> >>  
> >> 
> >>  
> >> 
> >> If we're at a point where no piece of commercial hardware or
> >> software can be trusted, then the only reasonable option is to
> >> rely on large communities of like-minded people to develop,
> >> extend, and inspect freely available code on a continuous basis.
> >> Essentially, we may need to open source everything.” 
> >> 
> >>  
> >> 
> >>  <http://www.infoworld.com/d/data-center/the-coming-push-open-source-everything-223011?source=IFWNLE_nlt_daily_pm_2013-07-22>
> >> http://www.infoworld.com/d/data-center/the-coming-push-open-source-everything-223011?source=IFWNLE_nlt_daily_pm_2013-07-22


-- 
Recommendations for effective and constructive participation in IGC:
1. Respond to the content of assertions and arguments, not to the person
2. Be conservative in what you send, be liberal in what you accept


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list