[governance] Maybe something good might come out of all of this
Ian Peter
ian.peter at ianpeter.com
Tue Jul 23 06:06:06 EDT 2013
Yes but the concept would not be retrofitting open source firmware to
proprietary hardware, but actually developing the hardware as a verified
platform for open source. You would know that you started with a verified
backdoor-free hardware platform. I think that's the concept - I don't think
it's perfect, but it does allow a large developer community to examine
platform developments and contribute to them. -and if (as the article
suggests) this would be attractive to large corporate clients, there could
be a market for such a product.
Ian Peter
-----Original Message-----
From: Norbert Bollow
Sent: Tuesday, July 23, 2013 7:28 PM
To: governance at lists.igcaucus.org ; Ian Peter
Subject: Re: [governance] Maybe something good might come out of all of this
Upgrading the firmware to a known open source version will help resolve
the trust issue only if independent third parties are able to verify
that the firmware upgrade process truly gets rid of all previously
installed firmware. If hardware is distributed with pre-installed
firmware-based backdoors, presumably hardware measures might have been
taken to protect that backdoor firmware against being deactivated by
the standard firmware upgrade process.
Greetings,
Norbert
Ian Peter <ian.peter at ianpeter.com> wrote:
> A firmware upgrade?
>
>
> Norbert Bollow <nb at bollow.ch> wrote:
>
> >Hmm.. when the concern is about the possibility of backdoors in the
> >chips themselves, I wonder whether it is possible to reliably
> >compare a chip with what it should be like according to its source
> >code.
> >
> >What kind of equipment is needed for doing that? An electron
> >microscope?
> >
> >Greetings,
> >Norbert
> >
> >
> >Am Tue, 23 Jul 2013 10:05:28 +0530
> >schrieb "michael gurstein" <gurstein at gmail.com>:
> >
> >> Thanks for this Ian… It seems to me to be an interesting and
> >> reasonable approach and even something that CS could look to
> >> include in it's PRISM/surveillance policy response framework…
> >>
> >>
> >>
> >> I'm wondering what the downsides might be?
> >>
> >>
> >>
> >> M
> >>
> >>
> >>
> >> From: governance-request at lists.igcaucus.org
> >> [mailto:governance-request at lists.igcaucus.org] On Behalf Of Ian
> >> Peter Sent: Tuesday, July 23, 2013 2:20 AM To:
> >> governance at lists.igcaucus.org Subject: [governance] Maybe
> >> something good might come out of all of this
> >>
> >>
> >>
> >> Interesting article on open source futures in response to PRISM et
> >> al
> >>
> >>
> >>
> >>
> >>
> >> If we're at a point where no piece of commercial hardware or
> >> software can be trusted, then the only reasonable option is to
> >> rely on large communities of like-minded people to develop,
> >> extend, and inspect freely available code on a continuous basis.
> >> Essentially, we may need to open source everything.”
> >>
> >>
> >>
> >>
> >> <http://www.infoworld.com/d/data-center/the-coming-push-open-source-everything-223011?source=IFWNLE_nlt_daily_pm_2013-07-22>
> >> http://www.infoworld.com/d/data-center/the-coming-push-open-source-everything-223011?source=IFWNLE_nlt_daily_pm_2013-07-22
--
Recommendations for effective and constructive participation in IGC:
1. Respond to the content of assertions and arguments, not to the person
2. Be conservative in what you send, be liberal in what you accept
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list