[Asterisk-Users] Re: Advice on OS Choice

Josh Horton jhorton at greenberry.net
Fri Oct 15 14:49:24 MST 2004


SPAM

>> On Friday 15 October 2004 16:22, Michael Giagnocavo wrote:
>> > >problem lies in the policy for upgrading or installing software on
>> > >life-critical machines not being followed.
>>
>> > I agree with that. But, what's going to be held up in court? As a
>> lawyer
>> > for a medical equipment corp, which route are you going to take to be
>> safe?
>>
>> As a medical equipment corp system designer (I do this for a living,
>> although
>> not for medical) I'd make damn sure the software couldn't be updated
>> without
>> the correct access codes being in place, including hardware interlocks
>> with
>> physical keys.  It's not hard to make firmware loaders require this kind
>> of
>> stuff.
>
> That was never really the concern, that kind of stuff is pretty trivial.
>
> The concern was always more along the line of "what happens when they take
> out the hard drive and putz with the image" - something you have
> relatively
> little control over, because most shops expect to be able to do
> maintenance
> on their equipment.  You can do various integrity checks that'll be mostly
> sufficient (think: message digests of executables, into a fingerprint
> file,
> itself signed with a key, but you still have to play some games to make it
> difficult to corrupt the system)..
>
> Providing source makes it hellishly easier to disable or corrupt that
> integrity verification system.
>
> I'll also say this:  while I'm no fan of security through obscurity, there
> are certain extra risks to having code open to public scrutiny, especially
> for networked appliances.  Sure, the code's carefully written, and
> audited,
> but that doesn't save you 100% of the time...
>
>> > Imagine a toaster that ships with a booklet that shows the schematics
>> and
>> > shows people how to "rebuild" the toaster. Then some person (either a
>> > 9-yr-old or an experienced electrician) uses the instructions, and
>> fries
>> > themselves. Or the next person who uses the toaster starts a fire.
>> When it
>> > gets to court, you can bet that the lawyers are going to try to blame
>> the
>> > company for "making it easier to modify the toaster". Even though it's
>> > utterly silly, that's how the US legal system works. No one is
>> responsible
>> > for their own mistakes.
>>
>> This used to be the way it was.  The Amiga computers all came with full
>> schematics.  Radios and televisions had easily obtainable service
>> manuals.
>> Radio Shack actually had a decent parts inventory.  Hell IIRC certain
>> versions of DOS (CP/M?) had full source listings!
>
> Most UNIX variants still do.
>
>> *sigh* good old days...
>
> :-)
>
> ... JG
> --
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and]
> then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail
> spam(CNN)
> With 24 million small businesses in the US alone, that's way too many
> apples.
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>





More information about the asterisk-users mailing list