[Asterisk-Users] Re: Advice on OS Choice

[Andrew Kohlsmith]

On Friday 15 October 2004 17:43, Joe Greco wrote:
> That was never really the concern, that kind of stuff is pretty trivial.

It must be nice to keep adjusting the scenario to make your "having source is 
bad" line work.  

I know what you're trying to do (we're both playing Devil's Advocate).

> The concern was always more along the line of "what happens when they take
> out the hard drive and putz with the image" - something you have relatively
> little control over, because most shops expect to be able to do maintenance
> on their equipment.  You can do various integrity checks that'll be mostly
> sufficient (think: message digests of executables, into a fingerprint file,
> itself signed with a key, but you still have to play some games to make it
> difficult to corrupt the system)..

If it's life critical machinery it *should* be difficult to alter the images.  
Routine maintenance should not include ways to alter these critical aspects 
of the system.

Seriously though -- what's stopping them from screwing up pump direction, 
radiation strength, lens alignment or anything else they could do by 
accident?  The software.  What's stopping the firmware bootloader from 
verifying the system image before booting it?  Hell even our VFDs do that!

> Providing source makes it hellishly easier to disable or corrupt that
> integrity verification system.

Not in a properly designed system, as I am stating.  That's like saying 
sharing the algorithm for an encryption standard makes it easier to hack the 
encryption.  If that's the case then the algorithm is *bad*.  Same with the 
system in question.

> I'll also say this:  while I'm no fan of security through obscurity, there
> are certain extra risks to having code open to public scrutiny, especially
> for networked appliances.  Sure, the code's carefully written, and audited,
> but that doesn't save you 100% of the time...

Agreed.  I don't think you're some hidden source zealot; honestly I 
don't.  :-)

-A.