[Asterisk-Users] Re: www.openpbx.org

Mike M no-linux-support at earthlink.net
Sun Oct 9 19:40:38 MST 2005


On Sun, Oct 09, 2005 at 01:51:41PM -0400, Paul wrote:
> Mike M wrote:
> >
> Mike, the context was regarding security by obscurity. It has nothing to 
> do with stealing a product to sell to others. The only reverse 
> engineering I ever did had nothing at all to do with bootlegging or 
> counterfeiting software. The closest I ever came to that was reversal 
> for the purpose of proving it contained stolen goods. By the way, I am 
> not a mundane scribe or a relic by any means. Closest I ever came to 
> being a scribe is putting a signature of mine in pcb copper and some 
> silicon. I also left my signature in the leftover gates of some array 
> logic. Calling me a scribe or relic is a rather hefty insult, don't you 
> think?

The context of reversing was difficult to discern from repeated
readings. The message seemed to be to not bother closing software because it
can be reversed easily and the source can be better than the original.

I supposed you were describing hypothetical abstract possibilites and not actual 
occurences. My responses were similarly abstract.  I admit there can be 
legally justifiable reasons for reversing, or that it could be a form of
archaelogy, but the original statement did not suggest these cases.

Now that your context, meaning, and intent are clearly defined,
it's evident you should not take umbrage with the description of
reversers as scribes and relics as those terms do not apply to you.

Besides, illegitimate reversers can't complain about being insulted because they run
the risk of being exposed. And then their contacts can be investigated
for possible license violations.

Reversing to exploit security weakness is most likely very effective. I
agree with you that securing by keeping software closed is folly.
Opening the software does not make it secure either.

I return to my original point: Keeping software closed is done only when 
you can't figure out how to have it open.  The point that launched this 
sub-discussion was that Asterisk has a dual license and OpenPBX does not.  
The underlying assumption is that the commercial license for Asterisk is 
for a closed source super-implementation of the project. Could this be a 
competitive advantage? As you point out, there are certainly no security
advantages.  There could be some commercial advantages that currently
exist for Asterisk that might be altered with the presence of OpenPBX.

-- 
Mike



More information about the asterisk-users mailing list