Mike M wrote:
On Sun, Oct 09, 2005 at 01:51:41PM -0400, Paul wrote:
Mike M wrote:
Mike, the context was regarding security by obscurity. It has nothing to
do with stealing a product to sell to others. The only reverse
engineering I ever did had nothing at all to do with bootlegging or
counterfeiting software. The closest I ever came to that was reversal
for the purpose of proving it contained stolen goods. By the way, I am
not a mundane scribe or a relic by any means. Closest I ever came to
being a scribe is putting a signature of mine in pcb copper and some
silicon. I also left my signature in the leftover gates of some array
logic. Calling me a scribe or relic is a rather hefty insult, don't you
think?
The context of reversing was difficult to discern from repeated
readings. The message seemed to be to not bother closing software because it
can be reversed easily and the source can be better than the original.
I supposed you were describing hypothetical abstract possibilites and not actual
occurences. My responses were similarly abstract. I admit there can be
legally justifiable reasons for reversing, or that it could be a form of
archaelogy, but the original statement did not suggest these cases.
Now that your context, meaning, and intent are clearly defined,
it's evident you should not take umbrage with the description of
reversers as scribes and relics as those terms do not apply to you.
Besides, illegitimate reversers can't complain about being insulted because
they run
the risk of being exposed. And then their contacts can be investigated
for possible license violations.
Reversing to exploit security weakness is most likely very effective. I
agree with you that securing by keeping software closed is folly.
Opening the software does not make it secure either.
I return to my original point: Keeping software closed is done only when
you can't figure out how to have it open. The point that launched this
sub-discussion was that Asterisk has a dual license and OpenPBX does not.
The underlying assumption is that the commercial license for Asterisk is
for a closed source super-implementation of the project. Could this be a
competitive advantage? As you point out, there are certainly no security
advantages. There could be some commercial advantages that currently
exist for Asterisk that might be altered with the presence of OpenPBX.
The sometimes valid reason for closed source commercial versions is that
you can't provide affordable support for a moving target. It's not
entirely valid in the case of asterisk. Count the config files and the
number of things in those config files a customer can modify. So even if
we know he has the exact same binary as our reference version there can
be how many different configurations out there to support? Answer is
some big number that just gets bigger as more copies are sold.
I haven't looked at the ABE license. I wonder if it allows reversing. I
can see where reversing is needed. Somebody wants to move from ABE to
locally compiled asterisk. They hire me to build an asterisk from the
gpl that behaves the same as the ABE they have been using. First thing I
would have to do is examine the ABE license and see if it is permissable
to do that the fastest way I know because the fastest way I know would
use some reversal techniques to match the binaries with the right
compile options and patch sets.
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users