SPAM >> On Friday 15 October 2004 16:22, Michael Giagnocavo wrote: >> > >problem lies in the policy for upgrading or installing software on >> > >life-critical machines not being followed. >> >> > I agree with that. But, what's going to be held up in court? As a >> lawyer >> > for a medical equipment corp, which route are you going to take to be >> safe? >> >> As a medical equipment corp system designer (I do this for a living, >> although >> not for medical) I'd make damn sure the software couldn't be updated >> without >> the correct access codes being in place, including hardware interlocks >> with >> physical keys. It's not hard to make firmware loaders require this kind >> of >> stuff. > > That was never really the concern, that kind of stuff is pretty trivial. > > The concern was always more along the line of "what happens when they take > out the hard drive and putz with the image" - something you have > relatively > little control over, because most shops expect to be able to do > maintenance > on their equipment. You can do various integrity checks that'll be mostly > sufficient (think: message digests of executables, into a fingerprint > file, > itself signed with a key, but you still have to play some games to make it > difficult to corrupt the system).. > > Providing source makes it hellishly easier to disable or corrupt that > integrity verification system. > > I'll also say this: while I'm no fan of security through obscurity, there > are certain extra risks to having code open to public scrutiny, especially > for networked appliances. Sure, the code's carefully written, and > audited, > but that doesn't save you 100% of the time... > >> > Imagine a toaster that ships with a booklet that shows the schematics >> and >> > shows people how to "rebuild" the toaster. Then some person (either a >> > 9-yr-old or an experienced electrician) uses the instructions, and >> fries >> > themselves. Or the next person who uses the toaster starts a fire. >> When it >> > gets to court, you can bet that the lawyers are going to try to blame >> the >> > company for "making it easier to modify the toaster". Even though it's >> > utterly silly, that's how the US legal system works. No one is >> responsible >> > for their own mistakes. >> >> This used to be the way it was. The Amiga computers all came with full >> schematics. Radios and televisions had easily obtainable service >> manuals. >> Radio Shack actually had a decent parts inventory. Hell IIRC certain >> versions of DOS (CP/M?) had full source listings! > > Most UNIX variants still do. > >> *sigh* good old days... > > :-) > > ... JG > -- > Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net > "We call it the 'one bite at the apple' rule. Give me one chance [and] > then I > won't contact you again." - Direct Marketing Ass'n position on e-mail > spam(CNN) > With 24 million small businesses in the US alone, that's way too many > apples. > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users