On Fri, Aug 1, 2014 at 12:02 PM, Doug Barton <dougb@xxxxxxxxxxxxx> wrote:
On 08/01/2014 01:21 AM, Alessandro Vesely wrote:Some of us call that, "The BSD License." :)
I wonder whether it is at all possible to stand somewhere in
between liberty and industrial support, rather than taking a firm stand
on either side.
Or "The MIT License" says this person who had something to do with its drafting... ;-)
The NSA TAO catalog of exploits from the NSA have pushed me much closer to Stallman (I remain skeptical that you can enforce open code by license successfully).
Any binary blob in a software system is a problem, from the view of security, from the view of latent bugs (which can be catastrophic at times), and, most subtlety, make long term support of systems very, very difficult or impossible, often encouraging insecure systems to remain deployed *long* after their sell by (or rotten by) date, lacking updates.
See my talk "(In)Security in Home Embedded Devices"
You could strike the word "home" from that talk and it would very likely apply to most of what is out there today.
Unfortunately, home routers (and related devices such as modems) arrive woefully out of date and rot in your house thereafter. This is also true for most of the other devices you buy for your home network (with a few exceptions: I've seen pretty regular updates for my Nest thermostats, for example, but wonder for how many years I'll see them). As to why, see my talk.
Also read Bruce Schneier's and Dan Geer's articles linked to from that abstract; both articles I instigated by presenting them with the material that
talk covers. Had Dan's article been available at the time I submitted the abstract, I would have also highlighted it.
"Friends don't let friends run factory firmware"....
- Jim