Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: "Boyd Stephen Smith Jr." <bss03@××××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] 2 to 3??
Date: Tue, 17 Jul 2007 17:34:49
Message-Id: 200707171227.23899.bss03@volumehost.net
In Reply to: RE: [gentoo-user] 2 to 3?? by burlingk@cv63.navy.mil
1 On Tuesday 17 July 2007, burlingk@×××××××××.mil wrote about 'RE:
2 [gentoo-user] 2 to 3??':
3 > TiVo did not allow modified, and therefore potentially
4 > Compromised, devices connect to their network.
5
6 More than that -- they don't allow the "compromised" devices to boot. Of
7 course, that's *required* to lay down the restrictions they want, since
8 one the device is booted from freely modified code, there's no method of
9 remote attestation to guarantee your aren't just pretending to be
10 a "genuine" device.
11
12 > This does not sound like theft of code, it sounds like sound network
13 > protocol.
14
15 So, sound network protocol validates the data sent, it doesn't require the
16 other end to be arbitrarily "trusted". Remember "trusted" is just DoD
17 speak for "allowed to violate security policy".
18
19 > If you wish to maintain a secure environment that is stable
20 > for thousands of users, and has a lot of money riding on it, you do
21 > not allow compromised devices to connect. It is that simple.
22
23 BS.
24
25 Second life allows any client to connect as long as they follow the
26 protocol. There's a wide variety of WoW hacks that modify the running
27 executable (a binary patch applied at runtime) that, while not allowed
28 under the EULA, work quite well on the real servers and have not increased
29 the number of server crashes or scheduled restarts.
30
31 Securing the network is not done by securing the remote devices. (You
32 don't need to trusted ethernet card to connect to a cisco router, or a
33 cable modem.) It is done by validating the data sent, having a
34 well-defined network protocol, and disconnecting clients that provide bad
35 data.
36
37 > The TiVo thing was completely within the word and spirit of the GPL.
38
39 It was *barely* within the word, and definitely not within the spirit of
40 the GPL. Don't beleive me? Ask anyone at the FSF or RMS himself. They
41 wrote the thing.
42
43 --
44 Boyd Stephen Smith Jr. ,= ,-_-. =.
45 bss03@××××××××××.net ((_/)o o(\_))
46 ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
47 http://iguanasuicide.org/ \_/

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-user] 2 to 3?? Alan McKinnon <alan@××××××××××××××××.za>
Report Message
Find on MARC Find on Google Groups