lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Sep 2006 16:04:11 -0700 (PDT)
From:	Linus Torvalds <torvalds@...l.org>
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
cc:	Krzysztof Halasa <khc@...waw.pl>,
	Nicolas Mailhot <nicolas.mailhot@...oste.net>,
	linux-kernel@...r.kernel.org,
	James Bottomley <James.Bottomley@...elEye.com>
Subject: Re: GPLv3 Position Statement



On Thu, 28 Sep 2006, Alan Cox wrote:
> 
> Actually some of the smarter ones wired it to the SMM indications in the
> chipset so that only BIOS controlled SMM management code can do the
> update and that does checksumming or basic very crude crypto type
> checks.
> 
> Fortunately the thought of a slammer equivalent that erases the firmware
> isn't something most vendors want to risk their stock price and business
> on.

Amen to that. 

I'm pretty convinced that some companies sometimes go to unreasonable 
lengths in their fear of liability suits (but in their defense, it's not 
like the US legal environment isn't encouraging it), but I think a lot of 
people end up doing things like that our of very basic prudence.

Not because they are "evil" or even mean anything bad at all, but simply 
because they have their own reasons to believe strongly that people must 
not upgrade their hardware.

Most technology people may _want_ to upgrade their hardware, but when you 
look at all the spyware "upgrades" people get on their windows boxes, you 
can certainly understand why there are reasons for things like strong 
crypto upgrades with secret keys even quite apart from anything like the 
RIAA.

		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ