Mobile-gadget makers are starting to take advantage of software-defined radio, a new technology allowing a single device to receive signals from multiple sources, including TV stations and cell phone networks. But a new federal rule set to take effect Friday could mean that radios built on ‘open-source elements’ may encounter a more sluggish path to market – or, in the worst case scenario, be shut out altogether. U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving ‘a high burden to demonstrate that it is sufficiently secure’.
Where are the vendors who are rushing to open up their radio firmware?
Unfortuantly, all the internet radio stations are going in the trash thanks to Capital Hill introducing heavy new taxes to online radio stations.
I think software radio will become a far less popular medium to work with very soon.
Internet radio and software-defined radio are totally different things. The GNU Radio project has a good explanation of SDR: http://www.gnu.org/software/gnuradio/
People get what they vote for. Its not like the current crew in Congress ran on a sustain/lower taxes platform.
One party always campaigns for higher taxes and bigger government. Apparently the other party is joining them on the latter promise.
Fine. If the USA wants to ban open source technology, the developers should move all their work outside the USA. I can envision a scenario 10 years from now where the USA becomes a Third World backwater, buried by a debt it can’t pay, using outmoded technology, while companies in Russia, China and India prove to be the real innovators.
As for why this is happening – well, what do you expect from the Bush administration? They no doubt see open source developers as terrorists.
Make sure to archive your comment, so you can refer back to it every couple of years.
In that moment, take some time to reflect on your beliefs and thought processes.
You’re probably not far off. Is there anything the bloody government WON’T regulate? How about keep people from hurting and/or killing each other, stealing each others’ property, protect us from external threats, and otherwise leave us the hell alone?
Ha. You forget America’s military in your overly simplistic equation.
Hmmm,are you talking the same guys that can’t bring “democracy” in Irak. Or the same guys sending black plastic bags home each and every day? I’m afraid putting this into equation will indeed simplify the equation.
http://www.globalsecurity.org/military/world/spending.htm
Edit: What makes you think the war was about bringing democracy to Iraq?
Edited 2007-07-09 16:02
Last time I checked, they don’t control the world
Perhaps, but the US controls 20% of the world’s GDP, and from 50% to 80% of the world’s mobile devices (depending on the source, which depends on their statistics and what they consider a ‘mobile device’). This will have implications.
“… This will have implications.”[i]
How, are they going to start another world war?
[i]Edited 2007-07-07 22:17
How, are they going to start another world war?
Heh, I hope it doesn’t come to that. The War on Drugs failed, the War on Poverty failed, the War on Terrorism failed. A War on Theft will probably fail too, unless we get Awesome A. Awesomeson in as our next president…
That would be awesome.
All joking aside, it boggles the mind to see that the “security through obscurity” argument still manages to convince some people – especially people in position of power, who should know better.
Can’t the NSA talk some sense into these regulators? After all, SELinux is one of the most secure systems around, and it’s all open-source.
All joking aside, it boggles the mind to see that the “security through obscurity” argument still manages to convince some people – especially people in position of power, who should know better.
It also boggles the mind to see that some people still believe that the day when people in power know better is not as far off as ever (if not farther, thanks to the election of punks like Dubya) ;-).
you just grabbed into your bag for those numbers?
Of the world wireless subscribers, only 10% are in US, with 11% in South America, 18% in europe and 34% in asia.
http://www.3gamericas.org
As for GDP, what the hell does that have to do with anything?
At least one part of our lives will be secure still…
I thought “security by obscurity” was a myth that had been thoroughly debunked by now, but never mind.
When these devices are reverse-engineered by open source coders — and it surely is a case of “when” rather than “if” — presumably the FCC will have to revoke their licences anyway. So what’s the point of omitting devices that have open-source firmware/drivers from the beginning?
All sources that are not paid for by the FSF show that closed-source software continues to have fewer bugs and fewer attacks than closed-source software. The idea that “security by obscurity is a myth” is an effective, oft-quoted, but false piece of propaganda. Familiarity does not equal truth.
You make assertions, but do not provide sources to bring this up.
When the majority of non-MS-backed security experts (some of which who don’t like RMS or the FSF very much) agree that “security through obscurity” is a myth, why should we believe you instead?
Internet Explorer is perhaps one of the most-exploited piece of software ever made, and yet it is closed-source. Same goes for IIS (pre-version 6).
Show us some impartial source that presents a good case why “security through obscurity” is better, and then *maybe* we’ll take you seriously.
When these devices are reverse-engineered by open source coders — and it surely is a case of “when” rather than “if” — presumably the FCC will have to revoke their licences anyway. So what’s the point of omitting devices that have open-source firmware/drivers from the beginning?
The FCC doesn’t really care if devices get modified in the field by leet hackers, since there’s no way to stop it. They just want vendors to take reasonable steps to prevent their products from being modified.
But surely it’s only the “leet hackers” who would be modifying the original open source firmware to do something illegal anyway?
I fail to see any difference from a “danger” point of view between firmware that is open from the outset and that which has been reverse-engineered. If you could explain that for me, I’d be grateful.
But surely it’s only the “leet hackers” who would be modifying the original open source firmware to do something illegal anyway?
I don’t know about that; if modifying the firmware was easy (because the source is provided) then you might find regular hobbyists modifying their radios. I get the impression that regular open source communities tend to be a lot bigger than reverse-engineering-based open source communities; consider how many people are hacking WRT54Gs compared to the bcm43xx project.
The other difference is in the vendor’s intentions. If they provide the source, then (in the FCC’s view) they probably intend for people to use it. If a vendor doesn’t provide source code then they can claim in good faith that they haven’t made the device easy to modify.
All code being equal, closed source would be more secure. Security through Obscurity is a real, measurable method of security.
However, depending on who you ask, Open Source code has a much better history of finding and fixing bugs quickly, especially those that pose a security risk.
But the real security in Open Source code is it’s LACK of security through obscurity. With this layer of security removed, the security then depends on secure design, secure defaults, and secure algorithms.
Open Source code forces developers away from lazy security choices, shortcuts, and bad assumptions.
A good example of this is in Redmond, where even the most critical security flaws may be shelved indefinably if the fix is not easy. Until it blows up of course.
http://www.google.com/search?hl=en&q=ani+%22Microsoft+knew%…
ani “Microsoft knew”
Usually, Open Source code benefits from peer reviews in a far larger scale than close source. Assuming this, the code should be more secure by nature*. Many of the cracks you see today are not based on finding errors in the source, but rather using utilities to break code – in binary form.
*This isn’t entirely correct, since we cannot assumes that the quality is better OR worse than internal closed source peer reviews.
The Forum, which represents research institutions and companies such as Motorola, AT&T Labs, Northrup Grumman and Virginia Tech
Wow. I missed the cutoff for attending Virginia Tech by one day.
I guess that makes me lucky.
This is probably the work of ignorant politicians. Either that or lobbying by large commercial software companies.
Talk about redundancy
Note that those aren’t mutually exclusive.
Of course, open source isn’t “safer” for the establishment, that is, the corporate mafia and government, who want complete control over anything. It may be safer for them, but it’s not safer for the radio listener if they want freedom over the content.
I am always confused when I see these sorts of things; why does the US government see themselves as fit to regulate radio to such a degree where by they define what can do into a radio?
This is just regulation for the sake of creating jobs and justifying some politicians existance rather than actually any real world justification.
Heck, New Zealand, we have regulations pertaining to broadcasting, but they’re simple, straight forward, and possibly could fit onto the back of a beer coaster – regulate only what needs to be regulated and leave the rest up to the industry.
If there are issues with so-called ‘opensource radio’s’ then let the market dictate whether or not they’re a good product – I certainly don’t want politicians coming into my life dictating what they consider to be ‘good products’.
For the ‘bastion of capitalism’ that America claims to be, they seem to have the same excessive regulation that a soviet bloc would.
I am always confused when I see these sorts of things; why does the US government see themselves as fit to regulate radio to such a degree where by they define what can do into a radio?
Because the spectrum is a limited public good, and the market falls down in managing such resources. If the FCC wasn’t carefully managing the spectrum, it would literally be useless to everyone. All it would take would be one idiot with a high-power amplifier to ruin all the TV reception in a neighborhood.*
You can think of a computer programming analogy for this. If you’ve got 4MB of RAM, would you manage it using free-for-all mechanisms? No, you’d use some sort of allocation mechanism. The technology to do dynamic spectrum allocation is still in the research stages, so in practice all you’ve got is static allocation, which is the equivalent of the FCC system. There is no other sane way to handle things.
*) I think people underestimate how enormous the spectrum management problem can be. Your neighbor’s wifi network interfering with yours is a nuisance, but intentional interference or jamming of public safety bands can be deadly. And the worst part of it is that its almost impossible to track down who is causing the interference. We were doing a field test last year, and spent hours tracking down a spurious transmitter that was intruding on spectrum that had been allocated to us. We never found the guy, eventually he just went away and stopped messing up our test results.
Edited 2007-07-08 01:00
Which would sit under the regulation of “transmitting without a licence” – you don’t need to regulate whether the transmitter is using an opensource piece of software – as long as the transmission conforms to the paid licence, that is all that is worth worrying about.
As for interferance, if there one has purchased a relevant licence, it is therefore up to you as the licence holder to take the interfering party to court – it has been done in the past in NZ when one FM station of a particular area interferred with the transmission; they were fined, equipment adjusted, end of story.
Like I said, there is a difference between managing the spectrum and micromanaging everything that goes on in the spectrum.
Edited 2007-07-08 06:57
s for interferance, if there one has purchased a relevant licence, it is therefore up to you as the licence holder to take the interfering party to court
You can only sue people who you can find. A radio station causing interference is easy to track down. An individual with modded equipment, who might even just be passing by, is not. There is no practical way of enforcing these things at the level of individuals — it’s just too hard to track down interferers. You have to make sure that the radios on the market are physically incapable of stepping on protected bands.
Now, that said, I agree with you that banning open-source SDRs is not the way to do this. The correct way is to implement hardware lockouts (the transceiver chip refuses to tune to banned frequencies).
Regulation of the airwaves is sensible, in the same way that having rules of the road is sensible. If there weren’t those rules, we’d have utter chaos.
What the FCC is doing however seems to me to be far too heavy-handed. It’s the equivalent of requiring by law that cars are *unable* to go over the speed limit, or drive on the wrong side of the road, or go through red lights. And further, “guaranteeing” that it’s impossible to modify the car to allow it to do those things.
Why can’t they just trust people do to the right thing, and come down heavily on those who don’t? It’s a model that’s worked pretty well for the roads for 80 years or so. And in general, being in charge of a radio is considerably less of a life-or-death matter than being in charge of a ton and half of metal capable of 100mph+….
Why can’t they just trust people do to the right thing, and come down heavily on those who don’t? It’s a model that’s worked pretty well for the roads for 80 years or so.
Because it’s really easy to spot the car going at 100 mph in a 35 mph zone. It’s almost impossible to pin down or track down the guy whose radio is operating out of spec. Scroll up and read my comment about the guy who was interfering with our testing. We had a state of the art experimental radio sensor looking for the source of the interference, and we still couldn’t find it.
And in general, being in charge of a radio is considerably less of a life-or-death matter than being in charge of a ton and half of metal capable of 100mph+….
Interfering with public safety or military bands could cause a lot of trouble.
@rayiner:
You are obviously right when you say that radio needs some form of cooperation between users. Anyone would agree that we need to respect some rules for the benefit of all. We just need protocols and safety mechanisms, defined and enforced by ourselves.
A regulator saying that since everybody will see how soft-radio works, we should forbid it for your own safety and freedom.. does it sound right?
It seems to me, that with state regulation, giving a false notion of safety, we are more vulnerable to attacks because we never needed to develop defense strategies.
As for safety or military bands, forbidding the civilians to use those bands isn’t safe in any way, the army obviously know how to defend themselves against radio attacks, and when they are attacked it’s usually not from their civilians. On the other hand, by restricting civilians on some fixed bands, its easier for a government to shut down everyone if the need arises.
For me, it’s just that governments, radio and tv industries feel threatened by a totally free and safe communication network. Liberalism is always good for them, but dangerous for us.
Anyway they are desperate and just can’t do anything about it, its the future ;p
We just need protocols and safety mechanisms, defined and enforced by ourselves.
There is no way to enforce these protocols ourselves. Even the FCC often can’t resolve the interference complaints it receives, and they have tremendously more resources to do it. How would a neighborhood enforce these protocols anyway? A good spectrum analyzer costs $10,000+, and requires some skill to use as an interference-finding tool. How is a community going to get those sorts of resources?
The thing you forget is that the government *is* ourselves. They exist explicitly to define and enforce the sorts of protocols that are outside the capabilities of individuals to do. Yes, there is a lot of potential for abuse (the FCC does stuff with regards to broadcast content that goes way beyond their spectrum allocation mandate), but in any domain where nation-wide coordinate effort is necessary, the government needs to get involved.
A regulator saying that since everybody will see how soft-radio works, we should forbid it for your own safety and freedom.. does it sound right?
The spectrum is a public resource. It’s not for your own freedom and safety, but everyone else’s. It’s along the lines of the sorts of laws that keep you from dumping crap into a river. Yeah, it would be nice if people would naturally avoid pissing in the communal pool, but they don’t. Read up on the state of the Ganges in India sometime.
As for safety or military bands, forbidding the civilians to use those bands isn’t safe in any way, the army obviously know how to defend themselves against radio attacks, and when they are attacked it’s usually not from their civilians.
The test I mentioned was on a military base, on a military frequency, with military and government folks in attendance. They don’t have some magic technology that can pinpoint the source of the interference, nor otherwise change the realities of the underlying physics. As for sources of attack, it’s not even necessarily malicious. Some idiot with a modded high-power transmitter using a military band could easily wreck somebody’s day by interfering with some pilot’s radio. It’s not like all military users have giant high-power radios that can shout over anything else they might encounter. The military has their own regulations and rules, and lots and lots of safety-critical communications happens over radios not much more powerful than a good FRS.
Edited 2007-07-08 03:58
You do raise an excellent point. SDRs are different from PCs and other embedded systems. It would make no sense to discourage open source in mobile phones for instance, but it is different for SDRs where the frequeny range of the tranceivers is under the control of the software (or firmware), making it easy for potential abuse.
But however, open source in the case of SDRs can help to reduce developement costs thus making the devices cheaper and also help foster good standards (SDR ICs that are easy to program and debug and with good third party tools for doing so, for example),just as in any other embedded system industry. And it is possible to prevent modified versions of the opensource SDR software to run on the device (even though the FSF doesn’t like it). AMD’s PIC computer* and the TIVO DVR completely prevent modified (or entirely new) versions of the source code to run on them.
This ‘locking down’ of devices is disallowed under the new GPL3 but perfectly possible under other open source licenses (including the GPL 2, google for Tivoisation for more info). Hence usage of open source only stands to benefit all the parties involved. What should be prevented, is the ability to modify the device range.
Moreover usage of strong digital encryption and a spread spectrum system, as well as other techniques should be carried out to prevent eavsdropping and interference.
* AMD’s Personal Internet Communicator (PIC) did not run open source software. Hackers have tried their best to run linux on it, but to no avail (as I last checked). The PIC is discontinued now.
You do raise an excellent point. SDRs are different from PCs and other embedded systems. It would make no sense to discourage open source in mobile phones for instance, but it is different for SDRs where the frequeny range of the tranceivers is under the control of the software (or firmware), making it easy for potential abuse.
In a modern cellphone, the frequency range and power level of the transceiver is under control of software.
The reason why the FCC isn’t as paranoid about cellphones as it is about cognitive radio is that current cellphone designs are all dual processor, with a ‘modem’ processor that runs software proprietary to the radio vendor and an ‘application’ processor that runs software from the cellphone developer. Even on an open design like openmoko, the modem processor runs software that isn’t open.
But however, open source in the case of SDRs can help to reduce developement costs thus making the devices cheaper and also help foster good standards (SDR ICs that are easy to program and debug and with good third party tools for doing so, for example),just as in any other embedded system industry.
Of all the myths that surround open source software, that of reduction of development costs is the most annoying. I am now working on my fourth development project in ten years that uses OSS, and am familiar with many others. In none of them has there been an overall reduction in development cost as a result of using OSS.
Likewise, the attitude that “there’s more than one way to do it” coupled with the willingness of open source developers to start over rather than try to get along with other open source developers is a significant hindrance to any tendency of OSS to increase standardization within an industry.
There is no way to enforce these protocols ourselves
Now, maybe, but in a few years, with better institutions and better technology i can imagine it.
The thing you forget is that the government *is* ourselves
I totally agree, but having dysfunctional institutions , “ourselves” is rarely the decision maker. But i’m not whining, things are getting better, and we have a lot more freedom and power than a few decades ago. Here in europe, where freedom of speech is a lot worse than in the us, no one could freely create a radio station before the eighties, those where considered pirate radios, and its the censorship authorities that decided what was good or not.
The test I mentioned was on a military base, on a military frequency, with military and government folks in attendance.
Damn 🙂 Touché! Nonetheless, i’m amazed how vulnerable they are then..
edit: typos
Edited 2007-07-09 12:25
Now, maybe, but in a few years, with better institutions and better technology i can imagine it.
Possibly, but detector technology is fairly physics-limited, and that sort of thing advances slowly. I think what you’re more likely to see is detailed control being obviated by inteference-resistant radios, either UWB radios that can tolerate some interference on a sub-band, or spectrum-hopping radios that can jump away from a bad frequency.
Damn 🙂 Touché! Nonetheless, i’m amazed how vulnerable they are then..
It’s no big secret. I’m sure parts of the military has some “24”-style technology to investigate these sorts of things, but your average guy on the ground doesn’t have anything fundamentally different from what’s available to the general public. Interference is actually one of the big communications problems in Iraq, both interference resulting from enemy jamming, and self-interference resulting from conflicting frequency assignments.
I work at a company that researches software-defined radios, and I’ve gotten a pretty good idea of the paranoia the FCC has over them. To be fair, it’s not entirely unwarranted. Software-defined radios have a lot of potential for things to go wrong. They can generally tune to many different parts of the spectrum, with only software controls to keep them off protected bands. Improper use of these radios could result in them creating interference in commercial bands for which the owners paid large amounts of money, or worse in public safety bands use by firefighters and policemen. That said, closed source-code is not really the solution to this particular problem. You really want to enforce this sort of constraint in hardware.
Interestingly, this was a specific point brought up by the kernel devs in the LKML debate over v2 vs. v3.
The FCC essentially mandates that wireless gear is not user-modifiable to the point that it permits alterations to the transmission/receiving, in order to prevent exceeding guidelines and breaking spectrum boundaries.
The kernel devs say that there are circumstances where hardware vendors would want to lock down the kernel in order to prevent tampering with the hardware. Tivo is the favored target here, but the situation is no different with “smart” radios.
In such a situation, the FSF position is that it is up to the hardware manufacturers (in this case the wireless chipsets) to lock down their hardware and provide APIs, which is completely counter to the intent to reduce the cost of the chipsets and allow control by software.
So here we have a situation where the hardware manufacturers want software configurability for cost-effectiveness, the FCC wants restrictions on the degree of configurability, and FSF wants no restrictions at all.
I’m sure people will disagree and slag me for this, but this is one of the particular situations I was concerned that the FSF was exceeding their boundaries with v3 and the hardware signing provisions. Linux and OSS has the ability to help manufacturers bring cost-effective solutions for users, but the FSF would argue that the benefit is coming at the expense of user freedom and is therefore unacceptable, FCC restrictions be damned.
So we wind up in a conundrum, where free software demands only proprietary hardware, yet OSS embraces hardware with restrictions.
It’s a shame, but then, this is one of the reasons the kernel devs held their ground.
Flame away….
First off, thanks for the informative comment.
When you think about it, it really fits with the two different philosophies. OSI is all about a development methodology, FSF is all about a moral philosophy.
I have read lessigs Free Culture, I have read all the CatB documents, and I have heard RMS speak several times now. The point where I am at is that the Free Software philosophy can be likened to marxism. It looks fantastic on paper, but when you apply it to the real world, things start to fall apart. I would really love to believe in communism, I love the ideals behind it, I like the altruistic morality vs the dog eat dog morality of capitalism. But try as I might, I can’t, because a world where there is no protections of any kind for the innovator is a world that relies on the honor and ethics of humanity as a whole, and we have seen time and again that it is something not to be relied on, time and again.
OSX is a great example. The OS follows the principals ESR was talking about in the Magic Cauldron, open source where it makes sense, closed source for the crown jewels that realistically speaking, would sink your business to give away. RMSs stance is that half open is better then totally closed, but it is still violating fundamental freedoms to not give everything away, no matter what the reasoning.
Anyways, sorry for the mostly OT rant, but it is something I believe is very important to address and figure out which side you are on, and the vast majority of the community just use Free and Open interchangibly with no regard to the actual meanings of both terms.
I think with OSS you have in their view to much control over the device while they don’t want you to receive and or transmit everything. So whose safety we’re talking about?
that ‘security through obscurity’ is a myth to send me their ATM card # and PIN.
All security, except physical security, is based on obscurity in the form of secret keeping.
You’re looking at it backwards. A more accurate analogy would be for me to send you the schematics for the card and the code for the software which encrypts the information on it. It’s then up to you to figure out how to get at my PIN.
See the difference?
“””
See the difference?
“””
No. Cloudy has it right. Passwords and PINs are the very essence or security through obscurity and yet no one ever seems to mention the fact.
The problem is that “security through obscurity” is one of those meaningless phrases that everyone uses but almost nobody bothers to operationally define.
At what point is an obscure item sufficiently difficult to figure out that it can be considered an effective security measure?
The fact is that security through obscurity can work quite well indeed. And even in its weaker forms, can play an effective part in an overall, layered, security scheme.
“Security through obscurity doesn’t work” is more of a propaganda slogan than a security principle. More accurate would be to say that “relatively shallow security through obscurity, by itself, is often not very effective”. But that’s hard to chant. 😉
Edited 2007-07-08 12:31
True that, but getting back to the ATM Card/PIN situation, the security infrastructure actually recognizes the inherent weakness of passwords/PINs, so it relies on two-factor authentication; the PIN is useless without the ATM card, and vice versa.
Certainly not a flawless system in it’s present implementation, considering that ATM cards can be duped with easily accessible equipment, but that’s a flaw of the implementation and not the concept. In fact, I think that flaw emphasizes the weakness of “security through obscurity”, in that the banking community failed to anticipate the ease with which cards would soon be duplicated, breaking the integrity of the two-factor process since it relies on physical posession of an inherently unique item. They just assumed they were secure.
Security in any form should be a risk-management decision. The smart security implementations assume they will be compromised, and implement the layered approach you mentioned in order to increase the complexity of the attack required. The complexity required should at the very least be proportionate to the value of the item being protected. Many of the security approaches available are well documented, utilize published technologies/algorithms etc., and are considered part of a best practice approach. So despite the openness and accessibility, these approaches are still endorsed and in most cases have a track record of proven security.
Weak security inevitably relies on the obscurity argument, which is often perceived as being invulnerable if the attackers have no knowledge of the underlying system. It also requires the user to place all of their unqualified trust in the technology provider. This is weak logic that inevitably reduces the security approach from being a risk-management approach to a simple gamble. Not one I’d want to rely on.
I agree with what you’re saying, but I don’t think that’s quite as relevant. Yes, to some extent you DO have to work with obscurity, because there must be a legitimate way in known to those who need the access (otherwise, we could just unplug the computer, encase it in concrete, and fire it out of a cannon, into the sun). An open-source ATM would also have to have an authentication system, just as my laptop has a password-protected login, known by me and hopefully only me.
The point of what we’re discussing here (I think) is that there shouldn’t be other ways into the system.
For a system that really is secure, being open or not wouldn’t matter. For a system that isn’t totally secure, being closed-source will make it harder to find the flaws. On the other ends, it’s hard for me to imagine someone seriously claiming obscurity alone will do the trick, or that Open Source programmers can’t use decent security techniques.
I know I’m somewhat biased toward Free/Open software, but I’m going to side with the idea that if it’s properly written, it shouldn’t really MATTER whether it’s closed or open source.
I’m just glad I haven’t seen the “security by disinterest” argument here.
I agree with what you are saying, as well. My point was really that the whole “security through obscurity doesn’t work” mantra is really beside the point.
By the time you define ‘security through obscurity’ to everyone’s satisfaction, and then argue out the details of how the current scenario maps onto the ‘security through obscurity’ model… you really would have been better off just hashing out the nuts and bolts of the current situation without all the abstraction.
Edited 2007-07-08 21:58
You’re looking at it backwards.
I look forward to you posting your PIN and ATM # in reply, if that’s so.
A more accurate analogy would be for me to send you the schematics for the card and the code for the software which encrypts the information on it. It’s then up to you to figure out how to get at my PIN.
It wasn’t an analogy, it was an example. All of that clever hardware and software makes no difference at all if I have access to the piece of information that you are keeping obscure, your PIN.
The problem with your line of thinking is that you’re looking at the strongest link in the security chain rather than the weakest.
“As for why this is happening – well, what do you expect from the Bush administration? They no doubt see open source developers as terrorists.
”
How about learning about the US political system before you spout stupid things like that. Congress is who passes the laws and guess what – it’s controlled by the Democrats *gasp* the very people who claim it’s the Republican’s that bend over backwards for big business and want to control the people.
Both of you need to learn how the modern government works
The body of FCC regulation had nothing to do with either this current President, nor the Congress that has been sitting for less than a year! It’s the products of years and years of decisions by bureaucrats, some of them well-informed (the FCC commissions lots of scientific studies), and some of them completely uninformed (the FCC doesn’t always listen to those studies!) The President and Congress have only an indirect influence over the FCC, or any major regulatory body (FTC, FAA, FDA, EPA, etc). They shift power within the body by appointing new chairmen or other high-level postings, but most of the actual regulation is created by career bureaucrats who retain their posts through many different administrations.
It’s been controlled by Democrats for *six months* I’m sure you right-wing loons would like to think everything wrong in the U.S. was passed by Democrats from Janauary-July 2007, but most of the problems we have go back to when republicans controlled the White House and Congress, and a majority of the Supreme Court as well.
This is getting OT, but most of our problems run back for a good thirty years or more. I’m ostensibly a Democrat, but I can’t entirely blame the Republicans for the current dysfunction of the government, nor do I think the Democrats have the will to do anything about it.
Our government is broken, and its broken in some pretty fundamental ways. We’re no longer a country run by three branches of government with intricate checks and balances between them. We’re a country run by a giant unelected bureaucracy that has neither a culture of merit nor any system of accountability to speak of.
Edited 2007-07-08 20:42
” U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving ‘a high burden to demonstrate that it is sufficiently secure’.”
come on, how can they say this when last month the NSA and others approved open source software like redhat enterprise linux 5 to be used at high level U.S. government networks.
is that the premise is wrong.
I finally had time to look at the R&O and it doesn’t say that it is going to be harder to certify hardware that uses open source software.
@rayiner
Your comments about interference only make sense if you’re taking about radio transmission.