[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI.
|
From: |
Danny Milosavljevic |
|
Subject: |
Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI. |
|
Date: |
Thu, 2 Feb 2017 21:41:59 +0100 |
Hi David,
On Thu, 2 Feb 2017 21:18:06 +0100
David Craven <address@hidden> wrote:
> > I don't think the firmware needs to be uploaded at all to the AR9285
> > device.
>
> I don't understand:
>
> 1. free firmware - anyone can update the firmware
> 2. binary blob - the vendor can update the firmware
> 3. fixed at manufacturing time - no one can update the firmware
>
> Option 1 is obviously superior to the other two. But how is option 3
> better than option 2?
When it's option 3 then you personally can't be targeted without also targeting
anyone else that could have bought that chip.
With option 2 the vendor could create malicious firmware just for you -
unbeknownst to you, of course.
If the firmware is actually fixed and constant (option 3), the company has a
very large disincentive to do anything bad to it.
For example, let's say Intel had non-updateable microcode on its CPUs and it
included a backdoor. If anyone *ever* found it, nobody would trust Intel ever
again - and Intel couldn't sweep it under the rug because millions of physical
chips that include the backdoor would be in the hands of different people. What
could they do?
On the other hand, if firmware is updateable by a (possibly automated) program,
that program could easily check whether it's running on *your* computer
specifically and then give you a special firmware. Now nobody but you has a
chance to find it. Not to mention checking the date etc.
With all the spying going on that's a *real* possibility. Also, many people
already found backdoors in BIOS updates for example - so it's not theoretical.
So that were the life-and-death things.
From an engineering (integrator) standpoint a fixed firmware is also better
since it doesn't change. So as an engineer you find out once and for all what
it does now and it will continue doing that forever. Moreover, the vendor has
an incentive to actually test the thing and fix all the showstoppers *before*
selling you the device. With option 2, they really don't (and also could change
their mind at any time after the sale (!)).
- [PATCH 2/7] gnu: Add git-crypt., (continued)
- [PATCH 2/7] gnu: Add git-crypt., David Craven, 2017/02/01
- [PATCH 6/7] system: install: Add gptfdisk to installation os., David Craven, 2017/02/01
- [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., David Craven, 2017/02/01
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., David Craven, 2017/02/01
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., David Craven, 2017/02/02
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., David Craven, 2017/02/02
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., Danny Milosavljevic, 2017/02/02
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., David Craven, 2017/02/02
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI.,
Danny Milosavljevic <=
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., David Craven, 2017/02/02
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., David Craven, 2017/02/03
- Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., Danny Milosavljevic, 2017/02/03
Re: [PATCH 7/7] gnu: Enable CONFIG_HOTPLUG_PCI., Ludovic Courtès, 2017/02/09
[PATCH 4/7] gnu: Add appstream-glib., David Craven, 2017/02/01
[PATCH 5/7] gnu: Add gnome-disk-utility., David Craven, 2017/02/01