Re: atheros chips dangerous?


On Fri, 11 Aug 2006, Poul-Henning Kamp wrote:

In my opinion the difference is that with NDA you place trust in a few persons (the ones with the code), whilst with open source drivers the code can be reviewed by all people with enough knowledge about the subject and since peer review is an important concept in FOSS quality (and security) it would be desirable to have free code.

While that is certainly true, I also feel that the fact that Atheros has actively tried to work with the FOSS people to get a good driver should be credited to them.

Other vendors have been totally impossible to work with.

Something worth observing here is that many modern device drivers, especially more complex cards with significant offload of functionality to the card, have closed source components -- the firmware for the device. The HAL is a tiny wrapper around programming of a few very specific elements of the hardware behavior to do with software radio power/frequency, etc. Compared to the size of the closed source chunk in the firmware of many device drivers (ipw, many RAID controllers, etc, for example), it is miniscule, and is reviewed and maintained by an open source person. You could argue that this is significantly more forthcoming than many other vendors, for whom firmware binaries are entirely closed source.

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: [PATCH 3/5] watchdog: cleanup a bit omap_wdt.c
    ... Device drivers don't have such luxuries. ... Not part of this patch series. ... Review rarely happens all at once, unless very few people look at ... for weeks on end until it's nice and shiney, and then submit it upstream. ...
    (Linux-Kernel)
  • Re: Announce: ndiswrapper
    ... > We already have a second-class flavor of open source in the kernel right ... Combine this with firmware load from Windows DLLs ... On these drivers we don't even see what ...
    (Linux-Kernel)
  • Re: MSI launches Dolby DTS enabled motherboard
    ... >> This oughtta be good for those of you looking for a high performance + ... >> 7.1 DTS encoding solution: MSI have this neat looking mobo, ... >often fall short with the drivers. ... I did track down one review on DriverHeaven (though it's mostly ...
    (microsoft.public.windowsmedia.encoder)
  • Re: [PATCH] OMAP: I2C driver for TI OMAP boards #2
    ... So there's been a change from the "new drivers can be merged late" ... There is no reason why I would have to ... review every new i2c driver. ... not happy with that will have to help me a lot with the i2c patches ...
    (Linux-Kernel)
  • Re: [PATCH RFC] [1/9] Core module symbol namespaces code and intro.
    ... kernel has become so big now that review cannot be the only ... If people aren't reviewing, ... There are still classes of drivers. ... use interfaces that are really generic driver interfaces and fairly stable ...
    (Linux-Kernel)