Closed Source -- Who Dares Call It Treason?

Armed and Dangerous weblong ^ | 5/22/02 | Eric S. Raymond

[Myrddin]

From 1980 to 1983 I was teaching 6800 and 8085 based classes at the local junior college. My students were taken aback when I explained and flowcharted an algorithm, then proceeded to write the code on the board with memory addresses, mnemonics and hex op codes from memory. I could write it faster than the students could look it up on the 6800 instruction card. I tired of the limits of the 6800 instruction set on our EPA68 trainers. In response, I wrote a complete replacement ROM for the trainer and installed a 6809 CPU. The new ROM supported all the additional registers and features of the 6809. I offered the new ROM monitor to EPA, but they had already moved forward to the EPA 68000 trainer.

[Myrddin]

Your example suggests that the CPU could only push and pop the A register to to/from the stack. 6502 by chance?

[steve-b]

During testimony before a federal judge, Microsoft executive Jim Allchin has admitted that some code critical to the security of Microsoft products is so flawed it could not be safely disclosed to other developers or the public.

Now, they are trying to claim that open source is a security risk. Which is it?

[steve-b]

Allchin is correct to point out that there is a security consequence to exposing the source code.

Wrong. Dependence on this sort of "security through obscurity" is the mark of the incompetent.

It makes it much easier to find new ways to hack the software. The worms that exploit buffer overruns could never have been created without intimate knowledge of the software source code and the target CPU implementation.

Nonsense. People write worms for Microsoft crapware every day without access to the source code.

[steve-b]

And for the record, Microsoft should never have to release its code. That's Microsoft intellectual property.

Those two statements have no connection to one another. Patented and copyrighted works are fully exposed to inspection as a matter of course without compromising the rights of the holders.

[NativeNewYorker]

Now, they are trying to claim that open source is a security risk. Which is it?

The FUD wars have a "through the looking glass" feel, don't they?

[Myrddin]

Dependence on this sort of "security through obscurity" is the mark of the incompetent.

Not true. We have many national security assets that have known weaknesses. The weaknesses are not publicized because they compromise the value of the asset. Some of the weaknesses can be repaired and will be repaired in time. Until the repair can be accomplished, you don't squander the asset by telling your enemies how to defeat it. In some cases, the asset will be replaced by something better in the future. If you can retain the use of the asset until that time and avoid expending resources fixing a soon to be obsolete asset, you are ahead financially and strategically. Right or wrong, the military has deployed Microsoft operating systems into software that our troops use to perform their work. Making it easier for enemies to mount cyber attacks against our troops is not smart.