Mark Smith wrote:
On Sat, 17 May 2008 09:34:19 -0500 travis+ml-nanog@subspacefield.org wrote:
I'm sure it'll be good for a number of security providers to hawk their wares.
If the way of running this isn't out in the wild and it's actually dangerous then a pox on anyone who releases it, especially to gain publicity at the expensive of network operators sleep and well being. May you never find a reliable route ever again. I personally like Gadi's work, but not as much as I like getting my
On Sat, May 17, 2008 at 04:47:02PM +0930, Matthew Moyle-Croft wrote: packets to their destination. I personally don't quite understand why netops keep buying proprietary, closed technology for routers, but I'm not and have never been a netop so I'm sure there's good reasons. To me it seems that if you need reliable router hardware, you can buy that from a vendor, but in theory I don't see why the software for routers couldn't be much more open. When I can, I reflash my WAPs with DD-WRT, because at least then I understand the system (and you can't secure what you don't understand), but I am not saying that's much of a comparison.
Have you read and security validated every line of open code you're running? Even if you've only read and security validated 99% of it, you're still trusting that the other 1% doesn't have any vulnerabilities in it.
There are people who routinely deal in absolutes. we generally call them mathematicians... The rest of us have to operate on a certain amount of uncertainty. Ken's goal I think in 1985 was to open people's eyes to an area of uncertainty which was then relatively poorly understood. It was infeasible in 1985 and certainly remains so outside the confines of some really narrowly focused areas to audit a significant percentage of the code you run.
Then again, even if you have audited every line of code, and it is 100% "secure", who's to say the compiler used to compile it is ... so you'll have to audit that too.