Date: Fri, 11 Aug 2006 11:28:43 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?Jos=E9_M=2E_Fandi=F1o?= <freebsd4@fadesa.es> Subject: Re: atheros chips dangerous? Message-ID: <20060811112511.T45647@fledge.watson.org> In-Reply-To: <38802.1155288265@critter.freebsd.dk> References: <38802.1155288265@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Aug 2006, Poul-Henning Kamp wrote: >> In my opinion the difference is that with NDA you place trust in a few >> persons (the ones with the code), whilst with open source drivers the code >> can be reviewed by all people with enough knowledge about the subject and >> since peer review is an important concept in FOSS quality (and security) it >> would be desirable to have free code. > > While that is certainly true, I also feel that the fact that Atheros has > actively tried to work with the FOSS people to get a good driver should be > credited to them. > > Other vendors have been totally impossible to work with. Something worth observing here is that many modern device drivers, especially more complex cards with significant offload of functionality to the card, have closed source components -- the firmware for the device. The HAL is a tiny wrapper around programming of a few very specific elements of the hardware behavior to do with software radio power/frequency, etc. Compared to the size of the closed source chunk in the firmware of many device drivers (ipw, many RAID controllers, etc, for example), it is miniscule, and is reviewed and maintained by an open source person. You could argue that this is significantly more forthcoming than many other vendors, for whom firmware binaries are entirely closed source. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060811112511.T45647>