Re: Copyright Misuse Doctrine in Apple v. Psystar

[David Kastrup]

"amicus_curious" <ACDC@sti.net> writes:

> "Alan Mackenzie" <acm@muc.de> wrote in message
> news:gnp3nr$2qen$1@colin2.muc.de...
>> In gnu.misc.discuss amicus_curious <ACDC@sti.net> wrote:
>>>
>>> "Rahul Dhesi" <c.c.eiftj@XReXXCopyr.usenet.us.com> wrote in message
>>> news:gnncnr$vod$1@blue.rahul.net...
>>>> "amicus_curious" <ACDC@sti.net> writes:
>>
>>>>>That gives FOSS a bad name.  Who wants to use stuff like that and risk
>>>>>getting bitten by the looney tunes that think software is some kind of
>>>>>religious experience?
>>
>>>> There is a lot of truth in what you wrote, and it's not specific to free
>>>> software. Enforcement of copyright (and patents) often gives the
>>>> enforcer a bad name.
>>
>>> I don't suggest that enforcement itself is the problem, it is the
>>> enforcement of meaningless requirements.  If the RIAA pinches some
>>> downloader, they get a few thousand bucks or more in return.  That, at
>>> least, makes some sense as to why the RIAA is being so diligent.
>>> But just
>>> having another unvisited site for some out of date source code is hardly
>>> worth the time and effort of the courts to go along on this ego trip.
>>
>> It's hardly meaningless.  It means the source code is available.
>>
> An old version of BusyBox?  How wonderful for you all!

The version used in the router.  Which means that you can determine
exactly what security advisories apply, and you can apply them
yourself.  And yes, to some sysadmins it is important to be able to
figure out vulnerabilities of their hardware.

>> They're likely to want the source of the version embedded in their
>> Actiontec box.  For example, to diagnose a problem, or to complain
>> about its out-of-dateness, or to check it for security problems.
>>
> It is a silly little router for goodness' sake!  Nothing proprietary
> about that, these things are as old as the hills.

A "silly little router" does not need a complete userland utility set
like Busybox.  And most certainly routers contain proprietary
components, both hardware and firmware.

> The money and quality differences are in the hardware, not the
> firmware.

Security implications are in the firmware.

> No one other than router hardware makers give a hoot about it and they
> all use pretty much the same stuff.  If there is a problem with it, it
> gets tossed in the waste basket and another unit is installed to
> replace it.

How do you tell whether a router (or its replacement) has a particular
weakness without being able to look at the source code?

Disassembly is quite more cumbersome.

> If it fails early, it gets returned to the store or to the
> manufacturer for credit.

If your whole computing centre gets compromised because a packet logger
could be inserted into the router, return to the store is your least
problem.  Being able to determine possible scope of a security breach is
certainly important.

-- 
David Kastrup