undefined | Better HN

0 pointsvlovich1231y ago0 comments

Making the code available doesn’t necessarily mean that you can actually flash the image since it can be cryptographically locked down. Or even you support flashing but only let you do certain trusted operations from a signed image.

0 comments

fn-mote1y ago

I feel like I'm missing something here.

Honestly, if you can't update the firmware you're in the same situation... knowing that you have a critical vulnerability and unable to fix it.

Enforcing trusted operations is definitely more work than they are going to do (if it's even possible to "do this right").

In a semi-ideal world, I would look for a vendor that permits only certain ops from a flashed image and hope that their crappy "restriction enforcing" code is also riddled with vulnerabilites so it's really just "follow the rules please".

1oooqooq1y ago

you managed to completely miss the point.

going the pc route is fully embracing your hardware accept whatever software the user wants. not throw unbuildable source somewhere and make it impossible to use. that's the faux open source we have today when someone must comply with the gpl or something

vlovich123OP1y ago

I think you happened to miss the point about regulatory requirements that make this difficult/impossible to accomplish for the radio vendor. I think the proliferation of SDR is the only hope to change the broader regulatory culture but until that happens you're not going to see a shift.

I think it's also rich calling GPL compliance faux open source. There really is no true Scotsman.

ImPostingOnHN1y ago

What are those regulatory requirements, and what do they say?

Thank you.

1 more reply

j / k navigate · click thread line to collapse