> On Jun 6, 2016, at 10:36 AM, WebDawg <webd...@gmail.com> wrote: > > On Mon, Jun 6, 2016 at 9:00 AM, RB <aoz....@gmail.com> wrote: >> >> On Sun, Jun 5, 2016 at 7:02 PM, Volker Kuhlmann >> <hid...@paradise.net.nz> > This is a laughable argument! >> >> I'm not here to argue, you are. More specifically, you're here to >> press your personal point for open switch firmware. Your paranoia, >> it's showing. >> _______________________________________________ > > > > All of this arguing aside and all of these points made I still cannot wait > until there is nothing stopping me from examining the code that runs on my > switches.
Given that the forwarding plane in these is largely TCAM-based, you’re going to go very deep to begin to understand same, and the there will be large parts of the chips that are not documented. We actually have Broadcom Trident and Fulcrum FM6K/10K source code here. I won’t explain why. > I know some of these is off topic but I am going to post this anyways: > > > j...@netgate.com wrote: > > "Open Source is more about sharing than security." > > Open source is way more then both of these topics but even in the sentence > that you wrote, you even agree that it could be a little bit of both. It > seems like groups are moving towards openness in general and it is going to > be really cool when I can cheaply take something like Open vSwitch, bah. yesterday’s newspaper^Wtechnology. > some hardware, and an open vSwitch accelerator > (http://www.6wind.com/products/6wind-virtual-accelerator/) Which is neither open source, nor inexpensive. > and forget about Cisco, Juniper and the lot. For up to about 40Gbps, probably. Above that? Probably not. > It sucks, it really does. I would think Open Source is more about lowering > the entry level for any topic. It is easier to audit if you need it > secure, it is easier to work with when you need to share or bits and pieces > of it, etc. > > When I was a child I wanted something like the raspberry pi so very bad, or > an Arduino. The closest thing I could find in my environment at the time > was about $400+ and the programming software was very proprietary, the > device was limited in its capabilities, it was closer to SCADA. A Z80 couldn’t have cost $400. > I do not think anyone here wants to argue Some Company vs OpenSource, when > you look at the fabric switches that Cisco any other companies offer it is > obvious how money can motivate a company/organization to build new tech. I think you’ll find that Cisco (etc) use off-the-shelf switch parts these days. > But then take a look at something like the Raspberry Pi “take a look at … the Raspberry Pi” which is not open hardware, Just try to build your own. ... and has binary blobs: https://www.raspberrypi.org/blog/open-source-arm-userspace/ https://www.raspberrypi.org/blog/new-video-features/ Further, the license of the raspberry pi firmware is restricted to use on raspberry pi products, so to remain within the license were you to build your own (should you be able to somehow acquire chips)< you would have to make your own firmware builds from the materials broadcom provide (under NDA). Odroid managed to secure a small batch of BCM2835 and developed a pi-compatible product called the odriod W around it but Broadcom refused to sell them further chips. In short, the Pi is not an open source project. It was meant to be a learning tool to get kids interested in computer hardware and programming. Mission Accomplished. Obviously there has also been a lot of interest from the 30+ computer crowd who have turned their PIs into cheap portable media players and DIY projects involving the GPIO port(s). But this was never the goal of the RPi foundation. Given this, please explain what you want me to examine. > and see where it is and what it is doing. Part of OpenSource is removing the > grip the > companies have on these technologies and giving it away, this especially > helps when you live in an environment when the bar for getting things that > are not OpenSource is high for whatever reasons. > > On Sun, Jun 5, 2016 at 7:02 PM, Volker Kuhlmann wrote: > > Your paranoia, it's showing. > > "Paranoia is a thought process believed to be heavily influenced by anxiety > or fear, often to the point of delusion and irrationality." > > If you believe there are not malicious actors trying to influence and hack > technologies for there own benefit, I do not know what to say, but someone > not trusting some software does not sound all that crazy. You didn’t read it, did you? http://dl.acm.org/citation.cfm?id=358210 You should read it. Serious. It will destroy your faith in “many eyes make shallow bugs”. Here is a pull quote: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.” When you’re done, the attack dates to 1974. http://seclab.cs.ucdavis.edu/projects/history/papers/karg74.pdf and this guy was my boss at Vivato: http://seclab.cs.ucdavis.edu/projects/history/CD/#biba75 Jim _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
