*shudder*

[michiexile]

I don't quite know how it came to this, but when I look at what I'm writing right now, I seem to be recommending closed source. I would wish to excuse this by claiming that what I'm asked to propose solutions for is impossible and only vaguely suggested by closing source, requiring code signing and other draconian measures.

Alas, trying to build security where there is none to be found makes evil things with a young mind.

Comments

Open source DRM

[(Anonymous)]

"trying to build security where there is none to be found"

Sounds like DRM/"trusted" computing. I remember reading something about an open source DRM (http://blogs.gnome.org/view/uraeus/2005/12/03/0)...

/abo

Re: Open source DRM

[michiexile]

Thanks! That link is very helpful. I'm going to go through it with some attention.

[mikkeru.livejournal.com]

Come to the daaaark side! Obscurity is a very good way to prevent and repel attacks in every other setting, so I don't see why it shouldn't be in computing. After all, as Sun Tzu and common sense says, it's very difficult for an attacker to attack you if they don't know how your defenses are disposed or even where they are.

Imagine an attacker somehow breaking into a system and getting root privileges - but then being unable to use them for anything since they don't know anything about operating the system. He is completely blind while the white hats on the other hand know exactly how the system work, what the attacker is trying to do, and how to repel him.

After all, the only way to get a system you can completely trust if you, yourself build it from discreet components and up, and write every single bit of code yourself. Because otherwise, how can you really know nobody hid a backdoor in it?