On Tuesday 17 July 2007, burlingk@cv63.navy.mil wrote about 'RE: [gentoo-user] 2 to 3??': > TiVo did not allow modified, and therefore potentially > Compromised, devices connect to their network. More than that -- they don't allow the "compromised" devices to boot. Of course, that's *required* to lay down the restrictions they want, since one the device is booted from freely modified code, there's no method of remote attestation to guarantee your aren't just pretending to be a "genuine" device. > This does not sound like theft of code, it sounds like sound network > protocol. So, sound network protocol validates the data sent, it doesn't require the other end to be arbitrarily "trusted". Remember "trusted" is just DoD speak for "allowed to violate security policy". > If you wish to maintain a secure environment that is stable > for thousands of users, and has a lot of money riding on it, you do > not allow compromised devices to connect. It is that simple. BS. Second life allows any client to connect as long as they follow the protocol. There's a wide variety of WoW hacks that modify the running executable (a binary patch applied at runtime) that, while not allowed under the EULA, work quite well on the real servers and have not increased the number of server crashes or scheduled restarts. Securing the network is not done by securing the remote devices. (You don't need to trusted ethernet card to connect to a cisco router, or a cable modem.) It is done by validating the data sent, having a well-defined network protocol, and disconnecting clients that provide bad data. > The TiVo thing was completely within the word and spirit of the GPL. It was *barely* within the word, and definitely not within the spirit of the GPL. Don't beleive me? Ask anyone at the FSF or RMS himself. They wrote the thing. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss03@volumehost.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/