"Chilling Effects" paper at USENIX
Joshua N Pritikin
jpritikin at pobox.com
Wed Apr 9 01:24:17 EDT 2008
On Tue, Apr 08, 2008 at 09:54:51PM -0700, Jaya Kumar wrote:
> On Tue, Apr 8, 2008 at 9:21 PM, Mitch Bradley <wmb at laptop.org> wrote:
> > It would have been nice if the criticisms had been delivered directly to
> > OLPC, instead of broadcast in a public forum, where enemies of OLPC can cite
> > and expand on them as evidence that "OLPC is hopelessly screwed up, so you
> > should buy our competing product instead". If you get my drift.
>
> In the free and open source community, people generally post their
> technical opinions and criticisms in the open. If they're wrong, then
> we can say it, while moving forward, or if they're right, then we can
> fix it, and move forward.
Of course, but these authors are also playing politics.
> > I believe that the prevailing ethos in the white hat security community is
> > to report newly-discovered vulnerabilities first to the company in question,
> > thus giving them some amount of time to develop a patch before the public
> > announcement.
>
> If the paper provided an exploit or specifically identified a
> vulnerability then they should have sent it to you guys first. Did
> they identify a specific vulnerability or exploit?
Sure, they identify lots of them and imagine a few more implausible
ones for good measure.
> > The authors appear to be academics, however, so they would get little
> > credit for having contributed to OLPC security by privately contacting OLPC
> > and giving us an opportunity to address their concerns. Publishing is the
> > coin of the realm in academic circles.
>
> Agreed. Are any of their concerns valid?
Valid, yes, but their tone is insulting.
More information about the Devel
mailing list