Re: Copyright Misuse Doctrine in Apple v. Psystar

[amicus_curious]

"Mart van de Wege" <mvdwege_public@myrealbox.com> wrote in message 
86ocwtbse3.fsf@gareth.avalon.lan">news:86ocwtbse3.fsf@gareth.avalon.lan...
> "amicus_curious" <ACDC@sti.net> writes:
>
> > "Mart van de Wege" <mvdwege_public@myrealbox.com> wrote in message
> > 86skm6bdgk.fsf@gareth.avalon.lan">news:86skm6bdgk.fsf@gareth.avalon.lan...
> > > "amicus_curious" <ACDC@sti.net> writes:
> > >
> > > > "Mart van de Wege" <mvdwege_public@myrealbox.com> wrote in message
> > > > 86wsbic07e.fsf@gareth.avalon.lan">news:86wsbic07e.fsf@gareth.avalon.lan...
> > > > > "amicus_curious" <ACDC@sti.net> writes:
> > > > >
> > > > > > "David Kastrup" <dak@gnu.org> wrote in message
> > > > > > 85r61r4nvu.fsf@lola.goethe.zz">news:85r61r4nvu.fsf@lola.goethe.zz...
> > > > > > > "amicus_curious" <ACDC@sti.net> writes:
> > > > > > >
> > > > > > > > If it fails early, it gets returned to the store or to the
> > > > > > > > manufacturer for credit.
> > > > > > >
> > > > > > > If your whole computing centre gets compromised because a packet
> > > > > > > logger
> > > > > > > could be inserted into the router, return to the store is your least
> > > > > > > problem.  Being able to determine possible scope of a security
> > > > > > > breach is
> > > > > > > certainly important.
> > > > > > You create a whole lot of hypothetical situations, but people buy
> > > > > > these things at Sam's Club for $35 and they work just fine.  What
> > > > > > compromise has there ever been that allowed someone to put a "packet
> > > > > > logger" into the firmware of such a thing?  Who would bother?
> > > > > Spammers who like to build botnets out of domestic PCs for example.
> > > > Do you know of any instance where the botnet was built by compromising
> > > > the user's router firmware?  That is pretty farfetched.
> > > Yes, and executable e-mails were once considered to be 'purely
> > > theoretical'.
> > >
> > > I'm sorry, but threat evaluation is just a *tad* more than 'is this
> > > being exploited yet?'
> > I don't think that you are sorry in the least.  Do you suggest that
> > this theory will first find its way into someone lusting to robotize
> > some kid's PC?
>
> I suggest this is possible, yes.
Well what is your thought on its being at all probable?

> > Even so how likely is it that the target of this exploit is savvy
> > enough to have combed through the source and implemented his own fix
> > enable by knowing which library version of BusyBox was in use in his
> > $25 router? It would be more probable that he would win the
> > Powerball Lottery twice in a row.
> You're excluding the middle. Between not knowing anything and hacking
> the firmware yourself is the possibility that knowing the exact
> version numbers of the component parts gives the owner the possibility
> to determine how vulnerable they are, and to take steps, ranging from
> taking in the router to the reseller to have it serviced, or patching
> it themselves, and everything in between.
>
> Then again, you really don't think these things through, now do you?
> Your every effort in this thread screams intellectual laziness, if not
> outright stupidity.
Well call me all the names you want, but you are not making any sense 
yourself.  My point is not that the data might be useful if it were 
available, and it is, but that the totality of those taking advantage of 
knowing is zero or close to it.  In any case just disclosing the version of 
BusyBox incorporated into the device is sufficient.  They do not have to 
publish the entire code tree to achieve that.  Think efficiency.