atheros chips dangerous?

[Robert Watson]

On Fri, 11 Aug 2006, Poul-Henning Kamp wrote:

>> In my opinion the difference is that with NDA you place trust in a few 
>> persons (the ones with the code), whilst with open source drivers the code 
>> can be reviewed by all people with enough knowledge about the subject and 
>> since peer review is an important concept in FOSS quality (and security) it 
>> would be desirable to have free code.
>
> While that is certainly true, I also feel that the fact that Atheros has 
> actively tried to work with the FOSS people to get a good driver should be 
> credited to them.
>
> Other vendors have been totally impossible to work with.

Something worth observing here is that many modern device drivers, especially 
more complex cards with significant offload of functionality to the card, have 
closed source components -- the firmware for the device.  The HAL is a tiny 
wrapper around programming of a few very specific elements of the hardware 
behavior to do with software radio power/frequency, etc.  Compared to the size 
of the closed source chunk in the firmware of many device drivers (ipw, many 
RAID controllers, etc, for example), it is miniscule, and is reviewed and 
maintained by an open source person.  You could argue that this is 
significantly more forthcoming than many other vendors, for whom firmware 
binaries are entirely closed source.

Robert N M Watson
Computer Laboratory
University of Cambridge