As the survey shows, and as Simon just stated, I do not think that security through obscurity is the way to go, provided the nature of this volunteering measurement platform. However, it is not all that simple, IMHO. I particularly support the idea of releasing the source code gradually, even under temporary NDAs if necessary, in order to improve the security of probe or controllers by getting the code audited by more people. Enhancing the system by introducing more features (different traceroute algorithms and options) or polishing the existing ones (IPv6 support, which is currently limited by the busybox version probes are running atm, IIRC) is something possible and desirable, if we dont forget that its Atlas itself what has to improve. I personally do not endorse the creation of further parallel, *public* measurement platforms. This is a hairy topic that guarantees a nice discussion on its own thread or meeting, but if I had to say something, I would say Atlas is doing pretty well and that a hybrid model allowing independent probes to join in a controlled fashion (as it has already been suggested) making Atlas grow... that'd be the way to go. There are way too many factors to consider here (tampering, tweaking, faking, validating the measurement results; reasearch interest in the measurements performed and archived data, how to deal with that possible variety of measurement types...) and so a single post is clearly not enough to elaborate, so... please take it with a grain of salt. Philip has been able to articulate my ideas much better than myself, so I will simply +1 his educated points: On Wed, Jan 4, 2012 at 4:45 PM, Philip Homburg <philip.homburg@ripe.net> wrote:
On 1/4/12 16:11 , Simon Josefsson wrote:
"Richard L. Barnes"<rbarnes@bbn.com> writes:
Analyze as you will :)
One thing that strikes me from the discussion has been an absence of answers to this question: What would reasons be to _not_ release the source code?
I believe that unless there is a strong reason not to release the source, it should be done because there is interest in it and there is potential to get improvements out of it.
There are some non-technical arguments that I won't list here.
One argument for not releasing is security by obscurity. It is easier to find security holes if you can just download the source. Instead of trying to obtain a probe, getting the firmware out of it and decompiling the binaries. In short, within RIPE NCC the question needs to be answered whether the source can released as is, or whether a security audit is required. Needless to say, a security audit is likely to cost money.
Dumping the source just as a tar file on a web site is easy. But that will be one way communication. And most likely fork the project. Not good.
+1 I couldnt be more openly against unnecessary forks.
If you want to turn it into an open source project, then a lot of stuff has to happen. In particular, the project has to be mature enough that it can actually be installed without too much pain. Of course, this costs time and money.
+1 Its always good to deal with any subject around Atlas, but perhaps it is not the _optimal_ moment to release the source, to say the least.