Security → Sad truth about Cisco

It seems to me that Cisco will try and use the DMCA to silence Lynn's writings. I'd guess this was the result of some marketing VP with a large hornets nest up his or her ass. Most accounts indicate that Lynn ran the paper by someone at Cisco before the presentation and received the go ahead. Then all hell broke loose. Restraining orders, resignations, Cisco employees acting as censors, etc. A real mess.

The background I have on IOS is this. It's a single address space, non-preemptive runtime that should have died in 1995. There had been MANY attempts to update the woefully out of date IOS. All attempts have died at the hands of politically powerful higher ups in the company. IOS is a dinosaur, pure and simple. But Cisco like Apple is a hardware company not a software one. They try to fool people about IOS's reliability but those in the know realize it's really terrible.

With that being said, there are lots of great software engineers at Cisco struggling to keep IOS alive each and every day. They, the software engineers, have little control over larger architectural issues like choice of the router's runtime.

So thumbs up to Lynn and Cisco's much abused software engineers, and a big thumbs down to the reactionaries who believe that the best approach to computer security is the ostrich model. No amount of lawyers will save you when someone creates an "All your router now belong to us" exploit.

Well, from everything that I've read about this recent snafu involving Cisco and Lynn, there have been indications that Cisco was soon to be releasing a multi-threaded version of IOS, designed to break down the single-threaded software design barrier that you describe.

At least from my (limited technical) understanding of the situation, perhaps this change would have allowed some sort of theoretical "router worm" to propegate, because once compromised, routers could be manipulated to run "background trojan" tasks, *without* taking down the whole router in an obvious manner, as would likely be the case with a single-threaded design. (Again, this is just supposition based on general-purpose software design - I actually know nothing about Cisco routers and IOS in specific.)

IOW, if the runtime was somehow vulnerable in places - changing it from single-threaded to multi-threaded really only just increased the potential risk. Lynn speaking out about the issue, may have headed off this "greater risk" at the pass, but while at the time time casting a shadow of potential insecurity upon Cisco's new soon-to-be-released products. (Correct me if I'm wrong about any of this. I know only what I've read recently in the media about this.)