> Hmm, you're the only person so far I know of who hasn't reacted in shock.
Then you are lucky, because your aquaintance is smart and competence. > * The attitude of security by obscurity, as if telling your customers > "don't look!" stops the black hats for a second. This I noted. Do you think normal people will? As I said, security experts can lough at their incompetence. But this is perfectly normal for normal users. I agree this is not a good advertisement for them (unlike the "we'll send people to learn" I referred to), but it's not hitting back either. Who knows better is already not an Oracle fan. > * Don't look for security holes in Oracle, it's a violation of your license. > * If you find security holes, don't tell us, it's a violation of your > license to have looked and we will send a legal notice telling you to > throw away the information. These I didn't notice (too long a post to read carefully). Thanks for noting. > * It is true that someone found a pile of actual security holes, but > we were totally going to fix them, honest! Some time or other. I noticed. It's like above. > * The tone of contempt for the customer, daring to look and ascertain > their own security risk. Again, my fault I didn't notice. > This is precisely why we need software freedom. Yes. But these arguments are hard to make, and hard to convey to the public. > Reactions on Hacker News: > > https://news.ycombinator.com/item?id=10039202 > https://news.ycombinator.com/item?id=10040428 Hacker chats. I can't show these pages around and make people consider my point about software freedom. So this is a good blog post to keep referencing when we talk to technical people, although even there I fear it will only convert the converted. We may make a press release (I know somebody who might), but it risks acting as an advertisement for them. I fear we need stronger arguments to escape the oracle trap. thank you, david, I appreciate your quote and explanation, but my feeling is always like "we have all the arguments to win at large, but we miss a way to reach the general public". How can we exploit the awful naivness and misbehaving of the proprietary world? A mate making pcb designs was complaining about my choice of using kicad and nothing proprietary, because I'm slower in doing this and that... but today he was lamenting his finances, disclosing how much he's mandated to pay for the pcb tool *each year* even if it's a bad period, work-wise -- and most likely he'd loose all of this own work as soon as he stops paying. But he didn't get the point (not yet, let me work on him, but I've very few chances I fear). Now, how can we make kicad (or geda) better and free these inventive and proficient people from the risk of bankrupting? Not by showing a security-naiveness in their tool's vendor, I'm sure. And, dear proprietary vendor: I know you read me, I'm not that naive. *We* all know you read us, as we are not naive. We just refrain from posting when it makes sense to, and we use GPG, even. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
