Re: GRSec is vital to Linux security
need to hire real IP lawyers, not bullshit pretenders. And if Bradly is making money, and enough of it, you might have profits you could target. I kinda think that the "Free software legal" teams exist only to diffuse valid suits, and stymie the guys who actually wrote the code and retained their copyrights. Pure legal malpractice by any accounting. On 2019-01-24 16:25, Boris Lukashev wrote: > You've never heard of VMware, I take it? Its a proprietary half Linux > which beats GPL suits with strong arm tactics and technicalities. > Unlike grsec, they don't distribute any source, because it's proof of > theft... Grsecs back port work is also public, since they're public > upstream patches or mailing list patches, the GCC plugins are the real > magic... Those aren't as GPL as the kernel, rap is patented, respectre > likely will be as well. The critical code changes they need (per CPU > PGD, for one) will not be accepted as Linus has "said so." Those code > bits are out there... > > Also, doesn't matter if their patch leaks for the most part (4.4 just > did get leaked a few weeks back), as I wrote before, nobody really has > the time or skill available to maintain at their level of quality... > Linux might be free, but it's not something that should be run in > production when there's data or resource at stake. > > Is the thought process that they should open up their commercial > stable code for free to all? Because RHEL has the same "don't leak" > policy on RHEL sources too... VMware even goes so far as to blatantly > claim not to use Linux. How about Google's internal Linux? > > GPL is dead (has been for 20y), build the strongest defenses you can > with whatever code you can get and prove, because your adversaries > won't care about which license clause their tooling adheres to. > > Boris Lukashev > Systems Architect > Semper Victus > > Original Message > From: linuxgpl...@redchan.it > Sent: Wednesday, January 23, 2019 05:35 PM > To: br...@perens.com > Subject: Re: GRSec is vital to Linux security > CC: > mog...@columbia.edu,bk...@sfconservancy.org,complia...@sfconservancy.org,blukas...@sempervictus.com,tcall...@redhat.com,torva...@osdl.org
Re: GRSec is vital to Linux security
Sue to what end? Force them to freely distribute their work/give up all those hours of backports/integration and actual invention? The only thing a suit could achieve is to prevent them from doing any work at all as you cant force someone to work for free (in the US, under most circumstances). No contributor will be able to prove quantifiable material damages, and the outcomes are between destruction of the only Linux vendor who puts priority on security or a waste of money and time in the lawsuit. Only the lawyers benefit, everyone else loses out directly or indirectly. Are you a lawyer, acting on behalf of someone interested in slowing the progress of defensive technologies, or just miss the days when being as script kiddie made people feel powerful? On Thu, Jan 24, 2019 at 11:54 AM wrote: > > There is ample standing to sue. GRSec made it's "access agreement" > public, > which included terms to prevent redistribution (if you redistribute, we > punish you). Which is a direct violation of the "no additional > restrictive terms" > clause in the GPL. > > Why won't anyone bring a copyright lawsuit? > > Are they happy that GRSec gets to use their code, and prevent anyone > from > freeing the derivative work? The whole point of the GPL is that > derivative > works be under the same terms. > > Bradly Spengler has violated this understanding, he thinks that his code > doesn't need to be under the same terms. The code which is simply a > derivative work of the linux kernel. > > There is a valid, actionable case here. > > Any of the programmers / copyright owners who's code he modified can sue > him. > He is violating their terms of use of their software. > He is in the USA. It's not difficult. Just SUE. > > Just because VMWare does things one doesn't like doesn't mean you cannot > sue > Bradly Spengler. > > Another thing is, the "Free software" legal "representation" is trash. > The SFConservancy was run for the longest time by a non-lawyer BKuhn. > > He advised "clients" to WAIT it out! And then.. guess what they have > waiting years? > No case because the statute of limitations had been passed. > > That's how that baby-faced moron has "helped" the free software legal > cause. > > You guys need to hire real IP lawyers, not bullshit pretenders. > And if Bradly is making money, and enough of it, you might have profits > you could target. > > I kinda think that the "Free software legal" teams exist only to diffuse > valid suits, > and stymie the guys who actually wrote the code and retained their > copyrights. > > Pure legal malpractice by any accounting. > > On 2019-01-24 16:25, Boris Lukashev wrote: > > You've never heard of VMware, I take it? Its a proprietary half Linux > > which beats GPL suits with strong arm tactics and technicalities. > > Unlike grsec, they don't distribute any source, because it's proof of > > theft... Grsecs back port work is also public, since they're public > > upstream patches or mailing list patches, the GCC plugins are the real > > magic... Those aren't as GPL as the kernel, rap is patented, respectre > > likely will be as well. The critical code changes they need (per CPU > > PGD, for one) will not be accepted as Linus has "said so." Those code > > bits are out there... > > > > Also, doesn't matter if their patch leaks for the most part (4.4 just > > did get leaked a few weeks back), as I wrote before, nobody really has > > the time or skill available to maintain at their level of quality... > > Linux might be free, but it's not something that should be run in > > production when there's data or resource at stake. > > > > Is the thought process that they should open up their commercial > > stable code for free to all? Because RHEL has the same "don't leak" > > policy on RHEL sources too... VMware even goes so far as to blatantly > > claim not to use Linux. How about Google's internal Linux? > > > > GPL is dead (has been for 20y), build the strongest defenses you can > > with whatever code you can get and prove, because your adversaries > > won't care about which license clause their tooling adheres to. > > > > Boris Lukashev > > Systems Architect > > Semper Victus > > > > Original Message > > From: linuxgpl...@redchan.it > > Sent: Wednesday, January 23, 2019 05:35 PM > > To: br...@perens.com > > Subject: Re: GRSec is vital to Linux security > > CC: > > mog...@columbia.edu,bk...@sfconservancy.org,complia...@sfconservancy.org,blukas...@sempervictus.com,tcall...@redhat.com,torva...@osdl.org -- Boris Lukashev Systems Architect Semper Victus
Re: GRSec is vital to Linux security
There is ample standing to sue. GRSec made it's "access agreement" public, which included terms to prevent redistribution (if you redistribute, we punish you). Which is a direct violation of the "no additional restrictive terms" clause in the GPL. Why won't anyone bring a copyright lawsuit? Are they happy that GRSec gets to use their code, and prevent anyone from freeing the derivative work? The whole point of the GPL is that derivative works be under the same terms. Bradly Spengler has violated this understanding, he thinks that his code doesn't need to be under the same terms. The code which is simply a derivative work of the linux kernel. There is a valid, actionable case here. Any of the programmers / copyright owners who's code he modified can sue him. He is violating their terms of use of their software. He is in the USA. It's not difficult. Just SUE. Just because VMWare does things one doesn't like doesn't mean you cannot sue Bradly Spengler. Another thing is, the "Free software" legal "representation" is trash. The SFConservancy was run for the longest time by a non-lawyer BKuhn. He advised "clients" to WAIT it out! And then.. guess what they have waiting years? No case because the statute of limitations had been passed. That's how that baby-faced moron has "helped" the free software legal cause. You guys need to hire real IP lawyers, not bullshit pretenders. And if Bradly is making money, and enough of it, you might have profits you could target. I kinda think that the "Free software legal" teams exist only to diffuse valid suits, and stymie the guys who actually wrote the code and retained their copyrights. Pure legal malpractice by any accounting. On 2019-01-24 16:25, Boris Lukashev wrote: You've never heard of VMware, I take it? Its a proprietary half Linux which beats GPL suits with strong arm tactics and technicalities. Unlike grsec, they don't distribute any source, because it's proof of theft... Grsecs back port work is also public, since they're public upstream patches or mailing list patches, the GCC plugins are the real magic... Those aren't as GPL as the kernel, rap is patented, respectre likely will be as well. The critical code changes they need (per CPU PGD, for one) will not be accepted as Linus has "said so." Those code bits are out there... Also, doesn't matter if their patch leaks for the most part (4.4 just did get leaked a few weeks back), as I wrote before, nobody really has the time or skill available to maintain at their level of quality... Linux might be free, but it's not something that should be run in production when there's data or resource at stake. Is the thought process that they should open up their commercial stable code for free to all? Because RHEL has the same "don't leak" policy on RHEL sources too... VMware even goes so far as to blatantly claim not to use Linux. How about Google's internal Linux? GPL is dead (has been for 20y), build the strongest defenses you can with whatever code you can get and prove, because your adversaries won't care about which license clause their tooling adheres to. Boris Lukashev Systems Architect Semper Victus Original Message From: linuxgpl...@redchan.it Sent: Wednesday, January 23, 2019 05:35 PM To: br...@perens.com Subject: Re: GRSec is vital to Linux security CC: mog...@columbia.edu,bk...@sfconservancy.org,complia...@sfconservancy.org,blukas...@sempervictus.com,tcall...@redhat.com,torva...@osdl.org
Re: GRSec is vital to Linux security -- SFConservancy = legal malpractice. Use own lawyer.
One note: If you are going to defend your copyrights and the idea of the GPL, do not rely on the "free software legal groups". The "free software legal groups" exist only to commit legal malpractice. The guy who ran the SFConservancy (Bradly Kuhn IIRC) isn't even a lawyer. He advises "clients" to wait it out: AKA run down the statute-of-limitations so you have no case. A fucking _FAGGOT_. You cannot rely on the "Free software legal groups" to help you because _they do not exist_. Only recently did the SFConservancy hire a lawyer, and they had to put her in the head position because Bar rules do not allow a lawyer to be below non-lawyers in a legal firm. Just wanted to let you know.
Re: GRSec is vital to Linux security
On 2019-01-24 15:31, Enrico Weigelt, metux IT consult wrote: Do you have some actual proposals / patches ? Sue Open Source Security / Bradly Spengler for copyright infringement. Seek his profits as damages. I doubt you'll be able to get specific performance since the GPL is not a contact in this instance. (If you registered your copyright prior to the violation you can alternatively go for statutory damages + attoneys fees btw) He is _blatantly_ violating your copyright by adding an additional restrictive term regarding the distribution of his non-separable derivative work of the linux kernel code.
Fwd: Re: GRSec is vital to Linux security
Original Message Subject: Re: GRSec is vital to Linux security Date: 2019-01-24 16:25 From: Boris Lukashev To: linuxgpl...@redchan.it You've never heard of VMware, I take it? Its a proprietary half Linux which beats GPL suits with strong arm tactics and technicalities. Unlike grsec, they don't distribute any source, because it's proof of theft... Grsecs back port work is also public, since they're public upstream patches or mailing list patches, the GCC plugins are the real magic... Those aren't as GPL as the kernel, rap is patented, respectre likely will be as well. The critical code changes they need (per CPU PGD, for one) will not be accepted as Linus has "said so." Those code bits are out there... Also, doesn't matter if their patch leaks for the most part (4.4 just did get leaked a few weeks back), as I wrote before, nobody really has the time or skill available to maintain at their level of quality... Linux might be free, but it's not something that should be run in production when there's data or resource at stake. Is the thought process that they should open up their commercial stable code for free to all? Because RHEL has the same "don't leak" policy on RHEL sources too... VMware even goes so far as to blatantly claim not to use Linux. How about Google's internal Linux? GPL is dead (has been for 20y), build the strongest defenses you can with whatever code you can get and prove, because your adversaries won't care about which license clause their tooling adheres to. Boris Lukashev Systems Architect Semper Victus Original Message From: linuxgpl...@redchan.it Sent: Wednesday, January 23, 2019 05:35 PM To: br...@perens.com Subject: Re: GRSec is vital to Linux security CC: mog...@columbia.edu,bk...@sfconservancy.org,complia...@sfconservancy.org,blukas...@sempervictus.com,tcall...@redhat.com,torva...@osdl.org
Re: GRSec is vital to Linux security
On Thu, Jan 24, 2019 at 04:31:10PM +0100, Enrico Weigelt, metux IT consult wrote: > On 23.01.19 21:46, Ivan Ivanov wrote: > > > Linux really needs to stop adding new features and > > refactor itself to a smaller and more secure codebase before going > > forward. Maybe 1 year break would be nice. > > Do you have some actual proposals / patches ? Enrico, you're responding to a notorious troll. If you haven't noticed, this "Ivan Ivanov" sock puppet is a persona of some bastard who talks to him/herself while tarnishing the name of our dear friend MikeeUSA (a true pillar of the community!). His/her methods evolve, but the gist is the same. Expect bringing up a bogus but semi-plausible controversy in order to start as big a thread as possible, then once people who this bastard wants to attack have joined, try to equate their position in the public view with statements such as: (Excuse the quotation, please wipe your monitor afterwards.) # But from a man? # # Well, goes to show you. White men ain't men. Best they are is 40 year # old bois. Faggots to say for short in American parlance. # # Same reason they won't hold it down when a bunch of fucking cunts CoC # them. You build the whole edifice, then you let a bunch of do-nothing # white women rule over the thing you built and you. And this has been going for quite a while. Connecting to systemd threads doesn't seem to work any longer, as people on debian-user vs dng have wisened up. Same with license rescinsion threads. What you read is just a yet another attempt to stir up some excrement. Don't let any of it spray on you. Because that's the fake-Mikee's way. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands ⢿⡄⠘⠷⠚⠋⠀ for Privacy. ⠈⠳⣄
Re: GRSec is vital to Linux security
On 23.01.19 21:46, Ivan Ivanov wrote: > Linux really needs to stop adding new features and > refactor itself to a smaller and more secure codebase before going > forward. Maybe 1 year break would be nice. Do you have some actual proposals / patches ? --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering i...@metux.net -- +49-151-27565287
Re: GRSec is vital to Linux security
On 2019-01-23 20:46, Ivan Ivanov wrote: Interesting point of view. Well, to be honest it seems to me that Linux kernel sacrifices the security for the sake of progress, so it is quite bloated at the moment and I am not sure that even GRSecurity could fix it. Linux really needs to stop adding new features and refactor itself to a smaller and more secure codebase before going forward. Maybe 1 year break would be nice. This man speaks the truth. The constant flux reintroduces long-fixed bugs, like a constant inflowing tide. The code can never be stabilized due to the endless needless work of the worker-bee wage-slaves. Thus the code always has new hidden security errors. GRSecurity can barely keep up. A "feature" of the wage-slave era of Linux, that we did not have in the Hacker era of Linux (the people targeted by the CoC, who actually created the land where the wage-slave code churners now graze) "Free" workers from for-profit and government connected enterprises do not come with no-strings-attached, and the enterprises are not stupid: they refactor to get their way if an initial strategy isn't working. The only real flux of any significant magnitude that should occur is with the addition of new drivers. Instead code is ripped out and replaced everywhere for little to no real gain. That being said... GRSecurity's GPL violation is the most blatant upfront violation of the GPL I've ever seen (they put it in writing and don't try to hide it (you redistribute, we punish you)). They also do not deal with small businesses or people who would like to purchase a "license" from them. Only large businesses and government contracts. They're afraid that a small company would pay for 1 server "license" and then release the code, I think. Some people wonder why hasn't anyone penetrated their Download server and stolen the code back and released it? Maybe because GRSecurity knows what they're doing. If it were hosted on a vanilla linux server, it would be out by now. Remember: it's been well over a year. Not one leak of the code, not one penetration, nothing. They know how to secure a linux machine. Linus does not. He just allows endless useless flux, barely manages the project, places it all in the hands of the wage-slaves (who simply do their job for their company, not for the betterment of the thing (no passion)) and ousts the old Hackers who built the thing with Linus from the ground up originally. Legal action could be taken to stop GrSecurity's blatant violation; one could atleast sue for the profits. It is a non-seperable work, they are violating the "no additional restrictions" rule, in writing. They violated the copyright - it's as simple as that in the end. No one does a thing. Ofcourse the wage-slaves do not: they don't own their own code and don't have agency even over their own lives anyway. Their bosses could do something though, the companies that own the wage-slave's code. The Hackers, who's code still resides in the linux kernel AND/OR who's code was a predecessor of current code (even if it is not the same as their original code) also have standing. Nothing is done. It's as if the GPL is just worthless trash. It has not stopped GRSecurity from closing their derivative work of the kernel and threatening anyone who would redistribute the non-separable derivative work. They just laugh at Linus, the Hackers, and especially the wage-slaves. Didn't someone once say "Linux will be free forever" (hint: Lawrence Rosen). A piece of Linux isn't now... It hasn't panned out in reality.
Re: GRSec is vital to Linux security
Interesting point of view. Well, to be honest it seems to me that Linux kernel sacrifices the security for the sake of progress, so it is quite bloated at the moment and I am not sure that even GRSecurity could fix it. Linux really needs to stop adding new features and refactor itself to a smaller and more secure codebase before going forward. Maybe 1 year break would be nice. ср, 23 янв. 2019 г. в 21:22, : > > There are two iron laws when it comes to the linux-kernel and it's > facing towards the larger world. > > 1) The grsecurity-pax patch is absolutely vital if one wishes to not be > hacked by chinese(TM). (And has been vital for the last 15+ years.) > > 2) GRSecurity is _blatantly_ violating the GPL by adding additional > restrictive terms. > > > Other things we have come to know is that > A) Linus is a poor judge of quality, or just out of touch. > > To say that GRSecurity is garbage? > No linus, it's just the layer covering up the shit heap that the > linux-kernel is when it comes to exploitable code. > That stench you smell is not that nice grassy cover over the garbage > tip, it is what is below, what that top is holding down. > > You know... I would expect the things that Linus said about GRSecurity > from a white woman... I would expect that. Knowing nothing, spouting > bullshit, destroying lives. That's their _thing_. > > But from a man? > > Well, goes to show you. White men ain't men. Best they are is 40 year > old bois. Faggots to say for short in American parlance. > > Same reason they won't hold it down when a bunch of fucking cunts CoC > them. You build the whole edifice, then you let a bunch of do-nothing > white women rule over the thing you built and you. > > But hey, that's Linux!
GRSec is vital to Linux security
There are two iron laws when it comes to the linux-kernel and it's facing towards the larger world. 1) The grsecurity-pax patch is absolutely vital if one wishes to not be hacked by chinese(TM). (And has been vital for the last 15+ years.) 2) GRSecurity is _blatantly_ violating the GPL by adding additional restrictive terms. Other things we have come to know is that A) Linus is a poor judge of quality, or just out of touch. To say that GRSecurity is garbage? No linus, it's just the layer covering up the shit heap that the linux-kernel is when it comes to exploitable code. That stench you smell is not that nice grassy cover over the garbage tip, it is what is below, what that top is holding down. You know... I would expect the things that Linus said about GRSecurity from a white woman... I would expect that. Knowing nothing, spouting bullshit, destroying lives. That's their _thing_. But from a man? Well, goes to show you. White men ain't men. Best they are is 40 year old bois. Faggots to say for short in American parlance. Same reason they won't hold it down when a bunch of fucking cunts CoC them. You build the whole edifice, then you let a bunch of do-nothing white women rule over the thing you built and you. But hey, that's Linux!
