lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 29 Sep 2006 12:43:02 -0700
From:	"jdow" <jdow@...thlink.net>
To:	"linux-kernel" <linux-kernel@...r.kernel.org>
Subject: Re: GPLv3 Position Statement

From: "Helge Hafting" <helge.hafting@...el.hist.no>
> Thomas Gleixner wrote:
>> On Mon, 2006-09-25 at 12:31 +0100, Alan Cox wrote:
>>   
>>> The GPLv3 rewords it in an attempt to be clearer but also I think rather
>>> more over-reaching. It's not clear what for example happens with a
>>> rented device containing GPL software but with DRM on the hardware.
>>> Thats quite different to owned hardware. GPLv2 leaves it open for the
>>> courts to make a sensible decision per case, GPLv3 tries to define it in
>>> advance and its very very hard to define correctly.
>>>     
>>
>> Also the prevention of running modified versions is not only caused by
>> economic interests and business models. There are also scenarios where
>> it is simply necessary:
>>
>> - The liability for damages, where the manufacturer of a device might
>> be responsible in case of damage when he abandoned the prevention. This
>> applies to medical devices as well as to lasers, machine tools and many
>> more. Device manufacturers can not necessarily escape such liabilities
>> as it might be considered grossly negligent to hand out the prevention
>> key, even if the user signed an exemption from liability.
>>   
> This seems silly to me.  Sure, lasers and medical equipment is
> dangerous if used wrong.  When such equipment is
> controlled by software, then changing that software brings
> huge responsibility.  But it shouldn't be made impossible.
> 
> They can provide the key, with the warning that _using_ it
> means you are on your own and take all responsibility.

In some more rational parts of the world (presuming they exist
evidence to the contrary) this approach might work. This requires
a people and government that are rather libertarian with the people
taking full responsibility for their own actions. Now, I live in
the country that awarded a woman millions of dollars because she
was stupid enough to put a hot container of coffee in her lap as
she reached over to her purse to make change. Of course it spilled
and scorched her in a "nasty place to be scorched." This is also
the country that awarded two drunken idiots who decided to trim a
hedge with a rotary lawn mower. They tried to pick it up by the
skirts and lost their fingers to the spinning blades. They sued
the manufacturer for allowing them to be stupid - and won. So the
blunt answer is "Product Liability."

> I can take the covers off a cd player and let the laser
> shine into the room.  Nothing prevents me from doing
> that, it isn't welded shut or anything.  And it might
> be useful if I ever need a laser beam.  Of course I am
> then responsible if I take someone's eye out.  CD players
> have warning labels about this.  And the same can be done
> for the keys to dangerous software.

Those warnings probably are not enough in a US court of law. But
they are enough to discourage most idiots who do get blinded by
their own stupidity from trying to sue.

>> - Regulations to prevent unauthorized access to radio frequencies, which
>> is what concerns e.g. cellphone manufacturers.
>>   
> Unauthorized use is illegal and easy enough to track down.
> No special protection is needed.  And it cannot be enforced
> by making the phones har to modify - any radio amateur knows
> how to build from scratch a transmitter to jam the GSM bands
> if he should be inclined to do so. Anyone can look this up in
> books too.

The bozo has to go through enough effort to build such a jammer
that it'd (mostly) insulate the parts manufactures from liability.
It's a little more work than pulling some CDROM screws and blinding
people in the room as a result. (Yeah, I darned well know how little
actual work is involved. But actual knowledge is also involved so it
would be hard for that jammer to escape personal responsibility. Of
course, there is the spark gap jammer.... Anecdotal evidence shows
that the spark gap noise can motivate the Los Angeles FCC office to
get off their lazy asses in a hurry, though.)

{^_-}   Joanne
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists