lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 03 Aug 2017 17:14:54 +0000
From:   esodnencaocrefsdv@...thats3as.com
To:     "Ubuntu user technical support, not for general discussions" 
        <ubuntu-users@...ts.ubuntu.com>
Cc:     Xen <list@...hideout.nl>, dng@...ts.dyne.org,
        linux-kernel@...r.kernel.org, debian-user@...ts.debian.org
Subject: Re: MikeeUSA -- Notice Bruce Perens has NO response (nor does
 Moglen). [Was: Re: GrSecurity]

On 2017-08-03 09:13, Xen wrote:
> In Game Genie vs. Nintendo a company created a cheating device that
> would alter the operation of an existing product.
> 
> They won that case and were allowed to do it.
> 
> Distributing patches to be applied to an existing software product
> would really be no different than that. If Nintendo were to say "You
> can buy our product only if you agree never to modify it" I don't
> think that would make it any different.

(I'm tired of re-explaining this over and over to stupid american white 
men programmers.)
(I've allready done it again and again. Bruce Perens has already done 
it.)
(Your attorney can do it.)

You are simply WRONG.

WRONG WRONG WRONG.

You are a programmer and pretend you know something about the law. You 
do not.

Yet you will insist that since YOU know SOMETHING about something 
regarding logic (programming) that you are right,
all the attorneys are useless and wrong.

The Game Genie case is (off the top of my head) distinguishable in that 
1) none of Nintendo's copyrighted works were distributed with Game 
Genie.
Game Genie was not a derivative work of Nintendo's intellectual 
property.
(Additionally Game Genie is a separable product from the Nintendo 
system. )

COMPLETELY different here where GRSecurity team has gone into the linux 
code, modified it, and then published their modifications.
See the Anime Subs cases for a similar situation: yes subs for an anime 
are a derivative work of the anime.

You're simply wrong, programmer. So shut your mouth or go and study law 
for a few years before giving your "opinion" on legal matters again, 
understand lay person? Understand?

------

The GRSecurity patch snakes through almost the entire kernel; it really 
touches everywhere
(and Brad Spengler etc have publicly attested to this as a bullet point 
as it doesn't only
add features but fixes various in-place security errors); and not even 
as a monolithic block,
it puts a paw here, and there, and there (so on and so on for 8MBs), 
with the deft agility of a cat,
and the dexterity of a vine wrapped every which-way around the many 
branches of a bush:
it is a non-separable derivative work.

A counter example would be the Nvidia GFX driver: a portion of that 
driver works across platforms.
That portion which works on Linux, Windows, etc is a separable work and 
thus can be argued
to be standalone before a court. Furthermore, in the Nvidia case, that 
portion was likely
developed on another platform and the wrapper was then built to conform 
to it.

The wrapper itself that interfaces with linux is licensed under the same 
terms as linux.

Other drivers can be written in a similar way.

With GRSecurity, on the other-hand, that is absolutely impossible. 
GRSecurity exists
only to give the linux kernel "self protection" (their words IIRC). They 
do this
by going in with a scalpel to thousands of areas in the kernel and 
making small
but important* edits and additions, as-well as by writing some new 
routines to then
use throughout the kernel.

Unlike a plug-in; their derivative work does not and cannot stand alone.

The Anime-Subs cases reaffirmed somewhat recently that a derivative work
that cannot stand alone and is not authorized is an infringing work.

(Ex: You're a fan, you listen to the Anime Girl cartoon in Japanese,
you write down what they say, you distribute that: that text is a
derivative work and not a standalone one: it required the existence
of the cartoon to itself exist or have any meaning).

The situations are very different thusly and that a court
would find GRSecurity to be infringing. If the GRSecurity patch is not
a derivative work then nothing in the realm of source-code is.

As for making modifications: To create the patch Brad Spengler modified 
the
linux-kernel over the course of 15 years, and to continue continually 
producing
new patches he continually modifies the linux-kernel even more. Without
permission of the license he has no right to modify the kernel. The 
mechanical
modification that is done by patching is a red-herring in this case 
since it's
not needed to argue infringement on Mr Spengler's part once he has been 
found
to have added an additional term to the agreement between him and 
further
distributees of the derivative work. Once he has done that, he has 
violated
the license grant, and he no-longer has a right to distribute the work, 
nor
to distribute derivative works, nor to modify the work in-order to 
create
future derivative works.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ