lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <28315c204184b212a3a60cdd393c3fd3@redchan.it>
Date:   Wed, 23 Jan 2019 22:28:45 +0000
From:   linuxgpletc@...chan.it
To:     Ivan Ivanov <qmastery16@...il.com>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        freebsd-chat@...ebsd.org, misc@...nbsd.org,
        gentoo-user@...ts.gentoo.org, rms@....org, esr@...rsus.com
Subject: Re: GRSec is vital to Linux security

On 2019-01-23 20:46, Ivan Ivanov wrote:
> Interesting point of view. Well, to be honest it seems to me that
> Linux kernel sacrifices the security for the sake of progress, so it
> is quite bloated at the moment and I am not sure that even GRSecurity
> could fix it. Linux really needs to stop adding new features and
> refactor itself to a smaller and more secure codebase before going
> forward. Maybe 1 year break would be nice.

This man speaks the truth. The constant flux reintroduces long-fixed 
bugs, like a constant inflowing tide. The code can never be stabilized 
due to the endless needless work of the worker-bee wage-slaves. Thus the 
code always has new hidden security errors.

GRSecurity can barely keep up.

A "feature" of the wage-slave era of Linux, that we did not have in the 
Hacker era of Linux (the people targeted by the CoC, who actually 
created the land where the wage-slave code churners now graze)

"Free" workers from for-profit and government connected enterprises do 
not come with no-strings-attached, and the enterprises are not stupid: 
they refactor to get their way if an initial strategy isn't working.

The only real flux of any significant magnitude that should occur is 
with the addition of new drivers. Instead code is ripped out and 
replaced everywhere for little to no real gain.

That being said... GRSecurity's GPL violation is the most blatant 
upfront violation of the GPL I've ever seen (they put it in writing and 
don't try to hide it (you redistribute, we punish you)).

They also do not deal with small businesses or people who would like to 
purchase a "license" from them. Only large businesses and government 
contracts.

They're afraid that a small company would pay for 1 server "license" and 
then release the code, I think.

Some people wonder why hasn't anyone penetrated their Download server 
and stolen the code back and released it?

Maybe because GRSecurity knows what they're doing. If it were hosted on 
a vanilla linux server, it would be out by now.

Remember: it's been well over a year. Not one leak of the code, not one 
penetration, nothing. They know how to secure a linux machine. Linus 
does not. He just allows endless useless flux, barely manages the 
project, places it all in the hands of the wage-slaves (who simply do 
their job for their company, not for the betterment of the thing (no 
passion)) and ousts the old Hackers who built the thing with Linus from 
the ground up originally.

Legal action could be taken to stop GrSecurity's blatant violation; one 
could atleast sue for the profits. It is a non-seperable work, they are 
violating the "no additional restrictions" rule, in writing. They 
violated the copyright - it's as simple as that in the end.

No one does a thing. Ofcourse the wage-slaves do not: they don't own 
their own code and don't have agency even over their own lives anyway. 
Their bosses could do something though, the companies that own the 
wage-slave's code. The Hackers, who's code still resides in the linux 
kernel AND/OR who's code was a predecessor of current code (even if it 
is not the same as their original code) also have standing.

Nothing is done. It's as if the GPL is just worthless trash. It has not 
stopped GRSecurity from closing their derivative work of the kernel and 
threatening anyone who would redistribute the non-separable derivative 
work. They just laugh at Linus, the Hackers, and especially the 
wage-slaves.

Didn't someone once say "Linux will be free forever" (hint: Lawrence 
Rosen). A piece of Linux isn't now... It hasn't panned out in reality.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ