/g/ - Technolo/g/y

No encryption or P2P talk

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


(1.93 MB 480x270 anim1493872651070.gif)
Bruce Perens - Warning: Grsecurity: Potential contributory infringement and breach of contract risk the hacker known as 4chan 07/05/2017 (Wed) 21:59:37 [Preview] No. 47 [Reply]
Bruce Perens issues an advisory regarding the GRSecurity copyright issue:
https://perens.com/blog/2017/06/28/warning-grsecurity-potential-contributory-infringement-risk-for-customers/
<blockquote>
Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers

It\u2019s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don\u2019t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.

By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer\u2019s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

As a customer, it\u2019s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity.

I have previously endorsed a company that distributes enhanced versions of GPL software to paying customers, but that company operated differently (and in a way that I would recommend to Grsecurity). They did not make any threat to customers regarding redistribution. They publicly distributed their commercial version within 9 months to one year after its customer-only distribution.

Message too long. Click here to view full text.



the hacker known as 4chan 07/06/2017 (Thu) 09:32:55 [Preview] No. 48 del
Thoughts/


the hacker known as 4chan 07/08/2017 (Sat) 06:02:47 [Preview] No. 49 del
(275.55 KB 1066x1600 anzu1492389956601.jpg)
Anzu



GRSecurity removes public testing patch - goes full commercial. the hacker known as 4chan 06/08/2017 (Thu) 23:35:18 [Preview] No. 45 [Reply]
I told you this would happen, you all said it wouldn't, I assured you he would go full commercial within a year. He did. --MikeeUSA

GRSecurity removes public testing patch - goes full commercial.

http://www.openwall.com/lists/kernel-hardening/2017/06/04/24

>"Don't worry about it, there's nothing for a "grateful" user like yourself
>to download anymore. Boy, if I had more "grateful" users like yourself
>obsessed with harrassing us on Twitter, Reddit, and IRC so that they
>can go around and paint themselves as some kind of victim, I wouldn't
>know what to do with myself.
>
>-Brad"

The solution?
As I said before, Copyright licenses (like any license) are freely revocable unless barred by estoppel. The GPL v2 lacks a no-revocation clause thus estoppel would be more difficult to argue (additonally none of the "agreeing parties" have ever met each other).

Message too long. Click here to view full text.



the hacker known as 4chan 06/09/2017 (Fri) 03:10:46 [Preview] No. 46 del
Theme song for this made today:
https://youtube.com/watch?v=CYnhI3wUej8 [Embed]



(1.03 MB 300x300 lol.gif)
beardo the hacker known as 4chan 03/23/2017 (Thu) 00:01:09 [Preview] No. 43 [Reply]
BEARD-O


rabbit39 05/11/2017 (Thu) 12:37:57 [Preview] No. 44 del
go to /b (random)



(291.86 KB 560x560 1463918801519.jpg)
the hacker known as 4chan 05/31/2016 (Tue) 19:18:59 [Preview] No. 34 [Reply]
Let's talk about p2p encryption, /g/
How is Tox coming along?
Are there any better encrypted p2p messengers?


the hacker known as 4chan 06/29/2016 (Wed) 01:35:29 [Preview] No. 36 del
i like this guy

Tox is fine, they support trump, thus freedom

group chat soon


the hacker known as 4chan 01/30/2017 (Mon) 22:30:38 [Preview] No. 42 del
>>34 is a cool guy who doesnt afraid of anything



SURE IS SUMMER SUMMER 07/16/2016 (Sat) 16:28:17 [Preview] No. 37 [Reply]
SURE IS SUMMER IN HERE


the hacker known as 4chan 08/21/2016 (Sun) 14:43:34 [Preview] No. 39 del
</summer>


the hacker known as 4chan 09/14/2016 (Wed) 15:51:18 [Preview] No. 40 del
(3.84 KB 634x169 asdf.png)


the hacker known as 4chan 09/18/2016 (Sun) 15:44:37 [Preview] No. 41 del
(61.49 KB 566x687 Spongebob.png)



(816.64 KB 1308x1588 womens_health_formula_1.jpg)
por favor amigo the hacker known as 4chan 05/12/2016 (Thu) 09:45:50 [Preview] No. 31 [Reply]
I need someone to do an illegal for me, upload these fonts in a zip to any pomf clone and post link here pls kthx X3.

https://aur.archlinux.org/packages/ttf-ms-fonts/


the hacker known as 4chan 06/10/2016 (Fri) 14:22:51 [Preview] No. 35 del
Sent ;)



GRsecurity is preventing others from redistributing source code the hacker known as 4chan 05/31/2016 (Tue) 18:53:36 [Preview] No. 33 [Reply]
GRsecurity is preventing others from employing their rights under version 2 the GPL to redistribute (by threatening them with a non-renewal of a contract to recive this patch to the linux kernel.)
(GRsecurity is a derivative work of the linux kernel (it is a patch))

People who have dealt with them have attested to this fact:
https://www.reddit.com/r/KotakuInAction/comments/4grdtb/censorship_linux_developer_steals_page_from_randi/
"You will also lose the access to the patches in the form of grsec not renewing the contract.
Also they've asked us (a Russian hosting company) for $17000+ a year for access their stable patches. $17k is quite a lot for us. A question about negotiating a lower price was completely ignored. Twice." -- fbt2lurker

And it is suggested to be the case here aswell:
https://www.reddit.com/r/linux/comments/4gxdlh/after_15_years_of_research_grsecuritys_rap_is_here/
"Do you work for some company that pays for Grsecurity? If so then would you kindly excersise the rights given to you by GPL and send me a tarball of all the latest patches and releases?" -- lolidaisuki
"sadly (for this case) no, i work in a human rights organization where we get the patches by a friendly and richer 3rd party of the same field. we made the compromise to that 3rd party to not distribute the patches outside and as we deal with some critical situations i cannot afford to compromise that even for the sake of gpl :/
the "dumber" version for unstable patches will make a big problem for several projects, i would keep an eye on them. this situation cannot be hold for a long time" -- disturbio



Is this not tortious interference, on grsecurity's (Brad Spengler) part, with the quazi-contractual relationship the sublicensee has with the original licensor?

Message too long. Click here to view full text.




Devuan considers enacting Code of Conduct. the hacker known as 4chan 05/31/2016 (Tue) 17:44:34 [Preview] No. 32 [Reply]
Devuan, the once devil-may-care total fork of Debian, once linked to virulent internet sexism and gamer-gate affiliated image forums by Debian Developer Russel Coker, has mulled the option of enacting a Code of Conduct when one of its female members was insulted:

> https://botbot.me/freenode/devuan/2016-05-25/?page=2
>jaromil today i was scrolling through http://geekfeminism.wikia.com/wiki/Timeline_of_...
>golinux Well, I tried but couldn't find anybody. Then nextime popped up
>jaromil jeez. we need to take precautions. and also I get the point from Sarah Mei we need a code of conduct on-line and later for on-site http://www.sarahmei.com/blog/2015/02/01/the-fos...
> its never too early for that
>
>golinux One can only control one's own actions. ;)
>
>jaromil ah the wise one
...
>Wizzup he is doxed?
>jaromil that's him. we have a dossier yes

Devuan has been criticized for taking a "who gives a damn" and "real admins do it all by hand themselves every install" attitude towards security hardening scripts, and dispise in particular any mention of the "bastille" linux hardening script (originally funded by Mandrake Linux).

Message too long. Click here to view full text.




(656.11 KB 2048x1536 1449136441560.jpg)
Anonymous 12/20/2015 (Sun) 23:05:46 [Preview] No. 1 [Reply]
Why /g/ when there's /tech/?


Anonymous 12/20/2015 (Sun) 23:15:03 [Preview] No. 3 del
This is totally different:

1. It's only one letter to type
2. it comes from 4chan not 8chan
3. I couldn't be BO of /tech/, it was already taken.
4. Competition is good, 'Muerica


Anonymous 12/20/2015 (Sun) 23:16:38 [Preview] No. 4 del
>>3
I like how your list starts out as why it's different and ends up as why it's here


Anonymous 12/20/2015 (Sun) 23:17:48 [Preview] No. 7 del
>>4
Fuck You

How do you upload youtubes?
https://www.youtube.com/watch?v=FAUnDDTz30k


the hacker known as 4chan 12/21/2015 (Mon) 00:25:10 [Preview] No. 10 del
>>3
4: yeah well we'll wait and see which one survives


the hacker known as 4chan 01/05/2016 (Tue) 11:52:10 [Preview] No. 30 del
(215.29 KB 894x894 1451302047573.png)
>>3
>/g/ - Technology Textboards /prog/ & /tech/
>2. it comes from 4chan not 8chan
Pick one



LynxChan Admin Log the hacker known as 4chan 12/24/2015 (Thu) 09:52:31 [Preview] No. 21 [Reply]
Ok I'm going to log some of the development/devops/admin of LynxChan for those interested.
3 posts omitted.


the hacker known as 4chan 12/25/2015 (Fri) 02:58:52 [Preview] No. 25 del
>>24
Then developers showed up. We needed a way for everyone to be able to edit files without stepping on each others toes.

So a SCM (Source Code Management) repo was needed. Everything is using git, so we needed to get a proper git set up going.

And an reverse proxy (nginx) was needed so we can set up sub domains for staging and dev. But for that to work, we needed to upgrade LynxChan to 1.4.

So we did a fresh install of LynxChan 1.4 on port 8080 bound to all (0.0.0.0). We fixed up the template a little bit to bring our existing edits into it.

Then we found out that running LynxChan 1.3 and 1.4 is really really bad. StephenLynx helped us make the appropriate fixed in mongo to make 1.3 happy and we stopped 1.4.

Then we focused on nginx. Yum's latest nginx was really old. So we compiled the latest from source. Got nginx installed and then stop 1.3 and switched over to 1.4


the hacker known as 4chan 12/25/2015 (Fri) 03:00:32 [Preview] No. 26 del
>>23
Good question, let me ask.


the hacker known as 4chan 12/25/2015 (Fri) 03:11:35 [Preview] No. 27 del
>>26
>>23

He used giftcards


the hacker known as 4chan 12/25/2015 (Fri) 12:19:37 [Preview] No. 28 del
>>25
The problem is not running both at the same time, but running both using the same database.


the hacker known as 4chan 12/29/2015 (Tue) 06:28:36 [Preview] No. 29 del
>>25
Some one set up LetsEncrypt SSL. We installed the server into LynxChan and Nginx (though only nginx was required). We figured good to just have it ready on LynxChan just in case.

And since we have a similar situation to 8chan, where the owner doesn't own the domain. We decided to get a 2nd domain as a back up. Infinow was purchased and set up on CloudFlare.

Then we set out to make the templates SSL friendly. A lot of the URLs were absolute URLs referencing images as http. This will break under SSL, so we had to make the template URL relative.

People really like the 8chan feel, a lot of compliments for the styled front-end. Minor tweaks were made to various UI elements including message box, navigation items, and several to home page.