GRSec is vital to Linux security

GRSec is vital to Linux security

[linuxgpletc]

There are two iron laws when it comes to the linux-kernel and it's
facing towards the larger world.

1) The grsecurity-pax patch is absolutely vital if one wishes to not be
hacked by chinese(TM). (And has been vital for the last 15+ years.)

2) GRSecurity is _blatantly_ violating the GPL by adding additional
restrictive terms.


Other things we have come to know is that
A) Linus is a poor judge of quality, or just out of touch.

To say that GRSecurity is garbage?
No linus, it's just the layer covering up the shit heap that the
linux-kernel is when it comes to exploitable code.
That stench you smell is not that nice grassy cover over the garbage
tip, it is what is below, what that top is holding down.

You know... I would expect the things that Linus said about GRSecurity
from a white woman... I would expect that. Knowing nothing, spouting
bullshit, destroying lives. That's their _thing_.

But from a man?

Well, goes to show you. White men ain't men. Best they are is 40 year
old bois. Faggots to say for short in American parlance.

Same reason they won't hold it down when a bunch of fucking cunts CoC
them. You build the whole edifice, then you let a bunch of do-nothing
white women rule over the thing you built and you.

But hey, that's Linux!

Re: GRSec is vital to Linux security

[Ivan Ivanov]

Interesting point of view. Well, to be honest it seems to me that
Linux kernel sacrifices the security for the sake of progress, so it
is quite bloated at the moment and I am not sure that even GRSecurity
could fix it. Linux really needs to stop adding new features and
refactor itself to a smaller and more secure codebase before going
forward. Maybe 1 year break would be nice.

ср, 23 янв. 2019 г. в 21:22, <linuxgpletc@redchan.it>:
>
> There are two iron laws when it comes to the linux-kernel and it's
> facing towards the larger world.
>
> 1) The grsecurity-pax patch is absolutely vital if one wishes to not be
> hacked by chinese(TM). (And has been vital for the last 15+ years.)
>
> 2) GRSecurity is _blatantly_ violating the GPL by adding additional
> restrictive terms.
>
>
> Other things we have come to know is that
> A) Linus is a poor judge of quality, or just out of touch.
>
> To say that GRSecurity is garbage?
> No linus, it's just the layer covering up the shit heap that the
> linux-kernel is when it comes to exploitable code.
> That stench you smell is not that nice grassy cover over the garbage
> tip, it is what is below, what that top is holding down.
>
> You know... I would expect the things that Linus said about GRSecurity
> from a white woman... I would expect that. Knowing nothing, spouting
> bullshit, destroying lives. That's their _thing_.
>
> But from a man?
>
> Well, goes to show you. White men ain't men. Best they are is 40 year
> old bois. Faggots to say for short in American parlance.
>
> Same reason they won't hold it down when a bunch of fucking cunts CoC
> them. You build the whole edifice, then you let a bunch of do-nothing
> white women rule over the thing you built and you.
>
> But hey, that's Linux!

Re: GRSec is vital to Linux security

[linuxgpletc]

On 2019-01-23 20:46, Ivan Ivanov wrote:
> Interesting point of view. Well, to be honest it seems to me that
> Linux kernel sacrifices the security for the sake of progress, so it
> is quite bloated at the moment and I am not sure that even GRSecurity
> could fix it. Linux really needs to stop adding new features and
> refactor itself to a smaller and more secure codebase before going
> forward. Maybe 1 year break would be nice.

This man speaks the truth. The constant flux reintroduces long-fixed 
bugs, like a constant inflowing tide. The code can never be stabilized 
due to the endless needless work of the worker-bee wage-slaves. Thus the 
code always has new hidden security errors.

GRSecurity can barely keep up.

A "feature" of the wage-slave era of Linux, that we did not have in the 
Hacker era of Linux (the people targeted by the CoC, who actually 
created the land where the wage-slave code churners now graze)

"Free" workers from for-profit and government connected enterprises do 
not come with no-strings-attached, and the enterprises are not stupid: 
they refactor to get their way if an initial strategy isn't working.

The only real flux of any significant magnitude that should occur is 
with the addition of new drivers. Instead code is ripped out and 
replaced everywhere for little to no real gain.

That being said... GRSecurity's GPL violation is the most blatant 
upfront violation of the GPL I've ever seen (they put it in writing and 
don't try to hide it (you redistribute, we punish you)).

They also do not deal with small businesses or people who would like to 
purchase a "license" from them. Only large businesses and government 
contracts.

They're afraid that a small company would pay for 1 server "license" and 
then release the code, I think.

Some people wonder why hasn't anyone penetrated their Download server 
and stolen the code back and released it?

Maybe because GRSecurity knows what they're doing. If it were hosted on 
a vanilla linux server, it would be out by now.

Remember: it's been well over a year. Not one leak of the code, not one 
penetration, nothing. They know how to secure a linux machine. Linus 
does not. He just allows endless useless flux, barely manages the 
project, places it all in the hands of the wage-slaves (who simply do 
their job for their company, not for the betterment of the thing (no 
passion)) and ousts the old Hackers who built the thing with Linus from 
the ground up originally.

Legal action could be taken to stop GrSecurity's blatant violation; one 
could atleast sue for the profits. It is a non-seperable work, they are 
violating the "no additional restrictions" rule, in writing. They 
violated the copyright - it's as simple as that in the end.

No one does a thing. Ofcourse the wage-slaves do not: they don't own 
their own code and don't have agency even over their own lives anyway. 
Their bosses could do something though, the companies that own the 
wage-slave's code. The Hackers, who's code still resides in the linux 
kernel AND/OR who's code was a predecessor of current code (even if it 
is not the same as their original code) also have standing.

Nothing is done. It's as if the GPL is just worthless trash. It has not 
stopped GRSecurity from closing their derivative work of the kernel and 
threatening anyone who would redistribute the non-separable derivative 
work. They just laugh at Linus, the Hackers, and especially the 
wage-slaves.

Didn't someone once say "Linux will be free forever" (hint: Lawrence 
Rosen). A piece of Linux isn't now... It hasn't panned out in reality.

Re: GRSec is vital to Linux security

[Enrico Weigelt, metux IT consult]

On 23.01.19 21:46, Ivan Ivanov wrote:

> Linux really needs to stop adding new features and
> refactor itself to a smaller and more secure codebase before going
> forward. Maybe 1 year break would be nice.

Do you have some actual proposals / patches ?


--mtx

-- 
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info@metux.net -- +49-151-27565287

Re: GRSec is vital to Linux security

[Adam Borowski]

On Thu, Jan 24, 2019 at 04:31:10PM +0100, Enrico Weigelt, metux IT consult wrote:
> On 23.01.19 21:46, Ivan Ivanov wrote:
> 
> > Linux really needs to stop adding new features and
> > refactor itself to a smaller and more secure codebase before going
> > forward. Maybe 1 year break would be nice.
> 
> Do you have some actual proposals / patches ?

Enrico, you're responding to a notorious troll.  If you haven't noticed,
this "Ivan Ivanov" sock puppet is a persona of some bastard who talks to
him/herself while tarnishing the name of our dear friend MikeeUSA (a true
pillar of the community!).  His/her methods evolve, but the gist is the
same.  Expect bringing up a bogus but semi-plausible controversy in order
to start as big a thread as possible, then once people who this bastard
wants to attack have joined, try to equate their position in the public view
with statements such as:

(Excuse the quotation, please wipe your monitor afterwards.)

# But from a man?
#
# Well, goes to show you. White men ain't men. Best they are is 40 year
# old bois. Faggots to say for short in American parlance.
#
# Same reason they won't hold it down when a bunch of fucking cunts CoC
# them. You build the whole edifice, then you let a bunch of do-nothing
# white women rule over the thing you built and you.

And this has been going for quite a while.

Connecting to systemd threads doesn't seem to work any longer, as people on
debian-user vs dng have wisened up.  Same with license rescinsion threads. 
What you read is just a yet another attempt to stir up some excrement.
Don't let any of it spray on you.  Because that's the fake-Mikee's way.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands
⢿⡄⠘⠷⠚⠋⠀ for Privacy.
⠈⠳⣄⠀⠀⠀⠀

Re: GRSec is vital to Linux security

[linuxgpletc]

On 2019-01-24 15:31, Enrico Weigelt, metux IT consult wrote:
> Do you have some actual proposals / patches ?

Sue Open Source Security / Bradly Spengler for copyright infringement. 
Seek his profits as damages. I doubt you'll be able to get specific 
performance since the GPL is not a contact in this instance. (If you 
registered your copyright prior to the violation you can alternatively 
go for statutory damages + attoneys fees btw)

He is _blatantly_ violating your copyright by adding an additional 
restrictive term regarding the distribution of his non-separable 
derivative work of the linux kernel code.

Re: GRSec is vital to Linux security -- SFConservancy = legal malpractice. Use own lawyer.

[linuxgpletc]

One note: If you are going to defend your copyrights and the idea of the 
GPL, do not rely on the "free software legal groups".

The "free software legal groups" exist only to commit legal malpractice.

The guy who ran the SFConservancy (Bradly Kuhn IIRC)  isn't even a 
lawyer. He advises "clients" to wait it out: AKA run down the 
statute-of-limitations so you have no case.

A fucking _FAGGOT_.

You cannot rely on the "Free software legal groups" to help you because 
_they do not exist_.

Only recently did the SFConservancy hire a lawyer, and they had to put 
her in the head position because Bar rules do not allow a lawyer to be 
below non-lawyers in a legal firm.

Just wanted to let you know.

Fwd: Re: GRSec is vital to Linux security

[linuxgpletc]

-------- Original Message --------
Subject: Re: GRSec is vital to Linux security
Date: 2019-01-24 16:25
 From: Boris Lukashev <blukashev@sempervictus.com>
To: linuxgpletc@redchan.it

You've never heard of VMware, I take it? Its a proprietary half Linux
which beats GPL suits with strong arm tactics and technicalities. Unlike
grsec, they don't distribute any source, because it's proof of theft...
Grsecs back port work is also public, since they're public upstream
patches or mailing list patches, the GCC plugins are the real magic...
Those aren't as GPL as the kernel, rap is patented, respectre likely
will be as well. The critical code changes they need (per CPU PGD, for
one) will not be accepted as Linus has "said so." Those code bits are
out there...

Also, doesn't matter if their patch leaks for the most part (4.4 just
did get leaked a few weeks back), as I wrote before, nobody really has
the time or skill available to maintain at their level of quality...
Linux might be free, but it's not something that should be run in
production when there's data or resource at stake.

Is the thought process that they should open up their commercial stable
code for free to all? Because RHEL has the same "don't leak" policy on
RHEL sources too... VMware even goes so far as to blatantly claim not to
use Linux. How about Google's internal Linux?

GPL is dead (has been for 20y), build the strongest defenses you can
with whatever code you can get and prove, because your adversaries won't
care about which license clause their tooling adheres to.

Boris Lukashev
Systems Architect
Semper Victus

-------- Original Message --------
 From: linuxgpletc@redchan.it
Sent: Wednesday, January 23, 2019 05:35 PM
To: bruce@perens.com
Subject: Re: GRSec is vital to Linux security
CC:
moglen@columbia.edu,bkuhn@sfconservancy.org,compliance@sfconservancy.org,blukashev@sempervictus.com,tcallawa@redhat.com,torvalds@osdl.org

Author of GPC-Slots2 promises to sue "John Doe" who violated GPL recission.

[linuxgpletc]

Author of GPC-Slots2 threatens to sue "John Doe" who violated GPL 
recission.
(And who also added a "Code of Conduct", which Author of GPC-Slots2 is 
opposed to on principal,
and who decided to impersonate Author aswell, registering a false 
address in his nom-de-guerre)


http://8ch.net/tech/res/1018729.html#1024398


Anonymous  01/27/19 (Sun) 01:46:44 No.1023699

>> 1023661

> You can't revoke, though :^)

Yes I can, and have.

It is MY property. NOT YOURS.

I CAN TELL YOU THAT YOUR LICENSE IS REVOKED.

Infact, you, whomever you are: Your license is revoked.

You paid me nothing, there is not contract between you and I.

It is a bare license, without an attached interest.

You're license is revoked, and I will sue you if you modify, use, or 
distribute the game.

Understand >>1023661

Anonymous  01/28/19 (Mon) 15:29:22 No.1024316






>> 1023699

oh no no no

https://github.com/MikeeUSA/GPC-Slots-2






>> 1024316

And now you're violating copyright law, if you're the same "John Doe" 
etc.

Anonymous  01/28/19 (Mon) 19:56:29 No.1024380

And if I ever find out who you are, I will sue you.

Anonymous  01/28/19 (Mon) 19:57:45 No.1024382






>> 1024328

compiles better ;^)

Anonymous  01/28/19 (Mon) 20:02:05 No.1024384






>> 1024380

do it faggot

protip: you can't

Anonymous  01/28/19 (Mon) 20:06:36 No.1024390






>> 1024379

How am I violating copyright law? The code is licensed under the GPLv2+. 
I don't think I'm violating any requirements. If I do please tell me and 
I'll fix it.

Anonymous  01/28/19 (Mon) 20:07:37 No.1024391





>> 1024316

Probably same 8channer who made the fake account on linux game data 
base. I guess I could try to get discovery from them...





>> 1024384

Yes I can. The code is MY property, NOT yours, and I have rescinded 
permission to modify, make derivative works, and redistribute it FROM 
you (assuming you are the same John Doe). I can sue you for copyright.

IF... I can find out who you are (well I could sue "John Doe" and try to 
find out in discovery)

>> 1024382

You're still a moron. That is also a spot where a switch statement would 
be pointless. You could count the "string length", but that would take 
more computational time since PERL would have to convert it to a string, 
then count, rather than just comparing an int.

Anonymous  01/28/19 (Mon) 20:09:01 No.1024395






>> 1024390

Your license was rescinded by author.

You did not author anything, so you cannot hold him to the "terms".

In the USA he can and has rescinded permission from you.

Anonymous  01/28/19 (Mon) 20:09:55 No.1024396






>> 1024390

*(You did not  pay author anything, so you cannot hold him to the 
"terms".)

(There is no contract between you and him)

Anonymous  01/28/19 (Mon) 20:11:37 No.1024398






>> 1024390

1) I rescind your permission to modify, make derivative works, 
distribute the program. The GPL license you "have" been granted from me, 
is revoked.

2) you are impersonating me.

Re: Author of GPC-Slots2 promises to sue "John Doe" who violated GPL recission.

[linuxgpletc]

Some updates:

http://8ch.net/tech/res/1018729.html#1024398

Anonymous  01/29/19 (Tue) 08:32:45 No.1024591

>> 1024400

I rescind the license from you.

I am going to sue you if I find out who you are.

>> 1024400

> #This program is free software; you can redistribute it and/or

> #modify it under the terms of the GNU General Public License

> #as published by the Free Software Foundation; either version 2

> #of the License, or (at your option) any later version.

That is permission. It flows from me, NOT the file.

I am the owner of the GPC-Slots2 game code.

The previously given permission has been revoked from you.

A license, absent an interest, is revocable.

You have paid me nothing. I can and I have rescinded the license from 
you and am not granting you any others.

You are now violating my copyright, should you continue to 
redistribute/modify/etc.

That's how it works in the USA.

>> 1024405

Might waste more cycles than the compares.




-------




Anonymous  01/29/19 (Tue) 08:35:04 No.1024593

>> 1024586
>> 1024588
>> 1024589
I can't even imagine being this bootyblasted.
> #This program is free software; you can redistribute it and/or
> #modify it under the terms of the GNU General Public License
> #as published by the Free Software Foundation; either version 2
> #of the License, or (at your option) any later version.
You can't rescind this :^)


Anonymous  01/29/19 (Tue) 08:36:48 No.1024594
>> 1024591
> Might waste more cycles than the compares.
You know that gpcslots2 is written in perl, right?

>> 1024592
sue me then XDDDDDDSDDDDSDSSDDDD
Protip: you won't because you're a LARPer




-------




>> 1024593

YES I CAN.
HOW MUCH DID YOU FUCKING PAY ME?
NOTHING.

ARE WE IN A CONTRACT?
NO.

IT IS A BARE LICENSE.

I __CAN__ RESCIND IT AT ANY TIME. AND I HAVE FROM YOU YOU FUCKING PIECE 
OF FUCKING SHIT.

THE CODE IS NOT YOUR PROPERTY. IT IS _MY_ PROPERTY.
I CAN DECIDE HOW __MY____ FUCKING PROPERTY IS TO BE USED.

I DID _NOT__ GIVE YOU THE PROPERTY. I ALLOWED YOU A LICENSE TO USE IT. I 
HAVE NOW REVOKED THAT LICENSE FROM YOU YOU FUCKING PRO-WOMEN'S RIGHTS 
ANTI-MARRY-CUTE-YOUNG-GIRLS PIECE OF FUCKING FILTH.

As such, said language you quoted is no longer operative for you.
Show me a case otherwise.
You won't because you cannot.
Gratis licenses, without an attached interest, are revocable.


> p46 "As long as the project continues to honor the terms of the 
> licenses under which it recieved contributions, the licenses continue 
> in effect. There is one important caveat: Even a perpetual license can 
> be revoked. See the discussion of bare licenses and contracts in 
> Chapter 4"
--Lawrence Rosen

> p56 "A third problem with bare licenses is that they may be revocable 
> by the licensor. Specifically, /a license not coupled with an interest 
> may be revoked./ The term /interest/ in this context usually means the 
> payment of some royalty or license fee, but there are other more 
> complicated ways to satisfy the interest requirement. For example, a 
> licensee can demonstrate that he or she has paid some consideration-a 
> contract law term not found in copyright or patent law-in order to 
> avoid revocation. Or a licensee may claim that he or she relied on the 
> software licensed under an open source license and now is dependent 
> upon that software, but this contract law concept, called promissory 
> estoppel, is both difficult to prove and unreliable in court tests. 
> (The concepts of /consideration/ and /promissory estoppel/ are 
> explained more fully in the next section.) Unless the courts allow us 
> to apply these contract law principles to a license, we are faced with 
> a bare license that is revocable.
--Lawrence Rosen

> p278 "Notice that in a copyright dispute over a bare license, the 
> plaintiff will almost certainly be the copyright owner. If a licensee 
> were foolish enough to sue to enforce the terms and conditions of the 
> license, the licensor can simply revoke the bare license, thus ending 
> the dispute. Remeber that a bare license in the absence of an interest 
> is revocable."
--Lawrence Rosen

Lawrence Rosen - Open Source Licensing - Sofware Freedom and 
Intellectual property Law



> p65 "Of all the licenses descibed in this book, only the GPL makes the 
> explicity point that it wants nothing of /acceptance/ of 
> /consideration/:
> ...
> The GPL authors intend that it not be treated as a contract. I will say 
> much more about this license and these two provisions in Chapter 6. For 
> now, I simply point out that the GPL licensors are in essentially the 
> same situation as other open source licensors who cannot prove offer, 
> acceptance, or consideration. There is no contract."
--Lawrence Rosen

----
> David McGowan, Professor of Law, University of Minnesota Law School:

> "Termination of rights

> [...] The most plausible assumption is that a developer who releases 
> code under the GPL may terminate GPL rights, probably at will.

> [...] My point is not that termination is a great risk, it is that it 
> is not recognized as a risk even though it is probably relevant to 
> commercial end-users, accustomed to having contractual rights they can 
> enforce themselves.





-------


Anonymous  01/29/19 (Tue) 08:45:52 No.1024599
>> 1024594
> sue me then XDDDDDDSDDDDSDSSDDDD

Kindly provide your name, address, etc. Also a photo.

> Protip: you won't because you're a LARPer
I will if you're in the USA.
If you're not then this is a meaningless discussion. This is about US 
law, not some other country's law

Re: Author of GPC-Slots2 promises to sue "John Doe" who violated GPL recission. (update)

[linuxgpletc]

Some updates (2):

http://8ch.net/tech/res/1018729.html#1024398


Anonymous  01/29/19 (Tue) 08:47:02 No.1024601
>> 1024597
> HOW MUCH DID YOU FUCKING PAY ME?
Nothing. Thank God for that.
> ARE WE IN A CONTRACT?
No.
> IT IS A BARE LICENSE.
Is this lawyer speak? I'm not a lawyer, sorry.
> I CAN RESCIND IT AT ANY TIME.
wrong
> THE CODE IS NOT YOUR PROPERTY. IT IS _MY_ PROPERTY.
It is your intellectual property that you have licensed to me under the 
GPLv2+.
> I ALLOWED YOU A LICENSE TO USE IT.
correct
> I HAVE NOW REVOKED THAT LICENSE FROM YOU YOU [...].
no
> Show me a case otherwise.
why???????????
> Gratis licenses, without an attached interest, are revocable.
sorry m8. you are wrong




Anonymous  01/29/19 (Tue) 09:03:54 No.1024602
>> 1024601
> >ARE WE IN A CONTRACT?
> No.
Then explain to me, if we are not in a contract, how you can bind me to 
a "no revocation" clause. Explain it to me, slowly, please.
> >IT IS A BARE LICENSE.
> Is this lawyer speak? I'm not a lawyer, sorry.
Ignorance of the law is no excuse.
A bare license is simply permission.
When you allow someone to enter your house you are giving them a (bare) 
license to enter your house. When you tell them to leave you are 
rescinding that license. You can do so at any time.
Now if they pay you for "I can enter your house for 30 days", then 
because there is consideration, and a contract, you cannot then reneg on 
that term.
> >I CAN RESCIND IT AT ANY TIME.
> wrong
You just agreed that we are not in a contract, how can you now declare 
that I cannot rescind the license. Please explain you reasoning
> sorry m8. you are wrong
Give you legal reasoning.

Re: Author of GPC-Slots2 promises to sue "John Doe" who violated GPL recission. (update 3)

[linuxgpletc]

Some updates (3):

http://8ch.net/tech/res/1018729.html



Anonymous  01/29/19 (Tue) 09:23:25 No.1024608

>> 1024606

https://copyleft.org/guide/comprehensive-gpl-guidech8.html#x11-540007.4

Sorry lad.

Anonymous  01/29/19 (Tue) 09:25:16 No.1024609

>> 1024604

> Cites previously anonomyous paralegal woman from online rag

> Ignores published lawyers who are men

(Paralegal woman stopped talking after she would outed)

Anonymous  01/29/19 (Tue) 09:27:15 No.1024610

>> 1024608

Sorry, they published that "clarification" after I raised the issue, and 
their "clarification" is bullshit.

Guess what: The FSF doesn't make the law.

Quick rundown:

Section 4 of the GPLv2 states "parties who have received..."

The "you" here is the licensee, it is not the grantor (See Section 0 of 
the GPLv2 "Each licensee is addressed as "you". "). It is not applicable 
against the grantor of the license: it is a rule the licensee has to 
abide by, set by the grantor, in-order to have permission to modify or 
create derivative works at all.

About the printer driver case: The contract in that case is the 
preliminary writing, the offer to do business ("pay us, or alternatively 
follow the GPL"). The acceptance of that contract by following the terms 
of that preliminary writing (choosing the GPL instead of paying). That 
is why both contract and damages under copyright are available. Damages 
for the contract portion ("pay us"), or damages for violating the GPL 
license.

The parties later settled out of court. The key is that the businesses 
offer created two alternative means of acceptance of it's offer to do 
business: pay for the commercial license, or follow the GPL. So the 
court allowed the biz to recover the lost profit.

Anonymous  01/29/19 (Tue) 09:29:15 No.1024612

>> 1024608

Sorry, read a book *, not a publication by interested parties that was 
debunked 5 hours after it was published. 
https://lkml.org/lkml/2018/10/26/420

* 
https://www.amazon.com/Open-Source-Licensing-Software-Intellectual/dp/0131487876

Anonymous  01/29/19 (Tue) 09:34:06 No.1024614

>> 1024604

>> 1024608

Cites idiot self-sure* paralegal woman who doesn't know her ass from her 
elbow, and who went silent after she was outed, plus a publication from 
an interested party that was immediately debunked.

  (*is there any other type?)

Vs: Cites published lawyers well versed in their field.

Explains why interested party's publication is bullshit immediately once 
aware of the fraudulent advice.

Anonymous  01/29/19 (Tue) 09:36:24 No.1024615

Notice no response to >>1024602

Just a change of tactics.