:: Re: [DNG] I have a question about l…
Página Inicial
Delete this message
Reply to this message
Autor: Miroslav Rovis
Data:  
Para: dng
Assunto: Re: [DNG] I have a question about libsystemd0 in devuan ascii,
On 170702-17:22-0700, Bruce Perens wrote:
> This might make a little more sense if you still can't understand:
>
> By operating under their previously-stated policy of denying further
> service to clients who exercise their right to distribute under the GPL
> license, Open Source Security Inc. creates an expectation that exercise of
> the re-distribution right required under the terms of the GPL will lead to

Just taking note of the supposed herewith:
> business damage to the customer.

expressed care for users of the Linux kernel, which is users of all GNU/Linuces
distros.
> This practice effectively is an added term
> to the license, and addition of such a term is prohibited under language in
> GPL section 6. This leads to termination of the GPL license granted to Open
> Source Security Inc., and thus to copyright infringement of the Linux
> Kernel by that entity. In addition, the GPL is breached as a contract from
> the copyright holders of the Linux software to which Open Source Security
> Inc. and the customer are both joined.


And Schmoog the Schmoogle taking over the control of security of Linux, which
is being happening, which has been happening since the
(for-that-purpose-founded) inception of the KSPP-project... Look at even the
icon! It's a parody on PaX's icon, only KSPP looks like a freaking idiotic
cop...

And Schmoog the Schmoogle taking over the control of security of Linux, who
cares about that! Let's beat the poor! And for the rich!

And the fact that those two "poor" (only in comparison, I sincerely hope grsec
guys are not really poor as I am currently, which means, surviving on a few
hundred euros per month total, but only poor in comparison to the relatively
luxurient living Mr Linus, the guy who keeps releasing bad kernels to us
all)...

[And the fact that those two "poor"] have done the golden contribution to the
machine inside the OS, the kernel of all GNU/Linuces, who cares about that...

You are the principal author of DFSG. And all the fundaments of Free Software
and related movements shine to me as if I were reading what was thought of and
written in the stars and not on the Earth, and to get to read basically
bike-shedding criticism of grsecurity when the injustice that cries to God is
what spender wrote about, in the real news of this thread
(
this thread that ought to have remained under subject:

grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii

but, in what looks like, and may and may not have been so, a move to divert
attention from the subject of discussion, while staying with it --but in
defence of the Schmoog, and of Mr Linux-- so at the cost of keeping a
completely non-related subject for more emails to follow in reply: yes I'm
talking about this apparent diversion at the aforementioned cost:
< same subject as this email, kept to this email to keep in the thread >
https://lists.dyne.org/lurker/message/20170627.231950.12bf1f5c.en.html
It is as described above because it followed --just not by replying to it--
this email:
grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,
https://lists.dyne.org/lurker/message/20170627.120949.727e804b.en.html
( where the subject line is perfectly appropriately changed, and even the "with
Linus' approval" holds, although it's more likely "Linus in cahoots", but no
proof of that, and "approval" is mild enough )
)

Yes, [to get to read basically bike-shedding criticism of grsecurity when the
injustice that cries to God is the truth that spender wrote, in the real news
of this thread] is very sad, to read so from the principal author of DFSG.

I'll repeat the news with more of my comments, but, first, I strongly believe
that there is not much to add about the alleged GPL license infringement by
Open Source Security Inc. after what Rick Moen wrote in one of his replies to
you, Bruce.

I will now, for clarity, insert from that quoted message into this email:

On 170627-22:22-0700, Rick Moen wrote:
> Quoting Bruce Perens (bruce@???):
>
> > I did offer to discuss the case with companies and their counsel,
> > under NDA, without charge. In addition, I just added to the article
> > parenthetically that I am willing to discuss why fair-use does not
> > apply, but would not complicate that article with it.
>
> Makes sense.

...
>
> > > The key bit is your sentence 'GPL version 2 section 6 explicitly
> > > prohibits the addition of terms such as this redistribution
> > > prohibition', which does not accord with my own understanding of that
> > > clause or of pragmatic copyright caselaw -- as I've said.
> >
> >
> > OK. I just read it again:
> >
> > 6. Each time you redistribute the Program (or any work based on the
> > Program), the recipient automatically receives a license from the
> > original licensor to copy, distribute or modify the Program subject to
> > these terms and conditions. You may not impose any further restrictions
> > on the recipients' exercise of the rights granted herein.
> >
> > And your theory of this not applying is?
>
> Simply that Spengler and friends have not imposed any further
> restriction on the recipients' exercise of the rights granted therein.
>
> Hypothetically, it is claimed that they have suggested that they will
> terminate the support contract of any customer who exercises that right.
> If true, their doing so would not prevent or impede the customer
> exercising the rights granted to them by the upstream coders (as applied
> to the grsecurity/PaX patchsets).
>
> Shall we take this a step at a time?
>
> 1. I, Rick Moen, will stand in for your example grsecurity/PaX
> commercial customer.
>
> 2. One day, I decided that because I am entitled by applicable licence
> agreements to do so, I am going to distribute my existing grsecurity/PaX
> patchsets to a set of my friends.
>
> 3. Just to be communicative and clear the air, say, I lob off an e-mail
> to Brad Spengler, advising that I have done so.
>
> 4. Spengler's firm replies cancelling my remaining support entitlement
> (either refunding pro-rata or not, as applicable) and saying I'll not
> receive further updates.
>
> 5. I check with my friends. They still possess the grsecurity/PaX
> patchsets I gave them. Thus, so far, Spengler and friends have
> apparently not succeeded in restricting my or their exercise of the
> rights granted therein.
>
> 6. Just to make sure, I distribute my set of grsecurity/PaX
> patchsets to another 250 or so friends and acquaintances, pass them out
> on streetcorners, list them for public http/ftp/rsync, etc. No matter
> whom I aspire to distribute to, where, and how, I observe no restriction
> of my or my further recipients' exercise of the rights granted therein.
>
> So, the reason I say I see no restrictions is that there were, in this
> scenario, no restrictions. I don't happen to possess the further work
> that Spengler and friends may or may not release to some people
> following step #4, but if one of them _happened_ to give me a copy, I
> would be entirely free to proceed once again as shown above in steps
> 2-6. So, again, no restriction.
>
>
> Anyway, you disagree. Fine, shouldn't you be taking this up with the
> Linux kernel copyright owners? They're the only people who'd have
> standing, as I'm sure you're aware.
>

The message is publicly available at:
grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii
https://lists.dyne.org/lurker/message/20170628.052217.cbc6b534.en.html

But how about a fine and interesting read on what I would stick a subject back then:
Who wants to see grsec fail?
https://soylentnews.org/comments.pl?sid=9379&cid=233588#commentwrap
( but now in 2017 it's obvious that Schmoog the Schmoogle wanted to see grsec fail... )

And that talk, Greg Kroah Hartmann from Linux Foundation and others there, was
in 2015, almost two years ago...

So it really would be beating a dead horse to go on much more about spender and
PaX Team being in infringement...

Pls. notice there also:
> 20:58 [ cacahuatl] grsec has always run on a shoestring budget for the work it produces
> 20:58 [ cacahuatl] like gpg


And now let me go back to the news of this Devuan mailing list thread.

spender wrote, and since those are the last public words, for now, for at least
(likely a) prolonged period of time from now, by the genius who kept fixing the
Linus' kernel for some fifteen or sixteen or so years, along with his anonymous
genius friend PaX Team, let's report those spender's words in full:

Paid access to test patches < topic title previously given by forum members >
https://forums.grsecurity.net/viewtopic.php?f=3&t=4699#p17127

< the following is a manually constucted quote, split into paragraphs, but verbatim >
spender wrote on Sat Jun 24, 2017 7:29 pm (at the above link):
> Test patches are unlikely to return, and we don't sell access to our beta
> patches.
>
> Unless you can solve the problem of billion dollar corporations exploiting
> our work and expecting additional free work out of us, the situation won't
> change.
>
> Jake should be replying to all requests, though it is indeed unlikely for
> someone to buy access for personal use.
>
> Google made the choice to engage in underhanded competition against us with
> our own code -- we're simply protecting our ability to continue our work at
> all.
>
> We gave permission publicly for any supposed offers made to us to be
> disclosed in public, including any financial terms. None have been posted
> because they simply don't exist.
>
> It is ridiculous how many people feel sympathy for billion dollar
> corporations that have ignored Linux security for years and still aren't
> putting any real investment into it.
>
> Their failure to do so is
> somehow our fault for not doing it for them for free out of our free time and
> letting our own work rot because of it.
>
> But it's most rich being told this solely from full-time funded kernel
> developers.


I want to quote again one part from the above quote, and tell to this Devuan
list what conclusions I draw.

spender wrote on Sat Jun 24, 2017 7:29 pm (probably Eastern Time USA,
Pensilvania? where he, and likely PaX Team reside?):
> Google made the choice to engage in underhanded competition against us with
> our own code -- we're simply protecting our ability to continue our work at
> all.


If you browse the, aargh... let's go in search of that link... I'll start from
my own post in that topic on grsecurity forums where the last post (and it's
the last post before the entire forum has been locked!) is spender's that I
already gave link to, my post is at:
https://forums.grsecurity.net/viewtopic.php?f=3&t=4699#p17105
( or roll up that page with spender's post just a screenful or two )
and (very likely the last) email to the KSPP list by PaX Team is linked at
the top of that post of mine, as well as there are links to Gentoo and Devuan
forums for compiling grsecurity...

...The PaX Team's message being:
It looks like there will be no more public versions of PaX and Grsec.
http://openwall.com/lists/kernel-hardening/2017/05/11/2
But I'm giving the link to that KSPP
(
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
and the cop-like icon I mentioned earlier is (at the time of writing this) at
the top left on that page, while PaX's icon is at:
https://en.wikipedia.org/wiki/File:Pax_tux.png
and shows of course also at:
https://en.wikipedia.org/wiki/PaX
)
[But I'm giving the link to that KSPP] to suggest to the reader to look up how
much PaX Team had been contributing to KSPP previous to that spender's closure
post in which he denounces Google for "underhanded competition against" them
"with" their "own code".

Start from:
http://openwall.com/lists/kernel-hardening/2017/
Now go to months previous to time of spender's closure post and in the listed
emails search for those whose author is:
("PaX Team" <pageexec@...email.hu>)
You will find plenty! And in the previous year as well.

What did Google do? They kept paying, but very selectively. To only, maybe,
those devs who would, in their assessment, in the future, fit for their
purposes. Because now it's obvious they have plans with Linux, and by means of
it, with GNU/Linux.

Being honest (both PaX Team and spender are honest people), they thought their
work would be valued honestly by Google.

They are honest, yes. But Google guys have never been honest. And the company
itself is based on selling their spying harvests on people (but I wrote about
it already in this same thread, but in the branch with the right title).

And it dawned on spender only after Google kept, for longer, selectively paying
some of the developers in there... But always only some... I'm not privy to any
of whatever behind the curtains there, who received what money... I know
nothing of it, just what is public about it...

And it dawned on spender and PaX Team that it was a deliberate scheme by Google...

It does take honest people to discover dishonest intentions. It's not always
obvious in behavior, let alone written on the faces of people who you
communicate with, nor between the lines in their emails...

Beware of that lying shark on you privacy, Google.

###############################################################################
###############################################################################
Pls. developers, testers, users of FOSS, let us not allow Google to take over
the machine of our OSes, the kernel!
###############################################################################
###############################################################################

> On Sun, Jul 2, 2017 at 5:07 PM, Bruce Perens <bruce@???> wrote:
>
> > The specific text breached is "You may not impose any further
> > restrictions on the recipients' exercise of the rights granted herein."
> >
> > On Sun, Jul 2, 2017 at 5:05 PM, Bruce Perens <bruce@???> wrote:
> >
> >> My legal counsel says it's a direct breach of the license, not of
> >> business law.
> >>
> >> By the way, the next issue of Berkeley Technology Law Journal has this
> >> article
> >> <http://perens.com/wp-content/uploads/2016/11/Open-Cars-Determann-Perens-32-BTLJ-2-Forthcoming-2017.pdf>
> >> which I co-authored with a law teacher at Boalt Hall.
> >>
> >>
> >>
> >


Pls. be aware of my slowliness in my work, if there are any replies to this email.

Regards!
--
Miroslav Rovis
Zagreb, Croatia
https://www.CroatiaFidelis.hr