Announcement

Collapse
No announcement yet.

The FBI Paid OpenBSD Developers For Backdoors?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #81
    Originally posted by crazycheese View Post
    I personally don't see OSS project ever possible on donations. Donations, whilst sometimes bringing much more money than arranged price, are in rest cases variable in amount, situation etc. I dont expect facebook to work on donations btw(wikipedia however does, but its more exception).
    I disagree here. LinuxMint and Ardour for example rely on donations as well.

    Comment


    • #82
      stuff like this needs to become illegal in the licenses. Once something like this is found we can demand and prosecute.

      BSD license is the one allowing this?

      Also we need special security / firewalls checking holes and other potential security issues. Several institution will take turns randomly to audit for holes on each release.

      Comment


      • #83
        $100 for such an important and difficult work? What a preposterous offer!
        This guy is a cheap blogger looking for publicity.
        He also is a naive citizen who refuses to believe that states are not good-intentioned mothers.
        Unconsciously he must know the truth since he will not offer his house as a bounty.
        He is too weak to consciously face reality.

        Comment


        • #84
          Originally posted by DebianAroundParis View Post
          Read the complete 9/11 Timeline:
          http://www.historycommons.org/projec...ct=911_project
          Reading it is like completely auditing the code of OpenBSD.
          Then come back and dare tell me your understanding of 9/11 has not changed!
          You probably will never take the time to do it. Like most people. That is why most people are fools. They do not take the time to deeply investigate reality. So their minds are filled with illusions.
          Trustful people are just lazy stupid people.
          Kinda hard to do when all documents and evidence relating to a matter are locked up for "National Security" reasons for 100 years. As if *national* security is not best served by placing the info in the hands of the *nation* to decide the proper course of action.

          Comment


          • #85
            Originally posted by Apopas View Post
            I disagree here. LinuxMint and Ardour for example rely on donations as well.
            LinuxMint is mostly Put money and get Feature. This is not donation.
            Ardour is mostly subscription based, what is Put money regularly and get developers attention. This is not a donation either.

            Donation is giving money to the poor because you feel sorry for him. A lot of people that have money, wont give because they can spare it for something that requires money. This causes donation-based work to lack any finance support, and with no finance support no programmer can live to work.

            Instead, opensource prohibits the proprietary way of selling copies into selling real human work. In the end, if you have a piece of unfinished opensource software you can only make it work by investing your human skills: programming, testing, discussing, or paying others to do so.

            Every baker or barber should not also be required have professional programming skills in order to support opensource. He should be able to support with money, and he should see that his money moves something. Donations do not move something, they are just expression of "thank you" to current state.

            More than that, once your payment really forces something to move in the direction you support, you can request responsibility; and you are not presented with ready solutions that "is good for you, we promise; we know you better than yourself". You start really to vote with money, not play consumer position.

            Comment


            • #86
              Originally posted by crazycheese View Post
              Instead, opensource prohibits the proprietary way of selling copies into selling real human work.
              No, it certainly doesn't. GPL allows you to sell software, as long as you are able to provide the source upon request. Other open-source licenses are even more lenient. A tiny minority prohibit commercial use - but these are not really used (or useful).

              Red Hat and Novell live by selling open-source software.

              Comment


              • #87
                Originally posted by BlackStar View Post
                No, it certainly doesn't. GPL allows you to sell software, as long as you are able to provide the source upon request. Other open-source licenses are even more lenient. A tiny minority prohibit commercial use - but these are not really used (or useful).

                Red Hat and Novell live by selling open-source software.
                Red Hat and Novell live by selling human work.
                You are prohibited to use Red Hat unless you remove Red Hat symbolic from everywhere. It is to protect Red Hat from cloning. Same as Ubuntu by the way. Same as Firefox. See CentOS.

                You are also prohibited to use Red Hat updates, because they are written by RedHat employes and you should pay employes to do so. Update from alternative mirrors then.

                Distiguish:
                1) Getting money by selling copies and payed support.
                2) Getting money for implementing the solution(/idea/mechanism), which in the end is free and open to build upon.
                3) Getting money by providing only base for free and everything functional over it as selling closed copy.
                4) Getting money by providing everything free, except for commercial support.
                5) Getting money for selling copies and providing source code access for huge money via developer license.
                6) ...more?

                The true opensource way is 2.
                Your way is half-arsed number 3.
                What the reason you are providing source code? For sanity of сonscience??
                There is no "protection" from malware activity if you providing source divided - you can easily substitute or write the decoy version.
                Ah, you must be providing source just to circumvent the original license and its meaning, so just you make enough money fast.
                Congratulations!

                Saying GNU GPL is allowing you selling copies of software yet allowing full access to do it for free, means preventing sale of copies for money as product, which every proprietary distribution is based off.

                Comment


                • #88
                  Originally posted by DebianAroundParis View Post
                  In the USSR you would have been considered a model citizen.
                  Judged by what they can know about me? Yes.

                  Comment


                  • #89
                    Originally posted by crazycheese View Post
                    Red Hat and Novell live by selling human work.
                    You are prohibited to use Red Hat unless you remove Red Hat symbolic from everywhere. It is to protect Red Hat from cloning. Same as Ubuntu by the way. Same as Firefox. See CentOS.
                    Trademarks have nothing to do with license. You cannot use the Red Hat or Firefox trademarks. You are free to use their source code.

                    Saying GNU GPL is allowing you selling copies of software yet allowing full access to do it for free, means preventing sale of copies for money as product, which every proprietary distribution is based off.
                    On the contrary, this is perfectly reasonable. You only need to provide the source code upon request. It's usually simpler to put it on a website, but you *don't* have to do this - you could conceivably send it by snail mail and still be compliant.

                    Many (if not most) commercial users will be happy to buy the software from you, if they consider it valuable enough. If a company wished to install Ubuntu to 10000 computers, they will probably buy it from Canonical with a support contract, because that is actually *cheaper* than downloading from the web without any support at all.

                    Comment


                    • #90
                      What's interesting is if the exploits still work a decade later. If the code base is active (ie sees a lot of change) then the probability that such back doors get broken by accident would go up significantly, I would think. Unless someone is actively maintaining it of course.

                      Were these exploits actively maintained or were the relevant parts of the OCF mostly inactive (development wise) for the last decade? Did the back-doors get broken at some point?

                      Change logs should be both long and diverse in origin if you want to use "many eyes" as a basis for your trust. Mostly, if the code isn't seeing a lot of change from a variety of sources, "many eyes" doesn't apply because they are clearly looking somewhere else or being cock-blocked somehow. (Unless of course your code is close to perfect doesn't need to change much. Unlikely.)

                      It would be interesting to see some numbers related to the source activity of the affected code. Average age of a line of code, number of contributers, change coverage, etc.

                      I wonder how long it will take to find the back door. I also wonder how much it would cost to buy the answers from Jason Wright and friends. Clearly morality won't cause them to cough it up. I wonder what the pay out was for bing a douchebag was in the first place.

                      Comment

                      Working...
                      X