Re: CVE-2017-1000364 kernel fix brake user-space programs

2017-06-23 Thread aconcernedfossdev 

It is not OK.


Says who? You're speaking as if from a position of authority, but what 
authority do you have?


On 2017-06-23 19:52, Nrbrtx wrote:

Dear Ubuntu developers!

I can't understand how this happen, but your latest kernel upgrade
broke many user-space applications.

For me this process was started from Scilab. I can't use it with new
kernels (linux-image-3.13.0-121-generic on 14.04;
linux-image-4.4.0-81-generic on 16.04).
So I reported bug to launchpad -
https://bugs.launchpad.net/bugs/1699892 .

Scilab users ask their developers for the fix, but the root of the
problem is the kernel (see
http://bugzilla.scilab.org/show_bug.cgi?id=15141,
http://bugzilla.scilab.org/show_bug.cgi?id=15145,
http://bugzilla.scilab.org/show_bug.cgi?id=15192,http://bugzilla.scilab.org/show_bug.cgi?id=15194,
http://bugzilla.scilab.org/show_bug.cgi?id=15195).

After some digging I discovered that other apps are affected too - see
comments on other bug page ( https://bugs.launchpad.net/bugs/1698919
). The list contain the following programs:
* Oracle Java Plugin (see https://bugs.launchpad.net/bugs/1699772 )
* Scilab at least in Trusty and Xenial (see
https://bugs.launchpad.net/bugs/1699892 )
* LPCxpresso (see https://community.nxp.com/thread/453939 )
* RMongo (see https://stackoverflow.com/a/44699417 )
* Ubiquity UniFi (see
https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-failed-after-dist-upgrade/td-p/1967779
)
* Eclipse (see
https://askubuntu.com/questions/927746/eclipse-crashes-with-linux-kernel-4-4-0-81-generic
)

Debian 7, 8 and 9 are affected too (see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865549 and
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865672 ).

It is not OK.
Do you plan to revert this security patch?
Problem may have wider spread, than detected now.

With best regards,
Norbert.


--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [kernel-hardening] Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?

2017-06-15 Thread aconcernedfossdev 

I'm listening to your responses, and responding myself.

You call me a spammer.

Which is a libel.

Would you like me to file over it?

On 2017-06-15 16:05, Wade Smart wrote:

Whoever this person is, not only is s/he spamming multiple lists here,
there are several over lists where Im getting the same emails but
from a different address. Clearly not listing to any responses, just
a spammer with an agenda.


--
Registered Linux User: #480675
Registered Linux Machine: #408606
Linux since June 2005


--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [kernel-hardening] Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?

2017-06-15 Thread aconcernedfossdev 

Nice vally-girl yawn.

Because you are not interested in legal matters vis a vis GRSecurity, no 
one should be and the discussion should be censored


You're a real piece of work, you know.
A real piece of work.

So I ask the question again: Why does no one care that Brad Spengler of 
GRSecurity is blatantly violating the intention of the rightsholders to 
the Linux Kernel?


Why does no one care that Brad Spengler (seemingly aswell as PaxTeam) of 
GRSecurity is blatantly violating the intention of the rightsholders to 
the Linux Kernel?


Why does no one care that Brad Spengler of GRSecurity is blatantly 
violating the intention of the rightsholders to the Linux Kernel?
He is also violating the license grant, Courts would not be fooled by 
his scheme to prevent redistribution.


The license grant the Linux Kernel is distributed under disallows the 
imposition of additional terms. The making of an understanding that the 
derivative work must not be redistributed (lest there be retaliation) is 
the imposition of an additional term. The communication of this threat 
is the moment that GRSecurity violates the license grant. Thence-forth 
modification, making of derivative works, and distribution of such is a 
violation of the Copyright statute. The concoction of the transparent 
scheme shows that it is a willful violation, one taken in full knowledge 
by GRSecurity of the intention of the original grantor.



Why does not one person here care?
Just want to forget what holds Libre Software together and go the way of 
BSD?



(Note: last month the GRSecurity Team removed the public testing patch,
they prevent the distribution of the patch by paying customers by a
threat of no further business: they have concocted a transparent scheme
to make sure the intention of the Linux rights-holders (thousands of
entities) are defeated) (This is unlike RedHat who do distribute their
patches in the form the rights-holders prefer: source code, RedHat does
not attempt to stymie the redistribution of their derivative works,
GRSecurity does.).

--
( This song is about GRSecurity's violation of Linus et al's 
copyright**:

www.youtube.com/watch?v=CYnhI3wUej8
(A Boat Sails Away 2016 17) )

On 2017-06-15 16:05, J wrote:
On Thu, Jun 15, 2017 at 11:58 AM, W Stacy Lockwood 
 wrote:
Did you not see Liam's reply, or do you just want to add nothing but 
noise

to this list?


Given the repeated spamming the list, the cross posting, and replying
on this list to response external to this list (oh the joys of
crossposting), can we just chuck this account into a moderation bin
and let him/her rant into a bit bucket?

I'm on both the Ubuntu lists, so I'm getting these double... yes, I
can filter this myself, but that doesn't help the larger group...


On Jun 15, 2017 10:51,  wrote:


It's an obvious blatant violation. He is not allowed to add 
additional
terms, but being a "clever" programmer it seems that he has decided 
that
because the additional term that he (and seemingly PaxTeam) has 
imposed is
not written within the four corners of license grant document but 
instead is
communicated in some other way that "doesn't make it an 
additional

term" and he has cleverly circumvented the linux copyright
terms, which obviously is not the case but other random 
programmers will
argue and swear it's fine till hell freezes over and get very angry 
when

someone with a legal background informs them otherwise.

I think many people are not aware of the violation because it's only 
been
a month since GRSecurity pulled the sourcecode: it was almost a moot 
point

before then with no real damage. Such is no-longer the case.

On 2017-06-15 15:43, Greg KH wrote:


On Thu, Jun 15, 2017 at 03:34:06PM +, 
aconcernedfoss...@airmail.cc

wrote:


Why does no one care that Brad Spengler of GRSecurity is blatantly
violating
the intention of the rightsholders to the Linux Kernel?
He is also violating the license grant, Courts would not be fooled 
by

his
scheme to prevent redistribution.

The license grant the Linux Kernel is distributed under disallows 
the
imposition of additional terms. The making of an understanding that 
the
derivative work must not be redistributed (lest there be 
retaliation) is

the
imposition of an additional term. The communication of this threat 
is

the
moment that GRSecurity violates the license grant. Thence-forth
modification, making of derivative works, and distribution of such 
is a
violation of the Copyright statute. The concoction of the 
transparent

scheme
shows that it is a willful violation, one taken in full knowledge 
by

GRSecurity of the intention of the original grantor.



If you feel that what they are doing is somehow violating your 
copyright
on the Linux kernel, then you have the right to take legal action if 
you
so desire.  To tell others what to do, however, is not something 
that

usually gets you very far in the world.

Best of

Re: [kernel-hardening] Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?

2017-06-15 Thread aconcernedfossdev 

Oh exaulted one, I am so sorry to have wasted your inbox space.
You see we all live for you, exalted aryan queen!

Some of us care about the legal aspects of "copyleft".
Without enforcement there is no reason for anyone to contribute to 
linux.

There is a simple trade: we trade our labor for your labor.


On 2017-06-15 16:05, J wrote:
On Thu, Jun 15, 2017 at 11:58 AM, W Stacy Lockwood 
 wrote:
Did you not see Liam's reply, or do you just want to add nothing but 
noise

to this list?


Given the repeated spamming the list, the cross posting, and replying
on this list to response external to this list (oh the joys of
crossposting), can we just chuck this account into a moderation bin
and let him/her rant into a bit bucket?

I'm on both the Ubuntu lists, so I'm getting these double... yes, I
can filter this myself, but that doesn't help the larger group...


On Jun 15, 2017 10:51,  wrote:


It's an obvious blatant violation. He is not allowed to add 
additional
terms, but being a "clever" programmer it seems that he has decided 
that
because the additional term that he (and seemingly PaxTeam) has 
imposed is
not written within the four corners of license grant document but 
instead is
communicated in some other way that "doesn't make it an 
additional

term" and he has cleverly circumvented the linux copyright
terms, which obviously is not the case but other random 
programmers will
argue and swear it's fine till hell freezes over and get very angry 
when

someone with a legal background informs them otherwise.

I think many people are not aware of the violation because it's only 
been
a month since GRSecurity pulled the sourcecode: it was almost a moot 
point

before then with no real damage. Such is no-longer the case.

On 2017-06-15 15:43, Greg KH wrote:


On Thu, Jun 15, 2017 at 03:34:06PM +, 
aconcernedfoss...@airmail.cc

wrote:


Why does no one care that Brad Spengler of GRSecurity is blatantly
violating
the intention of the rightsholders to the Linux Kernel?
He is also violating the license grant, Courts would not be fooled 
by

his
scheme to prevent redistribution.

The license grant the Linux Kernel is distributed under disallows 
the
imposition of additional terms. The making of an understanding that 
the
derivative work must not be redistributed (lest there be 
retaliation) is

the
imposition of an additional term. The communication of this threat 
is

the
moment that GRSecurity violates the license grant. Thence-forth
modification, making of derivative works, and distribution of such 
is a
violation of the Copyright statute. The concoction of the 
transparent

scheme
shows that it is a willful violation, one taken in full knowledge 
by

GRSecurity of the intention of the original grantor.



If you feel that what they are doing is somehow violating your 
copyright
on the Linux kernel, then you have the right to take legal action if 
you
so desire.  To tell others what to do, however, is not something 
that

usually gets you very far in the world.

Best of luck!

greg k-h



--
ubuntu-users mailing list
ubuntu-us...@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



--
ubuntu-users mailing list
ubuntu-us...@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [kernel-hardening] Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?

2017-06-15 Thread aconcernedfossdev 

their customer restriction "you can redistribute

this code, but if you do we will on longer provide you
with updates" does not change that.

That is the imposition of an additional term, a court would not be 
amused by the programmers claim it's fine because he didn't ink it into 
the copy of the license he distributed the code with. The court would 
not be blind to the effect and the intention. The law has dealt with 
transparent schemes like this for hundreds of years, and within 
copyright for about a century (but much longer within contract law).


There should be a joint action.

On 2017-06-15 15:58, Rik van Riel wrote:

On Thu, 2017-06-15 at 15:34 +, aconcernedfoss...@airmail.cc wrote:

Why does no one care that Brad Spengler of GRSecurity is blatantly 
violating the intention of the rightsholders to the Linux Kernel?
He is also violating the license grant, Courts would not be fooled
by his scheme to prevent redistribution.


Right now there are a few million systems that use
grsecurity, and over a billion systems that are not
protected by grsecurity functionality.

Removing grsecurity from the community has been an
impetus to finally get the grsecurity functionality
into the upstream kernel, where it can benefit the
billion systems that do not have it today.


Why does not one person here care?
Just want to forget what holds Libre Software together and go the way
of BSD?


What holds Linux together is community. The license
is one of many aspects to that community, but far
from the only one.

GRSecurity has been outside of the community for years,
and their customer restriction "you can redistribute
this code, but if you do we will on longer provide you
with updates" does not change that.

Having the remaining developers who are interested in
hardening work on getting more functionality upstream,
now that the grsecurity patches are no longer available
to non-customers, is likely a good thing for everybody.

Want to help out?  Join us in ##linux-hardening on
irc.freenode.net.

kind regards,

Rik van Riel


--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [kernel-hardening] Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?

2017-06-15 Thread aconcernedfossdev 
If Mr Spengler would like to market a non-re-distributable hardened 
kernel, he can write his own kernel from scratch. Currently he is 
marketing a non-redistributable derivative work of the Linux Kernel. He 
prevents customers of his from redistributing the derivative work by 
threatening a non-renewal of whatever contract exists between his 
company and the customers. This scheme has been successful. That is 
certainly the imposition of an additional term, which the Linux 
licensing terms forbid, when he imposed that additional term on his 
clients he violated the licensing terms and has no right to even modify 
the linux kernel from that point forward.


On 2017-06-15 15:53, Casey Schaufler wrote:

On 6/15/2017 8:34 AM, aconcernedfoss...@airmail.cc wrote:
Why does no one care that Brad Spengler of GRSecurity is blatantly 
violating the intention of the rightsholders to the Linux Kernel?
He is also violating the license grant, Courts would not be fooled by 
his scheme to prevent redistribution.


The license grant the Linux Kernel is distributed under disallows the 
imposition of additional terms. The making of an understanding that 
the derivative work must not be redistributed (lest there be 
retaliation) is the imposition of an additional term. The 
communication of this threat is the moment that GRSecurity violates 
the license grant. Thence-forth modification, making of derivative 
works, and distribution of such is a violation of the Copyright 
statute. The concoction of the transparent scheme shows that it is a 
willful violation, one taken in full knowledge by GRSecurity of the 
intention of the original grantor.



Why does not one person here care?


Email lists are never* the correct mechanism for the resolution
of legal issues. If someone from these email lists is working
to address a legal issue you are extremely unlikely to see any
evidence of it on an email list.


---
* I am not a lawyer. Do not construe this as legal advice.

Just want to forget what holds Libre Software together and go the way 
of BSD?



(Note: last month the GRSecurity Team removed the public testing 
patch,

they prevent the distribution of the patch by paying customers by a
threat of no further business: they have concocted a transparent 
scheme

to make sure the intention of the Linux rights-holders (thousands of
entities) are defeated) (This is unlike RedHat who do distribute their
patches in the form the rights-holders prefer: source code, RedHat 
does

not attempt to stymie the redistribution of their derivative works,
GRSecurity does.).

--
( This song is about GRSecurity's violation of Linus et al's 
copyright**:

youtube.com/watch?v=CYnhI3wUej8
(A Boat Sails Away 2016 17) )



--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [kernel-hardening] Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?

2017-06-15 Thread aconcernedfossdev 
Also Brad Spengler has been threatening legal action against an openwall 
developer back-porting features of Brad's wholly, non-standalone, 
derivative work.



He also calls GRSecurity an "Original Work", which it is not (see the 
Anime Subs cases for the court's opinion) (GRSecurity is such a 
non-standalone derivative work, so the Linux Licensing terms absolutely 
do apply (it's a patch that snakes through the whole of the Linux Kernel 
source tree, touching everything like a vine).


Here's a quick rundown:
-

GRSecurity goes full commercial, no more free testing patches, threatens 
programmer trying to port.


(*1) https://lwn.net/Articles/723169/
(*2) 
https://www.phoronix.com/forums/forum/software/general-linux-open-source/948623-grsecurity-kernel-patches-will-no-longer-be-free-to-the-public?page=1
(*3) 
https://www.embedded-linux.de/18-news/886-grsecurity-nicht-mehr-kostenlos-verfuegbar
(*4) 
https://www.theregister.co.uk/2017/04/26/grsecurity_linux_kernel_freeloaders/


GRSecurity removes public testing patch - goes full commercial.

(*5) http://www.openwall.com/lists/kernel-hardening/2017/06/04/24

"Don't worry about it, there's nothing for a "grateful" user like 
yourself

to download anymore.  Boy, if I had more "grateful" users like yourself
obsessed with harrassing us on Twitter, Reddit, and IRC so that they
can go around and paint themselves as some kind of victim, I wouldn't
know what to do with myself.

-Brad"



Brad Spengler prevents a private purchaser from redistributing the 
sourcecode via contract clauses between him and they: thus willfully 
frustrating the purpose of the license HE was granted by the linux 
kernel rightsholders. This is another reason a court may find him in 
violation of the license grant of the GPL. As we discussed previously. 
(See: )


Also Brad Spengler threatens others with lawsuit in a nearly transparent 
attempt to get them to stop porting over the work:



" This stops *now* or I'm sending lawyers after you and


(*6) http://www.openwall.com/lists/kernel-hardening/2017/06/03/14

Guys, this is your *last warning*.  This stops *now* or I'm sending 
lawyers
after you and the companies paying you to plagiarize our work and 
violate
our *registered* copyright (which for the record entitles us to 
punitive

damages which now are very easily provable).  It's time to get serious
about attribution -- what you are doing is completely unacceptable.  
I'm
already in contact with lawyers to prepare for the next time this 
happens.

If any of this plagiarized and misattributed code actually made it into
the Linux kernel, you'd all be in a world of pain.


Here Brad Spengler threatens a copyright infringement lawsuit regarding 
his non-original wholly-derivative work.
(An original work stands alone). This while he threatens those paying 
customers who might redistribute the work (see:  below).




Note: Copyright licenses (like any license to use the property of 
another (copyright is freely alienable in the same way real property 
is)) are freely revocable unless barred by estoppel. The GPL v2 lacks a 
no-revocation clause thus estoppel would be more difficult to argue 
(additonally none of the "agreeing parties" have ever met each other).


Note2: GrSecurity is a derivative work of the linux kernel, it is 
non-seperable: it wholly relies on the linux kernel source code to work.
Courts in both the US and Germany have reaffirmed that if a work based 
on another work cannot stand alone it is clearly a derivative work.
(See the Anime Subtitles case from a few years ago) (See page 6 of the 
phoronix discussion at *2 for a review)


Note3:The linux kernel is not under joint copyright, it is simply a 
collection of derivative work upon derivative work.


A simple solution is for one or many of the rightsholders to the code 
GRSecurity is derived from/ modifies to rescind Brad Spengler's license 
to use or modify their code.


Additionally copyright violation claims can be filed as Brad Spengler 
has reportedly attempted to frustrate the purpose of the agreement that 
allows him to modify the linux kernel in the first place; placing 
additional restrictions to prevent redistribution of the sourcecode (a 
court would not be fooled by such a scheme).


(Addionally there were third parties who contributed to the GRSecurity 
code base when it was publically distributed.)



Other snippets from (*5) include Mr Spengler's unhappiness with the 
publication of his scheme and RMS's opinion of it:
... It has been nearly 4 months now and despite repeated follow-ups, I 
still

haven't received anything back more than an automated reply. Likewise
regarding some supposed claims by RMS which were published last year by
internet troll mikeeusa -- I have been trying since June 3rd of last
year to get any response from him, but have been unable to. So when you 
...


RMS' opinion can be seen here:
(*7)