security-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-discuss] gnuradio project DoS attacks GNU wget users


From: Anonymous
Subject: [security-discuss] gnuradio project DoS attacks GNU wget users
Date: Tue, 28 Feb 2017 07:48:53 -0500 (EST)

The GNU Radio project hosts its website on CloudFlare.

So users of wget, cURL, w3m, and lynx are denied access to GNU Radio
documentation, which is exclusively available on www.gnuradio.org and
not included in the distribution, if their network runs over Tor.
This is perhaps the first case of a GNU project attacking the users of
another GNU project.

++the security problem++

This thread is started on the GNU security-discuss because it involves
an availability loss whereby one GNU project denies availability to
another GNU project.

++the GNU interoperability problem++

This thread is also posted in gnu-system-discuss because of an
interoperability problem within the GNU ecosystem.  In principle one
should be able to use gnu wget to obtain gnuradio software and
documentation.

++the free software breech++

Readers of the free.software newsgroup should be aware that a GNU tool
(gnuradio) has violated two clauses in the GNU Free Documentation
License ("GFDL"):

 1) Failing to distribute documentation with the software.
 2) Use of non-simple HTML.

The GFDL is published here:

  https://static.fsf.org/nosvn/directory/fdl-1.3-standalone.html

Philosophically, the GNU Radio Foundation, Inc. also violates the free
software principle "freedom 0" (users cannot use wget how they want),
and has shown disregard for problems identified in the FSF Service as
a Software Substitute ("SaaSS") article.

++gnuradio vs. non-software freedoms++

GNU Radio Foundation, Inc. together with CloudFlare, Inc. are
attacking many other freedoms through its corporate walled-garden, not
just software freedoms.  The other freedoms lost are enumerated here:

  http://lists.gnu.org/archive/html/directory-discuss/2017-01/msg00066.html

++what is CloudFlare++

For those unfamiliar with CloudFlare Inc., it's a vigilante extremist
corporation that has centralized a very large portion of the web, and
then used its dominant power to attack privacy of web users.  CF
attacks privacy-conscious users who use Tor to protect their data.
They succeed because Tor users are a minority group, making them an
easy target for repression.

CloudFlare's disregard for collateral damage to legitimate users
parallels that of another vigilante extremist organization: SpamHaus.
Just as SpamHaus uses a blunt anti-spam technique that consequently
blocks legitimate e-mail, CloudFlare blocks legitimate web traffic in
its careless approach to blocking malicious traffic.

CloudFlare claims to offer security, but it's actually the contrary:

  1) Minimal security diversity.  As we know from the CloudBleed bug,
     centralization sharpens everyones' exposure to the same
     vulnerabilities, which also increases a single point of failure
     enticement for criminals to find a 0-day that exploits those
     vulnerabilities.

  2) Reckless disclosure.  Users don't need to have every password and
     all web traffic shared with a single company.  Even if they trust
     that company and its insiders (and they shouldn't), bugs happen.

  3) Loss of service availability to users who do the most to protect
     themselves (Tor users).



reply via email to

[Prev in Thread] Current Thread [Next in Thread]