Re: [security-discuss] state of gnuradio freedom and security issues (was: gnuradio project DoS..)

[Jean Louis]

On Wed, Mar 08, 2017 at 10:11:37AM -0500, Alfred M. Szmidt wrote:
>    problem 1) Freedom 0: GNU Radio Foundation, Inc. ("GRFI") is stopping
>             GNU wget users, lynx, and cURL users from using their
>             browser software (wget, lynx, and curl) how they want in
>             the course of obtaining the GNU Radio manual.
> 
> They are not doing anything of the sort.

Alfred, I cannot share that opinion, however, I am sure that GNU radio
maintainers, and those making decision to use CloudFlare, maybe lack
the information.

As there is no reason to forbid Tor users to download software versus
not-Tor users. So GNU Radio is not doing that intentionally, that is
up to Cloudflare.

Cloudflare may be easily avoided, it is not Tor friendly, so I would
avoid it.

There is some truth that overlook or lack of attention to inform
oneself of what Cloudflare is doing exactly, may cause some users not
to get the software. That is not in the nature of GNU project, where
the intention is to spread the usable software.

So, the question is not to be addressed only to Cloudflare, but also
to GNU radio website maintainers, as change is quick and
possible. There are many different CDN networks, even one may create
it self. I can just guess, that Cloudflare was choosen for its "free
of charge" service for one website, in that case it is a poor choice.

>    problem 2) GRFI violates the GFDL requirement that the manual be
>             distributed with the software.
> 
> GNU Radio's manual is not licensed under the GFDL, thus any
> requirement put forth by the GFDL is irrelevant.

I did not see any "manual" how I expected it, rather scattered
documentation which I cannot find from the front page of GNU Radio.


>    problem 3) GRFI violates the GFDL requirement that the manual be
>             available in a simple format.
> 
> GNU Radio's manual is not licensed under the GFDL, thus any
> requirement put forth by the GFDL is irrelevant.

I do think it is relevant, as GNU software should comply to policies as
set by GNU project. The lack of proper licensing does not imply it
should not be there. That is why all this conversation.

The conversation process has discovered also other "holes", so all
that may be improved quickly, when attention is put on it.

>    problem 4) The GRFI is DoS attacking (and discriminating against)
>             users of GNU wget, lynx, and cURL.
> 
> They are not doing anything of the sort.

Denial of Service usually refers to hosted services, but not at all
times. It may refer to denying users to access the website, or making
such tricks, that some users cannot access the website. It is usually
intentional.

GNU Radio probably has no such intentions, there is just the side
effect that Tor users, and users of simple browsers cannot access some
information on their website. That is then to be complained to
maintainers of the website, maybe they put attention on it, and change
something.

I can well imagine Tor routers in future, so there will be more an
more Tor users, not less, there is no reason at all to support the
Cloudflare, that is discriminating Tor users.

Finally, captcha are dehumanizing service, that is the only place
where one need to answer "I am not a robot", so they put a robot to
ask human if human is robot or not, it makes no sense to me. Just like
one time, I have seen a woman coming to post office in Eastern Europe,
to take the retirement fund for the month, and the post officer told
her to first bring the paper evidence that she is alive. She went back
home, slowly walking, the old woman.

We expect human website visitors, and we shall allow also robotic
downloading, there is nothing wrong with it, it helps distributions
distribute the software. Captchas are not necessary, and for reasons
of captacha's there are many other solutions.

Jean Louis