Re: [security-discuss] gnuradio project DoS attacks GNU wget users

[Jean Louis]

Thanks for pointing this out. It should be clear that none of GNU
software packages should be hosted on such proprietary software
systems, that deny users' rights to download the software.

It is hard for me to understand why those project managers use
Cloudflare or captchas, is the money the problem, what is the problem
there?

Are there so many users downloading the software, that the project
managers lack the money for hosting? Isn't hosting today pretty cheap?

Jean Louis

On Tue, Feb 28, 2017 at 07:48:53AM -0500, Anonymous wrote:
> The GNU Radio project hosts its website on CloudFlare.
> 
> So users of wget, cURL, w3m, and lynx are denied access to GNU Radio
> documentation, which is exclusively available on www.gnuradio.org and
> not included in the distribution, if their network runs over Tor.
> This is perhaps the first case of a GNU project attacking the users of
> another GNU project.
> 
> ++the security problem++
> 
> This thread is started on the GNU security-discuss because it involves
> an availability loss whereby one GNU project denies availability to
> another GNU project.
> 
> ++the GNU interoperability problem++
> 
> This thread is also posted in gnu-system-discuss because of an
> interoperability problem within the GNU ecosystem.  In principle one
> should be able to use gnu wget to obtain gnuradio software and
> documentation.
> 
> ++the free software breech++
> 
> Readers of the free.software newsgroup should be aware that a GNU tool
> (gnuradio) has violated two clauses in the GNU Free Documentation
> License ("GFDL"):
> 
>  1) Failing to distribute documentation with the software.
>  2) Use of non-simple HTML.
> 
> The GFDL is published here:
> 
>   https://static.fsf.org/nosvn/directory/fdl-1.3-standalone.html
> 
> Philosophically, the GNU Radio Foundation, Inc. also violates the free
> software principle "freedom 0" (users cannot use wget how they want),
> and has shown disregard for problems identified in the FSF Service as
> a Software Substitute ("SaaSS") article.
> 
> ++gnuradio vs. non-software freedoms++
> 
> GNU Radio Foundation, Inc. together with CloudFlare, Inc. are
> attacking many other freedoms through its corporate walled-garden, not
> just software freedoms.  The other freedoms lost are enumerated here:
> 
>   http://lists.gnu.org/archive/html/directory-discuss/2017-01/msg00066.html
> 
> ++what is CloudFlare++
> 
> For those unfamiliar with CloudFlare Inc., it's a vigilante extremist
> corporation that has centralized a very large portion of the web, and
> then used its dominant power to attack privacy of web users.  CF
> attacks privacy-conscious users who use Tor to protect their data.
> They succeed because Tor users are a minority group, making them an
> easy target for repression.
> 
> CloudFlare's disregard for collateral damage to legitimate users
> parallels that of another vigilante extremist organization: SpamHaus.
> Just as SpamHaus uses a blunt anti-spam technique that consequently
> blocks legitimate e-mail, CloudFlare blocks legitimate web traffic in
> its careless approach to blocking malicious traffic.
> 
> CloudFlare claims to offer security, but it's actually the contrary:
> 
>   1) Minimal security diversity.  As we know from the CloudBleed bug,
>      centralization sharpens everyones' exposure to the same
>      vulnerabilities, which also increases a single point of failure
>      enticement for criminals to find a 0-day that exploits those
>      vulnerabilities.
> 
>   2) Reckless disclosure.  Users don't need to have every password and
>      all web traffic shared with a single company.  Even if they trust
>      that company and its insiders (and they shouldn't), bugs happen.
> 
>   3) Loss of service availability to users who do the most to protect
>      themselves (Tor users).
>