security-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-discuss] gnuradio project DoS attacks GNU wget users


From: Nomen Nescio
Subject: Re: [security-discuss] gnuradio project DoS attacks GNU wget users
Date: Wed, 1 Mar 2017 03:22:14 +0100 (CET)

Alfred M. Szmidt said:

> Works for Me.
> 
>   ~ $ wget http://gnuradio.org/releases/gnuradio/gnuradio-3.7.10.1.tar.gz

If you use wget in the manner required by CloudFlare, Inc. and GNU
Radio Foundation, Inc., indeed there is no issue.

But some of whome embrace freedom 0 don't want to be forced to use the
tools in a restricted capacity.  A privacy-proponent might want to use
wget over Tor, as follows:

===8<------------------------------
$ 
freedom_hostile_app=http://gnuradio.org/releases/gnuradio/gnuradio-3.7.10.1.tar.gz
$ http_proxy=127.0.0.1:8118 wget "$freedom_hostile_app"
--2017-01-21 14:25:16--  
http://gnuradio.org/releases/gnuradio/gnuradio-3.7.10.1.tar.gz
Resolving gnuradio.org (gnuradio.org)... 104.28.6.113
Connecting to gnuradio.org (gnuradio.org)|104.28.6.113|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-01-21 14:25:17 ERROR 403: Forbidden.
===8<------------------------------

> You are also (on purpose) misinterpreting freedom 0, what it means
> is that you _can_ use the program for any purpose -- not that it
> will actually work.

Your bluntness is rather hilarious.  So expecting freedom 0 to
manifest in some practical and usable way is out of the question?

I know you (understandably) didn't follow the whole discussion on the
directory-discussion list, so it must be made clear here that a
philosophical principle is very much subject to the interpretation of
every individual.  Dr. Stallman's drafting of freedom 0 delivers not
law, but an idea for which everyone is free to interpret, manipulate,
and purpose as they please.

Despite the above reservation for the right to interpret the
principle, I've actually not taken liberties here.  It is because
you're trying to look at freedom 0 through the lens of a legal
framework that you claim it to only give legal protection without a
practical component.  Yes that exists, but it's not the
license-embedded variation of freedom 0 that I'm referring to.  Quite
simply it's the principle that appears here:

  http://www.gnu.org/philosophy/free-sw.html

Freedom 0 also makes an appearance in legally binding texts, which are
of course more constrained than the top-level guiding principle by the
very limited nature of creating a legal implementation.  It's not any
legal implementation of that principle that I claim to have been
violated.  It's simply the top-level principle itself that has been
violated by GNU Radio Foundation, Inc.

There is nothing in the free-sw.html document that implies or imposes
the limitation you claim.  The interesting bit of text to examine (for
die-hard fundamentalists w/literal interpretations) is this:

  "The freedom to run the program as you wish means that you are not
   forbidden or stopped from doing so."

If the freedom 0 principle were to work as you claim, there would have
to be a period after the word "forbidden" with the rest of the
sentence scrapped.  In the case at hand, it is the "or stopped" phrase
that's really significant.  GNU Radio Foundation, Inc. is *stopping*
users from using wget over Tor, regardless of any kind of legal
instrumentation that the word "forbidden" implies (although one may
indeed interpret the "403 Forbidden" error above as a prohibition as
well, it's not needed to make my point).  Hence what I said earlier
about not having to take any liberties in interpretation.

>    ++the free software breech++
> 
>    Readers of the free.software newsgroup should be aware that a GNU tool
>    (gnuradio) has violated two clauses in the GNU Free Documentation
>    License ("GFDL"):
> 
>     1) Failing to distribute documentation with the software.
> 
> There is no requirement in the GFDL or the GPL that requires someone
> distribute documentation with the software.
> 
>     2) Use of non-simple HTML.
> 
> There is no requirement in the GFDL or the GPL that requires someone
> to use non-simple HTML.

Since you didn't find either of the requirements, I suspect you've not
read it (or perhaps a different version).  From this GFDL:

  https://static.fsf.org/nosvn/directory/fdl-1.3-standalone.html

this is the quote supporting point 1:

  "a free program should come with manuals providing the same freedoms
   that the software does."

and this is the quote supporting point 2:

  "Examples of suitable formats for Transparent copies include plain
   ASCII without markup, Texinfo input format, LaTeX input format,
   SGML or XML using a publicly available DTD, and standard-conforming
   simple HTML, PostScript or PDF designed for human modification."

BTW, I apologize for the dupe messages that posted here.  Mixmaster
reliability is very shakey since node operators are fighting over
whether to support non-standard 4k keys, or standard but weak 1k keys.
This somehow results in remailer users getting bogus error messages
from the mixmaster client.

--
Please note this was sent anonymously, so the "From:" address will be unusable.
List archives will be monitored.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]