TooMuch
So Much Coffee
Premium
join:2002-09-06
underbridge
| reply to pandora
Re: Sveasoft defamation
I'm not that well informed on the GPL situation, but it seems to me that Sveasoft is objecting to the redistribution of a non-public beta.
As it says here, there is no limitation on redistributing released software.
--
...so little sleep |
|
Automate
join:2001-06-26
Atlanta, GA
 ·Comcast
| reply to ff1324
said by ff1324  :
So, we can either view the $20 as ... a membership fee to join the club for a peek into the beta world.
If you read the GPL FAQ you find.
"Does the GPL allow me to distribute a modified or beta version under a nondisclosure agreement?
No. The GPL says that anyone who receives a copy of your version from you has the right to redistribute copies (modified or not) of that version. It does not give you permission to distribute the work on any more restrictive basis."
»www.gnu.org/licenses/gpl-faq.htm···AllowNDA |
|
viper54g
join:2004-07-16
| reply to Sveasoft6
You must understand that, James is getting $$$-eyes 
If you have earned $65,500 in only a half year for tweaking existing firmware a bit, you don't want the firmware to be given away for free (and losing all that extra $$$).
Money is indeed a dangerous thing... |
|
ff1324
Everybody Goes Home
Premium
join:2002-08-24
On Four Day
| reply to Automate
Sveasoft is not limiting any distribution under an NDA, they ARE saying that if you redistribute their release publicly, that you are responsible for any technical support. They aren't saying you can't distribute, just that its your problem then.
--
The funny thing about firemen...night and day they're always firemen |
|
Automate
join:2001-06-26
Atlanta, GA
·Comcast
| said by ff1324 :
Sveasoft is not limiting any distribution under an NDA, they ARE saying that if you redistribute their release publicly, that you are responsible for any technical support. They aren't saying you can't distribute, just that its your problem then.
Sorry, I don't remember reading in the GPL where it makes anyone responisble for technical support, only that you provide the source code. |
|
ld2950
join:2001-09-22
Medford, MA | reply to linksysOLD
It's to bad we have to register to read the sveasoft thread on your site as well.... |
|
cableb4me
join:2002-03-09
Dunlap, IL
| reply to Automate
I wish all of you "hacked firmware" users would go start your own forum and leave this one for true Linksys discussions. Although I think some of the features you are creating are very inovative, from a security prospective, I would never run your hacked firmware.
I'm not not a programmer, so looking at your source code is Greek to me but as a Security Analyst by trade, I know what CAN be done without the users ever knowing it.
Instead of wasting your talents on creating hacked code then try to charge people for it. Go get a REAL JOB at Linksys or Cisco! |
|
joako
Premium
join:2000-09-07
/dev/null
 ·AT&T U-Verse
| reply to dellsweig
said by dellsweig :
There is literally NO WAY to know if there is a back-door built in - either by a 3rd party software providor like this OR by a vendor!!! At least with the vendor - there may be some level of control by the management and some recourse from the consumer
you get what you pay for
The sourcecode has been released, and we must assume that the source is the exact code that was compiled (otherwise James would be violating the GPL). If you want to be certain, read over the sourcecode and compile it yourself, but do not tell me there isnt a a way to check for backdoors. |
|
pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs:
| reply to tdb
Re: Get a Life!
said by tdb :
... Since when does a hobby or project need a business model to protect a revenue stream? If James had said from the beginning that he was in this for the money; then all this would probably have been avoided.
The bait and switch scheme sure looks like it hit a bump.
--
The Intel Prescott. One step closer to 50,000 watts of clear channel power! |
|
Bobcat
Premium
join:2001-02-04
Bedminster, NJ
 ·Verizon Online DSL
| reply to joako
Re: Sveasoft defamation
said by joako :
The sourcecode has been released, and we must assume that the source is the exact code that was compiled (otherwise James would be violating the GPL). If you want to be certain, read over the sourcecode and compile it yourself, but do not tell me there isnt a a way to check for backdoors.
As stated by Ken Thompson (co-creator of UNIX), "No amount of source-level verification or scrutiny will protect you from using untrusted code." For his description of a program with a backdoor that was not present in the source, even when compiled from the source, see - »www.acm.org/classics/sep95/
--
"Saddam Hussein... has not developed any significant capability with respect to weapons of mass destruction. He is unable to project conventional power against his neighbors."
» Colin Powell, February 24, 2001. |
|
harwoodr
Pornographic Memory
Premium
join:2002-09-05
Hamilton, ON
·Mountain Cable
| reply to Sveasoft6
Disclaimer: I am a subscriber to sveasoft.
1. While the GPL doesn't allow for "private beta" releases... it is perfectly reasonable to only release compiled binaries to subscribers as long as the modified code is available to all.
2. If you subscribe, a condition of your subscription is that if you redistribute the pre-release binaries then your subscription is cancelled.
3. Having a subscription service for binaries and support is perfectly legal and reasonable... as long as all current (including pre-release/beta/whatever is being distributed to subscribers) sourcecode is made available to everyone - anything else is a violation of the GPL.
--
Become a Browncoat! |
|
tdb
join:2002-05-30
Concord, NC
·CT Communications
| reply to Bobcat
said by Bobcat :
As stated by Ken Thompson (co-creator of UNIX), "No amount of source-level verification or scrutiny will protect you from using untrusted code." For his description of a program with a backdoor that was not present in the source, even when compiled from the source, see - »www.acm.org/classics/sep95/
Ok. Now I don't know a whole lot about C coding; but it seems to me like all he did was somehow mess with the compiler. If you get a trojan in the compiler that alters the source code fed into it then yes, you won't be able to trust any code coming out of it. Code going into it is still presumably good; or did I miss what it was Thompson did?
Also, if audit and review is essentially useless; then what have Theo daRaalt et al been wasting their time doing up there in the Great White North?
--
Linux, it's what's for dinner. |
|
pandora
Premium
join:2001-06-01
Outland
 ·ooma
·Future Nine Corpor..
·Comcast
| reply to harwoodr
said by harwoodr :
Disclaimer: I am a subscriber to sveasoft.
1. While the GPL doesn't allow for "private beta" releases... it is perfectly reasonable to only release compiled binaries to subscribers as long as the modified code is available to all.
2. If you subscribe, a condition of your subscription is that if you redistribute the pre-release binaries then your subscription is cancelled.
3. Having a subscription service for binaries and support is perfectly legal and reasonable... as long as all current (including pre-release/beta/whatever is being distributed to subscribers) sourcecode is made available to everyone - anything else is a violation of the GPL.
The problem is in 2 above, the cancellation for redistribution. The fee's charged for support, and for distribution are within GPL, it does NOT seem within GPL to attempt to limit rights on redistribution as Sveasoft has.
Unlike virtually all other GPL products, you do NOT see in this group a free trade going on or even discussion regarding Sveasoft beta releases done under GPL... in particular up until this blowout I do not recall a single request or offer for/of Sveasoft GPL binary or source NOT being closed shortly after going up.
The sealed nature of the GPL betas and the threat of cutoff by Sveasoft seem to create a closed system which is contrary to the intent of GPL as I understand it. |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| reply to tdb
said by tdb :
said by Bobcat :
As stated by Ken Thompson (co-creator of UNIX), "No amount of source-level verification or scrutiny will protect you from using untrusted code." For his description of a program with a backdoor that was not present in the source, even when compiled from the source, see - »www.acm.org/classics/sep95/
Ok. Now I don't know a whole lot about C coding; but it seems to me like all he did was somehow mess with the compiler. If you get a trojan in the compiler that alters the source code fed into it then yes, you won't be able to trust any code coming out of it. Code going into it is still presumably good; or did I miss what it was Thompson did?
Also, if audit and review is essentially useless; then what have Theo daRaalt et al been wasting their time doing up there in the Great White North?
You are correct the Thompson model requires modification of the compiler to work, the compiler after modification can have the modification removed, but still produce with the effect of the modification (assuming it is well written). Thus there would be no verifiable source in the compiler to indicate some other code was being produced unintended by the source author.
I do NOT believe it applies in this case, however there seems no active public 3rd party auditing / discussion of Sveasoft GPL product going on... no makefile review ... no scrutiny of the code... I believe one reason is the general hostility to poking around by Sveasoft and the attempt to modify what the GPL is about. |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs:
·SureWest Internet
| said by pandora :
I do NOT believe it applies in this case, however there seems no active public 3rd party auditing / discussion of Sveasoft GPL product going on... no makefile review ... no scrutiny of the code... I believe one reason is the general hostility to poking around by Sveasoft and the attempt to modify what the GPL is about.
Please provide me with links to active public auditing of Linksys GPL software. For all we know Linksys could have put a backdoor into their GPL software. |
|
harwoodr
Pornographic Memory
Premium
join:2002-09-05
Hamilton, ON
·Mountain Cable
| reply to pandora
said by pandora :
The problem is in 2 above, the cancellation for redistribution. The fee's charged for support, and for distribution are within GPL, it does NOT seem within GPL to attempt to limit rights on redistribution as Sveasoft has.
I think the GPL is only concerned with the source. Binaries are a different beast... you can actually charge for the service of compiling them.
Have a look at Transgaming and Winex (or whatever they're calling it now)... they essentially charge for the compiled binary of winex (and they're add-on tools, which are not GPL)... the model works for them.
--
Become a Browncoat! |
|
tdb
join:2002-05-30
Concord, NC
·CT Communications
| reply to pandora
said by pandora :
You are correct the Thompson model requires modification of the compiler to work, ...
I understand now.
quote:
I do NOT believe it applies in this case, however there seems no active public 3rd party auditing / discussion of Sveasoft GPL product going on... no makefile review ... no scrutiny of the code... I believe one reason is the general hostility to poking around by Sveasoft and the attempt to modify what the GPL is about.
Good point. Although I would tend to think the opposite. His actions made him a lot of enemies. I would think these people would be pouring over his code trying to find errors or inconsistencies just so they could publicly lambaste him.
--
Linux, it's what's for dinner. |
|
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast
| reply to bbarrera
said by bbarrera :
Please provide me with links to active public auditing of Linksys GPL software. For all we know Linksys could have put a backdoor into their GPL software.
The following have massaged, worked, and reviewed with varying intensity the Linksys GPL firmware...
»www.batbox.org/wrt54g-linux.html
»www.portless.net/ewrt/index.html
»nocat.net/download/wrtgen/
»openwrt.ksilebo.net/
»sourceforge.net/projects/wifi-box/
»www.sveasoft.com/modules/phpBB2/index.php
»cmeerw.org/dev/node/view/97
Any backdoor, trojan or whatever would have to be missed by all the above to be in the Linksys code... do you really believe there is a Trojan in the Linksys code?
It's the ability to have the informal review even of a fork of a GPL product which permits ever greater degrees of assurance regarding various versions. |
|
harwoodr
Pornographic Memory
Premium
join:2002-09-05
Hamilton, ON | Has anyone rated/reviewed the various third-party firmwares?
--
Become a Browncoat! |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs: | reply to pandora
Do you really believe there is a Trojan in the Sveasoft firmwaare? If not why do you create FUD?
I couldn't find any references to a formal audit in any of the links you provided. |
|
