Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 3 Jun 2017 07:30:07 -0400
From: Brad Spengler <spender@...ecurity.net>
To: kernel-hardening@...ts.openwall.com
Subject: Stop the plagiarism

http://www.openwall.com/lists/kernel-hardening/2017/06/03/11

Guys, this is your *last warning*.  This stops *now* or I'm sending lawyers
after you and the companies paying you to plagiarize our work and violate
our *registered* copyright (which for the record entitles us to punitive
damages which now are very easily provable).  It's time to get serious
about attribution -- what you are doing is completely unacceptable.  I'm
already in contact with lawyers to prepare for the next time this happens.
If any of this plagiarized and misattributed code actually made it into
the Linux kernel, you'd all be in a world of pain.

Matt -- did you not see in the directory the Kconfig file was copy+pasted
from the following:

# grsecurity - access control and security hardening for Linux
# All code in this directory and various hooks located throughout the Linux kernel are
# Copyright (C) 2001-2014 Bradley Spengler, Open Source Security, Inc.
# http://www.grsecurity.net spender@...ecurity.net
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 2
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Yet you are claiming copyright entirely over my work.  Your copy+pasted
Kconfig entry didn't even adjust for your renaming of my sysctl variables.
Search+replace of config and function names is not transformative, and
I dare to think how much of your tpe_lsm.c is copy+pasted from cormander's
LSM.

I know it must be hard for the KSPP, having no original ideas of its
own, but this is not security or development.  It's mindless plagiarism
and illegal.  Then to slap your own copyright over the whole copy+pasted
thing is a total insult and demonstrates the complete lack of respect
KSPP has for the work it can't accomplish anything without.  The KSPP
and the companies funding it wouldn't be able to show a shred of perceived
progress were it not for its ability to simply copy+paste portions of
our work, because every time you modify something you introduce bugs and
new vulnerabilities, demonstrating your cluelessness.

While I'm here:
http://openwall.com/lists/kernel-hardening/2017/06/02/3

"a value linux-hardened and grsecurity have used for a long time now"
Rik, you're giving credit to a project that didn't even exist a couple
weeks ago, yet they've somehow used it "for a long time", even though
it only exists there because it was copy+pasted from grsecurity?  Is
that what we do now, credit plagiarists instead of the actual authors of
the work?  Sorry, but the "work" of struggling to understand code that
isn't yours doesn't suddenly make it your code.

https://lwn.net/SubscriberLink/724319/830a4de15663b8dd/
over a dozen mentions of various forms of "Cook's implementation"
that was blindly copy+pasted from PaX (as evidenced by its bugs and
complete misunderstanding of how the original PaX code works since
it didn't copy+paste all the parts it needed).  And of course Kees
is nowhere to be found to correct the misattribution of the work because
it benefits him and his perceived security ability.  There's a word for
that: charlatan.

Or how about this one:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f48641cfc83c3e1fdc81204382e05edf182691a
First three copied directly from grsecurity, presumably you submitted
some patch series to a mailing list where only the 0/N cover mail mentioned
grsecurity, and now there's no mention whatsoever of where the changes
came from in the first place.  You guys are seriously playing with fire,
and it seems like an intentional act of revenge for being cut off from
our work (lest I remind you of the legal and financial consequences of
willful copyright infringement).

This is exactly how your plagiarism works.  This is exactly why you
no longer have access to our work -- do you not get how incredibly
infuriating this is?

This is your last warning.  This is not a new problem and it needs to
end completely, or I will make sure it ends.

-Brad


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.