Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 4 Jun 2017 08:49:00 -0400
From: Brad Spengler <spender@...ecurity.net>
To: Daniel Micay <danielmicay@...il.com>
Cc: Kernel Hardening <kernel-hardening@...ts.openwall.com>,
	pageexec@...email.hu
Subject: Re: Stop the plagiarism

> comparable to where it came from. If they independently write the
> features without using your code as a reference (KSTACKOVERFLOW vs.
> VMAP_STACK

This is demonstrably false given Andy's own public statements:
https://lwn.net/Articles/692208/

> ARM memory domain PAN emulation

As posted in the other message, I emailed directly with the person
solely credited for ideas for that work, detailing everything
exactly and linking to the blog post about it.  I leave it up to
others to decide if they think it's at all likely if during discussions
of the topic, it never came in the head of that person that they had
discussed this very exact same thing a few years prior, while coming
up with the same solution.

> an issue with it. You weren't truly interested in being paid to
> upstream it yourself either, only to develop code downstream in a
> massive out-of-tree patch set.

Where's the evidence?  The PaX Team gave permission for anyone to publish
any private contracts and financial terms of real offers made.  Where are
they?  I don't recall if you and I ever had a real discussion about
upstreaming where I laid out the (what should be obvious) concerns --
namely that given that we have limited time, any paid upstreaming work,
being largely a waste of time and non-technical in nature, would need to
also ensure the continuity of the actual technical grsecurity work
and allow us to expand our pool of available hours.  Otherwise there's no
possibility for stable funding to continue any work and no time to do it,
which is exactly the short-sighted thinking I had mentioned to Kees since
the very beginning of the KSPP.  It's pointless to rehash it at this point
since again as mentioned, there is no evidence whatsoever that the
companies funding KSPP ever made any real offers to fund the work.  That
decision was made long ago, and we're simply continuing our work and doing
what needs to be done to ensure it continues.  As a reminder, upstreaming
doesn't solve all problems, and grsecurity would need to continue to exist
regardless of any upstreaming efforts.  You need look no further at the
100 or so KSPP emails about a single-line TIOCSTI change that not one
user has complained about in years.

> available patch. Sending me a legal threat over that tweet was
> ridiculous especially considering that the post linked to by that

You missed a step in there in your public portrayal of private messages
(it's not the first time, but I don't expect much else from someone
who needs to cultivate an image to fool the public into assisting him
with code his business depends on to sell).  Instead of replying to
or acknowledging my initial simple mail, you went on IRC to joke about
it publicly with other people.

-Brad

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.