On Mon, 8 May 2017 16:38:22 +0100 Luke Kenneth Casson Leighton lkcl@lkcl.net wrote:
On Mon, May 8, 2017 at 4:23 PM, ronwirring@safe-mail.net wrote:
Is it common to do something like this against a person?
in the unethical business world? of course it is! mostly you don't get to hear about it, but software libre developers are different. they're not beholden to anyone, they're not corporate slaves, they're not controlled and they are entitled to speak their mind.
consequently they get attacked. especially if some fucker deems that their "profit" is threatened.
for example: there was some discussion back in 1999 as to whether microsoft would ever take out a contract on my life, when i was doing the reverse-engineering of NT domains. consequently i decided that the research that i was doing had best be presented responsibly to them as "security vulnerabilities", presented PRIVATELY to them (as a responsible security researcher does) and only later disclosing them if they didn't fix the problems in a reasonable timeframe.
and that's why ISS hired me. the strategy that i deployed worked. one microsoft employee actually called ISS up asking them to fire me. ISS declined, pointing out that i was quite likely to get very pissed off, and would they prefer me inside pissing out or outside pissing in? they're absolutely right: i would have worked really really hard to release one devastating public zero-day security vulnerability - with full exploit code - every few days for several months, if they'd fucked with me.
<snip> I am just a tad confused. 1. You started a reverse engineering project on NT domains. 2. You presented your success to MS as a security problem. 3. You were hired. 4. Someone in MS complained.
So, the FLOSS folks never saw your work anyway?
Thanks, David