On Mon, 8 May 2017 16:38:22 +0100 Luke Kenneth Casson Leighton lkcl@lkcl.net wrote:
On Mon, May 8, 2017 at 4:23 PM, ronwirring@safe-mail.net wrote:
Is it common to do something like this against a person?
in the unethical business world? of course it is! mostly you don't get to hear about it, but software libre developers are different. they're not beholden to anyone, they're not corporate slaves, they're not controlled and they are entitled to speak their mind.
consequently they get attacked. especially if some fucker deems that their "profit" is threatened.
for example: there was some discussion back in 1999 as to whether microsoft would ever take out a contract on my life, when i was doing the reverse-engineering of NT domains. consequently i decided that the research that i was doing had best be presented responsibly to them as "security vulnerabilities", presented PRIVATELY to them (as a responsible security researcher does) and only later disclosing them if they didn't fix the problems in a reasonable timeframe.
and that's why ISS hired me. the strategy that i deployed worked. one microsoft employee actually called ISS up asking them to fire me. ISS declined, pointing out that i was quite likely to get very pissed off, and would they prefer me inside pissing out or outside pissing in? they're absolutely right: i would have worked really really hard to release one devastating public zero-day security vulnerability - with full exploit code - every few days for several months, if they'd fucked with me.
<snip> I am just a tad confused. 1. You started a reverse engineering project on NT domains. 2. You presented your success to MS as a security problem. 3. You were hired. 4. Someone in MS complained.
So, the FLOSS folks never saw your work anyway?
Thanks, David
--- crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Mon, May 29, 2017 at 10:48 PM, David Niklas doark@mail.com wrote:
I am just a tad confused.
- You started a reverse engineering project on NT domains.
- You presented your success to MS as a security problem.
and also a collaboration and interoperability opportunity (which worked extremely successfully).
and it also galvanised them to do a proper documentation effort. basically there wasn't any. at all. the code had been organically develeped by engineers that were getting on for retirement age. as they were the only ones left who understood the security implications, they began a rather urgent process called the "CIFS Initiative" to document the protocol so that their *own engineers could understand it*.
frickin funny, really.
- You were hired.
- Someone in MS complained.
some fuckwit in the brain-washed marketing department, yes. what's hilarious is that microsoft's own employees - the ones with good reputations and standing - had to tell this particular specimen of brainwashed fuckwittery, "you _do_ realise what this one individual could do to our company if you ever pissed him off??"
:)
So, the FLOSS folks never saw your work anyway?
they did.... and they resented it, very very badly. the so-called leaders of the samba team *really* did not like the fact that i knew more than them about MSRPC, and that the work that i spearheaded increased the codebase of samba at the time by a whopping THIRTY PERCENT.
so they engineereed a way to get me out.
by 2003 someone in the FLOSS community tracked my work on Exchange 5.5 reverse-engineering, copied it, reimplemnted it, and did not tell anyone that i was the one who had done the reverse-engineering.
20 years later samba is considered to be a failure. samba 4 was something like 10 years in the making, and yet failed to deliver. companies that had held on to samba 3, which the samba developers STOPPED work on because they didn't understand it properly, were struggling to keep it up and running and were totally incensed when samba 4 was finally released and was even worse and even harder to configure.
they pushed me out and FLOSS has suffered as a result, because the complexity is so high it's beyond their ability to cope.
l.
2017-05-30 4:36 GMT+02:00 Luke Kenneth Casson Leighton lkcl@lkcl.net:
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Mon, May 29, 2017 at 10:48 PM, David Niklas doark@mail.com wrote:
I am just a tad confused.
- You started a reverse engineering project on NT domains.
- You presented your success to MS as a security problem.
and also a collaboration and interoperability opportunity (which worked extremely successfully).
and it also galvanised them to do a proper documentation effort. basically there wasn't any. at all. the code had been organically develeped by engineers that were getting on for retirement age. as they were the only ones left who understood the security implications, they began a rather urgent process called the "CIFS Initiative" to document the protocol so that their *own engineers could understand it*.
frickin funny, really.
- You were hired.
- Someone in MS complained.
some fuckwit in the brain-washed marketing department, yes. what's hilarious is that microsoft's own employees - the ones with good reputations and standing - had to tell this particular specimen of brainwashed fuckwittery, "you _do_ realise what this one individual could do to our company if you ever pissed him off??"
:)
So, the FLOSS folks never saw your work anyway?
they did.... and they resented it, very very badly. the so-called leaders of the samba team *really* did not like the fact that i knew more than them about MSRPC, and that the work that i spearheaded increased the codebase of samba at the time by a whopping THIRTY PERCENT.
so they engineereed a way to get me out.
by 2003 someone in the FLOSS community tracked my work on Exchange 5.5 reverse-engineering, copied it, reimplemnted it, and did not tell anyone that i was the one who had done the reverse-engineering.
20 years later samba is considered to be a failure. samba 4 was something like 10 years in the making, and yet failed to deliver. companies that had held on to samba 3, which the samba developers STOPPED work on because they didn't understand it properly, were struggling to keep it up and running and were totally incensed when samba 4 was finally released and was even worse and even harder to configure.
they pushed me out and FLOSS has suffered as a result, because the complexity is so high it's beyond their ability to cope.
You're sounding like libv here ;-)
l.
arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netbook@files.phcomp.co.uk
On Tue, 30 May 2017 03:36:24 +0100 Luke Kenneth Casson Leighton lkcl@lkcl.net wrote:
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Mon, May 29, 2017 at 10:48 PM, David Niklas doark@mail.com wrote:
I am just a tad confused.
- You started a reverse engineering project on NT domains.
- You presented your success to MS as a security problem.
and also a collaboration and interoperability opportunity (which worked extremely successfully).
and it also galvanised them to do a proper documentation effort. basically there wasn't any. at all. the code had been organically develeped by engineers that were getting on for retirement age. as they were the only ones left who understood the security implications, they began a rather urgent process called the "CIFS Initiative" to document the protocol so that their *own engineers could understand it*.
frickin funny, really.
- You were hired.
- Someone in MS complained.
some fuckwit in the brain-washed marketing department, yes. what's hilarious is that microsoft's own employees - the ones with good reputations and standing - had to tell this particular specimen of brainwashed fuckwittery, "you _do_ realise what this one individual could do to our company if you ever pissed him off??"
:)
So, the FLOSS folks never saw your work anyway?
they did.... and they resented it, very very badly. the so-called leaders of the samba team *really* did not like the fact that i knew more than them about MSRPC, and that the work that i spearheaded increased the codebase of samba at the time by a whopping THIRTY PERCENT.
so they engineereed a way to get me out.
by 2003 someone in the FLOSS community tracked my work on Exchange 5.5 reverse-engineering, copied it, reimplemnted it, and did not tell anyone that i was the one who had done the reverse-engineering.
20 years later samba is considered to be a failure. samba 4 was something like 10 years in the making, and yet failed to deliver. companies that had held on to samba 3, which the samba developers STOPPED work on because they didn't understand it properly, were struggling to keep it up and running and were totally incensed when samba 4 was finally released and was even worse and even harder to configure.
they pushed me out and FLOSS has suffered as a result, because the complexity is so high it's beyond their ability to cope.
l.
I'm shocked. I've met so many nice people, like you, working on FLOSS projects... Just out of curiosity, did you ever consider developing a new version of samba that works right, just for fun and kicks?
Sincerely, David
--- crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Tue, May 30, 2017 at 8:29 PM, David Niklas doark@mail.com wrote:
I'm shocked.
yehh don't be - that's people for you.
I've met so many nice people, like you, working on FLOSS projects... Just out of curiosity, did you ever consider developing a new version of samba that works right, just for fun and kicks?
i did... but with so much mindshare invested, and how much effort it takes (3 years to correctly implement the network neighbourhood for example and that's *just one sub-system*) i figured i had better things to do.
l.
arm-netbook@lists.phcomp.co.uk