Re: Remote hole in OpenBSD 4.1

["Joey Mengele" <joey.mengele () hushmail com>]

LOLOLOL STOP NAMEDROPPING YOU GAY BASHING KIKE

J

On Mon, 06 Aug 2007 05:19:13 -0400 Gadi Evron <ge () linuxbox org> 
wrote:
> Sorry, I don't know who gadievron () yahoo com is, but it wasn't me. 
> I'd 
> suggest emailing Rocky, he likes big guys. :)
>
> Thanks,
>
>       Gadi.
>
> On Mon, 6 Aug 2007, monikerd wrote:
>
> > Gadi Evron wrote:
> > > I formerly had a great deal of respect, bordering on 
> admiration, for Theo
> > > deRaadt's refusals to compromise his open source principles, 
> even in the
> > > face of stiff opposition. Although he has occasionally gone 
> over-the-top,
> > > recommended some frankly very dubious changes to OpenBSD, and 
> is regularly
> > > arrogant (which is even more annoying because he's so often 
> right!), he's
> > > always remained consistent in his devotion to the cause of 
> GNU/Free Software.
> > > Notice "formerly": my confidence in deRaadt has been soundly 
> shaken by his
> > > latest round of unfounded aspersions cast against Intel's Core 
> 2 line of
> > > CPUs. Instead of getting the facts with careful analysis and 
> study, deRaadt
> > > has jumped the gun by trying to preempt proper research with 
> posts to the
> > > openbsd-misc mailing list. This in itself wouldn't be so bad, 
> but his only
> > > proper citation is a 404 page, and his only other source is an 
> old summary
> > > of unverified errata from a hobbyist website.
> > >
> > > The lack of fact-checking and complete absence of any credible 
> sources for
> > > his allegations is suspicious in itself, but he compounds it 
> into a complete
> > > boner by making an equally unsupported claim that the supposed 
> (in fact
> > > non-existent) CPU problems are security flaws:
> > >
> > > As I said before, hiding in this list are 20-30 bugs that 
> cannot be worked
> > > around by operating systems, and will be potentially 
> exploitable. I would
> > > bet a lot of money that at least 2-3 of them are.
> > >
> > > Without real references to backup his exaggerated concerns, 
> deRaadt's post
> > > crosses the line into outright libel and scare-mongering. It's 
> obvious when
> > > you know what to look for: the subtle use of neurolinguistic 
> priming in
> > > emotive leading phrases such as "some errata like AI65, AI79, 
> AI43, AI39,
> > > AI90, AI99 scare the hell out of us", "Open source operating 
> systems are
> > > largely left in the cold", "hiding in this list", and so forth. 
> This does
> > > not lead me to share Theo's purported fears; instead it leads 
> me to believe
> > > that he's trying to unduly influence Intel's reputation with 
> lies.
> > > I have an idea of why. It's the same reason deRaadt feels 
> comfortable in
> > > saying that he'd "bet a lot of money" on Intel's Core 2 
> processors having
> > > multiple (not one, but several) security flaws originating from 
> these
> > > errata. Namely, one of Intel's largest competitors has supplied 
> the OpenBSD
> > > project with a substantial amount of monetary support since 
> 2004, presumably
> > > because they can't compete even in the open source market 
> without propping
> > > it up with a flow of money. They cannot maintain their position 
> on the
> > > processor front, so they're resorting to buying out open source 
> software
> > > developers. It's regrettably cheap to do so, even if they have 
> deRaadt's
> > > prestige, because their business models stifle income and so a 
> monolith such
> > > as AMD can trivially tempt them with greater incentives. In 
> fact deRaadt is
> > > an easier target for "donations" because he makes it clear that 
> he has no
> > > business model for OpenBSD.
> > >
> > > Intel, by contrast, have no discernable incentive to deceive or 
> play down
> > > security flaws in their products; the consecutive f00f and FDIV 
> bugs of the
> > > past have taught Intel that their best course of action is to 
> face up to
> > > their errors and offer speedy fixes.
> > >
> > > DeRaadt's claim that Intel must "be come [sic] more 
> transparent" is most
> > > unfounded, especially when one considers who stands to benefit 
> from this
> > > anti-Intel arrangement; the connections between the AMD-ATI 
> leviathan and
> > > deRaadt-driven projects are not hard to find. AMD make a point 
> of
> > > emphasising OpenBSD's place in the "AMD64 ecosystem", and, as 
> already
> > > mentioned, lends its deep pockets to deRaadt's grasp. And the 
> connections go
> > > both ways too: deRaadt has a blatant chip on his shoulder 
> regarding Intel.
> > > Ultimately, it hasn't been enough for deRaadt to level 
> unsubstantiated
> > > libels at Intel, or to elicit spurious security fears about its 
> solidly
> > > tested products. He's added an extra layer of hypocrisy on top 
> by attacking
> > > Intel for being opaque and complaining about made-up fatal 
> flaws in their
> > > Core 2 system. I would go as far as to posit that it is in fact 
> deRaadt's
> > > system for running the OpenBSD project which has a fatal flaw. 
> This escapade
> > > proves that deRaadt -- and by extension the OpenBSD project -- 
> is simply too
> > > vulnerable to external influence from corporations with a 
> vested interest
> > > and lots of lucre.
> ___________________________________________________________________
> _________________Ready for the edge of your seat?
> > > Check out tonight's top picks on Yahoo! TV.
> > > http://tv.yahoo.com/
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > Nice try, but (Wrong list). Too little to late.
> >
> > firstly you employ the trick of "accuse them first" when you get 
> to
> > "neurolinguistic priming"
> > your text is full of it. Basically that's all your email is.
> >
> > Theo's posts were quite some time ago, and then neither of the 
> links
> > were 404.
> >
> > Also your topic is misleading.
> >
> > Your mail cites even fewer references. Does not contribute 
> anything new.
> > You are basically saying you disagree. well ladida. That's your 
> right.
> > Didn't need to use that
> > many ascii or fancy words for that.
> >
> > If a major cpu does not perform to specifications, this is a big 
> deal,
> > seeing as you only now
> > have come to hear about it, signifies how much it has been 
> downplayed.
> > Theo's methods and arguments, are often flawed in several ways, 
> and he's
> > sure been
> > known to overreact. However usually the underlying theme is 
> pretty accurate.
> > And in this case he's saying. FCOL you are degrading my 
> operating
> > system's quality
> > on these chips and not even releasing the information I need, to 
> fix it.
> > "no discernable incentive to deceive" --> are you kidding here 
> or just stupid?
> > - It has stock holders
> > - what would it cost to recall the chips? When there is no 
> replacement yet?
> > Now I like Intel, I realize what adverse effects releasing all 
> the details could be
> > concerning IP (yes these guys are kinda careful with that, 
> stockholders again ..)
> > reputation, balance sheets, ...
> >
> >
> > I'm pretty sure this conversation has already taken place.We'll 
> see how it plays out.
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

--
Click to publish your book fast with high quality presses.
http://tagline.hushmail.com/fc/Ioyw6h4dAxJttsoPDFjmdNC1ELQthVrG71IBJJERtXE2ra4aWWpwqU/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/