Full Disclosure mailing list archives
Re: Remote hole in OpenBSD 4.1
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Tue, 07 Aug 2007 23:33:23 -0400
LOLOLOL STOP NAMEDROPPING YOU GAY BASHING KIKE J On Mon, 06 Aug 2007 05:19:13 -0400 Gadi Evron <ge () linuxbox org> wrote:
Sorry, I don't know who gadievron () yahoo com is, but it wasn't me. I'd suggest emailing Rocky, he likes big guys. :) Thanks, Gadi. On Mon, 6 Aug 2007, monikerd wrote:Gadi Evron wrote:I formerly had a great deal of respect, bordering onadmiration, for TheodeRaadt's refusals to compromise his open source principles,even in theface of stiff opposition. Although he has occasionally goneover-the-top,recommended some frankly very dubious changes to OpenBSD, andis regularlyarrogant (which is even more annoying because he's so oftenright!), he'salways remained consistent in his devotion to the cause ofGNU/Free Software.Notice "formerly": my confidence in deRaadt has been soundlyshaken by hislatest round of unfounded aspersions cast against Intel's Core2 line ofCPUs. Instead of getting the facts with careful analysis andstudy, deRaadthas jumped the gun by trying to preempt proper research withposts to theopenbsd-misc mailing list. This in itself wouldn't be so bad,but his onlyproper citation is a 404 page, and his only other source is anold summaryof unverified errata from a hobbyist website. The lack of fact-checking and complete absence of any crediblesources forhis allegations is suspicious in itself, but he compounds itinto a completeboner by making an equally unsupported claim that the supposed(in factnon-existent) CPU problems are security flaws: As I said before, hiding in this list are 20-30 bugs thatcannot be workedaround by operating systems, and will be potentiallyexploitable. I wouldbet a lot of money that at least 2-3 of them are. Without real references to backup his exaggerated concerns,deRaadt's postcrosses the line into outright libel and scare-mongering. It'sobvious whenyou know what to look for: the subtle use of neurolinguisticpriming inemotive leading phrases such as "some errata like AI65, AI79,AI43, AI39,AI90, AI99 scare the hell out of us", "Open source operatingsystems arelargely left in the cold", "hiding in this list", and so forth.This doesnot lead me to share Theo's purported fears; instead it leadsme to believethat he's trying to unduly influence Intel's reputation withlies.I have an idea of why. It's the same reason deRaadt feelscomfortable insaying that he'd "bet a lot of money" on Intel's Core 2processors havingmultiple (not one, but several) security flaws originating fromtheseerrata. Namely, one of Intel's largest competitors has suppliedthe OpenBSDproject with a substantial amount of monetary support since2004, presumablybecause they can't compete even in the open source marketwithout proppingit up with a flow of money. They cannot maintain their positionon theprocessor front, so they're resorting to buying out open sourcesoftwaredevelopers. It's regrettably cheap to do so, even if they havedeRaadt'sprestige, because their business models stifle income and so amonolith suchas AMD can trivially tempt them with greater incentives. Infact deRaadt isan easier target for "donations" because he makes it clear thathe has nobusiness model for OpenBSD. Intel, by contrast, have no discernable incentive to deceive orplay downsecurity flaws in their products; the consecutive f00f and FDIVbugs of thepast have taught Intel that their best course of action is toface up totheir errors and offer speedy fixes. DeRaadt's claim that Intel must "be come [sic] moretransparent" is mostunfounded, especially when one considers who stands to benefitfrom thisanti-Intel arrangement; the connections between the AMD-ATIleviathan anddeRaadt-driven projects are not hard to find. AMD make a pointofemphasising OpenBSD's place in the "AMD64 ecosystem", and, asalreadymentioned, lends its deep pockets to deRaadt's grasp. And theconnections goboth ways too: deRaadt has a blatant chip on his shoulderregarding Intel.Ultimately, it hasn't been enough for deRaadt to levelunsubstantiatedlibels at Intel, or to elicit spurious security fears about itssolidlytested products. He's added an extra layer of hypocrisy on topby attackingIntel for being opaque and complaining about made-up fatalflaws in theirCore 2 system. I would go as far as to posit that it is in factdeRaadt'ssystem for running the OpenBSD project which has a fatal flaw.This escapadeproves that deRaadt -- and by extension the OpenBSD project --is simply toovulnerable to external influence from corporations with avested interestand lots of lucre.___________________________________________________________________ _________________Ready for the edge of your seat?Check out tonight's top picks on Yahoo! TV. http://tv.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/Nice try, but (Wrong list). Too little to late. firstly you employ the trick of "accuse them first" when you getto"neurolinguistic priming" your text is full of it. Basically that's all your email is. Theo's posts were quite some time ago, and then neither of thelinkswere 404. Also your topic is misleading. Your mail cites even fewer references. Does not contributeanything new.You are basically saying you disagree. well ladida. That's yourright.Didn't need to use that many ascii or fancy words for that. If a major cpu does not perform to specifications, this is a bigdeal,seeing as you only now have come to hear about it, signifies how much it has beendownplayed.Theo's methods and arguments, are often flawed in several ways,and he'ssure been known to overreact. However usually the underlying theme ispretty accurate.And in this case he's saying. FCOL you are degrading myoperatingsystem's quality on these chips and not even releasing the information I need, tofix it."no discernable incentive to deceive" --> are you kidding hereor just stupid?- It has stock holders - what would it cost to recall the chips? When there is noreplacement yet?Now I like Intel, I realize what adverse effects releasing allthe details could beconcerning IP (yes these guys are kinda careful with that,stockholders again ..)reputation, balance sheets, ... I'm pretty sure this conversation has already taken place.We'llsee how it plays out._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Click to publish your book fast with high quality presses. http://tagline.hushmail.com/fc/Ioyw6h4dAxJttsoPDFjmdNC1ELQthVrG71IBJJERtXE2ra4aWWpwqU/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Remote hole in OpenBSD 4.1 Gadi Evron (Aug 05)
- Re: Remote hole in OpenBSD 4.1 monikerd (Aug 05)
- Re: Remote hole in OpenBSD 4.1 Gadi Evron (Aug 06)
- Re: Remote hole in OpenBSD 4.1 wac (Aug 06)
- <Possible follow-ups>
- Re: Remote hole in OpenBSD 4.1 Michael Smythe (Aug 05)
- Re: Remote hole in OpenBSD 4.1 George Capehart (Aug 05)
- Re: Remote hole in OpenBSD 4.1 Joey Mengele (Aug 07)
- Re: Remote hole in OpenBSD 4.1 monikerd (Aug 05)