headers
Randall Crook | 2 Dec 2009 01:41
Picon

Re: Non-Malicious Linux Malware?

Apart from the oxymoron, I am surprised no one has done this before 
(that we know of)... Not hard when you consider more non-technical users 
are now switching to linux, making this type of thing more attractive to 
the criminal and malicious elements...

As to if he should release it, no I don't think he should... Too many 
dumb script kiddies out there would just use it for evil.

As to advertising it exists and what it can do.. Absolutely. The more 
people know it can be done, and the more education about using SElinux 
and the vigilance needed when surfing, the better the environment for all.

Randall.

On 2/12/09 10:23 AM, Dale wrote:
> Hi All,
>
> I found this to bit of an interesting read:
> http://ask.slashdot.org/story/09/12/01/0025213/Ethics-of-Releasing-Non-Malicious-Linux-Malware
>
> Regards
> Dale
>
Permalink | Reply | 1 comment |
headers
Melissa Draper | 3 Dec 2009 12:15
Gravatar

[Fwd: [LACTTE] Grant Proposal: Customer Compliance HowTo]

Forwarded (with permission) for discussion as per the grants policy
http://linux.org.au/projects/grants/

-------- Forwarded Message --------
From: Brendan Scott (lists) <lists@...>
To: committee@...
Subject: [LACTTE] Grant Proposal: Customer Compliance HowTo
Date: Wed, 02 Dec 2009 14:32:52 +1100

Request for Grant under the Linux Australia Grants Program

**** Date: 2 December 2009

**** Project Name: 
Customer Compliance HowTo

This is a grant application and is subject to my earlier grant application "Feasibility Report for
Customer Enforced Licence Compliance":
* being approved; and
* resulting in a positive outcome

**** Aim of the Project:
This proposal is for the development of Australia specific resources to assist in enforcing compliance
with open source licences (primarily focussed on embedded devices, but the resources would be more
generically applicable).  Output would be a HOWTO type document covering issues from identifying an
infringement up to lodging a complaint with the relevant Fair Trading Office. Things it would like cover
(by way of example, but may change in the course of research or drafting) are:

* overview of how to identify non-compliant devices, with pointers to more detailed resources
* outline of compliance process up to initiation of proceedings
(Continue reading)

Permalink | Reply | 4 comments |
headers
Melissa Draper | 3 Dec 2009 12:12
Gravatar

[Fwd: [LACTTE] Grant Proposal: Feasibility Report for Customer-Enforced Licence Compliance]

Forwarded (with permission) for discussion as per the grants policy at
http://linux.org.au/projects/grants/

-------- Forwarded Message --------
From: Brendan Scott <lists@...>
To: committee@...
Subject: [LACTTE] Grant Proposal: Feasibility Report for
Customer-Enforced Licence Compliance
Date: Mon, 16 Nov 2009 12:10:45 +1100

Request for Grant under the Linux Australia Grants Program

**** Date: 16 November 2009

**** Project Name: 
Feasibility Report for Customer-Enforced Licence Compliance

**** Aim of the Project:
Historically open source compliance involves bringing, or threatening to bring, court action in
copyright to enforce the licence terms.  This approach has a number of problems:
* only a copyright holder (or exclusive licensee) can bring a copyright action;
* court cases involve non-trivial filing costs; 
* court cases often require specialist (and expensive) legal advice;   
* commencing litigation brings with it the risk of being exposed to the legal costs incurred by the
defendant in the event the action is unsuccessful.

I propose to investigate the feasibility of initiating enforcement/compliance action through consumer
legislation.  If compliance is feasible through the consumer legislation it will have the following benefits:
* very wide concept of standing (eg any purchaser can bring an action, even if they are not copyright holder
and, in some cases, even non-purchasers)
(Continue reading)

Permalink | Reply | 5 comments |
headers
James Purser | 3 Dec 2009 13:43
Picon
Favicon

Re: [Fwd: [LACTTE] Grant Proposal: Feasibility Report for Customer-Enforced Licence Compliance]

On Thu, 2009-12-03 at 22:12 +1100, Melissa Draper wrote:
> Request for Grant under the Linux Australia Grants Program
> 
> **** Date: 16 November 2009
> 
> **** Project Name: 
> Feasibility Report for Customer-Enforced Licence Compliance
> 
> Output
> The output of the work would be a report on the review and an explanation of the feasibility of such an
approach. 
> The report may be licensed openly (eg GPLv3) and would be drafted accordingly (this may mean that the
report would be more circumspect than if it was not published openly). 
> 

Personally I think the report should be available to everyone, why do
you think that having the report being open would require more
circumspection?

> Milestones:
> Report to be produced by 31 January 2010 if approved before start of December 09, 14 February if approved in
December 09, otherwise within 4-6 weeks of grant approval.  
> 
> 
> **** Person Responsible for Request:
> Brendan Scott
> 
> **** Request:
> Grant amount: $3,000
(Continue reading)

Permalink | Reply | 2 comments |
headers
Arjen Lentz | 3 Dec 2009 13:35
Picon
Gravatar

Re: [Fwd: [LACTTE] Grant Proposal: Feasibility Report for Customer-Enforced Licence Compliance]

Hi Melissa, all

----- "Melissa Draper" <melissa@...> wrote:
> Forwarded (with permission) for discussion as per the grants policy
> at http://linux.org.au/projects/grants/

Interesting!
If it was any other person proposing, I'd be extremely sceptical - but seeing it's Brendan... the dude knows
his stuff. So I'm presuming the objective is potentially attainable, and thus the research worth doing. Cool!

> -------- Forwarded Message --------
> From: Brendan Scott <lists@...>
> To: committee@...
> Subject: [LACTTE] Grant Proposal: Feasibility Report for
> Customer-Enforced Licence Compliance
> Date: Mon, 16 Nov 2009 12:10:45 +1100
> 
> Request for Grant under the Linux Australia Grants Program
> 
> **** Date: 16 November 2009
> 
> **** Project Name: 
> Feasibility Report for Customer-Enforced Licence Compliance
> 
> 
> **** Aim of the Project:
> Historically open source compliance involves bringing, or threatening
> to bring, court action in copyright to enforce the licence terms. 
> This approach has a number of problems:
> * only a copyright holder (or exclusive licensee) can bring a
(Continue reading)

Permalink | Reply | 0 comments |
headers
Arjen Lentz | 3 Dec 2009 13:40
Picon
Gravatar

Re: [Fwd: [LACTTE] Grant Proposal: Customer Compliance HowTo]


----- "Melissa Draper" <melissa@...> wrote:

> Forwarded (with permission) for discussion as per the grants policy
> http://linux.org.au/projects/grants/
> 
> -------- Forwarded Message --------
> From: Brendan Scott (lists) <lists@...>
> To: committee@...
> Subject: [LACTTE] Grant Proposal: Customer Compliance HowTo
> Date: Wed, 02 Dec 2009 14:32:52 +1100
> 
> Request for Grant under the Linux Australia Grants Program
> 
> **** Date: 2 December 2009
> 
> **** Project Name: 
> Customer Compliance HowTo
> 
> This is a grant application and is subject to my earlier grant
> application "Feasibility Report for Customer Enforced Licence
> Compliance":
> * being approved; and
> * resulting in a positive outcome

Sounds good! could a) OK it if the other one is OKed, with the abovementioned conditionals, or b) put it on
standby awaiting the outcome of the first part. I'm thinking a) might be good, then there's a clear "next
step" and pratical application of the research step, should it be successful. Extra positive point for
Brendan when working on this, as well as for any others involved.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Janet Hawtin | 3 Dec 2009 13:11
Picon

Re: [Fwd: [LACTTE] Grant Proposal: Customer Compliance HowTo]

+1 Brendan has contributed a lot of time on issues such as the ooxml
standards process.
This sounds like useful work.

On Thu, Dec 3, 2009 at 9:45 PM, Melissa Draper <melissa@...> wrote:
> Forwarded (with permission) for discussion as per the grants policy
> http://linux.org.au/projects/grants/
>
> -------- Forwarded Message --------
> From: Brendan Scott (lists) <lists@...>
> To: committee@...
> Subject: [LACTTE] Grant Proposal: Customer Compliance HowTo
> Date: Wed, 02 Dec 2009 14:32:52 +1100
>
> Request for Grant under the Linux Australia Grants Program
>
> **** Date: 2 December 2009
>
> **** Project Name:
> Customer Compliance HowTo
>
> This is a grant application and is subject to my earlier grant application "Feasibility Report for
Customer Enforced Licence Compliance":
> * being approved; and
> * resulting in a positive outcome
>
>
> **** Aim of the Project:
> This proposal is for the development of Australia specific resources to assist in enforcing compliance
with open source licences (primarily focussed on embedded devices, but the resources would be more
(Continue reading)

Permalink | Reply | 0 comments |
headers
Matthew Lye | 3 Dec 2009 23:24
Picon

Re: [Fwd: [LACTTE] Grant Proposal: Customer Compliance HowTo]

I would think that this would be a very useful tool.


-Matthew Lye

You can do anything you set your mind to when you have vision, determination, and and endless supply of expendable labor.
<No tree's were harmed during this transmission. However, a great number of electrons were terribly inconvenienced>


On Thu, Dec 3, 2009 at 9:15 PM, Melissa Draper <melissa-eC25WdKX6mJF6kxbq+BtvQ@public.gmane.org> wrote:
Forwarded (with permission) for discussion as per the grants policy
http://linux.org.au/projects/grants/

-------- Forwarded Message --------
From: Brendan Scott (lists) <lists-yzvPICuk2ABRE9eweF4ml6VXKuFTiq87@public.gmane.org>
To: committee-Xh+NVF5n0LINqqZFaT1CxQ@public.gmane.org
Subject: [LACTTE] Grant Proposal: Customer Compliance HowTo
Date: Wed, 02 Dec 2009 14:32:52 +1100

Request for Grant under the Linux Australia Grants Program

**** Date: 2 December 2009

**** Project Name:
Customer Compliance HowTo

This is a grant application and is subject to my earlier grant application "Feasibility Report for Customer Enforced Licence Compliance":
* being approved; and
* resulting in a positive outcome


**** Aim of the Project:
This proposal is for the development of Australia specific resources to assist in enforcing compliance with open source licences (primarily focussed on embedded devices, but the resources would be more generically applicable).  Output would be a HOWTO type document covering issues from identifying an infringement up to lodging a complaint with the relevant Fair Trading Office. Things it would like cover (by way of example, but may change in the course of research or drafting) are:

* overview of how to identify non-compliant devices, with pointers to more detailed resources
* outline of compliance process up to initiation of proceedings
* steps that a person should take when seeking to enforce compliance, including information that the person should record/look for in preparation for a compliance action
* sample/precedent initial letter, discussion of serving letters/requests for information, discussion on who might be appropriate to send such a letter to.
* sample/precedent fair trading complaint.

Output
HOWTO-type document covering issues such as those above.
The document may be licensed openly (eg GPLv3) and would be drafted accordingly (this may mean that the document would be more circumspect than if it was not published openly).


Milestones:
Report to be produced within 4-6 weeks of later of: grant approval and completion of the feasibility research.

**** Person Responsible for Request:
Brendan Scott


**** Request:
Grant amount: $3,000


**** Forwarding to linux-aus <at>
This is fine.


My Contribution: Costing includes 1:1 donation of my time.








_______________________________________________
committee mailing list
committee-cunTk1MwBs8iFSDQTTA3OPd9D2ou9A/h@public.gmane.orgu
http://lists.linux.org.au/listinfo/committee


--
Melissa Draper

w: http://meldraweb.com & http://geekosophical.net
p: +61 4 0472 2736


_______________________________________________
linux-aus mailing list
linux-aus-cunTk1MwBs8iFSDQTTA3OPd9D2ou9A/h@public.gmane.orgu
http://lists.linux.org.au/listinfo/linux-aus

_______________________________________________
linux-aus mailing list
linux-aus@...
http://lists.linux.org.au/listinfo/linux-aus
Permalink | Reply | 0 comments |
headers
Rusty Russell | 4 Dec 2009 01:13
Picon
Gravatar

Re: [Fwd: [LACTTE] Grant Proposal: Feasibility Report for Customer-Enforced Licence Compliance]

On Thu, 3 Dec 2009 11:13:21 pm James Purser wrote:
> On Thu, 2009-12-03 at 22:12 +1100, Melissa Draper wrote:
> > Request for Grant under the Linux Australia Grants Program
> > 
> > **** Date: 16 November 2009
> > 
> > **** Project Name: 
> > Feasibility Report for Customer-Enforced Licence Compliance
> > 
> > Output
> > The output of the work would be a report on the review and an explanation of the feasibility of such an
approach. 
> > The report may be licensed openly (eg GPLv3) and would be drafted accordingly (this may mean that the
report would be more circumspect than if it was not published openly). 
> 
> Personally I think the report should be available to everyone, why do
> you think that having the report being open would require more
> circumspection?

If I may speculate on Brendan's behalf here?

An assessment like this would include analysing the effectiveness of responses
to such a legal action.  You don't really want to hand potential opponents a
template.

FWIW, I think it's worthwhile to investigate this possibility.  If the
outcome is positive it could strengthen the hand of LA members trying to get
source from non-compliant vendors.

Cheers,
Rusty.
Permalink | Reply | 1 comment |
headers
David Newall | 2 Dec 2009 07:16

Re: Non-Malicious Linux Malware?

Randall Crook wrote:
> Apart from the oxymoron, I am surprised no one has done this before 
>   

Well, there was Robert Morris's "internet worm", back in the '80s, which 
took down much of the internet. Mind you, the internet was a lot smaller 
then.

> As to advertising it exists and what it can do.. Absolutely. The more 
> people know it can be done, and the more education about using SElinux 
>   

The interesting point about Morris et al's worm was that it exploited 
security holes which had been known and documented for years. Letting 
people know is unlikely to change peoples' habits. Being bitten does that.
Permalink | Reply | 0 comments |

Gmane