Linked by David Adams on Thu 30th Jun 2011 15:40 UTC
Original OSNews Interviews OSNews interviews Alexander Tsolkas, security consultant, Director Sales & Marketing at Iπsec Ltd. Germany, and creator of HSS, or High Security Server, a highly secure Linux kernel and a proprietary management Control Panel. We ask him about his product and about the state of ultra high security computing.
Order by: Score:
Comment by Soulbender
by Soulbender on Thu 30th Jun 2011 16:00 UTC
Soulbender
Member since:
2005-08-18

hyperbole sales pitch or technical interview, you be the judge.

The star under the German security penetration companies called n.runs AG in Oberursel tested it.


What does this even mean? The star? Is that a department of n.runs or an employee or...what?

Funny was, that there were two brand new load balancers for 40.000 Euro


If you're good enough to build this HSS system why would you buy load balancers for 40k? It's not like these guys have the traffic volume of youtube for their site.

That was strange. So we think, that one of the existing three-letter-code agencies on earth tried their luck.


Suuuuuuure, and the pope is protestant.

Reply Score: 3

RE: Comment by Soulbender
by Vanders on Thu 30th Jun 2011 20:04 UTC in reply to "Comment by Soulbender"
Vanders Member since:
2005-07-06

"Funny was, that there were two brand new load balancers for 40.000 Euro


If you're good enough to build this HSS system why would you buy load balancers for 40k?
"

It doesn't surprise me. Unless you've got a decent clued up sysadmin, buying an appliance seems like a good deal.

For everyone playing along at home, HAProxy can do software load balancing at 10GbE line speed on a fairly cheap low end box, and it can do it for a hell of a lot less than €40,000

Reply Score: 2

RE: Comment by Soulbender
by kragil on Thu 30th Jun 2011 21:43 UTC in reply to "Comment by Soulbender"
kragil Member since:
2006-01-04

Yeah, this guy sounds like some 1337 kid that wants to sell his snake oil.

Creepy stuff ... if the HSS patches for the kernel are so great that a proprietary front end can generate millions in revenue than maybe someone should take a look at the source (or tell Harald Welte if the source isn't published)

Reply Score: 2

RE[2]: Comment by Soulbender
by dzx6w3 on Thu 30th Jun 2011 22:26 UTC in reply to "RE: Comment by Soulbender"
dzx6w3 Member since:
2011-06-30

Man, I have never seen somebody having eaten the wisdom with spoons, like you. Really. I am so impressed of all your technical knowledge you have given to your best here in this whole discussion. You did not had one real technical interest instead of blowing farts into this blog. I am sure that was developpping already, when you were still running around the Christmas Tree with a drum around your neck.

The culture I come from, works differently from your's. I have learned during my 52 stays in the US, to keep my tongue under control, and not to talk around like it has grown, and behave differently to Americans, you know, there are these dos and donts, but "hey", with a buddy like you, I feel like at home and probably tomorrow, all the things we wrote about affect me like a pee in the Mississippi.

God bless you, Soul(bit)bender

Reply Score: 1

Comments frustration
by Alfman on Fri 1st Jul 2011 00:32 UTC in reply to "RE[2]: Comment by Soulbender"
Alfman Member since:
2011-01-28

Actually, I feel for your frustration. It's extremely difficult to have a positive conversation about what you are doing when there are so many cynics waiting to knock you down. Now, instead of understanding the product better, everyone will get caught up in an unproductive flame war about tangential details. Sometimes people resort to obnoxious reasoning in order to control the discussion - it is all hugely distracting.

Yes, I know, this post is ironically guilty too.

This attitude appears to be the norm everywhere as far as I know, is german culture any different?

I am interested in what you've done to make linux more secure (not as a customer, since I'm poor, but as a computer scientist).

Edited 2011-07-01 00:35 UTC

Reply Score: 2

RE: Comments frustration
by Bill Shooter of Bul on Fri 1st Jul 2011 01:23 UTC in reply to "Comments frustration"
Bill Shooter of Bul Member since:
2006-07-14

It's extremely difficult to have a positive conversation about what you are doing when there are so many cynics waiting to knock you down.


Normally, I'd agree with you. But that positive conversation can't take place here. If there are kernel security experts here, they don't have access to their product and can't evaluate their claims. If there are not kernel security experts here, their product hasn't earned the respect of the experts elsewhere. Its not really worth discussing the potential security benefits of an untrusted, untestable system. So, people end up focusing on the crazy claims of espionage and international three letter acronym intrigue that make this seem as shady as a back alley kidney transplant.

I've read white papers of products I already use and pay for that I know are full of sh*t and don't do half the things as well as they claim. The real important information about a product comes from independent third parties that test and use the systems.

Reply Score: 3

RE[2]: Comments frustration
by Alfman on Fri 1st Jul 2011 04:26 UTC in reply to "RE: Comments frustration"
Alfman Member since:
2011-01-28

Bill Shooter of Bul,

"If there are kernel security experts here, they don't have access to their product and can't evaluate their claims. If there are not kernel security experts here, their product hasn't earned the respect of the experts elsewhere."

Sure, those are valid concerns for people interested in buying the product.

"Its not really worth discussing the potential security benefits of an untrusted, untestable system."

I disagree, Alex may very well have some valuable insight to contribute to a discussion on linux security. I am interested in the mechanisms used to control access in the kernel and it is worth discussing regardless of whether the product is proprietary or not, IMHO.

"So, people end up focusing on the crazy claims of espionage and international three letter acronym intrigue that make this seem as shady as a back alley kidney transplant."

Yes, I don't think Alex was expecting this. He got off on the wrong foot.


Technical questions for Alex:

1. What kind of context does HSS consider when deciding whether to permit or deny a request?

2. When a process executes "su", does the kernel invoke a userspace permission check through IPC? Is this somehow cached in the kernel, or repeated for every security check?

3. You indicated fewer scripts were required to use HSS, are events scriptable under HSS or do they have to follow a strict pattern engine?

4. How does HSS deal with concurrency? In particular, can the userspace portion handle parallel IPC requests (assuming there is a userspace portion) or are they serialized?

5. What is the impact to performance when the permission checks are enabled?

6. Does HSS do anything special to help debug app problems caused by restrictive permissions? How do I determine why my app is failing?

7. Does HSS work with a customized kernel?

8. Are the configuration files human read/writable or are they binary?

And I might as well ask, are you hiring english speaking devs?

Reply Score: 3

Bill Shooter of Bul Member since:
2006-07-14

Well, It was a sales pitch with minimal technical info. If they wanted to discuss the technology behind it, thats great they should have tried that instead of the sales pitch.

But for what its worth Google translate does a fair job on their whitepaper. it doesn't make me feel any more comfortable about the product, but you might find some good discussion points

http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http~*~...

Reply Score: 2

RE[4]: Comments frustration
by dzx6w3 on Sat 2nd Jul 2011 10:51 UTC in reply to "RE[3]: Comments frustration"
dzx6w3 Member since:
2011-06-30

I will have translated the white paper at 10th. of July.

Cheerio
Alex

Reply Score: 1

RE[3]: Comments frustration
by dzx6w3 on Sat 2nd Jul 2011 10:49 UTC in reply to "RE[2]: Comments frustration"
dzx6w3 Member since:
2011-06-30

Hi Alfman,

I will come up with the answers after the weekend.

Thank you

Alexander

Reply Score: 1

RE: Comments frustration
by dzx6w3 on Sat 2nd Jul 2011 10:41 UTC in reply to "Comments frustration"
dzx6w3 Member since:
2011-06-30

Hi Alfman,

I will send you a license. Where to please?

BRegs
Alex

Reply Score: 1

RE[3]: Comment by Soulbender
by Soulbender on Fri 1st Jul 2011 01:33 UTC in reply to "RE[2]: Comment by Soulbender"
Soulbender Member since:
2005-08-18

I am so impressed of all your technical knowledge you have given to your best here in this whole discussion.


Nice job insulting my technical knowledge (of which you know nothing). Nowhere in my post did I insult the technical skills of you or your team. Maybe you have a great product, maybe not. There's now way for me to tell because you provided so very little technical information and there are no sources of information.

You did not had one real technical interest instead of blowing farts into this blog.


There was little technical info provided. You mostly provided hyperbole and a sensationalist conspiracy theory as to why someone broke into your office. As I said, an interview with technical details provided by the designer would have resulted in a more technical and interesting discussion.

The culture I come from, works differently from your's.


You don't even know what my culture is. Hint: not american.

I am sure that was developpping already, when you were still running around the Christmas Tree with a drum around your neck.


I wouldn't bet on it.

Reply Score: 2

RE[4]: Comment by Soulbender
by dzx6w3 on Sat 2nd Jul 2011 10:46 UTC in reply to "RE[3]: Comment by Soulbender"
dzx6w3 Member since:
2011-06-30

You started insulting, I don't care for your culture. And I will not anwer any replies to you anymore, nor will I send you a copy of the product.

I think I will give Dave Adams a copy, he can eval the tool then with his people of trust and write about it.

Cheerio and bye forever.

Reply Score: 1

RE[3]: Comment by Soulbender
by Valhalla on Fri 1st Jul 2011 10:55 UTC in reply to "RE[2]: Comment by Soulbender"
Valhalla Member since:
2006-01-24

You did not had one real technical interest instead of blowing farts into this blog.

Well, while I can agree that Soulbender took a very negative tone (TypeOnegative, I lol'ed!), I'd say that generally people here on OSNews have very little patience with what they percieve as marketing fluff so you shouldn't take it as something personal.

As for the whole culture thing, I've never really bought into that. AFAIK Soulbender is (like me) from Sweden and certainly don't feel any 'cultural bond' with him or his views and I certainly doubt that he does towards me. Let's leave generalizations concerning nationality out of this discussion please.

Reply Score: 2

RE: Comment by Soulbender
by Bill Shooter of Bul on Sat 2nd Jul 2011 13:09 UTC in reply to "Comment by Soulbender"
Bill Shooter of Bul Member since:
2006-07-14

Hyperbole?

Take a look at the claims for their file transfer protocol.

http://ipisec.de/index.php?option=com_content&task=view&id=17&Itemi...

Reply Score: 2

Marketing?
by Gullible Jones on Thu 30th Jun 2011 16:08 UTC
Gullible Jones
Member since:
2006-05-23

This is interesting, but it also feels like Tsolkas is pushing his product. Not that he doesn't have a right to do that; but the whole thing looks just a little odd to me. And HSS doesn't seem to have much of a following; Googling it turns up this article and little else.

Also, I don't know Systrace from Adam, but considering the OpenBSD people consider it okay, I'm a bit confused by Tsolkas' dismissal of it as providing "bad security."

I'll admit I'm no security guru. But doesn't this smack a bit of scare marketing and FUD?

Edit: "Director Sales & Marketing..." Oh yeah. Duh.

Edited 2011-06-30 16:14 UTC

Reply Score: 2

RE: Marketing?
by Soulbender on Thu 30th Jun 2011 16:25 UTC in reply to "Marketing?"
Soulbender Member since:
2005-08-18

And HSS doesn't seem to have much of a following; Googling it turns up this article and little else.


Didn't you hear the man? They're keeping a low profile because everyone wants to steal the code for their open source product. Uhm..no wait...wtf.

I'm a bit confused by Tsolkas' dismissal of it as providing "bad security."


It's not, as long as you use it right. It certainly has some flaws but as long as you're aware of them and use the tool as intended it can be useful. Used wrong anything can be made to be "bad security".

I'll admit I'm no security guru. But doesn't this smack a bit of scare marketing and FUD?


Scare mongering = sales.

Reply Score: 1

RE[2]: Marketing?
by dzx6w3 on Thu 30th Jun 2011 19:07 UTC in reply to "RE: Marketing?"
dzx6w3 Member since:
2011-06-30

Hi Soulbender, it is me, Alex.

So let me give you some answers.n.runs AG is one of the best pentesting companies here in Germany and tested it. Call them, one of the two directors is American. http://www.nruns.com/_en/impressum.php. It is DOnald Lee.

You forgot the 4 Laptops in addition to the 2 LBs.

It first has been published in IDG Computerwoche in the online blog "Security Expert Council - called Security Expertenrat", but IDG closed that blog in 2010. Look it up in Google Cache please.

We are not afraid that somebody steels the code for the Unix OS, but for the control panel software (licenseware) which controls the security functions we have implemented. We have no intention of making people scary, we are just selling a secure OS.

Why do you argue so agressive? Be happy. Somebody invented something for good. By the way, Chief Developer was Marc Delling. Laugh, we are going to make our money with it anyhow, we already do. But just in case, that somebody spends 10 mandays in front of an SE-Linux to get it secure, we have a quicker, and well, of course a more expensive solution.

We send David a copy of the license soon, so maybe you got a chance to look at it too.

Bye for now, Alex

Reply Score: 1

RE[3]: Marketing?
by Soulbender on Thu 30th Jun 2011 19:24 UTC in reply to "RE[2]: Marketing?"
Soulbender Member since:
2005-08-18

So let me give you some answers.n.runs AG is one of the best pentesting companies here in Germany and tested it.


I figured that much but the sentence in the article is confusing.

Call them, one of the two directors is American.


Uh, ok? Is that fact supposed to impress me?

We are not afraid that somebody steels the code for the Unix OS, but for the control panel software (licenseware) which controls the security functions we have implemented.


And why would the 3 letter agencies been interested in the control panel? It's just a front-end to the actual functions. I'm sure any shadow agency worth it's salt could put together a frontend of their own, if they even need one.

We have no intention of making people scary, we are just selling a secure OS.


The answers in the interview has a pretty scare-mongering tone, especially with the "the shadow agencies of the world are out to get our stuff" spiel.

By the way, Chief Developer was Marc Delling. Laugh, we are going to make our money with it anyhow, we already do.


Good for you. Maybe you have a good product, maybe not, but either way you're not doing it any favors with the hyperbole and scare-mongering tone in the interview.

Reply Score: 3

RE[4]: Marketing?
by dzx6w3 on Thu 30th Jun 2011 19:34 UTC in reply to "RE[3]: Marketing?"
dzx6w3 Member since:
2011-06-30

Yes, we would like to sell the server more. So to bring the discussion on a levels of facts, I suppose, you may wait until I will have translated our whitepaper into English. At the moment we only have the manual in English.

Cheerio
Alex

Reply Score: 1

RE[5]: Marketing?
by Doc Pain on Fri 1st Jul 2011 09:56 UTC in reply to "RE[4]: Marketing?"
Doc Pain Member since:
2006-10-08

I suppose, you may wait until I will have translated our whitepaper into English.


I hope you will apply more quality to the english version of the whitepaper (really, not uninteresting!) than to the german version witch iss ful of speling erors annd, a typogreffical kattastrofe. :-)

Really, I find your project interesting, and it deserves higher-quality representation text material. You really should invest into a person that knows German sufficiently well (and also can use proper professional typesetting tools for optimal presentation) and can also provide a well written english version. Low quality documentation should not be the reason why a good project is being laughed at.

Pages 5 and 7 are "good" examples full of spelling errors and typographical no-gos. To a professional reader, the missing quality might very well be a reason to stop reading after page 2, which would be sad as the document is quite informative, but very hard to read.

You should also pay more attention at using correct terminology; e. g. page 5 footnote 1 mentiones the IMMUTABLE flag which definitely is not limited to Linux operating systems (only).

As security experts, being precise and correct is mandatory. You see, I'm not insulting you; please see my comment as a friendly advice without any belitteling of you as a person or HSS as a project - see it as constructive criticism including stated reasons.

Reply Score: 3

RE[6]: Marketing?
by dzx6w3 on Sat 2nd Jul 2011 10:57 UTC in reply to "RE[5]: Marketing?"
dzx6w3 Member since:
2011-06-30

I have not find typos on pages 5 to 7 but some format problems in deed. Thanks, yes, will consider it. We are just in the start-up phase for marketing now, and I like contructive criticism. I will go through it again, when writing the English version.

Bye and a good weekend
Alex

Reply Score: 1

RE[7]: Marketing?
by Doc Pain on Sat 2nd Jul 2011 11:16 UTC in reply to "RE[6]: Marketing?"
Doc Pain Member since:
2006-10-08

I have not find typos on pages 5 to 7 but some format problems in deed.


Example on page 5: 1.1 item 2 missing comma after "werden"; item 4 "d.h." missing non-variable space; item 5 supoerflous comma before "etc"; item 12 "dass" (conjunction daß) instead of "das" (article) required; footnote 1 exact opposite error.

Same page, 1.2 "sogenannten" unword according to newspeak, has to be "so genannten" now.

Superflous and missing commas, also missing hyphen in compound nouns. Also the typesetting is very bad on this page.

Those are of course not all errors on this page, there are more. I just picked those as an example to illustrate that they are definitely there. Proper proofreading will bring up many others.

Examples on page 7 contain typesetting again, there are massive "holes" in the text because of missing hyphenation. Also watch the commas.

Thanks, yes, will consider it. We are just in the start-up phase for marketing now, and I like contructive criticism. I will go through it again, when writing the English version.


Good idea, and honestly good luck, as properly reviewing and correcting the errors in content and form (which have to match each other if one wants a document to be taken seriously) are very important. And the project is worth it.

Reply Score: 2

RE[3]: Marketing?
by fran on Thu 30th Jun 2011 19:45 UTC in reply to "RE[2]: Marketing?"
fran Member since:
2010-08-06

"Why do you argue so agressive? Be happy."

Because it's Soulbender's MO
TypeOnegative

Reply Score: 5

RE[4]: Marketing?
by Soulbender on Fri 1st Jul 2011 15:35 UTC in reply to "RE[3]: Marketing?"
Soulbender Member since:
2005-08-18

That made me laugh but I'm not entirely sure why.

Not that I think I was that negative. If you seriously suggest that CIA/GRU/MI-whatever would try to steal the source for your control panel app than you get what you deserve.

Edited 2011-07-01 15:37 UTC

Reply Score: 2

RE[2]: Marketing?
by Bill Shooter of Bul on Thu 30th Jun 2011 19:13 UTC in reply to "RE: Marketing?"
Bill Shooter of Bul Member since:
2006-07-14

Scare mongering = sales.


Yes, unfortunately it does create some sales, but it also scares away more informed customers. The article has me curious, but highly suspicious and dubious due to scaremongering tone. There have been a lot of snake oil security companies. Without wider distribution and use, it won't get the linux security community excited. If they get excited, then I'm excited and might consider it.

Reply Score: 3

RE[2]: Marketing?
by f0dder on Thu 30th Jun 2011 19:28 UTC in reply to "RE: Marketing?"
f0dder Member since:
2009-08-05

The security is obviously implemented in the closed-source administration tool!

... ;)

Reply Score: 3

RE[3]: Marketing?
by dzx6w3 on Thu 30th Jun 2011 19:35 UTC in reply to "RE[2]: Marketing?"
dzx6w3 Member since:
2011-06-30

yes! thanks. Control Panel = Licenseware

Reply Score: 1

RE: Marketing?
by dzx6w3 on Thu 30th Jun 2011 19:12 UTC in reply to "Marketing?"
dzx6w3 Member since:
2011-06-30

Hi Gullible Jones,

yes of course I do marketing for our new product, why not? IBM is doing marketing, HP does, Tesla does, and we do too. We have invested a lot of money and time in it.

Cheerio
Alex

Reply Score: 1

RE[2]: Marketing?
by Soulbender on Thu 30th Jun 2011 19:32 UTC in reply to "RE: Marketing?"
Soulbender Member since:
2005-08-18

An interview for a tech news site is the wrong venue for marketing your product. You'll just end up alienating your audience.
I"m sure many of the people here would have been more interested in an interview with Mark Dellinger.

Reply Score: 2

RE[3]: Marketing?
by dzx6w3 on Thu 30th Jun 2011 19:44 UTC in reply to "RE[2]: Marketing?"
dzx6w3 Member since:
2011-06-30

If you have questions related to the server, I am pleased to answer them to you. Tomorrow. But now, I am going to have a big beer and will look the rest of the game of women's championship in soccer.

Cheerio Soulbender
Have a nice rest of the day.

Reply Score: 1

Closed source code?
by Alfman on Thu 30th Jun 2011 16:51 UTC
Alfman
Member since:
2011-01-28

Although it was obviously a sales pitch, I think he's right that linux security is in a bit of disarray. Like he said, apparmor will do the job, but it has a lot of room for improvement.


"We wrote in 2008 in IDG Computerwoche (Computerweek) about it and three days later somebody broke into our Hamburg offices and tried to steal the source code. Fact is, we never had the source in our offices...So we think, that one of the existing three-letter-code agencies on earth tried their luck. Since that time, we’ve been keeping a low profile."

I don't understand this at all, isn't the code running in the kernel open source? Is it just the control panel which is closed source? If so, then why would any agencies really care about it?

I certainly hope he's not implying that keeping the source code secret is crucial to the security of the system. A source code leak shouldn't compromise security in the first place.

Edit: I'm probably reading into it to much, but I just don't understand why he'd bother to bring it up.

Edited 2011-06-30 16:55 UTC

Reply Score: 3

RE: Closed source code?
by dzx6w3 on Thu 30th Jun 2011 19:22 UTC in reply to "Closed source code?"
dzx6w3 Member since:
2011-06-30

Hi Alfman,

thank you for this objective comment.Apparmor was good, but...it is exactly how you write.

Agencies care about it, because we already sell it world wide, and there is no backdoor, there is no weak point in the server, except the one sitting in front of it.

No, I will ask where the source resides and let you all know. We do not bother to bring it up. We sold it silently the whole time. But we said, we can have more success if we make some "Rambazamba" as we say here in Germanistan.

Best Regards
Alexander

Reply Score: 1

RE[2]: Closed source code?
by f0dder on Thu 30th Jun 2011 19:32 UTC in reply to "RE: Closed source code?"
f0dder Member since:
2009-08-05

Agencies care about it, because we already sell it world wide, and there is no backdoor, there is no weak point in the server, except the one sitting in front of it.
Let's try once more:

why would agencies be interested in the configuration front-end, when it's the GPL'ed code running in the kernel that's interesting security-wise?

Reply Score: 1

GPL???
by AndrewZ on Thu 30th Jun 2011 17:52 UTC
AndrewZ
Member since:
2005-11-15

If you use the Linux kernel, doesn't GPL require you to post sources? Am I missing something?

Reply Score: 3

RE: GPL???
by dzx6w3 on Thu 30th Jun 2011 19:09 UTC in reply to "GPL???"
dzx6w3 Member since:
2011-06-30

Hi AndrewZ,

I have to ask Marc Delling, the Chief Developer and come back with an answer soon. I am sure he did.

Bye for now
Alex

Reply Score: 1

RE[2]: GPL???
by Bill Shooter of Bul on Thu 30th Jun 2011 19:16 UTC in reply to "RE: GPL???"
Bill Shooter of Bul Member since:
2006-07-14

I have to ask Marc Delling, the Chief Developer and come back with an answer soon. I am sure he did.


See, this is an issue for me. This site is populated with engineers and developers that understand technology to absurd levels. Your chief developer should be the one who wrote the article for this site. You sent the wrong message to the wrong audience.

Reply Score: 3

RE[3]: GPL???
by dzx6w3 on Thu 30th Jun 2011 19:27 UTC in reply to "RE[2]: GPL???"
dzx6w3 Member since:
2011-06-30

Well,

I am not a marketing guy, I studied information technology, but no worries, I understand the server quite well.

Reply Score: 1

RE[4]: GPL???
by Bill Shooter of Bul on Thu 30th Jun 2011 19:35 UTC in reply to "RE[3]: GPL???"
Bill Shooter of Bul Member since:
2006-07-14

GPL compliance is pretty basic, IMHO. If you can't meet the obligations of the license, you can't distribute your product. That's sort of important to your business model, I would think.

Reply Score: 2

RE[5]: GPL???
by dzx6w3 on Thu 30th Jun 2011 19:51 UTC in reply to "RE[4]: GPL???"
dzx6w3 Member since:
2011-06-30

Hi Bill,

yes we know and considered it. Thanks.

Alex

Reply Score: 1

RE[6]: GPL???
by bouhko on Thu 30th Jun 2011 23:41 UTC in reply to "RE[5]: GPL???"
bouhko Member since:
2010-06-24

So what's your conclusion after you have considered them ?

Reply Score: 1

RE[7]: GPL???
by dzx6w3 on Sat 2nd Jul 2011 10:40 UTC in reply to "RE[6]: GPL???"
dzx6w3 Member since:
2011-06-30

Hi, what do you mean please?

Reply Score: 1

RE[6]: GPL???
by ciaby on Fri 1st Jul 2011 11:01 UTC in reply to "RE[5]: GPL???"
ciaby Member since:
2011-07-01

And...? If you're selling a product based on GPL code, then you should re-distribute the same code under the same license. If you're selling it _without_ the source code, then you're violating the GPL.
It takes less than 5 minutes to submit a request to http://gpl-violations.org/, and afaik Germany is already a proven country for the validity of the GPL.
Where can we find the source code? ;)
Cheers

Reply Score: 1

RE[7]: GPL???
by Bill Shooter of Bul on Fri 1st Jul 2011 12:29 UTC in reply to "RE[6]: GPL???"
Bill Shooter of Bul Member since:
2006-07-14

To be fair, only those who have been given the binary are entitled to ask for the source. Any recipient of the source is welcome to release it for wider distribution for whatever cost they would like. Its not required to be provided to the general public, unless you are also distributing the binary to them.

But trying to keep GPL'd code secret is crazy. It is not a good sign that it is not generally available.

Reply Score: 2

RE[7]: GPL???
by pantheraleo on Fri 1st Jul 2011 13:49 UTC in reply to "RE[6]: GPL???"
pantheraleo Member since:
2007-03-07

And...? If you're selling a product based on GPL code, then you should re-distribute the same code under the same license. If you're selling it _without_ the source code, then you're violating the GPL.


Actually, no you are not. You don't have to provide the source code unless someone specifically asks you for it. Then you are required to provide it. And of course, nothing is stopping you from taking the source once they give it to you and publishing it for all the rest of the world to see. That would be perfectly legal.

Reply Score: 2

RE[3]: GPL???
by dzx6w3 on Thu 30th Jun 2011 22:00 UTC in reply to "RE[2]: GPL???"
dzx6w3 Member since:
2011-06-30

Bill, how old are you please?

Reply Score: 0

RE[4]: GPL???
by Bill Shooter of Bul on Thu 30th Jun 2011 22:14 UTC in reply to "RE[3]: GPL???"
Bill Shooter of Bul Member since:
2006-07-14

I do not divulge more personal information than is necessary on the web in unsecured channels. Its like asking me what my mothers maiden name is or the city I was born in. You shouldn't ask those questions, and people shouldn't answer them.

Reply Score: 2

Source code
by righard on Fri 1st Jul 2011 08:19 UTC
righard
Member since:
2007-12-26

I can't find the source of the modified kernel, does anybdy else know where to find it?

Reply Score: 3

This is a secure kernel?
by hackus on Sat 2nd Jul 2011 22:56 UTC
hackus
Member since:
2006-06-28

"A Highly proprietary ... secure kernel."

So its proprietary and nobody has the source to review it to confirm its "security".

Mmmmm.....OK.

As a rule, anything that is a binary I don't trust.

Source code I do trust as it can be peer reviewed.

That is the best security you can get, next to running a NULL kernel. (Which is what every machine runs when it is powered off.)

-Hack

Reply Score: 2

Language
by jido on Sun 3rd Jul 2011 18:26 UTC
jido
Member since:
2006-03-06

Would be interesting to see if someone who makes the request receives the source code for the secured kernel. Please let us know.

Honestly I barely understood the "interview", it is bad enough that English is not my primary language. But if you write in broken English that makes it harder to understand.

The CIA/ KGB conspiracy theory was funny though. Don't know if that was the intention.

Reply Score: 1