I'm having a hard time understanding this. Wouldn't it be easier/simpler for these crackers to just install their bots on, oh say, 20 million machines running XP than the crackers having to deal with installing the bot -and- the code to do the spoofing on Win95/98/98SE/98ME?
Doesn't matter. Either way it's an automated script-kiddie tool. No way either approach works if it requires manual keystrokes by the attacker.
I think the idea is to either use a buffer overflow or somesuch (yes, they exist on Windows) to either get the machine to run a .vbs/ActiveX/wsh at the time of penetration, or plant something that will get run when the user does certain things or the machine's rebooted. There are several tools which can do spoofing on NT/2000 using the Win32 version of libpcap, and there are tools for Win9x into which the coders wrote their own functions. A five-minute search on google.com will reveal them. The bottom line is that Gibson's an hysteric crank who doesn't know what he's talking about. Yes, providers and customers need to secure their boxes/do egress filtering/implement CAR and/or WFQ and/or SPD and/or TurboACLs wherever possible; yes, users need to know how to get hold of their providers' NOCs/support staff -ahead of time-; yes, they need to look at Cisco 7600-type and/or 6500/MSFC2/Sup2s to process ACLs wherever possible; no, none of this is new. He hadn't secured his routers in the least, and betrays a stunning ignorance of how the Internet in general and IP specifically works. Then he gets on his soapbox about it and proclaims that he, and only he, knows how to save the Internet. There're plenty of things to bash Microsoft over, both generally and in regards to XP in general - but the fact that they implemented a standard socket interface in XP isn't one of them. Do realize that in the last year or so, Gibson claimed to've invented 'stealth' scanning a la nmap. He also published some crazy method for supposedly optimizing ZIP drives which has the effect of destroying your ZIP cartridges. I personally think he's unhinged, and a huckster to boot. His latest folly is to automagically post logs of what he says are the IPs of machines launching DoS attacks against his site, and urge users to contact Bill Gates and blame Microsoft for it. Needless to say, most of the machines on the list seem to supposedly be routers or switches of one stripe or another, and/or *NIX boxes. My guess is that the vast majority of those IPs are spoofed. He also urges service providers to take action against the supposed offenders. Although I hate Microsoft with a passion, I hope that they sue him for slander - I'd love to see these two FUD-spreaders go after one another. Hell, I'd be willing to serve for free as an 'expert witness' for the purpose of taking him apart in court. Gibson's an idiot. Ignore him. Paul Vixie wrote:
I'm having a hard time understanding this. Wouldn't it be easier/simpler for these crackers to just install their bots on, oh say, 20 million machines running XP than the crackers having to deal with installing the bot -and- the code to do the spoofing on Win95/98/98SE/98ME?
Doesn't matter. Either way it's an automated script-kiddie tool. No way either approach works if it requires manual keystrokes by the attacker.
-- ------------------------------------------------------------ Roland Dobbins <rdobbins@netmore.net> // 408.859.4137 voice
* Roland Dobbins sez: : He hadn't secured his routers in the least, and betrays a stunning : ignorance of how the Internet in general and IP specifically works. Anoyne remember his 'nanoprobe' project and his claims to be able to speed up transmission of packets by 90-400 percent through some obscure Fast-ACK tricks? Gibson is unique in the way that he reads about something, tossess it around until he understands it (while losing its original meaning), adds some fake pseudo-technical babble around it and then sells it. It's not so much Gibson who frightens me, it's the folks who VC him and those who buy his bullshit. : Then he gets on his soapbox about it and proclaims that he, and only : he, knows how to save the Internet. Inflated ego. Up around when his first rant started, he was approached by some people on techsec-l which he reads and every once in a while bores with his rants. Some pointed out obvious misconceptions, other offered help. Only a moron the size of Gibson would proclaim his superiority in every reply while dutifully ignoring the points about his mistakes in the original mail. : Do realize that in the last year or so, Gibson claimed to've invented : 'stealth' scanning a la nmap. He also published some crazy method for His newest claim is to be the inventor of a "new" port scanning method which speeds up scans of the whole port range in miliseconds. He goes as far as to claim: "I feel that I should tell you . . . that I have recently figured out how to scan all of a user's 65,535 TCP/IP ports almost instantaneously!" - this man must be a god. Or at least think he's one. : your ZIP cartridges. I personally think he's unhinged, and a huckster : to boot. There's far too many of these creatures out there. The problem is - the media and you CIO love them. : most of the machines on the list seem to supposedly be routers or : switches of one stripe or another, and/or *NIX boxes. My guess is : that the vast majority of those IPs are spoofed. He also urges : service providers to take action against the supposed offenders. ... and recommends ZoneAlarm as a solution to the problem.
A funny note! He adds exclamation marks to everything!! As if he was shouting every word!!!! He reminds me of one of those info-mercials on TV. You can place small ads in newspapers across the country and the money will roll in!!!! jas -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Jonas Luster Sent: Saturday, June 23, 2001 4:30 PM To: nanog@merit.edu Subject: Re: DDOS anecdotes * Roland Dobbins sez: : He hadn't secured his routers in the least, and betrays a stunning : ignorance of how the Internet in general and IP specifically works. Anoyne remember his 'nanoprobe' project and his claims to be able to speed up transmission of packets by 90-400 percent through some obscure Fast-ACK tricks? Gibson is unique in the way that he reads about something, tossess it around until he understands it (while losing its original meaning), adds some fake pseudo-technical babble around it and then sells it. It's not so much Gibson who frightens me, it's the folks who VC him and those who buy his bullshit. : Then he gets on his soapbox about it and proclaims that he, and only : he, knows how to save the Internet. Inflated ego. Up around when his first rant started, he was approached by some people on techsec-l which he reads and every once in a while bores with his rants. Some pointed out obvious misconceptions, other offered help. Only a moron the size of Gibson would proclaim his superiority in every reply while dutifully ignoring the points about his mistakes in the original mail. : Do realize that in the last year or so, Gibson claimed to've invented : 'stealth' scanning a la nmap. He also published some crazy method for His newest claim is to be the inventor of a "new" port scanning method which speeds up scans of the whole port range in miliseconds. He goes as far as to claim: "I feel that I should tell you . . . that I have recently figured out how to scan all of a user's 65,535 TCP/IP ports almost instantaneously!" - this man must be a god. Or at least think he's one. : your ZIP cartridges. I personally think he's unhinged, and a huckster : to boot. There's far too many of these creatures out there. The problem is - the media and you CIO love them. : most of the machines on the list seem to supposedly be routers or : switches of one stripe or another, and/or *NIX boxes. My guess is : that the vast majority of those IPs are spoofed. He also urges : service providers to take action against the supposed offenders. ... and recommends ZoneAlarm as a solution to the problem.
... and recommends ZoneAlarm as a solution to the problem.
It is better than BlackIce, is there anything better than ZoneAlarm? I am building a new Win98 machine for our accountant and even behind a firewall, I'd like to put some good tools on it.
... and recommends ZoneAlarm as a solution to the problem. It is better than BlackIce, is there anything better than ZoneAlarm? I am building a new Win98 machine for our accountant and even behind a firewall, I'd like to put some good tools on it. It depends on what you want from it - ZoneAlarm is very much "personal firewalling for lusers" rather than an industry leader these days. how clued is the Accountant?
ZA standard has two sliders - one marked "internet" and one marked "lan" - and you get to define a list of hosts / network interface to be defined as "lan" (note that defining the hosts/interface is labeled an ADVANCED task - and that there is no nice convenient popup to let you decide per event). then, per app, you get to define a) if the app can connect out to the lan/internet (six checkboxes, yes/no/ask every time for either route) b) if the app can "act as a server" (not defined, but means opening ports; six checkboxes in the *latest* version, used to be one checkbox covering both the routes, then one checkbox meaning "yes" per route, in both cases unchecked meant ask - so something like IE would bug you each time it started until you made it an automatic server). the sliders are basically three position - "unprotected" "medium" (139 etc autoblocked, nothing much else done) and "high" (unused ports stealthed, but otherwise see "medium") the PRO addition allows you to define ports for each app. not hosts (although you can do this vaguely with the local zone defs) but it gives you some crude filtering that standard doesn't (not worth the extra money in MHO) BlackIce is an IDS - it repeatedly claims to have told GRC it isn't a firewall (although of course its marketing claims it is - marketdroids in action) and concentrates almost exclusively on logging inbound per port and per host, with a bit of filtering thrown in. Tiny PFW (free for home use - and I admit it is my current personal firewall so I may be a little biased here) is everything ZA pro should have been, but without the luser-friendly interface - it blocks per app, per host, per port (both local and remote) in either direction, is ICMP aware for rules , and the latest version has a nice "other protocols" section that can (for example) be set to protocol 2 for IGMP packets... and has a similar popup interface to ZA (accept/deny buttons and a checkbox for create rule) but there is a major philosophy difference between ZA and Tiny - Tiny filters packets (and is app aware, but doesn't care that much - you can create rules for "any" as an app, and any app can open a port - just can't use it to get packets if the rule isn't in place) while ZA filters apps (it doesn't care about actual traffic - just if a app can send, and if an app can open a port) Look'n'stop is a new contender and worth watching - originally a packet-only firewall (but one with a good default rulebase against common internet attacks like teardrop) it has the interesting distinction of binding to a single network interface - so you can bind it to your dialup, and filter traffic between that interface and the web, while leaving the Lan interface untouched. The latest version has some crude application filtering, but isn't in the same league as even ZA standard for that. Probably going to be held back by the fact it is payware for the home market - not something its user base can currently sustain, given there is no "grassroots" support for it the way there is for Zone Alarm (and even ZA has a free for home use "standard" version - LnS "lite" is the old pre-app aware version) PGP firewall is pretty crude, and only worth considering if you are buying it anyway (it comes bundled with the current release of PGP for corporate security; I won't have it installed though because of the PKZ/closed source issue) There are a few other firewalls I will not review per each - Conseal & Sygate are good examples - but I regard them as being inferior to Tiny but superior to ZA standard (the jury is still out for one or two of them vs ZA pro) but of course I stress that that is just *my* honest opinion - you may wish to try them (each has a free trial you can use; ZA pro also has a (code limited - key requred) 30 day trial, and Tiny gives their main product for free for non-commerical use, with a 30 day trial licence for commercial (so the licencing is administrative/paper, and has no effect on the package; no keys or anything to fiddle with); most of the others follow one or the other model (Conseal and sygate are unlimited, Look'n'stop is time-limited shareware) And most of them have additional non-firewall "added features" - ZA has a POP3 filter that will rename attachments on the fly to non-executable names; one of the others (sygate or conseal - I can't remember which) has what amounts to the webwasher http ad removal proxy built in, and so forth (Tiny has no additional features; I believe this is a good thing, but some may disagree - I do like having my firewalls just be firewalls though :)
The bottom line is that Gibson's an hysteric crank who doesn't know what he's talking about.<<
Thanks to everyone for the links and info. --Michael ----- Original Message ----- From: "Roland Dobbins" <rdobbins@netmore.net> To: "Paul Vixie" <vixie@mfnx.net> Cc: <nanog@merit.edu> Sent: Saturday, June 23, 2001 12:39 PM Subject: Re: DDOS anecdotes
I think the idea is to either use a buffer overflow or somesuch (yes, they exist on Windows) to either get the machine to run a .vbs/ActiveX/wsh at the time of penetration, or plant something that will get run when the user does certain things or the machine's rebooted. There are several tools which can do spoofing on NT/2000 using the Win32 version of libpcap, and there are tools for Win9x into which the coders wrote their own functions.
A five-minute search on google.com will reveal them.
The bottom line is that Gibson's an hysteric crank who doesn't know what he's talking about. Yes, providers and customers need to secure their boxes/do egress filtering/implement CAR and/or WFQ and/or SPD and/or TurboACLs wherever possible; yes, users need to know how to get hold of their providers' NOCs/support staff -ahead of time-; yes, they need to look at Cisco 7600-type and/or 6500/MSFC2/Sup2s to process ACLs wherever possible; no, none of this is new.
He hadn't secured his routers in the least, and betrays a stunning ignorance of how the Internet in general and IP specifically works. Then he gets on his soapbox about it and proclaims that he, and only he, knows how to save the Internet.
There're plenty of things to bash Microsoft over, both generally and in regards to XP in general - but the fact that they implemented a standard socket interface in XP isn't one of them.
Do realize that in the last year or so, Gibson claimed to've invented 'stealth' scanning a la nmap. He also published some crazy method for supposedly optimizing ZIP drives which has the effect of destroying your ZIP cartridges. I personally think he's unhinged, and a huckster to boot.
His latest folly is to automagically post logs of what he says are the IPs of machines launching DoS attacks against his site, and urge users to contact Bill Gates and blame Microsoft for it. Needless to say, most of the machines on the list seem to supposedly be routers or switches of one stripe or another, and/or *NIX boxes. My guess is that the vast majority of those IPs are spoofed. He also urges service providers to take action against the supposed offenders.
Although I hate Microsoft with a passion, I hope that they sue him for slander - I'd love to see these two FUD-spreaders go after one another. Hell, I'd be willing to serve for free as an 'expert witness' for the purpose of taking him apart in court.
Gibson's an idiot. Ignore him.
Paul Vixie wrote:
I'm having a hard time understanding this. Wouldn't it be easier/simpler
for
these crackers to just install their bots on, oh say, 20 million machines running XP than the crackers having to deal with installing the bot -and- the code to do the spoofing on Win95/98/98SE/98ME?
Doesn't matter. Either way it's an automated script-kiddie tool. No way either approach works if it requires manual keystrokes by the attacker.
-- ------------------------------------------------------------ Roland Dobbins <rdobbins@netmore.net> // 408.859.4137 voice
Maybe all this DDOS discussion is what killed Exodus? Websites and services all over the place seem to be down. Including my favorites like freshmeat, slashdot... and one of our e-commerce credit card processors: CyberSource The common route seems to take them into Exodus.net but not out again. Any idea whats up?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It would appear the two problems are unrelated; cybersource returns a bad response on web, but machine is up. It appears that there's something wrong with andovers cage(s) ? I'm able to get to other customers within the whlm01 facility, so I would hazard to guess that it's either andover's equipment or the specific exodus equipment that feeds them. Matt - -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF - -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of mike harrison Sent: Saturday, June 23, 2001 6:52 PM To: nanog@merit.edu Subject: Exodus Down Maybe all this DDOS discussion is what killed Exodus? Websites and services all over the place seem to be down. Including my favorites like freshmeat, slashdot... and one of our e-commerce credit card processors: CyberSource The common route seems to take them into Exodus.net but not out again. Any idea whats up? -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOzUsY8p0j1NsDQTPEQJNPQCgtQx6GvRKH4AbFmrKmaBtAtFcDGsAnA/C Fh4qT62q+ELbS9c6F0wfcqUs =Pofb -----END PGP SIGNATURE-----
What with VA Linux's financial woes, I'm worried about sourceforge.net/Andover in general. A large portion of the Internet's applications/utilities/OS development infrastructure has grown to revolve around these sites - we need to be thinking about what to do if the folks at VA Linux aren't able to continue their admirable support of these resources. Matt Levine wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It would appear the two problems are unrelated; cybersource returns a bad response on web, but machine is up. It appears that there's something wrong with andovers cage(s) ? I'm able to get to other customers within the whlm01 facility, so I would hazard to guess that it's either andover's equipment or the specific exodus equipment that feeds them.
Matt
- -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF
- -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of mike harrison Sent: Saturday, June 23, 2001 6:52 PM To: nanog@merit.edu Subject: Exodus Down
Maybe all this DDOS discussion is what killed Exodus?
Websites and services all over the place seem to be down. Including my favorites like freshmeat, slashdot... and one of our e-commerce credit card processors: CyberSource
The common route seems to take them into Exodus.net but not out again.
Any idea whats up?
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOzUsY8p0j1NsDQTPEQJNPQCgtQx6GvRKH4AbFmrKmaBtAtFcDGsAnA/C Fh4qT62q+ELbS9c6F0wfcqUs =Pofb -----END PGP SIGNATURE-----
-- ------------------------------------------------------------ Roland Dobbins <mordant@gothik.org> // 408.859.4137 voice
On Sat, Jun 23, 2001 at 05:35:12PM -0700, Roland Dobbins wrote:
What with VA Linux's financial woes, I'm worried about sourceforge.net/Andover in general.
If you read the announcement that was made this week, the part that says that Sourceforge is now a main product and focus should hopefully reassure you (and OSDN is pretty much self-sufficient in terms of revenue), so not much to fear here.
A large portion of the Internet's applications/utilities/OS development infrastructure has grown to revolve around these sites - we need to be thinking about what to do if the folks at VA Linux aren't able to continue their admirable support of these resources.
If the worst were to happen, and a few years down the road VA were to run out of cash before being profitable, I'm pretty sure that SF could be taken over by someone else, and of course all the projects are on ftp[1-x].sf.net sites which are mirrored already. Marc (not talking in any official capacity for VA or OSDN) -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key
At 11:54 AM -0700 7/1/01, Marc MERLIN wrote:
If the worst were to happen, and a few years down the road VA were to run out of cash before being profitable, I'm pretty sure that SF could be taken over by someone else, and of course all the projects are on ftp[1-x].sf.net sites which are mirrored already.
It couldn't be "taken over" by anyone else without cash changing hands. It's a corporate asset of VA Linux Systems, Inc. -- the Inc. is the important part there. Publicly traded companies going belly up don't get to "give" their assets away, they sell them - at fair market value - or they face lawsuits from shareholders. D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+
It couldn't be "taken over" by anyone else without cash changing hands. It's a corporate asset of VA Linux Systems, Inc. -- the Inc. is the important part there. I thought SF was open source? In which case, only the physical hardware (the servers) could be considered an asset - the server software being Open Source and the data belonging to
"Derek Balling" <dredd@megacity.org> wrote: the users....... In any case, it is really the servers that makes SF a major resource - almost any project/source management system would have done...
David Howe wrote:
It couldn't be "taken over" by anyone else without cash changing hands. It's a corporate asset of VA Linux Systems, Inc. -- the Inc. is the important part there. I thought SF was open source? In which case, only the physical hardware (the servers) could be considered an asset - the server software being Open Source and the data belonging to
"Derek Balling" <dredd@megacity.org> wrote: the users....... In any case, it is really the servers that makes SF a major resource - almost any project/source management system would have done...
Er, last I checked, making something open source didn't negate one's ownership or rights to it. It simply means that you have granted certain specific licenses or rights to others (depending on just which license you use), generally including non-revokeable permissions to make use of, redistribute, compile, and modify the code. It doesn't mean you own any modifications, but it also doesn't mean anyone else owns your code; it is still an asset. More than one nominally open-source project has switched to a commercial codebase by changing it's licensing terms for a new release, and allowing people to do whatever they want (including forking a different branch) from the last public code release under open license. One example familiar to most of those here would be GateD. So yes, the actual software that drives SF would probably be considered an asset. It's just an asset with certain license grants for the current version. As always, IANAL, consult professional counsel if you're considering what this might mean to your business, etc etc. -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://www.lightbearer.com/~lucifer
Er, last I checked, making something open source didn't negate one's ownership or rights to it. It simply means that you have granted certain specific licenses or rights to others (depending on just which license you use), generally including non-revokeable permissions to make use of, redistribute, compile, and modify the code. It doesn't mean you own any modifications, but it also doesn't mean anyone else owns your code; it is still an asset. True - but one that the entire world already has a non-revokable licence to use; I believe VA are selling integrated install and support packages, which really only have value if there is a support organisation behind them (ie - if VA goes under, many of them may in fact be creditors for a percentage of
More than one nominally open-source project has switched to a commercial codebase by changing it's licensing terms for a new release, and allowing people to do whatever they want (including forking a different branch) from the last public code release under open license. One example familiar to most of those here would be GateD. indeed - or SSH (commercial SSH and OpenSSH forked when SSH went commercial) The problem would be if there are any major patches contributed by an external programmer - all such patches must of course be replaced with
<lucifer@lightbearer.com> wrote: the original support contract value) So the auditors would be left with an "asset" that anyone can use for free (they can also pay for it, but that isn't likely) a big database of data they don't own (the projects) and a number of physical servers that contain that data - they *may* get away with either selling continued use of the servers, or if they get really nasty, try to sell access to the current data (most maintainers would have their copies of the tree held locally anyhow - rebuilding it on a new server would probably take hours at most). patches written by company programmers (without looking at the original patch) unless they have a non-standard licence (like the NS or Sun ones)
I'm presuming we're talking about BSD-style licenses here - with the GPL, AFAIK, the code cannot be "closed" once it's open, as any derivitive works must also be released under the GPL. -C
More than one nominally open-source project has switched to a commercial codebase by changing it's licensing terms for a new release, and allowing people to do whatever they want (including forking a different branch) from the last public code release under open license. One example familiar to most of those here would be GateD.
-- --------------------------- Christopher A. Woodfield rekoil@semihuman.com PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
I would depend greatly upon the SF terms. For example, if the SF terms include granting SF "a license to use, redistribute under SF's choice of license, etc.", then SF could fork and close even a GPL'ed product because the license THEY received it under (the theoretical SF TOS) allow them to do so. Again, I haven't sifted over the SF terms, but such a thing is definitely conceivable. D At 12:22 PM -0400 7/2/01, Christopher A. Woodfield wrote:
I'm presuming we're talking about BSD-style licenses here - with the GPL, AFAIK, the code cannot be "closed" once it's open, as any derivitive works must also be released under the GPL.
-C
More than one nominally open-source project has switched to a commercial codebase by changing it's licensing terms for a new release, and allowing people to do whatever they want (including forking a different branch) from the last public code release under open license. One example familiar to most of those here would be GateD.
-- --------------------------- Christopher A. Woodfield rekoil@semihuman.com
PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
-- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+
Christopher A. Woodfield wrote:
I'm presuming we're talking about BSD-style licenses here - with the GPL, AFAIK, the code cannot be "closed" once it's open, as any derivitive works must also be released under the GPL.
-C
You can pretty much always change your licensing terms, if you are the origional owner of the entire code. Now, if you've accepted other people's contributions/patches/etc into your codebase, and decide to change the license, especially away from one that implies future perpetuation, then you get into hairy territory. But I can write a "Hello world" program, GPL it, then change that to BSD or Artistic or even "nobody else can ever use the newer code, so nyah", so long as I have total control over the codebase (IE, I wrote it all, or it was explicitly assigned to me). Of course, if I want to enforce that in any way, the new code probably has to be demonstrably different than the old code (you have to be able to prove it wasn't just compiled from an open copy of the old code). The "cannot be closed once it's open" applies to almost all of the open source licenses, in that they are written so that you cannot *revoke* someone's right to use an existing release, or their license to make changes, redistributed, et al (whatever else you permit). Again, it normally requires a new version release to change the license, and if you want it to be at all enforceable, there has to be a code difference that can be used to prove it. This doesn't get into what happens if I've contracted to let someone else use it, which is a completely different ball of wax, of course. -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://www.lightbearer.com/~lucifer
I'm presuming we're talking about BSD-style licenses here - with the GPL, AFAIK, the code cannot be "closed" once it's open, as any derivitive works must also be released under the GPL. Not always - the original author always has the right to parallel licence
the source under a closed commercial licence if he so chooses - provided he so licences only his original code plus any additional code he added himself (ie, no GPLed user supplied patches) There is a moral argument against this (in that a commercial licencee is likely to use the most recent, not the supplied source, and so violate the GPL behind closed doors) but there is no legal argument preventing it. Treat it as a code fork at the moment the GPL licence was applied.
participants (12)
-
Christopher A. Woodfield
-
David Howe
-
Derek Balling
-
Jason Lewis
-
Jonas Luster
-
lucifer@lightbearer.com
-
Marc MERLIN
-
Matt Levine
-
Michael Painter
-
mike harrison
-
Paul Vixie
-
Roland Dobbins