this post was submitted on 27 Jul 2023
920 points (98.2% liked)

Malicious Compliance

19600 readers
1 users here now

People conforming to the letter, but not the spirit, of a request. For now, this includes text posts, images, videos and links. Please ensure that the “malicious compliance” aspect is apparent - if you’re making a text post, be sure to explain this part; if it’s an image/video/link, use the “Body” field to elaborate.

======

======

Also check out the following communities:

[email protected] [email protected]

founded 1 year ago
MODERATORS
 

In 2000, I wrote a Linux device driver that "decrypted" the output of a certain device, and my company, which hosted open-source projects, agreed to host it.

The "encryption" was only a XOR, but that was enough for the maker of said device to sue my company under 17 U.S.C. § 1201 for hundreds of millions in damages.

The story got a lot of press back then because it highlighted how stupid the then-new DMCA was, and also because there was a David open-source enthusiasts vs. Goliath heartless corporation flavor to it.

Our lawyer decided to pick up the fight to generate free publicity for our fledgling company. For discovery, the maker of the device requested "a copy of any and all potentially infringing source code". They weren't specific and they didn't specify the medium.

So we printed the entire Linux kernel source code including my driver in 5-pt font and sent them the boxes of printouts. Legally they had been served, so there was nothing they could do about it.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 117 points 1 year ago (3 children)

I stare at Linux source code very often looking for vulnerabilities.

I unironically have printed pages out to sit down with.

The idea of having the whole kernel printed… is… fun. Lol. How would your organize it for reading? Different chapters that are the directories of the kernel code ?

[–] [email protected] 84 points 1 year ago* (last edited 1 year ago) (1 children)

Why would they organize it in any way? It was not one of the requirements… so, alphabetically.

[–] [email protected] 23 points 1 year ago (1 children)

Obviously and we are talking per line and not per file are we?

[–] [email protected] 12 points 1 year ago (2 children)
[–] [email protected] 11 points 1 year ago (1 children)

Alphabetically, per bite. It is beautiful.

[–] [email protected] 2 points 9 months ago

The first 40000 characters are "a"

[–] rain_worl 0 points 1 month ago
[–] [email protected] 23 points 1 year ago (2 children)

I'd love to hear more about this - do you do it professionally (for preventative reasons), as a side hobby, or as an attacker for malicious/selfish reasons? No judgement, genuinely curious as it takes a certain personality type to do this kind of work and I find it really interesting.

[–] ngdev 33 points 1 year ago (2 children)

I think they just stare at it, hoping the vulnerabilities come to them in a moment of revelation. A Linux Joseph Smith, the kernel playing the part of the Golden Plates.

[–] [email protected] 11 points 1 year ago

The small overlap of my two largest hobbies, programming and making fun of Mormons. Perfect.

[–] morgan_423 7 points 1 year ago

OP said this happened in Utah, so maybe so!

[–] [email protected] 22 points 1 year ago (1 children)

Professionally

My title is senior vulnerability researcher. Focus on mobile devices. That’s all I can really say without doxing too much

But the Linux kernel is always a juicy target because of the coverage and exploit there gets you.

[–] [email protected] 3 points 1 year ago (2 children)

Neat. Why is Linux kernel relevant for many mobile users? Is iPhone built off of it the same way Mac OS is?

What do you mean by coverage and exploit?

[–] [email protected] 12 points 1 year ago (1 children)

MacOS and iOS have Darwin as their base, which is really a mutt. Apple started with the NeXTSTEP kernel, which was a mix of 4.3BSD and Mach, then folded in some FreeBSD, other open source components, and some in-house code.

It's Android that uses the Linux kernel as its base, and the millions of phones makes it a juicy target.

[–] [email protected] -2 points 1 year ago (1 children)

Not too surprising that iOS has linux in its DNA, but never realized Android does too. Always assumed it was more windows-based. Good to know.

[–] kbotc 6 points 1 year ago (2 children)

iOS doesn’t have any Linux.

FreeBSD is not Linux. Linux is a kernel and Apple uses Mach, a different kernel. They do both share that they’re POSIX, but OS X is actual, factual, UNIX, and Linux has never paid the money to qualify.

[–] [email protected] 1 points 1 year ago

My bad I'm conflating bash and Unix. From my end both apple and Linux use bash so they have the same underlying base...but I realize that's not accurate, and even unix and bash are not synonomous.

[–] [email protected] 1 points 1 year ago (1 children)

How different is the FreeBSD kernel from the Linux kernel?

Like in terms of interfaces, if I were to port a device driver, am I just changing some header files and some constants/enums/ifdefs?

Or there’s like entirely different function signatures / APIs?

[–] kbotc 2 points 1 year ago (1 children)

I would look at the source of LinuxKPI to get an idea of how different they are.

[–] [email protected] 1 points 1 year ago

Well of course I could go look at the source code. We had to write a hello world Linux module in college. Was just being lazy and thought some expert might give a quick synopsis.

Though based on your reply, I’m guessing they are more different than I imagined.

[–] [email protected] 3 points 1 year ago (1 children)

MacOS is based of a BSD distrobution of Unix. iOS is a fork of MacOS

[–] [email protected] 1 points 1 year ago

Ah ok makes sense

[–] waigl 3 points 1 year ago (1 children)

OP said it happened around the year 2000. Linux was at maybe 2.4.something back then. The kernel was much smaller then than it is today.

[–] uis 1 points 11 months ago

Imagie if they included modern AMD GPU drivers.