Mailing List Archive

1 2 3 4 5 6 7 8  View All
Re: (no subject) [ In reply to ]
> +1

+0x1

but if you *really* must...
http://www.acepolls.com/polls/1116421-clamav-eol-what-do-you-think

Steve
Sanesecurity



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
lists wrote:
>>
>> Please show us some evidence that clamav made you install there free product on your server.
>> Why didn't you install "some other product"?
>> Is it your server? Then you have the power to install every product you want onto the machine but YOU choose Clamav and they didn't ordered/payed/beat you to dead if you didn't install there product.
>>
>>
> Doesn't change a thing. If you threaten me with a course of action, if I
> fail to do something that is blackmail. It's nothing else. It does not
> matter if the product is free.
>
> For instance, if I go to a shop and they give me a radio free. I take
> that radio home and use it. If that shop then calls me up and says 'If
> you don't change that radio, I'm going to break it' it is a case of
> blackmail.
>
> Have a nice day :-)
>
How is warning you that there is a change blackmail? I think the notices
from banks and credit card companies that they are going jack my
interest rate to 30% (inject whatever percentage you like) and if I do
not like it I can immediately pay off my debt. Now THAT is blackmail.
ClamAV gave you warning. Why did you not simply unistall ClamAV and go
with another product?

Have a nice day :^)

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Wed, 21 Apr 2010, lists wrote:

> Doesn't change a thing. If you threaten me with a course of action, if I
> fail to do something that is blackmail. It's nothing else. It does not
> matter if the product is free.

Oh come on. If I tell you you'll get wet when if you go out in the rain
without an umbrella, is that blackmail ?

Old versions of Clam crashed on certain input. You were told when that input
was comming.

It's sounding like the Clam team would have been better off releaseing a
too-large signature and going "Whoops, I guess old versions can't handle
this. You better upgrade, sorry !" By warning people and releaseing a
known-bad signature with a message, somehow it's their fault now.


==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Christopher X. Candreva wrote:

>Oh come on. If I tell you you'll get wet when if you go out in the rain
>without an umbrella, is that blackmail ?

OK, so if I tell you that if you keep on going out without an
umbrella, then I'll throw a bucket of acid over you ... then by your
argument that's not blackmail, and by other arguments, it's perfectly
OK because I warned you in advance. That wouldn't be assault, it
wouldn't be a criminal act - it would be all your fault for ignoring
the warning I gave.

And by the way, I won't tell you directly, I'll put a notice up in my
front window that you may or may not walk past and may or may not see.

>Old versions of Clam crashed on certain input. You were told when that input
>was comming.
>
>It's sounding like the Clam team would have been better off releaseing a
>too-large signature and going "Whoops, I guess old versions can't handle
>this. You better upgrade, sorry !" By warning people and releaseing a
>known-bad signature with a message, somehow it's their fault now.

No, it's not all their fault. But they sure did handle it badly.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Jerry wrote:

>I had thought by now that this thread would have died a natural death.
>Obviously, I was mistaken. It has continued to pollute this forum for
>nearly a week.
>
>What has become conspicuously apparent is that if those who are doing
>the most complaining had spend even one percent of that time keeping
>their systems up-to-date and keeping themselves abreast of current
>development and deployment strategies with the software they employ,
>this whole discussion would be academic.
>
>In the interest of eliminating any further waste of my time or computer
>resources, I am now instigating a kill filter on this thread.

That's right - if I can't bully everyone round to my way of thinking,
then I'm taking my ball home. A very grown up attitude !

You (and I mean a small subset of people who are unconditionally
supporting the action taken by the ClamAV team) have consistently
used false logic, outright lies, personal insults, and arguments
worthy of criminal defences to try and weasel out of any blame
whatsoever for having misjudged things rather badly.

Put bluntly, if people had admitted early on that perhaps it could
have been handled better, that perhaps they didn't consider all
classes/types of user, and that it is perhaps not unreasonable that
users could be a trifle annoyed ... then this **WOULD** have blown
over ages ago.

It's not that you had to do something that people are complaining
about, it's not that you ended support for updates to older versions
that people are complaining about, it's the way you did it and the
way you refuse to accept that there can be any other valid viewpoint
that really p***es people off. You may, if you'd read the messages,
have noted that even people who were not affected by this thought you
got it wrong.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Quoting lists <lists@retrochoons.co.uk>:

> Doesn't change a thing. If you threaten me with a course of action, if I
> fail to do something that is blackmail. It's nothing else. It does not
> matter if the product is free.

This is not the definition of blackmail, in common usage or in law in most
areas.

In common usage, it means:

Blackmail is the crime of threatening to reveal substantially true
information about a person to the public, a family member, or
associates unless a demand made upon the victim is met. This
information is usually of an embarrassing, socially damaging, and/or
incriminating nature. As the information is substantially true, the
act of revealing the information may not be criminal in its own right
nor amount to a civil law defamation; the crime is making demands in
exchange for withholding it. [1]

In English law, which extends it to "menaces" and hence might cover this,
there are exceptions to blackmail which state:

... unless the person making it does so in the belief:
(a) that he has reasonable grounds for making the demand; and
(b) that the use of the menaces is a proper means of reinforcing
the demand.

And I'm sure the clamav folks thought they were being reasonable and using the
proper means, so there.

So, you are totally wrong calling this blackmail.

> For instance, if I go to a shop and they give me a radio free. I take
> that radio home and use it. If that shop then calls me up and says 'If
> you don't change that radio, I'm going to break it' it is a case of
> blackmail.

Nope, sorry. It is not. Maybe you mean Coercion?

> Have a nice day :-)

Will do! :)

[1] http://en.wikipedia.org/wiki/Blackmail


--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 21.04.2010 17:50, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, lists wrote:
>> Doesn't change a thing. If you threaten me with a course of action, if I
>> fail to do something that is blackmail. It's nothing else. It does not
>> matter if the product is free.
>
> Oh come on. If I tell you you'll get wet when if you go out in the rain
> without an umbrella, is that blackmail ?
>
> Old versions of Clam crashed on certain input. You were told when that input
> was comming.

Knowingly disabling running software on computers that is not your own
is not acceptable. It is immoral, unethical and perhaps illegal.

Does anyone have access to legal opinion for a lawsuit against clamav
developers or its parent company? Perhaps Germany is the better place
for it.

--
Eray
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Wed, 21 Apr 2010, Eray Aslan wrote:

> Knowingly disabling running software on computers that is not your own
> is not acceptable. It is immoral, unethical and perhaps illegal.

But that's not what happened.

==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
Quoting Simon Hobson <linux@thehobsons.co.uk>:

> You did not tell ME, therefore you did not have permission FROM ME
> to makes changes to the way MY server operates.

By using the software, you took responsibility for how it works. From
the license:

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

So until you prove they did something illegal, it is your problem to deal
with, per the license.

> Giving notice that you are going to trespass does not make that
> trespass legal, even if you had come directly to me door and told me
> in person - which of course no-one did even in computer terms of
> making any sort of related message appear on my system.

If you are on my property (say you rent or lease it from me), I can come
in anytime. If you use my software, I can change it any time I want
per my license agreement.

> You also cannot claim that my downloading of updates constitutes an
> invite - it constitutes an invite to put AV sig updates on there for
> the purpose of detecting new threats. A poison pill update doesn't
> fit that description.

It is a free service they provide, not to you, but to anyone. So they
owe you nothing. You didn't sign any contact with them that they would
provide only valid signatures, or any at all. You assume the risk in
using the feed.

> See above, that does NOT in any way constitute requesting my permission.

Sure it does. Legally, in the US, when I want to do something that I'm
legally required to inform the community about, all I have to do is take
out an ad in the local newspaper. Or post signs in the affected area.
If you don't read it, too bad. I made the required public notice. That
is all that is required. I don't have to knock on the door, or phone, each
person living in the area. I just have to buy an ad, or post the signs, or
otherwise make the information available. There is no legal obligation to
tell each and every person individually. Only to make a public
announcement/posting a set time before hand.

I'm not even trying to argue that this was or wasn't an illegal action.
I'm just saying that the arguments are lame (calling it blackmail when
it isn't, saying they need permission from each and every user when they
don't, etc). Come on folks, make your arguments at least reasonable!

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Eric Rostetter wrote:

> > See above, that does NOT in any way constitute requesting my permission.
>
> Sure it does. Legally, in the US, when I want to do something that I'm
> legally required to inform the community about, all I have to do is take
> out an ad in the local newspaper. Or post signs in the affected area.
> If you don't read it, too bad. I made the required public notice. That

Let me drive this home. In the state of New York, until recently if the
government wanted to use eminant domain to take your property, all they had
to do was take out an ad in the paper. They do not need to track down the
owner of the building or land, just take out an ad. If you don't read the
paper that day, the first you hear that your building was being knocked down
may be when the wrecking ball shows up.

This was only amended in 2004 after some particularly nasty battles.

http://ownerscounsel.blogspot.com/2009/06/port-chester-offers-apology-for-taking.html

Just a dose a reality folks.



==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
At 12:12 -0400 21/4/10, Christopher X. Candreva wrote:

> > Knowingly disabling running software on computers that is not your own
>> is not acceptable. It is immoral, unethical and perhaps illegal.
>
>But that's not what happened.

Wierd idea of "did not happen" - in what way does "we will push an
update that has the sole purpose of making your software stop
working" NOT constitute "Knowingly disabling running software" ?

- It is a simple fact - the team made the decision to push this update.
- It is a simple fact that the purpose of this update was to make
running software break.
- It is a simple fact that this was a desired outcome of the update.
These are simple facts supported by their statement that they were
going to do this, and what the expected outcome was going to be.

Given these simple facts, I really, really cannot understand the
mindset that still claims that the ClamAV team did NOT knowingly
disable software running on other people's machines.

Could someone please explain how on earth you can still claim that
"this didn't happen" - and by what logic process you arrive at such a
statement ?

The **ONLY** defence I can think of is that they assumed an implicit
permission by virtue of the user running the update process to fetch
signature updates. That's a very tenuous thing to infer when pushing
an update that is so different in purpose to what would normally be
fetched.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Quoting Simon Hobson <linux@thehobsons.co.uk>:

> Put bluntly, if people had admitted early on that perhaps it could
> have been handled better, that perhaps they didn't consider all
> classes/types of user, and that it is perhaps not unreasonable that
> users could be a trifle annoyed ... then this **WOULD** have blown
> over ages ago.

I've admitted this often, from the beginning, and my posts are largely
ignored, or refuted, or I'm insulted/slandered/etc. So, this isn't
a true statement.

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, Apr 21, 2010 at 17:26, Christopher X. Candreva
<chris@westnet.com> wrote:
>
> Let me drive this home. In the state of New York, until recently if the
> government wanted to use eminant domain to take your property, all they had
> to do was take out an ad in the paper. They do not need to track down the
> owner of the building or land, just take out an ad. If you don't read the
> paper that day, the first you hear that your building was being knocked down
> may be when the wrecking ball shows up.

The last I checked the legal notification requirements in the UK
aren't terribly different. All that is required is reasonable effort
to notify and while I'm not a lawyer I'm pretty confident that the
ClamAV's teams efforts would be described as reasonable (based upon
dealings with real lawyers).

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, April 21, 2010 9:26 am, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, Eric Rostetter wrote:
>
>> > See above, that does NOT in any way constitute requesting my
>> permission.
>>
>> Sure it does. Legally, in the US, when I want to do something that I'm
>> legally required to inform the community about, all I have to do is
>> take
>> out an ad in the local newspaper. Or post signs in the affected area.
>> If you don't read it, too bad. I made the required public notice. That
>
> Let me drive this home. In the state of New York, until recently if the
> government wanted to use eminant domain to take your property, all they
> had
> to do was take out an ad in the paper. They do not need to track down the
> owner of the building or land, just take out an ad. If you don't read the
> paper that day, the first you hear that your building was being knocked
> down
> may be when the wrecking ball shows up.
>
> This was only amended in 2004 after some particularly nasty battles.
>
> http://ownerscounsel.blogspot.com/2009/06/port-chester-offers-apology-for-taking.html
>
> Just a dose a reality folks.

Yes, amended to requre "certified main or personal delivery". Thus it
appears that your example is diametrically opposed to your argument that
only minimal notification is required.

Bill


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Bill Landry wrote:

> Yes, amended to requre "certified main or personal delivery". Thus it
> appears that your example is diametrically opposed to your argument that
> only minimal notification is required.

No, my point is if you don't pay attention, you may wake up one morning to
find your mail server down or your house being knocked down around you.



==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, Apr 21, 2010 at 9:16 AM, Eric Rostetter
<rostetter@mail.utexas.edu>wrote:

> <snip/>
> If you are on my property (say you rent or lease it from me), I can come
> in anytime.



> <snip/>
>
> I'm not even trying to argue that this was or wasn't an illegal action.
> I'm just saying that the arguments are lame (calling it blackmail when
> it isn't, saying they need permission from each and every user when they
> don't, etc). Come on folks, make your arguments at least reasonable!
>
> --
> Eric Rostetter
> The Department of Physics
> The University of Texas at Austin
>
> Good arguments mostly Eric but I must take issue with your statement above
about owners right and renters.
Last I checked if I rent a property from you then that does _not_ give you
the right to enter 'anytime' , unless you have it specifically written in
the lease you can only come in by arrangement and only for maintenance and
inspections. That what renting means: assigning the right to use a property
to another person in exchange for rent. That right generally includes
refusing entry to the owner when not prearranged. Here's just one entry on
the subject:
http://www.allbusiness.com/legal/contracts-agreements-real-estate/4104-1.html
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, April 21, 2010 10:48 am, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, Bill Landry wrote:
>
>> Yes, amended to requre "certified main or personal delivery". Thus it
>> appears that your example is diametrically opposed to your argument that
>> only minimal notification is required.
>
> No, my point is if you don't pay attention, you may wake up one morning to
> find your mail server down or your house being knocked down around you.

Doesn't agree with the example you provided, is all I'm saying, not
without notification via "certified mail" or "personal delivery", which
takes notification to a much higher standard and requirement then you have
been trying to justify.

Bill

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Bill Landry wrote:

> Doesn't agree with the example you provided, is all I'm saying, not
> without notification via "certified mail" or "personal delivery", which
> takes notification to a much higher standard and requirement then you have
> been trying to justify.

The example I sited shows a guy who lost his building and spent 10 years
trying to get things fixed. In the course a law was changed, so that NOW, in
New York State in the USA, personal delivery of notification is required.

If you would like to assume from this that you are safe in your particular
locality, I can only hope you don't wake up in a pile of rubble.

For me, the lesson I take is to always be aware of the laws in your
locality. And the policies of the software you use.


==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Eric Rostetter wrote:

>>Put bluntly, if people had admitted early on that perhaps it could
>>have been handled better, that perhaps they didn't consider all
>>classes/types of user, and that it is perhaps not unreasonable that
>>users could be a trifle annoyed ... then this **WOULD** have blown
>>over ages ago.
>
>I've admitted this often, from the beginning, and my posts are largely
>ignored, or refuted, or I'm insulted/slandered/etc. So, this isn't
>a true statement.

If I've overlooked the one person who did admit that, then I
apologise to you. there are plenty of people who have not, and it
appears will never, make such an admission.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, April 21, 2010 11:08 am, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, Bill Landry wrote:
>
>> Doesn't agree with the example you provided, is all I'm saying, not
>> without notification via "certified mail" or "personal delivery", which
>> takes notification to a much higher standard and requirement then you
>> have
>> been trying to justify.
>
> The example I sited shows a guy who lost his building and spent 10 years
> trying to get things fixed. In the course a law was changed, so that NOW,
> in
> New York State in the USA, personal delivery of notification is required.
>
> If you would like to assume from this that you are safe in your particular
> locality, I can only hope you don't wake up in a pile of rubble.
>
> For me, the lesson I take is to always be aware of the laws in your
> locality. And the policies of the software you use.

Oh yeah, and I bet you read the public notifications in your local paper
every day. That's why the notification requirements are being reviewed in
most all jurisdictions and changed to require more stringent notification
standards. Your position is untenable in today's world.

Bill



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
Quoting Jonny Kent <jonnykent@gmail.com>:

>> Good arguments mostly Eric but I must take issue with your statement above
> about owners right and renters.

Yeah, it was kind of vague, but meant to be about the issue of "trespass"
and not about actually invading a renters home or business.

What you can or can't do depends on the contract, local law, etc.
But generally, I can still go on the property without permission or notice,
but can not enter the dwelling or other structures without permission or
notice. Lots of if/ands/buts along with that of course. Was a really
vague rebuttal to the trespass argument, and I regret I didn't provide
a more sound argument (since I was complaining about unsound arguments).

Mea culpa...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Bill Landry wrote:

> > For me, the lesson I take is to always be aware of the laws in your
> > locality. And the policies of the software you use.
>
> Oh yeah, and I bet you read the public notifications in your local paper

"Be aware of the laws" != "read the public notifications in your local paper every day"

However, up until this law changed, I did monitor the announcements for the
area my business is in, as it's in a redevelopment zone. And I just rent.

Just to beat this example to death a little more: Port Chester was a
rehabilitation zone at the time, so it's not like the condemnation was out
of the blue. Obviously the law sucked, but this shouldn't have been a shock
to anyone in the real estate industry either. Everyone had choices - move
out of Port Chester where there isn't a rehab zone, move out of NY where
public notice laws were saner, find a Real Estate attourny who has one of
his clerks scan the papers every day and notify his clients if there is an
issue (sort of like -- running Nagios)

Again, I disagree with the Clam teams stance on when clamd should die, like
I disagree with the sucky notification laws. But -- I CHOOSE to use the
software anyway, like I chose to live in NY state. Make the choice, live
with it.

What I say is wrong is running software where you don't know the policies of
the authors -- or living in a state where you don't know the laws. Doing so
and getting bit by it is your own damn fault.

One other quote comes to mind. During the PMRC trials, Al Gore asked Dee
Snider if he thought it was reasonable to expect parents to listen to every
album their kids bought. Dee's response, "Being a parent is not a reasonable
thing. It's very hard".

I would say the same about running a mail server, and subscribing to the
announce lists of all the software you run.



==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
Eric Rostetter wrote:

>>You did not tell ME, therefore you did not have permission FROM ME
>>to makes changes to the way MY server operates.
>
>By using the software, you took responsibility for how it works. From
>the license:
>
> 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
>FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
>OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
>PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
>OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
>MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
>TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
>PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
>REPAIR OR CORRECTION.
>
> 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
>WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
>REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
>INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
>OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
>TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
>YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
>PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
>POSSIBILITY OF SUCH DAMAGES.
>
>So until you prove they did something illegal, it is your problem to deal
>with, per the license.

Here we go again, you are introducing something irrelevant to try and
justify your actions. Yes, I know what the licence says - but that
merely says I cannot expect support from you, and I can't complain if
it doesn't work. That still does not mean I am giving you permission
to enter my property and make changes - it just means that you are
under no obligation to provide support or updates.

That's the whole point - I'm NOT complaining that your aren't
providing support, and I'm not claiming damages. I'm complaining
because you have gone well beyond "not providing support" by actively
disabling a program that you deemed I shouldn't be running according
to your view of how the computing world should run. Nothing in that
licence or any implied agreement for you to update my server allows
for that - and under UK law what you did was illegal (and under US
law if what I understand of the Gary McKinnon case is right).

>>Giving notice that you are going to trespass does not make that
>>trespass legal, even if you had come directly to me door and told
>>me in person - which of course no-one did even in computer terms of
>>making any sort of related message appear on my system.
>
>If you are on my property (say you rent or lease it from me), I can come
>in anytime. If you use my software, I can change it any time I want
>per my license agreement.

But I'm not on your property, you are on mine when you make changes
to my server. The nearest analogy I can come up with is that you've
offered to water my plants while I'm away - analogous to providing AV
updates. You've offered to do that out of the goodness of your heart
as a friendly neighbour - and I thank you for that, as I thank the
team (again) for having provided the software and updates in the past.

That in effect is an implicit permission for you to enter my property
- but only for that purpose.

Now by analogy, the warnings given by freshclam could be like you
pointing out that my roses are getting past their best - I really
ought to consider getting some new ones. But for the time being, I'm
reasonably happy with them and will put up with them until I've time
to redo the garden properly.

You really don't like those roses, so you are perfectly entitled to
tell me you're not watering them any more. I could live with that -
as you say, you don't owe me anything, and it's not for me to demand
anyone does anything I'm not paying them for, and note that I have
not tried to demand anyone do anything other than 'leave my server
alone'.

The equivalent of what the ClamAV team has done is for you to decide
that I really should not have those old roses, you you have dropped
some powerful weed killer in the watering can to see them off. That
would be outside of your implied permission to access my property,
and also criminal damage.


Also, if I *was* on your property (eg something I'd rented), then
under English law I would have the right of "quiet enjoyment" - that
means you do **NOT** have the right to come in anytime UNLESS that is
explicitly provided for in the lease or tenancy agreement. leases
usually provide for access in order to perform maintenance - but only
on reasonable notice and at reasonable times, unless to deal with an
emergency. I see nothing in that licence you quote saying it gives
you the right to interfere with my server if I run your software.

You still wouldn't have the right to poison the roses unless they
were directly causing a threat to the property - and you cannot say
that me running out of date (ie not updated) AV sigs was directly
threatening the ClamAv project.

>>You also cannot claim that my downloading of updates constitutes an
>>invite - it constitutes an invite to put AV sig updates on there
>>for the purpose of detecting new threats. A poison pill update
>>doesn't fit that description.
>
>It is a free service they provide, not to you, but to anyone. So they
>owe you nothing. You didn't sign any contact with them that they would
>provide only valid signatures, or any at all. You assume the risk in
>using the feed.

As a point of law, a contract does not need a signature, nor does it
even need anything in writing - all it needs is an offer and
acceptance. In the absence of a definitive statement, the legal
situation would be whatever the court could determine were the facts
of the case. In that respect, "man freshclam" says : "freshclam is a
virus database update tool for ClamAV". In any dispute therefore,
unless there was something of equal prominence to contradict it, then
it would be inferred that the purpose of the tool was to deliver AV
signature updates - not a poison pill designed to stop the software
working.

This goes beyond any clause designed to avoid liability for errors in
the program. Yes, the clauses above would absolve you of liability
for any reasonable errors, but it still would not absolve you of
liability for deliberate malice.

I assume you will have similar laws over their, but over here, there
are some rights you CANNOT sign away. The extent varies according to
the situation (eg consumers have more rights than business). As a
consumer, even if I sign a contract that a supplier is not liable for
anything (such as the clauses quoted above), that agreement is
totally worthless as the law says I cannot sign away those rights -
and in court the clauses would be declared unlawful and
unenforceable. Similarly, even if I said I didn't mind if you shot
me, if you took me at my word, you would still find yourself in court
- my permission might well be accepted as mitigating when it comes to
the charge laid or the sentence, but it would not absolve you of a
crime committed.

>I'm just saying that the arguments are lame (calling it blackmail when
>it isn't, saying they need permission from each and every user when they
>don't, etc). Come on folks, make your arguments at least reasonable!

I didn't make those suggestions BTW.



Christopher X. Candreva wrote:

>Let me drive this home. In the state of New York, until recently if the
>government wanted to use eminant domain to take your property, all they had
>to do was take out an ad in the paper. They do not need to track down the
>owner of the building or land, just take out an ad. If you don't read the
>paper that day, the first you hear that your building was being knocked down
>may be when the wrecking ball shows up.
>
>This was only amended in 2004 after some particularly nasty battles.
>
>http://ownerscounsel.blogspot.com/2009/06/port-chester-offers-apology-for-taking.html

Now that's a very interesting argument to throw in ! Are you now
claiming that the ClamAV team are now part of government and are
entitled to my server by Eminent Domain ? If you are, then poppycock,
if not, then why bring it up. You even point out that the law has
been changed on that. Over here we have Compulsory Purchase to cover
situation where a government body needs to acquire property for a
project - but they cannot just take it like that.

Yes, over here there are notifications for which public notice is
sufficient action. If someone wants to build in the fields behind my
house, then they only have to post notices about the planning
application on the site - but they must post the notice AT THE SITE,
not at the developers home. They still cannot come and build on my
land without my permission - even if they've got planning permission
and misled the planning board into believing that they have the
landowners permission or own the land.

Note that building in the field will not stop me living in my house.
It may affect my amenity value, but it won't stop me living there -
in the same way that not providing AV updates will affect the amenity
value of my server, but it won't stop me running it. On the other
hand, knocking down my house would most certainly affect my ability
to live there - and you cannot do that in this country without
serving notice to the property and the registered owner (unless the
latter cannot be found after reasonable efforts I believe).

As a complete aside, there have been cases (one was local-ish) where
there's been a "mix up" (for want of a better polite expression) and
a contractor has knocked the wrong house down. It usually results in
serious compensation - and some rather negative PR for those
responsible.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Wed, 21 Apr 2010, Simon Hobson wrote:

> - It is a simple fact that the purpose of this update was to make running
> software break.

I disagree with that statement because it's incomplete.. The purpose of this
update was to make running software break WITH A DESCRIPTIVE ERROR .
Important difference.

The alternative being breaking with an incomprehensable hex ump.


==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Quoting Simon Hobson <linux@thehobsons.co.uk>:

> At 12:12 -0400 21/4/10, Christopher X. Candreva wrote:
>
>> > Knowingly disabling running software on computers that is not your own
>>> is not acceptable. It is immoral, unethical and perhaps illegal.
>>
>> But that's not what happened.

Yes, it is what happened... People are just confused because of all
the bogus complaints like "they shutdown my server" or "they shutdown
my email". But they did indeed shutdown clamd for some set of older
versions.

> The **ONLY** defence I can think of is that they assumed an implicit
> permission by virtue of the user running the update process to fetch
> signature updates. That's a very tenuous thing to infer when pushing
> an update that is so different in purpose to what would normally be
> fetched.

Well, since you pull the updates (they are not pushed to you), and since
while this one signature was indeed "different in purpose" than the normal,
you have a point. But, this "different in purpose" signature was just
a way of warning that soon the "same in purpose" signatures _would_ stop
the software. Would you rather they just started pushing the "normal in
purpose signatures" that crashed it, or that they pushed a "different
in purpose" one first, where the "purpose" was to notify users of both
the issue, and how to fix it?

> --
> Simon Hobson

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

1 2 3 4 5 6 7 8  View All