PDA

View Full Version : Please donґt end this great project



hoest
07.05.2004, 12:35
thank you for one of the best free programs on the internet. Please donґt let yourselves be discouraged by copycats and imbeciles outthere, who think they can steal your code and publish it, and get away with it. I am one of many who enjoy your free software, and I think its perfect the way it is.
I hope you will continue to develop this and release for free, for personal use.

Best Regards

Mr_Ed :wink:

meir
08.05.2004, 10:46
I am aghast, and join the writer above, ask you: do not cease.
We love you !

Lord KiRon
09.05.2004, 07:22
What the heck happening ?

ShareReactor got closed , BuckTV started to fight amoung themselves , DoD and FairLight got shut down by police , now this ...

Please don't go ...

negator
09.05.2004, 19:36
What exactly is the problem with showing the possible vulnerabilities, security flaws, or design flaws (in one's opinion, that is) of any given existing software ? It takes skills, particularly if it regards architecturally complex, multi-faced pieces of software like DT.

I don't think that the community is bothered by this in itself: my humble opinion is that the reaction is quite exaggerated and partly ignited by the DT coders themselves, who're trying to turn the guilt for their own design flaws onto someone who points them out. Ever heard of bugtraq ? That's exactly what i'm talking about. I'm not trying to be overly polemic here, i'm absolutely curious though, about what the problem really is. I firmly believe that you should not attack the writer of the analysis personally, since he merely pointed out existing architectural flaws, for whom he was not responsible.

I've not seen a valid point according to which the life of DT is threatened. The community, i repeat, has no reasons whatsoever to be worried, and the tool itself has everything to gain from a security/vulnerability standpoint. DT coders know this, and protectionists know it as well. And dont toss morality in, for god's sake. This is a chance to grow up, not to be damaged.

So exactly, what IS the problem ?

yours curiously,
negator

Andareed
09.05.2004, 20:55
There is nothing wrong with finding bugs/flaws. It is expected that if it is something of "sensitive" nature, you discuss with developer in private. Imagine if every single security flaw ever found in windows was posted first in the public domain... If developer does not take you seriously, then this is different. This user never talked to us in private, so we had no chance to address his concerns.

LocutusofBorg
09.05.2004, 21:36
like Andareed already mentioned, it is important to inform the
Authors before you post it anywhere or otherwise nobody should
complain if securityprobs like lsass or in general dcom/rpc-remote
attacks are posted on bugtraq BEFORE you get a chance to receive
the patchs. This behaviour could nicely be watched on phpBB.com,
where every now and then f.e. SQL-injections are posted without
inform the authors at phpBB. Additional, we're not talking about
security-probs here, so this information is, to be honest, absolutely
useless for every user. If you don't believe me, then I would say please
decide it for yourself, as soon as corrected report is back, I post a link
to it's new location. Then come back and tell me what you've learned,
after you read it and were it helped you(!) to improve DT.
We agreed to the re-posting of the corrected article. Nevertheless, even
now we didn't share the opinion of the author, but we want peace and
that's it.
I think, nobody has the right to tell other people what they must do.
If we were lazy and it's security related and people's data are in danger
because of DT - ok! Then I agree to you. But this isn't the case here.
So your argumentation is simple incorrect in this case.

It was simple a private war between two persons.
The author of the report confirmed that it was not his intention to harm
Daemon Tools at all, it was he feared we didn't take him
serious. After all the fuss, I would say we never can find out anymore,
can we? At least we agreed to the new report, so it seems we're no ass-
holes or guys who are arrogant and don't want to show public what
Daemon Tools do.

A PERSONAL notice: I'm able to RE for myself and I know many people
which are capable of. But I think this doesn't give me the right to every-
thing, I would ask nicely before I post it. Only exception: it is security-
related and author doesn't respond to me within an acceptable time.
But, this is my PERSONAL opinion. You can decide for yourself what YOU
would do if in similar situation, I leave the decision to you...

We talked with the user and a new report was created.
When it's available, I set link so all of you can take a deeper look at it.
However, future versions of DT will be completely different and believe me
- I mean what I say. Nevertheless, we thank the user for his hints.

The Daemon Tools Team