Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Boycott O'Reilly

by Wassercrats
on Jan 22, 2004 at 06:38 UTC ( #323102=perlmeditation: print w/ replies, xml ) Need Help??

First they disobey copyright regulations and post-copyright one of their books (at least), which will make it appear less out of date in the future (fraud), and now I see in their latest catalog that they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers, based on their own description. Here's what a review said that I found on the web:
Pros
Clear and easy to understand as long as you have some background already
Provides detailed information on types of exploits and writing exploit code
Gives the reader the nuts & bolts instead of an overview

Cons
Too technical for beginners

The Bottom Line - This book is almost like a "Part 2" for many of the other hacker technique genre such as Hacking Exposed or Hack Attacks Revealed. Jon Erickson gives more detail for the intermediate to advanced readers including in-depth looks at stack and heap overflows and other types of vulnerabilities as well as instructions for creating exploit code for these flaws rather than just using exploits developed by others. This is a great book as long as you have some background in this field already.
...
Rather than simply describing the vulnerabilities and their exploits theoretically or showing you how to use pre-existing tools to exploit the vulnerabilities, Jon Erickson provides the nuts & bolts you need to learn how to program your own exploit code.

I don't think O'Reilly is the publisher, but they included that and other hacking books in their latest catalog. There are other publishers out there. I'll be avoiding O'Reilly in the future.

...Yes, I know I left out some information.

Comment on Boycott O'Reilly
Re: Boycott O'Reilly
by BUU (Prior) on Jan 22, 2004 at 06:48 UTC
    Lets boycott the internet as well because there is 'hacking related' material on it. Lets boycott the library because they have books on chemicals. Lets boycott colleges because they teach chemistry. Etcetera.
      I'd do all of that, depending on the nature of "hacking related" and the others you mentioned, if there were convenient alternatives. And maybe even if there weren't.
        Wassercrats

        Any good security consultant, police officer, government agent or member of the military will tell you, in order to defend yourself from theats you must understand two things; the attacker and the mode of attack. People who work in the security field train themselves to think like their "foes", so they can anticipate their moves. It only makes sense, how can you defend yourself if you dont know whats threating you? Stupidity and rampant fear results, after all mankind's greatest fear is the fear of the unknown (to sorta quote H.P. Lovecraft).

        Also any encryption expert worth his salt will tell you that a closed system/algorithm is far less secure than an open system/algorithm. Most cryptographers spend as much time writing algorithms as they do trying to break them.

        A book about hacking, no matter who publishes it, is just like any other bit of information. It can be used for good,.. and it can be used for evil. There is little doubt in my mind that this book was published with the "know your attacker" thought in mind, rather than "Learn to crack the IRS DBase in 24 hours".

        This information is all valuable, and since information itself is an abstract concept and not a concious entity with a moral capacity of its own, its all about how you use it.

        Think a bit before you post.

        -stvn
        Let's compare this philosophy to a guiding principle of mine.
        Those with more information are better equipped than those with less information.

        You seem to disagree, as if somehow some books should not be published, or should not be available to the public, and that if you had other options than them, you would use them instead, avoid said books. Okay -- you're saying that you'd intentionally remove information that you could use, because you have some sort of ethical problem with...what? Reading it? Other people knowing it?

        There's no way for you to control the latter.

        Regardless, let's move to another guiding principle of mine.

        People, on the whole, left to their own devices, will choose to do constructive things rather than destructive things.
        You seem to believe otherwise. You seem to think that one destructive act somehow outweighes thousands of constructive ones. I honestly don't think humankind could get anywhere without creating and producing being a better choice than destroying and nonproduction. We'd be living in caves. We'd be afraid of our shadows, and everyone else.

        Which, I suppose, we are to a degree -- but the degree to which we, as a whole, produce and create is greater.

        Believing these two things convinces me that there should be books about hackers, books with the word 'hackers' on the cover, etc., just as there should be books about terrorists, books about terrorism, etc. Not because of some notional concept of "harm" or "protection" or because I wish to see society fall -- it's because "harm" is irrelevant, the harm of not being informed is greater than any harm anyone can do me -- it's because "protection" is something I grant a nonsentient being, and I am sentient, and I don't need to be coddled -- it's because society requires information to proceed.

        You say this is harmful, and you are, by everything I've ever believed in, wrong. That would be my well-informed opinion, in terms of being well-informed about what I believe.

        Information causes action. Action, on the whole, is positive. Tell me why I should want to prevent X good things for less-than-X bad things.



        -----------------------
        You are what you think.

Re: Boycott O'Reilly
by davido (Archbishop) on Jan 22, 2004 at 07:00 UTC
    Boycotting a publisher (depriving all of its fine authors of their due royalties) because they chose to use the word "hacks" or "hacker" in one of their books? How silly, especially since we all aspire to be Just another Perl hacker.

    Hacking doesn't necessarily carry with it a negative connotation. It is a common misconception to see "hackers" as the Wargames Kid. A true hacker is one who strives to hone his skill as a programmer / systems administrator. The direction in which he applies his hacks has no bearing on the fact that a hacker is a hacker, for good, bad, or indifference.

    Hacker, Hack, Hacking, etc. is a connotation-neutral word.

    If the book in question (whos exact name you didn't give, and whos actual publisher you didn't list) is truely a cookbook for systems cracking, it might be seen as irresponsible that it's been published (though I kind of disagree). But I don't think that you (nor I) have read the book, and therefore aren't qualified to comment on its content. One observation that can be made, however, is that even if it is a recipe book for system cracks, most of that info is already publically accessible from CERN, linux/unix security alert mailing lists, Microsoft security alert lists, etc. The information is publically available from responsible, legitimate sources.

    As for the copyright dating issue, remember, in the world of periodical magazines, you always receive the July issue in June, the June issue in May, etc. Automobile manufacturers release their 2004 model cars in fall 2003.


    Dave

Re: Boycott O'Reilly
by theorbtwo (Prior) on Jan 22, 2004 at 07:01 UTC

    Hm. You make a completely non-backed up accusation of fairly minor violations to the copyright statement, and attack them for /gasp/ publishing content. I'm downvoting you.


    Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

Re: Boycott O'Reilly
by kodo (Hermit) on Jan 22, 2004 at 07:37 UTC
    Uhm well so what's your point finally? You said that they'll publish a book about "hacking" but you didn't tell us why that should be a reason to boycott them...
    I like O'Reilly books and I like hacking. And I don't see anything bad about publishing books about "howto hack". If you're not skilled anyway you also won't be able to write exploits after reading such a book.
    Also if you think keeping the web secure means to avoid any information-sources about howto write exploits you have a really stupid idea about how security should work.
    It's even positive for security that such information is available and the more widely it's spread the better. Why? Because programmers maybe start to think more about howto avoid exploitable code when they know how it could be exploited...
Re: Boycott O'Reilly
by bmann (Priest) on Jan 22, 2004 at 07:41 UTC
    ...Yes, I know I left out some information
    And possibly invented some?

    Based on the pros and cons you posted, this looks like the review you are looking at. This review of a book called "Hacking - The Art of Exploitation" is a word for word match with your quote.

    First of all, it is not an O'Reilly book, it is published by NoStarch Press. Second, I don't think we should condemn O'Reilly for offering this book for sale. I searched their website for both the book and the author, and yes they are selling it - but your local bookstore might just carry it, or maybe something more malicious.

    Anyway, this book isn't related to their "Hacking" series - which isn't about breaking into computers and networks, it's about taking something to its limits - Google Hacking means using Google to the fullest extent, for example.

    I can't speak for the post-copyright accusation, but based on the facts above I think this rant needs to be retracted.

    B

      First of all, it is not an O'Reilly book, it is published by NoStarch Press.

      Not that I agree with the OP at all. As I matter of fact, I think it's very much a Hanlon's Razor sort of thing.

      Back to the NoStarch Press thing - they do have some type of major business relationship with OReilly. From nostarch:

      Beginning January 1st, 2004 our US distributor is O'Reilly & Associates (www.oreilly.com). O'Reilly represents No Starch Press books to all major wholesalers (Ingram, Baker & Taylor, Bookazine, Koen, etc.), national chains and independents, online booksellers, and academic and technical bookstores, as well as directly to consumers through direct marketing and trade shows.

      -derby

      thanks bmann

      mmm.. love that selective quoting Wassercrats, here are the bits you decided not to include...

      Description

      • If you have read Hacking Exposed or Counter Hack- this is the next book you should check out
      • Detailed coverage of string vulnerabilities, stack overflows, heap overflows, and more
      • Shows you how to analyze these vulnerabilities and create your own exploit code
      • A must-have book for vulnerability and penetration testing- clear, concise and informative

      Guide Review - Book Review: Hacking- The Art of Exploitation

      People often talk about whether the hacker technique genre of books such as Hacking Exposed, Hack Attacks Revealed or Counter Hack actually do more to teach the next generation of hackers and crackers than they do to help educate people about security. Those books don't go to nearly the depth that Hacking: The Art of Exploitation does.

      Jon Erickson picks up more or less where those other books leave off. He provides a look at techniques and tools used by hackers as well, but he also gives a more comprehensive look at stack overflows, heap overflows, string vulnerabilities and other commonly exploited weaknesses.

      Arguably, this information could very well be used by a hacker wannabe to learn how to break into machines illegally. However, like the other hacker technique genre books, the purpose is to educate so that we can better protect ourselves from such hackers.

      Armed with the information in this book you can actively develop your own exploit code to conduct vulnerability and penetration testing- the results of which could be very valuable in helping to secure your networks and computers.

      This is an excellent book. Those who are ready to move on to Level 2 should pick this book up and read it thoroughly.

      you're into politics, eh.. never would have guessed..

      cheers,

      J

Re: Boycott O'Reilly
by adrianh (Chancellor) on Jan 22, 2004 at 08:54 UTC

    -- Wildly inaccurate accusations and nothing to do with Perl.

Re: Boycott O'Reilly
by Abigail-II (Bishop) on Jan 22, 2004 at 09:29 UTC
    First they disobey copyright regulations
    Proof? References?
    post-copyright one of their books
    Proof? References?
    they are selling a hacking book
    Yes, and? How's that more different than selling a book about lock-picking?

    What's your point?

    Abigail

      A previous post of mine mentions the copyright violation. I quoted copyright law and mentioned the book at that time, but I don't want to repeat it.

      I'm also against lock picking books being sold to the general public. My point should be obvious and it's pitiful that nobody has supported me. I wonder if this phenomenon is limited to the Perl community. Maybe there is too strong a bond between O'Reilly and Perl. I'll probably spread this information around to see how other groups respond.

        A previous post of mine mentions the copyright violation. I quoted copyright law and mentioned the book at that time, but I don't want to repeat it.
        So, post a frigging reference. Don't assume everyone has read all your previous posts and remembers them.
        I'm also against lock picking books being sold to the general public. My point should be obvious and it's pitiful that nobody has supported me.
        My god, how utterly naive. Is your real name by any chance George W. Bush? Are you against half of the movies made as well, because it teaches how to use a gun? Are you against books in which a crime is committed? And why are you still on the internet? Don't you know what horrible and dangerous information you can find there? (http://www.peepresearch.org/ and http://www.twinkiesproject.com/, for instance).

        I'll probably spread this information around to see how other groups respond.
        Let us know when you've found a group that will join you in a book burning event.

        Abigail

        My point should be obvious and it's pitiful that nobody has supported me.

        Your point actually is very obvious. The brick wall you're running into is the fact that your paradigm is fundamentally different than that shared by many Perlmonks. Let me explain.

        A paradigm is defined as

        1. One that serves as a pattern or model.
        2. A set or list of all the inflectional forms of a word or of one of its grammatical categories: the paradigm of an irregular verb.
        3. A set of assumptions, concepts, values, and practices that constitutes a way of viewing reality for the community that shares them, especially in an intellectual discipline.

        Many Perlmonks, including myself, tend to be very liberal and open in their attitudes towards ... well ... most things. The concept of personal accountability runs through the whole OpenSource movement, with which there is a lot of overlap into the "Perl community" (if there is such a thing).

        The paradigm you appear to be espousing is one where a group of (usually) wiser members of the community choose what the community is (and is not) exposed to. This is a very conservative view, one that many Perlmonks may find very patronizing and paternalistic.

        Let me illustrate with an example - the fact that O'Reilly is promoting a book on hacking that includes exploit code. Your reaction is that this is irresponsible and should be punished immediately. My reaction is one of gratitude. I have no desire to crack any system, but I also don't want the systems I'm responsible for to be cracked, either. So, I want to learn how to protect my systems. My question to you is "How can I verify my system is hardened against a certain exploit without testing my system with that exploit?" I don't have the desire to figure out exploits. I just want to stop them. So, I go to CERN, subscribe to security lists, and purchase this book.

        Take a hard look at that argument. It is almost identical in form to the argument that the NRA uses in USA politics when opposing gun control. "We must arm ourselves to protect our families against the criminals who already have the guns." Most conservatives would agree with that argument ... If you do, think long and hard what the difference is between the NRA's argument and mine.

        ------
        We are the carpenters and bricklayers of the Information Age.

        Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

        Why don't you want to repeat it? Why don't you even link to it? Come on, if you have a valid complaint then make it. If you want to hide behind your unsubstaniated claims please fell free to do so, but don't expect any of us here to take you seriously.

        As for post-dating a copyright claim. Um, is it an infringement of a law to make a claim where the law requires no claim? As of March 1989 it is unnecessary to make a claim for copyright in the US.

        In fact I liked the book you refer to. I found the material presented very useful and informative. It has helped me to understand the processes of spidering and what I could expect as results. I also have the "Linux Server Hacks" and for a non-sysadmin like me it is also very useful.

        Sorry, no boycott for me! I have found O'Reilly one of the most ethical publisher in the field of recent years and I will continue to support them in any way that I can.

        jdtoronto

        I like to read arguments like this. No really.

        How do you expect encryption to become stronger unless you try to break it? How do you expect safes to be *safe* without trying to open them?

        Your argument is like that of the medeival doctors who couldn't open a dead body for medical study.

        As for sale to the general public (lockpicking et al). I thought there was the concept of freedom of speech? Or is that freedom of speech except where the listener doesn't like what is being said or we don't really like the person saying it?

        I do martial arts. In the context of my art I own hand weapons (not firearms) and many books both modern and old on the subject. Should I burn all my books as they *may* show someone how to stab someoneelse? Maybe I should be classified as a lethal weapon and removed from the general public. After all, you never know do you?
        On the security issue, please take a step back and look at what the security community in general is doing. I'm not sure you can find a group more security focused than SANS.

        Quoted from their website:
        "SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community."

        Anyway, track 4 of their training (Track 4: Hacker Techniques, Exploits and Incident Handling) goes through the process of hacking a site (including the use of the tools most likely to be used.) Not having read the book, I cannot say how much/little time is spent on ethics issues, but I'd not write it off as an "evil". (Actually, after I finish this post, I am going to forward the details of the book on to my supervisor and get a copy.)

        Ok, for once, I'll bite.

        I'm also against lock picking books being sold to the general public.
        As I'm writing this, I've got lockpicks on my desk - I've been attempting to open padlocks [1]. I don't do this so that I can steal things (if anybody wants to steal things, then buy a set of bolt-cutters - it'll be easier). I do it because I appreciate the skill.

        I also study martial arts. I'm vaguely aware of how to seriously hurt someone (or hopefully defend myself if the need ever arose). Does this make more dangerous? Not really - I really don't ever want to fight anyone.

        Knowledge doesn't make people dangerous. It simply allows people to do more. People are not made dangerous by knowledge [2].


        [1]: 3 out of 5 so far. Damn.
        [2]: Yes, this is facile. I'm aware that dangerous people can be made more dangerous by knowledge, and that there are gaping holes in this point of view.

        davis
        It's not easy to juggle a pregnant wife and a troubled child, but somehow I managed to fit in eight hours of TV a day.
        If your point is so obvious, why have so many intelligent monks missed it?

        If you still feel the same way, try redrafting your original post, changing the intended audience to a mildly interested apolitical type. Keep it brief, jargon free, and state what you mean -- implied points are only useful for intentionally misleading your audience.

        -QM
        --
        Quantum Mechanics: The dreams stuff is made of

        I'm also against lock picking books being sold to the general public. My point should be obvious and it's pitiful that nobody has supported me.

        Cripes, where to begin with you? Start with Locks and Full Disclosure, concerning a dirty little secret confined to lock makers, locksmiths and criminals for over a century. I call that dishonorale and pitiful, that a whole century goes by, and that an outsider has to make a stink, before they clean up their act and fix their mess.

        I can't think of a a better corrective than the public exposure and humiliation of a published exploit to get lazy a*****s to fix their shoddy goods. Sort of like putting them in stocks and letting the public jeer and throw rotten vegetables at them, in a non-violent free market style.

        Mister, you should bow down and kiss the feet of everyone who blows a whistle: the world becomes measurably safer every time we act on their information.

        I wonder if this phenomenon is limited to the Perl community. Maybe there is too strong a bond between O'Reilly and Perl. I'll probably spread this information around to see how other groups respond.

        Troll, troll, troll: implying moral turpitude for not supporting your views. How pitifully Ashcroftian of you. If I had another PM username, I'd downvote you twice.

SFW?
by NodeReaper (Curate) on Jan 22, 2004 at 10:39 UTC

    Reason: xenchu Trollish. Useless.

    For more information on this node visit: this

Re: Boycott O'Reilly
by Coruscate (Sexton) on Jan 22, 2004 at 11:22 UTC

    Just for completeness and just so I can one day say hey, I took part in that "discussion"!:

    'hack' ne 'crack'

Re: Boycott O'Reilly
by castaway (Parson) on Jan 22, 2004 at 11:25 UTC
    Assuming you're against it because you're of the opinion that 'hacker' means 'bad guy', try reading up on the subject .. (yeah, all links from ESR, such is life).

    In short, a hacker is just a programmer.. *Cracker*s on the other hand, are people who break into things..

    C.

      Assuming you're against it because you're of the opinion that 'hacker' means 'bad guy', try reading up on the subject .. (yeah, all links from ESR, such is life).
      Blech. That's not how natural languages work. Words don't get defined and then never change meaning. New words are created every day. Words fall in disuse all the time. Words change meaning, or get a new meaning next to the old one. Dictionaries describe current and historic usage - they follow the evolution of a language, they don't lead the way.

      For many people "hacker" means "bad guy". Regardless how much ESR writes, that means that (the|a) meaning of "hacker" is what "cracker" means as well.

      Abigail

Re: Boycott O'Reilly
by xenchu (Friar) on Jan 22, 2004 at 13:46 UTC

    Remember the Masked Magician? He did a series of specials on television in which he exposed a good many magical acts, demonstrating exactly how they worked. The reason he did, he said, was to force magicians to create new tricks.

    My point is that this is an analogous situation but not aimed at crackers. The book is, IMO, trying to force those responsible for system security to create new tchniques to thwarth crackers.

    At any rate, Crackers don't use books from what I have heard. They go online, talk to others and download scripts if they are beginners. They don't need no steenking books. I, on the other hand, intend to get a copy as soon as I can. The information will be useful to lessen the number of mistakes I make. Any book that does that is a valuable commodity as far as I am concerned.

    Wassercrats, I appreciate you bringing this subject up. Now I know it is a book worth buying and where to get it.

    xenchu


    The Needs of the World and my Talents run parallel to infinity.
Re: Boycott O'Reilly
by bradcathey (Prior) on Jan 22, 2004 at 14:22 UTC
    Egads! Unbelievable OP. All I can say, adding to the wonderful replies above, is: 1) what's wrong with hackers? Oh, how I long to be one; 2) ever heard of the 1st Amendment? O'Reilly is US; 3) and with all the stuff that really should be boycotted, why even think of boycotting a company that publishes some of the finest tomes on programming and related topics in the world, first class stuff. Too difficult for beginners? Well, there's always the Visual Quickstart Guides {tongue in cheek}.

    —Brad
    "A little yeast leavens the whole dough."
      <peeve type = "pet">
      ever heard of the 1st Amendment? O'Reilly is US;
      Yes, what about it? The first amendment is waved like a magic wand all the time, most of the time unappropriately. Let me quote it for all those non-US people (all US people do know the text, don't they? (cynical laughter)).
      Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
      Pay attention to the first word. Is it involved here? Nope. Can we then wave with the first amendment? Sure, but it doesn't have any more effect than waving some blank papers, all it does is making a small breeze.
      </peeve>
      why even think of boycotting a company that publishes some of the finest tomes on programming and related topics in the world, first class stuff.
      Eh, this was about boycotting O'Reilly. Not companies that publish the finest tomes on programming. ;-)

      Abigail

        Okay, okay Abigail-II and hardburn. My bad-- I also normally cringe when people trot out the 1st admendment. Just like when I hear the words," separation of church and state" which is not in the Constitution, period. So your points are well-taken, my points: O'Reilly can do what they want and when you have that large of a body of work, leave 'em alone.

        Big question: I wonder if the W3 is gonna support the new tag <peeve.... Abigail-II continues to amaze...she closed the tag.

        —Brad
        "A little yeast leavens the whole dough."

      ever heard of the 1st Amendment?

      Adding to what Abigail-II said, the 1st Amendment only applies to the government. Individuals have the right to choose to stop buying from a company for any reason they want, and have a right to pursuade others to do so (which is also protected under the 1st Amendment). As it happens, the rest of us have a right to think Wassercrats is a kook and likewise pursuade others to do so.

      ----
      I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
      -- Schemer

      : () { :|:& };:

      Note: All code is untested, unless otherwise stated

        Individuals have the right to choose to stop buying from a company for any reason they want
        According to a quick reading of some stuff here:http://www.bxa.doc.gov/antiboycottcompliance/oacrequirements.html there is legislation penalizing US citizens or corporations for participating in unsanctioned (by Uncle Sam) boycotts led by foreign governments and requiring reporting to the US of requests to honor such a boycott.

        Scary stuff.

Re: Boycott O'Reilly
by hardburn (Abbot) on Jan 22, 2004 at 14:27 UTC

    You are disparaging what is certianly the most popular publisher in the Free Software world, and which became that way by offering a consistantly solid line of books. Any call as extreme as a boycott should be backed up by a solid argument.

    O'Reilly has made mistakes. Their clustering book was a disaster (I've heard rumors that the editor that approved it for publishing was fired for it). In all, though, they can be forgiven because of their use as an overwellmingly useful source of technical information.

    I clicked on this node with the view twards giving the information presented a fair, objective opinion. However, the arguments you present do nothing to presuade me.

    On "Hacking" books: if a bunch of script kiddies actually buy it, good. At this point, getting those kids to read any book is probably a good thing. In any case, I doubt the kiddies would spend money on such a book when free Internet resources will suffice for their purposes. They don't really want to learn about computers, just cause damage with them (no more, really, than the inner-city graffiti artist cares about the details of the paint they use). So this book is really more than they're looking for, and they don't want to waste time or money on information they don't want.

    What it is useful for is security researchers and people who truely want to learn. Two sets of people, often overlapping, that should be encouraged in their endeavors.

    On copyright problems: try finding a publisher (technical or not) that doesn't post-copyright some of their books. It's usually books published twards the end of the year, and the copyright date is given for the next year. This practice is so widespread in the industry that if you were to boycott every publisher that did it, you could hardly buy any books at all. Yes, it's illegal and a little deceiving, but is largely ignored.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

Re: Boycott O'Reilly
by antirice (Priest) on Jan 22, 2004 at 15:07 UTC

    Wassercrats, wtf? Did you actually read the entire text of the copyright basics page when you first complained about O'Reilly? Copyright notices are optional. They may appear at the discretion of the copyright holder. Furthermore, the copyright is usually held for the duration of the author's life plus an additional 70 years unless the work was done for hire which would make the copyright good for 95 years from publication or 120 years from creation, whichever is shorter. Also, there was a sentence right before the text that you cut and pasted that was very important. It said:

    The notice for visually perceptible copies should contain all the following three elements: (Emphasis mine)

    Do you understand the difference between using the word should and using the word must? Where's the problem? What are you bitching about? That you won't be able to distribute copies of the book without someone suing you for 95 years instead of 94 years? Write a note for your grandchildren.

    And now on to this business about the hacking book. Have you ever heard the saying "Don't judge a book by its cover"?

    they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers

    This rant about the hacking book is hilarious. You see the words "hacking", "exploit", and "vulnerabilities" and you start running around with your tinfoil hat suitably adjusted and start warning all the locals that a great evil is contained in a book you've never read. Software vulnerabilities are very real. Knowing how to find vulnerabilities and testing their severity is a very valuable skill to possess. This book seems to cover some of these topics. I believe I may have to check it out.

    antirice    
    The first rule of Perl club is - use Perl
    The
    ith rule of Perl club is - follow rule i - 1 for i > 1

Re: Boycott O'Reilly
by coreolyn (Parson) on Jan 22, 2004 at 15:36 UTC

    I think most of my thoughts have been well voiced by others.. espcecially Abigail-II ( You go g.. You go! ). For some of us hacking was what got us into this hobby/career.. Yeah I downvoted you, wish I could have done it more than once. At least the negative value of this node is entertaining. If it weren't for that it'd just be an embarrasment.

Re: Boycott O'Reilly
by talexb (Canon) on Jan 22, 2004 at 15:41 UTC

    The fact that I'm grateful to O'Reilly for publishing a terrific catalogue of books has nothing to do with the fact that you've written a poorly documented node on a non-Perl issue. I therfore downvoted your original node.

    In addition, I think you're missing the point here: in the open source world that we now live in, publicizing these kind of exploits will let the 'white hats' test their own systems and do something about making them more resistant to attacks from the 'black hats'.

    In future, I recommend more research and fewer accusations. I hear that in Texas they have a saying, Be sure that your words are soft and sweet in case you have to eat them some day. Wise words.

    Alex / talexb / Toronto

    Life is short: get busy!

Re: Boycott O'Reilly
by jonnyfolk (Vicar) on Jan 22, 2004 at 15:56 UTC
    It's laughable really, but makes me shudder inwardly, that most of the cries ever heard to "burn the books" were from people who had never even read them. I look at the original post and my thoughts go to Iran and the Hostage Crisis, to Mao's Cultural Revolution, to Kristalnacht and to all mobs out there incited by this kind of ignorance.

    I don't care that you don't like the book or what it stands for - I just wish you had read it before denouncing it...

      most of the cries ever heard to "burn the books" were from people who had never even read them.
      I've read some O'Reilly books which I think should be burned. ;-). Of course, that has all to do with the quality (or rather the absense of quality).

      Abigail

        But I fear that at any rate you would only burn your own copy - so much for the Revolution...
Re: Boycott O'Reilly/ORA's been good to me!
by jacques (Priest) on Jan 22, 2004 at 16:22 UTC
    Oh man, ORA's been treating me good lately. I always get free books from them, because of my user group. Marsee Henon sends me tons of stuff. She's like Santa Claus. I love ORA. Also the company seems to be very supportive of open source. I give them two thumbs up.
Re: Boycott O'Reilly
by rir (Vicar) on Jan 22, 2004 at 18:06 UTC
    First they disobey copyright regulations

    You seem to be arguing that we should equate "illegal" with "immoral." I am saddened.

    Be well.

Boycott O'Reilly? Let's not..
by shotgunefx (Parson) on Jan 22, 2004 at 18:18 UTC
    Let's not... Security is all about understanding vulnerabilities. How can you protect yourself from something you don't understand?


    -Lee

    "To be civilized is to deny one's nature."
Re: Boycott O'Reilly
by chromatic (Archbishop) on Jan 23, 2004 at 01:49 UTC
    First they disobey copyright regulations and post-copyright one of their books (at least), which will make it appear less out of date in the future (fraud),

    You miss several points:

    • It takes time to print and ship a book, much less produce, edit, and write it.
    • Copyrights expire at the end of a year, as far as they can be said to expire at all.
    • Copyrights start at the point of creation of a work.
    • The date in a copyright notice in a book is just a notice. Copyright protection starts from the origination of a copyrightable work, though it can be registered formally with the copyright office.
    • I have heard copyright lawyers make the argument that a book published on December 31, 2003 would not receive a full year's copyright protection because of the end of year cutoff, so there is a year's variance in publication dates for book. I have not been able to confirm this in twenty minutes of digging in the U.S. code, nor would I take legal advice from the Internet.
    • O'Reilly uses Founder's Copyright anyway.
    I see in their latest catalog that they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers

    Spidering Hacks could be used to develop programs that harvest e-mail addresses, perform DDoS attacks, mirror sites without permission, forge information, crack authentication schemes, and other nasty things.

    Then again, if you try to make it impossible for bad guys to do bad things, you'll likely only prevent the good guys from doing clever things.

      The book I'm complaining about isn't Spidering Hacks, but I'm not sure if you assumed it was.

      One measure that could be taken to help keep such books out of the hands of the bad guys is to title them as crack prevention books rather than cracker helper books. That's not the case with the book from O'Reilly's catalog. O'Reilly's description of it also shouldn't make it sound like it will help crackers, but it does. O'Reilly is making it more attractive to the scumbag variety of hackers (the term I used in my original post, which seems to have been misunderstood by several monks) than to decent computer security people. The title and content should make it as clear as possible that it is a book for crack prevention, if such a book is published at all.

        But however you feel about this book, you're attacking the wrong group. O'Reilly didn't even publish it. It's simply available through their catalogue. It's also available from Amazon.com, Barnes & Noble, and Powells Books. If you boycot every bookseller that sells a book you disagree with, you have to abandon reading books.

        Have you made any attempt to contact these booksellers, or the book's publisher to voice your disapproval, or is this simply a lot of hullabaloo over nothing, confined to the obscure corners of the Monastery? Though I consider the quest you're on to be misguided, that's secondary in significance to the fact that you're going about your protest in one of the least effective ways possible. Nobody outside of a few hundred Monasterians even care about a lone opinion expressed in some highly specialized website. If you're going to lead the siege against every bookseller that carries a book you disapprove of, at least do it in a way that gets some positively reinforced attention... and have the gumption to contact those groups you're protesting against so they'll know where you're coming from. Amazon.com probably doesn't read Perlmonks.


        Dave

        The reason we publish security information is to help people be more secure. Sometimes that includes information that could help bad people do bad things.

        My point is very simple.

        It's naive to think that hiding information that could help people be safe will prevent danger.

        That's why I publish articles on security, alerts on bugs and possible exploits in programs, and techniques for writing secure code.

        Now I'm not naive enough to think that no one will use this information for harmful purposes — hey, some people spider Safari, bundle up books into PDF collections, and sell them — but I'm going to encourage people to do the right thing. I'm going to help them find the information they need to protect their information and equipment. If they choose to do bad things with it, that's their problem. Hopefully enough people will have learned and applied the lessons that the bad people won't do much damage.

        You don't know what kind of disclaimers this book has. (Spidering Hacks has a big disclaimer that says "Do the right thing. Ask first. Be polite. Be smart.") You don't know what's in it. You haven't read any sample chapters. You're making wild accusations without facts. You're misinformed about the copyright issue and you're tilting at a windmill here.

        Hey, that's your choice. Have at it.

        If you want to be morally consistent, though, you should probably also boycott everything O'Reilly's ever touched. It's a long list, though, and it includes this site.

Re: Boycott O'Reilly
by Arunbear (Parson) on Jan 23, 2004 at 09:33 UTC
    Wassercrats, many thanks for starting this thread. Can you guess what my next order from Amazon will be? {hint} :-) && ++
      Ok, your reasoning is sound, so I guess you should.
Please end this thread
by antirice (Priest) on Jan 23, 2004 at 19:37 UTC

    Wassercrats, I know you're very busy trying to respond to all of the other replies to your OP so I'll try to be brief.

    You have a strong conviction that what O'Reilly is doing is immoral and a disservice to society. You believe that you are providing society with a service by bringing to to the attention of others. For this, I applaud and thank you. You seem to have an unquestioning stance on your belief and for that I admire you. We've attempted to provide well-reasoned replies to your posts, some more confrontational than others, and you've rejected all of them. After reading your last reply, I'm rather certain of this. I must now ask you: can we agree to disagree? =)

    To my fellow monks, Wassercrats's beliefs are deeply rooted. All of the replies thus far have produced no change in his position. Please consider that before responding to any other replies in this thread. Wassercrats seems to be on a destructive path with the only victims being his XP and his reputation here at the monastery. Have pity on him and let what you see as self-evident to come to him as he continues to learn. With regard to your voting practices in the future, please don't get into the habit of reputation-voting Wassercrats. As with anyone, read what he says and allow the merit of the content to determine the way you vote.

    Update: Ugh, that was pretty cheesy. That's the last time I post anything after being deprived of that much sleep. Anonymonk, thanks =)

    antirice    
    The first rule of Perl club is - use Perl
    The
    ith rule of Perl club is - follow rule i - 1 for i > 1

      Wow, completely content free AND takes up a great deal of room.

      Congrats, that's an excellent way to point out the problems in the Perlmonks moderation system.

Re: Boycott O'Reilly
by Anonymous Monk on Jan 24, 2004 at 19:39 UTC

    This post is Pathetic.

    It shows a complete ignorance of everything from scientific history to computer security to the open software you claim to support.

    After you display this ignorance you proceed to bash one of the best, if not the best, companies out there that supports an open, educational process.

    Do a little research next time before you post such garbage. You can start here, here, here, and here

Re: Boycott O'Reilly
by december (Pilgrim) on Aug 03, 2004 at 03:43 UTC

    If you can't hack it, you can't secure it. We have this expression in the Dutch language: the worst poachers become the best foresters. I'm making my living now with securing networks, all knowledge I would have learned if I wouldn't have found anything on the 'net. Actually, I own zero books on Unix, Posix or system administration, and didn't pay for any of my software, so I'm very grateful for whatever knowledge is shared online.

    Besides, the cat is out of the bag a long time already; look for phrack on your search engine of choice - excellent learning resource.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://323102]
Approved by Zaxo
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (5)
As of 2014-09-20 10:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (158 votes), past polls