Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Boycott O'Reilly

by Wassercrats
on Jan 22, 2004 at 06:38 UTC ( #323102=perlmeditation: print w/replies, xml ) Need Help??

First they disobey copyright regulations and post-copyright one of their books (at least), which will make it appear less out of date in the future (fraud), and now I see in their latest catalog that they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers, based on their own description. Here's what a review said that I found on the web:
Pros
Clear and easy to understand as long as you have some background already
Provides detailed information on types of exploits and writing exploit code
Gives the reader the nuts & bolts instead of an overview

Cons
Too technical for beginners

The Bottom Line - This book is almost like a "Part 2" for many of the other hacker technique genre such as Hacking Exposed or Hack Attacks Revealed. Jon Erickson gives more detail for the intermediate to advanced readers including in-depth looks at stack and heap overflows and other types of vulnerabilities as well as instructions for creating exploit code for these flaws rather than just using exploits developed by others. This is a great book as long as you have some background in this field already.
...
Rather than simply describing the vulnerabilities and their exploits theoretically or showing you how to use pre-existing tools to exploit the vulnerabilities, Jon Erickson provides the nuts & bolts you need to learn how to program your own exploit code.

I don't think O'Reilly is the publisher, but they included that and other hacking books in their latest catalog. There are other publishers out there. I'll be avoiding O'Reilly in the future.

...Yes, I know I left out some information.

Replies are listed 'Best First'.
Re: Boycott O'Reilly
by davido (Cardinal) on Jan 22, 2004 at 07:00 UTC
    Boycotting a publisher (depriving all of its fine authors of their due royalties) because they chose to use the word "hacks" or "hacker" in one of their books? How silly, especially since we all aspire to be Just another Perl hacker.

    Hacking doesn't necessarily carry with it a negative connotation. It is a common misconception to see "hackers" as the Wargames Kid. A true hacker is one who strives to hone his skill as a programmer / systems administrator. The direction in which he applies his hacks has no bearing on the fact that a hacker is a hacker, for good, bad, or indifference.

    Hacker, Hack, Hacking, etc. is a connotation-neutral word.

    If the book in question (whos exact name you didn't give, and whos actual publisher you didn't list) is truely a cookbook for systems cracking, it might be seen as irresponsible that it's been published (though I kind of disagree). But I don't think that you (nor I) have read the book, and therefore aren't qualified to comment on its content. One observation that can be made, however, is that even if it is a recipe book for system cracks, most of that info is already publically accessible from CERN, linux/unix security alert mailing lists, Microsoft security alert lists, etc. The information is publically available from responsible, legitimate sources.

    As for the copyright dating issue, remember, in the world of periodical magazines, you always receive the July issue in June, the June issue in May, etc. Automobile manufacturers release their 2004 model cars in fall 2003.


    Dave

Re: Boycott O'Reilly
by bmann (Priest) on Jan 22, 2004 at 07:41 UTC
    ...Yes, I know I left out some information
    And possibly invented some?

    Based on the pros and cons you posted, this looks like the review you are looking at. This review of a book called "Hacking - The Art of Exploitation" is a word for word match with your quote.

    First of all, it is not an O'Reilly book, it is published by NoStarch Press. Second, I don't think we should condemn O'Reilly for offering this book for sale. I searched their website for both the book and the author, and yes they are selling it - but your local bookstore might just carry it, or maybe something more malicious.

    Anyway, this book isn't related to their "Hacking" series - which isn't about breaking into computers and networks, it's about taking something to its limits - Google Hacking means using Google to the fullest extent, for example.

    I can't speak for the post-copyright accusation, but based on the facts above I think this rant needs to be retracted.

    B

      thanks bmann

      mmm.. love that selective quoting Wassercrats, here are the bits you decided not to include...

      Description

      • If you have read Hacking Exposed or Counter Hack- this is the next book you should check out
      • Detailed coverage of string vulnerabilities, stack overflows, heap overflows, and more
      • Shows you how to analyze these vulnerabilities and create your own exploit code
      • A must-have book for vulnerability and penetration testing- clear, concise and informative

      Guide Review - Book Review: Hacking- The Art of Exploitation

      People often talk about whether the hacker technique genre of books such as Hacking Exposed, Hack Attacks Revealed or Counter Hack actually do more to teach the next generation of hackers and crackers than they do to help educate people about security. Those books don't go to nearly the depth that Hacking: The Art of Exploitation does.

      Jon Erickson picks up more or less where those other books leave off. He provides a look at techniques and tools used by hackers as well, but he also gives a more comprehensive look at stack overflows, heap overflows, string vulnerabilities and other commonly exploited weaknesses.

      Arguably, this information could very well be used by a hacker wannabe to learn how to break into machines illegally. However, like the other hacker technique genre books, the purpose is to educate so that we can better protect ourselves from such hackers.

      Armed with the information in this book you can actively develop your own exploit code to conduct vulnerability and penetration testing- the results of which could be very valuable in helping to secure your networks and computers.

      This is an excellent book. Those who are ready to move on to Level 2 should pick this book up and read it thoroughly.

      you're into politics, eh.. never would have guessed..

      cheers,

      J

      First of all, it is not an O'Reilly book, it is published by NoStarch Press.

      Not that I agree with the OP at all. As I matter of fact, I think it's very much a Hanlon's Razor sort of thing.

      Back to the NoStarch Press thing - they do have some type of major business relationship with OReilly. From nostarch:

      Beginning January 1st, 2004 our US distributor is O'Reilly & Associates (www.oreilly.com). O'Reilly represents No Starch Press books to all major wholesalers (Ingram, Baker & Taylor, Bookazine, Koen, etc.), national chains and independents, online booksellers, and academic and technical bookstores, as well as directly to consumers through direct marketing and trade shows.

      -derby
Re: Boycott O'Reilly
by BUU (Prior) on Jan 22, 2004 at 06:48 UTC
    Lets boycott the internet as well because there is 'hacking related' material on it. Lets boycott the library because they have books on chemicals. Lets boycott colleges because they teach chemistry. Etcetera.
      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Boycott O'Reilly
by Abigail-II (Bishop) on Jan 22, 2004 at 09:29 UTC
    First they disobey copyright regulations
    Proof? References?
    post-copyright one of their books
    Proof? References?
    they are selling a hacking book
    Yes, and? How's that more different than selling a book about lock-picking?

    What's your point?

    Abigail

      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Boycott O'Reilly
by kodo (Hermit) on Jan 22, 2004 at 07:37 UTC
    Uhm well so what's your point finally? You said that they'll publish a book about "hacking" but you didn't tell us why that should be a reason to boycott them...
    I like O'Reilly books and I like hacking. And I don't see anything bad about publishing books about "howto hack". If you're not skilled anyway you also won't be able to write exploits after reading such a book.
    Also if you think keeping the web secure means to avoid any information-sources about howto write exploits you have a really stupid idea about how security should work.
    It's even positive for security that such information is available and the more widely it's spread the better. Why? Because programmers maybe start to think more about howto avoid exploitable code when they know how it could be exploited...
Re: Boycott O'Reilly
by theorbtwo (Prior) on Jan 22, 2004 at 07:01 UTC

    Hm. You make a completely non-backed up accusation of fairly minor violations to the copyright statement, and attack them for /gasp/ publishing content. I'm downvoting you.


    Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

Re: Boycott O'Reilly
by adrianh (Chancellor) on Jan 22, 2004 at 08:54 UTC

    -- Wildly inaccurate accusations and nothing to do with Perl.

Re: Boycott O'Reilly
by antirice (Priest) on Jan 22, 2004 at 15:07 UTC

    Wassercrats, wtf? Did you actually read the entire text of the copyright basics page when you first complained about O'Reilly? Copyright notices are optional. They may appear at the discretion of the copyright holder. Furthermore, the copyright is usually held for the duration of the author's life plus an additional 70 years unless the work was done for hire which would make the copyright good for 95 years from publication or 120 years from creation, whichever is shorter. Also, there was a sentence right before the text that you cut and pasted that was very important. It said:

    The notice for visually perceptible copies should contain all the following three elements: (Emphasis mine)

    Do you understand the difference between using the word should and using the word must? Where's the problem? What are you bitching about? That you won't be able to distribute copies of the book without someone suing you for 95 years instead of 94 years? Write a note for your grandchildren.

    And now on to this business about the hacking book. Have you ever heard the saying "Don't judge a book by its cover"?

    they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers

    This rant about the hacking book is hilarious. You see the words "hacking", "exploit", and "vulnerabilities" and you start running around with your tinfoil hat suitably adjusted and start warning all the locals that a great evil is contained in a book you've never read. Software vulnerabilities are very real. Knowing how to find vulnerabilities and testing their severity is a very valuable skill to possess. This book seems to cover some of these topics. I believe I may have to check it out.

    antirice    
    The first rule of Perl club is - use Perl
    The
    ith rule of Perl club is - follow rule i - 1 for i > 1

Re: Boycott O'Reilly
by chromatic (Archbishop) on Jan 23, 2004 at 01:49 UTC
    First they disobey copyright regulations and post-copyright one of their books (at least), which will make it appear less out of date in the future (fraud),

    You miss several points:

    • It takes time to print and ship a book, much less produce, edit, and write it.
    • Copyrights expire at the end of a year, as far as they can be said to expire at all.
    • Copyrights start at the point of creation of a work.
    • The date in a copyright notice in a book is just a notice. Copyright protection starts from the origination of a copyrightable work, though it can be registered formally with the copyright office.
    • I have heard copyright lawyers make the argument that a book published on December 31, 2003 would not receive a full year's copyright protection because of the end of year cutoff, so there is a year's variance in publication dates for book. I have not been able to confirm this in twenty minutes of digging in the U.S. code, nor would I take legal advice from the Internet.
    • O'Reilly uses Founder's Copyright anyway.
    I see in their latest catalog that they are selling a hacking book that sounds like it's geared to the scumbag variety of hackers

    Spidering Hacks could be used to develop programs that harvest e-mail addresses, perform DDoS attacks, mirror sites without permission, forge information, crack authentication schemes, and other nasty things.

    Then again, if you try to make it impossible for bad guys to do bad things, you'll likely only prevent the good guys from doing clever things.

      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Boycott O'Reilly
by Coruscate (Sexton) on Jan 22, 2004 at 11:22 UTC

    Just for completeness and just so I can one day say hey, I took part in that "discussion"!:

    'hack' ne 'crack'

Re: Boycott O'Reilly
by hardburn (Abbot) on Jan 22, 2004 at 14:27 UTC

    You are disparaging what is certianly the most popular publisher in the Free Software world, and which became that way by offering a consistantly solid line of books. Any call as extreme as a boycott should be backed up by a solid argument.

    O'Reilly has made mistakes. Their clustering book was a disaster (I've heard rumors that the editor that approved it for publishing was fired for it). In all, though, they can be forgiven because of their use as an overwellmingly useful source of technical information.

    I clicked on this node with the view twards giving the information presented a fair, objective opinion. However, the arguments you present do nothing to presuade me.

    On "Hacking" books: if a bunch of script kiddies actually buy it, good. At this point, getting those kids to read any book is probably a good thing. In any case, I doubt the kiddies would spend money on such a book when free Internet resources will suffice for their purposes. They don't really want to learn about computers, just cause damage with them (no more, really, than the inner-city graffiti artist cares about the details of the paint they use). So this book is really more than they're looking for, and they don't want to waste time or money on information they don't want.

    What it is useful for is security researchers and people who truely want to learn. Two sets of people, often overlapping, that should be encouraged in their endeavors.

    On copyright problems: try finding a publisher (technical or not) that doesn't post-copyright some of their books. It's usually books published twards the end of the year, and the copyright date is given for the next year. This practice is so widespread in the industry that if you were to boycott every publisher that did it, you could hardly buy any books at all. Yes, it's illegal and a little deceiving, but is largely ignored.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

Re: Boycott O'Reilly
by xenchu (Friar) on Jan 22, 2004 at 13:46 UTC

    Remember the Masked Magician? He did a series of specials on television in which he exposed a good many magical acts, demonstrating exactly how they worked. The reason he did, he said, was to force magicians to create new tricks.

    My point is that this is an analogous situation but not aimed at crackers. The book is, IMO, trying to force those responsible for system security to create new tchniques to thwarth crackers.

    At any rate, Crackers don't use books from what I have heard. They go online, talk to others and download scripts if they are beginners. They don't need no steenking books. I, on the other hand, intend to get a copy as soon as I can. The information will be useful to lessen the number of mistakes I make. Any book that does that is a valuable commodity as far as I am concerned.

    Wassercrats, I appreciate you bringing this subject up. Now I know it is a book worth buying and where to get it.

    xenchu


    The Needs of the World and my Talents run parallel to infinity.
Re: Boycott O'Reilly
by castaway (Parson) on Jan 22, 2004 at 11:25 UTC
    Assuming you're against it because you're of the opinion that 'hacker' means 'bad guy', try reading up on the subject .. (yeah, all links from ESR, such is life).

    In short, a hacker is just a programmer.. *Cracker*s on the other hand, are people who break into things..

    C.

      Assuming you're against it because you're of the opinion that 'hacker' means 'bad guy', try reading up on the subject .. (yeah, all links from ESR, such is life).
      Blech. That's not how natural languages work. Words don't get defined and then never change meaning. New words are created every day. Words fall in disuse all the time. Words change meaning, or get a new meaning next to the old one. Dictionaries describe current and historic usage - they follow the evolution of a language, they don't lead the way.

      For many people "hacker" means "bad guy". Regardless how much ESR writes, that means that (the|a) meaning of "hacker" is what "cracker" means as well.

      Abigail

Re: Boycott O'Reilly
by talexb (Canon) on Jan 22, 2004 at 15:41 UTC

    The fact that I'm grateful to O'Reilly for publishing a terrific catalogue of books has nothing to do with the fact that you've written a poorly documented node on a non-Perl issue. I therfore downvoted your original node.

    In addition, I think you're missing the point here: in the open source world that we now live in, publicizing these kind of exploits will let the 'white hats' test their own systems and do something about making them more resistant to attacks from the 'black hats'.

    In future, I recommend more research and fewer accusations. I hear that in Texas they have a saying, Be sure that your words are soft and sweet in case you have to eat them some day. Wise words.

    Alex / talexb / Toronto

    Life is short: get busy!

Boycott O'Reilly? Let's not..
by shotgunefx (Parson) on Jan 22, 2004 at 18:18 UTC
    Let's not... Security is all about understanding vulnerabilities. How can you protect yourself from something you don't understand?


    -Lee

    "To be civilized is to deny one's nature."
Re: Boycott O'Reilly
by jonnyfolk (Vicar) on Jan 22, 2004 at 15:56 UTC
    It's laughable really, but makes me shudder inwardly, that most of the cries ever heard to "burn the books" were from people who had never even read them. I look at the original post and my thoughts go to Iran and the Hostage Crisis, to Mao's Cultural Revolution, to Kristalnacht and to all mobs out there incited by this kind of ignorance.

    I don't care that you don't like the book or what it stands for - I just wish you had read it before denouncing it...

      most of the cries ever heard to "burn the books" were from people who had never even read them.
      I've read some O'Reilly books which I think should be burned. ;-). Of course, that has all to do with the quality (or rather the absense of quality).

      Abigail

        But I fear that at any rate you would only burn your own copy - so much for the Revolution...
Re: Boycott O'Reilly
by bradcathey (Prior) on Jan 22, 2004 at 14:22 UTC
    Egads! Unbelievable OP. All I can say, adding to the wonderful replies above, is: 1) what's wrong with hackers? Oh, how I long to be one; 2) ever heard of the 1st Amendment? O'Reilly is US; 3) and with all the stuff that really should be boycotted, why even think of boycotting a company that publishes some of the finest tomes on programming and related topics in the world, first class stuff. Too difficult for beginners? Well, there's always the Visual Quickstart Guides {tongue in cheek}.

    —Brad
    "A little yeast leavens the whole dough."
      <peeve type = "pet">
      ever heard of the 1st Amendment? O'Reilly is US;
      Yes, what about it? The first amendment is waved like a magic wand all the time, most of the time unappropriately. Let me quote it for all those non-US people (all US people do know the text, don't they? (cynical laughter)).
      Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
      Pay attention to the first word. Is it involved here? Nope. Can we then wave with the first amendment? Sure, but it doesn't have any more effect than waving some blank papers, all it does is making a small breeze.
      </peeve>
      why even think of boycotting a company that publishes some of the finest tomes on programming and related topics in the world, first class stuff.
      Eh, this was about boycotting O'Reilly. Not companies that publish the finest tomes on programming. ;-)

      Abigail

        Okay, okay Abigail-II and hardburn. My bad-- I also normally cringe when people trot out the 1st admendment. Just like when I hear the words," separation of church and state" which is not in the Constitution, period. So your points are well-taken, my points: O'Reilly can do what they want and when you have that large of a body of work, leave 'em alone.

        Big question: I wonder if the W3 is gonna support the new tag <peeve.... Abigail-II continues to amaze...she closed the tag.

        —Brad
        "A little yeast leavens the whole dough."

      ever heard of the 1st Amendment?

      Adding to what Abigail-II said, the 1st Amendment only applies to the government. Individuals have the right to choose to stop buying from a company for any reason they want, and have a right to pursuade others to do so (which is also protected under the 1st Amendment). As it happens, the rest of us have a right to think Wassercrats is a kook and likewise pursuade others to do so.

      ----
      I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
      -- Schemer

      : () { :|:& };:

      Note: All code is untested, unless otherwise stated

        Individuals have the right to choose to stop buying from a company for any reason they want
        According to a quick reading of some stuff here:http://www.bxa.doc.gov/antiboycottcompliance/oacrequirements.html there is legislation penalizing US citizens or corporations for participating in unsanctioned (by Uncle Sam) boycotts led by foreign governments and requiring reporting to the US of requests to honor such a boycott.

        Scary stuff.

Please end this thread
by antirice (Priest) on Jan 23, 2004 at 19:37 UTC

    Wassercrats, I know you're very busy trying to respond to all of the other replies to your OP so I'll try to be brief.

    You have a strong conviction that what O'Reilly is doing is immoral and a disservice to society. You believe that you are providing society with a service by bringing to to the attention of others. For this, I applaud and thank you. You seem to have an unquestioning stance on your belief and for that I admire you. We've attempted to provide well-reasoned replies to your posts, some more confrontational than others, and you've rejected all of them. After reading your last reply, I'm rather certain of this. I must now ask you: can we agree to disagree? =)

    To my fellow monks, Wassercrats's beliefs are deeply rooted. All of the replies thus far have produced no change in his position. Please consider that before responding to any other replies in this thread. Wassercrats seems to be on a destructive path with the only victims being his XP and his reputation here at the monastery. Have pity on him and let what you see as self-evident to come to him as he continues to learn. With regard to your voting practices in the future, please don't get into the habit of reputation-voting Wassercrats. As with anyone, read what he says and allow the merit of the content to determine the way you vote.

    Update: Ugh, that was pretty cheesy. That's the last time I post anything after being deprived of that much sleep. Anonymonk, thanks =)

    antirice    
    The first rule of Perl club is - use Perl
    The
    ith rule of Perl club is - follow rule i - 1 for i > 1

      Wow, completely content free AND takes up a great deal of room.

      Congrats, that's an excellent way to point out the problems in the Perlmonks moderation system.

Re: Boycott O'Reilly
by Anonymous Monk on Jan 24, 2004 at 19:39 UTC

    This post is Pathetic.

    It shows a complete ignorance of everything from scientific history to computer security to the open software you claim to support.

    After you display this ignorance you proceed to bash one of the best, if not the best, companies out there that supports an open, educational process.

    Do a little research next time before you post such garbage. You can start here, here, here, and here

Re: Boycott O'Reilly
by coreolyn (Parson) on Jan 22, 2004 at 15:36 UTC

    I think most of my thoughts have been well voiced by others.. espcecially Abigail-II ( You go g.. You go! ). For some of us hacking was what got us into this hobby/career.. Yeah I downvoted you, wish I could have done it more than once. At least the negative value of this node is entertaining. If it weren't for that it'd just be an embarrasment.

Re: Boycott O'Reilly
by Arunbear (Prior) on Jan 23, 2004 at 09:33 UTC
    Wassercrats, many thanks for starting this thread. Can you guess what my next order from Amazon will be? {hint} :-) && ++
      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Boycott O'Reilly/ORA's been good to me!
by jacques (Priest) on Jan 22, 2004 at 16:22 UTC
    Oh man, ORA's been treating me good lately. I always get free books from them, because of my user group. Marsee Henon sends me tons of stuff. She's like Santa Claus. I love ORA. Also the company seems to be very supportive of open source. I give them two thumbs up.
Re: Boycott O'Reilly
by rir (Vicar) on Jan 22, 2004 at 18:06 UTC
    First they disobey copyright regulations

    You seem to be arguing that we should equate "illegal" with "immoral." I am saddened.

    Be well.

Re: Boycott O'Reilly
by december (Pilgrim) on Aug 03, 2004 at 03:43 UTC

    If you can't hack it, you can't secure it. We have this expression in the Dutch language: the worst poachers become the best foresters. I'm making my living now with securing networks, all knowledge I would have learned if I wouldn't have found anything on the 'net. Actually, I own zero books on Unix, Posix or system administration, and didn't pay for any of my software, so I'm very grateful for whatever knowledge is shared online.

    Besides, the cat is out of the bag a long time already; look for phrack on your search engine of choice - excellent learning resource.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://323102]
Approved by Zaxo
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (6)
As of 2018-11-21 17:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My code is most likely broken because:
















    Results (245 votes). Check out past polls.

    Notices?