[Arm-netbook] Side-Topic: Liberating PocketCHIP

David Niklas doark at mail.com
Mon May 29 22:48:06 BST 2017


On  Mon, 8 May 2017 16:38:22 +0100
Luke Kenneth Casson Leighton <lkcl at lkcl.net> wrote:
> On Mon, May 8, 2017 at 4:23 PM,  <ronwirring at safe-mail.net> wrote:
> 
> > Is it common to do something like this against a person?  
> 
>  in the unethical business world?  of course it is!  mostly you don't
> get to hear about it, but software libre developers are different.
> they're not beholden to anyone, they're not corporate slaves, they're
> not controlled and they are entitled to speak their mind.
> 
>  consequently they get attacked.  especially if some fucker deems that
> their "profit" is threatened.
> 
> for example: there was some discussion back in 1999 as to whether
> microsoft would ever take out a contract on my life, when i was doing
> the reverse-engineering of NT domains.  consequently i decided that
> the research that i was doing had best be presented responsibly to
> them as "security vulnerabilities", presented PRIVATELY to them (as a
> responsible security researcher does) and only later disclosing them
> if they didn't fix the problems in a reasonable timeframe.
> 
>  and that's why ISS hired me.  the strategy that i deployed worked.
> one microsoft employee actually called ISS up asking them to fire me.
> ISS declined, pointing out that i was quite likely to get very pissed
> off, and would they prefer me inside pissing out or outside pissing
> in?  they're absolutely right: i would have worked really really hard
> to release one devastating public zero-day security vulnerability -
> with full exploit code - every few days for several months, if they'd
> fucked with me.
<snip>
I am just a tad confused.
1. You started a reverse engineering project on NT domains.
2. You presented your success to MS as a security problem.
3. You were hired.
4. Someone in MS complained.

So, the FLOSS folks never saw your work anyway?

Thanks,
David



More information about the arm-netbook mailing list