FreeVeracity: Network Intrusion Detection

Ross Williams writes: "FreeVeracity is a new free intrusion detection tool for free platforms (GNU/Linux, FreeBSD, NetBSD, OpenBSD, etc.) that uses cryptographic hashes to detect file changes that may indicate a network intrusion. FreeVeracity can be run standalone or in a client/server configuration (on TCP port 1062) that enables you to monitor the integrity of hundreds of computers from a single point. FreeVeracity is also an excellent general-purpose data integrity tool with over ten different applications. FreeVeracity is released by Rocksoft, vendor of the Veracity data integrity tool used to secure the networks of leading global companies in finance, communications, transport, aerospace, power generation and defence. FreeVeracity is released under the Free World Licence which provides all the usual free-software freedoms, but for free platforms only." Looks useful.

When amazon is cracked, people fry. What of me?

[SlushDot]

Why is it that whenever [big internet site] is cracked, many 3 letter agancies "go after" the crackers with a great zeal and spend millions to try them, and sieze their hardware, and bar them forever from a career in computers....

Yet when my box is cracked and my credit card numbers stolen, etc., calling anyone (police, FBI, etc.) gets a "why are you bothering us? You're lucky we don't prosecute *you* for wasting our time with such trivialities." attitude?

Is cracking illegal or isn't it? Who do I report it to when I'm hit? What gov't/state/municipal entity defends me as defends amazon or CNN?

Re:When amazon is cracked, people fry. What of me?

[v4mpyr]

Your best bet would be to head over to SecurityFocus and get on their ``Incidents'' mailing list. Give a thorough explanation of everything you know along with any recoverable (and relevant) logs. There's hundreds, if not thousands of security professionals on that list who would gladly help you out.

Re:Freeworld Licence

[0xdeadbeef]

How do they indend on enforcing this "Free World" license? If you've got source, you can port. If it's really free software, how can they stop you from distributing that port? "Oh, these windows ifdefs? Those are for running it under WINE, a bona-fide certified justified free software application that runs under free operating systems."

Doesn't this just become another shrink-wrap license? I think most of us are not idelogically opposed to copyright per se, but are opposed to selling things with strings attached, aka "licensed", because of the obnoxious power it gives vendors over how we use the things we buy. Even the GPL doesn't tell you how you must use a program, it simply says "give back what we hath given you".

This license is foul, for that reason, and because it almost seems to willingly encourage relegating free operating systems to the hobbyist niche. It basically says you can make a profit on your work through traditional licensing frees, and toss a bone to free software enthusiasists at the same time. But what happens to your profit when free operating systems become the norm? If your revenue model is dependent on selling to proprietary platforms, you've screwed yourself by promoting free platforms. So you won't promote those platforms. In fact, why even release a free version at all?

Re:Free World Licence

[Peter+Eckersley]

If it's free only for free OS's, then it's non-free if you go by the Debian Free Software Guidelines (as I do).

Before I start this, I should just state for the record that I am a very enthusiastic Debian user, and a wholehearted DFSG & FSF supporter.

I thought for a long time about writng a Free World style license, simply because I resented the fact that Windows users could take almost any Free code I wrote and use it, while I couldn't use closed source Windows programs with anything like the same degree of ease.

Ross Williams (author of the Free World license) states on his Free World pages that he sees the only difference between his approach to licensing and that of the GPL as "strategic". One approach to freeing the world's software is to exclude non-free platforms from using the free code base that we have created; the other is to entice users away from the proprietary software by showing them what wonderful free programs were available.

Eventually, I came round to agreeing with RMS on this. I guess the key points that convinced me were:

• You are restricting trapped users of non-free platforms in rather unpleasant ways
• More importantly, you are encouraging an incompatible world. This is not only an unpleasant situation, but it may be strategically very unwise for the free software movement...

I guess that having said those things, there could be some arguments for using this sort of license for "convenience" code, rather than "essential" code. If your application has no potential to be a source of incompatibility, then it could be acceptable to make it only avaialable to users of Free platforms.

Sometimes a little editorializing is good

[Ledge+Kindred]

Like for example, it would have been nice to see this "article" prefaced with the text:

"This looks a whole heck of a lot like an Ad from Veracity, but the product still looks like it might be worthwhile to check out. Sorry for the blatant advertising in what's ostensibly an interesting technical story."

-=-=-=-=-