From owner-freebsd-security Tue Sep 28 20:55:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 15E2514C7F for ; Tue, 28 Sep 1999 20:55:34 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id XAA96944; Tue, 28 Sep 1999 23:58:01 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199909290358.XAA96944@cc942873-a.ewndsr1.nj.home.com> Subject: Re: dump(8) Insecurity/Misconfiguration In-Reply-To: <199909280707.AAA14136@gndrsh.dnsmgr.net> from "Rodney W. Grimes" at "Sep 28, 1999 00:07:14 am" To: freebsd@gndrsh.dnsmgr.net (Rodney W. Grimes) Date: Tue, 28 Sep 1999 23:58:01 -0400 (EDT) Cc: cjclark@home.com, Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group), dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [My last post on this. I promise.] Rodney W. Grimes wrote, > > Rodney W. Grimes wrote, > > > ... > > > > "Companies are permitted to use this program as long as it is not used for > > > > revenue-generating purposes. For example, an Internet service provider is > > > > allowed to install this program on their systems and permit clients to use > > > > SSH to connect; however, actively distributing SSH to clients for the > > > > purpose of providing added value requires separate licensing. Similarly, > > > > a consultant may freely install this software on a client's machine for > > > > his own use, but if he/she sells the client a system that uses SSH as a > > > > component, a separate license is required." > > > > > > > > I'm no lawyer, but it seems like using SSH for helping with dumps > > > > would fall well within this license since backing up files does not > > > > really generate much revenue for us. > > > > > > I'm not a lawyer either, but I'll play the advocate here and show > > > you why you are at risk. First, you used the word ``much'' in the > > > above sentence. _Any_ is _some_ and is _not_ none, henceforth you > > > violate ``not used for ...''. > > > > I forgot the Smiley. I meant 'much' sarcastically, as in, doing > > backups generates no revenue. In fact, it costs us money. > > I think you need to examine your business financial/risk model again. > Backup systems have a calculable ROI, if they didn't you wouldn't need > one at all.... if you need someone to show you how to calculate this > ROI contact me off list. A Return On Investment is revenue by definition, > hence forth backup systems are ``revenue generating'' (Note the missing > hyphen in that). Wow, backing up systems generates revenue. Amazing, I think I'm going to quit my job at work and just sit at home repeatedly backing up my HDD and watch the revenue roll in. Last time I looked at how accountants define 'revenue' it was simply gross income. Doing backups does not generate income. Sure, it can prevent some loss of income, and in some economic perspectives, avoiding a loss is just like making gain (a penny saved is a penny earned). But on the accountant's ledger, which is where 'revenue' has a real-life meaning, they are definately not the same. Backups cost money, they do not generate revenue. To use an analogy that you brought up in another post, doing backups is like buying insurance... and I don't see how anyone can argue that paying for insurance is a revenue generating activity. It is a cost. It is a cost that reduces risk of incuring losses, but it is a cost. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message