<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Arial Rounded MT Bold";
panose-1:2 15 7 4 3 5 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:356197310;
mso-list-type:hybrid;
mso-list-template-ids:158507548 791869468 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:Calibri;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Hey Dev list,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Since StoreID and SSL-BUMP are in production I found myself asking:<o:p></o:p></p><p class=MsoNormal>What is proper?<o:p></o:p></p><p class=MsoNormal>Does a specific license means something?<o:p></o:p></p><p class=MsoNormal>Do I want to publish software or code with closed sources or open sources?<o:p></o:p></p><p class=MsoNormal>What is worth encryption or/and securing?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>To understand why I got to these question I must clear something.<o:p></o:p></p><p class=MsoNormal>I don’t think that every piece of code should be seen by just anybody.<o:p></o:p></p><p class=MsoNormal>I believe that there are good reasons out there to encrypt an end-to-end connection with whatever means necessary.<o:p></o:p></p><p class=MsoNormal>Before I delved into my StoreID research I wrote a service that was caching couple very big data providers(audio, video, DB and many other types).<o:p></o:p></p><p class=MsoNormal>It took me couple years to actually sit down for R&D so StoreID would be publicly available.<o:p></o:p></p><p class=MsoNormal>One of the reasons for this is that once it’s out in the open many will try to use and maybe abuse it.<o:p></o:p></p><p class=MsoNormal>For some StoreID and caching is there just there to resolve a bandwidth consumption or overload issue.<o:p></o:p></p><p class=MsoNormal>For others StoreID is heaven of the hackers, crackers and phishers.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>At the time when I published my “Coordinator” R&D which used two Squid instances for de-duplication there was a crucial issue it was targeting.<o:p></o:p></p><p class=MsoNormal>Many companies left their clients and users sensitive data such as login and other details in plain text.<o:p></o:p></p><p class=MsoNormal>YouTube, Facebook and couple other companies had a CDN network that every medium level hacker or phisher could just hijack without the client knowledge.<o:p></o:p></p><p class=MsoNormal>I do believe that Google statistics can be used as power but only in the right hands.<o:p></o:p></p><p class=MsoNormal>The funniest thing is that Google ads for some reason offers me ads for things that I don’t really need and I have no interest in.<o:p></o:p></p><p class=MsoNormal>But this is their business and I can open some sources to show weaknesses in couple systems around the globe but..<o:p></o:p></p><p class=MsoNormal>I want my work to help others earn their living and to not snatch food from a table worthy of it.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Due to the above I have looked at the BSD, GNU and APACHE licenses which are kind of famous in the Open-Source world.<o:p></o:p></p><p class=MsoNormal>I noticed that I mostly want to publish source code under the BSD license(3-clause) but I do want that the GPL type licenses will still exist.<o:p></o:p></p><p class=MsoNormal>I have seen(and correct me if I’m wrong) that there are couple types of BSD software:<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span dir=LTR></span>The Good<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span dir=LTR></span>The Bad<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span dir=LTR></span>The Weird<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span dir=LTR></span>The Ugly<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span dir=LTR></span>…<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Giving someone the joy and happiness of earning what he deserves almost never comes from “Google/Bing/Others foo”.<o:p></o:p></p><p class=MsoNormal>The actual R&D and the stage of understanding what the code does and means is what mainly gives joy or .. pain.<o:p></o:p></p><p class=MsoNormal>Satisfaction is another subject since I have seen pieces of code like “rm -rf /” in the middle of a Makefile script.<o:p></o:p></p><p class=MsoNormal>Was it a typo, maybe malicious?(please share your mind)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I understand that we all get the opportunity for an error but it doesn’t justify doing and meaning bad things.<o:p></o:p></p><p class=MsoNormal>Today I am happy with StoreID and SSL-BUMP since I believe that these who invested time and money have a purpose, a good one.<o:p></o:p></p><p class=MsoNormal>I have code that I wrote which I am protecting and holding the publication since I care if someone will get hurt by it.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I want developers and admins to write good eCAP, ICAP and other pieces of software related and un-related to Squid-Cache.<o:p></o:p></p><p class=MsoNormal>Due to this I decided that I will not publish specific pieces of code, so these who invested time and money will be able to enjoy from their efforts.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I believe that a king worth his name not by having a good brain but by having a good heart… brain is a blessing.<o:p></o:p></p><p class=MsoNormal>When a king sits in a court with Judges I believe he should respond when all the sitting Judges and representatives of both sides finished presenting and interrogating.<o:p></o:p></p><p class=MsoNormal>First the representatives should tell their story then the Judges should react with questions and maybe even interrogation(not only the representatives have this duty).<o:p></o:p></p><p class=MsoNormal>Then and only then and after both sides of the tables finished their actions the time for the king words need to come out.<o:p></o:p></p><p class=MsoNormal>The king is allowed to do whatever he wants but he has the duty of doing and making right…<o:p></o:p></p><p class=MsoNormal>A true king doesn’t take control of a domain and do whatever he wants with it.<o:p></o:p></p><p class=MsoNormal>A true king receives the domain by being worthy of it.<o:p></o:p></p><p class=MsoNormal>Sometimes I see code I can write in 5 minutes but when I see that the writer posted a license I hold my breath and ask myself if it’s right to compose my own piece.<o:p></o:p></p><p class=MsoNormal>When I see encrypted and protected code I hold myself but… I do not like con’s!<o:p></o:p></p><p class=MsoNormal>One of the weird things I have seen is a JS sending pieces of a file bit by bit from the background of the browser into a specific destination.<o:p></o:p></p><p class=MsoNormal>The browser can sit running a day sending data and while the client see no issue with it he actually feeds more and more data to the other side.<o:p></o:p></p><p class=MsoNormal>This is where I got to a decision!<o:p></o:p></p><p class=MsoNormal>I like SSL-BUMP!!!<o:p></o:p></p><p class=MsoNormal>The Squid-Cache project might look like an old piece of software that doesn’t do threading or couple other things but it’s a great piece of code.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I have a ready to use 2018 current YouTube and google video caching and filtering service but…<o:p></o:p></p><p class=MsoNormal>I will not publish the sources yet.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I would like to say thank you to this great Development team of the project that since V3.2 changed attitude from “caching as much as want” to “cache what’s worthy of it”.<o:p></o:p></p><p class=MsoNormal>I believe that many admins now understands more about IT security due to this amazing project.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I would like to hear from you what do you think is not worth publishing.<o:p></o:p></p><p class=MsoNormal>Let say I have a code that can take one of google nodes, what should I do?<o:p></o:p></p><p class=MsoNormal>I can write a code that meets a SPEC\blueprint but is licensed, would it be OK to write a software that does the same but with my original code and license?<o:p></o:p></p><p class=MsoNormal>What is the right way to tell a sysadmin or a webmaster that his site can be compromised?<br>Would hacking the site “symbolically” ie add some text into the site is OK? .. not talking about tearing apart the site, just adding a tiny JS popup like the cookie warning that many sites show?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p class=MsoNormal>Eliezer<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-family:"Arial Rounded MT Bold",sans-serif'>----<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Arial Rounded MT Bold",sans-serif'><a href="http://ngtech.co.il/lmgtfy/">Eliezer Croitoru</a><br>Linux System Administrator<br>Mobile: +972-5-28704261<br>Email: eliezer@ngtech.co.il<o:p></o:p></span></p><p class=MsoNormal><img border=0 width=183 height=69 id="Picture_x0020_1" src="cid:image002.png@01D41A49.EC221B60"><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>