If The BSA Is So Sure Companies Would Pay For Software, Why Did It Use Free Webserver Software?
from the well,-look-at-that dept
We recently did our latest debunking of the BSA's latest laughable report on "piracy" of software and its impact on the economy and jobs. We have to do this every few months, as the BSA continues to trot out the same laughable and debunked analysis, including the flat-out ridiculous idea that every unauthorized copy is a $1 for $1 lost sale. A few years ago, when a BSA VP and IDC VP called me up to defend the report, they insisted that "their research" showed the $1 to $1 ratio was pretty accurate, insisting that companies who need software really want proprietary software, and that open source or other alternatives generally aren't what they're looking for.Of course, most people know better than this, but a recent Matt Asay column highlights how more and more of the world moves to open source and cloud-based solutions could seriously change that equation. In it, there's a lovely tidbit about how much the BSA itself doesn't seem to believe its own claims about open source software -- or, even that good software is worth paying a license for:
Ironically, the BSA has discovered one of the few ways to "pirate" open-source software, and is apparently an advocate. The BSA's website apparently runs on Red Hat Enterprise Linux clone CentOS. Surely a license-respecting organization like the BSA would want to pay full freight for a RHEL license rather than undermine Red Hat by choosing CentOS? Evidently not.Yes, so even in a case where the BSA itself can pay for a nice open source license, it chose to go with a free version instead. This is, of course, perfectly legal. But it seems pretty ridiculous that the BSA would claim that others wouldn't do what it seems to have done. That said, as you look into the details, it appears that the main BSA site does, in fact, run on Microsoft IIS (I'm sure with a nice license from BSA favorite member, Microsoft). The site that was claimed to be on CentOS was a separate "educational" (and I use that term loosely) site called b4usurf.org (gotta love the attempt to sound relevant using txt-spk). Oddly, I can't find any info on what that site now runs on Netcraft. Anyone have a better way of figuring this out?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: free, licensing, open source, software
Companies: bsa
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Basic Information
Site being probed: http://www.b4usurf.org/
Web Server: Apache/2.0.52 (CentOS)
[ link to this | view in chronology ]
Re:
Apache/1.3.33 (Unix) PHP/5.2.12 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7g
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
not an open book
And even the public facing servers (or proxies) can spit out whatever string info it wants (though there might be other ways to guess better at the server type.. keeping in mind it could be a custom brew very difficult to identify).
[ link to this | view in chronology ]
Re: not an open book
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Fingerprinting web servers
You asked how to check the web server/OS brand. Keeping in mind, of course, that software can easily be made to lie, do this from a command prompt:
telnet b4surf.org 80
It will tell you about an escape character, and let you type things. Now, type this:
HEAD / HTTP/1.0
Followed by two(2) carriage returns. Most of the time, you'll see something like this:
HTTP/1.1 200 OK
Date: Thu, 30 Sep 2010 15:29:05 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Mon, 03 Apr 2006 05:47:11 GMT
ETag: "8d47e5-509-526435c0"
Accept-Ranges: bytes
Content-Length: 1289
Connection: close
Content-Type: text/html
That "Server" header is the one you're interested in.
Again, web servers, mail servers, etc. can, and do, lie about what they are. You can get a more reliable idea of operating systems, sometimes, by learning to use nmap, and I'll leave that explanation to an nmap tutorial you can easily find online if you want to spend time on it.
[ link to this | view in chronology ]
B4USurf.org is fun
Say what now?
[ link to this | view in chronology ]
full nmap output
~ (890) nmap -A b4usurf.org
Starting Nmap 5.00 ( http://nmap.org ) at 2010-09-30 16:01 EDT
Interesting ports on mercury25.networknoc.com (203.117.89.34):
Not shown: 990 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.0
53/tcp open domain ISC BIND 9.2.4
80/tcp open http Apache httpd 2.0.52 ((CentOS))
| robots.txt: has 8 disallowed entries
| /admin/ /contrib/ /doc/ /lib/ /modules/ /plugins/
|_ /scripts/ /tmp/
|_ html-title: B4USurf - Home
110/tcp open pop3 Courier pop3d
|_ pop3-capabilities: USER STLS IMPLEMENTATION(Courier Mail Server) UIDL PIPELINING APOP TOP LOGIN-DELAY(10)
143/tcp open imap Courier Imapd (released 2004)
|_ imap-capabilities: THREAD=ORDEREDSUBJECT QUOTA STARTTLS THREAD=REFERENCES UIDPLUS ACL2=UNION SORT ACL IMAP4rev1 IDLE NAMESPACE CHILDREN
443/tcp open ssl/http Apache httpd 2.0.52 ((CentOS))
|_ sslv2: server still supports SSLv2
|_ html-title: Default PLESK Page
554/tcp open rtsp?
3306/tcp open mysql MySQL 4.1.22
| mysql-info: Protocol: 10
| Version: 4.1.22
| Thread ID: 992302
| Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection
| Status: Autocommit
|_ Salt: uuj4`ipu{,b.[`OKl]l+
7070/tcp open realserver?
8443/tcp open http Apache httpd 1.3.33 ((Unix) mod_ssl/2.8.22 OpenSSL/0.9.7e PHP/5.0.5)
| html-title: 302 Found
|_ Did not follow redirect to https://mercury30.networknoc.com:8443
Service Info: Host: localhost.localdomain; OS: Unix
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 148.67 seconds
[ link to this | view in chronology ]
[ link to this | view in chronology ]