Edits 12 August 2015 19:10 UTC: Added a few more funnies, made a couple modifications to my analogy, and added an additional news link.
I know I haven’t exactly been using this blog much as of late (except for unexpected downtime postmortems), but this is too good to ignore.
As some of you are probably aware, Oracle Corporation‘s Chief Security Officer, Mary Ann Davidson, posted a rather ranty and drively blog post literally calling people who reverse engineer Oracle products “sinners” for violating Oracle’s sacred End User License Agreement, even if the purpose of the reverse engineering was to find security flaws and critical vulnerabilities. As you can imagine, this caused so much uproar another executive had to step in and delete the blog post.
For those of you who don’t work with computers, a good simple analogy is thus: Imagine that you bought a fancy new motorcycle, but you don’t entirely trust the dealership and you want to make sure they put the bike together correctly. But you find in the manual that by purchasing the motorcycle, you agreed to a license agreement that stipulates you may never disassemble or even examine the internals of the bike for any reason whatsoever, because you can absolutely trust that the dealership definitely put it together correctly – and furthermore, that you doing any sort of unauthorized disassembly or examination is opening yourself up to a lawsuit from the manufacturer or, at worst, a criminal offence (breach of contract/license agreement). Yeah.
Ars Technica and the Sydney Morning Herald both have great writeups of this majestic gaffe (including a copy of the now-deleted original blog post, because the Internet never forgets) if you want to learn more about it as well as some more in-depth backstory to why this is considered so outrageous by the tech and security communities.
Anyway, a hashtag, “#oraclefanfic”, has been cropping up on Twitter parodying the blog post, the no-reverse-engineering attitude, and even the whole concept of End User License Agreements themselves, and it’s just as awesome (in a good way) as the blog post itself (which was awesome in a terrible way). Preserved below for posterity are some of my favorites so far. Enjoy!
(These added in the 12 August 2015 19:10 UTC edit)
I’m afraid the EULA will be quite operational when your friends with the static analysis tools arrive. #oraclefanfic
— VanL (@VanL) August 12, 2015
— CyberAnarchist (@Cyb3rOps) August 12, 2015
When Eve saw that the fruit of the tree was desirable for gaining wisdom, she refrained, as it was against the EULA. #oraclefanfic
— Will Kirkby (@WillKirkby) August 12, 2015
— Stephen Toulouse (@Stepto) August 11, 2015
hackers everything the light touches is our kingdom but what about that shadowy place? thats the EULA, you must never go there #oraclefanfic
— RiotGradius (@RiotGradius) August 11, 2015
ALL THESE PROGRAMS ARE YOURS EXCEPT ORACLE’S ATTEMPT NO REVERSE ENGINEERING THERE #oraclefanfic
— Matthew Smillie (@notmatt) August 11, 2015
Luke, you switched off your targeting computer — what’s wrong?” “…Nothing! I’m all right. I just forgot to accept the EULA #oraclefanfic
— Chris Wysopal (@WeldPond) August 12, 2015
— Raymond Lilly (@37point2) August 11, 2015
#oraclefanfic The raptors were peering through the glass door. “Well, I know this system, but I’m not allowed to reverse engineer it.”
— Piñata de Résistance (@glasnaut) August 11, 2015
“Reverse the polarity, Mr Scott!” “I cannot do it, Cap’tn! She’s got a EULA!” #oraclefanfic
— Katie McLaughlin (@glasnt) August 12, 2015
— Nick Johnston (@NickInfoSec) August 11, 2015
I suspected something was amiss when Scotty, now sporting a goatee, insisted he was the Enterprise’s “Reverse Engineer” #oraclefanfic
— matt blaze (@mattblaze) August 11, 2015
(Blog post hastily written write before sleep; please excuse any grammar/flow/spelling/etc. errors. Will fix any if I can be arsed.)