jeh@dcs.simpact.com (01/30/91)
In article <1991Jan25.100847@mccall.com>, tp@mccall.com (Terry Poot) writes: > In article <00943303.CDEDA880@KING.ENG.UMD.EDU>, sysmgr@KING.ENG.UMD.EDU > (Doug Mohney) writes: >>His latest exploit (exploit? "The Adventures of Ray Kaplan") was to bring >>a convicted hacker to DECUS Fall '91. While the hacker was A) out on >>parole, >>B) Signed up under his own name and C) made no secret of the fact that >>he was >>there, the DECUS Board of Directors had a spaz, confiscated the >>conference >>badge from him, and then had security guards escort him off the >>grounds. > > For the interested, Ray's own description of this episode is in his > column in the current (Jan 21, 1991) issue of Digital News, page 9. > > While I'm here, I'd like to venture the opinion that DECUS was totally > out of line here. If they wish to propose such a policy, it should be > voted on by the membership. Until such a thing passes, they should leave > correctional issues to the government. I, like Ray ("read the > article...") wonder if DEC applied pressure to DECUS to get this guy > thrown out. > -- > Terry Poot <tp@mccall.com> The McCall Pattern Company > (uucp: ...!rutgers!ksuvax1!mccall!tp) 615 McCall Road > (800)255-2762, in KS (913)776-4041 Manhattan, KS 66502, USA Oh, for crying out loud, Terry. Do you really want the entire membership to be asked to vote on every policy decision? I don't; I wish to be bothered with upper-level DECUS politics as little as possible. That is what the DECUS Board of Directors is for. If you don't like what they're doing, throw the bums out at the next election. In point of fact there was no "policy" settled on at the time of this incident. Recall that the back of your symposium badge says "property of DECUS"; that one of the conditions of attendance is that the Canons of Conduct be signed; and that the individual involved did *not* sign them. Those circumstances are sufficient to pull his badge *under current policy*. If you object to the policy, you are free to make some waves at upper levels. Get involved in DECUS leadership, etc. If you like you can propose a new policy item that states something like "The right to attend a DECUS Symposium shall not be affected by a person's criminal record, even where said criminal offenses are in the areas of computer sabotage, even if against DEC's own systems and networks". I doubt you'll get far with this (put this way, just how many security-conscious people would want to allow such a person on the floor?), but who knows. The right approach, if you want it done quickly (ie before you are in a position to run for the board yourself), would be to find a sympathetic board member to champion it for you. But I am *not* interested in having the membership-at-large vote on every little policy decision, thank you very much. Oh, you wanted to vote only on SOME decisions? Which ones, pray tell? Only "major" decisions? Only those involving the exclusion of people from symposia? Only those to which you object? Followups are directed to comp.org.decus. --- Jamie Hanrahan, Simpact Associates, San Diego CA Former! Chair, VMSnet and Internals Working Groups, DECUS VAX Systems SIG Internet: jeh@dcs.simpact.com, or if that fails, jeh@crash.cts.com Uucp: ...{crash,scubed,decwrl}!simpact!jeh
oberman@rogue.llnl.gov (01/30/91)
In article <1991Jan30.025554.2081@dcs.simpact.com>, jeh@dcs.simpact.com writes: > Oh, for crying out loud, Terry. Do you really want the entire membership to > be asked to vote on every policy decision? I don't; I wish to be bothered with > upper-level DECUS politics as little as possible. That is what the DECUS Board > of Directors is for. If you don't like what they're doing, throw the bums out > at the next election. > In point of fact there was no "policy" settled on at the time of this > incident. Recall that the back of your symposium badge says "property of > DECUS"; that one of the conditions of attendance is that the Canons of Conduct > be signed; and that the individual involved did *not* sign them. Those > circumstances are sufficient to pull his badge *under current policy*. Oh, for crying out loud, Jamie. This sounds like the typical excuse making after the fact. I don't have a copy of my DECUS registration, but I know that it no longer includes a signed "Canons of Conduct". I guess my badge and everyone elses should have been pulled, too. I suspect that there was a note to the effect that by signing the registration form I was agreeing to abide by the "Canons of Conduct". The simple fact was that Kevin WAS registered and given a badge. Until DEC found out about him there was no problem about anything being or not being signed. That makes the Canons of Conduct excuse just that. An excuse. It really boils down to the selective decision that this one person was not wanted and he would be excluded. Excuse to follow! If you choose to remain uninvolved in the dispute, feel free. But don't spend your efforts to make dumb apologist excuses for actions you claim not to care about! If some of us do care, it's only by raising the issues in this and other forums that we can make people aware of the issues and let them decide if they want to "throw the bums out". That's how republican government works. The elected set policy and if the electors don't like them, they petition. If the petition is rejected, they can vote for a change in representation. I'm still trying to get the issues clarified. I'm far from deciding if policy needs changing or if I feel that the leadership has exceeded its authority. There are several unanswered questions about this affair. But my gut reaction leans towards Kevin's side. (Hey, I'm from the SF area. You know, all us raving crazy rights advocates.) R. Kevin Oberman Lawrence Livermore National Laboratory Internet: oberman@icdc.llnl.gov (415) 422-6955 Disclaimer: Don't take this too seriously. I just like to improve my typing and probably don't really know anything useful about anything.
sysmgr@KING.ENG.UMD.EDU (Doug Mohney) (01/31/91)
In article <1991Jan30.084433.1@rogue.llnl.gov>, oberman@rogue.llnl.gov writes: >I'm still trying to get the issues clarified. I'm far from deciding if policy >needs changing or if I feel that the leadership has exceeded its authority. >There are several unanswered questions about this affair. But my gut reaction >leans towards Kevin's side. (Hey, I'm from the SF area. You know, all us raving >crazy rights advocates.) It would be nice if DECUS had used the vehicle of Update.Daily to inform the membership. Or to at least spell out their version of events as they occured. I remember first hearing about the little scandal at lunch, and then getting considerable more detail from a DEC employee (who related that certain VMS software engineers talked into the wee hours of the morning with the felon who wasn't allowed into DECUS proper). Go figure. Shall we ban the VMS software engineers from DECUS due to guilt-by-association? Doug Doug Mohney, Operations Manager, CAD Lab/ME, Univ. of Maryland College Park * Ray Kaplan for DECUS president * SYSMGR@CADLAB.ENG.UMD.EDU
tp@mccall.com (Terry Poot) (02/01/91)
In article <1991Jan30.025554.2081@dcs.simpact.com>, jeh@dcs.simpact.com writes: >In article <1991Jan25.100847@mccall.com>, tp@mccall.com (Terry Poot) writes: >> While I'm here, I'd like to venture the opinion that DECUS was totally >> out of line here. If they wish to propose such a policy, it should be >> voted on by the membership. Until such a thing passes, they should leave >> correctional issues to the government. I, like Ray ("read the >> article...") wonder if DEC applied pressure to DECUS to get this guy >> thrown out. >Oh, for crying out loud, Terry. Do you really want the entire >membership to be >asked to vote on every policy decision? I don't; I wish to be bothered >with >upper-level DECUS politics as little as possible. Not every decision. >That is what the DECUS Board >of Directors is for. If you don't like what they're doing, throw the bums out >at the next election. Good idea. Anyone want to volunteer the names of those responsible? Do they intend to admit it themselves? If this was a board decision, anyone know the yea's and nay's? Kinda hard to throw the bums out if you don't know who they are. I wasn't there, but I'd be willing to bet this decision wasn't made at the open board meeting. >In point of fact there was no "policy" settled on at the time of this >incident. >Recall that the back of your symposium badge says "property of DECUS"; >that >one of the conditions of attendance is that the Canons of Conduct be >signed; > and that the individual involved did *not* sign them. Those >circumstances are >sufficient to pull his badge *under current policy*. Hmm. Nobody asked me to sign anything but the registration form. "All Registrants: by registering, all attendees agree to abide by the Canons of Conduct" -- Registration packet, book II, page 4, large type. "Canons of Conduct are policy that has been implemented to allow for the revocation of symposium registration of those attendees who have been obviously disruptive and/or have attempted to sabotage or vandalize machines and/or software WHILE AT SYMPOSIA." (emphasis mine) -- Registration packet, book II, page 4, column 2 at the top. Thus there IS a policy for revoking registration, and this person did not violate that policy. The board broke its own rules. I no longer have a copy of the registration form itself, but if it didn't say anything else, they would appear to have violated a contract entered into in good faith. Basically, it is an unethical business practice. Not that I'm suggesting it as a course of action, or that it would be worth his trouble, but he could probably sue. >If you object to the policy, you are free to make some waves at upper levels. >Get involved in DECUS leadership, etc. I have always rejected the proposition that my opinion is not worth consideration unless I run for office, or that I should not express my opinion other than by voting. The fact that I'm less involved in DECUS than you doesn't mean your opinion is worth more than mine, just that I'm in less of a position to do anything about it. >If you like you can propose a new >policy item that states something like "The right to attend a DECUS Symposium >shall not be affected by a person's criminal record, even where said criminal >offenses are in the areas of computer sabotage, even if against DEC's own >systems and networks". I doubt you'll get far with this (put this way, just >how many security-conscious people would want to allow such a person on the >floor?), but who knows. >... I've always thought of Ray Kaplan as a security-concious person. >But I am *not* interested in having the membership-at-large vote on >every little >policy decision, thank you very much. Oh, you wanted to vote only on >SOME >decisions? Which ones, pray tell? Only "major" decisions? Only those >>involving the exclusion of people from symposia? Only those to which >you >object? How about those where the board makes a decision in conflict with current policy? I can only speak for myself, so consider this. Suppose I attended DECUS and had my badge yanked (I can't say why this might happen, as the board apparently have criteria they don't deign to share with the membership) and was sent packing. My company pays for my trips to DECUS. The registration fee (which was refunded) is not even the majority of the expense of the trip. My company is out much money, having received no value in return. This doesn't make me look real good. I kinda doubt they refunded the guy his hotel bill, airline fare, meals, etc. I take your point about everyone voting on everything. Perhaps if there were a recorded vote on the issue, we could "throw the bums out". Jamie, if you think what they did was warranted, then say so, I'd like to hear your reasoning. I'm sure this is a 2-sided issue. If you don't wish to be bothered with it, fine. "KILL/SUBJ"; If it shows up on a ballot, abstain. I do think it is worth discussing. Who knows, someone might convince me the decision was justified. Granted, nobody has to care what I think, but at the moment, I don't feel real good about the DECUS leadership, and will probably vote against every incumbent on the slate, unless I get a better list. This doesn't make me feel real good about DEC, either, but I know they don't care a great deal about what I think. Maybe the only reason I bother to express an opinion is because I know there's nothing else I can do about it, so you win anyway. -- Terry Poot <tp@mccall.com> The McCall Pattern Company (uucp: ...!rutgers!ksuvax1!mccall!tp) 615 McCall Road (800)255-2762, in KS (913)776-4041 Manhattan, KS 66502, USA
hassinger@lmrc.uucp (Bob Hassinger) (02/04/91)
In article <1991Jan31.165013@mccall.com>, tp@mccall.com (Terry Poot) writes: > In article <1991Jan30.025554.2081@dcs.simpact.com>, jeh@dcs.simpact.com writes: > Hmm. Nobody asked me to sign anything but the registration form. The issue seems to be that current procedures drop the ball WRT pre-registration. The case in point involves on-site registration where the policy is implemented as intended. The incident alerted the Board to this and they are working on fixing the pre-registration problem. > "All Registrants: by registering, all attendees agree to abide by the > Canons of Conduct" -- Registration packet, book II, page 4, large type. > > "Canons of Conduct are policy that has been implemented to allow for the > revocation of symposium registration of those attendees who have been > obviously disruptive and/or have attempted to sabotage or vandalize > machines and/or software WHILE AT SYMPOSIA." (emphasis mine) -- > Registration packet, book II, page 4, column 2 at the top. > > Thus there IS a policy for revoking registration, and this person did > not violate that policy. The board broke its own rules. Am I correct that "SYMPOSIA" is a plural? That is, it refers to more than the current one? If so, I refer you to first hand reports posted by Jeff Killeen over on DECUServe where he positively states that the individual in question *was* found crashing systems on the exhibit floor at a previous symposium. In that case Jeff reports the individual was ejected from the symposium along with two others involved in the same case, and the current policy including the notice on the back of the badge about "property of DECUS" was instituted to better cover the need to do the same sort of thing in the future. In other words this individual in particular was the start of all this some years ago. Jeff's report matches my own less direct recollection of the incident in question although I did not know the names of the individuals involved at the time. This is the first I have made the connection between that incident and the more recent ones that have been so widely reported. Unless you want to question Jeff's direct, and most definite report of the background it would seem the Board indeed did have the right under the policy cited to revoke the badge and eject the individual when he was recognized. Keep in mind the DECUS By-laws have always given the Board the right to approve membership applications and to revoke membership as the Board saw fit. You may or may not like this By-law, but remember it was approved by the membership. You may well want to keep this in mind when the anticipated By-law change that is now in the works comes to a vote. Don't just rubber stamp it. Think about it and debate it. > I can only speak for myself, so consider this. Suppose I attended DECUS > and had my badge yanked (I can't say why this might happen, as the board > apparently have criteria they don't deign to share with the membership) > and was sent packing. My company pays for my trips to DECUS. The > registration fee (which was refunded) is not even the majority of the > expense of the trip. My company is out much money, having received no > value in return. This doesn't make me look real good. I kinda doubt they > refunded the guy his hotel bill, airline fare, meals, etc. It has been reported a number of times the individual was based locally so the expenses were pretty small in this case. I have not seen any indication if this was taken into account in the Board's action, but no doubt it makes a difference as to what kind of action the individual might be likely to take to recover damages. If he can't show much out of pocket loss he is much less likely to spend the time and money to go after DECUS. > -- > Terry Poot <tp@mccall.com> The McCall Pattern Company > (uucp: ...!rutgers!ksuvax1!mccall!tp) 615 McCall Road > (800)255-2762, in KS (913)776-4041 Manhattan, KS 66502, USA Through the By-laws we give the Board great latitude to deal with things like this. The only check and balance for the membership is the electoral process. Basically, the Board members have been refusing to talk about what they did. I suggest those who are concerned should be sure it is an issue in the upcoming election and I suggest they withhold their votes from any candidate, challenger or incumbent, who fails to address the issue to their satisfaction. That is the only real recourse any of us have. Lets leave it at that. Bob Hassinger hassinger@lmrc ...ccavax!lmrc!hassinger
sysmgr@KING.ENG.UMD.EDU (Doug Mohney) (02/05/91)
In article <10166@lmrc.uucp>, hassinger@lmrc.uucp (Bob Hassinger) writes: >Through the By-laws we give the Board great latitude to deal with things like >this. The only check and balance for the membership is the electoral process. >Basically, the Board members have been refusing to talk about what they did. How come? Maybe that's the big mystery. You had this whole thing called Update.Daily being pumped out. Had the DECUS BoD published a statement as to what happened and why, I think it would have sat better. >I >suggest those who are concerned should be sure it is an issue in the upcoming >election and I suggest they withhold their votes from any candidate, challenger >or incumbent, who fails to address the issue to their satisfaction. That is >the only real recourse any of us have. Lets leave it at that. You betcha. When do elections roll around? Doug Mohney, Operations Manager, CAD Lab/ME, Univ. of Maryland College Park * Ray Kaplan for DECUS president * SYSMGR@CADLAB.ENG.UMD.EDU
tp@mccall.com (Terry Poot) (02/06/91)
In article <10166@lmrc.uucp>, hassinger@lmrc.uucp (Bob Hassinger) writes: >In article <1991Jan31.165013@mccall.com>, tp@mccall.com (Terry Poot) writes: >> "Canons of Conduct are policy that has been implemented to allow for the >> revocation of symposium registration of those attendees who have been >> obviously disruptive and/or have attempted to sabotage or vandalize >> machines and/or software WHILE AT SYMPOSIA." (emphasis mine) -- >> Registration packet, book II, page 4, column 2 at the top. >> >> Thus there IS a policy for revoking registration, and this person did >> not violate that policy. The board broke its own rules. > >Am I correct that "SYMPOSIA" is a plural? That is, it refers to more than the >current one? If so, I refer you to first hand reports posted by Jeff Killeen >over on DECUServe where he positively states that the individual in question >*was* found crashing systems on the exhibit floor at a previous symposium. In >that case Jeff reports the individual was ejected from the symposium >along with >two others involved in the same case, and the current policy including >the >notice on the back of the badge about "property of DECUS" was >instituted to >better cover the need to do the same sort of thing in the future. In >other >words this individual in particular was the start of all this some >years ago. Hmm. The one thing that makes me doubt this story is the fact that it hasn't been cited so far. If the board had ejected him from a previous symposium in accord with the canons, the wording above does seem to imply that they can bar him from future symposia. If that is the case, why didn't they just say so? All it would take is someone on the board saying "He disrupted a system at a previous symposium, and was thus ejected from LV in accordance with the canons. The only mistake was accepting his registration in the first place." There might then be a debate on the wording of that article of the canons, and whether this is an appropriate rule, but we wouldn't have this raging argument over the ethics/legality/etc. of the action. So if this is the case, why didn't they say so? Maybe they did it for the wrong reasons, and then found out they could have used the right ones? That wouldn't help my opinion of the board much. -- Terry Poot <tp@mccall.com> The McCall Pattern Company (uucp: ...!rutgers!ksuvax1!mccall!tp) 615 McCall Road (800)255-2762, in KS (913)776-4041 Manhattan, KS 66502, USA
wisniewski@fallout.uucp (02/07/91)
> > I'm still trying to get the issues clarified. I'm far from deciding if policy > needs changing or if I feel that the leadership has exceeded its authority. > There are several unanswered questions about this affair. But my gut reaction > leans towards Kevin's side. (Hey, I'm from the SF area. You know, all us raving > crazy rights advocates.) > > R. Kevin Oberman > Lawrence Livermore National Laboratory > Kevin, Didn't you read the Cockoo's Egg? Hackers are just waiting to take over and steal our systems ;-] But seriously, speaking as a computer professional with a colorful history (and who reading this doesn't fit that catagory), if a "PUBLIC" well known hacker/cracker with a "RECENT" record showed up at a computer seminar I was managing, I'd have to think long and hard about his status and attendance. It isn't so much as wanting to give him another chance as asking him to prove his stablility in the real world as a professional before being readmitted into the ranks and responsibilites of that profession. Everyone in this business starts out as a professional, but consistantly screwing up jobs, rubbing folks the wrong way, and being known as a hacker/cracker is the quickest way I know to become an outsider. Crossing the outlaw line once, perhaps that's pushing the envelope and youthful exhuberance, more than that, you have to wonder about the individual. Many folks have committed lesser sins in this industry and suffered much more than the humiliation of a DECUS badge revocation. I agree with the Symposia staff who made that decision, it was their call to make in a short period of time. I don't envy them their choice, but I support their call. Most DECUS members have too much interesting work than to pursue the outlaw life. Breaking into systems isn't a hobby I'd really enjoy. (although I want to know "ALL" the backdoors available too! Now there's session topic if I ever heard one...) Breaking in, or interfering with someone else's work is inconsiderate at best, criminal at worst. In this industry, people associated with this type activity have to work twice as hard to prove themselves to the professional and general community. There should not be a problem with that type of probation for a hacker/cracker. Now if a known hacker, solves his legal problems, works quietly in the industry for a couple of years, and show's interest in the straight and narrow, I'll be the first person to welcome them back to the fold, as a professional with all the rights and responsiblities. Some folks are emotionally disturbed, some never grow up, others need to call attention to themselves in whatever walk of life they chose. Hacking/cracking is not a sign of great giftedness as the media would make it out, it's a cry for help. A cry for help the same way that drugs, antisocial behavior, or violence is. A computer or computer system can't give the type of help that individual needs. (today!?!Any OEMs listening?) Get a life, not a modem, +-----------------+--------------------------------------------------------+ | John Wisniewski | Consultant/DFW DECUS LUG Counterpart | | +-+-+-+-+-+-+-+ | Voice: 214-404-6412 | | |d|i|g|i|t|a|l| | UUCP: ...utacfd!montagar!fallout!wisniewski | | +-+-+-+-+-+-+-+ | At Work: wisniewski@dpdmai.enet.dec.com | | Dallas, TX USA | | +-----------------+--------------------------------------------------------+ This message has been crafted using the DECdisclaimer(TM) product from Digital. DECdisclaimer(TM) bypasses all layers, and good sense, by simply posting the author's opinion. Copyrighted 1991