dlm@cuuxb.ATT.COM (Dennis L. Mumaugh) (11/16/88)
In article <8844@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes: >So where is the student to learn better? The current culture is >founded more on the philosophy of pragmatism than anything else, >and accordingly the student is encouraged in his belief that >nearly anything is okay so long as he doesn't get caught. > >If you want to establish rational values as the norm, you have your >work cut out for you. It's a worthwhile goal, but won't be >accomplished quickly. This is a short essay on the mores and morals of the computer culture. It is caused by the controversy over whether the originator of the recent internet worm should be hailed as a hero or hauled off to jail and his life and career ruined by his actions. There are two attitudes towards life that are exemplified by various social systems. In an authoritarian/totalitarian society that which is not permitted is forbidden. In a "free society" that which is not prohibitted is permitted. In the computer culture we have similar attitudes. Some people feel that since UNIX has file permissions, if you don't protect your files they should be able to browse them (and if your terminal is not locked they can use it and browse). Others feel that personal directories and files are out of bounds. Part of this culture clash comes from the differences between the "academic community" and the "business community". I remember back in 1967 when a Freshman student of physics was making a nuisance out of himself with the University of Maryland Computer Center by breaking the operating system and stealing time. He lead the systems people a merry chase. They finally stopped the activities by hiring him as a systems programmer. Today that person is famous as the inventor of <product deleted> and was a professor of a well known academic institution. [His name is deleted because he is now a well known person, but I knew him way back when.] Today, the same actions would result in disciplinary action and since the advent of the new federal law on computer security would be cause for criminal action. What was once considered a harmless prank is now a "serious" offense. What has changed? Computers have changed. They used to be toys of the privileged few researchers and now they are the work horses of the world. The analogy is that between horses and the current automobile. In the old days borrowing a horse for a bit wasn't that serious, nowadays joy riding in a car is a major offense. [We did hang horse thieves though didn't we?] Our academic community encourages browsing and "snooping" as long as we don't destroy or conceal the origination of ideas [plaigarism]. The ideal of co-operation between people and the spread of knowledge is generally taught as the highest goal. Our business community is just the opposite. We have found that information is power is money. The FSF to the contrary, computer data is now valuable [I rememeber trying to get a mag tape through Candian Customs: those who said "Computer Data" paid duty; those who said "Software" got by for free]. As more and more people commit their fortunes and lives [figuratively] onto computer media, the more we will become intolerant of people who disrupt those computers or idlely browse through files. In another newsgroup [news.sysadmin or some such] the question was raised: "What authority does a systems administrator have to browse files." I can remember some times when I happened upon a torrid love affair being conducted by two married people via EMail, and .... today I would almost be required to inform authority of this abuse of computer resources. Essentially what Doug is raising and I am seconding is that times have changed. This worm incident has rattled some cages and arroused some sleeping dragons. Hopefully, the Professional Societies will provide a code of ethics about computer use in reference to these areas. If they don't the US Government will. Already the new law could be used to charge rogue players with a crime [unauthorized use of facilities]. Then of course those who read netnews without official sanction ..... I suspect that one could even make a case for routing personal mail over the Internet as being a crime. -- =Dennis L. Mumaugh Lisle, IL ...!{att,lll-crg}!cuuxb!dlm OR cuuxb!dlm@arpa.att.com
trn@aplcomm.jhuapl.edu (Tony Nardo) (11/19/88)
In article <8908@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes: >In article <270@popvax.harvard.edu> mohamed@popvax.UUCP (R06400@Mohamed Ellozy) writes: >-This is what irritates the living daylights out of so many of us. >-He "knows" of at least three other such holes. He is thus more >-learned, perhaps even wiser, than we are. >- BUT WHAT THE HELL ARE YOU DOING TO GET THEM CLOSED??? > >The BSD developers know of all three holes and have published fixes for >two of them. BRL's network host tester will probe for them and inform >system administrators if they have these holes. I don't mean to sound facetious, but I seem to recall some news article mentioning that there were 60,000+ nodes on the Internet. Let's assume that only 5% of these systems use some flavor of 4.* BSD. Let's also assume that only 40% of those systems have administrators who wish to have those holes identified and (possibly) plugged. Does BRL have the facilities to test 1200+ nodes before some other clever person develops a copycat "infection"? Or even distribute a "hole test kit" to that many sites? There *must* be a better way to distribute information on how to check for these holes than to have every Internet site queue up for BRL's test... Tony P.S. To Mohamed: if you discovered one of these holes, and realized that a second worm could very easily be written to exploit it, what would *you* do? Actually, anyone may feel free to answer this. Please reply to me by E-mail. I'll attempt to summarize. ============================================================================== ARPA, BITNET: trn@aplcomm.jhuapl.edu UUCP: {backbone!}mimsy!aplcomm!trn "Always remember that those who can, do, and that those who can't, teach. And those who can't teach become critics. That's why there're so many of them." PORTRAIT OF THE ARTIST AS A YOUNG GOD (Stephen Goldin) ==============================================================================