brad@looking.UUCP (Brad Templeton) (11/09/88)
Is this what people want? To "deep pocket" Cornell? Do you want all universities to go into panic mode (even if the suit fails) and turn into armed camps? Do you want source access only given on a "need to know" basis? Do you want a full security check before somebody can connect their Sun to the internet? Or their Xenix system, or their PC? Suing a graduate student will get you one bankrupt graduate student. You won't even recover costs. (Unless this guy is richer than I know.) You will only get money if you bring in players like Cornell. And I don't think you'll like the consequences of what you do. Also, if I were the judge, and Sun sued because they had the expense of FedExing (TM, Federal Express) bug fixes out to their customers, I would not by any stretch of the imagination rule 100% for the plaintiff. This sort of behaviour has to be crushed, but this is not the way to do it. The way to do it is to make sure people get caught if they do it. (I wonder how long it would take to fill up a 300m disk pack keeping an audit trail of major internet transactions?) -- Brad Templeton, Looking Glass Software Ltd. -- Waterloo, Ontario 519/884-7473
tenney@well.UUCP (Glenn S. Tenney) (11/10/88)
In article <2284@looking.UUCP> brad@looking.UUCP (Brad Templeton) writes: > ... >Also, if I were the judge, and Sun sued because they had the expense of >FedExing (TM, Federal Express) bug fixes out to their customers, I would >not by any stretch of the imagination rule 100% for the plaintiff. Sun sue? No, you've got it backwards. If anyone gets sued, UCB and Sun will likely be included. Regardless of "as is" warranties etc., you can't un-warrant for negligence. I think that any attorney would be able to show that it was negligent to leave such a gapping back door. No, I'm not litigious, but this *did* cause mucho consequental damages (many people couldn't get productive work done if their machines weren't online). >This sort of behaviour has to be crushed, but this is not the way to do it. >The way to do it is to make sure people get caught if they do it. I'm not sure to what behavior you're referring. If you mean a worm or virus causing loss of compute power or data, then you're right that something must be done. If, however, you mean the hacker ethic to FIND those holes, then I disagree -- we want to encourage people to think and find these things. Just being sure that people get caught won't help the next time 6000 machines are made unusable for many hours. Glenn Tenney (not an attorney)
frank@Morgan.COM (Frank Wortner) (11/11/88)
I believe that anyone suing anyone over this is a waste of time, effort, and money. rtm has little money (at least not the millions that various parties are likely to sue for); there is nothing to be gained by draining Cornell, Berkeley, etc.; DEC, Sun and other vendors might be negligent, but they can point the fingers at (and sic their lawyers on) most of the other parties. End result: everyone loses, and a lot of resources (mostly legal) are wasted. -- Frank "Computers are mistake amplifiers."