eugene@ames.UUCP (Eugene Miya) (12/10/84)
[leq: Unix, the FORTRAN of operating systems] This is not a flame; nor is it about security in particular. I am posting this to unix-wizards because of the reemergence of security as a topic for flaming on the wizards list. I realize there are many people reading this list who are not unix devotees, but I want to point out to the wizards that what they say can be used against them. Early on, this discussion broadly covered security in general. When this discussion shifts, in particular, to unix security, we create another set of problems. To the wizards: there are managers and other people reading this net who will use this 'security' information as a justification for not using Unix. This misaligned viewpoint not only berates this OS, but also tends to ignore possible security holes in systems such as VMS, VM/370, OS/32, EXEC*1100, and so on. [What? ...'s OS has security holes?! No way, but look at Unix...] To managers of other systems: go to your systems people and ask "If this problem happens on this other oprating system, can this or any thing like it happen on our XYZ OS?" I'm certain many will say no, [politically], but the value of this will be offset by holes found by others. I have had more problems with academic seminar speakers on security than any other single problem. --eugene miya NASA Ames Research Center {hplabs,ihnp4,dual,hao,vortex}!ames!aurora!eugene emiya@ames-vmsb.ARPA
bsa@ncoast.UUCP (12/18/84)
> Article <690@ames.UUCP>, from eugene@ames.UUCP (Eugene Miya) +---------------- | I am posting this to unix-wizards because of the reemergence of security | as a topic for flaming on the wizards list. I realize there are many | people reading this list who are not unix devotees, but I want to point | out to the wizards that what they say can be used against them. | | Early on, this discussion broadly covered security in general. When this | discussion shifts, in particular, to unix security, we create another | set of problems. To the wizards: there are managers and other people reading | this net who will use this 'security' information as a justification for | not using Unix. This misaligned viewpoint not only berates this OS, but also | tends to ignore possible security holes in systems such as VMS, VM/370, | OS/32, EXEC*1100, and so on. [What? ...'s OS has security holes?! No way, but | look at Unix...] To managers of other systems: go to your systems people and | ask "If this problem happens on this other oprating system, can this or any | thing like it happen on our XYZ OS?" I'm certain many will say no, | [politically], but the value of this will be offset by holes found by others. If you want discussion of security holes in VMS or VM/370, I'd suggest that you look up net.{vms,vm370}-wizards. Maybe we should shut down net.unix-wizards because people come here to ask questions which show Unix up as not perfect (witness the constant requests for bug-free device drivers)? Or we can be sane, accept that we're talking Unix on a Unix network, and forget about it. Being silent about bugs and security problems merely insures that they'll never get fixed. --bsa -- Brandon Allbery @ decvax!cwruecmp!ncoast!bsa (..ncoast!tdi1!bsa business) 6504 Chestnut Road, Independence, Ohio 44131 (216) 524-1416 <<<<<< An equal opportunity employer: I both create and destroy bugs :-) >>>>>>