rwood@vajra.uucp (Richard Wood) (04/21/89)
I've been thinking about this for a long time now, and the recent conversations in this newsgroup have prompted me to make a request. How would you like to see electronic communications regarding bugs to work? Keep in mind the following points: - Digital is probably second only to the US government in it's attractiveness to people attempting to break into networks, and thus is rightly paranoid about connecting to external networks. - The information transfered cannot go via normal UUCP channels for two reasons: security - many of the uucp connections go via our competitors and we would probably hesitate to discuss problems and bugs where they could easily watch every word; and appropriateness - the UUCP network isn't there for commercial purposes, and some people would probably find DEC's commercial use of it objectionable. Digital would probably not want to have business dependencies on a network as chaotic and anarchistic as the UUCP. - Bi-directional: While getting information to Digital is probably fairly simple, how does Digital respond? Keep in mind that many companies refuse to allow people to dial into their systems willy-nilly. - Asynchronous discussions: We currently send a hardcopy update once a quarter to point out potential problems that some customers might not have run into. Should this be electronic? How does the data get transfered, and of what types? - Interactivity: Should a support network be set up along official lines, so that customers can share and discuss problems (much as is done here in comp.unix.ultrix) with other supported customers and Digital engineers? How is this to be controlled? - Local control: In many customer situations, support is funneled through one or a limited number of channels, such as the system management staff. How can this be arranged to keep these people firmly in control of what is submitted? No promises - however, many of us here at Digital (hi, Fred!) share the desire to take advantage of electronic communications for this purpose - The irony of the company with the worlds largest private network (somewhere over 25,000 computers) still shuffling paper around is not lost on us. We'll see if we can find a better way of doing business. In addition to discussing in this newsgroup, please send any ideas or recommendations to me directly at rwood@dec.com, or if that doesn't work, rwood@decwrl.dec.com. Thanks. -- ---------------------------------------------------------------------------- Does it need saying that I'm not speaking as an official representative of DEC? =============================================================================== Richard Wood ! U. S. Worksystems, Palo Alto ! Digital Equipment Corporation
barnett@crdgw1.crd.ge.com (Bruce G. Barnett) (04/21/89)
In article <468@granite.dec.com>, rwood@vajra (Richard Wood) writes: > - The information transfered cannot go via normal UUCP channels for > two reasons: security - many of the uucp connections go via our > competitors and we would probably hesitate to discuss problems and > bugs where they could easily watch every word; and appropriateness Uh. So USENET is more secure? :-) Seriously, if someone found a bug that is significant (like the bug in ed(1) I discovered while installing USENET), I think it is to everyone's advantage to make this problem known ASAP. Other problems, (i.e. security ), should be kept off the network, of course. But I don't really understand the reluctance by DEC to discuss (or acknowledge) these problems publicly. Yes, I can understand a company's reluctance to admit a stupid mistake. But this will NEVER keep it quiet. Sun, for instance, has made several stupid MAJOR mistakes. Look at the infamous leap year bug. If DEC made a mistake like this, or left a LARGE hole in their operating system, they should publicize the fix - or how to get the fix, ASAP. Face it. You can't hide serious problems. And if Sun, HP/Apollo, or IBM did find out about a bug in Ultrix, so what? What are they going to to besides snicker the same way DEC does when they find out about something stupid in their competitor's system? Obviously, it would not be a good idea to discuss future products over E-mail, unless your customer had a direct link (UUCP) to a DEC site. But if there is a bug that a lot of people are going to find, DEC should make people aware of these bugs so they don't have to spend a day determining what the problem is. Listen! I would LOVE to get patches to Ultrix via FTP. > - the UUCP network isn't there for commercial purposes, and some > people would probably find DEC's commercial use of it objectionable. Then use the biz.* distribution available from UUNET! If people want it, they can get it. If they don't want it -no problem! > Digital would probably not want to have business dependencies on a > network as chaotic and anarchistic as the UUCP. Not UUNET! And if a site doesn't have a connection to uunet, then can a) get one - and just get the biz.ultrix feed IT'S CHEAPER THAN SOFTWARE SUPPORT! b) get biz.ultrix from another site for free. There might be a few systems out there that are interested :-) > - Bi-directional: While getting information to Digital is probably > fairly simple, how does Digital respond? Keep in mind that many > companies refuse to allow people to dial into their systems > willy-nilly. That's what software is for. If you write willy-nilly software... I would rather write bug reports electronically than on paper. I must have reported 50 bugs in SunOS 4.0, and in many cases - I got a response back in 24 hours. (O.K. In a lot of cases is was "Known bug #6012" or whatever. But at least I know they got my message!) If I had to write up those reports on paper, instead of using script(1), I would not have reported nearly as many. Sun may have it's problems in the support arena, but in some ways they are more innovative . Better wake up! -- Bruce G. Barnett <barnett@crdgw1.ge.com> a.k.a. <barnett@[192.35.44.4]> uunet!steinmetz!barnett, <barnett@steinmetz.ge.com>
rwood@vajra.uucp (Richard Wood) (04/21/89)
Barnett@crdgw1.crd.ge.com (Bruce G. Barnett) writes: > Uh. So USENET is more secure? :-) > Seriously, if someone found a bug that is significant (like the bug in > ed(1) I discovered while installing USENET), I think it is to everyone's > advantage to make this problem known ASAP. As I understand it, USENET is not a general purpose network; "mailbug" submissions couldn't really be made by it. It is, instead, a distrbuted BBS implemented over various types of networks, amoung which are USENET and the Internet. Of course, people frequently confuse USENET and UUCP. But then your :-) might have indicated you knew that and were pointing out the irony that bugs were already discussed here. The problem is that some bug reports contain information that the submitter considered sensitive, and Digital's response might be likewise. Since the use of the USENET it wholly discretionary, that isn't a problem. But relying on a non-secure network for an official function would be a problem. > But I don't really understand the reluctance by DEC to discuss (or > acknowledge) these problems publicly. Yes, I can understand a company's > reluctance to admit a stupid mistake. But this will NEVER keep it > quiet. Sun, for instance, has made several stupid MAJOR mistakes. > Look at the infamous leap year bug. If DEC made a mistake > like this, or left a LARGE hole in their operating system, > they should publicize the fix - or how to get the fix, ASAP. > > Face it. You can't hide serious problems. That was not the intent of my concern with security. I would expect any "mailbug" program to also allow quick dissemination of critical information (such as patches for security holes) to contract customers; and I know that there is nothing within DEC that would prevent us from posting such fixes to the USENET either - Ken Olsen himself gave me permission to use this medium :-). However, there doesn't appear to be a formal program in place right now to take such actions. > And if Sun, HP/Apollo, or IBM did find out about a bug in Ultrix, so > what? What are they going to to besides snicker the same way DEC does > when they find out about something stupid in their competitor's > system? *Our* competitors are not the only problem. It is often necessary when discussing bugs to mention details that anyone would want to keep confidential. This might include comments from government labs or semiconductor houses - we simply can't ask our customers to use non secure channels. It is also true that Digital would be concerned about it, but the problem isn't limited to being snickered at. > Then use the biz.* distribution available from UUNET! > If people want it, they can get it. If they don't want it -no problem! I'm not up on UUNET. I'll check up on it. (I noticed all those biz.* things that my rn kept asking me whether I was interested in, but I'm so used to seeing endless proliferation of newsgroups that I ignored them :-) Thanks for you comments. -- ---------------------------------------------------------------------------- Does it need saying that I'm not speaking as an official representative of DEC? =============================================================================== Richard Wood ! U. S. Worksystems, Palo Alto ! Digital Equipment Corporation
avolio@decuac.dec.com (Frederick M. Avolio) (04/22/89)
Well, let me just say that some of us inside of Digital are looking into this and want to propose it. Someone I deal with in the far north snow country where the polar bears and ULTRIX Engineers live, named Bonnie has asked about such matters so let me pass on the questions as I remember them... Basically, what would be very useful is if you -- if you're interested in changing some of this -- would send me your ideas and thoughts on what sorts of things need to be in place. What do other vendors do that Digital should (remember we are talking about things like bug fixes, SPR submissions, etc. Field test administration and distribution could also fall under this discussion. Assume that Digital knows that 1) some customers couldn't use it because of lack of security (meaning the fact that over UUCP your mail sits on lots of other machines on its way) and would not use it or would need a direct UUCP link, 2) UUCP use for business is certainly sanctioned by the UUCP community, and 3) the same goes for the Internet. Rather than fill up the news group, if you want to send your ideas directly to me I will put them all together, pass them on, summarize them back out if you want, and at least try to help implement some of the ideas. (well, some of the good ones anyway :-).) I'm sure you realize, but I'm going to tell you anyway, I am near the bottom of the pecking order as shakers, movers, and decision-makers go in Digital (a bottom-feeder as a good friend points out) but I'm willing to facilitate. (Yeah, that's the word...) Fred
karl@ddsw1.MCS.COM (Karl Denninger) (04/23/89)
In article <179@crdgw1.crd.ge.com> barnett@crdgw1.crd.ge.com (Bruce G. Barnett) writes: >In article <468@granite.dec.com>, rwood@vajra (Richard Wood) writes: (lots of stuff; the end result of which is the assertion that you can't keep bugs quiet; it's better to try to deal with them than not do so at all, as you can't hide them). If DEC wants to establish a biz.comp.dec group, I'm all for it (we originated the BIZ groups here). I'll even feed DEC -- if they want to poll us (via Telebit or normal modem), and send the "newgroup". No trouble at all. I do think it would go a long way towards getting the information AND FIXES with regards to problems out to the users much faster, and raise consciousness about your systems to a higher level.... Go for it! Anyone interested can contact me at the address or phone below. -- Karl Denninger (karl@ddsw1.MCS.COM, <well-connected>!ddsw1!karl) Public Access Data Line: [+1 312 566-8911], Voice: [+1 312 566-8910] Macro Computer Solutions, Inc. "Quality Solutions at a Fair Price"
davew@gvgpsa.GVG.TEK.COM (David C. White) (04/27/89)
In article <468@granite.dec.com> rwood@dec.com or rwood@gatekeeper.dec.com (Richard Wood) writes: >I've been thinking about this for a long time now, and the recent >conversations in this newsgroup have prompted me to make a request. > >How would you like to see electronic communications regarding bugs to >work? Well, we've got some Trailblazers, so I'm willing to set up a UUCP link directly to your site. I realize that this could get unwieldy after x number of connections, but somehow the DEC hardware support people manage to do it for remote diagnostics. Since you don't want to go over any public networks, a direct connection seems like the only choice. Let me know when you want to hook up! :-) -- David White Grass Valley Group, Inc. VOICE: +1 916.478.3052 P.O. Box 1114 Grass Valley, CA 95945 FAX: +1 916.478.3778
karish@forel.stanford.edu (Chuck Karish) (04/28/89)
In article <468@granite.dec.com> rwood@dec.com or rwood@gatekeeper.dec.com (Richard Wood) writes: >I've been thinking about this for a long time now, and the recent >conversations in this newsgroup have prompted me to make a request. > >How would you like to see electronic communications regarding bugs to >work? How do DEC support people like the QAR system that was used for resolving problems in field test versions of ULTRIX 3.0? Under this system, people dial up to a DEC host that provides a bboard-like interface for browsing previously-reported problems and entering new problems. There is an option that allows the reporter to keep a bug report private rather than making it available to others. DEC may wish to restrict the reading of other bug reports; what's appropriate for field test sites is not necessarily appropriate for the whole customer base. I liked this system pretty well, all but the VMS editor it provided. - People dial up directly to a Chuck Karish hplabs!hpda!mindcrf!karish (415) 493-7277 karish@forel.stanford.edu