flog@bernina.ethz.ch (Florian Gutzwiller) (02/14/91)
I ftp'd a binary version of DialUpIP2.0 from next.com this morning (GMT+1). Everything looks fine except, that I'm lacking /usr/etc/kl_util which seems to be the kernel loader utility. I have a 105 station. Is kl_util only available within the extended release of 2.0 ? If yes. could somebody please put in in a 'pub' directory ASAP. I tried next.com two minutes ago, and it wont cd to pub/Slip any more. I put it on one of the machines at the Swiss Federal Institute of Technology (ETH) in Zuerich. bernina.ethz.ch (129.132.1.170) pub/SLIP_2.0.tar.Z Everybody would appreciate a statement from NeXT about an unsupported release of DialUpIp and their anonymous ftp server. -Florian
news@media-lab.MEDIA.MIT.EDU (Remote news user) (02/15/91)
In article <1991Feb14.135510.3693@bernina.ethz.ch> flog@bernina.ethz.ch (Florian Gutzwiller) writes: > I ftp'd a binary version of DialUpIP2.0 from next.com this morning > (GMT+1). Everything looks fine except, that I'm lacking /usr/etc/kl_util > which seems to be the kernel loader utility. I have a 105 station. > Is kl_util only available within the extended release of 2.0 ? If yes. > could somebody please put in in a 'pub' directory ASAP. > > I tried next.com two minutes ago, and it wont cd to pub/Slip any more. > I put it on one of the machines at the Swiss Federal Institute of > Technology (ETH) in Zuerich. Er folks, it is really uncool to go onto a machine and grab stuff off unless invited to and then advertise it to the world. It will make NeXT more paranoid about how it deals with distributing of software. Regardless of legal issues, it is a questionable practice. Plethora which used to have the GNU 1.0 sources got over 100 ftp connections even though there is nothing there... Seems people have automated their seek and grab software programs. pasc Pascal Chesnais, Research Specialist, Electronic Publishing Group Media Laboratory, E15-351, 20 Ames Street, Cambridge, Ma, 02139 (617) 253-0311 email: lacsap@plethora.media.mit.edu (NeXT)
bob@MorningStar.Com (Bob Sutterfield) (02/15/91)
In article <5231@media-lab.MEDIA.MIT.EDU> news@media-lab.MEDIA.MIT.EDU (Remote news user) writes:
Er folks, it is really uncool to go onto a machine and grab stuff
off unless invited to and then advertise it to the world. It will
make NeXT more paranoid about how it deals with distributing of
software. Regardless of legal issues, it is a questionable
practice.
If something is confidential then it shouldn't be put in an anonymous
FTP area. If something is accessible via anonymous FTP then it is
generally and reasonably assumed to be freely redistributable under
the terms of any attached copyrights.
If NeXT or any other company gets paranoid about normal and expected
behavior in a given culture, then they should spend more time learning
what's normal before trying to join that community.waltrip@capd.jhuapl.edu (02/15/91)
In article <5231@media-lab.MEDIA.MIT.EDU>, news@media-lab.MEDIA.MIT.EDU (Remote news user) writes: [...material deleted...] > Er folks, it is really uncool to go onto a machine and grab stuff > off unless invited to Agreed. > and then advertise it to the world. Doubly agreed. [...more material deleted...] > Pascal Chesnais, Research Specialist, Electronic Publishing Group c.f.waltrip Internet: <waltrip@capsrv.jhuapl.edu> Opinions expressed are my own.
waltrip@capd.jhuapl.edu (02/15/91)
In article <BOB.91Feb15001422@remora.MorningStar.Com>, bob@MorningStar.Com (Bob Sutterfield) writes: > In article <5231@media-lab.MEDIA.MIT.EDU> news@media-lab.MEDIA.MIT.EDU > (Remote news user) writes: > Er folks, it is really uncool to go onto a machine and grab stuff > off unless invited to and then advertise it to the world. It will > make NeXT more paranoid about how it deals with distributing of > software. Regardless of legal issues, it is a questionable > practice. > > If something is confidential then it shouldn't be put in an anonymous > FTP area. If something is accessible via anonymous FTP then it is > generally and reasonably assumed to be freely redistributable under > the terms of any attached copyrights. > I don't think that's the issue here. The original poster (Pascal Chesnais) states the practice is questionable "regardless of legal issues." In fact, if I got a copy of something via anonymous ftp that I discovered had been subsequently made deliberately inaccessible, I would assume that the ftp site didn't want the material redistributed and would cease redistribution without explicit permission. This is a matter of manners and respect rather than law. > If NeXT or any other company gets paranoid about normal and expected > behavior in a given culture, then they should spend more time learning > what's normal before trying to join that community. I'm not so sure this is normal and expected behavior. I have seen requests in other newsgroups to destroy material previous posted and have seen posts in response by people who were complying. But if this is normal behavior, it may be in the best interests of the community to adopt behavior that will attract distributors of information. I am personally more comfortable about sharing information in an environment where I feel my wishes about the distribution will be respected so the old "do unto others..." principle applies so far as I'm concerned. I'm with Pascal on this one...he seems to be encouraging the sort of community I'm most comfortable with. c.f.waltrip Internet: <waltrip@capsrv.jhuapl.edu> Opinions expressed are my own.
scott@erick.gac.edu (Scott Hess) (02/16/91)
In article <BOB.91Feb15001422@remora.MorningStar.Com>, bob@MorningStar.Com (Bob Sutterfield) writes: > In article <5231@media-lab.MEDIA.MIT.EDU> news@media-lab.MEDIA.MIT.EDU > (Remote news user) writes: > Er folks, it is really uncool to go onto a machine and grab stuff > off unless invited to and then advertise it to the world. It will > make NeXT more paranoid about how it deals with distributing of > software. Regardless of legal issues, it is a questionable > practice. > > If something is confidential then it shouldn't be put in an anonymous > FTP area. If something is accessible via anonymous FTP then it is > generally and reasonably assumed to be freely redistributable under > the terms of any attached copyrights. > > If NeXT or any other company gets paranoid about normal and expected > behavior in a given culture, then they should spend more time learning > what's normal before trying to join that community. The site in question is a private site made availiable for certain NeXT-internal stuff that it would be easier to let people ftp than to mail it to all field personnel and campus consultants. As such, it's a service NeXT provides, albeit indirectly, so that things can be done. If they are forced to remove it, it hampers our ability to help you, and thus gets you in the end. I think the generally accepted etiquette is that if someone makes something availiable _and_then_invites_people_to_access_it_, then they should expect you to come get it. Just because people leave their doors unlocked does not mean it is "normal and expected" behaviour to walk in and steal their silver dinner set. 'Nuff said. Later, -- scott hess scott@gac.edu Independent NeXT Developer GAC Undergrad <I still speak for nobody> "Tried anarchy, once. Found it had too many constraints . . ." "Buy `Sweat 'n wit '2 Live Crew'`, a new weight loss program by Richard Simmons . . ."
lacsap@plethora.media.mit.edu (Pascal Chesnais) (02/17/91)
To clarify matters of where I am coming from- Last year a number of files that appeared to be Apple confidential sources appeared on Media-lab.media.mit.edu. At the time we were an anonymous ftp site, with write permissions into the directory to facilitate exchange of information. Apple lawyers called us to ask us to remove the alleged sources from our machine, and we were investigated by the FBI a short while later. We took the investigation seriously enough that we no longer allow people to deposit files through this mechanism, since we would be responsible for what was being redistributed from our machines. Second Robert Morris was convicted of illegal use of goverment machines when he used unix sendmail programs to propogate his worm/virus (you pick your favorite term)... Although the machines allowed such connection, it was his responsibility not to abuse such access. Next does not publically list any of its machines as anonymous ftp archive servers for the internet. If they have a security hole, I do not exploit it even though I know it exists. I do want to encourage a good community spirit. pasc
cbenda@unccvax.uncc.edu (carl m benda) (02/17/91)
In article <5240@media-lab.MEDIA.MIT.EDU>, lacsap@plethora.media.mit.edu (Pascal Chesnais) writes: > To clarify matters of where I am coming from- > > Next does not publically list any of its machines as anonymous > ftp archive servers for the internet. If they have a security > hole, I do not exploit it even though I know it exists. > > I do want to encourage a good community spirit. > > pasc Not to start a flame war, but... you of all people comming from RMS land up @ mit should realize the difference between publicly listing a machine versus simply leaving a machine open for access. I.E. you don't announce to the world that you are leaving your newspaper on the subway for someone else to use when you get off at your stop, nevertheless, the newspaper IS available to the public... If I were looking for good quality public domain NeXT machine source code, blah_blah_.next.com is probably the first place I would try. IF I'm wrong, let me know, but I always thought that if its "getable" its public. /Carl
waltrip@capd.jhuapl.edu (02/17/91)
In article <3191@unccvax.uncc.edu>, cbenda@unccvax.uncc.edu (carl m benda) writes: [...material deleted...] > IF I'm wrong, let me know, but I always thought that if its > "getable" its public. > > /Carl Personally, I didn't object to the originator of this thread getting the slip file from next.com (it was "getable" and so it was perhaps reasonable to assume that NeXT didn't mind that someone got it). However, the original poster then found it was no longer "getable". This was a clear hint that maybe NeXT DID mind. The original poster responded to this by advertising that he had now made it available. Let me say only that, if someone did that to me, I wouldn't care for it. I have no idea how NeXT feels about it. c.f.waltrip Internet: <waltrip@capsrv.jhuapl.edu> Opinions expressed are my own.
coco@cbnewsl.att.com (felix.a.lugo) (02/17/91)
In article <1991Feb16.232618.1@capd.jhuapl.edu> waltrip@capd.jhuapl.edu writes: | In article <3191@unccvax.uncc.edu>, cbenda@unccvax.uncc.edu (carl m benda) writes: | [...material deleted...] | Personally, I didn't object to the originator of this thread getting | the slip file from next.com (it was "getable" and so it was | perhaps reasonable to assume that NeXT didn't mind that someone got | it). However, the original poster then found it was no longer | "getable". This was a clear hint that maybe NeXT DID mind. The | original poster responded to this by advertising that he had now | made it available. Let me say only that, if someone did that to | me, I wouldn't care for it. I have no idea how NeXT feels about it. | One thing's for sure, if you "get" SLIP don't go bothering NeXT if it doesn't work. They didn't make it public in the first place! /* ** ============================================================================ ** ** Felix A. Lugo AT&T Bell Laboratories ** ** E-Mail: ** (708) 713-4374 coco@ihlpb.att.com att!ihlpb!coco ** ** NeXT-Mail: ** (708) 515-0668 coco@alien.att.com alien.att.com!bootsie!coco ** ** ============================================================================ */
lacsap@plethora.media.mit.edu (Pascal Chesnais) (02/18/91)
In article Re: SLIP from next.com cbenda@unccvax.uncc.edu (carl m benda) of : University of NC at Charlotte writes: I.E. you don't announce to the world that you are leaving your newspaper on the subway for someone else to use when you get off at your stop, nevertheless, the newspaper IS available to the public... If I were looking for good quality public domain NeXT machine source code, blah_blah_.next.com is probably the first place I would try. IF I'm wrong, let me know, but I always thought that if its "getable" its public. /Carl No flamage taken. Yup I have worked with RMS, and agree with lots of his views. However the reality is that we are subject to laws. Now for the newspaper anology: Newspaper deliver threw it on my front porch. Anyone can go up and take it away. Most people don't. First it is trespassing, second it is theft of property, third it is bad neighbor relations. Now the current laws seem to favor copyrighted software as PROPERTY. The machine in question was not a community delivery stand, it was not even next.com (NeXT's moat between them and the world), but it was an internal distribution mechanism between next and their campus consultants (you know the students who really helpful). Gettable is *not* public according to recent Morris conviction. It is noble to say "it is an acceptable practice" but the law says you are wrong. My post alluded to security holes, how many of you export your filesystems indiscriminantly? Quite a few I imagine. That makes a lot of things "gettable" and some of it copyrighted material. Stupid careless people are still protected by laws (myself included). This subject is an interesting one, and obviously one that anyone can flame at length about, but it probably should go off to misc.legal or comp.legal (if they still exist!). pasc
eps@toaster.SFSU.EDU (Eric P. Scott) (02/18/91)
NeXT needs to issue some sort of statement of direction; I could take the BBN sources and duplicate what Cal Thixton has done over the better part of a year (now that the kernel loader interface is documented and supported, and no, I'm not forgetting to credit Morris Meyer for his part in this), but I'd much rather not waste my time reinventing the wheel. -=EPS=- -- Major undertakings fall under the new "saneware" pricing schedule: If you have an L-shaped "Return" key you owe me $395. If you have a rectangular one, it's free. :-) :-) :-)
rca@cs.brown.edu (Ronald C.F. Antony) (02/18/91)
In article <5255@media-lab.MEDIA.MIT.EDU> lacsap@plethora.media.mit.edu (Pascal Chesnais) writes: >Gettable is *not* public according to recent Morris conviction. Well I think there is a big difference between "gettable" through security holes and something that is in the pub (remember this is short for public) directory of an ftp server that does not require any password. Even the most trivial password would indicate it is not public, but no password and /pub indicate that you may get it. NeXT should really have no problem sending a password by mail to their Campus reps. Now the only thing that had me made shut up is the fact that they removed the access to the directory later. But let's move on to more productive issues, e.g. is there anyone out there that is working on PPP? Ronald ------------------------------------------------------------------------------ "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." G.B. Shaw | rca@cs.brown.edu or antony@browncog.bitnet
bennett@mp.cs.niu.edu (Scott Bennett) (02/20/91)
In article <SCOTT.91Feb15154127@erick.gac.edu> scott@erick.gac.edu (Scott Hess) writes: >In article <BOB.91Feb15001422@remora.MorningStar.Com>, bob@MorningStar.Com (Bob Sutterfield) writes: > > In article <5231@media-lab.MEDIA.MIT.EDU> news@media-lab.MEDIA.MIT.EDU > > (Remote news user) writes: > > Er folks, it is really uncool to go onto a machine and grab stuff > > off unless invited to and then advertise it to the world. It will > > make NeXT more paranoid about how it deals with distributing of > > software. Regardless of legal issues, it is a questionable > > practice. Pascal, please spare us your attempt to place a chill on anonymous ftp distribution of material. I haven't seen any postings from next.com asking anybody to destroy material ftp'ed from their system. If you have seen such, please send me a copy or repost it here. > > > > If something is confidential then it shouldn't be put in an anonymous > > FTP area. If something is accessible via anonymous FTP then it is > > generally and reasonably assumed to be freely redistributable under > > the terms of any attached copyrights. > > > > If NeXT or any other company gets paranoid about normal and expected > > behavior in a given culture, then they should spend more time learning > > what's normal before trying to join that community. > >The site in question is a private site made availiable for certain >NeXT-internal stuff that it would be easier to let people ftp >than to mail it to all field personnel and campus consultants. As If the material is to be made available to a specific and exclusive group of people, then each of those people should be given a loginid so that their ftp session can be validated with their password. Each of those loginids should also be in a group. The directories and files that are to be restricted should be in the same group and the permissions set to allow access to the group while excluding "others". There is nothing new in all this. It is as old as the ftp(1) utility and the BSD networking code. It is also elementary UNIX security. >such, it's a service NeXT provides, albeit indirectly, so that >things can be done. If they are forced to remove it, it hampers >our ability to help you, and thus gets you in the end. > >I think the generally accepted etiquette is that if someone makes something >availiable _and_then_invites_people_to_access_it_, then they should >expect you to come get it. See my comments above. When directories and other files are made accessible via *anonymous* ftp, the invitation is implied and *assumed*. This is consistent with the UNIX philosophy of file permissions as well. > >Just because people leave their doors unlocked does not mean it >is "normal and expected" behaviour to walk in and steal their >silver dinner set. 'Nuff said. I'd be willing to bet that nothing was stolen. If we were to examine that directory immediately after the event in question, we would almost certainly find that everything was still there. > >Later, >-- >scott hess scott@gac.edu >Independent NeXT Developer GAC Undergrad ><I still speak for nobody> >"Tried anarchy, once. Found it had too many constraints . . ." >"Buy `Sweat 'n wit '2 Live Crew'`, a new weight loss program by >Richard Simmons . . ." Scott Bennett, Comm. ASMELG, CFIAG Systems Programming Northern Illinois University DeKalb, Illinois 60115 ********************************************************************** * Internet: bennett@cs.niu.edu * * BITNET: A01SJB1@NIU * *--------------------------------------------------------------------* * "WAR is the HEALTH of the STATE" --Albert Jay Nock (I think:-) * **********************************************************************
gilgalad@caen.engin.umich.edu (Ralph Seguin) (02/20/91)
In article <3191@unccvax.uncc.edu> cbenda@unccvax.uncc.edu (carl m benda) writes: >In article <5240@media-lab.MEDIA.MIT.EDU>, lacsap@plethora.media.mit.edu (Pascal Chesnais) writes: >> To clarify matters of where I am coming from- >> >> Next does not publically list any of its machines as anonymous >> ftp archive servers for the internet. If they have a security >> hole, I do not exploit it even though I know it exists. >> pasc Is this not the same thing as restricting access to some set of individuals. You CAN specify who gets FTP access to a machine. But, the rule goes: If it's anonymous FTP, then you had better be prepared to accept the consequences. >Not to start a flame war, but... you of all people comming from RMS land >up @ mit should realize the difference between publicly listing a machine >versus simply leaving a machine open for access. I.E. you don't announce >to the world that you are leaving your newspaper on the subway for someone >else to use when you get off at your stop, nevertheless, the newspaper IS >available to the public... If I were looking for good quality public domain >NeXT machine source code, blah_blah_.next.com is probably the first place I >would try. IF I'm wrong, let me know, but I always thought that if its >"getable" its public. I agree with this. >/Carl Ralph Seguin gilgalad@dip.eecs.umich.edu 536 South Forest Apt. #915 gilgalad@caen.engin.umich.edu Ann Arbor, MI 48104 (313) 662-4805
lang@panews (02/21/91)
In article <5240@media-lab.MEDIA.MIT.EDU>, lacsap@plethora.media.mit.edu (Pascal Chesnais) writes: > Next does not publically list any of its machines as anonymous > ftp archive servers for the internet. If they have a security > hole, I do not exploit it even though I know it exists. Anonymous ftp access is not a security "hole". It is enabled by several deliberate steps on the part of the system administrator. The instructions for enabling the anonymous ftp feature are very clear about the possibility of security problems and explain, step by step, how to avoid them. From the ftpd(8) man page: 4) If the user name is ``anonymous'' or ``ftp'', an anonymous ftp account must be present in the password file (user ``ftp''). In this case the user is allowed to log in by specifying any password... In the last case, ftpd takes special measures to restrict the client's access privileges. The server performs a chroot(2) command to the home directory of the ``ftp'' user. In order that system security is not breached, it is recom- mended that the ``ftp'' subtree be constructed with care: chroot makes it impossible for the anonymous ftp user to access any file not placed in the ~ftp directory. The page ends with a section including the following crystal-clear warning: The anonymous account is inherently dangerous and should avoided when possible. Anonymous ftp can only be enable by a deliberate choice of the system administrator. She cannot enable the feature without creating a special directory for anonymously accessible files. It is simpler for a system administrator to create a password-protected "friends" account for a select group. If you wish to opine as to why a system administrator would go to the trouble of setting up anonymous ftp if she did not wish the files to be accessible to all, please do so, but try to find a more appropriate newsgroup in which to do so. I would be more than happy to join you in alt.flame, to which followups have been redirected. :-) Be seeing you... ++Lang
flog@bernina.ethz.ch (Florian Gutzwiller) (03/20/91)
Gentlemen, I have reviewed all the comments about "SLIP from next.com". The binaries are no longer available from bernina.ethz.ch. I agree, that it is uncool to 'grab and publish', but I am in a very uncool situation without slip, and I thought that others would appreciate it too. I causes headache, when I type 'du -s /NextDeveloper/Demos' and my T2500 is being bored with terminal traffic instead of hard-core IP packets. Why doesn't NeXT add these few kilobytes of real-world technology ? -Florian