lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: rms at telekom.yu (cikasole)
Subject: New therad: sasser, costs, support etc
	alltogether

On Fri, 2004-05-14 at 17:27, Radule Soskic wrote:


> I can't post this to all the threads that I would like to, so I'm
> opening a new one. 
> 
> Follow this:
> 
> 1. MS is wrongdoing by releasing (and charging for use of) software that
> has bugs in it. Users of such software have losses in time/money by
> trying to keep up with applying pathches, or just by trying to keep the
> uptime high.
> 
I am sorry for mentioning explicitly one single SW vendor. It was not my
original idea. So, please, apply a correction here: instead of "MS is"
there should be: "SW vendors are". Also the part between the brackets
"(and charging for use of it)" is to be omitted completely. It's just
me, whose perception of decent software engineering was badly influenced
by 10+ years of work in embedded systems, real-time control and
telecommunications systems software, all of which are being *tested*
before delivered to the market. So, it's my problem of applying
inadequately high standards to a widely accepted class of products. MS
is *not* wrongdoing. They are simply doing best they know. And so are
their customers. And, yes, I tend to forget how many people out there
couldn't pay their bills without MS being around. Sorry, folks. Just
don't be angry at me. Nobody's perfect. 

> 2. Admins are wrongdoing by not applying patches to the systems they
> maintain. There are losses tied to such misspractice, too.
> 
It's their job. They are paid for it. They should do it. OK? If they
don't - what then? Give them a raise?

> 3. Worm authors are wrongdoing by writing software that propagate
> through the networks by exploiting all of the above. Again, the losses
> occur in time/money spent to remove the worms from the systems affected.
> 
These guys are *really* bad. I hope all of them will get into jail soon.
So, we all can enjoy our bugs in wormless peace. 

Now, talking to myself:
> It is obvious that almost every legal system in the world treats #3 as
> crime, while #2 and #1 are broadly tolerated. Noone here is against the
> book of law, but it just seems to be in contrast to the natural and
> intuitive feeling of justice that majority of people might have
> regarding the issues like these. See - only one of the three wrongdoers
> is being punished. 
> 
> Is it right? Or - is it wrong? 

It's wrong.

> 
> BTW, I have a funny feeling that damages/losses caused by #3 might very
> often be far less than the ones caused by #2 and #1. 
> 

It's really funny.

> Am I alone?
> 
Yes, you are

> cikasole
> 
> 
> 
Never dive in shallow water.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ