Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!zephyr.ens.tek.com!tektronix!percy!m2xenix!quagga!hippo!spel From: spel@hippo.ru.ac.za (Dr. Eberhard W. Lisse) Newsgroups: comp.admin.policy Subject: Re: System admins looking for scapegoats Message-ID: Date: 15 Jun 91 05:22:24 GMT References: <20740@slice.ooc.uva.nl> <3689@charon.cwi.nl> Sender: usenet@quagga.ru.ac.za (Rhodes University NNTP server) Organization: Rhodes University, Grahamstown, South Africa Lines: 68 In <3689@charon.cwi.nl> jack@cwi.nl (Jack Jansen) writes: >The thing that really bothers me in the discussion about suspending >students that give away pasword files and the like is the shoot-the- >messenger mentality that a lot of sys admins seem to have. This surfaced >before in the Morris case, by the way, and is again very obvious in >numerous articles on this case. >True, students who mail out password files or write internet worms >should receive some punishment, but the main part of the blame lies >with the administrators. If I leave my bike unlocked and you nick it >you are guilty, but so am I. Wrong! He is guilty, you are plain stupid! :-)-O They won't send you to jail for it, just give the other guy extenuating circumstances. >Incidents like this are going to continue forever if the only answer >the sysadmins can come up with is punishing the perpetrator. The >*real* problem, imho, lies in the fact that a lot of people refuse >to see that the internet is a potentially hostile place, and that you >should take some measures to protect yourself. Failing to do so and >punishing students only buys you a false sense of security. After >all, don't expect the KGB (oops, outdated enemy.... uhm... well, whoever) >to make the same dumb mistakes as your undergrads do. Having followed this thread now for quite a while, I keep wondering, why are so many people whining? Even dumb medical students in a backwater (computer science wise [if they read that in Aachen ,they will kill me :-)-O]) German university five years ago knew exactly that you can play around as much as you like if you damage anything they will explain, if they catch you attacking the system they will read the riot act. If computer science majors or even post graduates in the USA tell me, sorry we didn't know, /etc/passwd can be cracked, nobody in his right mind should believed them. Similar things go for applying for acounts under false names and other things. They all whined AFTER they got caught doing something illegal or obnoxious. The idead is not to do anything the law, policy or the overworked system admins allow one to do and then claim due process. I have dealt with pretty stupid system administrators, one or two beeing downright obnoxious. But whatever happened, if you went there in person and bothered them long enough in their office they would stop giving you the runaround and fix it. Phoning, isn't good enough. Running a big box with something like 5000 active users would drive me crazy just form fixing honest mistakes 'Oops, here goes rm -rf!', 'mail to root: where are my files?, or what did this computer do to my files?' I run COPS occasionally and recently found /etc/passwd beeing world WRITEABLE. So of course I immediately reported this to our system adinistrators. (They are incredibly helpful. Me beeing 3000 km from this system have not even needed to use the phone if I had a problem) regards, el ps: comments on my use of English, vi, knowledge or experience to /dev/null (saves bandwidth), flames (please and be agressive :-)-O) by email to this address. -- Dr. Eberhard W. Lisse (spel@hippo.ru.ac.ZA) Katatura State Hospital (formerly extel@quagga.ru.ac.za) Private Bag 13215 (Real Soon Now ... el@lisse.NA) Windhoek, Namibia (no FTP yet. [This is Africa :-)-O])