Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ucbvax!BU-CS.BU.EDU!bzs From: bzs@BU-CS.BU.EDU.UUCP Newsgroups: mod.protocols.tcp-ip Subject: My Broadcast Message-ID: <8704061914.AA18505@bu-cs.bu.edu> Date: Mon, 6-Apr-87 14:14:08 EST Article-I.D.: bu-cs.8704061914.AA18505 Posted: Mon Apr 6 14:14:08 1987 Date-Received: Wed, 8-Apr-87 04:37:46 EST References: <12292273571.8.MRC@PANDA> Sender: daemon@ucbvax.BERKELEY.EDU Distribution: world Organization: The ARPA Internet Lines: 42 Approved: tcp-ip@sri-nic.arpa Mark Crispin -- I think your attack on UNIX is utterly unwarranted and devoid of content. How you can compare it to ITS where everyone was effectively a wheel is utterly beyond me. UNIX exhibits no worse characteristics than other commonly used systems. Even your beloved TOPS-20 had this charming feature of unencrypted passwords so anyone gaining access to a priviliged terminal for a few seconds could print every pwd on the system in clear text with one command. Sure, that's fixed, but the fix came recently, after DEC had dumped the product. We had to live with this for years (and show me the local hack patches that "fixed" this and I'll show you the local hack patches that fix any UNIX security flaw you see.) For the love of god Mark, Jordan broadcast a message to a lot of terminals. That's it. BFD, sure it could be annoying, but the originating site (and user, although I admit that could be faked easily) was clearly printed and easily (see etherfind for example) identified. To say your "systems and data" were endangered by this broadcast is hyperbole, at best. Can you condemn the entire UNIX operating system because a user was able to SHOUT to a bunch of hosts he didn't own? Sounds flimsy to me. As to "muzzling" of unix security problems, there's an entire, active mailing list on the internet devoted to nothing but discussing UNIX security issues. What other operating system can claim this? (Ok, these things are also freely discussed on some of the TOPS-20 lists, no argument, but name another? I've seen this stuff specifically stifled and people severely flamed on at least one other O/S's list.) -Barry Shein, Boston University P.S. One thing I do agree with Mark about is that without the sources you might be a sitting duck. This is one major reason I discourage people from buying VMS.