Xref: utzoo news.admin:1923 news.sysadmin:642 comp.unix.wizards:7617 comp.unix.xenix:1871 misc.headlines:2628 Path: utzoo!mnetor!uunet!nuchat!elg From: elg@nuchat.UUCP (Eric Green) Newsgroups: news.admin,news.sysadmin,comp.unix.wizards,comp.unix.xenix,misc.headlines Subject: Re: Site 'killer' update Message-ID: <901@nuchat.UUCP> Date: 7 Apr 88 07:34:56 GMT References: <8350@netsys.UUCP> Organization: Public Access - Houston, Tx Lines: 49 From article <8350@netsys.UUCP>, by len@netsys.UUCP: > After speaking to him for about two hours on the phone,the explicit > reason was: Charles Boykin was ACCUSED of source piracy,Unix source > to be explicit. Note that Charles Boykin is at least peripherally related with AT&T, so please, before everybody starts flaming AT&T, calm down, count slowly from one to ten, and keep your hands off the "f" key. Getting someone in trouble with their employer is not a good way to earn lasting friendship. With that out of the way, back to the main issue at hand. The problem of BBS systems being accused of harboring pirated software is not new. A Baton Rouge computer club, for example, had their equipment siezed for a few weeks, until the cops detirmined that the guy who made the complaint was, in fact, the same person that uploaded the pirated software (he had a history of strife with the officers of the club). On my BBS system, I have it set up so that I must personally validate every file before it is made available for download. For a public access Unix, however, that's out of the question -- if a person has shell access, he/she can do just about anything. The "answer", then, is for there to be no shell access. Which means that it is no longer a public access Unix system. It's just a big overgrown BBS that happens to run on a Unix system. In other words, that's no answer at all. If it is a public access Unix system, the people who use it must be trusted, somewhat. There will always be a potential for abuse, and you must have at least some means in place for detecting abuse (such as, perhaps, logging file transfers by modifying the appropriate protocol programs). Such procedures probably would suffice as a demonstration that you were acting "in good faith". Als, note that you don't have to worry about AT&T security busting in your door (remember, "killer" was AT&T-supported). Local U.S. Marshals, maybe, if AT&T decides to press charges in a court of law, and gets a motion for seizure of appropriate evidence. But I doubt it would ever get to that point... the most you could probably expect would be discreet inquiries from AT&T security personel, advising you to make sure your system has no AT&T source on it, because "it'd be such a shame to have to seize your system...". Even AT&T occasionally worries about bad publicity, such as that an extended court case would generate in relation to a public forum such as USENET. The Phone Company of the movie "The President's Analyst" exists no more. -- Eric Lee Green P.O. Box 92191 Lafayette, LA 70509 uunet!nuchat!elg "I survived the Flood of '88"