Path: utzoo!utgpu!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!ukma!tut.cis.ohio-state.edu!husc6!hscfvax!pavlov
From: pavlov@hscfvax.harvard.edu (G.Pavlov)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Morris bashers...
Keywords: He's no hero, but...
Message-ID: <661@hscfvax.harvard.edu>
Date: 9 Nov 88 22:07:20 GMT
References: <3481@hubcap.UUCP> <76593@sun.uucp>
Organization: Health Sciences Computing Facility, Harvard University
Lines: 36

In article <76593@sun.uucp>, dre%ember@Sun.COM (David Emberson) writes:
> 
> > DISCLAIMER: If Mr. Emberson has spent the last four years  trying
> > to  get  everyone  he  knows  to  turn off "debug" on their send-
> > mails... my apologies to him.
> 
> I have much better things to do with my time, which was one of my points.
> 
    Great.  But time enough to waste discussing Mr. Morris :-)

    It is hard to accept that our Unix system vendors promote this half-baked
    attitude.  But given the number of people who have stepped forth to pro-
    claim that they, too, knew about this hole and were kind enough not to
    muck around with our systems really makes me wonder who takes responsibi-
    lity for what.

    I run an end-user shop.  I adopted Unix for several reasons, a big one
    being the flexibility it gives me in selecting hardware and bargaining
    with vendors.  In turn, I expect that I and my people have to invest
    a lot of time in understanding what we are working with, arcane manuals
    and all.  Fair enough.  But to learn that our current and (maybe) future
    vendors distribute software with known and easily-fixed security bugs is
    disheartening in the least.

    There is, to me, a touch of insanity in this security issue.  I have seen
    innumerable messages during the past three years, which state that yes,
    there are problems, but no, we will not discuss them because that will
    simply invite potential destruction and havoc.  So instead, we learn 
    about them after they are mass-broadcast through the press.

    Is this the only way ?  Or does everyone like me have to spend whatever
    Unix saves us on developing/paying for the necessary expertise to protect
    ourselves ?  

     greg pavlov, fstrf, amherst, ny