Path: utzoo!attcan!uunet!ncrlnk!ncrcae!ece-csc!ncsuvx!gatech!bloom-beacon!tut.cis.ohio-state.edu!husc6!endor!reiter
From: reiter@endor.harvard.edu (Ehud Reiter)
Newsgroups: news.sysadmin
Subject: Virus: I blame the vendors
Message-ID: <563@husc6.harvard.edu>
Date: 9 Nov 88 14:07:45 GMT
Sender: news@husc6.harvard.edu
Reply-To: reiter@harvard.harvard.edu (Ehud Reiter)
Organization: Aiken Computation Lab Harvard, Cambridge, MA
Lines: 23

I think the vendors bear the lion's share of guilt in this affair.
Why the hell didn't Sun and friends fix these security holes ages ago?
I especially blame Sun, since
	a) I gather DEC had at least fixed the Sendmail/debug hole in ULTRIX
	b) Sun has been making a fuss about the snazzy new high-tech security
features in 4.0.  I wonder how many man-years those represent?  I wonder
how many man-hours (man-minutes?) it would have taken to fix the Sendmail
distribution?  My personal definition of `hacker': someone who loves writing
snazzy new code but refuses to do code maintanance.

A few months ago, I recommended to a friend that he buy a Sun for his lab.
If I was asked the same question today, I doubt I would make the same
recommendation, and I probably would suggest that he think twice about
getting any UNIX workstation, since my unfortunate gut feeling is that most	
other UNIX vendors are just as irresponsible as Sun.  If UNIX is going to
start prospering in the real world (which had better happen, because otherwise
IBM and DEC won't have any competition), then UNIX vendors are going to have
to start showing a modicum of real-world responsibility about boring little
details like maintanance and fixing security holes.

					Ehud Reiter
					reiter@harvard	(ARPA,BITNET,UUCP)
					reiter@harvard.harvard.EDU  (new ARPA)