Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!ncar!boulder!sunybcs!bingvaxu!leah!itsgw!steinmetz!uunet!van-bc!sl From: sl@van-bc.UUCP (pri=-10 Stuart Lynne) Newsgroups: news.admin Subject: Re: How about a virus? Message-ID: <2099@van-bc.UUCP> Date: 4 Jan 89 20:35:27 GMT References: <1327@dretor.dciem.dnd.ca> <856@mailrus.cc.umich.edu> Reply-To: sl@van-bc.UUCP (pri=-10 Stuart Lynne) Organization: Wimsey Associates, Vancouver, BC. Lines: 50 In article <856@mailrus.cc.umich.edu> honey@citi.umich.edu (Peter Honeyman) writes: >chk@zorac.dciem.dnd.ca asks: >>So, how do we poor slobs get versions of the software *without* bugs? > >you BUY it. > This is not a flame, but out of interest, where can I buy a copy of HDB? Don't need source, just a binary, with all of the latest fixes, either your's or Ricks would do. It would also be nice if it wasn't priced more than the system I'm going to run it on (which is why we don't use ksh from the toolchest). Seems to me that there's a business opportunity here for someone. Get a valid license to distribute HDB, get fixes from Peter and Rick and distribute for Sun OS, SCO Xenix, System V/386, etc. If the vendors don't want to keep uptodate and there is a need to keep these systems secure then there is definitely an opportunity to make a buck. (Actually some vendors are quite interested, they just can't afford to mobilize quickly to fix security problems in a short time frame.) Of course it would be too much to ask that AT&T offer the source to someone like UUNET so that it could be done on a non-profit basis (or could the BSD version be separated out and made non AT&T Rick?). Would be a nice gesture though. UUNET could sell and support it and then perhaps Usenet UUCP links would be a little safer. Makes a nice counterpart to the services that they are already offerring. They are already (apparently) doing quite a lot of work to keep their copy of UUCP very secure. It wouldn't be too hard to get it ported to various other machines at very low cost (I'm sure there's quite a few people who would offer their consulting time at a nominal rate to port it to their system for UUNET). Distribution is easy, just do it via uucp. They already have a billing sytem. And then we wouldn't have to waste our time complaining at each other because we think that we've found bug's that will let bad people break in and now we're worried because we can't fix them because we can't afford to buy the source, and our vendor couldn't care less, and if he does he might get around to fixing it in six months, and it will be in the next release after that, which will be after he QA's it, and gets the manuals ready, say another six months..... -- Stuart.Lynne@wimsey.bc.ca {ubc-cs,uunet}!van-bc!sl Vancouver,BC,604-937-7532