Re: Call to arms - INFORMATION ANARCHY

From: ICS Athens (jperrin1@COLUMBUS.RR.COM)
Date: 11/03/01 

Message-ID:  <002601c16408$3b020a70$9b01a8c0@midnight>
Date:         Fri, 2 Nov 2001 20:38:20 -0500
From: ICS Athens <jperrin1@COLUMBUS.RR.COM>
Subject:      Re: Call to arms - INFORMATION ANARCHY
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Since everyone seems to be putting their two cents in on the subject I
felt compelled to inflict my belief system on the rest of you also. I work
for Ohio University as a member of the technical support staff. I do not
administer the networks, I do not code software or scripts of any kind. I
deal with the users. I deal with the people who have no knowledge of what
goes on behind the scenes. They are faculty members with PhD's, MBA's and
generally many other letters after their names, but when it comes to
computers they trust the experts. They call us for help. I take each call as
personally as I can because to the person on the other end of the phone it
is their research, or their family contact, or their grades that they lose
if the computers don't work for them. These people, as bright as they are,
don't care about white hat or black. They don't care why the network is
down, just that it is. Because of this I believe that software
manufacturers face a certain level of responsibility. I read the EULA of the
software I use, and each time what I see scares me. They hold no liability
if it fails. If I take it out of the packaging I accept the license that I
can't even read until I open the thing. I think this is way beyond
irresponsible, given the interdependence of computers and modern life. If
software manufacturers are going to release flawed, vulnerable, or just
flat-out poor code, then we deserve to know about it. We know the mileage of
our cars, the size of the engine. We know the side-effects of the
medications we take. Computers and therefore software have become just as
important in recent times, and we deserve to know what is inside. I don't
want a copy of the M$ Windows source code. I want to know that people are
testing it, just like we test medicines and cars. I understand that flaws
will get through and that vulnerabilities change, but as long as companies
like M$ refuse to admit that a bug exists until it is too late, I want holes
posted. I want groups threatening microsoft with exposure. Some level of
equilibrium must be reached. Because while we debate and M$ attempts to bury
the squeaky wheel rather than patch it, I must deal with a user who wants to
know why his computer "won't work". We must stand up against corporate
pressure and threats. Continue to look for holes and bugs, and publish them,
but do so responsibly. Recklessness will only hurt our efforts.

Feel free to reply to me in person if you want.

Jim

----- Original Message -----
From: "Kurt Seifried" <listuser@SEIFRIED.ORG>
To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Sent: Friday, November 02, 2001 18:52
Subject: Re: Call to arms - INFORMATION ANARCHY

> something theo deRadt pointed out to me this summer (quoting him roughly):
>
> Users shouldn't have to be security administrators. They should not be
> required to understand all the ines and outs of a package they just want
to
> use to get work done. Hence the secure by default stance of OpenBSD.
>
> As an example: my parents have several windows machines, I have tried to
> educate them as to how to use MS update, run virus scan update, etc. They
> have sort of learned, but do not remember to do it, it's like asking
someone
> to change the oil in their car once a day. These aren't stupid people
> either, both have PhD's and my mother was a fortran programmer way back in
> the day. I figure if people like that can't handle managing their machines
> (especially when there are four identical ones [don't ask]) the "unwashed
> masses" (to use a colorful phrase) with a single computer haven't got a
> snowballs chance in florida. Heck, even me, with an MCSE and full time
> career in infosec I have trouble keeping on top of all this crap vendors
> push out.
>
> Kurt
>
>
============================================================================
> Delivery co-sponsored by Trend Micro, Inc.
>
============================================================================
> BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
> Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
> Microsoft Exchange 2000 between October 1 and November 16. ScanMail
> ensures 100% scanning of inbound and outbound traffic and provides
> remote software management. For program details or to download your
> 30-day FREE evaluation copy:
> http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
> ntivirus.com/smex2000_rebate
>

Relevant Pages

  • Re: Driverless Car ?!
    ... Assuming that there would be fewer crashes with automated cars on ... Y2K bugs. ... physicists (or chemist, or biologists depending what the application ... computers work...or rather, don't work. ...
    (sci.physics)
  • Re: The Cult Of Mac
    ... Beer, sports, cars, computers, power tools, game ... I don't see people buy different kids of skateboards ... There are Mac zealots just as ...
    (comp.sys.mac.advocacy)
  • Re: SP2 - Why bother?
    ... Computers and cars are products, consumable items. ... hotfixes or Service packs. ...
    (microsoft.public.windowsxp.general)
  • Re: Quad Core PC for less than a Mac Mini
    ... A meaningless one when compared to computers. ... Cars are not. ... Cars are quite easy for a friend of mine to assemble, ... home is an example of a cost avoidance of eating out. ...
    (comp.sys.mac.advocacy)
  • Re: OT- telemarketing
    ... computers, I pay for my network connection, I pay for my ... Same as company cars paid for by the company, along with the auto insurance for those cars, if cars are required for their jobs. ... until 6 years ago) the company _allowed_ people to telecommute, but for most of us they did not pay for computers, modems or network connections, unless the person telecommuted almost exclusively. ...
    (rec.pets.dogs.behavior)