Re: [despammed] Re: cutting and pasting into vim in a kterm

[Josh Glover <jmglov@example.com>]

Quoting SN_Diamond <Norman.Diamond@example.com>:

> Have you heard of rtm?

[...]

> I do think he was punished far worse than he deserved.  He
> had tried to get Unix gurus to fix the bugs that he 
> pointed out, and no one cared until he showed them why
> they'd better care.

Well, that was not his intention. The famous worm was
actually begun as an experiment with the relatively young
Internet (in 1988, the Year of the Worm, the Internet was
limited to about 60,000 computers) and some elementary AI.
In fact, the worm was launched from the illustrious MIT AI
labs. The worm was supposed to simply serve as an experiment
on intelligent worms (and the worm was pretty brilliant, you
should read about it at:

http://www.mit.edu/people/eichin/virus/intro.html#goals

if you don't know much about how it worked) and to call
attention to the bugs in the BSD code that he was aware of,
and, as you say, had been telling people about for a couple
of years. The rapid "reproduction" of the worm was due to a
bug in the code. If I remember correctly, it was simply a
constant that he set too high or something like that. Said
bug caused the worm to fill the memory of a computer and
bring it down. Unintentional, but pretty devestating, as it
knocked down about 10% of the Internet, by estimates of MIT
officials. It pretty much took out all of MIT's stuff. The
only solution was unplug the router, patch sendmail and
finger and clear those damned /etc/hosts.equiv files on
*ALL* computers on your (potentially huge) network, and tell
all of your moronic users to change their passwords from
"god", "sex", their name, etc...

Anyway, rtm is a good guy and a hell of a computer
scientist, according to me. In fact, he is now with the MIT LCS:

http://www.pdos.lcs.mit.edu/~rtm/


> People who considered themselves victims of that worm had 
> really been asking for it.

Ah, back to the ages-old debate about victims vs. deserving
targets. I actually used to agree with you, to some point,
but when I put on the sacred hat of sysadmin, I changed my
tune pretty quickly. Yes, you do have a responsibility to
stay on top of vulnerabilities, but in some cases, you
either cannot get the hole patched in time, or a trusted
account is compromised, etc. So, something that is not your
fault causes your network to get nailed. And you are "asking
for it"? I think not.

I certainly don't mind too much when one of my co-workers is
clever enough to find a hole in one of my boxes, change my
screensaver to read, "Josh is an ass!", and then tell me how
to fix the hole, but I do mind when things fairly beyond my
control hurt me, and I do claim victim status on such
occasions. Even the most illustrious sysadmin cannot
possibly beat every cracker or mischief-maker in the world
to every vulnerability, every time! I have been lucky enough
to not be victimised yet, but I know it *will* happen,
sometime in my career.


---------------------------------------------------
"No segfault, no problem."

Josh Glover
jmglov@example.com
---------------------------------------------------