My Broadcast


Barry Shein (bzs@bu-cs.bu.edu)
Mon, 6 Apr 87 15:14:08 EDT


Mark Crispin --

I think your attack on UNIX is utterly unwarranted and devoid of
content. How you can compare it to ITS where everyone was effectively
a wheel is utterly beyond me.

UNIX exhibits no worse characteristics than other commonly used
systems. Even your beloved TOPS-20 had this charming feature of
unencrypted passwords so anyone gaining access to a priviliged
terminal for a few seconds could print every pwd on the system in
clear text with one command. Sure, that's fixed, but the fix came
recently, after DEC had dumped the product. We had to live with this
for years (and show me the local hack patches that "fixed" this and
I'll show you the local hack patches that fix any UNIX security flaw
you see.)

For the love of god Mark, Jordan broadcast a message to a lot of terminals.

That's it.

BFD, sure it could be annoying, but the originating site (and user,
although I admit that could be faked easily) was clearly printed and
easily (see etherfind for example) identified. To say your "systems
and data" were endangered by this broadcast is hyperbole, at best.

Can you condemn the entire UNIX operating system because a user was
able to SHOUT to a bunch of hosts he didn't own? Sounds flimsy to
me.

As to "muzzling" of unix security problems, there's an entire, active
mailing list on the internet devoted to nothing but discussing UNIX
security issues. What other operating system can claim this? (Ok,
these things are also freely discussed on some of the TOPS-20 lists,
no argument, but name another? I've seen this stuff specifically
stifled and people severely flamed on at least one other O/S's list.)

        -Barry Shein, Boston University

P.S. One thing I do agree with Mark about is that without the sources
you might be a sitting duck. This is one major reason I discourage
people from buying VMS.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:06 GMT