[ale] AT&T Broadband blocking inbound http?

Thu Aug 9 10:57:20 EDT 2001

Jonathan Rickman wrote:
> 
> On Thu, 9 Aug 2001, Wandered Inn wrote:
> 
> > SAngell at nan.net wrote:
> > >
> > > I wonder at what point we will begin to hear talk of liabilities being imposed
> > > on those individuals who refuse to perform maintenance on the machines that are
> > > still left un-patched.
> 
> Bite your tongue. The situation is bad enough without an army of lawyers
> contributing to the confusion.
> 
> > I think it should be handled like a recall.  The CREATOR of the
> > DEFECTIVE product should be responsible for correcting the problem as
> > well as liable for damages, prior to the recall.
> 
> That's probably not a very good idea. A very limited number of players have the
> financial resources to handle that sort of thing. What happens when the next
> Apache, Samba, [insert any other open source package] bug is discovered? Will
> every developer that ever worked on it be held liable or just the company...oh
> wait, what company? Guess we'll have to sue the developers...

Companies recall stuff all the time.  That system works.  Part of the
problem with software is that there is no responsibility for in-action. 
No, I don't want to see Apache/Samba or any other individual developers
sued, as they would just quick doing it.  What I would like to see is
for companies to take responsibility for their poor efforts.  You know
as well as I do that when there's a hole in Apache, or most any other
free software, the patch is available within hours.  Companies like M$
provide patches when they get around to it and only when someone else
points it out.  I've never heard of M$ saying: "We found a security
problem with Microsoft Virus transport protocol, so you can get your
patch here."

> 
> > If the brakes on my car fail and I have a wreck because of a defective
> > design, the automobile manufacturer would be found at fault.  Look at
> > the recent Ford/Firestone fiasco.
> 
> Apples and Oranges. Code Red isn't killing anyone, and contrary to what many
> are claiming...it isn't costing billions of dollars either.

I'm not comparing it to the loss of life, so maybe the Ford/Firestone
example was a poor one.  I'll give you another.  I just bought a house
and the cabinets are white, but the doors are turning yellow.  The
company that manufactured them is going to repair them for free because
it is a defect.  They are NOT telling me where I can get the free paint
to paint them myself.

> The businesses who
> experienced downtime due to the worm have nobody to blame but themselves for not
> patching.

Agreed.

> If somebody claims they lost business 'cause their DSL connection was
> flooded...gimme a break. You're running a business. Number one...get a decent
> SLA and hold the provider to it. They're the ones with the resources to stop it.

Agreed again.

> Number two...if it's that critical, you should have some redundancy. If you
> can't afford redundancy then you aren't making enough money to justify the
> overblown damage estimates that you are feeding everyone in the first place.

Agreed again..

> This Code Red thing is a fairly major problem, yes. But it's not the end of the
> world, contrary to what some in the media would love to keep us believing.

Ditto.

> 
> --
> Jonathan Rickman
> X Corps Security
> http://www.xcorps.net
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

"Great spirits have always found violent opposition from mediocre minds.
The latter cannot understand it when a man does not thoughtlessly submit
to hereditary prejudices but honestly and courageously uses his
intelligence." - Albert Einstein
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.