In the white paper on the WaveLan site they mention that Carnegie Mellon University in Pittsburgh is actually implementing a WaveLan system across their campus. I'd talk to them before you do anything. Anyone from CMU's IT department care to comment?
Yes, you do own the roads -- as part of a group of owners who all have competing interests (i.e., the other taxpayers). They (I say they, because I bet you don't vote) have elected representatives to further their interests among the various competing groups who "own" the roads. These representatives have decided to regulate those who actually use the roads for the safety and security of all, and to ensure that those who do drive are actually capable of safely driving and keeping the roads moving. Whether or not this works is not the point. The point is that you are not alone on this planet, and what you do affects other people all the time. You have to have some way to get along without killing each other. Government and politics is a lousy way of doing it, but its all we've got at the moment. Quit bitching and figure out something better.
I'd say it still applies for each step of the process -- alpha and beta are just ways of describing the evolution of each release of the product, development tree or stable tree.
Alpha: The developers think it's done, more or less.
Beta: The testers think it's done, more or less..
1.0: The users think it's done... more or less..
1.8.3g: It's done. Time to start on the 2.0 release.:).
From the phrasing of your question, it is clear that the meaning of "responsibility" is being abused in this question. Is CDC responsible for writing BackOrifice? Of course. Are they responsible for what a user does with it? Of course, they designed it that way. Are they liable, guilty, or should they be punished for harm that occurs because of what a user does? OF COURSE NOT.
What??? you say. But they are responsible for what a user does with the software... Yes, they are. BackOrifice was designed with an express purpose and focus. It enables a user to do something that couldn't be done before. It gives the user a power that they didn't have before.
And that, my friends, is the dividing line. CDC is responsible for creating the power to do something, and giving it to everyone. They are not responsible for what use that power is put to. They can argue for responsible use of that power, but ultimately the liability, the responsibility, for the USE of the power lies squarely upon the user -- and, due to CDC's methods, the victim as well. This applies both to "benign" applications being abused, and "malicious" applications such as viruses.
Of course, the argument now would be: "if they didn't provide the power, it wouldn't be abused!" However, the potential for the power existed, indeed probably the power itself existed before CDC released BackOrifice. What CDC did (and incidentally, what BugTraq does) was level the playing field. If CDC had not done what they did, someone might have discovered the vulnerability and used it as a tool to really cause harm. But because they took the action they did, there is now a way to stop that gap, to block that vulnerability. Microsoft would not listen, so CDC proved it could be done. It could not be ignored any more -- they were essentially forcing a response as a desperate measure to prevent a larger catastrophe.
Thus, the "if the power doesn't exist, you can't abuse it" argument is a fallacy. The potential for the power existed -- it was only a matter of time before the power became available. You can't undo what has been done, you can't unknow what someone knows. So the question now becomes: would you rather the power be used by someone with... slightly different morals than CDC? Who would you give that power to?
The obvious answer to some, these days, is the government. I would say that we have already demonstrated in the US and other countries that giving power to the government is a mistake -- it should have the power to do the basic necessities, a necessary evil, nothing more. So the government is out. Do we deliver it to some trustworthy group or person to protect it and keep others from having it? A pleasant thought, but impossible -- how do you determine trustworthiness? And what if the power is needed by someone? (I hate to use the movie Independence Day as an example, but I can't think of anything else.) Would the group or person see the need to protect the power or be able to decide when it could be used?
Ok, can we destroy it? Well, in the particular case of BackOrifice, yes. Microsoft could take the steps to fix their operating system so that it is no longer possible to do what Back Orifice does. But in a larger sense, destroying the power to create viruses and malicious programs is just impossible. Code is so complex, there are so many variables, that there is no way to have a 100% bug-free program -- just like you can't have a bug-free life. It would foolish to try to either stamp out code problems entirely (an asymptotic progression of effort), so by corollary you can't entirely stop people from exploiting problems in the code. The only thing you can do is continually try to make things better. How do you do that?
Well, you have two choices: You can keep the power for yourself, develop it yourself, and use it to gain advantage over others, to control them, to bend them to your will and desire. Doing so may be justified, especially in the case where others may have an advantage over you already, or are threatening your survival. That is a decision for a person, town, state, and country to make on their own. This is the way that things have been done for a long time. The problem with this way is that people are human, and tend to be unwilling to give up the power, even after its usefulness is long past.
The second choice is the one espoused by the Free Software Foundation, BugTraq, CDC, and many others. That is the conscious decision to give that power to everyone. This places the responsibility for the use of the power squarely and equally on both the user and the victim. (You knew about it, the information was freely available, why didn't you do anything about it?) If everyone is in the same boat, the power theoretically cannot be used for advantage -- everyone is equally capable of using the power and preventing it from being used on them, if only by threat of retaliation (MAD, anyone?).
The issue some people have with this is that they don't want that responsibility. To that I can only say, Grow Up! Being an adult is about assuming the responsibilities of that state. This is not a perfect world. The second choice invariably results in some abuse and misuse of the power, since those who are unwilling to shoulder the responsibility for the power are at the mercy of those who would use the power to gain advantage. But there is nothing the Developer can do about that -- he is choosing the best course of action he can from host of perilous courses.
This second choice also allows something that is almost unique in history -- everyone can participate in the development and use of the power. All can see who is using it, abusing it, developing it, and defending against it, and all can use these actions and developments to further everyone's power and protection. Is this a better way than the old way of hoarding all your powers to use against others? I think so, and so do others. I think the damage created by releasing to everyone is much less than the chaos that could and will result from not distributing such power.
We'll find out soon enough, when our watchfulness weakens or fails -- or is legislated out of existence.
What if I want to cause harm to someone, because that is the only way to keep them from harming me? Mines are used in warfare quite often, and have saved as well as taken lives many, many times. I'll take responsibility for using my mines, as well as removing the mines when I am finished using them. The maker is NOT responsible for my misuse of the mines by leaving them in place to hurt innocent people. Causing harm can be a good thing or a bad thing, it is not an absolute in and of itself.
You use the gun to kill the person trying to kill you. In that instant, the only thing you are concerned about is staying alive. A bulletproof vest can help in this -- but if all I have is a vest, and he has a gun and is intent on killing me, the outcome is just as certain as if I had no vest. Using a gun to kill an attacker is the last line of defense, a bad solution to a worse problem. It is a terrible thing to take someone's life -- the only thing more terrible is to stand by and let it happen.
You guys are misunderstanding how NTFS does its permissions. NO ACCESS is a special permission, to be used in specific instances where there should be a very limited number of people who can access something. It is a failsafe, generally used on the Everyone group, to make sure that no one gets access through a slip-up in assigning a group or permission. However, it cannot defeat the FULL CONTROL permission. Why? Because FULL CONTROL does NOT allow you access to the file -- it gives you control over the external aspects of the file, including security and ownership. The relationship between FULL CONTROL and NO ACCESS is also a failsafe -- If NO ACCESS could block everything, then a user could create innumerable large files that the administrator could not then delete, creating a denial of service by filling up the hard drive permanently(unless you're running some sort of quota software). All that being said, this IS a bug. However, it is one that has no real impact at all. I can delete the offending files if I have FULL CONTROL, or I can change the security on the files with my FULL CONTROL and then delete them (or read them!). The end result is the same -- and it keeps a serious problem from ever occurring.
Slashdot Mirror
In the white paper on the WaveLan site they mention that Carnegie Mellon University in Pittsburgh is actually implementing a WaveLan system across their campus. I'd talk to them before you do anything. Anyone from CMU's IT department care to comment?
WaveLan white paper
Aetius
By default, the computer on the mast would be grounded -- power connections. :( I suppose you could figure out a solar array...
Yes, you do own the roads -- as part of a group of owners who all have competing interests (i.e., the other taxpayers). They (I say they, because I bet you don't vote) have elected representatives to further their interests among the various competing groups who "own" the roads. These representatives have decided to regulate those who actually use the roads for the safety and security of all, and to ensure that those who do drive are actually capable of safely driving and keeping the roads moving. Whether or not this works is not the point. The point is that you are not alone on this planet, and what you do affects other people all the time. You have to have some way to get along without killing each other. Government and politics is a lousy way of doing it, but its all we've got at the moment. Quit bitching and figure out something better.
I'd say it still applies for each step of the process -- alpha and beta are just ways of describing the evolution of each release of the product, development tree or stable tree.
Alpha: The developers think it's done, more or less.
Beta: The testers think it's done, more or less..
1.0: The users think it's done... more or less..
1.8.3g: It's done. Time to start on the 2.0 release. :).
From the phrasing of your question, it is clear that the meaning of "responsibility" is being abused in this question. Is CDC responsible for writing BackOrifice? Of course. Are they responsible for what a user does with it? Of course, they designed it that way. Are they liable, guilty, or should they be punished for harm that occurs because of what a user does? OF COURSE NOT.
What??? you say. But they are responsible for what a user does with the software... Yes, they are. BackOrifice was designed with an express purpose and focus. It enables a user to do something that couldn't be done before. It gives the user a power that they didn't have before.
And that, my friends, is the dividing line. CDC is responsible for creating the power to do something, and giving it to everyone. They are not responsible for what use that power is put to. They can argue for responsible use of that power, but ultimately the liability, the responsibility, for the USE of the power lies squarely upon the user -- and, due to CDC's methods, the victim as well. This applies both to "benign" applications being abused, and "malicious" applications such as viruses.
Of course, the argument now would be: "if they didn't provide the power, it wouldn't be abused!" However, the potential for the power existed, indeed probably the power itself existed before CDC released BackOrifice. What CDC did (and incidentally, what BugTraq does) was level the playing field. If CDC had not done what they did, someone might have discovered the vulnerability and used it as a tool to really cause harm. But because they took the action they did, there is now a way to stop that gap, to block that vulnerability. Microsoft would not listen, so CDC proved it could be done. It could not be ignored any more -- they were essentially forcing a response as a desperate measure to prevent a larger catastrophe.
Thus, the "if the power doesn't exist, you can't abuse it" argument is a fallacy. The potential for the power existed -- it was only a matter of time before the power became available. You can't undo what has been done, you can't unknow what someone knows. So the question now becomes: would you rather the power be used by someone with ... slightly different morals than CDC? Who would you give that power to?
The obvious answer to some, these days, is the government. I would say that we have already demonstrated in the US and other countries that giving power to the government is a mistake -- it should have the power to do the basic necessities, a necessary evil, nothing more. So the government is out. Do we deliver it to some trustworthy group or person to protect it and keep others from having it? A pleasant thought, but impossible -- how do you determine trustworthiness? And what if the power is needed by someone? (I hate to use the movie Independence Day as an example, but I can't think of anything else.) Would the group or person see the need to protect the power or be able to decide when it could be used?
Ok, can we destroy it? Well, in the particular case of BackOrifice, yes. Microsoft could take the steps to fix their operating system so that it is no longer possible to do what Back Orifice does. But in a larger sense, destroying the power to create viruses and malicious programs is just impossible. Code is so complex, there are so many variables, that there is no way to have a 100% bug-free program -- just like you can't have a bug-free life. It would foolish to try to either stamp out code problems entirely (an asymptotic progression of effort), so by corollary you can't entirely stop people from exploiting problems in the code. The only thing you can do is continually try to make things better. How do you do that?
Well, you have two choices: You can keep the power for yourself, develop it yourself, and use it to gain advantage over others, to control them, to bend them to your will and desire. Doing so may be justified, especially in the case where others may have an advantage over you already, or are threatening your survival. That is a decision for a person, town, state, and country to make on their own. This is the way that things have been done for a long time. The problem with this way is that people are human, and tend to be unwilling to give up the power, even after its usefulness is long past.
The second choice is the one espoused by the Free Software Foundation, BugTraq, CDC, and many others. That is the conscious decision to give that power to everyone. This places the responsibility for the use of the power squarely and equally on both the user and the victim. (You knew about it, the information was freely available, why didn't you do anything about it?) If everyone is in the same boat, the power theoretically cannot be used for advantage -- everyone is equally capable of using the power and preventing it from being used on them, if only by threat of retaliation (MAD, anyone?).
The issue some people have with this is that they don't want that responsibility. To that I can only say, Grow Up! Being an adult is about assuming the responsibilities of that state. This is not a perfect world. The second choice invariably results in some abuse and misuse of the power, since those who are unwilling to shoulder the responsibility for the power are at the mercy of those who would use the power to gain advantage. But there is nothing the Developer can do about that -- he is choosing the best course of action he can from host of perilous courses.
This second choice also allows something that is almost unique in history -- everyone can participate in the development and use of the power. All can see who is using it, abusing it, developing it, and defending against it, and all can use these actions and developments to further everyone's power and protection. Is this a better way than the old way of hoarding all your powers to use against others? I think so, and so do others. I think the damage created by releasing to everyone is much less than the chaos that could and will result from not distributing such power.
We'll find out soon enough, when our watchfulness weakens or fails -- or is legislated out of existence.
What if I want to cause harm to someone, because that is the only way to keep them from harming me? Mines are used in warfare quite often, and have saved as well as taken lives many, many times. I'll take responsibility for using my mines, as well as removing the mines when I am finished using them. The maker is NOT responsible for my misuse of the mines by leaving them in place to hurt innocent people. Causing harm can be a good thing or a bad thing, it is not an absolute in and of itself.
You use the gun to kill the person trying to kill you. In that instant, the only thing you are concerned about is staying alive. A bulletproof vest can help in this -- but if all I have is a vest, and he has a gun and is intent on killing me, the outcome is just as certain as if I had no vest. Using a gun to kill an attacker is the last line of defense, a bad solution to a worse problem. It is a terrible thing to take someone's life -- the only thing more terrible is to stand by and let it happen.
Open source in this instance means non-classified material. The parallel is interesting, though.
You guys are misunderstanding how NTFS does its permissions. NO ACCESS is a special permission, to be used in specific instances where there should be a very limited number of people who can access something. It is a failsafe, generally used on the Everyone group, to make sure that no one gets access through a slip-up in assigning a group or permission. However, it cannot defeat the FULL CONTROL permission. Why? Because FULL CONTROL does NOT allow you access to the file -- it gives you control over the external aspects of the file, including security and ownership. The relationship between FULL CONTROL and NO ACCESS is also a failsafe -- If NO ACCESS could block everything, then a user could create innumerable large files that the administrator could not then delete, creating a denial of service by filling up the hard drive permanently(unless you're running some sort of quota software). All that being said, this IS a bug. However, it is one that has no real impact at all. I can delete the offending files if I have FULL CONTROL, or I can change the security on the files with my FULL CONTROL and then delete them (or read them!). The end result is the same -- and it keeps a serious problem from ever occurring.