[KLUG Advocacy] Re: Battle Creek vs ORBZ

[Mike Williams]

On Sat, 23 Mar 2002 11:29:04 -0500, members-request@kalamazoolinux.org >

>Laura Atkins, newly installed president of the non-profit anti-spam
>outfit
>SpamCon Foundation, said the code changes needed to correct the bug
>was
>"trivial" but one Gulliver, for one reason or another, was unwilling
>to
>correct."
>
>http://www.internetnews.com/bus-news/article/0,,3_995251,00.html
>
>I would criticize Battle Creek for continuing to use a server with
>known
>vulnerabilities.  But just because Gulliver wears a white hat
>doesn't mean
>that he can write buggy code, know about problems that cause a
>server to
>crash, and continue to use the code on servers owned by others.  He
>should pay the City for the time it took to get the server back up,
>and for
>any losses incurred.

So, the city of Battle Creek is suggesting that it's the responsibility of 
THE WHOLE INTERNET to play nice with their server and not send it anything 
it doesn't like?  When you put a server on the Internet, you are making if 
available to the whole world.  The responsibility of keeping a server from 
crashing, spamming, polluting the Internet with bad packets, or whatever 
lies solely on the entity that set it up.  Server's are supposed to 
interact with the Internet using established protocols.  If a server is 
unable to respond properly to a combination of established requests (heck, 
any requests) without crashing, that is the server's fault, not the person 
who managed to bring it down.  Even in the case of malicious hacking, the 
manager of the server bears responsibility for being caught napping.  

The above is, of course, my own personal opinion.  I make no guarantees 
that it's worth anything more than what you paid for it.