All: I am responding only to a valid discussion topic here, not to the general Troll that contained it.
On Wed, 2005-10-26 at 22:47 +0200, Alfred M. Szmidt wrote: > ,---- > | Emperor Alfred says: well, it's okay to be naked in public. Just > | ignore it. > | > | Hey, if you are an exhibitionist, go for it. Just don't connect to > | the public network, because when you do you create pain for everyone > | else in the world. Freedom comes with responsibility. > `---- The quoted statement above was a response to Alfred's suggestion that it is okay at some point to simply ignore known architectural security issues and get on with shipping a system. I hope that Alfred was simply repeating a widely held view. I do not know if he actually believes this view himself. The following is my *personal opinion* on the view that he repeated. It is a very strong opinion, and reasonable people might disagree with my view. In my opinion, ignoring known architectural security flaws in this way is NOT okay. In fact, I believe that this view is profoundly unethical, and that software architects should be held legally liable for damages when they adopt this view, and in certain cases that they should be imprisoned if they act on it. When an end user puts a known-insecure system on the net, they might as well put up a sign that says "please come use my machine to hack the next guy". This is bad, but the end user often doesn't know about the problem and doesn't have the expertise to fix it. The end user is responsible, but because (a) they do not understand the consequences and (b) there is no practical alternative, it is difficult to blame them or hold them practically accountable. When a system architect says: "let us just ignore some of the architectural security vulnerabilities and get on with it", this has implications. One of the implications is that a very large number of machines will be installed that will provide flexible platforms for attackers to use. In contrast to the end user, the system architect is *very* knowledgeable about the consequences of this behavior, and *is* in a position to fix it. If they make this decision knowingly and intentionally, they have made an *active* decision to create and support a threat to the world at large. At best, this is socially irresponsible behavior. I believe that software architects should be held to reasonable and professional standards of diligence, and that they should be legally liable if they fail to act according to these standards. This does not mean that software must be perfect. First, we don't know how to achieve this, and second, problems must be prioritized because we have finite resources to solve them. Also, we cannot hold people liable for shipping crap until it is concretely demonstrated that something better is possible. But *after* we demonstrate that, we should not continue to tolerate the shipping of crap -- this is how we should determine what the standards of diligence should be. The specific part of the "just ignore them and ship it" suggestion that makes me absolutely furious is the implication that software designers should have no responsibility for negligence. When this type of decision is made in the context of life-critical systems, it goes beyond negligence and may become a contribution to death. I do not know if Alfred holds this view or not. I hope that he does not, and my anger on this subject is not directed at him. It is directed at people who knowingly choose this irresponsible path, and in doing so, become collaborators in committing very real harm to a vast multitude of people. My hope for the Hurd is that it will significantly raise the expectations and demands of users concerning what is a minimally acceptable standard of excellence. If you will pardon a funny way to say it: Hurd needs to set a new standard for crap. (Just do not quote me out of context on that). And yes, I actually believe that it is possible for Hurd to do this. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
