* GNU.org is down
@ 2003-12-09 16:52 Markus Weimer
2003-12-10 5:47 ` David Steuber
0 siblings, 1 reply; 18+ messages in thread
From: Markus Weimer @ 2003-12-09 16:52 UTC (permalink / raw)
Hi,
apperently, gnu.org is down. Is anyone aware of a mirror?
Thanks in advance,
Markus Weimer
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-09 16:52 GNU.org is down Markus Weimer
@ 2003-12-10 5:47 ` David Steuber
2003-12-10 7:55 ` Pascal Bourguignon
0 siblings, 1 reply; 18+ messages in thread
From: David Steuber @ 2003-12-10 5:47 UTC (permalink / raw)
Markus Weimer <newsgroup@markus-weimer.com> writes:
> apperently, gnu.org is down. Is anyone aware of a mirror?
I guess that's why I can't hit CVS on subversions.gnu.org. Anyone
know what the deal is?
--
One Emacs to rule them all. One Emacs to find them,
One Emacs to take commands and to the keystrokes bind them,
All other programming languages wish they were Lisp.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 5:47 ` David Steuber
@ 2003-12-10 7:55 ` Pascal Bourguignon
2003-12-10 16:05 ` David Steuber
0 siblings, 1 reply; 18+ messages in thread
From: Pascal Bourguignon @ 2003-12-10 7:55 UTC (permalink / raw)
David Steuber <david.steuber@verizon.net> writes:
> Markus Weimer <newsgroup@markus-weimer.com> writes:
>
> > apperently, gnu.org is down. Is anyone aware of a mirror?
>
> I guess that's why I can't hit CVS on subversions.gnu.org. Anyone
> know what the deal is?
Check http://savannah.gnu.org/statement.html
--
__Pascal_Bourguignon__ . * * . * .* .
http://www.informatimago.com/ . * . .*
There is no worse tyranny than to force * . . /\ () . *
a man to pay for what he does not . . / .\ . * .
want merely because you think it .*. / * \ . .
would be good for him. -- Robert Heinlein . /* o \ .
http://www.theadvocates.org/ * '''||''' .
SCO Spam-magnet: postmaster@sco.com ******************
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 7:55 ` Pascal Bourguignon
@ 2003-12-10 16:05 ` David Steuber
2003-12-10 16:23 ` David Kastrup
` (2 more replies)
0 siblings, 3 replies; 18+ messages in thread
From: David Steuber @ 2003-12-10 16:05 UTC (permalink / raw)
Pascal Bourguignon <spam@thalassa.informatimago.com> writes:
> David Steuber <david.steuber@verizon.net> writes:
>
> > Markus Weimer <newsgroup@markus-weimer.com> writes:
> >
> > > apperently, gnu.org is down. Is anyone aware of a mirror?
> >
> > I guess that's why I can't hit CVS on subversions.gnu.org. Anyone
> > know what the deal is?
>
> Check http://savannah.gnu.org/statement.html
Well this sucks big time I must say.
There seems to be no ETA on the CVS repository being fully restored.
I guess those things are hard to guage in a situation like this.
When CVS is fully restored, will I have to use SSH in the future?
I've been doing the following:
cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs
I'm pretty sure I have not been using SSH as I only do checkouts and
don't have an account. I've never done CVS via SSH so far as I know.
--
One Emacs to rule them all. One Emacs to find them,
One Emacs to take commands and to the keystrokes bind them,
All other programming languages wish they were Lisp.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 16:05 ` David Steuber
@ 2003-12-10 16:23 ` David Kastrup
2003-12-11 1:17 ` Tim McNamara
` (3 more replies)
2003-12-10 16:57 ` Eli Zaretskii
2003-12-11 14:44 ` V. L. Simpson
2 siblings, 4 replies; 18+ messages in thread
From: David Kastrup @ 2003-12-10 16:23 UTC (permalink / raw)
David Steuber <david.steuber@verizon.net> writes:
> Pascal Bourguignon <spam@thalassa.informatimago.com> writes:
>
> > David Steuber <david.steuber@verizon.net> writes:
> >
> > > Markus Weimer <newsgroup@markus-weimer.com> writes:
> > >
> > > > apperently, gnu.org is down. Is anyone aware of a mirror?
> > >
> > > I guess that's why I can't hit CVS on subversions.gnu.org. Anyone
> > > know what the deal is?
> >
> > Check http://savannah.gnu.org/statement.html
>
> Well this sucks big time I must say.
Complain to the involved criminals. It is sad that scum like that
does not even refrain from destroying infrastructure for the common
good. The FSF has to cope with the equivalent of finding that someone
has gone to considerable criminal effort in order to achieve the
equivalent of wiring explosives into a Red Cross building or poisoning
the food in soup kitchens: it was a rather obscure vulnerability that
the perpetrators used for that attack.
So there is not much one can do except boost the security to levels
one should normally only consider necessary for military or
intelligence instead of charity operations.
Maintaining a consistent high level of security causes a severe drain
of usability and accessibility (as you have noticed), and it also
requires considerable human resources permanently.
What kind of people gleefully cause a considerable permanent damage to
a charity instead of elsewhere "just" for the hope of monetary gains?
I hope that they are found and dealt with in proportion to their
crime and the impact it will have.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 16:05 ` David Steuber
2003-12-10 16:23 ` David Kastrup
@ 2003-12-10 16:57 ` Eli Zaretskii
2003-12-11 14:44 ` V. L. Simpson
2 siblings, 0 replies; 18+ messages in thread
From: Eli Zaretskii @ 2003-12-10 16:57 UTC (permalink / raw)
> Newsgroups: gnu.emacs.help
> From: David Steuber <david.steuber@verizon.net>
> Date: Wed, 10 Dec 2003 16:05:23 GMT
>
> Well this sucks big time I must say.
>
> There seems to be no ETA on the CVS repository being fully restored.
> I guess those things are hard to guage in a situation like this.
>
> When CVS is fully restored, will I have to use SSH in the future?
You misunderstood, I think: first, anon CVS will continue to be
available; and second, it is _already_ available. (That is, people
can check-out files, but the maintainers still cannot check-in new
code.) Perhaps the Savannah staff didn't update their Web pages to
that effect yet.
> I've been doing the following:
>
> cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs
>
> I'm pretty sure I have not been using SSH as I only do checkouts and
> don't have an account. I've never done CVS via SSH so far as I know.
You won't need to. Anon CVS is limited to read-only access to the CVS
tree, and as such, its security requirements are much lower than for
people who want write access.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 16:23 ` David Kastrup
@ 2003-12-11 1:17 ` Tim McNamara
2003-12-12 7:53 ` Bob Nelson
` (2 subsequent siblings)
3 siblings, 0 replies; 18+ messages in thread
From: Tim McNamara @ 2003-12-11 1:17 UTC (permalink / raw)
David Kastrup <dak@gnu.org> writes:
> David Steuber <david.steuber@verizon.net> writes:
>
>> Well this sucks big time I must say.
>
> Complain to the involved criminals. It is sad that scum like that
> does not even refrain from destroying infrastructure for the common
> good. The FSF has to cope with the equivalent of finding that
> someone has gone to considerable criminal effort in order to achieve
> the equivalent of wiring explosives into a Red Cross building or
> poisoning the food in soup kitchens: it was a rather obscure
> vulnerability that the perpetrators used for that attack.
Except that it is unlikely that anyone will die or be maimed for life
by this. Let's maintain a little perspective. This is a bad
situation, but it is not a fatal one.
> So there is not much one can do except boost the security to levels
> one should normally only consider necessary for military or
> intelligence instead of charity operations.
Unfortunately any computer connected to the Internet must be treated
this way, even dialup connections are potentially dangerous.
> Maintaining a consistent high level of security causes a severe
> drain of usability and accessibility (as you have noticed), and it
> also requires considerable human resources permanently.
As has been noted by people smarter than I, the cost of freedom is
vigilance. The FSF is doing a wonderful thing by making it possible
for people to have a complete operational information management and
data analysis system for free (software costs, that is). IMHO the
people who write the code that I am using every day are everyday
heroes, who are rarely thanked and receive no compensation for their
efforts other than satisfaction.
> What kind of people gleefully cause a considerable permanent damage
> to a charity instead of elsewhere "just" for the hope of monetary
> gains? I hope that they are found and dealt with in proportion to
> their crime and the impact it will have.
Unfortunately, the laws dealing with this kind of vandalism and
destructiveness are rather lax, and difficult to enforce given the
global locations of the perpetrators. As for what kind of people they
may be, one presumes they are people lacking a good moral compass, who
are angry and have inadequate regard for others. Punishment will not
be enough, they must also learn how to live properly.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 16:05 ` David Steuber
2003-12-10 16:23 ` David Kastrup
2003-12-10 16:57 ` Eli Zaretskii
@ 2003-12-11 14:44 ` V. L. Simpson
2003-12-14 19:09 ` David Steuber
2 siblings, 1 reply; 18+ messages in thread
From: V. L. Simpson @ 2003-12-11 14:44 UTC (permalink / raw)
David Steuber <david.steuber@verizon.net> writes:
> When CVS is fully restored, will I have to use SSH in the future?
> I've been doing the following:
>
> cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs
I just did a quick check w/o CVS_RSH set and received a hung
connection. With CVS_RSH=ssh everything worked fine. So yes it
appears ssh is now required for anonymous downloads.
Note--You only need the client installed, a running sshd is not necessary.
HTH,
vls
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 16:23 ` David Kastrup
2003-12-11 1:17 ` Tim McNamara
@ 2003-12-12 7:53 ` Bob Nelson
2003-12-13 18:58 ` me
2003-12-14 19:00 ` David Steuber
3 siblings, 0 replies; 18+ messages in thread
From: Bob Nelson @ 2003-12-12 7:53 UTC (permalink / raw)
David Kastrup <dak@gnu.org> wrote:
> Maintaining a consistent high level of security causes a severe drain
> of usability and accessibility (as you have noticed), and it also
> requires considerable human resources permanently.
> What kind of people gleefully cause a considerable permanent damage to
> a charity instead of elsewhere "just" for the hope of monetary gains?
> I hope that they are found and dealt with in proportion to their
> crime and the impact it will have.
``Dealing'' with the ``crime'' implies punishment, unless I misread your
intent, David. But that only addresses the symptom.
- Instead the objective should be to find out what may have motivated
such a course of action from the individual(s) involved. Perhaps there
are cultural or ethical differences that need to be taken into account,
appreciated and understood.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 16:23 ` David Kastrup
2003-12-11 1:17 ` Tim McNamara
2003-12-12 7:53 ` Bob Nelson
@ 2003-12-13 18:58 ` me
2003-12-14 19:00 ` David Steuber
3 siblings, 0 replies; 18+ messages in thread
From: me @ 2003-12-13 18:58 UTC (permalink / raw)
David, you are right of course. But all coins have 2 sides. The tail
in this case is increased knowledge and experience in IT security.
Lux
--
If you receive this by error, please delete it and inform the sender.
http://www.consult-meyers.com recommends email encryption using GnuPG.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-10 16:23 ` David Kastrup
` (2 preceding siblings ...)
2003-12-13 18:58 ` me
@ 2003-12-14 19:00 ` David Steuber
2003-12-15 4:07 ` Bob Nelson
3 siblings, 1 reply; 18+ messages in thread
From: David Steuber @ 2003-12-14 19:00 UTC (permalink / raw)
David Kastrup <dak@gnu.org> writes:
> What kind of people gleefully cause a considerable permanent damage to
> a charity instead of elsewhere "just" for the hope of monetary gains?
> I hope that they are found and dealt with in proportion to their
> crime and the impact it will have.
The kind of people who deserve a disproportionately harsh punishment.
I really can't fathom their motives. The paranoid in me would blame
SCO or Microsoft. With luck, whoever did it left behind IP addresses
in the logs that point back to them.
--
One Emacs to rule them all. One Emacs to find them,
One Emacs to take commands and to the keystrokes bind them,
All other programming languages wish they were Lisp.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-11 14:44 ` V. L. Simpson
@ 2003-12-14 19:09 ` David Steuber
0 siblings, 0 replies; 18+ messages in thread
From: David Steuber @ 2003-12-14 19:09 UTC (permalink / raw)
vls@m-net.arbornet.org (V. L. Simpson) writes:
> David Steuber <david.steuber@verizon.net> writes:
>
> > When CVS is fully restored, will I have to use SSH in the future?
> > I've been doing the following:
> >
> > cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs
>
> I just did a quick check w/o CVS_RSH set and received a hung
> connection. With CVS_RSH=ssh everything worked fine. So yes it
> appears ssh is now required for anonymous downloads.
>
> Note--You only need the client installed, a running sshd is not necessary.
I must be missing something. I have ssh. I set CVS_RSH=ssh. But
the above cvs command still doesn't work for me. I must need to
change something else.
--
One Emacs to rule them all. One Emacs to find them,
One Emacs to take commands and to the keystrokes bind them,
All other programming languages wish they were Lisp.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-14 19:00 ` David Steuber
@ 2003-12-15 4:07 ` Bob Nelson
2003-12-15 17:54 ` Kevin Rodgers
2003-12-15 22:43 ` David Steuber
0 siblings, 2 replies; 18+ messages in thread
From: Bob Nelson @ 2003-12-15 4:07 UTC (permalink / raw)
David Steuber <david.steuber@verizon.net> wrote:
> David Kastrup <dak@gnu.org> writes:
>> What kind of people gleefully cause a considerable permanent damage to
>> a charity instead of elsewhere "just" for the hope of monetary gains?
>> I hope that they are found and dealt with in proportion to their
>> crime and the impact it will have.
> The kind of people who deserve a disproportionately harsh punishment.
That type of attitude does not imply one of tolerance and understanding.
It conveys an absolutist view of ``good'' and ``evil'' and ``right'' and
``wrong''.
Rather than seek ``harsh punishment'' for those involved, it's more
constructive to become aware of the motivation that led to the deed.
Perhaps GNU needs to better covey its ideals.
- Remember, by less-enlightened individuals, punishment of ``taggers''
was called for. Now, we have come to realize that graffiti is a form
of populist art.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-15 4:07 ` Bob Nelson
@ 2003-12-15 17:54 ` Kevin Rodgers
2003-12-15 22:43 ` David Steuber
1 sibling, 0 replies; 18+ messages in thread
From: Kevin Rodgers @ 2003-12-15 17:54 UTC (permalink / raw)
Bob Nelson wrote:
> - Remember, by less-enlightened individuals, punishment of ``taggers''
> was called for. Now, we have come to realize that graffiti is a form
> of populist art.
Unless it's on my building, in which case it is vandalism.
--
Kevin Rodgers
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-15 4:07 ` Bob Nelson
2003-12-15 17:54 ` Kevin Rodgers
@ 2003-12-15 22:43 ` David Steuber
2003-12-16 5:29 ` Tim McNamara
1 sibling, 1 reply; 18+ messages in thread
From: David Steuber @ 2003-12-15 22:43 UTC (permalink / raw)
Bob Nelson <bnelson@nelsonbe.com> writes:
> David Steuber <david.steuber@verizon.net> wrote:
> > David Kastrup <dak@gnu.org> writes:
>
> >> What kind of people gleefully cause a considerable permanent damage to
> >> a charity instead of elsewhere "just" for the hope of monetary gains?
> >> I hope that they are found and dealt with in proportion to their
> >> crime and the impact it will have.
>
> > The kind of people who deserve a disproportionately harsh punishment.
>
> That type of attitude does not imply one of tolerance and understanding.
> It conveys an absolutist view of ``good'' and ``evil'' and ``right'' and
> ``wrong''.
OK, so I'm intolerant. Suppose instead of breaking into a server and
doing who knows how much damage that people then have to spend
valuable time fixing, the miscreant instead took a sledgehammer to the
windshield of your car. Would you not want at least compensation for
the damages and time to repair them?
> Rather than seek ``harsh punishment'' for those involved, it's more
> constructive to become aware of the motivation that led to the deed.
> Perhaps GNU needs to better covey its ideals.
I'm not sure I see this as constructive. Suppose, hypothetically,
that the GNU and Debian servers were broken into by people
politically opposed to the GPL and Free software. Understanding
their motives will not prevent them from doing so again.
For certain types of people retribution is the better course of
action. Not everyone out there will listen to reason and admit that
what they did was not acceptable social behavior and undertake never
to do that sort of thing again.
Some people only understand force.
Also, it is possible that there are absolutes like 'good', 'evil',
'right', and 'wrong'. Laws are often based on those concepts. If
the general case of destruction of another person's property is not
wrong, then what is?
This is all off topic at this point, so I won't say anything further
here.
--
One Emacs to rule them all. One Emacs to find them,
One Emacs to take commands and to the keystrokes bind them,
All other programming languages wish they were Lisp.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-15 22:43 ` David Steuber
@ 2003-12-16 5:29 ` Tim McNamara
2003-12-16 12:20 ` David Kastrup
0 siblings, 1 reply; 18+ messages in thread
From: Tim McNamara @ 2003-12-16 5:29 UTC (permalink / raw)
David Steuber <david.steuber@verizon.net> writes:
> Bob Nelson <bnelson@nelsonbe.com> writes:
>
>> David Steuber <david.steuber@verizon.net> wrote:
>> > David Kastrup <dak@gnu.org> writes:
>>
>> >> What kind of people gleefully cause a considerable permanent
>> >> damage to a charity instead of elsewhere "just" for the hope of
>> >> monetary gains? I hope that they are found and dealt with in
>> >> proportion to their crime and the impact it will have.
>>
>> > The kind of people who deserve a disproportionately harsh
>> > punishment.
>>
>> That type of attitude does not imply one of tolerance and
>> understanding. It conveys an absolutist view of ``good'' and
>> ``evil'' and ``right'' and ``wrong''.
>
> OK, so I'm intolerant. Suppose instead of breaking into a server
> and doing who knows how much damage that people then have to spend
> valuable time fixing, the miscreant instead took a sledgehammer to
> the windshield of your car. Would you not want at least
> compensation for the damages and time to repair them?
Herein lies a rub. Your windshield is not available for free, given
away and freely modifiable by others. It's therefore easy to assign
a value for compensation in the case of material damage. In the case
of damage to FSF sources and such, since it is given away freely to
anyone who wants it, there is difficulty in assigning a value for
compensatory or punitive purposes.
>> Rather than seek ``harsh punishment'' for those involved, it's more
>> constructive to become aware of the motivation that led to the
>> deed. Perhaps GNU needs to better covey its ideals.
>
> I'm not sure I see this as constructive. Suppose, hypothetically,
> that the GNU and Debian servers were broken into by people
> politically opposed to the GPL and Free software. Understanding
> their motives will not prevent them from doing so again.
Understanding their motives could have some value and benefit none the
less. However, simply becoming aware of the motives of criminals does
not in and of itself reduce the risk of recidivism- the usual claims
of the liberals notwithstanding. While I'm a liberal to be sure, such
twaddle is one of the worst failings of many liberal philosophies. On
the other hand, the "hang 'em high" mentality of many social
conservatives has also proven to be a failure- punishment does little
or nothing to correct behavior (this has been demonstrated in
behavioral research time and time again).
> For certain types of people retribution is the better course of
> action. Not everyone out there will listen to reason and admit that
> what they did was not acceptable social behavior and undertake never
> to do that sort of thing again.
>
> Some people only understand force.
So, what- you're going to cut off the fingers of the miscreants so
that they can't type and therefore can't do it again? It's a truism
that if you kill someone they will never commit a crime again. How
do you determine which types of people are the right ones for
retribution as the appropriate response? Or is it only the people
who have fucked up something *you* value who should be so punished?
> Also, it is possible that there are absolutes like 'good', 'evil',
> 'right', and 'wrong'. Laws are often based on those concepts. If
> the general case of destruction of another person's property is not
> wrong, then what is?
Concepts cannot be absolutes. Values are always relative to the
society in which those values are expressed.
Anything we build is at risk for someone destroying it- even if that
destruction is purported to be well-meaning. The Christians destroyed
hundreds of cultures and religions, killed hundreds of thousands of
people, brought disease and suffering to millions in the name of
saving them. Muslims have done the same. Other religions and
cultures ditto, although not on the massive scale of these two. And
yet most Christians and Mulsims still think that their destruction of
indigenous faiths and cultures was beneficial.
Now, this was certainly not well-meant. It was destruction,
senseless vandalism done simply because they could. It made them
feel powerful, I suppose, for a little while. IMHO that's to be
pitied, while taking security steps to close up the holes they
exploited. If they can be identified, they should be prosecuted
under whatever applicable laws are available. But acting out
retributively just because you're angry won't help- as was said by
someone smarter than me, "an eye for an eye makes the whole world
blind."
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-16 5:29 ` Tim McNamara
@ 2003-12-16 12:20 ` David Kastrup
2003-12-16 18:26 ` Tim McNamara
0 siblings, 1 reply; 18+ messages in thread
From: David Kastrup @ 2003-12-16 12:20 UTC (permalink / raw)
Tim McNamara <timmcn@bitstream.net> writes:
> David Steuber <david.steuber@verizon.net> writes:
>
> > Bob Nelson <bnelson@nelsonbe.com> writes:
> >
> >> David Steuber <david.steuber@verizon.net> wrote:
> >> > David Kastrup <dak@gnu.org> writes:
> >>
> >> >> What kind of people gleefully cause a considerable permanent
> >> >> damage to a charity instead of elsewhere "just" for the hope of
> >> >> monetary gains? I hope that they are found and dealt with in
> >> >> proportion to their crime and the impact it will have.
> >>
> >> > The kind of people who deserve a disproportionately harsh
> >> > punishment.
> >>
> >> That type of attitude does not imply one of tolerance and
> >> understanding. It conveys an absolutist view of ``good'' and
> >> ``evil'' and ``right'' and ``wrong''.
> >
> > OK, so I'm intolerant. Suppose instead of breaking into a server
> > and doing who knows how much damage that people then have to spend
> > valuable time fixing, the miscreant instead took a sledgehammer to
> > the windshield of your car. Would you not want at least
> > compensation for the damages and time to repair them?
>
> Herein lies a rub. Your windshield is not available for free, given
> away and freely modifiable by others. It's therefore easy to assign
> a value for compensation in the case of material damage. In the case
> of damage to FSF sources and such, since it is given away freely to
> anyone who wants it, there is difficulty in assigning a value for
> compensatory or punitive purposes.
Savannah is the central server for the GNU project. GNU is the most
important central component of almost every Linux-based operating
system. Since Savannah is staffed mostly by volunteers, the downtime
will be larger than usual in commercial settings. There is no
reliable possibility to salvage security problems by hiring outsiders
here. So the slow remedy can't be helped much. Development crucial
to Linux is slowed to a crawl for probably a month, and will pick up
much braked afterwards because of the necessity of developers to deal
with digital signatures and so on. Considering the Linux revenues
that depend on such infrastructure, we are talking about a permanent
damage in the order of billions of dollars.
> Understanding their motives could have some value and benefit none
> the less. However, simply becoming aware of the motives of
> criminals does not in and of itself reduce the risk of recidivism-
> the usual claims of the liberals notwithstanding. While I'm a
> liberal to be sure, such twaddle is one of the worst failings of
> many liberal philosophies. On the other hand, the "hang 'em high"
> mentality of many social conservatives has also proven to be a
> failure- punishment does little or nothing to correct behavior (this
> has been demonstrated in behavioral research time and time again).
Good, then let them just pay the damages.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: GNU.org is down
2003-12-16 12:20 ` David Kastrup
@ 2003-12-16 18:26 ` Tim McNamara
0 siblings, 0 replies; 18+ messages in thread
From: Tim McNamara @ 2003-12-16 18:26 UTC (permalink / raw)
David Kastrup <dak@gnu.org> writes:
> Tim McNamara <timmcn@bitstream.net> writes:
>
>> David Steuber <david.steuber@verizon.net> writes:
>>
>> > OK, so I'm intolerant. Suppose instead of breaking into a server
>> > and doing who knows how much damage that people then have to
>> > spend valuable time fixing, the miscreant instead took a
>> > sledgehammer to the windshield of your car. Would you not want
>> > at least compensation for the damages and time to repair them?
>>
>> Herein lies a rub. Your windshield is not available for free,
>> given away and freely modifiable by others. It's therefore easy to
>> assign a value for compensation in the case of material damage. In
>> the case of damage to FSF sources and such, since it is given away
>> freely to anyone who wants it, there is difficulty in assigning a
>> value for compensatory or punitive purposes.
>
> Savannah is the central server for the GNU project. GNU is the most
> important central component of almost every Linux-based operating
> system. Since Savannah is staffed mostly by volunteers, the
> downtime will be larger than usual in commercial settings. There is
> no reliable possibility to salvage security problems by hiring
> outsiders here. So the slow remedy can't be helped much.
> Development crucial to Linux is slowed to a crawl for probably a
> month, and will pick up much braked afterwards because of the
> necessity of developers to deal with digital signatures and so on.
> Considering the Linux revenues that depend on such infrastructure,
> we are talking about a permanent damage in the order of billions of
> dollars.
Well, unfortunately those are indirect losses as far as the crime
itself is concerned, and the courts would be unlikely to award
punitive damages. For example, if I use my personal car for work
purposes (say, as a traveling salesman) and my car is stolen, the
courts will award compensation commensurate with the direct loss but
not the indirect loss. I can be compensated for the value of my
vehicle, but my employer will not be compensated for the loss of
revenue if I can't do my job because my car was stolen.
Ditto in this instance. And frankly I think your estimate of
"billions of dollars" is highly overinflated. Linux developers aren't
going to lose a lot of money because they don't have the newest
version of libtool in their distribution. The only ones that would
have trouble are those whose distrubtions are already broken and were
awaiting fixes from GNU/FSF rather than fixing it themselves (it *is*
open source, after all). I don't have a lot of sympathy for such
laziness.
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2003-12-16 18:26 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-12-09 16:52 GNU.org is down Markus Weimer
2003-12-10 5:47 ` David Steuber
2003-12-10 7:55 ` Pascal Bourguignon
2003-12-10 16:05 ` David Steuber
2003-12-10 16:23 ` David Kastrup
2003-12-11 1:17 ` Tim McNamara
2003-12-12 7:53 ` Bob Nelson
2003-12-13 18:58 ` me
2003-12-14 19:00 ` David Steuber
2003-12-15 4:07 ` Bob Nelson
2003-12-15 17:54 ` Kevin Rodgers
2003-12-15 22:43 ` David Steuber
2003-12-16 5:29 ` Tim McNamara
2003-12-16 12:20 ` David Kastrup
2003-12-16 18:26 ` Tim McNamara
2003-12-10 16:57 ` Eli Zaretskii
2003-12-11 14:44 ` V. L. Simpson
2003-12-14 19:09 ` David Steuber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).