The ISS Program

[PAUL () tdr com (Paul Robinson)]

From: Paul Robinson <PAUL () TDR COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
A program of the type as ISS is probably okay at the price indicated of 
$3,000.  But for a security package of this type to be provided without 
source is a dangerous proposition.

If it was from the hardware manufacturer this would be a different story 
- and I note that even IBM is taking a lot of flack from its customers by 
going to OCO (Object code only) for a number of products on its mainframes.

I will also note that the systems that became the most bulletproof and 
hardened against attacks are the ones where the people who ran the 
systems were issued full sources to their systems, sufficient to allow 
them to recompile them if desired.

By the time the PDP-11 was obsolete, the RSTS/E system was well-neigh 
bulletproof.  In many cases, the administrators on these systems were 
teenagers and college students who had lots of time to find holes in the 
system.  

Which brings up an issue of how to stop crackers.

Robert Heinlein, in his book, "Starship Troopers" raises the issue of 
what to do to prevent insurrection.  "If you make the wolves the 
guardians of the sheep, it will turn them into sheep dogs."

When you've already got more priveleges than God, you don't have to try 
to break into the system in order to get them.  Once you have them, you 
generally then are of the mindset to want to keep them.

This is why turning public housing over so it can be owned by its 
residents substantially reduces vandalism.  People don't trash what is 
theirs.

---
Paul Robinson - Paul () TDR COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy () psg com>
-----
The following Automatic Fortune Cookie was selected only for this message:

Fakir, n:
        A psychologist whose charismatic data have inspired almost
religious devotion in his followers, even though the sources seem to
have shinnied up a rope and vanished.