I love IP Tables....

Les Mikesell lesmikesell at gmail.com
Mon May 28 19:38:27 UTC 2007 

Alan Cox wrote:

> In the UK it is certainly the case you could sue an end user for
> negligence if their system caused you problems and they were not
> following reasonable standards of care. It does make a difference in the
> sense that company lawyers standard "cover arse" list includes firewall,
> anti-virus etc, but not really on end users.
> 
> The thing is when you buy a car it is possible to drive it dangerously,
> it is possible to keep it in a dangerous state but as supplied the
> defaults are safety focussed if you follow common sense, and even more so
> if you read the owners manual.
> 
> If you buy a PC install an OS and run it in the default manner this is
> less true. This is why I got default firewalling into Red Hat back when
> the idea was still controversial, this is why Windows copied Linux on this
> and on automated updates.

So who would be at fault if you bought a car before safety features
were added to the new models and didn't dispose of it and buy the new 
version?  I'd guess that's the situation with almost all compromised 
computers.  The end user/administrator trusted the distributor to 
provide something safe and usable, but that turned out not to be the case.

>> just nuts.  The idiots who provide electricity and an internet 
>> connection to a bot or zombie need to get charged for the pain they 
>> allow others to get hit with.  They aren't victims; they're part of the 
>> problem.
> 
> Usually they are both. Just like the owner of a dangerous car who trusted
> a dodgy mechanic.

But, when they bought that dangerous car from a vendor with good faith 
that it was designed correctly, how can you expect the owner to assume 
responsibility?

I've always thought that we'd have a much different world today if Sun 
had been held responsible for distributing the buggy sendmail that 
permitted the original internet worm back in 1987 instead of pretending 
that everyone on the internet would always be trustworthy.  Instead we 
set the stage for a vendor with no security considerations at all to 
dump their wares on everyone's desktop with no reason to care about the 
problems it would cause.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list