Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!cybvax0!frog!celtics!roger From: roger@celtics.UUCP Newsgroups: comp.arch,comp.org.usenix Subject: Re: Benchmarking the 532, 68030, MIPS, 386...at a Usenix! Message-ID: <1556@celtics.UUCP> Date: Tue, 26-May-87 08:47:54 EDT Article-I.D.: celtics.1556 Posted: Tue May 26 08:47:54 1987 Date-Received: Thu, 28-May-87 06:29:44 EDT References: <324@dumbo.UUCP> <809@killer.UUCP> <2417@homxa.UUCP> Reply-To: roger@celtics.UUCP (Roger B.A. Klorese) Organization: CELERITY (Northeast Area), Framingham, MA Lines: 62 Xref: utgpu comp.arch:1293 comp.org.usenix:195 In article <691@cpocd2.UUCP> howard@cpocd2.UUCP (Howard A. Landman) writes: >Far too many sales people leave themselves logged in as root so they don't >ever run into permission problems. I was almost tempted to do "rm -r /". > Why is this unreasonable? It's THEIR demo... if they don't bolt down a laser printer they're exhibiting and turn their backs, do you have the right to steal it because it's "unprotected"? People running a booth at a trade show are often (a) technically out of their league, and (b) there to perform sales-oriented activities, which is their skill. We often cannot afford to have heavy tech types in booths; in fact, it's often counterproductive. (I think of the technical marketing person who stood in our booth a few years ago, and when asked: "Do you have NFS?" "Do you have LISP?" "Do you have MACSYMA?" "Do you have a version of TeX?" "Do you run GNU Emacs?"... responded, "NO! These are our products, just look at the list." Made a lot of friends, she did... and, by the way, all the requested stuff was either about to be released or being worked on at customer sites...) I can understand the temptation to exercise known bugs. But there's no reason to interfere with people's livelihood when your test is either destructive or time-wasting. If you want to test these things, either make arrangements to do them at a local office or during slow booth-time, or check with the booth staff and let them know the possible consequences of your acts. The public does need to be protected from genuinely bad products, but the sort of "I'm gonna trash you - you deserve it because you haven't fixed an obscure bug or you left your system wide open to me" games often played by hackers who are in an exhibition hall to exhibit themselves and not to see and evaluate the products legitimately are just indefensible. Those hackers generally show themselves off, all right, in the most appropriate light. >And they left one machine dead >with a panic message on its screen for over 10 minutes before one of the >sales people noticed me peering at it; his solution was to stand between me >and the screen! No *ssholes were required, just bugs! > Odds are the salesperson COULDN'T reboot the system. Given a choice between my reps knowing how to boot my system and knowing how to prospect, I'll take the latter any day. You're such a big shot as to take pleasure in bringing their demo system down, bring it up again... if I owned a grocery store and you knocked down a display, I'd expect you to at least offer to pick it up. >A computer needs to be *RELIABLE*. You find out how reliable by, among other >methods, stress testing the system, trying to exercise *ALL* the features, >not just the ones in the canned demo. If I can crash a system in five minutes >doing things that are normal, legal, and *NECESSARY* for everyday function, >then I know it can't possibly be reliable. Does this make me malicious? > If you're doing it in a public exhibition, yes. The point of security is to protect systems and data THAT IS REASONABLY AT RISK. At a show, the risk is not reasonable; it's imposed by crybabies who have nothing better to do. Systems at a trade show are physically secure, in that their owners control physical access. If you are granted access, you're a guest, and should behave like one. By all means, exercise the systems (within the time and resource limits given you by the vendor), but if you feel the urge to destroy, go out and punch a Bo-Bo doll. -- ///==\\ (No disclaimer - nobody's listening anyway.) /// Roger B.A. Klorese, CELERITY (Northeast Area) \\\ 40 Speen St., Framingham, MA 01701 +1 617 872-1552 \\\==// celtics!roger@seismo.CSS.GOV - seismo!celtics!roger