response 83 of 145:

Oct 2 17:30 UTC 2000

The problem with fixing vandal damage is not the same as the problem of
cleaning up after a regular disk disaster.  If it were just a failing
drive then, yes, restoring the last good backup is a fine strategy.  For
a vandal, however, it's *much* harder, because not only do you not
necessarily know when they broke in, but for the data they didn't tamper
with, you'd generally want to restore the newest data, even if it's
after the vandal broke in.  Even more importantly, you need to figure
out *how* the vandal broke in, or otherwise take effective steps to make
sure the vandal can't break in again, perhaps coupled with additional
logging stuff so that you can (hopefully) detect another break-in
attempt before they succeed.  There may be other less direct problems -
for instance, if the vandal stole user passwords (a common ploy) you may
need to worry about resetting user passwords, and users may have to not
only worry about getting a new password on m-net, they may also need to
change their passwords elsewhere.  (This is one reason why it's a bad
idea to use the same password in more than one place.) A lot of these
problems (figuring out what the vandal did/stole, dealing with possible
stolen passwords, etc.) are issues that don't arise with a simple
security upgrade.

response 85 of 145:

Oct 3 05:42 UTC 2000

jazz, you're saying it took one month to restore the system to its
uncompromised state? This is an important point ad far as the proper
punishment is concerned.
Also, regarding volunteer effort's value: the IRS says it has none.
If I do 10 hours of work for the Red Cross, and do not charge them the $1000
I could have earned elsewhere, I certainly can;t deduct it from my taxes as
a contribution. You CAN deduct expenes involved in travel, etc.
As for restoring a system before the point it was compromised: you can never
really be sure it wasn't done long ago, and this VANDAL just spotted the
opening. The only thing you can do (which you would have done eventually
anyway) is secure the system NOW and restore any data lost. Everyone is of
course responsible for their own password, and the staff passwords would all
be reset by the person fixing the system. Free users need to change their own,
and are responsible for their OWN backups. Ordinary user's passwords are not
a big deal for the sysops, as they have no extraordinary privileges. You use
a free system at your own risk.

response 87 of 145:

Oct 3 13:47 UTC 2000

don't you get tired of having sand in your ears?

response 91 of 145:

Oct 3 16:41 UTC 2000

alllrighty then.  no, i'm not going to give you any details.  they may or may
not ever see the light of day depending on what happens in court.

but, hey, why would anyone want to listen to jamie and me?  knock yourselves
out.  i'm done.

response 93 of 145:

Oct 3 18:01 UTC 2000

Did #91 smack vaguely of obstruction of justice via witholding evidence to
you, John?

response 95 of 145:

Oct 3 18:35 UTC 2000

Ah. Being nice to the dumb mother fuckers.
Sorry for being rude in response to your obvious gregariousness.

response 97 of 145:

Oct 3 19:40 UTC 2000

There seems to be a certain amount of confusion as to what is going on in this
trial.  I, for one, was under the impression that it was a *criminal*, not
a civil, trial.  The kid isn't being prosecuted because he did monetary damage
to m-net, but because he committed a crime.  
  If you rape someone, you don't generally cause them a great deal of
financial difficulty.  It can even be argued (occasionally; I'm certainly not
claiming this is the case for all or even a majority of rapes) that you don't
do any real damage to the victim.  It can even be, and has been, argued that
"she was asking for it."  Doesn't matter, it's still a crime and you're
(hopefully) still going to end up in jail for it.  
  IIRC, when you rob someone, the value of what was stolen is used to
determine how serious a crime it is (misdemeanor vs. felony), but, if I
understand correctly, that's a special rule that applies only to theft.  It
doesn't apply, for example, to assault.  ("The hospital bill was only $50,
your honor, so it shouldn't be a felony...")  
  In this case, I believe it to be the case that the law says that breaking
into a computer system without authorization is a felony.  End of story. 
Doesn't matter if it's a 386 or a supercomputer.  (I'm not sure I agree with
the law, but that's my understanding of what it says.)  

response 103 of 145:

Oct 3 20:43 UTC 2000

I guess 102 was for John, since he seems to be the one trying to drag me into
this. =} (Reading back...)

#99 was the second worst atempt to substantiate an argument I've seen this
week.  Considering the worst was *yawn* *snort*, I wouldn't take it as a good
sign.

(This is my official return to Peanut Gallery comments...)

response 105 of 145:

Oct 3 20:54 UTC 2000

        Please clarify in which of these posts I posted inaccurate information
displaying an assumption about the case:

#56 of 102: by Silent Tristero (jazz) on Fri, Sep 29, 2000 (11:54):
 
        I don't entirely buy the explanation that a system's security staff
 are responsible for any security compromises, to the point to which the
script
 kiddie is off the hook, any more than a warehouse's security staff is
 responsible to the point to which a cat burglar is off the hook.  Especially
 when it comes to freenets, it's not always possible to patch an exploitable
 program or OS immediately, and sometimes it's not possible for a matter of
 months.  People with nothing to do and a subscription to bugtraq will always
 be faster.

#75 of 102: by Silent Tristero (jazz) on Sun, Oct  1, 2000 (12:21):
 
        None of the infrastructure of the internet is quite as impressive as
 it's meant to be (and Worldcomm's headquarters are nowhere near as cool as
 the office that the young-looking Generation D fellow scooters into).
 
        Have to say I'm not terribly sympathetic for someone who gains root
 and then immediately sets about destroying a system.  Had he merely done it
 to count coup, and send mail to staff or something along those lines, that'd
 be one thing, but deliberately destroying other people's work isn't playing
 very nice.

#80 of 103: by Silent Tristero (jazz) on Mon, Oct  2, 2000 (10:25):
 
        The time to repair isn't really relevant.  If you start a fire in a
 warehouse and the warehouse puts out the fire because it was properly
equipped
 with a fire extinguishing system, it's still arson.  But in this case, it
was
 about a month of volunteer and unpaid effort.

#88 of 103: by Silent Tristero (jazz) on Tue, Oct  3, 2000 (10:22):
 
        I can't think of a way to encourage volunteers to spend all of their
 free time monitoring rootshell and bugtraq for the patches to all of the
 problems that crop up, the way some script kiddies do, Beady.  Can you?

#90 of 103: by Silent Tristero (jazz) on Tue, Oct  3, 2000 (10:29):
 
        Uhm, he really didn't mention anything other than that the physical
 hardware wasn't damaged, and that the intruder hopscotched to UofMd.

#92 of 103: by Silent Tristero (jazz) on Tue, Oct  3, 2000 (13:34):
 
        It just might have something to do with attitudes like "all you dumb
 mother fuckers".

#96 of 103: by Silent Tristero (jazz) on Tue, Oct  3, 2000 (14:43):
 
        Where did brighn (or myself for that matter) ever say or even imply
 that "it could have been avoided"?
 
        Last I recall, I was actually supporting the argument that vandalism
 damages a system beyond apparent replacement costs, and that it was unlikely
 that even a full-time security staff could be expected to meet all possible
 contingencies, let alone an unpaid volunteer staff working in their spare
 time.

#98 of 103: by Silent Tristero (jazz) on Tue, Oct  3, 2000 (15:45):
 
        M-net was, at the time, wearing a tight red dress and "fuck me" pumps,
 and therefore, deserved whatever it got.

#100 of 103: by Silent Tristero (jazz) on Tue, Oct  3, 2000 (16:18):
 
        You've proven your command of foul language, now let's see if you have
 a working knowledge of being able to substantiate your point and
differentiate
 between fact and opinion.

        In total, I've expressed the following about the case:

* Willard would make a good witness for the Defense.
* It took about a month to get m-net back up.
* M-Net staff are unpaid volunteers.
* JerryR hasn't presented any counter
* I do not believe that it is resonable to expect staff members to have
prepared for
  every possible contingency.
* M-Net occasionally wears lingerie.
* JP2 can use foul language in a post on GREX.

        Which one of these is inaccurate?

        I'll concede about the lingerie bit.

response 107 of 145:

Oct 3 20:57 UTC 2000

        #105 missed a bit of what I was trying to write - but it's been
corrected.  JerryR has, since my last posting, presented one factual element
which he considers to have been left out of the discussion.