From: Thees Peereboom 

Geo,

I don't necessarily disagree with you, but one easily can defend that OS is
good because it will allow many to improve software and thus prevent ill
use at all.

A (potential) hack is also a clear sign that something's wrong with the
software. You seldom work *with* a vendor to solve a problem, he will
always have a different agenda, exceptions apart. *You* want good software,
*he* wants a good profit.

It's all your choice whom you'd want to be dependent of, the MSFT's of this
world or the OS community.

BTW, there's a big difference to be dependent of a couple of weird geeks in
the OS community or of the *whole* OS community.

The OS community can easily be seen as your 'masses to be trained'.

- Thees Peereboom


On Mon, 2 Dec 2002 08:32:27 -0500, "Geo."  wrote:

>"Thees Peereboom"  wrote in message
>news:gs8muu840u55bc3e75osnboa3ps0tnuu0f{at}4ax.com...
>
>
>> If you want to avoid too much knowledge to prevent ill-use, it can
>> only be one out of two, right?
>
>Not really, it's all in the timing. I have no problem working with the
>vendor to get a fix released and spread to the community before knowledge of
>the problem (including the specific details on how to exploit it) are made
>public. But I believe it is important that the full details go public
>because that does two things, it trains the user base what sort of stuff to
>watch for in both their setup and logs and it gets other people working on
>ways to use the same technique to poke at other products and other areas of
>the exploited product.
>
>If a vendor doesn't do a sufficient job of debugging their own software then
>it's important to train the masses who do the debugging how to do it.
>
>Geo.
>

--- BBBS/NT v4.01 Flag-4