Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!mailrus!purdue!i.cc.purdue.edu!h.cc.purdue.edu!s.cc.purdue.edu!rsk From: rsk@s.cc.purdue.edu (Rich Kulawiec) Newsgroups: news.admin Subject: Re: A counter-example for those who would eliminate PC binaries Summary: I don't find it a counter-example. Message-ID: <3302@s.cc.purdue.edu> Date: 29 Jun 88 23:27:49 GMT References: <264@octopus.UUCP> Reply-To: rsk@s.cc.purdue.edu.UUCP (Rich Kulawiec) Organization: Purdue University Computing Center Unix Systems Staff Lines: 51 In article <264@octopus.UUCP> pete@octopus.UUCP (Pete Holzmann) writes: >I find it interesting that there has been much talk about the need for >ridding the net of the evil PC binaries. Yet, something much less useful >is happening right now, and I haven't seen a peep of complaint! >Consider: The source code for the Mahjongg tiles. Let me get one thing out of the way first, and then I'll address the point at hand: I'm not entirely pleased with the size of the posting that this particular (Sun-specific, to the best of my knowlege) game required. On the other hand, I am not so displeased that I felt it necessary to complain either to the moderator of the group or the author. I find myself thinking that this is really the first "huge" posting of this type in this newsgroup, and I regard it as a single anomalous data point. If these sorts of postings became the norm in this newsgroup, I might change my opinion. >But, if we're going to take the easy way out and simply ban X, we've got to >be consistent and ban ALL 'X', even the brand that affects us personally. I don't think this applies in this case; I don't feel that "a big posting containing a game for a certain Unix machine" and "a big posting containing a binary executable for a certain microcomputer" belong to the same X. While there are several ways to distinguish these, the one that I tend to focus on first is oft-discussed notion that binaries are easily booby-trapped, while sources are not. (Yes, I know of counter-examples; and yes, there are other distinctions.) Even if we concede, for the purpose of argument, that these two items belong to the same X, I do not see by what means we then arrive at the conclusion that "Since the second X is argued to be 'not okay', those advancing this argument must also argue that the first X is 'not okay'". In other words, even if one concludes that both of these are X, and X is bad, it does not necessarily follow that any attempts to decrease the problem posed by X must deal with all X. I have no particular desire to disenfranchise microcomputer users; however, I have no particular desire to assist in the demise of their software and data holdings by being a party to the distribution of binary programs of a malicious nature. Further, I note that distinguishing between malicious and non-malicious binary programs is a problem that poses difficulties even for experts in the field, while distinguishing between malicious and non-malicious source programs can usually be done much more easily. Since I (and, I suspect, most of the other Usenet readers, including perhaps many of those who use binary programs) have trouble making this distinction, it seems to me to be better to avoid the unpleasant possibilities that binary distribution raises. (I am aware that various techniques for assuring the authenticity of binaries have been discussed, including moderation, checksums, and so on; but I am also aware that each of these techniques may be circumvented, usually without much difficulty.) Rich