tech-kern: Re: Melting down your network

Subject: Re: Melting down your network
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: tech-kern
Date: 03/29/2005 08:30:26
Jonathan Stone <jonathan@dsg.stanford.edu> wrote:

> >The quote was useless, as I did read the standard before opening the PR.
> It was not useless; it was entirely on-point.  If you read that page,
> but didn't understand it, then what does that say?  That you don't
> possess a suitable technical background to read the SuSv3 spec as it
> regards a networking primitive?  Is that _really_ your response?

I said I misinterpreted it. That ENOBUFS returned for blocking I/O
sounded weird to me. It also did to several developpers that initially
contributed to the thread, so I wouldn't say it's such a stupid mistake.
I can admit I have been wrong, but that does not deserve the rude
treatment you are giving me. Especially since I already told you I would
not insist.
 
> But (and here's the rub): once you released your application to the
> world, the onus is on *you* to ensure that it's not ill-designed and
> dangerous.

It's not really more a DOS tool than ping -f or nc -u: misusing makes it
a DOS tool.
 
> I tell you that three times. In all earnest and sincerity.  If you
> don't, you will one day get much harsher responses, from _far_ more
> unpleasant sources.

None of us are a lawyer, but it has been known for a long time that the
software author and redistributor are not accountable for how a third
party misuse the program. To make that clear, it's even written in all
licenses and I don't know of a case where this was invalidated.
 
> 1.  Cease and withdraw complaints that NetBSD has a bug, simply
>     because NetBSD is (quite properly and by design, like all
>     other *BSD code), dropping packets under congestion;

I already do so, so please drop the gun.
 
> 2.  You *make* your app a private application, by removing your
>     badly-designed and potentially dangerous app from pkgsrc,
>     to prevent any innocent parties from inadvertently using it.
>     It should  not be made available in pkgsrc until it does implement
>     appropriate behaviour under congestion.

Go ahead and remove it, I don't care that much, it's not worth the
fight. While you are there, think about removing all the application
that could be used as a DOS tool by mistake.  

-- 
Emmanuel Dreyfus
Le cahier de l'admin BSD 2eme ed. est dans toutes les bonnes librairies
http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
manu@netbsd.org