[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [dvd-discuss] Hang the RIAA in their own noose.




!


> -----Original Message-----
> From: Scott A Crosby [mailto:crosby@qwes.math.cmu.edu]
> Sent: Wednesday, October 17, 2001 1:48 PM
> To: Richard Hartman
> Cc: 'dvd-discuss@eon.law.harvard.edu'
> Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
> 
> 
> On Wed, 17 Oct 2001, Richard Hartman wrote:
> 
> 
> >
> > Maybe, but I'm not sure.  The entire _purpose_ of a web
> > server is public access.  An FTP server, it might be argued,
> 
> @!@!@! No. About 99.99% of the stuff on my web server is 
> intended only for
> me to access it. Most of it is various documentation of a half-dozen
> programming languages and other mirrors&data. If anyone else 
> accesses it,
> they are either a cracker, or they are exploiting a 
> misconfiguration. None
> of that data is intended for public access.

Then you should configure your server to use a non-standard
port.  There are thousands of numbers available, pick one 
other than 80.  By using the standard port number, you are
essentially stating "this is for general access".  By picking
any other number, someone could certainly find it by port
scanning but you'd have a better case against them for electronic
trespass.

> 
> >
> > The _intent_ of each of these sharing methods would have to be
> > considered.
> >
> 
> A computer does not know intent. All it knows is your 
> configuration file.

Which should reflect your intent.

> 
> A better test would be, `would a reasonable person expect 
> that it was a
> misconfiguration, and no intent to access was granted, or was 
> intent to
> access granted.'

A reasonable person would expect a web server on port 80 was
set up w/ intent to grant access, but a web server on any other
port was intended to be private.

 

-- 
-Richard M. Hartman
hartman@onetouch.com

186,000 mi./sec ... not just a good idea, it's the LAW