[2520] in SIPB bug reports
Re: xscreensaver
daemon@ATHENA.MIT.EDU (web@Athena.MIT.EDU)
Wed Feb 26 21:50:54 1992
From: web@Athena.MIT.EDU
To: honor@Athena.MIT.EDU
Cc: bug-sipb@Athena.MIT.EDU
In-Reply-To: Your message of Wed, 26 Feb 92 18:07:55 -0500.
Date: Wed, 26 Feb 92 21:50:16 EST
Andy,
You said...
> I think sipb has a moral responsibility to ensure that the software it
> makes available isn't abused.
No. Does MicroSoft have a moral responsibility to ensure that people
don't write viruses with their compilers? Does GNU have a moral
responsibility to ensure that people don't propagate chain letters with
emacs and RMAIL? It's the responsibility of the individual not to and
whomever is maintaining the system (IS/Athena).
> xscreensaver IS DEFINITELY abused.
You're right, but it is also heavily used. You've had a bad encounter.
Do you use it? Do you know anyone who uses it properly?
Onto the meat of your bug/flame. Your entire complaint is based on the
misconception that we are the only ones who do/can/or would provide a
screensaver. If we remove ours, someone simply pulls another from the
net or pulls our sources and compiles it and runs it from within their
homedir. What's wrong with this picture? If we remove xscreensaver,
people will be typing their PASSWORD into a private individual's
program.... is THAT the result you want to see?
And when they DO compile a version that doesn't autologout, or doesn't
show elapsed time, then how in the WORLD are we supposed to "encourage"
people to use the version in the sipb locker? "Oh, but you should use
ours because ours will log you out for you after 20 minutes..." not.
If you think, however that such a plea would be successful, I suggest
you try an experiment. Write your own screensaver that logs the user
out after 20 minutes and convince people to run screensaver from your
directory rather than from sipb. And good luck.
Remember, we are not the only ones on campus who can write an X program,
or that can grab one from the net and compile it. You said it yourself:
> On top of all this, it's extremely easy to hack the elapsed time
> displayed by xscreensaver so that it never registers > 20 minutes.
> Fingering at the workstation isn't always valid (nor possible, if you
> can't borrown somebody's xterm for a few moments), because the utmp
> file can also be hacked. Do you expect a user to hang out at a
> workstation in order to verify the accuracy of the elapsed time field?
>
if someone knows how to hack the screensvaer to do this and fix utmp,
do you think it'd be too hard to hack up a screensaver that doesnt
autologout?
Consider the alternate problem. If we installed such a program, there
would be EVEN MORE ABUSE. People wouldn't be rebooting machines because
they woudl think "Oh, it's screensaved, obviously they haven't been gone
>20 minutes or else they would have been auto-logged out." So people
with screensaver clones (and they'll spread like the plague), have an
EASIER time of abusing things. We're back to square one.
> That's my flaming. It's going to get worse if the situation isn't
> rectified.
I don't know if you intended this to be a threat or a compelling reason
that we should fix things in your manner, but remember (I think you know
this already), SIPB is full of flammers. Sipb members flame often and
flame well. Hell, we even set up a meeting JUST FOR FLAMES...
> As for a solution, I'm not exactly sure what can be done. Would it be
> that hard to implement a timeout function for xscreensaver? So that
> after XX minutes xscreensaver automatically logged the person out...
>
Ah... that's the real problem. We've spent time thinking about the
problem, and a solution. To date, there hasn't been a good solution
suggested. If you think of one, let us know. But you haven't yet.
Your current suggestions are based on false premises... that ours is and
would be the only screensaver.
> I think just about anything is better than the status quo, including
> no screensaver at all.
Consider the above, and think again....
-Chee
