RE: [2] [cobalt-users] Cobalt to provide compensation for server hack

["Vachon, Scott" <Scott.Vachon@xxxxxxxxxxxxxx>]

>The Cobalts are made for a target customer group that is not very 
>familiar with Linux and Webservers. I guess most people buy/lease one 
>to have a machine and no problems.

True, and a very clever marketing scheme it is. Look how many of us bought
into it !

>If you went the security way yourself then you had to install patches 
>that would brake your warrenty !  So - what to do ?
>Braking the warrenty or waiting for Cobalt and the .pkg ?!

Ah, here is what I think a wise person would litigate on. I think it could
be shown (no, I am not a lawyer) that Sun forces the customer into a
situation where the platform is compromised, if the customer performs their
"due diligence" in securing the platform. Of course on the other hand, those
that do secure their systems on their own, may very well have the skills to
patch/repair the Cobalt products without the aid of Sun. For the record, I
don't wait for Sun, I grabbed some books and scour the lists, and make
changes myself. I never trust/rely on a vendor if I don't have to.

<snip> What I really miss is a utility that 
>can check a whole RaQ / Qube for traces of a hack and restore the good 
>files. 

I think their are some freeware programs available which do this. It
"benchmarks" files and alerts the admin to changes. Some will even page the
admin. 

All in all, you make good points. Perhaps you could make headway with Sun in
encouraging them to modify the warranty, or speed patch development.

--S--

Disclaimer: My own two cents.