Path: gmd.de!newsserver.jvnc.net!howland.reston.ans.net!gatech!swrinde!cs.utexas.edu!uwm.edu!caen!batcomputer!news.graphics.cornell.edu!newsstand.cit.cornell.edu!chestnut.law.cornell.edu!trb2
From: Thomas R. Bruce <t...@cornell.edu>
Newsgroups: comp.infosystems.www
Subject: Re: cello
Date: 23 Jul 1993 00:33:06 GMT
Organization: Legal Information Institute
Lines: 59
Sender: t...@cornell.edu (Verified)
Distribution: world
Message-ID: <22nbk2INN5ka@newsstand.cit.cornell.edu>
References: <CAIzn3.KF@news.cso.uiuc.edu> <CAKt8C.JBu@cbnewsi.cb.att.com>
NNTP-Posting-Host: chestnut.law.cornell.edu
X-UserAgent: Nuntius v1.1.1d7
X-XXMessage-ID: <A874944D72016...@chestnut.law.cornell.edu>
X-XXDate: Thu, 22 Jul 93 19:00:29 GMT

In article <CAKt8C....@cbnewsi.cb.att.com> Rich Brandwein,
r...@hotsand.tbu.att.com writes:
>The funny thing about the news article is that until I got to the end
>I assumed I was reading a not from the developers of Cello...

Well, now you can . (grin)  It's developer, singular, BTW, which is why I
share some of Jon's anxiety about maintenance in the face of source-code
release. 

Certainly it's necessary to fool with networking code to cope with (to my
mind) overly-restrictive environments (about which more in a minute). 
I'm not sure that a general release of source code to the Net is the best
way to deal with that problem, however, particularly when the developer
is a small (meaning tiny) shop like mine.  A general distribution of an
altered program to the Net -- even if the hacks in fact added
functionality -- would drown me in support mail which I would be
ill-equipped to handle.  PC users by and large assume that everybody is
WordPerfect Corporation, with similar resources to bring to bear on
support problems, and with similarly monolithic control over the product.
 The idea that there would be "Cello Variations"  just wouldn't occur to
most of them.  

Sure, when the community of users and developers overlaps considerably --
as it traditionally has with, say, Perl -- most of these kinds of
problems can be dealt with via newsgroup, or via peer pressure applied to
newcomers who don't know the ropes, or by the somewhat gentler mechanism
of an FAQ.  People come to know pretty quickly who did what and who's
responsible for which.  I think the PC community is too large for those
approaches to work these days -- a suspicion which is pretty quickly
confirmed by a look at comp.protocols.tcpip.ibm-pc or
comp.os.ms-windows.apps.  Or comp.os.linux, for that matter, where
_everybody_ seems to be a developer.  Fact is, I'm outnumbered.  Severely.

As for the claim that source code is necessary to prevent viruses and
trojan horses, that's either silly or downright insulting.  I don't ask
Martin Marietta to send me engineering simulations and blueprints before
I get on a plane.  And I suspect that something which had been developed
in such a nefarious fashion would be caught very quickly, with fairly
nasty consequences for the fool who did it.
Provided, of course, that the code responsible for any such problem could
actually be attributed to someone -- which would most emphatically _not_
be the case if someone were to pick up source code to Cello, add some
virus code, and then repost the whole thing as an "updated" version on 
ftp.cica.indiana.edu.  For instance.

But this isn't really the problem here and discussing bigger issues
doesn't get Rich Brandwein very far down the road.  I have exactly zero
experience with firewalls and proxytizing generally, but I'm guessing
(perhaps foolishly) that the necessary alterations would need to be made
to networking code only.  If that's so (big if, slap me if I'm wrong),
would it not be an option to build a bridge module of some kind on top of
WINSOCK?  Or even a proxyable WINSOCK which all could use?  


Thomas R. Bruce										
Thomas_Br...@cornell.edu				

Legal Information Institute
Cornell Law School