Notes for October 3, 2000 1. Greetings and Felicitations! a. Room change: beginning on Thursday, we meet at 1204 Haring Hall; it's a bigger room. b. Because of this, we can let about 10 more people into the class; these will come off the top of the wait list. c. Logs for my system, nob.cs.ucdavis.edu, available at the MyUCDavis web site and are visible only to regis- tered students, like the Chapter 1 handout 2. Puzzle of the day 3. Human Factors a. Principle of Psychological Acceptability (note: illegal violates this) b. Principle of common sense (it's not common; more when we discuss robust programming) 4. Role of trust a. What is trust? b. Who cares? 5. Robust Programming a. Go through handout, emphasizing principles b. Information hiding and abstraction c. Error handling Puzzle of the Day A student suspects there is a vulnerability on a system in a university public access laboratory. She tests this by trying to exploit the vulnerability. She succeeds, and obtains privileges that she would not normally have. She reports both the hole and her exploiting it to the system staff, who in turn report it to the manager of the laboratory. The manager files charges of breaking into a computer system against the student. The student is promptly hauled before the Stu- dent Judicial Authority. 1. Did the student act ethically by testing the system for the security hole before reporting it? 2. Did the manager act ethically by filing charges against the student? 3. The manager told the system staff not to bother fixing the hole, because the action taken by the SJA would deter any future break-ins through that hole. Was the manager's action appropriate?