💾 Archived View for spam.works › mirrors › textfiles › hacking › riacs captured on 2023-11-04 at 13:25:52.

View Raw

More Information

⬅️ Previous capture (2023-06-14)

-=-=-=-=-=-=-

Here is a policy statement about responsible computer use we have
adopted here at RIACS (Research Institute for Advanced Computer
Science).  It draws heavily from the MIT Project Athena policy
statement posted earlier in RISKS.  Enjoy.  --Peter
 
-----------------------------------------------------------
 
PRINCIPLES OF RESPONSIBLE USE OF RIACS COMPUTING FACILITIES
February 1, 1989
P.J.D.
 
 
 
The RIACS computing facility is designed to support the research
and related activities of RIACS.  It consists of a networked
system of workstations and services, and includes communication
features that offer many opportunities for members of the RIACS
community to share information among themselves and with outside
collaborators.  With that ability to share comes the
responsibility to use the system in accordance with RIACS's
standards of honesty and personal conduct.  Those standards call
for all members of the community to act in a responsible,
ethical, and professional way.  This note offers guidelines in
applying those standards to use of RIACS facilities.
 
The RIACS system is a closed network of workstations and servers
that are mutually trusting.  Access to any workstation
constitutes access to the whole system.  Under normal operation,
the many workstations and servers are transparent to the users
of the system.
 
 
 
INTENDED USE
 
The hardware granted to RIACS, and the software licensed for
that hardware, are intended for research and educational use,
broadly construed, by members of RIACS and selected outside
collaborators.  Use of RIACS resources by anyone outside
requires approval of an assistant director, and the sale of such
use is improper.  The use of RIACS resources for immediate
financial gain is similarly improper.  RIACS computing
facilities are intended to augment, but not replace, existing
NASA computational facilities such as supercomputers.
 
Computer accounts (and network mailboxes) will be given to all
employees, to outside collaborators with written agreements, and
to guests who are collaborating with a project.  All outsiders
must be sponsored by a member of technical staff.  All guest
accounts will be closed after the termination date unless the
RIACS sponsor renews the agreement.  Account holders should
not share their accounts or passwords with others.
 
 
 
PRIVACY AND SECURITY
 
The operating systems used by RIACS encourage sharing of
information.  Security mechanisms for protecting information
from unintended access, from within the system or from the
outside, are minimal.  These mechanisms, by themselves, are not
sufficient for a large community in which protection of
individual privacy is as important as sharing.  Users must
supplement the system's security mechanisms by using the system
in a manner that preserves and respects the privacy of others.
 
For example, no user should attempt to gain access to the files
or directories of another user without clear authorization from
the other user; typically that authorization is expressed by
setting file access permissions that allow public or group
reading.  No user should attempt to intercept any network
communications, such as electronic mail or user-to-user dialog.
A shared program should not secretly collect information about
its users.  Personal information about individuals, which a user
would not normally disseminate, should be stored in private
files inaccessible to to anyone other than the owner, and should
be distributed only to authorized individuals.  Examples of such
personal information are performance reviews or letters of
recommendation.
 
Superuser privileges will be granted only to immediate system
staff.  The staff are responsible safeguard the system and the
information within it.  They will respect the privacy of
personal files and mail within the system.
 
RIACS makes best efforts to defend against unauthorized use of
the RIACS system.  RIACS people should respect the security and
access policies of other systems, and the desire of other
institutions to defend themselves against instrusions.
 
 
SYSTEM INTEGRITY
 
Actions taken by users intentionally to interfere with or to
alter the integrity of the system are improper.  Such actions
include unauthorized use of accounts, impersonation of other
individuals in communications, attempts to capture or crack
passwords, attempts to break encryption protocols, compromising
privacy, and destruction or alteration of data or programs
belonging to other users.  It is unacceptable to create worm or
virus programs.  It is unacceptable to conduct experiments that
demonstrate network vulnerabilities without the prior permission
of network authorities.  It is unacceptable to engage in acts
that would restrict or deny access by legitimate users to the
system.
 
 
INTELLECTUAL PROPERTY RIGHTS
 
Some software and data that reside on the system are owned by
users or third parties, and are protected by copyright and other
laws, together with licenses and other contractual agreements.
RIACS people are expected to respect and abide by the terms and
conditions of software use and redistribution licenses.  Such
restrictions may include prohibitions against copying programs
or data for use on non-RIACS systems or for distribution outside
RIACS, against the resale of data or programs or the use of them
for noneducational purposes or for financial gain, and against
public disclosure of information about programs (e.g., source
code) without the owner's authorization.
 
RIACS people who develop new packages that include components
subject to use, copying, or redistribution restrictions have the
responsibility to make any such restrictions known to the users
of those packages.
 
Software developed by RIACS is considered to be in the public
domain and is to carry certain copyright notices at all times.
A separate policy document provides the details.