Open Letter to D-Link about their NTP vandalism

Thu Apr 13 00:45:01 UTC 2006

On Wed, Apr 12, 2006 at 01:32:26PM -0500, Stephen Sprunk wrote:
> 
> On the plus side, after seeing D-Link's (lack of) reaction to this, I'll 
> bet none of us will buy another of their products again.

If it was legal to sell whatever you people are smoking that makes you 
think dlink gives a flying crap about you as customers, I'd be a very rich 
man. What part of "mass consumer product" isn't clear here, 99.9% of their 
target market doesn't know NTP is, and doesn't care.

I am absolutely appalled by the number of "slashdot warriors" here, ready 
to launch a crusade of spreading misinformation to the media in hopes of 
obtaining a large monetary payout or otherwise causing dlink, in the name 
of "doing the right thing", and without any consideration or understanding 
of the facts at hand. You know why dlink can't just come forward and say 
"woops we're sorry, we didn't see that you wanted this used for DIX 
members only, our bad"? Because they have to contend with people who will 
take that apology and then use it in court as an admission of guilt, and 
seek many tens of thousands of dollars or more in non-existent damages.

I think we all know that dlink was wrong. They should have double-checked 
the list of NTP servers they included in their default shipping firmware 
to make certain that the owners were ok with having their services used 
publically, there is no question about this. However, just because they 
made this mistake, it is not an excuse for everyone involved to start 
cashing in like they hit the lottery. Imagine that you get rear ended in 
traffic by an inattentive driver, and they dent your bumper. Yes it is 
their fault, yes they made a mistake and they should be responsible for 
it, but it is not okay for you to start screaming whiplash as soon as you 
see that you got hit by a Mercedes. It also doesn't mean that you are 
going to get a new car instead of them paying to have your bumper fixed.

If anyone else is going to carry this as a story, please act responsibly 
and do a little fact checking. We're talking about 37 packets/sec, less 
than a dialup worth of bandwidth, and any number of technical solutions 
which could completely mitigate that traffic without ANY additional 
expenses. Also, IANAL, but I think that refusing to take reasonable action 
to mitigate the damages because you feel the other party is "at fault" and 
should be 100% responsible is probably a good way to hurt any kind of case 
you might actually have against them too.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)