Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
An uneducated end user is not something you can fix with a service pack.
A profound point, again highlighting the fact that there are no technical solutions to this problem. (Though technical measures to enhance traceability are a big help.) So, the logical inference is training and licensing to get internet access. When I was 16 in Connecticut many many years ago, we had to take a driver-training course (given by a policeman) to get a driver's license. I see no discussion about this approach, here or elsewhere. Jeffrey Race
----- Original Message ----- From: "Dr. Jeffrey Race" <jrace@attglobal.net> To: "Jeffrey Race" <jrace@attglobal.net> Cc: <nanog@nanog.org> Sent: Monday, April 19, 2004 11:10 PM Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
An uneducated end user is not something you can fix with a service pack.
A profound point, again highlighting the fact that there are no technical solutions to this problem. (Though technical measures to enhance traceability are a big help.)
So, the logical inference is training and licensing to get internet access. When I was 16 in Connecticut many many years ago, we had to take a driver-training course (given by a policeman) to get a driver's license.
I see no discussion about this approach, here or elsewhere.
I would love to know the average age of the list inhabitants. It has been my observation that things which are new become better known when a generation has grown up, completely, with it and is teaching the next generation. Until that occurs, you are going to get one heck of a larger lot of uninformed users because they are not only young and clueless but every other age and clueless. Worse, they are clueless in a lot of cases because they are frightened by new technology. Eventually, it will become as common as a car on the road and at that point, taking obvious steps wont even be a topic for discussion any longer. When that happens, arts majors wont be the only ones serving fries at Maccas. Greg.
At Mon, Apr 19, 2004 at 11:22:17PM +1000, Gregh wrote:
I would love to know the average age of the list inhabitants.
22
It has been my observation that things which are new become better known when a generation has grown up, completely, with it and is teaching the next generation.
Until that occurs, you are going to get one heck of a larger lot of uninformed users because they are not only young and clueless but every other age and clueless. Worse, they are clueless in a lot of cases because they are frightened by new technology. Eventually, it will become as common as a car on the road and at that point, taking obvious steps wont even be a topic for discussion any longer.
Of course you're right, but this isn't going to happen for a long time.. and besides.. there are a lot of people in my generation that are not that tech-savvy at all.. I'd say the top uses are Games, IM/blogs/etc and P2P None of these really have anything to do with being good guardians of the net. Of course in the long-run you'll prove me wrong.. but I think it'll take a fair while yet.. anyway, i just hope we'll have made good progress on other fronts. - bri
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Dr. Jeffrey Race Sent: April 19, 2004 9:11 AM To: Jeffrey Race Cc: nanog@nanog.org Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
An uneducated end user is not something you can fix with a service pack.
A profound point, again highlighting the fact that there are no technical solutions to this problem. (Though technical measures to enhance traceability are a big help.)
So, the logical inference is training and licensing to get internet access. When I was 16 in Connecticut many many years ago, we had to take a driver-training course (given by a policeman) to get a driver's license.
I see no discussion about this approach, here or elsewhere.
Well, there are a number of problems with this. Firstly, who enforces it? The reason it "works" with cars is that the state (or province for those of us north of the border) effectively says "you can't drive a car without this lovely piece of paper/plastic that we'll give you" and "if we find you driving a car without the lovely piece of paper/plastic, you're going to be in serious trouble". Are you proposing that each jurisdiction that currently licences drivers also licence Internet users and tell ISPs "sorry, but if they don't give their licence, you can't give them an account"? Secondly, HOW do you enforce it? Motor vehicles only require a licence to be operated on public roads in all jurisdictions I'm aware of. IANAL, but if some 14 year old kid without a licence wants to drive around on his parents' private property, that is not illegal. Now, the instant that vehicle leaves the private property, it's another story (assuming, of course, cops around to check licences. In some jurisdictions, this is more true than in others). My point is, driving is ONLY regulated when it is done in public view, for obvious reasons. Computer use is an inherently private activity, so how do you propose to verify that the person using a computer is in fact licenced? Mandatory webcams? :P Thirdly, WHO do you enforce it against? It's pretty difficult (and illegal) for $RANDOM_JOE (or $RANDOM_KID, etc) to just go out and drive someone's car without their explicit knowledge and permission. (Okay, so you can hotwire a car, but...) It's very easy for someone other than the computer owner or ISP contractholder to have access to it and abuse it and stuff. So what do you propose? Mandatory cardreaders on all computers? Fingerprint scanners integrated into keyboards? How else can you avoid Mom logging online, and then letting the unlicenced kids roam free online, allegedly to do "research for school"? Do you want to fine/jail/etc Mom if the kids download a trojan somewhere? Fourthly, as someone pointed out, the first generation always complains. I hate to show how young I probably am compared to many on this list, but my jurisdiction introduced graduated driver's licencing a few years before I was old enough to get a driver's licence, and it angers me that the random guy who's out on the road driving like a moron had to go through way less bureaucracy, road tests, etc than me simply because he was born ten years before me. That said, if no reforms are made to make this system stricter, I'm sure the next generation won't see this system as an outrage simply because they won't remember an era when the bureaucracy. Currently, people can buy computers/Internet access/etc unregulated at the random store down the street. You're proposing that some regulatory authority require licencing... Why should these voters accept it? Especially since, unlike with cars, the damage done by poorly-operated computers is rather hard to explain to a technologically-unskilled person. Most would respond something like "well, it's not my fault some criminal wrote a virus/exploit/whatever. Put that person in jail, and let me mind my own business." Good luck educating them on the fallacies in that statement. Fact is, until home computer security issues result in a pile of bloody bodies to show on CNN, no one in the general public and/or the legislative branches of government has any incentive to care... Vivien
Firstly, who enforces it? The reason it "works" with cars is that the state (or province for those of us north of the border) effectively says "you can't drive a car without this lovely piece of paper/plastic that we'll give you" and "if we find you driving a car without the lovely piece of paper/plastic, you're going to be in serious trouble". Are you proposing that each jurisdiction that currently licences drivers also licence Internet users and tell ISPs "sorry, but if they don't give their licence, you can't give them an account"?
That's not a problem. The state licenses drivers but it also owns the roads.
Secondly, HOW do you enforce it? Motor vehicles only require a licence to be operated on public roads in all jurisdictions I'm aware of. IANAL, but if some 14 year old kid without a licence wants to drive around on his parents' private property, that is not illegal.
So? If you want to mess around on your private network, I don't care either.
Now, the instant that vehicle leaves the private property, it's another story (assuming, of course, cops around to check licences. In some jurisdictions, this is more true than in others).
Exactly. You want to go on someone else's roads, you do so only by their rules.
My point is, driving is ONLY regulated when it is done in public view, for obvious reasons. Computer use is an inherently private activity, so how do you propose to verify that the person using a computer is in fact licenced? Mandatory webcams? :P
So you can drive however you want on *my* driveway? That's not public view, is it? If there only private roads, I'll bet you that private road owners would have come up with a licensing system quite similar to what we have today, for liability reasons if nothing else. You might also notice that you can't get liability insurance without a license even though that insurance is issued privately, and there aren'y many road owners who let you drive on their roads without insurance.
Thirdly, WHO do you enforce it against? It's pretty difficult (and illegal) for $RANDOM_JOE (or $RANDOM_KID, etc) to just go out and drive someone's car without their explicit knowledge and permission. (Okay, so you can hotwire a car, but...) It's very easy for someone other than the computer owner or ISP contractholder to have access to it and abuse it and stuff.
I'm not sure I understand why you think this is so. My kids know that my computer is off-limits to them just like they know my car is off-limits to them. They are physically capable of obtaining access to either without my permission.
So what do you propose? Mandatory cardreaders on all computers? Fingerprint scanners integrated into keyboards? How else can you avoid Mom logging online, and then letting the unlicenced kids roam free online, allegedly to do "research for school"? Do you want to fine/jail/etc Mom if the kids download a trojan somewhere?
I would presume that a license would include the rights to allow others to use your access under appropriate supervision or with appropriately restrictive software.
Fourthly, as someone pointed out, the first generation always complains. I hate to show how young I probably am compared to many on this list, but my jurisdiction introduced graduated driver's licencing a few years before I was old enough to get a driver's licence, and it angers me that the random guy who's out on the road driving like a moron had to go through way less bureaucracy, road tests, etc than me simply because he was born ten years before me. That said, if no reforms are made to make this system stricter, I'm sure the next generation won't see this system as an outrage simply because they won't remember an era when the bureaucracy. Currently, people can buy computers/Internet access/etc unregulated at the random store down the street. You're proposing that some regulatory authority require licencing... Why should these voters accept it?
Because their failure to cooperate will result in ostracism. That's how the Internet has always worked.
Especially since, unlike with cars, the damage done by poorly-operated computers is rather hard to explain to a technologically-unskilled person. Most would respond something like "well, it's not my fault some criminal wrote a virus/exploit/whatever. Put that person in jail, and let me mind my own business." Good luck educating them on the fallacies in that statement.
The point is, you don't have to. You just have to not let them on your roads. If they think the things they have to do to get on your roads are worth the value of those roads, they'll do them. If not, not. You don't care why people comply with your rules. People don't get driver's licenses because they think the piece of paper makes them a better driver, they do it because that is what's required for them to get insurance and avoid tickets and even jail.
Fact is, until home computer security issues result in a pile of bloody bodies to show on CNN, no one in the general public and/or the legislative branches of government has any incentive to care...
They don't have to. It's the road owners who decide who gets to drive on their roads. All it would take is a certificate infrastructure and companies issuing certificates to people who demonstrate competence. Then sites could start restricting traffic to certificate holders immediately. I think this is actually a bad idea. But none of the arguments you've made are the reasons why. Once you pretty much had to be a mechanic to drive a car. DS
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of David Schwartz Sent: April 19, 2004 12:57 PM To: 'Dr. Jeffrey Race' Cc: nanog@nanog.org Subject: RE: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
Firstly, who enforces it? The reason it "works" with cars is that the state (or province for those of us north of the border) effectively says "you can't drive a car without this lovely piece of paper/plastic that we'll give you" and "if we find you driving a car without the lovely piece of paper/plastic, you're going to be in serious trouble". Are you proposing that each jurisdiction that currently licences drivers also licence Internet users and tell ISPs "sorry, but if they don't give their licence, you can't give them an account"?
That's not a problem. The state licenses drivers but it also owns the roads.
Yes... And the state doesn't own the Internet, and can't SEE the Internet (or its component networks). How does it enforce who uses it?
Secondly, HOW do you enforce it? Motor vehicles only require a licence to be operated on public roads in all jurisdictions I'm aware of. IANAL, but if some 14 year old kid without a licence wants to drive around on his parents' private property, that is not illegal.
So? If you want to mess around on your private network, I don't care either.
And exactly how do you separate public and private networks, from the point of view of law enforcement? In the driving world, public roads are easy enough to enforce things on... Besides, there are no [major] public networks, if by public, you mean taxpayer-owned... If you mean publicly accessible, that's another story, of course...
Now, the instant that vehicle leaves the private property, it's another story (assuming, of course, cops around to check licences. In some jurisdictions, this is more true than in others).
Exactly. You want to go on someone else's roads, you do so only by their rules.
But my point is, they can SEE you. If I drive out on the roads of whatever state/province/municipality/etc, their authorized agents (read: cops) can SEE me and stop me. Try and do that with my IP packets. You try and track the IP packet that you are getting from my machine to me as a human... Sure, you can do it, if you have an army of lawyers in a bunch of jurisdictions, but it's not like the cop who sees a moron driving badly and just pulls them over, at which point they HAVE the moron in their hands... You can have my packets going around into your network without having physical access to me, but you CAN'T have my car driving around (unless I'm not driving it :P) in your roads without me being in it. So, how do you ask my packets for my computer licence?
My point is, driving is ONLY regulated when it is done in public view, for obvious reasons. Computer use is an inherently private activity, so how do you propose to verify that the person using a computer is in fact licenced? Mandatory webcams? :P
So you can drive however you want on *my* driveway? That's not public view, is it? If there only private roads, I'll bet you that private road owners would have come up with a licensing system quite similar to what we have today, for liability reasons if nothing else. You might also notice that you can't get liability insurance without a license even though that insurance is issued privately, and there aren'y many road owners who let you drive on their roads without insurance.
If I drive on YOUR driveway without a licence, assuming I can GET to your driveway without driving on a public road (e.g. someone with a licence drives me to your driveway), I'm guilty of tresspassing on your property, but I don't think I'm guilty of driving without a licence. And why would any insurer insure somebody without a licence? Sounds to me like financial suicide, assuming driver licencing actually DOES keep morons off roads...
Thirdly, WHO do you enforce it against? It's pretty difficult (and illegal) for $RANDOM_JOE (or $RANDOM_KID, etc) to just go out and drive someone's car without their explicit knowledge and permission. (Okay, so you can hotwire a car, but...) It's very easy for someone other than the computer owner or ISP contractholder to have access to it and abuse it and stuff.
I'm not sure I understand why you think this is so. My kids know that my computer is off-limits to them just like they know my car is off-limits to them. They are physically capable of obtaining access to either without my permission.
You're an IT professional. This isn't about you. This is about the random family with the "family computer" that everybody installs random crapware onto in the kitchen or den. Does the same apply in that situation?
So what do you propose? Mandatory cardreaders on all computers? Fingerprint scanners integrated into keyboards? How else can you avoid Mom logging online, and then letting the unlicenced kids roam free online, allegedly to do "research for school"? Do you want to fine/jail/etc Mom if the kids download a trojan somewhere?
I would presume that a license would include the rights to allow others to use your access under appropriate supervision or with appropriately restrictive software.
Again, without enforcement officers in your house, HOW do you propose to enforce this? Besides, last I checked, driver's licences don't give you the right to have your kids drive without a licence if you're in the vehicle. The kids (at least in the jurisdictions I know of, this may not apply to all 60+ jurisdictions in North America) first have to prove to the regulatory authority that they know the rules of the road, and THEN they're allowed to drive around with a parent. How do you propose to enforce a similar thing for the kitchen computer?
Fourthly, as someone pointed out, the first generation always complains. I hate to show how young I probably am compared to many on this list, but my jurisdiction introduced graduated driver's licencing a few years before I was old enough to get a driver's licence, and it angers me that the random guy who's out on the road driving like a moron had to go through way less bureaucracy, road tests, etc than me simply because he was born ten years before me. That said, if no reforms are made to make this system stricter, I'm sure the next generation won't see this system as an outrage simply because they won't remember an era when the bureaucracy. Currently, people can buy computers/Internet access/etc unregulated at the random store down the street. You're proposing that some regulatory authority require licencing... Why should these voters accept it?
Because their failure to cooperate will result in ostracism. That's how the Internet has always worked.
How do you get ostracised when you're the majority? The majority of people think computers are glorified toasters. WE are the minority here, and if we start giving too many lectures, WE get ostracized. You have any idea how many people think I'm insane because I've told them HTML email is bad? In YOUR world, they'd be ostracized for using HTML email. In the REAL world, I'm the SOB out to spoil their fun by insisting on archaic modes of communication.
Especially since, unlike with cars, the damage done by poorly-operated computers is rather hard to explain to a technologically-unskilled person. Most would respond something like "well, it's not my fault some criminal wrote a virus/exploit/whatever. Put that person in jail, and let me mind my own business." Good luck educating them on the fallacies in that statement.
The point is, you don't have to. You just have to not let them on your roads. If they think the things they have to do to get on your roads are worth the value of those roads, they'll do them. If not, not. You don't care why people comply with your rules. People don't get driver's licenses because they think the piece of paper makes them a better driver, they do it because that is what's required for them to get insurance and avoid tickets and even jail.
See below.
Fact is, until home computer security issues result in a pile of bloody bodies to show on CNN, no one in the general public and/or the legislative branches of government has any incentive to care...
They don't have to. It's the road owners who decide who gets to drive on their roads. All it would take is a certificate infrastructure and companies issuing certificates to people who demonstrate competence. Then sites could start restricting traffic to certificate holders immediately.
So you propose some form of access control? If someone's packets don't identify themselves the way you want, you want your network to send them to the great null0 in the sky? So, you want to balkanize the Internet? If my network accepts packets signed by licencing board A, and is licenced by A, and your network wants licencing board Z and is licenced by D, then your network won't accept my packets and mine won't accept yours. How does that leave anybody better off? This is as silly as each town alongside a major regional highway saying "we will only allow vehicles registered in our jurisdiction, or in jurisdictions who pay us a tax to drive through our 2 mile stretch of road." Seems to me like you'd be throwing a whole maternity ward full of babies out with that bathwater... Vivien
On Mon, 19 Apr 2004 09:10:32 EDT, "Dr. Jeffrey Race" said:
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
An uneducated end user is not something you can fix with a service pack.
A profound point, again highlighting the fact that there are no technical solutions to this problem. (Though technical measures to enhance traceability are a big help.)
Well, there *are* technical solutions, but over the last few hundred years we've managed to essentially stop Darwinian selection against idiots, and we as a society seem to frown on the forced sterilization of same.
On Mon, 19 Apr 2004, Dr. Jeffrey Race wrote: : On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote: : : > An uneducated : >end user is not something you can fix with a service pack. : : A profound point, again highlighting the fact that there : are no technical solutions to this problem. (Though : technical measures to enhance traceability are a big help.) : : So, the logical inference is training and licensing to : get internet access. When I was 16 in Connecticut many : many years ago, we had to take a driver-training course : (given by a policeman) to get a driver's license. : : I see no discussion about this approach, here or elsewhere. Think globally. Even though this forum has NA as its heading, we need to think globally when suggesting solutions. You'll never get any sort of licensing globally nor will you EVER get end users (globally) educated enough to stop doing the things that they do which allow these events to continually occur. scott
----- Original Message ----- From: "Scott Weeks" <surfer@mauigateway.com> To: "Dr. Jeffrey Race" <jrace@attglobal.net> Cc: <nanog@nanog.org> Sent: Tuesday, April 20, 2004 1:07 PM Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
Think globally. Even though this forum has NA as its heading, we need to think globally when suggesting solutions. You'll never get any sort of licensing globally nor will you EVER get end users (globally) educated enough to stop doing the things that they do which allow these events to continually occur.
I would like to point out one little area of concern in this discussion for me - that was the critical update for Win XP of March 28th, 2002 in it's original output, not the amended one. I don't know how many of your clients were affected by this but I had to rush about in circles like a duck with a broken wing simply because some users had altered their own settings, regardless of policy at each company, so that they could apply updates for themselves. Consequently some XP (and I believe W2K as well but I didn't see this on a W2K machine personally) setups just went down in a heap and it took some time to fix them all. So, while considering global solutions, if anyone were to seriously decide all Windows machines will now be auto updated whether you like it or not, I would definitely put a block on Windows web sites - as I had to do at that time - so that no-one could get an update I didn't apply. Since that time, any XP update gets tested on a machine that doesn't matter should it go down prior to installation. We are all so busy, here, looking at ways to solve a problem that is already there. It should be stopped prior to it coming out and fixed at that point. This means REAL beta testers, not whatever is going on in MS right now. There should also be consequences. That implies a lot of people in I.T. acting as one mind and enforcing something upon MS. That is where we will always fail. Like the untended hard drive, we are too fragmented. Greg.
participants (7)
-
Brian Russo -
David Schwartz -
Dr. Jeffrey Race -
Gregh -
Scott Weeks -
Valdis.Kletnieks@vt.edu -
Vivien M.