From owner-nanog@merit.edu Tue Mar 15 14:28:29 2005 To: Robert Bonomi <bonomi@mail.r-bonomi.com> Cc: nanog@merit.edu Subject: Re: sorbs.net From: Valdis.Kletnieks@vt.edu Date: Tue, 15 Mar 2005 15:28:17 -0500
On Tue, 15 Mar 2005 13:42:24 CST, Robert Bonomi said:
As with any other 'voluntary use' blocklist, it's "clout" is only as good as the number of people using it. If serious questions arose as to the 'integrity' of the list, or the list operator, the vast majority of the mail-server operators using it would *stop* doing so. And any lack of integrity would be a moot issue, since 'practically nobody' would still be using it. It is _textbook_perfect_ "self regulation" at work.
This is, of course, making the rather big assumption that the person who decided to use said blocklist:
a) was fully cognizant of the list's goals and policies when they chose to use it.
nope.
*and* b) is willing and able to track deviations on an ongoing basis.
Yup. That _is_ an implicit part of *any* filtering/blocking job -- and many other tasks as well. That you _check_ on an ongoing basis, to make sure that the automation *is* doing what you "think" it is doing.
*and* c) whoever replaces them is also able to do so.
If they aren't competent to do the job, they shouldn't *have* the job. If management doesn't know what all the job requirements are, that is managements failing, and they _deserve_ the consequences thereof. <wry grin>
If it was in fact "textbook perfect", we'd never hear about stuff breaking when a block list goes belly up with six month's warning, and people *still* being surprised when suddenly everything returns 127.0.0.2 and a lot of mail goes kaboing.
Beg to differ. "textbook perfect" self-regulation means that when the list starts returning excessive numbers of false positives, that 'practically everybody' _stops_using_it_. And in fairly short order. Which is, in fact, precisely what DID happen. The list operator was relying on the effectiveness of said "self regulation" mechanism to "get the word out" to those who had _not_ heard about the shutdown from other sources.
On Tue, 15 Mar 2005 14:56:15 CST, Robert Bonomi said:
If they aren't competent to do the job, they shouldn't *have* the job. If management doesn't know what all the job requirements are, that is managements failing, and they _deserve_ the consequences thereof. <wry grin>
To misquote Randy: "I encourage my competitors to choose managers that way." ;) The fact is that there's a *lot* of clue-deficient people in those jobs.
Beg to differ. "textbook perfect" self-regulation means that when the list starts returning excessive numbers of false positives, that 'practically everybody' _stops_using_it_. And in fairly short order.
The fact that so many people get caught and surprised when it goes to 100% false positives indicates that they'd likely have had *no clue* what was wrong if the false positive rate was down in to 5% to 10% range. Remember that your analysis is leaving out the fact that a lot of these people *are* clueless and subscribe to "wave a dead chicken 3 times, sacrifice money to Redmond, and reboot and hope that things have miraculously changed, even with no actual change of configuration"... If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using? Because enough people running networks are idiots. Why do these network even stay in business? Because their competitors are often equally mercifully free of the ravages of intelligence....
If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using?
Because enough people running networks are idiots. Why do these network even stay in business?
Because their competitors are often equally mercifully free of the ravages of intelligence....
I'm sorry, but the correct answer that we're looking for is : "Customers." Because they have customers who don't just put up with it, but encourage them by *PAYING THEM MONEY* All "really stupid" companies that make "really stupid" products, stay in business because"really stupid" customers pay them them "really stupid" money. So, who's stupid? This is not only relevant to network operation, but life, as a whole. It's not my opinion, it's the truth. (is it not a fun world we live in?) -Jerry
If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using?
As MAPS found out during some early legal imbroglios, it is very easy to convince a judge that at least one ISP has subscribed to a blackhole list without understanding the full effects that this choice would produce. The whole "click to agree" (or "press F8 after scrolling to the last page") thing from software vendors is no better. There's no way a judge (nor, one assumes, a jury) will ever believe that everyone who signalled agreement, understood. The last couple of times I've signed closing papers for a house I've had to write several times "I agree, and I understand english" longhand and then sign my name -- but I don't think that'd hold up to a challenge of nonunderstanding, either. Every non-P2P non-anonymous reputation system will be vulnerable to this, and every P2P or anonymous reputation system will be full of sludge. We don't have a mature enough system of accountability, anywhere in meatspace, to account for the kinds of relationship and transactions the Internet makes possible. -- Paul Vixie
On Tue, 15 Mar 2005, Paul Vixie wrote:
If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using?
As MAPS found out during some early legal imbroglios, it is very easy to convince a judge that at least one ISP has subscribed to a blackhole list without understanding the full effects that this choice would produce.
The whole "click to agree" (or "press F8 after scrolling to the last page") thing from software vendors is no better. There's no way a judge (nor, one assumes, a jury) will ever believe that everyone who signalled agreement, understood. The last couple of times I've signed closing papers for a house I've had to write several times "I agree, and I understand english" longhand and then sign my name -- but I don't think that'd hold up to a challenge of nonunderstanding, either.
Mortgage agreement is not the best choice for comparison on how blocklists are used, its slightly different concept. Blocklist use is example of delegating responsibility which is common and rooted in our political system (and concept is in use both by government and private businesses). Since one person can not possibly make a decision about each and every detail of their life (although libertarians claim otherwise) we choose to delegate responsibility for certain tasks to certain other people or organization that specialize in those areas. This is both more manageable and as far as overall costs are concerned. By delegating the task we accept the consequence that somebody else would be making decision on our behalf on this particular subject but this is done by choice and either each person participates in directly choosing who would be doing the decision or accepts decision make by majority social group he's in or delegates making decision on who would be doing involved to somebody else (delegation chain). In terms of use of blocklists, the end-user directly delegates responsibility for making decisions about which emails are good or bad to his ISP. In parcticular if user uses email with ISP's domain name than in fact ISP has full rights to make decisions about their domain and user has to accept it by default as he/she just buys partial use with that domain, but if user has his own domain, then he/she makes decisions by buying mail hosting service and delegating responsibility regarding how email is delivered has to be explicit as part of such mail hosting service agreement. Now ISP then delegates responsibility further by choosing select list of organizations they believe are better qualified to make decision if the source of the email is good or bad - these are blocklist operators, so there exists delegation chain from end-user to blocklist operator (just like there exist delegation chain about regulations regarding telecom services which we buy, thse regulations are made by FCC which is in turn chosen by the government and approved by the parliment to which end-users deligated this reponsibility by selecting it). In each case by delegating responsibility you accept consequence that somebody else would make a decision and you have to live with such consequence, such as that those others may occasionally be wrong (and if they are wrong too often you can be vocal about it and they either change based on your comments or you make different choice). If you do not like all this, feel free (with your own domain name) to not use filtering service and make decision about every email by yourself, however the problem is that you'll spend more time on that that you could be spending on something else more productive and as such this time in fact does cost you something even if it provides you better granularity and direct access to the decisions. At the same time by delegating responsibility you accept (often free) service provide by blocklist and it is usually more cost-effective (both to each individual and definetly to society costs in general). -- William Leibzon Elan Networks william@elan.net
participants (5)
-
Jerry Pasker
-
Paul Vixie
-
Robert Bonomi
-
Valdis.Kletnieks@vt.edu
-
william(at)elan.net