A profound point, again highlighting the fact that there
are no technical solutions to this problem. (Though
technical measures to enhance traceability are a big help.)
So, the logical inference is training and licensing to
get internet access. When I was 16 in Connecticut many
many years ago, we had to take a driver-training course
(given by a policeman) to get a driver's license.
I see no discussion about this approach, here or elsewhere.
Jeffrey Race
I would love to know the average age of the list inhabitants.
It has been my observation that things which are new become better known
when a generation has grown up, completely, with it and is teaching the next
generation.
Until that occurs, you are going to get one heck of a larger lot of
uninformed users because they are not only young and clueless but every
other age and clueless. Worse, they are clueless in a lot of cases because
they are frightened by new technology. Eventually, it will become as common
as a car on the road and at that point, taking obvious steps wont even be a
topic for discussion any longer.
When that happens, arts majors wont be the only ones serving fries at
Maccas.
Greg.
I would love to know the average age of the list inhabitants.
22
It has been my observation that things which are new become better known
when a generation has grown up, completely, with it and is teaching the next
generation.Until that occurs, you are going to get one heck of a larger lot of
uninformed users because they are not only young and clueless but every
other age and clueless. Worse, they are clueless in a lot of cases because
they are frightened by new technology. Eventually, it will become as common
as a car on the road and at that point, taking obvious steps wont even be a
topic for discussion any longer.
Of course you're right, but this isn't going to happen for a long time..
and besides.. there are a lot of people in my generation that are not
that tech-savvy at all..
I'd say the top uses are Games, IM/blogs/etc and P2P
None of these really have anything to do with being good guardians of
the net.
Of course in the long-run you'll prove me wrong.. but I think it'll take
a fair while yet.. anyway, i just hope we'll have made good progress on
other fronts.
- bri
Well, there are a number of problems with this.
Firstly, who enforces it? The reason it "works" with cars is that the state
(or province for those of us north of the border) effectively says "you
can't drive a car without this lovely piece of paper/plastic that we'll give
you" and "if we find you driving a car without the lovely piece of
paper/plastic, you're going to be in serious trouble". Are you proposing
that each jurisdiction that currently licences drivers also licence Internet
users and tell ISPs "sorry, but if they don't give their licence, you can't
give them an account"?
Secondly, HOW do you enforce it? Motor vehicles only require a licence to be
operated on public roads in all jurisdictions I'm aware of. IANAL, but if
some 14 year old kid without a licence wants to drive around on his parents'
private property, that is not illegal. Now, the instant that vehicle leaves
the private property, it's another story (assuming, of course, cops around
to check licences. In some jurisdictions, this is more true than in others).
My point is, driving is ONLY regulated when it is done in public view, for
obvious reasons. Computer use is an inherently private activity, so how do
you propose to verify that the person using a computer is in fact licenced?
Mandatory webcams? 
Thirdly, WHO do you enforce it against? It's pretty difficult (and illegal)
for $RANDOM_JOE (or $RANDOM_KID, etc) to just go out and drive someone's car
without their explicit knowledge and permission. (Okay, so you can hotwire a
car, but...) It's very easy for someone other than the computer owner or ISP
contractholder to have access to it and abuse it and stuff. So what do you
propose? Mandatory cardreaders on all computers? Fingerprint scanners
integrated into keyboards? How else can you avoid Mom logging online, and
then letting the unlicenced kids roam free online, allegedly to do "research
for school"? Do you want to fine/jail/etc Mom if the kids download a trojan
somewhere?
Fourthly, as someone pointed out, the first generation always complains. I
hate to show how young I probably am compared to many on this list, but my
jurisdiction introduced graduated driver's licencing a few years before I
was old enough to get a driver's licence, and it angers me that the random
guy who's out on the road driving like a moron had to go through way less
bureaucracy, road tests, etc than me simply because he was born ten years
before me. That said, if no reforms are made to make this system stricter,
I'm sure the next generation won't see this system as an outrage simply
because they won't remember an era when the bureaucracy.
Currently, people can buy computers/Internet access/etc unregulated at the
random store down the street. You're proposing that some regulatory
authority require licencing... Why should these voters accept it? Especially
since, unlike with cars, the damage done by poorly-operated computers is
rather hard to explain to a technologically-unskilled person. Most would
respond something like "well, it's not my fault some criminal wrote a
virus/exploit/whatever. Put that person in jail, and let me mind my own
business." Good luck educating them on the fallacies in that statement.
Fact is, until home computer security issues result in a pile of bloody
bodies to show on CNN, no one in the general public and/or the legislative
branches of government has any incentive to care...
Vivien
Firstly, who enforces it? The reason it "works" with cars is that
the state
(or province for those of us north of the border) effectively says "you
can't drive a car without this lovely piece of paper/plastic that
we'll give
you" and "if we find you driving a car without the lovely piece of
paper/plastic, you're going to be in serious trouble". Are you proposing
that each jurisdiction that currently licences drivers also
licence Internet
users and tell ISPs "sorry, but if they don't give their licence,
you can't
give them an account"?
That's not a problem. The state licenses drivers but it also owns the
roads.
Secondly, HOW do you enforce it? Motor vehicles only require a
licence to be
operated on public roads in all jurisdictions I'm aware of. IANAL, but if
some 14 year old kid without a licence wants to drive around on
his parents'
private property, that is not illegal.
So? If you want to mess around on your private network, I don't care
either.
Now, the instant that
vehicle leaves
the private property, it's another story (assuming, of course, cops around
to check licences. In some jurisdictions, this is more true than
in others).
Exactly. You want to go on someone else's roads, you do so only by their
rules.
My point is, driving is ONLY regulated when it is done in public view, for
obvious reasons. Computer use is an inherently private activity, so how do
you propose to verify that the person using a computer is in fact
licenced?
Mandatory webcams?
So you can drive however you want on *my* driveway? That's not public view,
is it? If there only private roads, I'll bet you that private road owners
would have come up with a licensing system quite similar to what we have
today, for liability reasons if nothing else. You might also notice that you
can't get liability insurance without a license even though that insurance
is issued privately, and there aren'y many road owners who let you drive on
their roads without insurance.
Thirdly, WHO do you enforce it against? It's pretty difficult
(and illegal)
for $RANDOM_JOE (or $RANDOM_KID, etc) to just go out and drive
someone's car
without their explicit knowledge and permission. (Okay, so you
can hotwire a
car, but...) It's very easy for someone other than the computer
owner or ISP
contractholder to have access to it and abuse it and stuff.
I'm not sure I understand why you think this is so. My kids know that my
computer is off-limits to them just like they know my car is off-limits to
them. They are physically capable of obtaining access to either without my
permission.
So what do you
propose? Mandatory cardreaders on all computers? Fingerprint scanners
integrated into keyboards? How else can you avoid Mom logging online, and
then letting the unlicenced kids roam free online, allegedly to
do "research
for school"? Do you want to fine/jail/etc Mom if the kids
download a trojan
somewhere?
I would presume that a license would include the rights to allow others to
use your access under appropriate supervision or with appropriately
restrictive software.
Fourthly, as someone pointed out, the first generation always complains. I
hate to show how young I probably am compared to many on this list, but my
jurisdiction introduced graduated driver's licencing a few years before I
was old enough to get a driver's licence, and it angers me that the random
guy who's out on the road driving like a moron had to go through way less
bureaucracy, road tests, etc than me simply because he was born ten years
before me. That said, if no reforms are made to make this system stricter,
I'm sure the next generation won't see this system as an outrage simply
because they won't remember an era when the bureaucracy.
Currently, people can buy computers/Internet access/etc unregulated at the
random store down the street. You're proposing that some regulatory
authority require licencing... Why should these voters accept it?
Because their failure to cooperate will result in ostracism. That's how the
Internet has always worked.
Especially
since, unlike with cars, the damage done by poorly-operated computers is
rather hard to explain to a technologically-unskilled person. Most would
respond something like "well, it's not my fault some criminal wrote a
virus/exploit/whatever. Put that person in jail, and let me mind my own
business." Good luck educating them on the fallacies in that statement.
The point is, you don't have to. You just have to not let them on your
roads. If they think the things they have to do to get on your roads are
worth the value of those roads, they'll do them. If not, not. You don't care
why people comply with your rules. People don't get driver's licenses
because they think the piece of paper makes them a better driver, they do it
because that is what's required for them to get insurance and avoid tickets
and even jail.
Fact is, until home computer security issues result in a pile of bloody
bodies to show on CNN, no one in the general public and/or the legislative
branches of government has any incentive to care...
They don't have to. It's the road owners who decide who gets to drive on
their roads. All it would take is a certificate infrastructure and companies
issuing certificates to people who demonstrate competence. Then sites could
start restricting traffic to certificate holders immediately.
I think this is actually a bad idea. But none of the arguments you've made
are the reasons why. Once you pretty much had to be a mechanic to drive a
car.
DS
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
Behalf Of David Schwartz
Sent: April 19, 2004 12:57 PM
To: 'Dr. Jeffrey Race'
Cc: nanog@nanog.org
Subject: RE: Microsoft XP SP2 (was Re: Lazy network operators - NOT)> Firstly, who enforces it? The reason it "works" with cars
is that the
> state (or province for those of us north of the border) effectively
> says "you can't drive a car without this lovely piece of
paper/plastic
> that we'll give
> you" and "if we find you driving a car without the lovely piece of
> paper/plastic, you're going to be in serious trouble". Are
you proposing
> that each jurisdiction that currently licences drivers also
> licence Internet
> users and tell ISPs "sorry, but if they don't give their licence,
> you can't
> give them an account"?That's not a problem. The state licenses drivers but it
also owns the roads.
Yes... And the state doesn't own the Internet, and can't SEE the Internet
(or its component networks). How does it enforce who uses it?
> Secondly, HOW do you enforce it? Motor vehicles only
require a licence
> to be operated on public roads in all jurisdictions I'm aware of.
> IANAL, but if some 14 year old kid without a licence wants to drive
> around on his parents'
> private property, that is not illegal.So? If you want to mess around on your private network,
I don't care either.
And exactly how do you separate public and private networks, from the point
of view of law enforcement? In the driving world, public roads are easy
enough to enforce things on...
Besides, there are no [major] public networks, if by public, you mean
taxpayer-owned... If you mean publicly accessible, that's another story, of
course...
> Now, the instant that
> vehicle leaves
> the private property, it's another story (assuming, of course, cops
> around to check licences. In some jurisdictions, this is more true
> than in others).Exactly. You want to go on someone else's roads, you do
so only by their rules.
But my point is, they can SEE you. If I drive out on the roads of whatever
state/province/municipality/etc, their authorized agents (read: cops) can
SEE me and stop me. Try and do that with my IP packets. You try and track
the IP packet that you are getting from my machine to me as a human... Sure,
you can do it, if you have an army of lawyers in a bunch of jurisdictions,
but it's not like the cop who sees a moron driving badly and just pulls them
over, at which point they HAVE the moron in their hands... You can have my
packets going around into your network without having physical access to me,
but you CAN'T have my car driving around (unless I'm not driving it :P) in
your roads without me being in it.
So, how do you ask my packets for my computer licence?
> My point is, driving is ONLY regulated when it is done in
public view,
> for obvious reasons. Computer use is an inherently private
activity,
> so how do you propose to verify that the person using a
computer is in
> fact licenced? Mandatory webcams?So you can drive however you want on *my* driveway?
That's not public view, is it? If there only private roads,
I'll bet you that private road owners would have come up with
a licensing system quite similar to what we have today, for
liability reasons if nothing else. You might also notice that
you can't get liability insurance without a license even
though that insurance is issued privately, and there aren'y
many road owners who let you drive on their roads without insurance.
If I drive on YOUR driveway without a licence, assuming I can GET to your
driveway without driving on a public road (e.g. someone with a licence
drives me to your driveway), I'm guilty of tresspassing on your property,
but I don't think I'm guilty of driving without a licence.
And why would any insurer insure somebody without a licence? Sounds to me
like financial suicide, assuming driver licencing actually DOES keep morons
off roads...
> Thirdly, WHO do you enforce it against? It's pretty difficult (and
> illegal) for $RANDOM_JOE (or $RANDOM_KID, etc) to just go out and
> drive someone's car
> without their explicit knowledge and permission. (Okay, so you
> can hotwire a
> car, but...) It's very easy for someone other than the computer
> owner or ISP
> contractholder to have access to it and abuse it and stuff.I'm not sure I understand why you think this is so. My
kids know that my computer is off-limits to them just like
they know my car is off-limits to them. They are physically
capable of obtaining access to either without my permission.
You're an IT professional. This isn't about you. This is about the random
family with the "family computer" that everybody installs random crapware
onto in the kitchen or den. Does the same apply in that situation?
> So what do you
> propose? Mandatory cardreaders on all computers?
Fingerprint scanners
> integrated into keyboards? How else can you avoid Mom
logging online,
> and then letting the unlicenced kids roam free online,
allegedly to do
> "research for school"? Do you want to fine/jail/etc Mom if the kids
> download a trojan
> somewhere?I would presume that a license would include the rights
to allow others to use your access under appropriate
supervision or with appropriately restrictive software.
Again, without enforcement officers in your house, HOW do you propose to
enforce this?
Besides, last I checked, driver's licences don't give you the right to have
your kids drive without a licence if you're in the vehicle. The kids (at
least in the jurisdictions I know of, this may not apply to all 60+
jurisdictions in North America) first have to prove to the regulatory
authority that they know the rules of the road, and THEN they're allowed to
drive around with a parent. How do you propose to enforce a similar thing
for the kitchen computer?
> Fourthly, as someone pointed out, the first generation always
> complains. I hate to show how young I probably am compared
to many on
> this list, but my jurisdiction introduced graduated
driver's licencing
> a few years before I was old enough to get a driver's
licence, and it
> angers me that the random guy who's out on the road driving like a
> moron had to go through way less bureaucracy, road tests,
etc than me
> simply because he was born ten years before me. That said, if no
> reforms are made to make this system stricter, I'm sure the next
> generation won't see this system as an outrage simply because they
> won't remember an era when the bureaucracy. Currently,
people can buy
> computers/Internet access/etc unregulated at the random
store down the
> street. You're proposing that some regulatory authority require
> licencing... Why should these voters accept it?Because their failure to cooperate will result in
ostracism. That's how the Internet has always worked.
How do you get ostracised when you're the majority? The majority of people
think computers are glorified toasters. WE are the minority here, and if we
start giving too many lectures, WE get ostracized. You have any idea how
many people think I'm insane because I've told them HTML email is bad? In
YOUR world, they'd be ostracized for using HTML email. In the REAL world,
I'm the SOB out to spoil their fun by insisting on archaic modes of
communication.
> Especially
> since, unlike with cars, the damage done by poorly-operated
computers
> is rather hard to explain to a technologically-unskilled
person. Most
> would respond something like "well, it's not my fault some criminal
> wrote a virus/exploit/whatever. Put that person in jail, and let me
> mind my own business." Good luck educating them on the fallacies in
> that statement.The point is, you don't have to. You just have to not
let them on your roads. If they think the things they have to
do to get on your roads are worth the value of those roads,
they'll do them. If not, not. You don't care why people
comply with your rules. People don't get driver's licenses
because they think the piece of paper makes them a better
driver, they do it because that is what's required for them
to get insurance and avoid tickets and even jail.
See below.
> Fact is, until home computer security issues result in a pile of
> bloody bodies to show on CNN, no one in the general public
and/or the
> legislative branches of government has any incentive to care...They don't have to. It's the road owners who decide who
gets to drive on their roads. All it would take is a
certificate infrastructure and companies issuing certificates
to people who demonstrate competence. Then sites could start
restricting traffic to certificate holders immediately.
So you propose some form of access control? If someone's packets don't
identify themselves the way you want, you want your network to send them to
the great null0 in the sky?
So, you want to balkanize the Internet? If my network accepts packets signed
by licencing board A, and is licenced by A, and your network wants licencing
board Z and is licenced by D, then your network won't accept my packets and
mine won't accept yours. How does that leave anybody better off?
This is as silly as each town alongside a major regional highway saying "we
will only allow vehicles registered in our jurisdiction, or in jurisdictions
who pay us a tax to drive through our 2 mile stretch of road."
Seems to me like you'd be throwing a whole maternity ward full of babies out
with that bathwater...
Vivien
Well, there *are* technical solutions, but over the last few hundred years
we've managed to essentially stop Darwinian selection against idiots, and we as
a society seem to frown on the forced sterilization of same.
: On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
:
: > An uneducated
: >end user is not something you can fix with a service pack.
:
: A profound point, again highlighting the fact that there
: are no technical solutions to this problem. (Though
: technical measures to enhance traceability are a big help.)
:
: So, the logical inference is training and licensing to
: get internet access. When I was 16 in Connecticut many
: many years ago, we had to take a driver-training course
: (given by a policeman) to get a driver's license.
:
: I see no discussion about this approach, here or elsewhere.
Think globally. Even though this forum has NA as its heading, we need to
think globally when suggesting solutions. You'll never get any sort of
licensing globally nor will you EVER get end users (globally) educated
enough to stop doing the things that they do which allow these events to
continually occur.
scott
I would like to point out one little area of concern in this discussion for
me - that was the critical update for Win XP of March 28th, 2002 in it's
original output, not the amended one.
I don't know how many of your clients were affected by this but I had to
rush about in circles like a duck with a broken wing simply because some
users had altered their own settings, regardless of policy at each company,
so that they could apply updates for themselves. Consequently some XP (and I
believe W2K as well but I didn't see this on a W2K machine personally)
setups just went down in a heap and it took some time to fix them all.
So, while considering global solutions, if anyone were to seriously decide
all Windows machines will now be auto updated whether you like it or not, I
would definitely put a block on Windows web sites - as I had to do at that
time - so that no-one could get an update I didn't apply. Since that time,
any XP update gets tested on a machine that doesn't matter should it go down
prior to installation.
We are all so busy, here, looking at ways to solve a problem that is already
there. It should be stopped prior to it coming out and fixed at that point.
This means REAL beta testers, not whatever is going on in MS right now.
There should also be consequences. That implies a lot of people in I.T.
acting as one mind and enforcing something upon MS. That is where we will
always fail. Like the untended hard drive, we are too fragmented.
Greg.