Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com
You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. RE: The home user problem returns (Brian Loe)
2. RE: The home user problem returns (Eugene Kuznetsov)
3. Re: The home user problem returns (Paul D. Robertson)
4. Re: The home user problem returns (Paul D. Robertson)
--__--__--
Message: 1
From: "Brian Loe" <knobdy@stjoelive.com>
To: "'Mason Schmitt'" <mason@schmitt.ca>
Cc: <firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] The home user problem returns
Date: Tue, 13 Sep 2005 09:06:30 -0500
<this e-mail was filtered to the junk mail box by Outlook - go figure>
> As has been pointed out on this list many times and even in
> this thread, the average home user does not have the
> knowledge or resources to really be responsible for the
> actions of their computers or those using them for their own
> nefarious purposes. This is somewhat akin to the young
> offenders act. You as an adult however, have full knowledge
> of what you do and say and so should definitely be held
> responsible for your own actions. That's the theory anyway.
> Given that people can spill coffee on their lap and then
> successfully sue McDonalds gives me pause... Many people
> seem to think that nothing is their responsibility. :P
Exactly. You may have never seen, used or owned a gun in your life, but you
are probably able to go buy one. Once you do buy one, how it is handled and
what you do with it is YOUR responsibility. The training is widely available
to you, it is YOUR responsibility to get that training. YOU are accountable
for what YOU do with that gun.
Same as your computer.
>
> > The
> > spam, the viruses...you can't prevent me, your customer,
> from being stupid.
>
> Can't stop you from being stupid, but I can certainly do
> something from stopping your stupidity from harming others.
That's where you messed up in your argument in the last e-mail. I'm not
talking about your customers SENDING spam, I'm talking about them RECEIVING
it. Their stupidity, as I'm referring to it, has nothing to do with them
harming others but themselves being harmed.
>
> > Trying to do so only ruins the service for all of us. Now
> MY bandwidth
> > is getting eaten by your good intentions just because my neighbor
> > can't keep his teenager off the porn sites.
> >
>
> Actually, if the ISP is really being fair about it, your
> performance overall may actually be improved. Seriously.
>
> Bandwidth management is becoming a very important part of
> running an ISP. If an ISP wants to provide customers with a
> connection that "feels" fast, they have to get involved -
> caching, rate limiting, filtering, bit caps. If ISPs did
> nothing to manage bandwidth, you wouldn't be as happy with the result.
Of course I wouldn't - they can't provide me the bandwidth they're selling,
not if they had to provide that same bandwidth to all of their customers.
When I started my POP in Warrensburg, MO in 1995 I had a 56k line to my
provider and 10 28.8 customer modems. Think they all had 28.8 bandwidth?!
>
> > PLEASE explain to me how my P2P app is going to affect you
> - my ISP -
> > or my neighbor?
>
> I'm not overly worried about your p2p app anymore and your
> neighbor doesn't have to worry too much about it either.
Now I AM confused!
--__--__--
Message: 2
From: "Eugene Kuznetsov" <eugene@datapower.com>
To: "'Paul Melson'" <pmelson@gmail.com>,
"'Mason Schmitt'" <mason@schmitt.ca>,
"'Marcus J. Ranum'" <mjr@ranum.com>
Cc: <firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] The home user problem returns
Date: Tue, 13 Sep 2005 10:39:56 -0400
> > YES!!! And the fact that there are groups that are working hard at
> maintaining that
> > anonymity bothers me. I know that there's always the
> concern about Big
> Brother, or
> > worse and far more plausible, abuse of any large scale
> trust/authentication systems
> > that get setup in the future.
>
> ?! <Paul makes Scooby Doo noise> ?!
>
> I fear that you and Marcus have mistaken privacy for anonymity. Just
> because something isn't transparent end-to-end, doesn't mean
> it's anonymous.
Yahoo ordered to share reporter's e-mail
SEP. 10 7:20 A.M. ET Yahoo had to comply with a demand by Chinese
authorities to provide information about a personal e-mail of a journalist
who was later convicted under state secrecy laws and sentenced to 10 years
in prison, the company's co-founder Jerry Yang said Saturday
http://www.businessweek.com/ap/financialnews/D8CHC32G0.htm
--__--__--
Message: 3
Date: Tue, 13 Sep 2005 10:41:29 -0400 (EDT)
From: "Paul D. Robertson" <paul@compuwar.net>
To: "Marcus J. Ranum" <mjr@ranum.com>
Cc: Mason Schmitt <mason@schmitt.ca>, Kevin <kkadow@gmail.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: Re: [fw-wiz] The home user problem returns
On Thu, 8 Sep 2005, Marcus J. Ranum wrote:
> >User education
> >----------------
> >User education still needs to happen
>
> Pointless. If educating users was going to work, it would have worked
> by now. If Anna Kournikova worm and phishing hadn't gotten people
Educating users to fix the problem doesn't work. Educating users there
*is* a problem seems to work, just not en-mass.
Part of the prolem is that end-users are *used* to malware. When the
computer gets too slow, they call "that person who understands this" to
come clean off the computer and it's ok for another 2 months. Partially,
Microsoft is to blame for taking the reliability out of computer
software- the levee isn't designed for a big storm, and partially malware
that doesn't kill its host has made these all tropical storms. (Hey,
someone had to do the Digital Katrina thing, I've saved everyone else
the trouble.)
Anna K. and phishing work(ed) because of the social aspects of their
delivery- we're still trying to fight a technical battle against a social
problem. We have to take this to the social trenches at some point, or
we'll be overrrun.
It's almost tempting to just migrate over to IPv6 space and start again,
with small gated communities- even if it's just so we get a 5 year break
between storms.
> (* source: P-nut)
Tell him if rants like that didn't work in the past, there's no way
they'll work now... No, don't tell him- because all we can do is all we
can do. Even if it's not enough, it's still a good fight.
Computer security: Fighting the digital Alamo from inside the fort. We
know how it's gonna end.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
--__--__--
Message: 4
Date: Tue, 13 Sep 2005 10:47:48 -0400 (EDT)
From: "Paul D. Robertson" <paul@compuwar.net>
To: Chris Blask <chris@blask.org>
Cc: Mason Schmitt <mason@schmitt.ca>,
"Marcus J. Ranum" <mjr@ranum.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: Re: [fw-wiz] The home user problem returns
On Mon, 12 Sep 2005, Chris Blask wrote:
> The problem is that, without any sort of identity (and there is
> exactly 0.0000% of net traffic using anything worth calling
> identity), it is impossible to treat Identified traffic and Anonymous
> traffic differently, as they logically deserve.
Two words: Identity Fraud.
> Decentralized, distributed responsibility. If I own an auth server
> then I am responsible for the activities of those who use it. If I
You're willing to be responsible for your user's behavior? After they're
Trojaned?
Just like the encryption boundary problem that is the reason SSL is
severely broken as a concept, the use of identity can't be done in a
system that's not closed, and we don't have the methods, technologies or
wherewithall to close the software, transport and physical endpoints
everywhere.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
--__--__--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest
No comments:
Post a Comment