Slashdot Mirror
License to Surf, Take Two
NaugaHunter writes "A story on Yahoo asks
Should [a] License Be Required to Go Online? It appears to be suggested by Bruce Schneier, chief technology officer for Counterpane Internet Security Inc. 'It could be a four-year college degree, a one-month course. It might be a good idea.' The story also details efforts of some schools from simple orientation to threats of fines for spreading viruses, and questions exactly who would be responsible for keeping track of who is and isn't licensed." Not a new idea, but one that's going to keep coming up. Update: 09/13 18:11 GMT by M : Bruce Schneier notes that he isn't in favor of computer licenses.
That is a bit too much control on our rights, in my opinion. I would think that if that can happen for the Internet, then it could also happen for TV, telephone, and any other type of communication device.
Though education is important, it is the software vendors who are really to blame for a lot of the problems... (i.e. RPC holes, etc) A lot of the propagation of viruses and worms is a result of software accessing flaws in the software, without user intervention.
Apple 10 GB iPod
flamebait.
2 1337 4 u!
First off this whole virus issue is just starting to get really bad. A few years ago it wasn't necisarry for the average user to be so vigiant. As it become necisarry, whose to say that they won't learn by collective experiance. And if you are going require licenses from anyone, lets start with the people writting poor software that is allowing the net to degrade the way it is? (and again whose to say that they won't improve on their own now that it is becoming more necisarry to do so).
But here's my real question. Why post such flaimbait? This article is just some nobody giving his foolish opinion in a non-influential news site. If this was on CNN, then i could kind of see posting it. It this written by a big name in IT, I could see posting it. If there was ANY chance that this guy would be taken seriously, i might understand posting it. But there is none. This article is pure flaimbait, and Bruce Schneier is a Nazi.
In essence, we are blaming users for things that aren't their fault.
The article talks about the need to install anti-virus software, and keep up on patches, and to read the fine print in click-through licenses to prevent spyware from being installed. All of these things need to be done to operate a computer safely, true.
But why the hell are they required? We are giving users HORRIBLE software that is prone to constant infection. Some companies are taking advantage of click-through licensing to hijack people's computers. And we're blaming USERS for not doing the right things?
That would be like making cars that exploded if you ran them at exactly 62mph for more than 12 continuous minutes, with brake systems on the outside of the car where anyone could walk by, flip a switch, and disable them, as well as aftermarket accessories that forced cars to drive on particular roads at particular times.... and blaming the drivers when cars blow up, can't brake, or cause traffic jams on certain roads.
People mostly just want to do email and read the web. We should be providing them software that does this with absolute security.
We are blaming users for faulty software.
Should License Be Required to Go Online?
No, but perhaps grammar skills should be required to work for the Associated Press...
Seriously, this is a terrible idea. This would open up chicken-and-egg problems across the whole range of learning endeavor computers and the internet offers.
The analogy of needing a license to drive a car is used repeatedly in the article, but I think that's not quite the right analogy; maybe requiring you to know how to rebuild an engine before you ever drive would be more accurate. One of the expectations mentioned is that you must know how to set up a firewall; is this really realistic to require before any unsupervised on-line time?
The internet is growing because it's accessible, reasonably. If I needed a license to buy a book, I might never have started reading--and a book is a more accurate analogy than a car.
Put the responsibility for viruses where it belongs, on the network admins and software vendors, not the newbies. Everybody's got to start somewhere.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
In fact, this is not only impossible, but unrealistic and rather terrible. Why? Because there will be absolutely no practical way to enforce, encourage, or even suggest uniform "rules" (whatever they might be) in every country around the world.
The article plainly says that we are continually exposed to junk mail, viruses, etc., and this would help to eliminate such things, but one of the reasons that such nuisances exist is because there is no single governing body over the internet. As much as I'd like to see this idea take off and clean things up, I think it will never, ever fly.
We license people to drive, but traffic cops and state troopers don't seem to have much trouble holding on to their jobs...
End of lesson. You may press the button.
I think someone should have to take a course in the Constitution before making stupid fucking statements that would limit people's rights.
-- Will program for bandwidth
Perhaps we should require a license for AP writers. Or Windows programmers.
Driver's test!? What about having children?
If I need a four year degree to surf the web, what will I need to procreate? A Nobel prize?
So if everyone gets infected, does everyone get fined? I think it's ridiculous to get fined at all, let alone getting fined for deficiencies in software /you/ didn't write.
Just had to get that off my chest. :)
The point I think our OP is trying to get at here is that people have been talking about forcing licensing for all manner of things, from Internet licensing to licensing for having a baby.
The solution isn't licensing, it's education. Education isn't something that is achieved through licensing, it's learned through a concerted effort to make people aware of the problems. Licensing only achieves getting people aware of knowing the answers to a test.
Be gentile in your responses, I read what he said, and he's just sort of hypothesizing, he's not really advocating.
I agree... the current mail protocol would have to be replaced...
But, I dont think thats such a bad idea... lots of things need fixing anyways...
This is so ridiculus I can't imagine anyone ever thought of it. Not only would it be a content management nightmare, but you've got to realize... The internet isn't just in the U.S. of A! It's also part of the whole rest of the world! What about the people who live in south africa, who want to access the internet? Will they be forbidden to because they don't have a "Four-year college degree"?
International implications aside, what would happen if someone were able to hack into the database being managed? Millions of internet user's information would be compromised.
Even if you consider mandatory computer education, how much time would have to be spent? The computer users who are the people who would need the education, for the most part have real lives. They do not have the time to think and learn about something which is incredibly new and would probably take quite a long time for many people to learn. The fact is, the operating system that is most common, Microsoft Windows, does not assume that the user is an idiot. By default, it gives them complete, unfettered access to the entire system. This makes it MUCH easier for viruses to take over control of system processes (Read: trojans), and allowing viruses to have such a widespread affect with VBS. Now, other operating systems would probably have similar issues if they were the most used. There's no denying that. However, Microsoft in general has the attitutde that they should not be responsible for their users. What they have already done is in the past. There isn't much we can do about it, since the effects will be with us for some time. However, the one real step they could take is to make a "Dummy User" mode. This means, that any script being executed, any system level process that is instantiated, would have an attention-grabbing window that the user COULD NOT simply click away from, that would detail what is going on, and if the user really wants to do this. If measures like this had been taken, we would have avoided much of the problems we have today, especially with email viruses. I'm not a professional engineer, so I don't know many details, but I feel that this fact should be obvious: There are people who do not want to learn about computers. These people need a user mode that assumes this, and will walk them through their experience of computer usage.
Of course we're blaming the users. The users choose to purchase PCs running Windows.
When people choose to buy Pop-Tarts, microwave them, and then eat them, we feel they have nobody to blame but themselves for the burns. Yet somehow when they buy Windows, ignore the safety directions that tell them to keep up to date with software updates, and hose the Internet, everyone seems reluctant to blame the idiots.
Windows is not necessary. I've never purchased any Microsoft software, and I'm doing just fine. In my view, anyone who decides to spend money on a PC running Windows deserves what they get. It's not like it's some big secret that Windows is full of bugs, hard to use and unreliable--just read any PC magazine, or look at the shelves full of books like "1001 Windows Annoyances" and "How To Get Out Of DLL Hell".
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
The user is never at fault for poor software, especially closed source crap the user can't fix if they could or wanted to fix.
Virus checkers, email restrictions, firewalls and all that are in vain when faced with the reality of closed source distribution. I work for a small computer shop. The only software we can put on all the broken computers that come in for repair is the user's original software and any updates M$ lets you. The vast majority of computers out there run EOL'd systems like 95 and 95. Customers lack the skills needed to diagnose the problems or do the best fix, a wipe and reload. It cost them about $75 if they have all of their software, and they are loath to pay for the time it takes to load up all the patches and updates that won't protect them from next week's worm. I can't blame them for feeling that way. Nor can I blame them for wanting to email their friends. Those that have lost their software generally end up throwing their machine away or go find some nasty cracked copy of M$ shit because they don't want to spen the $109 and equpment purchase needed for an OEM copy of Windoze. The net result is the same in every case, boxes that are just as easy to bust as the day they were made. But, so what? Even the dilligent are getting burnt.
I have recomended Mozilla for people who absolutly must have M$. My little brother told me that an XP update broke Mozilla and made it terribly slow, but Netscape still works. Woot.
I'd recomend Debian or Red Hat and sell CDs for the same price as a driver disk, but my boss is worried about support. I'm not sure what kind of "support" could be worse than the mess most Windoze users now find themselves in. Still, he's the boss. The day, however, I can make money doing it, he's going to like it. I'm starting to think that the store's usual $4 per CD burnt and the 30 minutes it takes to install a dual boot of any linux system might be cheaper fixing Windoze. Blinding the windoze side to the network makes it last longer so that it can do the things it does well for the user.
I'm starting to see the path of least resistance here. Demo the system with Knoppix to prove hardware use. Blind Windoze, dual boot and set them loose. Actually doing something beats the hell out of bitching and moaning. It can work.
Friends don't help friends install M$ junk.
Yeah, and if someone steals your car and kills somebody with it, you're going in the slammer!
Sorry i just don't buy that. Most network admins have stupid rules like not letting anyone run a packet sniffer. This is not the way to secure a network or protect your users, people! Making lockpicks illegal doesn't make locks safe. Admins should be pushing people to use encrypted protocols, and should make encrypted protocols available for services they administer. You should just have bandwidth caps, and if somebody's virus infected Winblows machine maxes it out for them, well then they're screwed till next month. That will teach them better than anything. Network admins should walk softly and carry really big sticks.
Why is the automatic knee-jerk reaction of some people to start placing restrictions and bureaucracy on things? Let's look at licensing for a sec:
- The internet is based on the free exchange of ideas between everyone - even those that I proclaim idiots. Many of these people have differing views on how things should be set up, what hardward/software to use, etc. Someone has to administer this license, and this just begs for abuse of power.
- Many of the affected in the latest virus round were technical corporations. These are big places filled with lots of really smart (or at least well-educated, which is not synonymous) people. One of my fellow engineers got nailed by Slammer, because he forgot to patch one of our systems that sits in a corner (and somehow the damn thing got through/around the firewall). These people would easily get internet licenses, but they still forget about machines or otherwise screw up.
- This is a bureaucratic solution (more paperwork, etc.) to a problem that either a) is purely technical in nature (buggy software) or b) isn't a problem but rather just the way things are. The last thing we need is more paper-pushers pushing paper rather than actual people solving the actual issues.
So, by your logic, if a woman gets gang raped and beaten to death, its her fault because she should've worn her burka and not gone out of the house unaccompanied by a male relative. Red-blooded, honest men cannot control themselves from the intoxicating effects of nearby females, and she should've known that!
Yeah, right.
They're not getting fined for deficiencies in software. They're getting fined for irresponsible behavior. What's wrong with that?
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
Idiot.
Indeed.
How to read the article:
(1) Click the link.
(2) Read.
(3) Scroll down when necessary.
Following this simple procedure, you will find the entirety of Schneier's wry little quote, which I will copy and paste here (instructions on that omitted) for your benefit:For those of you following along at home, I'd say that with "everybody you know won't be able to have a computer anymore", he is suggesting he doesn't actually think it's such a good idea.
You're right though -- software does suck, and we shouldn't blame the users for what is mostly the fault of the software industry itself.
If I go outside with a cold and you happen to get sick a week later, are you going to come to my house and fine me?
and truly I dont think its a stupid idea
I do, it's an incredibly stupid idea.
I pay several thousand dollars a year to have a small handful of computers colocated so I can run email/web, etc efficiently. *I* paid for the computers, *I* pay for the bandwidth, and *I* pay for the storage. My users in turn, pay me for access to those systems.
Essentially, I own and operate the equivalent of a local post office. Who the hell has the right to tell me I've got to pay the government (or anyone else) to send email?
The Internet is not a public service to be taxed. It is almost entirely privately owned, with a standing "gentlemans agreement" between the owners that each will allow traffic to and from each others' property.
So unless you've got some bright idea for distributing that tax money to the folks like me who actually own and operate the equipment, you can take your email tax idea and put it someplace moist and dark.
The manufacture of cars, airplanes and radio transmitters are also regulated by massive standards bodies and testing, far more strenuous than any training imposed on users. Doesn't it make more sense to start there if we're really concerned about enhancing "the safety of everyone using the medium"?
What makes more sense to me (and what they do at the university I attend) is to not fine those who get viruses, but rather to require that they have all service packs installed and a virus scanner (they can download one for free from ITS if necessary) before they can access the internet, and then if they still manage to get a virus just cut off their internet access until they're clean again. Makes sense to me, at least.
So far, no proponant of taxed e-mail has been able to give me an answer to those questions short of "you shouldn't be allowed to have a server - no civilian should", which I can't agree with for numerous reasons. Don't get me wrong, the tax idea has merits. I just think it's a pipe dream without some government authority getting draconian and ruining a lot of what makes the internet such an open ended learning experience.
US Democracy:The best person for the job (among These pre-selected choices...)
Your problem is that you will still suffer from the next Melissa/CodeRed/Blaster/whatever outbreak, because when the pipes are saturated, they are saturated and your encrypted tunnels go down.
If all the windows viruses would only affect windows systems, I couldn't care less. It's that they affect us all that bothers me.
Assorted stuff I do sometimes: Lemuria.org
If they're going to start requiring licenses for stupid things then how about a license to breed?? Less stupid people would mean we wouldn't need licenses to surf.
my karma will be here long after I'm gone
Come on, noone is going to verify such a licence. If anything, one person in the household will pass and the rest ignore it. Teaching basic computer safety should be part of the general education, as almost everybody that grows up today will be or come in contact with computers.
.exe on irc, and asks you to "test" it, would you run it? Trust me, many would.
Anti-virus - the importance of running one, but also some common sense. Like, if someone sends you an
Automatic patching - seriously, I run an up2date cron job on my Linux box. What's the big fuzz over Microsoft's automatic updates? Your average desktop doesn't have a testbed anyway, so might as well patch when it's available.
Firewall - With anything and everything connecting to the net these days, it's growing less and less useful for Joe Average because there's so many programs, they don't know which are good and which are bad anyway. Not to mention some of the biggest virus sources are web and email (read: Outlook and IE), which are allowed through anyway.
Kjella
Live today, because you never know what tomorrow brings
As I read through the SlashDot comments, it becomes clear to me that some people don't understand how newspaper interviews work.
Generally they're conducted by telephone. The reporter calls with a story idea. He's looking for information, background, quotes, etc. He asks a bunch of questions and has a conversation with the interviewee. In this case, the AP reporter was writing a story on licensing computer users, and he wanted to know what I thought about it. I spoke with the reporter for about ten minutes about this idea.
The reporter eventually hangs up. He talks to other people. Then, he writes the story. His job is to string together the facts and quotes into an interesting and entertaining news article.
I never get to see what quote he uses. I never get to approve the context. I never see the story before it appears in print.
People are misquoted all the time. Be careful about judging someone by a single quote they say in print, especially if it's something you wouldn't expect them to say. I'm always aware of the high error rate in news stories, but not everyone is.
Bruce
You make some Interesting points but I do question one of your major ones.
You seem to indicate that the biggest problem your customers have is the time, knowledge and effort it takes to load patches for Windows and the solution to end this would be to provide them with Debian or Redhat on their computers. If you can't get people to install updates for Windows how are you going to get them to load updates for Linux, OS X, BSD, Amiga, BeOS or whatever the next hot OS is.
Neither Debian or Red Hat are going to be set and forget installs. At some point a home computer user is going to have to load updates for thier OS of choice, if the want to help insure the continued security of their computing enviroment. I think you are setting a bad example by implying to your customers and boss, that by loading Linux they will be forever free of having to load updates or be concerned about security of their computer. Things like that are going to get people burned by the next exploit script for Red Hat or Debian that they are not patched against.
I don't want to take away from the good points of your post. I think you point about Blinding Windows from the Network is an interesting one.
I can't say that I share you're level of rage against Microsoft I do agree that there is a problem with the closed source method of software distribution but I don't think that there is a OS today that is the single solution to all of these security problems. At some point there needs to be a balance between better products both open and closed source and better process and computing habits on the part of all computers users, not just the "stupid" ones. The latter is needs to invlove educating people with the best way to keep their computers up to date with patches, good password practices, good firewall setups, and smart email practices to help protect against spam and other email born threats.
Think very, very hard about it.
I'll wait.
. . .
Did you get it yet? Isn't installing programs without user intervention the PROBLEM? What happens when a cracker compromises a machine in a position to play Man In The Middle? and some of the 'software fixes' you get are actually worms?
I'm sure that part of the scheme will include installing the pubkey of MS' software update authority, and code that refuses to install a patch not signed by the corresponding privkey. But I am confident that someone will eventually find a loophole in the implementation and be able to impersonate MS to the computers.
And in the meantime, in the guise of fighting viruses, MS gets to absolutely control all software on your computer.
Did you know that Open Office, Mozilla, and the GIMP are viruses? (Remember that MS is already on record as describing certain license terms as 'viral'.)
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
Why do you think Linux doesn't have these security holes?
You're an idiot if you don't believe Linux has these security holes. It does, just try reading the changelogs of the kernel, of apache, of ssh, of most of the apps you use. They're there. The simple fact is that Linux isn't as wide-spread as Windows, so when there's a hole in Windows, it's exploited on millions of boxes. When one is found in Linux, it affects a very small number, so no one cares. Once Linux becomes widespread, you'll start to see the same kinds of issues, because there will always be hackers. It will also be a lot worse, because Windows is easy to patch, and it still isn't done...Linux, OTOH hand will always be beyond the capabilities of my grandmother. At least with Windows Update, she can keep her computer moderately safe.
As for buggy code, fuck, dude...the one that was responsible for blaster affected W2K, which is just under four years old. I, for one, am not about to wait for four years of testing to ensure EVERY fucking bug is found. Linux is also not immune to bugs, there are plenty to be found if you just open your eyes. And, don't give me the stale rhetoric of "well, if one is found, it's patched within 24 hours", that might be true, but the patch for blaster was released a full month before the problem.
Nope, I fear the day that Linux becomes the dominant OS. Things will only be much, much worse. Especially with dumb-ass pricks like you who a) don't help people fix their machines, you just whine about "well, it's your own fault, grandma, you use windows!" and b) are ignorant of the flaws in this system you love so much. It makes you immeasurably more ignorant and naive then they are!
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Having everyone running the same version of "secure Linux" with "the perfect web browser" and "the perfect e-mail client" isn't the answer to viruses and worms. A homogonous computing landscape like that might eliminate nearly all viruses and worms. BUT if a hole was found, the virus that exploits it would spread like wildfire. Users would be less careful because they think they can be, and with everyone running the same thing, everyone would have the same vulnerability.
That's why we need diversity on the Internet. We need a lot more diversity than we have now. As long as the unwashed masses are running Windows with Outlook, MS will have to have 100% security in their products. Anything less is asking for the problems we have now. And so far MS is nowhere near 100% in that regard.
That is why we need Linux.. and BSD and OS/X. That's why we need competition. That's why we need multiple Linux distributors who ship with different compiler settings that they think are "best." That's why we need to have choices of web browsers and e-mail clients.
That is why CHIOCE is a good thing when it comes to operating systems and software. Real choice breeds diversity. Believe me, if there were real choices, people would NOT all make the same one. (Real choice does NOT mean having only one OS ship on all PCs with only a single mail client pre-installed and a single web client pre-installed!)
Having choices that work together are why open formats and open standards should be in the headlines (not the crap like this article on user licenses.)
If file formats and network protocols were required to be open, it would eliminate many of the problems we face. Over the past 20 years, incompatibility between formats or protocols has been the #1 thing that I've seen cause people to change their OS. It has also been the #1 cause that I've seen for a change in the software they used.
How many companies are running MS-Office because they "need to be compatible" with customers or corporate? How many switched from WordPerfect for that very reason? How many articles have you seen that review OpenOffice and the #1 complaint (sometimes the only complaint) is incomplete or inconsistent ability to open/save MS-Office files? How many perfectly good software products have vanished because they weren't compatible with propietary products?
If file formats and network protocols were open, then Microsoft would have the chance to do what they are always claiming they want. They'd have the level playing field they always tell the press they want. The level playing field they claim open source advocates try to deny them by trying to pass laws requiring "considering" open source software in government.
In the real world, biodiversity keeps the first fatal disease from coming along and wiping out the entire population. On the Internet software-diversity would do the same thing with viruses and worms. Sure, a virus might still do damage to a section of the population, but it wouldn't have nearly the impact that one does now.
So, software-diversity is critical to the future of the Internet and open formats and standards are needed for it to exist. Maybe it's time for everybody to start demanding these things from their software. And maybe it's time for legislation to demand that software companies open formats and protocols enough to be interoperable... at least if their product has a significant market share.
There used to be a minimum amount of computer knowledge that was required to get online. It's once the bankers and marketers invaded online space, and tried to make it available to the unwashed consumer masses, that we started having all these issues. Returning the internet to the geeks, who were largely self-policing, would do away with the vast majority of problems.
Doing away with DNS would cure most of the issues, I think. How about having to remember the IP address for every site that you visit? If that's not enough, require three lines of CLI input before going anywhere. That'll stop the issues cold.
I'm only half-kidding, actually. These assholes that broke our internet want to certify us to get back onto it? Maybe they should just be dis-invited.
--
$tar -xvf