Slashdot Mirror

← Back to Stories (view on slashdot.org)

License to Surf, Take Two

Posted by michael on from the do-you-know-how-fast-you-were-going,-sir? dept.

NaugaHunter writes "A story on Yahoo asks Should [a] License Be Required to Go Online? It appears to be suggested by Bruce Schneier, chief technology officer for Counterpane Internet Security Inc. 'It could be a four-year college degree, a one-month course. It might be a good idea.' The story also details efforts of some schools from simple orientation to threats of fines for spreading viruses, and questions exactly who would be responsible for keeping track of who is and isn't licensed." Not a new idea, but one that's going to keep coming up. Update: 09/13 18:11 GMT by M : Bruce Schneier notes that he isn't in favor of computer licenses.

6 of 503 comments (clear)

  1. Well, you have to have a license... by BattyMan · · Score: 3, Interesting

    To drive a car
    to fly an airplane
    to use any radio transmitter beyond minimal power walkie-talkies, cellphones or 802.11.

    All these things are done to help enhance the safety of everyone using the medium.

    The signal to noise ratio of the Internet (maybe I oughta make that noise to signal) is typical of things which are totally out of control...

    --
    Exceeding the recommended torque is not recommended.
  2. No respect at all for Schneier, now. by HBI · · Score: 4, Interesting

    For pete's sake, this has to be the most elitist article I have seen recently. Because Mr. Schneier knows what to do to keep his computer uninfected, let's blame the users and force them to be certified to be online.

    Idiot.

    How about blaming the actual target, the operating systems and flawed web standards that allow this. Look at certification authorities, browser, and OS vendors. I saw one of those hidden install ActiveX objects recently that has a Thawte signature. Why? Well, that CA's root cert is preloaded in IE so therefore, the signed ActiveX will install without any user intervention with default security settings.

    What is wrong with this picture?

    1. Why is Thawte issuing a certificate/signing code to/from a shady vendor like this?
    2. Why does Microsoft let anyone with a signed ActiveX object install the thing without question, by default?
    3. Why does the functionality to do so over the web exist in the first place? We know that scripting/file upload from untrusted Internet sources is the #1 security problem with end user systems. So why?

    The problem was flawed assumptions at the outset. Microsoft assumed the Internet environment would remain benign, as it was in the early days of commercialization. Therefore, security was not a consideration. This has proven utterly false. The CAs figured they were in the business of printing up certificates for money. Check on the reliability of a vendor? Why, that would cost too much...so what are certificates and signing really worth? Not a whole hell of a lot. Yet we tell people to trust their money and credit card numbers to this intrinsically flawed system of 'trust'.

    We, in IT in general, really need to reconsider all these flawed assumptions we have made and the bill of goods that has been sold to the general public. I have been doing end user support for 15 years now and I would be all too willing to blame this on the user. In this case we cannot. In the end, we have to realize it is not their fault. It is ours. We assumed things would stay the way they were, and they haven't.

    Now let's fix it...invalidating the entire CA model and delegating that function to the government would probably be a good start. Have all certificates emanate from a government source or be considered invalid. That might actually work.

    While we are at it, let's get the government involved in regulating operating system software in a formal fashion. Sure, I like the private sector and all, but it hasn't worked, has it? We have this huge security mess. Perhaps a greater degree of regulation is required to get us out of this mire, because market forces aren't going to fix the fact that Microsoft's operating system is woefully inadequate for today's Internet and most probably cannot be fixed while preserving backward compatibility for a meaningful number of applications.

    The last two paragraphs were just ideas off the top of my head. I'm sure others could be arrived at, and better.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  3. ... And shoot those who leave open relays/proxies by Charles+Dodgeson · · Score: 3, Interesting
    I would like to see a highly publicized case of holding some home broadband user responsible for the fact that their machine was hijacked to send spam or participate in some DDoS.

    I've talked to too many people who've said, "I don't need to bother securing my home system because I've got nothing anyone would want." I've answered, "They want to use your machine to attack me." But the message doesn't sink in.

    While these end users are being provided with crap systems, there is a market out there. If their choice of bad systems gets them severly spanked, they will start making demands of their providers.

    All it would take would be a couple of high profile cases.

    --
    Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
  4. Re:While we're at it... by Enigma+Deadsouls · · Score: 3, Interesting

    What about some kind of regulation (whether through the government or the telco) as to what kind of e-mail client would reside on the clients computer?

    That would be a stupid idea. First there is the problem of people who use different os.. so this would mean if I chose to use an os thats not supported by the client I am screwed and can't send/receive emails? Then comes the problem of how trustworthy the government/telcos are. Remember carnivore? Wouldn't the government just love it if they could just make all email clents automatically send them email. Then what about encryption? Would options like PGP not be able to work? Maybe they would let PGP work however it would send the government the email pre-encrypted.. or better yet the government will give you the option of encryption in the client.. however an encryption with a known backdoor so the government can read it.

    I'm sorry.. I just don't like the idea of a government/telco regulated/issued email client.

    What about e-mails originating from overseas? Those wouldn't be taxed and therefore wouldn't really put much of a damper on spam coming from across the ocean.

    Well then how would a government/telco regulated/issued client fix this problem? What gives the right to a government/telco to tell other countries what email client they must use? What if these countries don't comply? Does this mean all email from the countries would be blocked? That would really be pain in the ass for people who conduct international business.

    The internet is a place of freedom... freedom to use whatever os/browser/email client/other I wish... lets keep it that way.

  5. Give me a break by Dr.+Transparent · · Score: 3, Interesting
    This is one of the stupidest ideas I've ever heard. Do you really think that a stupid course is going to do anything towards limiting the amount of times users screw up? Half the time people screw up (or more) is because people are lazy. It won't matter if you make someone take a stupid course. They still have to actually do something to prevent problems.

    Furthermore, the idea that a license will solve a problem is just plain idiotic. To suggest that "licensing" people prevent problems is a complete lie. While the author says "motorists must obtain licenses to drive", it is noteworthy that nearly 100% of all accidents occur by licensed drivers. Licensing would just be a new way for someone to tax me and a new excuse for people's own laziness.

    If you want to solve these kinds of problems, build better software and prosecute dumb-ass virus writers and script kiddies like the little punk-ass bastards they are.

    If you enter my house uninvited and threaten me I can shoot your ass dead. Why shouldn't it be the same way when someone breaks into my computer. Prosecute script kiddies.

  6. Re:All I can say is WOW. by Casshan-Robot+Hunter · · Score: 3, Interesting

    Actually, it is NOT public infrastructure. The major backbones of the internet are privately owned and the companies that own them (such as AT&T) allow their free use. They make so much off just having this infrastructure for their own use that they can afford this.

    Also, let us consider the fact that the US does NOT exclusively own the internet (or WWW) anymore. World-wide, remember? I think it is time that the US government stopped trying to regulate areas they have no business in. They have no right to tell us what we can say in conversation, in a letter, or in a phone call. The same should apply to the internet.

    --
    Why oh why didn't I take the purple pill?