Slashdot Mirror
License to Surf, Take Two
NaugaHunter writes "A story on Yahoo asks
Should [a] License Be Required to Go Online? It appears to be suggested by Bruce Schneier, chief technology officer for Counterpane Internet Security Inc. 'It could be a four-year college degree, a one-month course. It might be a good idea.' The story also details efforts of some schools from simple orientation to threats of fines for spreading viruses, and questions exactly who would be responsible for keeping track of who is and isn't licensed." Not a new idea, but one that's going to keep coming up. Update: 09/13 18:11 GMT by M : Bruce Schneier notes that he isn't in favor of computer licenses.
That is a bit too much control on our rights, in my opinion. I would think that if that can happen for the Internet, then it could also happen for TV, telephone, and any other type of communication device.
Though education is important, it is the software vendors who are really to blame for a lot of the problems... (i.e. RPC holes, etc) A lot of the propagation of viruses and worms is a result of software accessing flaws in the software, without user intervention.
Apple 10 GB iPod
First off this whole virus issue is just starting to get really bad. A few years ago it wasn't necisarry for the average user to be so vigiant. As it become necisarry, whose to say that they won't learn by collective experiance. And if you are going require licenses from anyone, lets start with the people writting poor software that is allowing the net to degrade the way it is? (and again whose to say that they won't improve on their own now that it is becoming more necisarry to do so).
But here's my real question. Why post such flaimbait? This article is just some nobody giving his foolish opinion in a non-influential news site. If this was on CNN, then i could kind of see posting it. It this written by a big name in IT, I could see posting it. If there was ANY chance that this guy would be taken seriously, i might understand posting it. But there is none. This article is pure flaimbait, and Bruce Schneier is a Nazi.
I help administer an apartment/dorm-ish complex at a university. Basically the approach we're taking is letting people know what's expected: virus checker, etc. If an incident occurs and we find the person wasn't taking adequate precautions, they get fined.
I don't think you can require people to do stuff like take classes, but if they're neglegent, they should be held responsible.
"Let your heart soar as high as it will. Refuse to be average." - A. W. Tozer
In essence, we are blaming users for things that aren't their fault.
The article talks about the need to install anti-virus software, and keep up on patches, and to read the fine print in click-through licenses to prevent spyware from being installed. All of these things need to be done to operate a computer safely, true.
But why the hell are they required? We are giving users HORRIBLE software that is prone to constant infection. Some companies are taking advantage of click-through licensing to hijack people's computers. And we're blaming USERS for not doing the right things?
That would be like making cars that exploded if you ran them at exactly 62mph for more than 12 continuous minutes, with brake systems on the outside of the car where anyone could walk by, flip a switch, and disable them, as well as aftermarket accessories that forced cars to drive on particular roads at particular times.... and blaming the drivers when cars blow up, can't brake, or cause traffic jams on certain roads.
People mostly just want to do email and read the web. We should be providing them software that does this with absolute security.
We are blaming users for faulty software.
Should License Be Required to Go Online?
No, but perhaps grammar skills should be required to work for the Associated Press...
Seriously, this is a terrible idea. This would open up chicken-and-egg problems across the whole range of learning endeavor computers and the internet offers.
The analogy of needing a license to drive a car is used repeatedly in the article, but I think that's not quite the right analogy; maybe requiring you to know how to rebuild an engine before you ever drive would be more accurate. One of the expectations mentioned is that you must know how to set up a firewall; is this really realistic to require before any unsupervised on-line time?
The internet is growing because it's accessible, reasonably. If I needed a license to buy a book, I might never have started reading--and a book is a more accurate analogy than a car.
Put the responsibility for viruses where it belongs, on the network admins and software vendors, not the newbies. Everybody's got to start somewhere.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
I think someone should have to take a course in the Constitution before making stupid fucking statements that would limit people's rights.
-- Will program for bandwidth
Actually... it is more a linux-esque type article. MS makes its billions off catering to the slobering masses... Linux is the soceity that tends to bash users for being too stupid to do anything... The whole "lets license users" type argument for surfing is a complete tech-elitest typical bs approach. Then again, you idiot proof something, the world builds a better idiot. The real answer is most likely to make a more modern, effective and adaptive education system... both in traditional school years, and there after.
That said, I agree... the article is total flame bait. Oh well.
When we, the technologicaly elite, make our OWN network, based on encrypted tunnels on the existing infrastructure - then we can choose what level of certification is required to interact with peers.
I'm serious.
Don't Tread on Me
The point I think our OP is trying to get at here is that people have been talking about forcing licensing for all manner of things, from Internet licensing to licensing for having a baby.
The solution isn't licensing, it's education. Education isn't something that is achieved through licensing, it's learned through a concerted effort to make people aware of the problems. Licensing only achieves getting people aware of knowing the answers to a test.
I was going to rebut, but my ride is here - gotta go before he starts flinging feces at the neighbors.
Knock on the door.
"Please open up. We have reason to believe someone inside is online without a license!"
The license can't just be a smartcard, or everyone will just leave theirs in the slot so family and friends have access - and likely put the whole crew and half the wireless neighborhood on NAT behind them. So we're going to have to build biometric security into every potentially Net-connected device.
That will surely get the Dept. Homeland Security Seal of Approval. Let's have Microsoft build it so it really works!
"with their freedom lost all virtue lose" - Milton
The user is never at fault for poor software, especially closed source crap the user can't fix if they could or wanted to fix.
Virus checkers, email restrictions, firewalls and all that are in vain when faced with the reality of closed source distribution. I work for a small computer shop. The only software we can put on all the broken computers that come in for repair is the user's original software and any updates M$ lets you. The vast majority of computers out there run EOL'd systems like 95 and 95. Customers lack the skills needed to diagnose the problems or do the best fix, a wipe and reload. It cost them about $75 if they have all of their software, and they are loath to pay for the time it takes to load up all the patches and updates that won't protect them from next week's worm. I can't blame them for feeling that way. Nor can I blame them for wanting to email their friends. Those that have lost their software generally end up throwing their machine away or go find some nasty cracked copy of M$ shit because they don't want to spen the $109 and equpment purchase needed for an OEM copy of Windoze. The net result is the same in every case, boxes that are just as easy to bust as the day they were made. But, so what? Even the dilligent are getting burnt.
I have recomended Mozilla for people who absolutly must have M$. My little brother told me that an XP update broke Mozilla and made it terribly slow, but Netscape still works. Woot.
I'd recomend Debian or Red Hat and sell CDs for the same price as a driver disk, but my boss is worried about support. I'm not sure what kind of "support" could be worse than the mess most Windoze users now find themselves in. Still, he's the boss. The day, however, I can make money doing it, he's going to like it. I'm starting to think that the store's usual $4 per CD burnt and the 30 minutes it takes to install a dual boot of any linux system might be cheaper fixing Windoze. Blinding the windoze side to the network makes it last longer so that it can do the things it does well for the user.
I'm starting to see the path of least resistance here. Demo the system with Knoppix to prove hardware use. Blind Windoze, dual boot and set them loose. Actually doing something beats the hell out of bitching and moaning. It can work.
Friends don't help friends install M$ junk.
For pete's sake, this has to be the most elitist article I have seen recently. Because Mr. Schneier knows what to do to keep his computer uninfected, let's blame the users and force them to be certified to be online.
Idiot.
How about blaming the actual target, the operating systems and flawed web standards that allow this. Look at certification authorities, browser, and OS vendors. I saw one of those hidden install ActiveX objects recently that has a Thawte signature. Why? Well, that CA's root cert is preloaded in IE so therefore, the signed ActiveX will install without any user intervention with default security settings.
What is wrong with this picture?
The problem was flawed assumptions at the outset. Microsoft assumed the Internet environment would remain benign, as it was in the early days of commercialization. Therefore, security was not a consideration. This has proven utterly false. The CAs figured they were in the business of printing up certificates for money. Check on the reliability of a vendor? Why, that would cost too much...so what are certificates and signing really worth? Not a whole hell of a lot. Yet we tell people to trust their money and credit card numbers to this intrinsically flawed system of 'trust'.
We, in IT in general, really need to reconsider all these flawed assumptions we have made and the bill of goods that has been sold to the general public. I have been doing end user support for 15 years now and I would be all too willing to blame this on the user. In this case we cannot. In the end, we have to realize it is not their fault. It is ours. We assumed things would stay the way they were, and they haven't.
Now let's fix it...invalidating the entire CA model and delegating that function to the government would probably be a good start. Have all certificates emanate from a government source or be considered invalid. That might actually work.
While we are at it, let's get the government involved in regulating operating system software in a formal fashion. Sure, I like the private sector and all, but it hasn't worked, has it? We have this huge security mess. Perhaps a greater degree of regulation is required to get us out of this mire, because market forces aren't going to fix the fact that Microsoft's operating system is woefully inadequate for today's Internet and most probably cannot be fixed while preserving backward compatibility for a meaningful number of applications.
The last two paragraphs were just ideas off the top of my head. I'm sure others could be arrived at, and better.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
and truly I dont think its a stupid idea
I do, it's an incredibly stupid idea.
I pay several thousand dollars a year to have a small handful of computers colocated so I can run email/web, etc efficiently. *I* paid for the computers, *I* pay for the bandwidth, and *I* pay for the storage. My users in turn, pay me for access to those systems.
Essentially, I own and operate the equivalent of a local post office. Who the hell has the right to tell me I've got to pay the government (or anyone else) to send email?
The Internet is not a public service to be taxed. It is almost entirely privately owned, with a standing "gentlemans agreement" between the owners that each will allow traffic to and from each others' property.
So unless you've got some bright idea for distributing that tax money to the folks like me who actually own and operate the equipment, you can take your email tax idea and put it someplace moist and dark.
what will I need to procreate? A Nobel prize?
Panic not, aspiring scientist! First you'll need a girlfriend.
The manufacture of cars, airplanes and radio transmitters are also regulated by massive standards bodies and testing, far more strenuous than any training imposed on users. Doesn't it make more sense to start there if we're really concerned about enhancing "the safety of everyone using the medium"?
"anyone who decides to spend money on a PC running Windows deserves what they get"
And there are, like, so many options too. It's fine for me, I build all my computers from parts. But the truth is, most people buy ready-made, plug-em-in-and-they-work type boxes. And most of those come with Windows. Not to mention that anyone who wants to play most games these days has to run Windows. Or just the fact that they know windows, and are comfortable with it.
And lets face it, if clueless newbies adminned Linux boxes, they'd be almost as insecure Windows machines. Unpatched, permanently logged in as root, all files chmodded to 777 so they don't get any errors, no firewall, cause ipchains is just too tricky. I'd agree that Linux is a technically superior OS, but as we all know, technical superiority don't mean jack when it comes to the desktop market.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Why do you think Linux doesn't have these security holes?
You're an idiot if you don't believe Linux has these security holes. It does, just try reading the changelogs of the kernel, of apache, of ssh, of most of the apps you use. They're there. The simple fact is that Linux isn't as wide-spread as Windows, so when there's a hole in Windows, it's exploited on millions of boxes. When one is found in Linux, it affects a very small number, so no one cares. Once Linux becomes widespread, you'll start to see the same kinds of issues, because there will always be hackers. It will also be a lot worse, because Windows is easy to patch, and it still isn't done...Linux, OTOH hand will always be beyond the capabilities of my grandmother. At least with Windows Update, she can keep her computer moderately safe.
As for buggy code, fuck, dude...the one that was responsible for blaster affected W2K, which is just under four years old. I, for one, am not about to wait for four years of testing to ensure EVERY fucking bug is found. Linux is also not immune to bugs, there are plenty to be found if you just open your eyes. And, don't give me the stale rhetoric of "well, if one is found, it's patched within 24 hours", that might be true, but the patch for blaster was released a full month before the problem.
Nope, I fear the day that Linux becomes the dominant OS. Things will only be much, much worse. Especially with dumb-ass pricks like you who a) don't help people fix their machines, you just whine about "well, it's your own fault, grandma, you use windows!" and b) are ignorant of the flaws in this system you love so much. It makes you immeasurably more ignorant and naive then they are!
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com