"This appears to be a difference in definition. I consider the sysadmin for a machine to be the person who is most responsible for it"
A car owner isn't a mechanic, even if they do mechanic like things (change the oil, etc.) Sysadmins are (hopefully) trained professionals. Web designers who throw up an ms webserver on a computer over a cable modem don't really fit that bill.
No, home computer enthusiasts are not sysadmins, and therefore they aren't being "lazy" when they don't patch their homebrew creations.
This problem has affected home enthusiast machines more than any others. And the real sysadmins are the ones who are downloading the patches first, most likely. That, after all, is their job.
Even in professional environments a lot of sysadminning is done by quasi-admins - unix-smart developers etc. So even if they possess the technical competence, they don't have any motivation to do even an iota more than necessary to keep it up. They have code to write.
"That seems bizarre. It seems to me like security would be the single most important concern of any competent admin"
Yes competent admins care, but management may not. Try coercing users into changing passwords without managerial support. When they go complaining to your boss that you are making their life hard, guess who loses? Therefore my point stands- security may be a thing competent admins care about, but it's still not necessarily something that those who hire admins demand or even support.
But the single most concern of admins is pleasing your user community and management which means - uptime & performance & recovery. Security is an afterthought.
The problem is not "lazy sysadmins". I'll bet most of these machines didn't even have one. Most sysadmins do nothing more than think about the patches they'd like to install to prevent having to clean up messes later. And another impediment to good administration is managerial environments that don't encourage pro-active administration, i.e. they don't trust the admins to do their own job. Where this kind of trust comes from, I don't know.
The lazy admin is a myth. Admins aren't paid to be lazy, and the lazy one's wouldn't last. Breakins occur to sites whose admins hands are tied, or to sites that in effect have no admin ("gee whiz I'd like a webserver and this microsoft one seems easy...ooh neato it's up!").
Blaming admins for breakin's is like blaming car problems on auto mechanics. "Yes all those lazy mechanics out there didn't wan't to tune up their cars...they'd rather play quake". Absurd. Most mechanical car failures are probably due to owner neglect, not mechanic neglect (other than what is generated by not seeing one). Dentists don't cause cavities. Admins don't cause breakins.
Moreover security isn't typically a function that is even *expected* of most admin jobs I've seen. I've practically begged every outfit I've worked for to develop a security policy, check passwords, etc. and it's a small minority that cares- "there are other irons in the fire". Security is a hard to quantify benefit. If you keep the alligators away, who is to know how bad they are? If the alligators are discrete as well, all the more a problem.
-florkle
this comment was marked troll, but like everyone doesn't use the net for porn or mp3 or other file transfer?
This is actually a pretty good index of whether people would want it. If it was secure, *and* it acted as an excellent file transfer client, it would be a pretty winning product.
Re:Need Bilingual Clients- no need better user ex.
on
Secure IRC?
·
· Score: 1
Bilingual clients would be confusing. But your idea does address the problem of transition or adoption, which is problematic for dozens of popular insecure programs or protocols or OS's vs. secure ones. Telnet is still widely used, so are insecure unices and many insecure windows machines aren't even patched.
More people give lipservice to security than implement it, and there are often significant impediments to impementation even if the desire is there (i.e. management wants desktops usable by new employees w/o training or technical complexity is greater than technical ability of security conscious user).
This product is just another in a long stream of products and services. People don't want security, as MS correctly estimated, they want features. Security isn't something you "have"- if it's secure it just does what the non-secure product does- and often worse- slower, more logins, expires, etc. Therefore to compete with IRC it would need a comprable feature base and or more features or equal or easier of use, i.e. it has to be a *better* user experience along with being secure.
Computers aren't analogous to people, they are analogous to cars. They can be well-maintained or they can be so poorly kept that they are dangerous to their operators and other people. In some places, cars are forced to pass certain minimum standards to be operated. No such standards exist for our computers.
A "friendly" virus that fixed problems would violate the "don't touch peoples" computers concept, but where is this written that computers are inviolate? What if it was delivered via spam to invite participation ("click here to disinfect")?
Until there is some monolithic enforcer for computer standards (i.e. "your computer is infected ma'am here is a $22 ticket for operating a poorly maintained computer") it seems like it's a wide open game.
However "friendly viruses" don't seem to inspire their authors much.
Since the potential legal downside exists for writing a friendly virus as a harmful one, we have a soup where the malicious dump in toxins to have fun at the expense of the helpless, and those who could help are afraid to do so.
But then again, maybe the problem is poorly written operating systems. Mac's and unix machines are known to have fewer/no virus problems. So long as computers that "unsafe at any speed" are popular, we will have to suffer the frequent exploding-tail-pipe-in-the gas tank.
Slashdot Mirror
"This appears to be a difference in definition. I consider the sysadmin for a machine to be the person who is most responsible for it"
A car owner isn't a mechanic, even if they do mechanic like things (change the oil, etc.) Sysadmins are (hopefully) trained professionals. Web designers who throw up an ms webserver on a computer over a cable modem don't really fit that bill.
No, home computer enthusiasts are not sysadmins, and therefore they aren't being "lazy" when they don't patch their homebrew creations.
This problem has affected home enthusiast machines more than any others. And the real sysadmins are the ones who are downloading the patches first, most likely. That, after all, is their job.
Even in professional environments a lot of sysadminning is done by quasi-admins - unix-smart developers etc. So even if they possess the technical competence, they don't have any motivation to do even an iota more than necessary to keep it up. They have code to write.
"That seems bizarre. It seems to me like security would be the single most important concern of any competent admin"
Yes competent admins care, but management may not. Try coercing users into changing passwords without managerial support. When they go complaining to your boss that you are making their life hard, guess who loses? Therefore my point stands- security may be a thing competent admins care about, but it's still not necessarily something that those who hire admins demand or even support.
But the single most concern of admins is pleasing your user community and management which means - uptime & performance & recovery. Security is an afterthought.
The problem is not "lazy sysadmins". I'll bet most of these machines didn't even have one. Most sysadmins do nothing more than think about the patches they'd like to install to prevent having to clean up messes later. And another impediment to good administration is managerial environments that don't encourage pro-active administration, i.e. they don't trust the admins to do their own job. Where this kind of trust comes from, I don't know. The lazy admin is a myth. Admins aren't paid to be lazy, and the lazy one's wouldn't last. Breakins occur to sites whose admins hands are tied, or to sites that in effect have no admin ("gee whiz I'd like a webserver and this microsoft one seems easy...ooh neato it's up!"). Blaming admins for breakin's is like blaming car problems on auto mechanics. "Yes all those lazy mechanics out there didn't wan't to tune up their cars...they'd rather play quake". Absurd. Most mechanical car failures are probably due to owner neglect, not mechanic neglect (other than what is generated by not seeing one). Dentists don't cause cavities. Admins don't cause breakins. Moreover security isn't typically a function that is even *expected* of most admin jobs I've seen. I've practically begged every outfit I've worked for to develop a security policy, check passwords, etc. and it's a small minority that cares- "there are other irons in the fire". Security is a hard to quantify benefit. If you keep the alligators away, who is to know how bad they are? If the alligators are discrete as well, all the more a problem. -florkle
this comment was marked troll, but like everyone doesn't use the net for porn or mp3 or other file transfer? This is actually a pretty good index of whether people would want it. If it was secure, *and* it acted as an excellent file transfer client, it would be a pretty winning product.
Bilingual clients would be confusing. But your idea does address the problem of transition or adoption, which is problematic for dozens of popular insecure programs or protocols or OS's vs. secure ones. Telnet is still widely used, so are insecure unices and many insecure windows machines aren't even patched. More people give lipservice to security than implement it, and there are often significant impediments to impementation even if the desire is there (i.e. management wants desktops usable by new employees w/o training or technical complexity is greater than technical ability of security conscious user). This product is just another in a long stream of products and services. People don't want security, as MS correctly estimated, they want features. Security isn't something you "have"- if it's secure it just does what the non-secure product does- and often worse- slower, more logins, expires, etc. Therefore to compete with IRC it would need a comprable feature base and or more features or equal or easier of use, i.e. it has to be a *better* user experience along with being secure.
Computers aren't analogous to people, they are analogous to cars. They can be well-maintained or they can be so poorly kept that they are dangerous to their operators and other people. In some places, cars are forced to pass certain minimum standards to be operated. No such standards exist for our computers.
A "friendly" virus that fixed problems would violate the "don't touch peoples" computers concept, but where is this written that computers are inviolate? What if it was delivered via spam to invite participation ("click here to disinfect")?
Until there is some monolithic enforcer for computer standards (i.e. "your computer is infected ma'am here is a $22 ticket for operating a poorly maintained computer") it seems like it's a wide open game.
However "friendly viruses" don't seem to inspire their authors much.
Since the potential legal downside exists for writing a friendly virus as a harmful one, we have a soup where the malicious dump in toxins to have fun at the expense of the helpless, and those who could help are afraid to do so.
But then again, maybe the problem is poorly written operating systems. Mac's and unix machines are known to have fewer/no virus problems. So long as computers that "unsafe at any speed" are popular, we will have to suffer the frequent exploding-tail-pipe-in-the gas tank.