[unisog] Educating Users

Paul L Schmehl pauls at utdallas.edu
Wed Aug 8 17:30:17 GMT 2001

The problem with that, is that any time you use that sort of terminology, 
governments immediately assume you want them to step in "police things". 
And IMHO, I think this would be devastating to the Internet if governments 
get control of it.

I actually read an article recently where a guy was advocating "national 
borders" for the Internet so we could "cut off" places like China when 
"they" attack us (which I think is typical of the incredible naivete that 
exists today WRT what the Internet actually is and who "controls" it.)

We need a new paradigm.  Something which says "networks" are responsible 
for their output.  This would place the onus on a "network" to ensure that 
what goes out isn't harmful to the "community".  After all, the entire 
Internet is predicated on RFCs, which aren't rules but suggestions.  Why 
couldn't a new RFC be proposed that required "networks" to take 
responsibility for their output?  If everyone did, the problem would be 
quickly solved, I think.

I can see the day (and I'm sure I'll get groans and cat calls here) when 
"we" in edu might actually have to "cordon off" certain sections of the 
Internet.  (Isn't that what we've done to some extent with I2?)  E.g. we 
simply block anything from a .NET address.  Maybe we also block AOL.com, 
MSN.com, Hotmail.com and a few other "trouble spots".  (I'm just throwing 
out ideas here, not advocating isolationism.)

What choice do we have?  We don't have the funds to fight something like 
Code Red (and it is just a precursor of much worse to come, IMO.)  Sooner 
or later, the least cost, most benefit solution is to simply close the door 
and not let them in any more.

But I'd hate to see that day come.  So we need a solution to this problem 
before that day arrives.  Obviously, a large part of the equation will be 
to somehow knock some sense into vendors, and I suspect the courts will 
help with that.  (I think it's inevitable that at some point someone with 
large pockets and a serious case of anger is going to sue some major vendor 
for a hole that cost them money.  After all, if you can make millions by 
spilling hot coffee, you can certainly find liability on the vendor side, 
even if you didn't patch when you should have.)

Another large part of the problem is networks that won't take 
responsibility for their users, whose machines are spewing DDoS attacks, 
Code Red, et. al. unabated.  If we wait to educate every user, we'll all be 
in our graves.  Mind you, we *do* need to educate them, and I think 
licensing and other such proposals may actually be good ideas.  But we need 
to stop the bleeding now.  And the only way I can see that happening is at 
the network level.

Unfortunately, it's hard to agree on a solution, and no one likes to be 
bullied or manhandled into complying with someone else's idea of "good". 
Anyway, those are some of my thoughts and ramblings.  I'll sit back again 
and see what others think.  I must say, I don't think there's a better 
group on earth to find a solution to this problem than the folks in edu IT 
land.  After all, we built this thing called the Internet once. :-)

--On Wednesday, August 08, 2001 9:20 AM -0700 bdc1 at humboldt.edu wrote:

It's gonna take both local and international efforts to rid this
> world of pestilence...
Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member

More information about the unisog mailing list