[unisog] Educating Users
Paul L Schmehl
pauls at utdallas.edu
Wed Aug 8 17:30:17 GMT 2001
The problem with that, is that any time you use that sort of terminology,
governments immediately assume you want them to step in "police things".
And IMHO, I think this would be devastating to the Internet if governments
get control of it.
I actually read an article recently where a guy was advocating "national
borders" for the Internet so we could "cut off" places like China when
"they" attack us (which I think is typical of the incredible naivete that
exists today WRT what the Internet actually is and who "controls" it.)
We need a new paradigm. Something which says "networks" are responsible
for their output. This would place the onus on a "network" to ensure that
what goes out isn't harmful to the "community". After all, the entire
Internet is predicated on RFCs, which aren't rules but suggestions. Why
couldn't a new RFC be proposed that required "networks" to take
responsibility for their output? If everyone did, the problem would be
quickly solved, I think.
I can see the day (and I'm sure I'll get groans and cat calls here) when
"we" in edu might actually have to "cordon off" certain sections of the
Internet. (Isn't that what we've done to some extent with I2?) E.g. we
simply block anything from a .NET address. Maybe we also block AOL.com,
MSN.com, Hotmail.com and a few other "trouble spots". (I'm just throwing
out ideas here, not advocating isolationism.)
What choice do we have? We don't have the funds to fight something like
Code Red (and it is just a precursor of much worse to come, IMO.) Sooner
or later, the least cost, most benefit solution is to simply close the door
and not let them in any more.
But I'd hate to see that day come. So we need a solution to this problem
before that day arrives. Obviously, a large part of the equation will be
to somehow knock some sense into vendors, and I suspect the courts will
help with that. (I think it's inevitable that at some point someone with
large pockets and a serious case of anger is going to sue some major vendor
for a hole that cost them money. After all, if you can make millions by
spilling hot coffee, you can certainly find liability on the vendor side,
even if you didn't patch when you should have.)
Another large part of the problem is networks that won't take
responsibility for their users, whose machines are spewing DDoS attacks,
Code Red, et. al. unabated. If we wait to educate every user, we'll all be
in our graves. Mind you, we *do* need to educate them, and I think
licensing and other such proposals may actually be good ideas. But we need
to stop the bleeding now. And the only way I can see that happening is at
the network level.
Unfortunately, it's hard to agree on a solution, and no one likes to be
bullied or manhandled into complying with someone else's idea of "good".
Anyway, those are some of my thoughts and ramblings. I'll sit back again
and see what others think. I must say, I don't think there's a better
group on earth to find a solution to this problem than the folks in edu IT
land. After all, we built this thing called the Internet once. :-)
--On Wednesday, August 08, 2001 9:20 AM -0700 bdc1 at humboldt.edu wrote:
It's gonna take both local and international efforts to rid this
> world of pestilence...
Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog