Re: [fw-wiz] The home user problem returns

From: Mason Schmitt (mason_at_schmitt.ca)
Date: 09/12/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] The home user problem returns" 
    To: Chris Blask <chris@blask.org>
Date: Mon, 12 Sep 2005 12:59:51 -0700

    >> On bad days and good days I fully agree. The problem is that it can't
    >> stay like this, so movement has to occur somewhere. Perhaps you're
    >> right that we're wasting our breath.
    >
    >
    > Marcus is right to keep people on their toes: no-one should expect to
    > fire off ill-conceived comments or solutions and not get their lungs
    > ripped out - this is all too important. Any actual good ideas can stand
    > harsh comment - bull*** disintegrates.
    >

    Are my ideas ill-conceived? I shouldn't even call them mine, because
    they are not unique to me - there are no unique ideas; just people that
    get to claim discovery, because they were the first to publicly announce
    an idea or act upon it. As to whether or not they will disintegrate, I
    still don't know whether they will or not. I'm not going to know until
    I try them or someone points out some specific areas in which they will
    fail.

    What specifically do you think is bull***? Or is it just my approach
    in general? The better I understand this problem the better off I'm
    going to be.

    >> In my last email, this was one of the things that I stressed (or I hope
    >> I did). People need to learn to question. My generation is doing a
    >> good job in this area, but my parent's generation is as trusting as an
    >> unspoiled child when it comes to the net. I think the biggest problem
    >> with the older crowd is that they don't really know what the net is -
    >> I'm still working on my parents. That's what I want to try to teach
    >> people.
    >
    >
    > That right there is my point. The quantity of exposure that the average
    > Joe needs to understand the issues being discussed is "N", where N is a
    > very large number (particularly if Joe is 50+). We are currently about
    > 1/N into the process...
    >

    I disagree. I don't think that N need be that large. Even now with the
    huge mess we have, N is manageable if it is presented properly and
    *people want to listen*. N can be reduced considerably if those
    providing PCs, network access, etc can improve the security of their
    offerings. This of course being a much longer term look at the problem.

    Here are two ways of looking at N. The first one applies to the present
    state of things, the second is longer term.

    N in a positive reinforcement scenario (short term)
    ----------------------------------------------------
    If as a group, we like to preach least privilege, why do we keep trying
    to tell home users what they _shouldn't_ be doing? That sounds like
    default allow. Why not tell them what they should be doing? It's going
    to be a much shorter list.

    N as seen from within a mature utility model (long term)
    ---------------------------------------------------------
    Here's another way of looking at the long term size of N. In one of the
    emails in this thread, someone mentioned that Internet access should be
    like a utility. I'd like to take that analogy (because that's what it
    is) and expand upon it.

    Look at the electrical utilities (I'm going to assume North America).
    Access to electricity is available to anyone that wants it - from large
    massively energy intensive operations such as aluminium smelters right
    down to your average home owner.

    Electricity is provided to home users in a very well controlled fashion.
     The utility puts out a very consistent 60Hz and the power is expected
    to be within clearly defined limits of the amount of distortion, amount
    of voltage fluctuation etc. The utility also provides automated systems
    that are designed to protect their infrastructure as well as anyone
    attached to it.

    When the connection is made from the pole to the home, it must meet
    strict electrical codes and certain parts of the installation (such as
    your panel) must be done by an electrician. The only interface
    presented to the home user that would allow them to actually touch what
    they are paying for is a three prong outlet. Or if you are in the
    bathroom, hopefully a GFI as well. (Well light sockets too, but I'm
    trying to keep this simple.)

    What do home users plug into these three prong outlets? The vast
    majority of home users will plug in lamps, kitchen appliances, clocks,
    computers, etc. *ALL* of which must be inspected and approved for
    safety before being allowed to go to market. If a home user wants to
    play and decides to stick a fork in an outlet, the rest of us are
    protected by the fact that there is "egress" protection mandated at the
    home - the breaker is going to blow. At this point, user education is
    pretty simple:
    Don't stick your finger in a light socket.
    Don't let your kid stick a finger (or anything else) in an outlet (there
    are even plastic outlet plugs for this purpose)
    Don't blow-dry your hair in the bathtub.

    These are not complicated rules. This is a very small value of N. The
    reason that the rules are not complicated is due to the steps that
    industry/government has taken to regulate the utility and to protect the
    home user.

    Getting back to computers and the Internet... If these sorts of controls
    and industry maturity were in place, home users wouldn't be such a
    problem. The big problem is that the Internet right now is very much
    like the "Wild West" - it's young, immature, un-controlled and much
    about how it should work is still unknown. It just needs to mature.

    > Lucy: "You can't subtract five from three!"
    >
    > Linus: "You can if you're stupid!"
    >
    > Never underestimate the power of naive optimism.
    >

    I hadn't heard that exchange before. That's a good one :) 

    --
Mason
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Marcus J. Ranum: "Re: [fw-wiz] The home user problem returns"