nanog mailing list archives

Re: Nato warns of strike against cyber attackers


From: Joe Greco <jgreco () ns sol net>
Date: Wed, 9 Jun 2010 09:02:53 -0500 (CDT)

Grandma does not go check her tread depth or check her own brake pads and
discs for wear.  She lets the shop do that.  I was hoping I didn't have to
get pedantic and that people could differentiate between "I pay the shop a
few bucks to do that for me" and "I take responsibility personally to drive
my car in an appropriate fashion" (which includes things like "I take my
car to the shop periodically for maintenance I don't have the skills to do
myself"), but there we have it.

Whether grandma measures the tread depth herself or takes it to the shop,
the point is that grandma is expected to have tires with sufficient tread
depth and working brakes when she operates the car. If not, she's liable.
If she drives like the little old lady from Pasadena, she's liable for the 
accidents she causes.

There is no "shop" that the average computer owner should take their
computer to, and unlike a car, anything that might seem to require some
periodic maintenance is typically automated (OS updates, virus updates,
etc).  There are places like NerdForce that you can take your computer to,
but you're likely to be sold a load of crap, and you can even take the
same computer to five different services and get wildly differing results
(and wildly differing bills).  There's no standardization, and part of
*that* is due to the way we've allowed end user operating systems to be
designed.

My point: We haven't designed computers for end users appropriately.  It
is not the fault of the end user that they're driving around the crapmobile
we've provided for them.  If you go to the store to get a new computer, you
get a choice of crapmobiles all with engines by the same company, unless 
you go to the fruit store, in which case you get a somewhat less obviously
vulnerable engine by a different company.  The users don't know how to take
apart the engines and repair them, and the engines aren't usefully protected
sufficiently to ensure that they don't get fouled, so you have a Problem.

The end user should be able to recover from the responsible manufacturer
for the design flaws in the hardware/software they are driving. Agreed. That
is how it works in cars, that's how it should work in computers.

It doesn't; look at that wonderful EULA.  Want to fix that?  Be my guest,
seriously.

What I don't want to see which you are advocating... I don't want to see
the end users who do take responsibility, drive well designed vehicles
with proper seat belts and safety equipment, stay in their lane, and
do not cause accidents held liable for the actions of others. Why should
we penalize those that have done no wrong simply because they happen
to be a minority?

I agree, on the other hand, what about those people who genuinely didn't
do anything wrong, and their computer still got Pwned?

From this perspective:  Our technology sucks.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.


Current thread: