In message <401C49BA.5040507(a)saarinen.org>, Juha Saarinen writes:
There's something wrong about neutering the 'Net for newbies instead of going after those who spoil it for them.
FWIW, Dean's talk wasn't solely about people spoiling the net for newbies (although there's a lot of that too), but also that they're inadvertantly doing dumb things because it's not obvious that it's dumb and it's not obvious that there's a better way to do it. (For instance consider a newbie mailing out a 10MB attachement to the whole company when they could have just sent a link.) To that end I think that "seamless integration" of the local network (and local machine) and the Internet is counterproductive -- there really are differences and sometimes you've still got to be aware of them. (Not everyone has a gigabit link to their house yet.)
Given how spammers, phishers, crackers, VXers et al have so far managed to work around every countermeasure devised against them, I have reason to believe even NewbieNet would only be a temporary fix.
Indeed. That was basically my point in one of the talks, that whatever restrictions you put in place would be "routed around" by those with an incentive to do so. Okay you're down to "mere applications", but applications -- especially those used by newbies -- are notoriously insecure. (Some of them even have extra, designed in, insecurity.) Jamie (Baddeley)'s suggestion of thin client is perhaps one of the few ways you might get enough control over the end appliance to control things; another is perhaps Knoppix-style bootable-readonly-device (or perhaps something PS/2, Xbox, etc like). My point was that you can get 75% of the immediate benefit of a "newbie applicance network" right now simply by firewalling customer connections at the edge -- and that if you do, please provide an opt-out mechanism. (I'd really prefer that it wasn't necessary to buy, say, a E1 link (wholesale connectivity) in order to get reasonably unfiltered access. And tunnelling everywhere sucks.) That said, short of a rigorous punishment technique,[0] rigorously applied, I don't think we're going to get all of those that spoil the 'net. Ewen [0] Death. Or perhaps transportation to the colonies. I hear Mars isn't too crowded this time of year.
Ewen McNeill wrote:
FWIW, Dean's talk wasn't solely about people spoiling the net for newbies (although there's a lot of that too), but also that they're inadvertantly doing dumb things because it's not obvious that it's dumb and it's not obvious that there's a better way to do it. (For instance consider a newbie mailing out a 10MB attachement to the whole company when they could have just sent a link.)
Sigh, don't remind me...
My point was that you can get 75% of the immediate benefit of a "newbie applicance network" right now simply by firewalling customer connections at the edge -- and that if you do, please provide an opt-out mechanism. (I'd really prefer that it wasn't necessary to buy, say, a E1 link (wholesale connectivity) in order to get reasonably unfiltered access. And tunnelling everywhere sucks.)
Yes, but I have my doubts as to how such a "NewbieNet" would be implemented in a profit-driven environment. I would expect the "opt-out" unfiltered 'Net would cost more and be packaged as a "business class service" or similar. All I'm saying is, be careful what you ask for, because you may get it. OTOH, customers on metered connections really should have some way of controlling the traffic, e.g. through a Web interface that allows you to set things at a central firewall. It shouldn't be that the only way to control traffic to your connection is to switch off the CPE.
That said, short of a rigorous punishment technique,[0] rigorously applied, I don't think we're going to get all of those that spoil the 'net.
Ewen
[0] Death. Or perhaps transportation to the colonies. I hear Mars isn't too crowded this time of year.
What's wrong with Australia? Oh hang on, it's not a colony anymore... -- Juha
On Sun, 01 Feb 2004 14:22:40 +1300, Juha Saarinen wrote
Ewen McNeill wrote:
My point was that you can get 75% of the immediate benefit of a "newbie applicance network" right now simply by firewalling customer connections at the edge -- and that if you do, please provide an opt-out mechanism. (I'd really prefer that it wasn't necessary to buy, say, a E1 link (wholesale connectivity) in order to get reasonably unfiltered access. And tunnelling everywhere sucks.)
Yes, but I have my doubts as to how such a "NewbieNet" would be implemented in a profit-driven environment. I would expect the "opt- out" unfiltered 'Net would cost more and be packaged as a "business class service" or similar.
Agreed.
All I'm saying is, be careful what you ask for, because you may get it.
AGREED!!!
OTOH, customers on metered connections really should have some way of controlling the traffic, e.g. through a Web interface that allows you to set things at a central firewall. It shouldn't be that the only way to control traffic to your connection is to switch off the CPE.
AA GG RR EE EE DD !! !! !! I've suggested this idea before. I'd like to be able to set up blocks to ip addresses from getting to my network and have those blocks unset them self automatically based on a value I set (eg 24 hours - when the hacker gives up and goes off to hit someone else). Cheers Don -- Don Gould Ask not what your telephone company should do for you... ...but what you can do for your community!
On Mon, 2004-02-02 at 03:22, Juha Saarinen wrote:
OTOH, customers on metered connections really should have some way of controlling the traffic, e.g. through a Web interface that allows you to set things at a central firewall. It shouldn't be that the only way to control traffic to your connection is to switch off the CPE.
Absolutely! I am about to finally sign up for adsl and plan to have a box (an old 133MHz pentium running OBSD) as a firewall and metering box to ensure that we don't get 'unexpected' bills. But how many people have the expertise to do this? I firmly believe that if ISPs are going to charge for 'excess' traffic on 'always on' connections then they are morally obliged to provide reasonable mechanisms to protect users from disaster. I have first hand knowledge of a small business who signed up to Jet Stream in the early days and got billed nearly $20K for their first monthly account because all the machines got compromised and turned in to Warez servers. I never did find out what Xtra did about the bill, my involvement was purely on the technical side. -- Russell Fulton /~\ The ASCII Network Security Officer \ / Ribbon Campaign The University of Auckland X Against HTML New Zealand / \ Email!
Russell Fulton wrote:
I firmly believe that if ISPs are going to charge for 'excess' traffic on 'always on' connections then they are morally obliged to provide reasonable mechanisms to protect users from disaster.
I was hoping that Our Dearly Beloved Telco Monopoly would either do that, or follow the example of the Aussie DSL providers, which slow down your connection after the monthly allocation has been chewed through. Guess the 20c/MB overrides any moral obligations though. -- Juha
And if the traffic was at 2c per/m for national, even better. Barry -----Original Message----- From: Steve Withers [mailto:swithers(a)mmp.org.nz] On Tue, 2004-02-03 at 11:02, Juha Saarinen wrote:
Guess the 20c/MB overrides any moral obligations though.
They'd get more money if the excess charge / MB was lower. At
Have a close look at what's happening in Australia (I'm sure Geoff must have talked about this at the NOG confrence.) Charging for data over and above the stated data caps only slows down service uptake in the residential market place. Even Telstra BigPond have finally conceded this. I suspect Telecom are planning on following what Telstra and the Aussie ISPs have done (why else would they be installing an ERX platform?) Cheers Don On Tue, 3 Feb 2004 14:05:59 +1300, Barry Murphy wrote
And if the traffic was at 2c per/m for national, even better.
Barry
-----Original Message----- From: Steve Withers [mailto:swithers(a)mmp.org.nz]
On Tue, 2004-02-03 at 11:02, Juha Saarinen wrote:
Guess the 20c/MB overrides any moral obligations though.
They'd get more money if the excess charge / MB was lower.
At
An extra GB would be $50 instead of $200....and I could make a decision as toi whether or not I *really* want that ISO image of the latest *nix badly enough.
At $200 / GB, I never do it.
Steve
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Don Gould Ask not what your telephone company should do for you... ...but what you can do for your community!
participants (6)
-
Barry Murphy -
Don Gould - BVC -
Ewen McNeill -
Juha Saarinen -
Russell Fulton -
Steve Withers