If you make the terminal look like Windoze and it can be hacked anyway, why bother to move to free software? What is being offered that justifies the cost? This is why I think that the power of free software should be used to provide real services to patrons and why it's worth the risks. Microsoft will eventually offer these services and they will be just as full of holes as any of their previous systems from Win 3.1 to Hotmail mods. We know what can be offered and we should work towards it.
On Sunday 09 May 2004 02:32 pm, John Hebert wrote: > --- Will Hill <[EMAIL PROTECTED]> wrote: > > Sure, John, I'm serious. Let's weigh the gains and > > the risks. Let's also > > look at some countermeasures for the risks. > > > > What can be lost? In a world full of cable modem > > zombies, show me the harm of > > someone taking over another computer that happens to > > be in a library. > > Among the myriad reasons, the most important would be > that the library would be legally responsible if it > knew its boxen were hacked, did nothing, and then > further damage were caused to machines outside the > library's network, or a user's private data > compromised. So they use windoze and can't tell if they are broken? Are they somehow absolved from their responsibility by using the same software everyone else does? I'd say that their efforts to avoid the known pitfalls of Windoze is why they are going this direction to begin with and that's more than others bother to do. Adding new additional services to boot and expecting them to be secure too is no worse than sticking to the status quo. > > > Specifically, what new risk would you expose the > > patron to? > > Privacy of data for one. A compromised system could > easily have a keylogger installed. Any passwords typed > into even an SSL browser window would be compromised. > The library is liable for services they offer. So they should use spyware laced windoze? > > > Because of poor > > current security, I imagine that most libraries > > already have compromised > > systems. > > Your imagination would be wrong. From my experience, > most library's public PC networks are not compromised, > and if they are, they usually get more than a little > concerned about it and do something pretty quick to > rectify the situation. We have a couple of sysadmins > for public library computer networks on this list; I'm > sure they would agree. > If they run Windoze, they have been hacked in one way or another. The eye center, here in town, is the only place I've ever seen that has even a prayer of keeping things to themselves. Everyone else, from fortune 500 to average Joe I've seen has had boxes crawling with malware. > > People like John Ashcroft already think > > they own the information. > > I'm no fan of Ashcroft or the PATRIOT Act, but facts > usually work better than invective hyperbole. You have > any facts to backup your assertion? http://yro.slashdot.org/yro/02/09/20/1525253.shtml?tid=158 This does not preclude the kind of services that can be offered as long as my advice about forgetting what user account belongs to what patron is followed. I'm sure others have thought it through better and I'll look for any holes you might have actually picked. For now, as long as the library does not know who a user is, how can anyone else? > > > Patrons worried about their privacy are welcome to > > use the guest account. > > So, they would have to limit themselves to anonymous > surfing or app usage. However, if the hax0r is > physically in the library, they could visually > identify the user and could tie surfing habits > (captured via tools on compromised system) or > generated app data to a person's identity. In a public > setting, using compromised systems, guest usage is no > guarantee of security. If the hax0r or the FBI have that kind of manpower and time, they don't need a computer to violate someone and no system can overcome a spy who looks over your shoulder. > > > If > > you are worried about gaining the ire of publishers, > > you are too late because > > they already hate libraries. > > They do? That's news to me and any library system. > Again, do you have actual facts to back up this > questionable assertion? My wife is a librarian and she > receives plenty of catalogs in the mail from > publishers, asking that she buy their wares for her > library. You probably read this and forgot about it: http://slashdot.org/yro/01/02/07/1145228.shtml The issue is still burning. Publishers know that electronic publishing is the future and see libraries like Napster. Publishers love selling things to libraries, but ultimately have expressed hatred of their purpose, pooling community resources to share information. > > > What I propose is much less difficult than posting > > to the world at large. I'm > > talking about a system limited to people who have > > actually walked into the > > building and proved their residence nearby. > > I see your point that it would be cool to offer a > Linux distro for public library computer with user > data persistance and access to lots of neat apps. But > doing it securely is damned hard. Sure, but worth the effort, I think. Glad that you see what I'm driving at. > > > What is to be gained? Lots. The services I > > mentioned would be a real benefit > > to library patrons. > > More would be lost, in time maintaining the system in > a secure fashion. Your point of not maintaining > security at all would simply lead to that library > appearing in a lawsuit as a defendant, therefore lots > of $$$ would be lost by the library. Ugh, who said don't maintain security? I simply said security would be better than Winblows. Now, I think I understand. > > > This is the kind of computing > > that people are coming to > > expect. It is going to be delivered. > > I think you have a better future as a marketer than a > sysadmin. Most of the application services you are > talking about are already being delivered. Yahoo! > offers a number of PIM type services, which I use. > Here are some others: > http://dmoz.org/Computers/Internet/On_the_Web/Web_Applications/Personal_Inf >ormation_Managers/ Who do you trust more, Yahoo or your local librarian? I know, you told me your wife was a librarian so the question is a cheat. My future as a marketer is about zero if I can't convince people to use free software over eXPensive software with a known bad track record. Heck, I'm having trouble here on a LUG list. > > My point is that it is more cost-effective for the > library to offer access to services, not services > themselves. > Accessing that information is made much easier if your bookmarks are persistant and your KDE Wallet remembers things for you. A browser without bookmarks is a pain in the ass, even with the kinds of services Yahoo and others offer. > Asking a library to maintain computer accounts is more > effort than it is worth; considering the issues of > privacy and security, and the legal liabilities > associated with those services. In a better world, > libraries would have lots of funding to build solid > and secure computer networks and pay a staff of IT > admins what they are really worth to provide what you > are proposing. In the real world, public library > funding is very limited and the IT staff for an entire > parish's public library system usually consists of 1 > person. > It does not have to be that much work. If a system is compromised, you wipe it. In the mean time, you have given people something they did not have before and shown the power of free software. As my marketing career is stillborn, I don't mind doing work for a public library gratis. > > One way to protect patron privacy is to not remember > > who has what account. > > Interesting idea, see > http://www.oreillynet.com/pub/a/network/2002/08/02/simson.html. That is interesting. Hashed usernames? The /home directory would be hard to match up against real people. > > > This can be accomplished by remembering that a > > patron has an account but not > > it's name or creation date. The patron could be > > given a temporary name and > > password that they can change with reasonable > > instruction. Anyone breaking > > into the system would need additional information, > > such as cell phone > > location or email contacts, to know what accounts > > belong to what user. > > Anyone who has that much already can break through > > anything I can imagine. > > It is a decent idea but still not totally secure if > the system is already compromised. Again, the hax0r > could be physically in the same location and link the > identity of the person with the person's data. Look at > the other thread LSU's poor state of network security. > A publically, or even semi-publically available > network is usually a nightmare for sysadmins, > especially if it uses Windoze for the user OS. > > When I was at USL (a long time ago), we had Sun boxen > for user terminals (guess they still do), and those > boxes worked great. You could run apps and store data, > though the data was kept on a central server, not the > local machine. Expensive, but SunOS was a heck of a > lot more secure than Windows 3.1 (at that time). The > Sun optical mouse in 1990 was like science fiction to > me! Was that Sun network a nighmare? I don't think the current LSU Physics computer lab full of Red Hat boxes is a chore to administer. I think a public network that uses ssh can be reasonably secure and offer a good range of services. > > > I don't need to put a box outside my firewall. I'm > > sure that the pros can > > already break through anything I put up. I'll bet > > that even yahoos like you > > and Dustin can break through my poor little 486 > > without much effort. > > Then why can't you see that what you are proposing is > a bad idea? A compromised machine means that the > user's data and privacy is also compromised, and since > it is a public environment, their identity is > compromised as well. I think that a person could be > more secure if their home machine was compromised, > because at least their identity would be harder to > determine visually. Ah, but unless the haxOr knows who the account belongs to, what do they get? Again, if you have enough manpower to visually ID someone, that someone's privacy is toast anyway. > > > Help me out, what am I missing? I understand that > > giving people shell > > accounts increases vulnerability. I know that > > sophisticated users can use > > local exploits to gain root. What I don't see is > > the harm in it that merits > > the loss of all that can be had. It seems that a > > system can be designed that > > assumes it will be broken anyway and protect the > > things that will be lost > > before it happens. > > Agreed, a system can be and should be designed in this > manner, which was the original point of the > discussion. But my point is that there is not a lot to > be gained by offering lots of applications to public > library users. Most people use these computers for web > browsing, web based email, some word processing and > for younger users; educational software and games. > Allowing users to keep their private data and/or > identity on a public library's computer is more > trouble than it is worth, as there are plenty of web > applications (via SSL) that do a much better job of > this. Public libraries simply do not have the funding > to do it, given the current state of local computer > security on most operating systems (especially > Windoze, but including Linux as well). > > My wife was the sysadmin for the Ascension Parish > Public Library for a couple of years. The setup there > was to restore a default disk image to the public > machines every morning. This took care of a range of > problems: no viruses, no legal liabilities concerning > privacy, software configurations would be returned to > default, etc. And if a machine got screwed up during > the day (being M$ boxen, they did), she could simply > reinstall the image in about 10 minutes. > > In summary: Offering a service to the public means > that offering entity accepts responsibility for that > service. What you are proposing is too expensive for > public libraries to offer at this time to do properly > and not get sued. Blame the poor state of computer > security for this. > The differences we have here are over difficulty and responsibility. Those differences disolve when you limit the sevices acutally offered and consider what's shielding the library from resonsibility right now. I agree that those basic services are all you should really offer. The only thing that I'd add is a home directory that does not get wiped every day. By your own admission, libraries want to offer this kind of service. I think free software can get them there. Free software is all about having ownership and control of your own machines. Is there really another way? Every other service involves someone else owning your information in one way or another. I don't subscribe to the theory that says the more you do for people the more risk you take for yourself. Appropriate warnings can be posted and privacy can be had better than Yahoo, Hotmail or any commercial operating system.
