In a message dated: Wed, 25 Apr 2001 14:56:10 EDT
David Roberts said:
>Paul - I agree, but not totally.
>
>Everyone keeps saying it is the user's responsibility to harden their
>system and I agree, up to a point. We (the Linux community in general)
>have also been a little too enthusiastic about moving people to use Linux
>and too little enthusiastic about mentioning security and other issues
>(although you did mention studying and an exam).
Well, let me ask this. Does a Corvette or Ferrari owner's group warn
you about going 180 on the highway?
There's a certain amount of self-education that should be performed
under "due diligence" here. If you purchase a chainsaw and
accidently cut off your leg because the saw bucked when you the end
of the bar hit the wood, is that the manufacturer's fault for making
too powerful a saw, or your fault because you didn't read the manual?
I know people who have been injured using chainsaws. None admitted
to reading the manual. I read the manual for my chainsaw. They tell
you a lot of things that sound funny and ridiculous, like don't grab
the chain when the saw in running, don't run with the saw when it
powered up, don't let the very tip of the bar contact the wood, don't
operated the saw when you're tired, etc.
I read the entire manual from cover to cover and I understand the
dangers and risks involved in operating this equipment. Many people
eagerly offered me their advice on using a chainsaw, but no one ever
mentioned reading the manual.
This user group is *VERY* different from the people who offered me
advice about using my chainsaw. Daily, sometimes hourly, we
recommend reading the manual, whichever one that is. Once you've
read the manual, we eagerly back that up with additional information,
helpful hints, and clarification.
Can we do more? Sure. However, I have yet to have anyone offer to
host a LUG meeting on the topic of "First time user's connecting
Linux to the Internet". I would be more than happy to schedule this
should someone volunteer (I've got the July meeting free, but if I
get enough pressure, I could reschedule May :)
>A lay-person is going to get hammered and
>will add their loud/angry voice to the Linux bashers list because they were
>stung and didn't know the problem existed.
IMO, and I know that this is not reality, <rant> the person has no right to
bitch if they didn't RTFM. I have no sympathy for the person who
can't set the clock on their VCR when they don't read that manual.
Until you've read the manual, tried, and asked for help, you have no
right to complain. If that amount of effort is too much for you,
either pay some one to do it for you, or suffer the consequences of
doing it wrong.
This may sound harsh, but life is like that. I don't want to bother
reading/learning about electrical systems, so I pay a licensed
electrician to do my electical repair. Sysadmin isn't much different.
</rant>
>I guess I'm playing devil's advocate here, but we have to share the blame
>because person who has not been educated on the possible security issues of
>Linux (and I mean in plain English, not man page jargon), is not going to
>have a clue when it comes to setting up their network connection. We have
>to educate new Linux users to ALL aspects of Linux.
If the person walked in Best Buy off the street, and on the spot
decided to install Linux then connect to the net, I might agree with
you. But anyone who is a member of a LUG, and this one in particular
has absolutely no excuse for not knowing what the risks are. If you
search through the archives over the past 3+ years, I'm willing to
bet that there isn't a single week where the topic of security didn't
come up. We harp on security in this group. It's mentioned almost
daily! We have *very* experienced people here providing help,
supplying pointers to docs, and explaining/clarifying configurations
constantly! At some point the individual must do some learning on
their own.
Sure, we can have a LUG meeting on this topic, and it might help
someone tremendously. But it's not going to help everyone, nor will
it necessarilly be at the right time for someone else. A week later
we'll hear of someone else who's been hacked, but couldn't make the
meeting. Are we then going to say we didn't do enough and need to do
more?
>I go back to my boy and the motorcycle analogy, we are giving away the
>keys to a powerful new system, but NO training on how to use it and so
>we should accept part of the blame when the new inexperienced user crashes.
Does the motorcyle dealership take part of the blame when one of it's
customers crashes because they didn't take a motorcycle training
course?
>Maybe we should start a splinter (educational) group to do just that,
>offer basic Linux setup and/or maintenance training.
That sounds like a great idea, implementation may be difficult, since
you need:
- a location to perform said training
- hardware to train with
- people to volunteer to train
The first 2 are trivial, it's the 3rd one I think you'll have
problems with, at least from my experience as chapter organizer :)
>As long as no money changed hands it would be advice only and would
>carry less legal ramifications. Or maybe we should
>just can it and tell all new users to NOT use Linux unless there is a
>hardware firewall in front of it to lower hacking risks (and wouldn't M$
>have a field day with that one).
I have no problems with that at all. Linux is not the right solution
for all problems. If all you want is e-mail and web access, then
use MS. Let them have that market. Linux is for people who are
intelligent, hard-core users who don't mind rolling up there sleeves
and getting dirty.
OR for those who have the financial means or good luck to have
someone be a sysadmin for them.
The worst thing that ever happened to computers was Windows. Not
because it's a lousy product, but because it makes those who know
nothing about computers think they do. Just because you can drive
the bumber cars at the amusement park does not make you qualified for
highway driving, much less the Indy 500.
>In everything I have mentioned though, the ONE thing I keep bringing up is
>the fact WE are not doing enough to educate new users on the importance of
>network security - whether it be training sessions, helpful hints page, or
>just a big warning (like we now have on cigarette packs) about the dangers
>of going online.
I think we as LUG do plenty. I don't object to doing more, but I
don't see it as a reality happening any time soon.
> Every new user we turn on to Linux, like it or not, is
>now a System Admin. - especially when running on a DSL/M1/... line.
This I wholeheartedly agree with. However, why limit it to Linux.
Everyone who owns a computer is a sysadmin responsible for it's
configuration and well being!
>And oh yes, before I forget... 7:00 tomorrow night? (I'll be the one
>hiding timidly in the dark corner. ;)
You do mean 19:00 *TONIGHT*, right?
--
Seeya,
Paul
----
It may look like I'm just sitting here doing nothing,
but I'm really actively waiting for all my problems to go away.
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
