I only want to add one thing here and it is in response to what is close to
the bottom of this message. It has to do with we don't do enough.
I have been monitoring Lugs across the country for the past 18 months or
so. Most small states have maybe one Lug and of course the bigger states
might have three or more. I watch the topics and the different feedback I
see through the lists I watch. We have a more informative and responsive
group statewide than many of the larger states and should be darn proud of
the information spread within our Chapters.
Secondly, we had over 45 meetings last year with many on or around the
subject of security somewhere in the evening. And this list as Paul says is
more or less weekly devoting many hours to the subject.
Thirdly, how many people have been concerned enough of their fellow man to
bring him or her to a meeting to introduce them to Linux let alone an
individual topic? If the concern is that great, why don't we have more
people at our meetings?
Fourth, it isn't necessarily the Lugs responsibility to raise alarms to the
general public, but those who distribute and sell, except as our own desire
to take Linux to the masses no matter the topic. It (the lug) was started,
from my knowledge as a way of those already interested in Linux to gain
further knowledge and drink beer and talk more Linux.
Now lets do statewide Chapter meetings on Security and the Internet.
Jerry
At 04:19 PM 4/25/01 -0400, you wrote:
>
>In a message dated: Wed, 25 Apr 2001 14:56:10 EDT
>David Roberts said:
>
>>Paul - I agree, but not totally.
>>
>>Everyone keeps saying it is the user's responsibility to harden their
>>system and I agree, up to a point. We (the Linux community in general)
>>have also been a little too enthusiastic about moving people to use Linux
>>and too little enthusiastic about mentioning security and other issues
>>(although you did mention studying and an exam).
>
>Well, let me ask this. Does a Corvette or Ferrari owner's group warn
>you about going 180 on the highway?
>
>There's a certain amount of self-education that should be performed
>under "due diligence" here. If you purchase a chainsaw and
>accidently cut off your leg because the saw bucked when you the end
>of the bar hit the wood, is that the manufacturer's fault for making
>too powerful a saw, or your fault because you didn't read the manual?
>
>I know people who have been injured using chainsaws. None admitted
>to reading the manual. I read the manual for my chainsaw. They tell
>you a lot of things that sound funny and ridiculous, like don't grab
>the chain when the saw in running, don't run with the saw when it
>powered up, don't let the very tip of the bar contact the wood, don't
>operated the saw when you're tired, etc.
>
>I read the entire manual from cover to cover and I understand the
>dangers and risks involved in operating this equipment. Many people
>eagerly offered me their advice on using a chainsaw, but no one ever
>mentioned reading the manual.
>
>This user group is *VERY* different from the people who offered me
>advice about using my chainsaw. Daily, sometimes hourly, we
>recommend reading the manual, whichever one that is. Once you've
>read the manual, we eagerly back that up with additional information,
>helpful hints, and clarification.
>
>Can we do more? Sure. However, I have yet to have anyone offer to
>host a LUG meeting on the topic of "First time user's connecting
>Linux to the Internet". I would be more than happy to schedule this
>should someone volunteer (I've got the July meeting free, but if I
>get enough pressure, I could reschedule May :)
>
>>A lay-person is going to get hammered and
>>will add their loud/angry voice to the Linux bashers list because they were
>>stung and didn't know the problem existed.
>
>IMO, and I know that this is not reality, <rant> the person has no right to
>bitch if they didn't RTFM. I have no sympathy for the person who
>can't set the clock on their VCR when they don't read that manual.
>Until you've read the manual, tried, and asked for help, you have no
>right to complain. If that amount of effort is too much for you,
>either pay some one to do it for you, or suffer the consequences of
>doing it wrong.
>
>This may sound harsh, but life is like that. I don't want to bother
>reading/learning about electrical systems, so I pay a licensed
>electrician to do my electical repair. Sysadmin isn't much different.
>
></rant>
>
>>I guess I'm playing devil's advocate here, but we have to share the blame
>>because person who has not been educated on the possible security issues of
>>Linux (and I mean in plain English, not man page jargon), is not going to
>>have a clue when it comes to setting up their network connection. We have
>>to educate new Linux users to ALL aspects of Linux.
>
>If the person walked in Best Buy off the street, and on the spot
>decided to install Linux then connect to the net, I might agree with
>you. But anyone who is a member of a LUG, and this one in particular
>has absolutely no excuse for not knowing what the risks are. If you
>search through the archives over the past 3+ years, I'm willing to
>bet that there isn't a single week where the topic of security didn't
>come up. We harp on security in this group. It's mentioned almost
>daily! We have *very* experienced people here providing help,
>supplying pointers to docs, and explaining/clarifying configurations
>constantly! At some point the individual must do some learning on
>their own.
>
>Sure, we can have a LUG meeting on this topic, and it might help
>someone tremendously. But it's not going to help everyone, nor will
>it necessarilly be at the right time for someone else. A week later
>we'll hear of someone else who's been hacked, but couldn't make the
>meeting. Are we then going to say we didn't do enough and need to do
>more?
>
>
>>I go back to my boy and the motorcycle analogy, we are giving away the
>>keys to a powerful new system, but NO training on how to use it and so
>>we should accept part of the blame when the new inexperienced user crashes.
>
>Does the motorcyle dealership take part of the blame when one of it's
>customers crashes because they didn't take a motorcycle training
>course?
>
>>Maybe we should start a splinter (educational) group to do just that,
>>offer basic Linux setup and/or maintenance training.
>
>That sounds like a great idea, implementation may be difficult, since
>you need:
>
> - a location to perform said training
> - hardware to train with
> - people to volunteer to train
>
>The first 2 are trivial, it's the 3rd one I think you'll have
>problems with, at least from my experience as chapter organizer :)
>
>>As long as no money changed hands it would be advice only and would
>>carry less legal ramifications. Or maybe we should
>>just can it and tell all new users to NOT use Linux unless there is a
>>hardware firewall in front of it to lower hacking risks (and wouldn't M$
>>have a field day with that one).
>
>I have no problems with that at all. Linux is not the right solution
>for all problems. If all you want is e-mail and web access, then
>use MS. Let them have that market. Linux is for people who are
>intelligent, hard-core users who don't mind rolling up there sleeves
>and getting dirty.
>
>OR for those who have the financial means or good luck to have
>someone be a sysadmin for them.
>
>The worst thing that ever happened to computers was Windows. Not
>because it's a lousy product, but because it makes those who know
>nothing about computers think they do. Just because you can drive
>the bumber cars at the amusement park does not make you qualified for
>highway driving, much less the Indy 500.
>
>>In everything I have mentioned though, the ONE thing I keep bringing up is
>>the fact WE are not doing enough to educate new users on the importance of
>>network security - whether it be training sessions, helpful hints page, or
>>just a big warning (like we now have on cigarette packs) about the dangers
>>of going online.
>
>I think we as LUG do plenty. I don't object to doing more, but I
>don't see it as a reality happening any time soon.
>
>> Every new user we turn on to Linux, like it or not, is
>>now a System Admin. - especially when running on a DSL/M1/... line.
>
>This I wholeheartedly agree with. However, why limit it to Linux.
>Everyone who owns a computer is a sysadmin responsible for it's
>configuration and well being!
>
>>And oh yes, before I forget... 7:00 tomorrow night? (I'll be the one
>>hiding timidly in the dark corner. ;)
>
>You do mean 19:00 *TONIGHT*, right?
>--
>
>Seeya,
>Paul
>----
> It may look like I'm just sitting here doing nothing,
> but I'm really actively waiting for all my problems to go away.
>
> If you're not having fun, you're not doing it right!
>
>
>
>**********************************************************
>To unsubscribe from this list, send mail to
>[EMAIL PROTECTED] with the following text in the
>*body* (*not* the subject line) of the letter:
>unsubscribe gnhlug
>**********************************************************
>
>
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
