RE: SQL Slammer - lessons learned (fwd)

["Steve Wray" <steve.wray () paradise net nz>]

One word. Ok two;
Driving Test.

Do you have a driving license?
Did you buy it from a shop or did you have to demonstrate
an acceptable level of competence?

Who administers it?

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of yossarian
> Sent: Monday, 10 February 2003 2:48 p.m.
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] SQL Slammer - lessons learned (fwd)
>
>
> Steve Wray wrote
>
> > So demonstrate to your ISP that you are competent.
> > Whats wrong with that?
>
> There is a lot wrong wit that. Maybe not at first sight.
>
> Why should I prove anything? Who is competent to be the 
> judge? And, what is
> worse, demonstrate my skills on what? Suppose I am very 
> competent in setting
> up a Mickeysoft server farm, but suddenly decide to do mail 
> and web on a
> *NIX I've never used before. Or will I just be allowed S/W I 
> demonstrated my
> skills on? Or I take one day instead of three weeks to set up 
> a system,
> knowing that the install will be leaky, but I really need a 
> beer or 27, so
> the fixes are not loaded on the host - I have demonstrated my 
> skills but
> just decided not to use them. Will I have to swear on my 
> mother never to
> forget a patch on a machine? Must I vow never to skip reading 
> a README? Get
> a brain.
>
> Who is to judge whether I am competent in setting up a 
> mailserver with a
> homemade OS and app? Will just bigger OS-es qualify? If so, 
> should these
> same ISP's also qualify applications as fit for the net? Will 
> non-qualifying
> operating systems be banned? Does anyone expect this to be 
> done unbiased,
> considering the vast commercial interests at stake? Or will 
> only Palladium,
> or whatever it will be called, qualify? And a small practical 
> question - how
> to set up this wise rule worldwide?
>
> If you decide to stop users from doing certain things, it 
> would be very odd
> at least, to let vuln-ridden server apps be used, by whoever, however
> qualififed. Now give me faultless OS - I'll use it. Or just a flawless
> stack. It don't exist.
>
> With these naive controlfreaks mongering and rambling on and 
> on, no person
> came up with the real problem this list is for - lousy 
> coding/lack of QC.
> Regulations of any type cannot be set up in the international 
> entity the net
> is, there is no regulatory power and there cannot be such 
> thing. Why do you
> think these so called internetstandards are not so very 
> standard - we all
> have to agree, and we don't. The net is put together on 
> consensus alone, and
> anything we cannot get a consensus on, just will not happen.
>
> Steve wrote:
> > My guess? Unless the internet community shapes up or
> > oh maybe unless ipv6 becomes the standard for most of
> > the internet (*snicker* yeah RIGHT) within, say, 5 years
> > there will be NO open pipe ISP left anywhere in the, uh,
> > civilised world. You will have to go to somewhere more
> > interesting like Tuvalu
>
> Well, some place might get run over be these no-brain control 
> freaks. But
> funny thing is, that if the ISP's close the lines to anything deemed
> dangerous or illegal, or just unwanted, there probably won't 
> be a reason
> left to use the internet, except maybe e-mail, but then with 
> an encryption
> not breakable by moron-enforcement.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html