Assuming you are correct, what about PUBLIC libraries (remember their job
IS free access to information, especially within their community). Many
public libraries are offering walk-in access. Admittedly in theory you
can't run arbitrary programs on most, it's a locked down browser
environment. However, in practice small (population < 10K) public
libraries can't pay much and get even less security than they can pay for
unless a compentent volunteer drifts through (frequently, single vendor
bids for paid work or a high school student with a poledit manual in hand).
Many run NT because they can't spell UNIX and NT is 'just Windows right?'.
They apply service packs every couple of years (roughly when a volunteer
drifts through). Most receive gov funding and are part of some level of
gov (city, county, state). I doubt liability is a major issue to them
(ever tried to sue the gov? even the local gov?). I know that several I've
talked to in the past didn't consider it an issue ("we can't worry about
that now and/or no one will sue a library and/or we'll let the city
attorney deal with it if it happens and/or we'll run it by the city
attorney when we're ready").
So does that give the .edu system an 'out' (public service requirement of
gov funding)? Or do you think community access via small libraries is
doomed? How do small town gov funded public access agendas (usually via
the library or community center) fit the liability issue?
<shameless plug>
Oh and BTW, when did you security professionals volunteer (Yup, that means
FREE) at your 'small town' local library last? Don't cry distance, the
last one I did was a state away (read and commented on computer upgrade
proposals from local vendors for a library with town pop < 7K, total
project budget < $5K US, took 2-3 hours total). Oh and if you get a cool
reception at first, remember most computer professional 'volunteers' have
attempted to sell the library something at some time or another, or bailed
out half way through a project because it involves too much free time (or
there isn't enough money to do it 'right' so why bother), so many libraries
are gun shy. Please don't dabble, commit or stay out (on a project by
project basis), they need all the help they can get. Thus ends your
community service announcement.
</shameless plug>
On Mon, 28 Jun 1999 08:44:35 -0700 (PDT) Derek Vadala stated:
>
>On Mon, 28 Jun 1999, Technical Incursion Countermeasures wrote:
>
>> Anyway - if its in the US - I'm sure someone will try and sue sooner or
>> later :}
>>
>
>"Walk in" connections at colleges and Universities are likely a prime
>candidate for such a legal reprisal. Many have unsecured ethernet
>connections that provide IP addresses via unauthenticated DHCP.
>
>I think an argument that providing these connections is negligent would
>hold up in US courts.
>
>+++ath
>Derek Vadala, [EMAIL PROTECTED], http://www.cynicism.com/~derek
>
>- -
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
Dana Nowell Home: mailto:[EMAIL PROTECTED]
Cornerstone Software Inc. Work: mailto:[EMAIL PROTECTED]
MIME attachments preferred, BINHEX and uuencoded acceptable.
The opinions above are free, remember you get what you pay for.
The company doesn't speak for me and I don't speak for them.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
