Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-06 Thread bzs 

I realize there has been some call to end this thread but if I may add
a little history...

On December 5, 2017 at 06:49 l...@satchell.net (Stephen Satchell) wrote:
 > Indeed.  What Ajit Pai missed in his deliberations for the Dec 14 FCC 
 > vote is that the Internet as we know it was developed under the stern 
 > eyes of the Department of Defense and the National Science Foundation. 
 > The NSF in particular ran the 'Net like bouncers do in a strip club: 
 > you break the rules, you go.  No argument.

I'm not sure I remember it quite like that, maybe I haven't been in
enough strip clubs.

But it wasn't a big problem. Under DARPA you needed a (generally
military) sponsor and research activity to connect to the ARPAnet so
any threat to that relationship was taken very seriously.

NSFNET was largely a network of university and research institutions
basically without the sponsor requirement (or put another way with NSF
as your rubber-stamp sponsor) so if there were any problem it would be
referred to the institution.

Prior to NSFNET I was involved in putting a 10mb microwave between
Boston Univ and Harvard which completed a high speed loop between
Harvard/MIT/BU.

So several of us at the the three universities involved in
administering the net put together a mailing list to discuss progress
and generally stay in touch.

One of the major topics became:

  If one of MY students (&c) misbehaves on MY network then I know what
  to do. What do I do if one of YOUR students (&c) misbehaves on MY
  network? Is there even process in place?

A few years later, 1989, I began putting the public on the internet
for the first time.

I was called into a videoconference at BBN with Jon Postel and a
couple of DARPA people, I forget who exactly but I remember uniforms.

They wanted to know:

  What happens if one of MY customers misbehaves?

That is, same concern again.

I said honestly I don't really know. I can cancel their account but
there's little stopping them from creating a new account.

Ultimately what I was doing was approved by NSF as an investigation of
exactly this though no one ever followed up.

It's been the same issue for over 30 years.

(end of my comments, rest left for context.)

 > 
 > The original trust model for the Internet was based on this unrelenting 
 > oversight.  You didn't expect Bad Things(tm) because the consequences of 
 > doing them was so severe:  banishment and exile.  Also, the technical 
 > ability required to do Bad Things(tm) wasn't easily won.  Accessing the 
 > 'Net was a PRIVILEGE, not a right.  Abuse at your own peril.
 > 
 > Organizations had experienced sysadmins because it was imperative to the 
 > survival of the connection to the 'Net.  One gained experience by being 
 > apprenticed to some experienced sysadmin.  Today:  not so much.
 > 
 > Indeed, I'm not aware of any certification that applies to system 
 > administrators.  Network administrators have certs that are 
 > well-recognized and accepted.  Mail admins?  Server admins?  The certs 
 > that are out there border on jokes or disguised sale pitches.  (Not 
 > unlike a certain operating system and software product vendor who put 
 > "free" copies into schools to build their marketing base.)
 > 
 > Ok, I'll shut up now.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Scott Weeks 


--- b...@herrin.us wrote:
From: William Herrin 

Even the relatively good ones are bad. I have identified 
60 and am on track to identify about 200 errors in the 
official ISC2 CISSP study guide.
-


One last one I promise...  :-)

I also have to maintain a Security+ cert, which is part 
of the CISSP.  I absolutely despise the number of 
incorrect answers and misinformation that cert puts out.  
After I'm done taking that one everyone leaves me alone 
for the rest of the afternoon...  >:-(

I would not consider the Security+ a 'relatively good 
one'.  Rather, it's one of the worst I have ever had to 
do!

scott

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread William Herrin 
On Tue, Dec 5, 2017 at 6:11 PM, Scott Weeks  wrote:
> Have you seen neteng certs lately?  I'm forced to maintain a
> lower level one to keep my job and it makes me angry every
> time I have to do it.  The sales pitch is hidden in the words
> and the correct answer is almost always something that has to
> do with the proprietary item the vendor has.


Even the relatively good ones are bad. I have identified 60 and am on track
to identify about 200 errors in the official ISC2 CISSP study guide.

"However, UDP should only be used when the delivery of data is not
essential"

List of Layer 5 (Session) protocols:
NFS
SQL
RPC

Regarding IPv6 SLAAC: "Autoconfiguration removes the need for both DHCP and
NAT."

"A static packet-filtering firewall [is unable] to tell whether a packet
originated from inside or outside the private network."

"Examples of dedicated lines:
Technology, Connection Type, Speed
Digital Signal Level 0 (DS-0), Partial T1, 64 Kbps up to 1.544 Mbps
Digital Signal Level 1 (DS-1), T1, 1.544 Mbps"

"The web application then switches to a subject role as it queries the
user's computer to retrieve a cookie"

"Plenum-grade cable must be used [...] if the building has enclosed spaces
that could trap gases."


Stop. No. Just no. Plenum-grade cable must be used in a -plenum-. A plenum
is an air-handling space like the inside of a furnace duct. The only reason
we care about plenum cable in our jobs is that most offices take a shortcut
and turn the entire area above the ceiling tiles in to a giant return-air
duct for the air conditioner. That's why the return-air grill is simply
open into the ceiling. If you burn crap in an air-handling space, the fumes
aren't trapped: they almost immediately spread throughout the office.
That's bad, so we use different cable than what we put under the desk where
the fumes will tend to stay near where they started.

Trap gases? No! Plenum is for where the gases would quickly spread!

Regards,
Bill Herrin


--
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Scott Weeks 

--- l...@satchell.net wrote:
From: Stephen Satchell 

Indeed, I'm not aware of any certification that applies to system 
administrators.  Network administrators have certs that are 
well-recognized and accepted.  Mail admins?  Server admins?  The certs 
that are out there border on jokes or disguised sale pitches.  
---


Have you seen neteng certs lately?  I'm forced to maintain a
lower level one to keep my job and it makes me angry every
time I have to do it.  The sales pitch is hidden in the words 
and the correct answer is almost always something that has to
do with the proprietary item the vendor has.

scott

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread William Herrin 
On Tue, Dec 5, 2017 at 9:49 AM, Stephen Satchell  wrote:

>  the Internet as we know it was developed under the stern eyes of the
> Department of Defense and the National Science Foundation. The NSF in
> particular ran the 'Net like bouncers do in a strip club: you break the
> rules, you go.  No argument.
>
> The original trust model for the Internet was based on this unrelenting
> oversight.  You didn't expect Bad Things(tm) because the consequences of
> doing them was so severe:  banishment and exile.


Hi Stephen,

Granted I was a late arrival in 1991, but I don't recall much in the way of
oversight... or banishment.

I do recall that the '88 Morris worm resulted in 400 hours of community
service and a tenured professorship at MIT. I suppose the latter could be
considered a severe consequence.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread amuse 
Back in the day, only Ph.D's used the internet, so they were the sysadmins.

These days, I recommend that system administration be only allowed for
card-holding responsible people who have proven their technical abilities.
Then, when you get awarded your Ph.D, they can take your sysadmin card back.

On Tue, Dec 5, 2017 at 8:33 AM, Leo Bicknell  wrote:

> In a message written on Tue, Dec 05, 2017 at 06:49:43AM -0800, Stephen
> Satchell wrote:
> > The NSF in particular ran the 'Net like bouncers do in a strip club:
> > you break the rules, you go.  No argument.
>
> I'm not sure I've ever seen a more inaccurate description of the NSF.
> What in the world are you talking about?
>
> > The original trust model for the Internet was based on this unrelenting
> > oversight.  You didn't expect Bad Things(tm) because the consequences of
> > doing them was so severe:  banishment and exile.  Also, the technical
> > ability required to do Bad Things(tm) wasn't easily won.  Accessing the
> > 'Net was a PRIVILEGE, not a right.  Abuse at your own peril.
>
> Oh wait, you took the BS to a new level.
>
> There was no banishment and exile.  This was before we knew of buffer
> overflows, spoofing, and so on.  I remember the weekly sendmail buffer
> overrun bugs, the finger back bombs, the rlogin spoofing attacks.
> Turns out bored college students were very good at creating mischeff.
>
> There was no banishment.  There were plenty of bad things.
>
> > Ok, I'll shut up now.
>
> Good plan.
>
> --
> Leo Bicknell - bickn...@ufp.org
> PGP keys at http://www.ufp.org/~bicknell/
>

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Leo Bicknell 
In a message written on Tue, Dec 05, 2017 at 06:49:43AM -0800, Stephen Satchell 
wrote:
> The NSF in particular ran the 'Net like bouncers do in a strip club: 
> you break the rules, you go.  No argument.

I'm not sure I've ever seen a more inaccurate description of the NSF.
What in the world are you talking about?

> The original trust model for the Internet was based on this unrelenting 
> oversight.  You didn't expect Bad Things(tm) because the consequences of 
> doing them was so severe:  banishment and exile.  Also, the technical 
> ability required to do Bad Things(tm) wasn't easily won.  Accessing the 
> 'Net was a PRIVILEGE, not a right.  Abuse at your own peril.

Oh wait, you took the BS to a new level.

There was no banishment and exile.  This was before we knew of buffer
overflows, spoofing, and so on.  I remember the weekly sendmail buffer
overrun bugs, the finger back bombs, the rlogin spoofing attacks.
Turns out bored college students were very good at creating mischeff.

There was no banishment.  There were plenty of bad things.

> Ok, I'll shut up now.

Good plan.

-- 
Leo Bicknell - bickn...@ufp.org
PGP keys at http://www.ufp.org/~bicknell/


signature.asc
Description: PGP signature

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Harald Koch 
Thirty years ago I started my sysadmin journey on an Internet that was
filled with helpful, experienced people that were willing to share their
knowledge.

Twenty years ago I was one of three people running CA*net, the
cross-Canada research Internet with three connections to the NSFnet. I
don't remember this world of banishment and exile you're discussing; the
NSFnet staff I dealt with were all friendly and helpful.

I plan to continue to "pay it forward", by being friendly and helpful
to "novice sysadmins". The curmudgeons in this thread can, frankly, get off
my lawn.

-- 
Harald

Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Stephen Satchell 

On 12/05/2017 02:59 AM, Rich Kulawiec wrote:

On Mon, Dec 04, 2017 at 07:38:18PM -0500, Eric Tykwinski wrote:

Main point I think is mailops comes with a learning curve, and it happens...


"Current Peeve: The mindset that the Internet is some sort of
school for novice sysadmins and that everyone *not* doing stupid
dangerous things should act like patient teachers with the ones
who are."

--- Bill Cole

---rsk



Indeed.  What Ajit Pai missed in his deliberations for the Dec 14 FCC 
vote is that the Internet as we know it was developed under the stern 
eyes of the Department of Defense and the National Science Foundation. 
The NSF in particular ran the 'Net like bouncers do in a strip club: 
you break the rules, you go.  No argument.


The original trust model for the Internet was based on this unrelenting 
oversight.  You didn't expect Bad Things(tm) because the consequences of 
doing them was so severe:  banishment and exile.  Also, the technical 
ability required to do Bad Things(tm) wasn't easily won.  Accessing the 
'Net was a PRIVILEGE, not a right.  Abuse at your own peril.


Organizations had experienced sysadmins because it was imperative to the 
survival of the connection to the 'Net.  One gained experience by being 
apprenticed to some experienced sysadmin.  Today:  not so much.


Indeed, I'm not aware of any certification that applies to system 
administrators.  Network administrators have certs that are 
well-recognized and accepted.  Mail admins?  Server admins?  The certs 
that are out there border on jokes or disguised sale pitches.  (Not 
unlike a certain operating system and software product vendor who put 
"free" copies into schools to build their marketing base.)


Ok, I'll shut up now.