Public NNTP
Nelson Wei
I am searching for a public NNTP news server, can anyone recommend
some good ones? Thank you.
Ken Wong
Point your browser to
http://www.lipsia.de/~michael/lists/lists.html
for a free list of free NNTP sites. Just reconfigure your
newsreader to one of these sites.
_
|-|
|-| * *
|-| _ _ _*_ __ +============= Come Into My Lab Some Time ==============+
|-| | * |/ | Ken Wong Burnaby, B.C.,Canada |
|-| |~*~~~o~| | mailto:klw...@dowco.com |
|-| | O o | | WWW - http://members.tripod.com/~tard4slid/index.html |
/___\ |o___O__| +================= Keep Macintoshing ===================+
NOTICE: By sending unsolicited commercial advertising/solicitations
(or otherwise on or as part of a mailing list) to the above e-mail
address or URL you will be indicating your consent to paying Ken L.
Wong $1,000.000.oo U.S.D./hour for a minimum of 1 hour for my time
spent dealing with it. Payment due in 30 days upon receipt of an
invoice (e-mail or regular mail) from me or my authorised representative.
Ron Dunbar
Read your exchange re Public NNTP news server lists....I have tried
unsuccessfully to connect with many of the servers listed at the address
suggested and for some reason I can not get to any articles....? Is there a
certain login and password sequence you need for theses servers...? I am
using Microsoft's Internet News for a reader. In some cases the reader
shows it has connected and downloads the lists of groups but none show any
articles.
Any suggestions...?
Ken Wong <klw...@dowco.com> wrote in article
<klwong-0610...@news.dowco.com>...
BORG
Ron Dunbar wrote:
>
> Read your exchange re Public NNTP news server lists....I have tried
> unsuccessfully to connect with many of the servers listed at the address
> suggested and for some reason I can not get to any articles....? Is there a
> certain login and password sequence you need for theses servers...? I am
> using Microsoft's Internet News for a reader. In some cases the reader
> shows it has connected and downloads the lists of groups but none show any
> articles.
>
> Any suggestions...?
Suggestion #1: Micro$oft newsreader is pretty stupid.
Get a better one. #2: telnet to 119 of the host you want
to connect and see for yourself what that host is really
capable of. Type "help" to see a list of commands. I bet
the newsreader you're using doesn't understand all of them.
Regards,
--
*** #include <disclaimer.h> ***** Good pings come in small packets
******** Vlad Petersen ********** ********************************
*** <vlad...@iceonline.com> **** **** Linux: OS I can trust *****
******** Vancouver, B.C. ******** ********************************
BORG
Tom Klok wrote:
>
> ...........
> The majority (perhaps all) of these NNTP sites aren't "free". They're
> private sites that have been left open accidentally, usually because
> the admins aren't terribly familiar with operating a news server. Once
> they clue in to the cause of the sudden new load they're getting, they'll
> lock it up. Then you're on to abuse the next. Having fun?
>
> Tom
> --
> Tom Klok Tom....@iSTAR.ca
> Network Administration iSTAR internet inc.
^^^^^^^^^^^^^^^^^^^^^
iSTAR is having fun deciding for others what groups
they can (not) read? Thanks to i$TAR people are looking
for different newsservers. Thanks to i$TAR, I for one
month could not even post to alt.os.linux. How come
smartasses in Ottawa (Toronto?) know better than I do
what groups I can read? Say NO to censorship.
Jay North (Dennis)
On 11 Oct 1996 05:58:25 GMT, a00...@giant.mindlink.net (Tom Klok)
wrote:
>> 2. there's nothing bad ot illegal in using it as long as you don't
>> abuse/misuse their services.
>
>If I forget to lock my car one day, I hope someone like you doesn't
>come along and "borrow" it because you don't have one or yours doesn't
>go as fast. It doesn't matter if you treat it well and park it in the
>exact same place before I get back; it's still theft.
>
>Using their server without permission is abuse. What is so hard to
>understand about this?
>
Bull Dung.. By your reasoning, I am in trouble. One Friday night
while channel surfing on the TV, I discovered all the premium channels
were in the clear. I decided to watch some of them. On Monday night
they were gone again. What should I do? Refuse to watch them?
Why were they available? Someone at the cable co either goofed or
they were testing or whatever. I didn't order the premium channels &
never got billed for them. Also most of the people I know on the same
system discovered them & watched while they were on. Was that theft
of cable? Bull Dung. They left it on.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . Everyone needs a little menace in their lives . . .
Tom Klok
In article <klwong-0610...@news.dowco.com>,
Ken Wong <klw...@dowco.com> wrote:
>
>Point your browser to
>
>http://www.lipsia.de/~michael/lists/lists.html
>
>for a free list of free NNTP sites. Just reconfigure your
>newsreader to one of these sites.
The majority (perhaps all) of these NNTP sites aren't "free". They're
Canadian
a00...@giant.mindlink.net (Tom Klok) wrote:
>In article <klwong-0610...@news.dowco.com>,
>Ken Wong <klw...@dowco.com> wrote:
>>
>>Point your browser to
>>
>>http://www.lipsia.de/~michael/lists/lists.html
>>
>>for a free list of free NNTP sites. Just reconfigure your
>>newsreader to one of these sites.
>The majority (perhaps all) of these NNTP sites aren't "free". They're
>private sites that have been left open accidentally, usually because
>the admins aren't terribly familiar with operating a news server. Once
>they clue in to the cause of the sudden new load they're getting, they'll
>lock it up. Then you're on to abuse the next. Having fun?
Sure, you can take the "All you people are a bunch of crooks" approach,
or you can be helpful.
Go to www.zippo.com. Zippo provides open news access for those of you
who don't get the groups they want from their ISP. It's about 5 bucks a
month.
--
Chris Foley (chr...@iceonline.com)
Tom Klok
In article <3259E20A...@iceonline.com>,
BORG <vlad...@iceonline.com> wrote:
>Say NO to censorship.
I'm not a fan of censorship either, and I hope some day soon the federal
government will change the laws to allow ISPs to accept absolutely anything
in a news feed without fear of the stormtroopers.
But Vlad... you're not even using iSTAR. You replied to my article about
how these "public" servers are private servers with broken security. Do
you advocate hacking into private servers too?
Shaun Patrick Foy
On 9 Oct 1996 01:23:45 GMT Tom Klok (a00...@giant.mindlink.net) wrote:
>I'm not a fan of censorship either, and I hope some day soon the federal
>government will change the laws to allow ISPs to accept absolutely anything
>in a news feed without fear of the stormtroopers.
Which laws are you referring to here, Tom? Certainly you aren't
suggesting that ISPs should be allowed to carry groups which are
intended specifically for the distribution of material that is
clearly illegal under the criminal code.
Regards,
Shaun.
___________________________________________________________________
\ o / o __| \ / |__ o \ o /
| -/\ ___\o \ o | o / o/___ /\- |
/ \ | \ /) | ( \ /o\ / ) | (\ / | / \
Curt Sampson
In article <53f398$n...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>Which laws are you referring to here, Tom? Certainly you aren't
>suggesting that ISPs should be allowed to carry groups which are
>intended specifically for the distribution of material that is
>clearly illegal under the criminal code.
Well, if he isn't, I am. As far as I'm concerned, ISPs have no
business examining any of the content that passes through.
Unfortunately, there's a `chill' effect in place, because currently
we don't know if we're in the clear on that issue or not. And when
the issue is in doubt, that means that the RCMP can wander in and
take all your computers as evidence, and hang on to them while the
issue is determined. At that point, however, it makes no difference,
since an ISP without its computers for several years is going to
find itself hard-pressed to stay in business.
Yes, you can complain about not being able to get alt.binaries.warez.pc.
But are the folks at an Istar supposed to risk their jobs and their
company to bring it to you?
cjs
--
Curt Sampson cu...@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc.
Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.
Tom Klok
>
>>I'm not a fan of censorship either, and I hope some day soon the federal
>>government will change the laws to allow ISPs to accept absolutely anything
>>in a news feed without fear of the stormtroopers.
>
>suggesting that ISPs should be allowed to carry groups which are
>intended specifically for the distribution of material that is
>clearly illegal under the criminal code.
As I said in the quoted text, I hope the laws will be changed to permit
it. It wouldn't be illegal under the criminal code then.
On a more basic level, I'm unconvinced that possession of any information
should in itself be an offense... except copyright law, of course.
I do sympathize with those who fight censorship simply because it is
censorship. All the same, I can also understand those who don't wish
to offer their livelihood as a federal test case. I'm sort of happy
that the decision isn't in my hands.
All the above is my personal opinion; I'm not speaking on behalf of
my employers or anyone else, yada yada yada.
Ken Wong
In article <53ciin$n...@fountain.mindlink.net>, a00...@giant.mindlink.net
(Tom Klok) wrote:
> In article <klwong-0610...@news.dowco.com>,
> Ken Wong <klw...@dowco.com> wrote:
> >
> >Point your browser to
> >
> >http://www.lipsia.de/~michael/lists/lists.html
> >
> >for a free list of free NNTP sites. Just reconfigure your
> >newsreader to one of these sites.
>
> The majority (perhaps all) of these NNTP sites aren't "free". They're
> private sites that have been left open accidentally, usually because
> the admins aren't terribly familiar with operating a news server. Once
> they clue in to the cause of the sudden new load they're getting, they'll
> lock it up. Then you're on to abuse the next. Having fun?
>
> --
> Tom Klok Tom....@iSTAR.ca
> Network Administration iSTAR internet
inc.
In article <53eur1$5...@fountain.mindlink.net>, a00...@giant.mindlink.net
(Tom Klok) wrote:
> In article <3259E20A...@iceonline.com>,
> BORG <vlad...@iceonline.com> wrote:
> >Say NO to censorship.
>
> I'm not a fan of censorship either, and I hope some day soon the federal
> government will change the laws to allow ISPs to accept absolutely anything
> in a news feed without fear of the stormtroopers.
>
> But Vlad... you're not even using iSTAR. You replied to my article about
> how these "public" servers are private servers with broken security. Do
> you advocate hacking into private servers too?
>
> Tom
> --
> Tom Klok Tom....@iSTAR.ca
> Network Administration iSTAR internet inc.
While most servers deny access the ones that I presently use have not
locked me out. I do not hack in. No user ID or password needed. You have
to do
some detective work to find them. I will not reveal their names.
BORG
Ken Wong wrote:
..........
> > >for a free list of free NNTP sites. Just reconfigure your
> > >newsreader to one of these sites.
> > In article <3259E20A...@iceonline.com>,
> > BORG <vlad...@iceonline.com> wrote:
> > >Say NO to censorship.
> >
> > I'm not a fan of censorship either, and I hope some day soon the federal
> > government will change the laws to allow ISPs to accept absolutely anything
> > in a news feed without fear of the stormtroopers.
> >
> > But Vlad... you're not even using iSTAR. You replied to my article about
> > how these "public" servers are private servers with broken security. Do
> > you advocate hacking into private servers too?
No, Tom, I am not using iStar, I am a subscriber of
iceonline.com and they [ICE] are getting newsfeeds from iStar.
Many of ICE customers were (and are) angry due to news
constraints caused by iStar policies... and I do not
have to hack into newsservers to gain a "poster" access,
with a little bit of research, I can find a server that
simply doesn't mind anybody posting articles. I never
read the groups which are censored (I just have no
interest in warez and binaries, because most of Unix
software is free anyway), the fact itself, that some
groups are restricted, is an act of censorship, and
because of some limitations imposed by iStar on certain
newsgroups in June and July this year, other "normal"
groups could not be accessed at all for almost two
weeks, e.g. alt.os.linux, alt.2600 and alt.hackers
and gnu.misc.discuss.
Regads,
Shaun Patrick Foy
On 9 Oct 1996 00:53:09 -0700 Curt Sampson (cu...@cynic.portal.ca) wrote:
>In article <53f398$n...@nntp.ucs.ubc.ca>,
>Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>>Which laws are you referring to here, Tom? Certainly you aren't
>>suggesting that ISPs should be allowed to carry groups which are
>>intended specifically for the distribution of material that is
>>clearly illegal under the criminal code.
>Well, if he isn't, I am. As far as I'm concerned, ISPs have no
>business examining any of the content that passes through.
>Yes, you can complain about not being able to get alt.binaries.warez.pc.
>But are the folks at an Istar supposed to risk their jobs and their
>company to bring it to you?
Well, obviously we disagree. I believe ISPs should not knowingly
carry information which is illegal. I am not talking about morally
questionable, I am not talking about potentially libelous, I
am referring only to groups which exist solely for the distribution
illegal material. One very good example would be a groups like
alt.binaries.pictures.erotica.pedophilia (or any version thereof).
Regards,
Shaun.
--
Curt Sampson
In article <53gnjl$1...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>Well, obviously we disagree. I believe ISPs should not knowingly
>carry information which is illegal.
It is not reasonable to expect an ISP to determine whether or not
material is illegal. That is the profession of judges. Myself, I'm
just a bit short on legal training, not to mention research time,
to make those sorts of determinations.
Thi is what causes the chill, of course. If I'm not sure if
alt.sex.bestiality.hampsters.duct-tape is illegal, so I'd best
remove it to be on the safe side. Is alt.2600 primarially illegal?
I don't know. Be on the safe side, remove that too, because one
wrong move will shut me down.
It's also open to abuse. Let's say you're a news admin. I send you
a message every morning with 150 article IDs from alt.binaries.pictures
groups that you carry, stating that these articles, though in
`legal' groups, are pictures of illegal material. You are now
obligated to examine every one of these, attempt to second-guess
a judge, and if you're unsure that it's safe or sure that it's not,
cancel the article on your system. How long do you think it's going
to be before you decide that carrying those groups isn't worth it?
This sort of thing allows essentially anybody who wants to to move
a group off of an ISP.
Shaun Patrick Foy
On 9 Oct 1996 13:50:35 -0700 Curt Sampson (cu...@cynic.portal.ca) wrote:
>In article <53gnjl$1...@nntp.ucs.ubc.ca>,
>Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>>Well, obviously we disagree. I believe ISPs should not knowingly
>>carry information which is illegal.
>It is not reasonable to expect an ISP to determine whether or not
>material is illegal. That is the profession of judges. Myself, I'm
>just a bit short on legal training, not to mention research time,
>to make those sorts of determinations.
I am confident in your abilities to determine a newsgroup intended
for the distribution of child pornography is illegal. I don't think
that is an unreasonable expectation. However, if you are unable to
make that determination, I am sure a judge will help you along some
day down the road.
I am confused and can't understand why an ISP would carry a group
that was obviously illegal. I don't expect ISPs to search out
'questionable' items in all their groups and remove them. I do
expect that them to remove newsgroups which are intended solely
for the distribution of illegal material.
>Thi is what causes the chill, of course. If I'm not sure if
>alt.sex.bestiality.hampsters.duct-tape is illegal, so I'd best
>remove it to be on the safe side. Is alt.2600 primarially illegal?
>I don't know. Be on the safe side, remove that too, because one
>wrong move will shut me down.
*shrug* Take it to a lawyer. It is the cost of doing business.
For years, newspapers and magazines have been consulting lawyers
on such issues.
>It's also open to abuse. Let's say you're a news admin. I send you
>a message every morning with 150 article IDs from alt.binaries.pictures
>groups that you carry, stating that these articles, though in
>`legal' groups, are pictures of illegal material. You are now
>obligated to examine every one of these, attempt to second-guess
>a judge, and if you're unsure that it's safe or sure that it's not,
>cancel the article on your system. How long do you think it's going
>to be before you decide that carrying those groups isn't worth it?
>This sort of thing allows essentially anybody who wants to to move
>a group off of an ISP.
Well, I would assume you would decide pretty quick. However, is
that really your only alternative? Are you suggesting that an ISP
has no way of controlling what they receive or distribute?
Regards,
Shaun
Curt Sampson
In article <53h63t$3...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>
>I am confident in your abilities to determine a newsgroup intended
>for the distribution of child pornography is illegal.
My only knowledge that child porn is illegal comes from the fact
that I've heard other people talk about it. I have never even read
the law relating to it. I don't have a clue what other laws are on
the books in a similar vein. Is a picture of someone hitting someone
else illegal? Not in some situations, obviously. But in others?
Perhaps. You're being entirely unreasonable if you expect me to
have to learn this sort of stuff just to go about my day-to-day
business.
>*shrug* Take it to a lawyer. It is the cost of doing business.
>For years, newspapers and magazines have been consulting lawyers
>on such issues.
If I had to take every new group name to a lawer, I'd just shut
down my news server. And likely so would every other ISP.
>Well, I would assume you would decide pretty quick. However, is
>that really your only alternative? Are you suggesting that an ISP
>has no way of controlling what they receive or distribute?
Yes. What is to stop someone from posting an illegal message in any
group? Nothing.
The only way we can control this sort of thing is to exmaine every
article that comes in. This is easy enough at a newspaper, which
publishes a few hundred articles per day and has a staff of dozens
to do just this job. It's a bit more difficult at an ISP, where we
get a hundred to a hundred and fifty thousand articles per day,
and have zero staff dedicated to this job.
The only clear place to draw the line is at no responsibility or
full responsibility. Anything else is going to be nice and fuzzy,
and cause just the chill factor that people are currently bemoaning.
Curt Sampson
In article <325e36b0....@news2.jumppoint.com>,
Xphile <str...@jumppoint.com> wrote:
>A better analogy would be a store with the door wide open, and the
>open sign flipped to show "OPEN"...
I think that that's a very poor analogy. Most shops with an `open'
sign are there to draw people in. Most news servers are designed
to serve a local population.
>I mean, When Jumppoint/Hook-up is throttling 75% of the time on
>weekends, does that mean I am just supposed to forget about replying
>to any thread I am involved with?
And who is stopping you from going to another ISP?
>I'm sorry, But they ignore all
>requests (e-mail/voice/fax) to upgrade/fix their news server, And I'm
>stuck in a 1 year contract with them, so I'll go wherever I have to to
>get things done. If you don't want to use open servers, then
One could also argue that if one had a Cantel contract that was
not yet up, but disliked their service, one is justified in stealing
BCTel airtime until the Cantel contract expires.
Tom Klok
In article <325BDA03...@iceonline.com>,
BORG <vlad...@iceonline.com> wrote:
>
>No, Tom, I am not using iStar, I am a subscriber of
>iceonline.com and they [ICE] are getting newsfeeds from iStar.
>Many of ICE customers were (and are) angry due to news
>constraints caused by iStar policies...
The iSTAR feed is very fast and consistant these days, but iSTAR has
decided not to carry certain groups.
ICE is free to pick up feeds from many sources, and IMHO should.
Most news servers are peered with a bunch of other servers.
By not doing so, ICE has likewise made a choice not to carry
these groups.
Tom
--
Tom Klok Tom....@iSTAR.ca
Network Administration iSTAR internet inc.
Opinions expressed are personal; I do not speak for my employers.
Tom Klok
>wrote:
>
>>So the owners/administrators of these servers have ok'd your use of
>>them?
>
>A better analogy would be a store with the door wide open, and the
>open sign flipped to show "OPEN"...
As if it was normal to have a wide-open news server. Ya, right. I
take it you didn't contact the server admin to let him/her know you're
using the server, and won't because you know you'll be helping them
close it. Tell me different.
>I mean, When Jumppoint/Hook-up is throttling 75% of the time on
>weekends, does that mean I am just supposed to forget about replying
>to any thread I am involved with?
I see... so because your ISP can't run a news server properly, it's
ok to break into someone else's. Makes lots of sense.
Others have pointed out that there are private, authenticated news
servers on the net that you can buy service from for US$5/month.
>If you don't want to use open servers, then don't...easy as that.
I won't even touch that one.
John Henders
>No, Tom, I am not using iStar, I am a subscriber of
>iceonline.com and they [ICE] are getting newsfeeds from iStar.
>Many of ICE customers were (and are) angry due to news
>constraints caused by iStar policies...
If you check the headers of the articles on your news server, you will
find that Ice is actually fed by Wimsey, not iSTAR, though on some days
iSTAR feeds Wimsey almost 50% of it's news. And, iSTAR policy change did
not cause one group on Wimsey to be deleted because Wimsey never carried
those groups in the first place.
>because of some limitations imposed by iStar on certain
>newsgroups in June and July this year, other "normal"
>groups could not be accessed at all for almost two
>weeks, e.g. alt.os.linux, alt.2600 and alt.hackers
>and gnu.misc.discuss.
These groups have never been blocked in Iceonline's feed here, and other
than one weekend in the summer when the entire feed to Ice accidently
went south (sorry Gerry), there has been no problems on this side. [1]
However, the legacy C-News system that they just replaced often had
problems keeping up. Their recent upgrade to INN should help
tremendously, and will also allow them to set up a few redundant feeds,
something that C-News handles very badly on a heavily loaded machine.
[1] Wimsey's news server has had a continuous uptime of over 180 days if
you ignore having to unplug it to move it downtown. The only reason it's
only 180 is someone broke into the Wimsey office last winter and stole
the old one.
--
Artificial Intelligence stands no chance against Natural Stupidity.
GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*
Ken Wong
In article <53h839$k...@fountain.mindlink.net>, a00...@giant.mindlink.net
(Tom Klok) wrote:
> In article <klwong-0910...@news.dowco.com>,
> Ken Wong <klw...@dowco.com> wrote:
> >
> >While most servers deny access the ones that I presently use have not
> >locked me out. I do not hack in. No user ID or password needed. You have
> >to do some detective work to find them. I will not reveal their names.
>
> permission? Just because a door is unlocked you can't assume that
> everything behind it is free for the taking. I strongly suspect that
> if the admins of those servers knew you were on there, they'd fix
> the lock.
(snip)
I regularily use three servers which carry 20,099, 23150, and 12530
groups. They are run by large regional U.S. ISPs that are not part of a
national one like Netcom. To counter censorship the first one has been
dedicated by their administrators to public access. It mirrors the server
that their
regular customers use. Using the popular search engines I have found three
sites that maintain lists of open NNTP servers. Since I had been posting
about these servers someone e-mailed the URl of a fourth one that I was not
aware of. So far I have not found it by doing a search. There seems to be a
network of people/resources devoted against usenet censorship. The admin
behind above first server would welcome an e-mail from me. It has only
been listed on one of the above 4 sites.
Curt Sampson
In article <53i0dt$8...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>Well, I don't. The courts do. If you choose to enter a business then
>you are obliged to run the business within the parameters of the law.
>Wouldn't you expect a builder to understand the city bylaws?
I don't think that that's a good analogy at all. I'm not *publishing*
any of the stuff I move through my system. I'm just moving it
around. You're asking the truck driver to make sure that the drywall
he takes to the building site is up to code for that particular
building.
>Well, I think you would do fine if you used your better judgement.
No, I would not do fine. I have worked enough with lawyers to
understand that anecdoctal familiarity with the law can be worse
than useless, and that's all I have. And keep in mind, in the courts
it doesn't count if I've made an effort or not; that makes no difference.
The question is, did I succeed, and succeed *every single time*. That
means that if someone gives me a list of five thousand articles and asks
if they are illegal, I *must* check *every single one* of those and make
a conscious decision to keep it or not.
(What would probably happen of course, is that I'd just delete the
lot. You might not be so happy in that situation if a dozen of
those happened to be postings by you that the user put in the list.)
Let me also note that courts have the luxury of plenty of time to
make a decision. They can examine an object for weeks if they want
before they decide it's illegal. I don't have that luxury.
>I am only suggesting that it would be wise to remove newsgroups that
>obviously contain illegal material. If you aren't sure, then certainly
>you ought to learn or seek advice.
With what money, Shaun? Do you think that ISPs have profit margins
that let them spend a lot of $175 hours with lawyers?
> >Yes. What is to stop someone from posting an illegal message in any
> >group? Nothing.
>
>Of course, this isn't my point and I never mentioned this in previous
>posts. In fact, I purposely stayed away from this issue.
This is part of the problem. You can't stay away from this issue.
As soon as you start telling ISPs that anything they know of that's
illegal must be removed, and they must start taking active steps
to find these things, where do you stop? If I can get shut down
for not taking active steps to remove groups such as a.b.p.e.under14,
why not give me the responsibility to check a.b.p.e.young, since
there seems a reasonable chance that illegal stuff might be appearing
there?
Also, what about newsgroups that don't exist `solely' for the
distribution of illegal material? Do I remove a.b.p.e.under14andover65?
What if a.b.p.e.something is now mainly used for the distribution
of illegal material, but the name doesn't indicate it?
>However, since
>you bring the point up, I suggest that in cases where 'an illegal
>message' has been posted and the ISP is aware of the message, the
>ISP ought to remove the article from their server.
As I pointed out before, that will simply shut down all news servers.
Anybody who doesn't like an ISP will grab a few thousand, or even a few
tens of thousands, of message-IDs per day and send a note to the news admin
saying he believes that these are illegal articles. The news admin cannot
hope to examine them all, and so will delete all of the articles. After
a few weeks of this, it will become obvious that since the news server
is useless anyway, it might as well be shut down.
And just think of what good this does for those who have a problem
with certain articles. Imagine getting a list, every day, from the
Scientologists of twenty thousand articles they think may be illegal.
(Only a few hundred of these would be posts the Scientologists want
cancelled, but what's a bit of `collateral damage' given the
opportunity to remove all of your opponents postings? How about
anti-abortionists? Pro-abortionists? Those who don't like the left
wing? Those who don't like the right wing?
Better yet even, what happens if someone tells me that you, a
hypothetical user of my news server, regularly post illegal material.
Am I going to start examining every posting you make? No. I'll just
remove your posting access.
>You control this sort of thing by removing newsgroups
>which exist solely for the distibution of illegal materials and
>you can respond to complaints by customers. The key is that you
>are making an effort to keep the feed free of such material.
You still don't seem to understand. `Making an effort' is not good
enough. Under the law I must be successful at my effort, or be shut
down. Since I, unlike a court, don't have the time to make a fair
investigation, I will simply stop people from doing many, many
legal things for fear that they might do one illegal thing. I don't
think that's the way a society should work. I don't think people
should be judged in such an arbitrary and unfair manner.
Curt Sampson
In article <326290db....@news2.jumppoint.com>,
Xphile <str...@jumppoint.com> wrote:
>You're right, But it's not like I'm grabbing binaries or
>something...Just posting follow-ups doesn't use a heck of a lot of
>bandwidth through their server..
That's true enough. I'm not saying that this is an enormous crime.
(I certainly wouldn't throw you in jail for it, though the US courts
might. :-)) However, there are a lot of people on the Internet. If
it were just you using news server capacity, that would be one
thing. Add in a few dozen others doing it at the same time and
you've brought your typical small news server to its knees.
Shaun Patrick Foy
In the end, people interested in this material will go to
their ISP for these groups. In my eyes, this makes the ISP
the distributor of that material. Despite all your arguments
about how tough it will be to monitor, how costly, how time
consuming, etc, I still feel it is the ISPs responsibility.
I do realise that this could mean a number of ISPs dropping
their news service and I do think that is sad. However, I
hope ISPs would come up with a more creative way to manage
this problem rather than simply dropping the service.
Regards,
Shaun.
BORG
Shaun Patrick Foy wrote:
>
> In the end, people interested in this material will go to
> their ISP for these groups. In my eyes, this makes the ISP
> the distributor of that material. Despite all your arguments
> about how tough it will be to monitor, how costly, how time
> consuming, etc, I still feel it is the ISPs responsibility.
I do not feel that way at all. If Alice gives me
a postcard and tells me to send it to Bob, I am not
responsible for what she wrote on it, neither I want
to know.
> I do realise that this could mean a number of ISPs dropping
> their news service and I do think that is sad. However, I
> hope ISPs would come up with a more creative way to manage
> this problem rather than simply dropping the service.
Regards,
Shaun Patrick Foy
On Thu, 10 Oct 1996 10:32:49 -0700 BORG (vlad...@iceonline.com) wrote:
>Shaun Patrick Foy wrote:
>>
>> In the end, people interested in this material will go to
>> their ISP for these groups. In my eyes, this makes the ISP
>> the distributor of that material. Despite all your arguments
>> about how tough it will be to monitor, how costly, how time
>> consuming, etc, I still feel it is the ISPs responsibility.
>I do not feel that way at all. If Alice gives me
>a postcard and tells me to send it to Bob, I am not
>responsible for what she wrote on it, neither I want
>to know.
Well, how about this: you are a courier, alice gives you a stack
of magazines to take to bob and jerry, you make money off delivering
those magazines, you know that you are carrying magazines that have
pictures of little boys and girls having sex with old men, a cop
pulls you over, he arrests you for having the materials. What do you
think the courts will do? The key point here is, of course3, that
you were carrying material you knew to be illegal.
If you want to make a 'conduit' argument in which you are merely
a pipeline and are not responsible for the material you are
distributing, I would ask you whether you would buy such an
argument for drug traffickers.
Alan Waldrop
In article <53jhnd$f...@nntp.ucs.ubc.ca>,
>a pipeline and are not responsible for the material you are
>distributing, I would ask you whether you would buy such an
>argument for drug traffickers.
I would, but then I think the drug prohibition laws are
unconstitutional.
--
alan
Shaun Patrick Foy
*grin*
Well, that wouldn't help you out much if the courts disagreed. ;-)
spf
Jordan James Hoff
In article <53iq1c$c...@cynic.portal.ca>,
Curt Sampson <cu...@cynic.portal.ca> wrote:
>In article <53i0dt$8...@nntp.ucs.ubc.ca>,
>Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>>Wouldn't you expect a builder to understand the city bylaws?
>I don't think that that's a good analogy at all. I'm not *publishing*
>any of the stuff I move through my system. I'm just moving it
>around. You're asking the truck driver to make sure that the drywall
>he takes to the building site is up to code for that particular
>building.
Unfortunately, what we are dealing with here aren't Ford F150's but
instead young, exploited, innocent children. Not trucks.
[arguments suggesting nothing can be done snipped]
>>I am only suggesting that it would be wise to remove newsgroups that
>>obviously contain illegal material. If you aren't sure, then certainly
>>you ought to learn or seek advice.
>
>With what money, Shaun? Do you think that ISPs have profit margins
>that let them spend a lot of $175 hours with lawyers?
[big snip]
>Better yet even, what happens if someone tells me that you, a
>hypothetical user of my news server, regularly post illegal material.
>Am I going to start examining every posting you make? No. I'll just
>remove your posting access.
>
[more arguments saying nothing can be done snipped]
>cjs
>--
>Curt Sampson cu...@portal.ca Info at http://www.portal.ca/
>Internet Portal Services, Inc.
>Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.
I'm sorry Curt, but your arguments aren't valid. You can't hide behind
the advanced technology of the Internet and say nothing can be done.
Right now, it might be impossible to find an acceptable solution but that
doesn't mean you and those in the Internet industry shouldn't be trying
to find one.
However, let's put it in an argument that you and your ISP friends can
understand. Let's not try to get rid of Child porn because of the
damage it does to these kids lives while they are exploited, raped, etc...
Instead, I will make this point: the amount of child porn on the net
right now could be its downfall. As more and more "mainstream" citizens
join on, more and more will see the negative side of the net and push
politicians for legislation banning illegal postings. Which would you
rather have - a government forcing changes in a business it knows
relatively little about? or - the industry bringing about a type of
self-regulation and thought-out, effective solutions.
If it doesn't make sense to try and stop child porn from a human compassion
point of view then at least it makes business sense in the long run... and
that is all our society seems to understand.
This whole discussion makes me wonder, does our society, or a powerful part
of society, sublty condone the sexual exploitation of children? Vancouver has
a large child-prostitution problem and nothing is done... Someone points out
that maybe something should be done about child porn on the net and all
he receives are answers that nothing can be done and we'll just have to
live with it... We all say that child sexual abuse (and that is what we
are dealing with here, nothing less) is horrendous, but unless it is in
our face, we all sleep well at night.
Jordan.
Curt Sampson
In article <53jaia$d...@nntp.ucs.ubc.ca>,
>their ISP for these groups. In my eyes, this makes the ISP
>the distributor of that material. Despite all your arguments
>about how tough it will be to monitor, how costly, how time
>consuming, etc, I still feel it is the ISPs responsibility.
Why is it our responsiblity to prevent them from accessing this on
our news server, but not anyone else's? They're still getting it
through us in one way or another unless we monitor every packet
they send.
>However, I
>hope ISPs would come up with a more creative way to manage
>this problem rather than simply dropping the service.
You're the one who wants to create the problem, Sean. You find a
creative way to manage it. I can't think of one for the life of
me.
Curt Sampson
In article <53jndn...@keats.ugrad.cs.ubc.ca>,
Jordan James Hoff <d8...@ugrad.cs.ubc.ca> wrote:
>
>Unfortunately, what we are dealing with here aren't Ford F150's but
>instead young, exploited, innocent children. Not trucks.
You mean the same young, exploited, innocent children who will be
killed if their house collapses on them? My analogy stands.
>I'm sorry Curt, but your arguments aren't valid. You can't hide behind
>the advanced technology of the Internet and say nothing can be done.
>Right now, it might be impossible to find an acceptable solution but that
>doesn't mean you and those in the Internet industry shouldn't be trying
>to find one.
You're trying to find technological solutions to social problems.
Take it from someone who knows technology inside-out: it can't be
done. (Although Singapore is giving it a good try.)
>Instead, I will make this point: the amount of child porn on the net
>right now could be its downfall. As more and more "mainstream" citizens
>join on, more and more will see the negative side of the net and push
>politicians for legislation banning illegal postings.
This has already happened. I've got no problems with legislation
banning illegal postings (although if they are already illegal,
they are already banned). Track down and punish the posters if you
like. I'll help you do it. But don't hold me responsible for
something that someone else does.
>Which would you
>rather have - a government forcing changes in a business it knows
>relatively little about? or - the industry bringing about a type of
>self-regulation and thought-out, effective solutions.
I've yet to see a thought-out, effective solution here. I see a
segment of the populace (viz., you) attempting to force changes in
a business it knows relatively little about.
>Someone points out
>that maybe something should be done about child porn on the net and all
>he receives are answers that nothing can be done and we'll just have to
>live with it ...
Who said that? I never said such a thing. I just said it's immoral
to hold me responsible (and make me pay the penalty) for bad things
that other people do.
BORG
Shaun Patrick Foy wrote:
.........
> >I do not feel that way at all. If Alice gives me
> >a postcard and tells me to send it to Bob, I am not
> >responsible for what she wrote on it, neither I want
> >to know.
>
> Well, how about this: you are a courier, alice gives you a stack
> of magazines to take to bob and jerry, you make money off delivering
> those magazines, you know that you are carrying magazines that have
That's where you're wrong: I don't know, I don't care. I am
a courier and it's my job to deliver. If I don't,
I may lose my job. I have hundreds of packages to
deliver and I am not paid to censor others' mail.
> pictures of little boys and girls having sex with old men, a cop
> pulls you over, he arrests you for having the materials. What do you
> think the courts will do? The key point here is, of course3, that
> you were carrying material you knew to be illegal.
No, I didn't know what material I was carrying at all,
nor did I care.
> If you want to make a 'conduit' argument in which you are merely
> a pipeline and are not responsible for the material you are
> distributing, I would ask you whether you would buy such an
> argument for drug traffickers.
Drug traffickers are aware of what they are carrying.
ISP can not possibly go through gigabytes of articles
looking for "prohibited" materials. If you think that
an article is illegal, prosecute the originator of
the article, not ISPs that carry it. There's no guarantee
that somebody will not post a picture of Alice without
dress in this newsgroup today. Accordingly to your
logic, all ISPs of B.C that carry van.general have
to go to jail after such an incident. No thanks.
Shaun Patrick Foy
On Thu, 10 Oct 1996 16:20:13 -0700 BORG (vlad...@iceonline.com) wrote:
>Shaun Patrick Foy wrote:
>.........
>> >I do not feel that way at all. If Alice gives me
>> >a postcard and tells me to send it to Bob, I am not
>> >responsible for what she wrote on it, neither I want
>> >to know.
>>
>> Well, how about this: you are a courier, alice gives you a stack
>> of magazines to take to bob and jerry, you make money off delivering
>> those magazines, you know that you are carrying magazines that have
>That's where you're wrong: I don't know, I don't care. I am
Well, the example I give applies to when you do know. After
all, I think that every ISP must know there are illegal
pictures in the a.b.p.e.children groups.
>> If you want to make a 'conduit' argument in which you are merely
>> a pipeline and are not responsible for the material you are
>> distributing, I would ask you whether you would buy such an
>> argument for drug traffickers.
>Drug traffickers are aware of what they are carrying.
>ISP can not possibly go through gigabytes of articles
>looking for "prohibited" materials. If you think that
Not suggesting they should. Merely suggesting they should
make a reasonable attempt to remove illegal material. I
wouldn't call 'no attempt' reasonable.
>There's no guarantee
>that somebody will not post a picture of Alice without
>dress in this newsgroup today. Accordingly to your
>logic, all ISPs of B.C that carry van.general have
>to go to jail after such an incident. No thanks.
No. How on earth did you come to that interpretation? By
my argument, if an ISP found out about the picture and
did not remove the article, then they would be guilty.
If I throw a bag of heroin in your back yard .. I hardly
think you could be held responsible.
Regards,
Shaun.
Shaun Patrick Foy
On 10 Oct 1996 15:53:21 -0700 Curt Sampson (cu...@cynic.portal.ca) wrote:
>In article <53jaia$d...@nntp.ucs.ubc.ca>,
>>their ISP for these groups. In my eyes, this makes the ISP
>>the distributor of that material. Despite all your arguments
>>about how tough it will be to monitor, how costly, how time
>>consuming, etc, I still feel it is the ISPs responsibility.
>Why is it our responsiblity to prevent them from accessing this on
>our news server, but not anyone else's? They're still getting it
>through us in one way or another unless we monitor every packet
>they send.
Not suggesting you should monitor packets, Curt. I am suggesting
that you should make a reasonable attempt to keep illegal materials
off your server. You are suggesting that it is reasonable to make
no attempt to keep such material off your server.
>>However, I
>>hope ISPs would come up with a more creative way to manage
>>this problem rather than simply dropping the service.
>You're the one who wants to create the problem, Sean. You find a
>creative way to manage it. I can't think of one for the life of
>me.
Hah. What a joke. The problem exists because of idiots out there
that want to post the stuff and want to read the stuff. How on
earth can you point your finger at me as the one that is 'creating'
the problem. Furthermore, ISPs are the ones that make money off
delivering these groups, not me. They ought operate their business
within the confines of the criminal code, just like every other
business. By the way, I didn't write the criminal code, either so
you certainly can't blame me for causing this problem.
spf
--
BORG
Tom Klok wrote:
>
> In article <klwong-1010...@news.dowco.com>,
> Ken Wong <klw...@dowco.com> wrote:
> >
> >I regularily use three servers which carry 20,099, 23150, and 12530
> >groups. They are run by large regional U.S. ISPs that are not part of a
> >national one like Netcom. To counter censorship the first one has been
>
> My appologies, then. Enjoy it while it lasts, because it'll soon
> be shut down or so overloaded to be useless. What about the other
> two?
One shuts down, another one opens. There are perl scripts
that scan /var/spool/news for hosts in "Path: " line
and automatically telnet to 119 of those hosts and write
all successful connections to a log. Run such a script
overnight and you'll discover at least a couple of servers
that let you read/write access. Notice that I never use
such scripts (I haven't been reading too many groups lately)
because I don't need to but I know some who does. My point is:
1. it's not difficult to find an open NNTP host; 2. there's
nothing bad ot illegal in using it as long as you don't
abuse/misuse their services.
Regards,
Shaun Patrick Foy
On 9 Oct 1996 17:31:59 -0700 Curt Sampson (cu...@cynic.portal.ca) wrote:
>In article <53h63t$3...@nntp.ucs.ubc.ca>,
>>for the distribution of child pornography is illegal.
>Perhaps. You're being entirely unreasonable if you expect me to
>have to learn this sort of stuff just to go about my day-to-day
>business.
Well, I don't. The courts do. If you choose to enter a business then
you are obliged to run the business within the parameters of the law.
Wouldn't you expect a builder to understand the city bylaws?
>>*shrug* Take it to a lawyer. It is the cost of doing business.
>>For years, newspapers and magazines have been consulting lawyers
>>on such issues.
>If I had to take every new group name to a lawer, I'd just shut
>down my news server. And likely so would every other ISP.
Well, I think you would do fine if you used your better judgement.
I am only suggesting that it would be wise to remove newsgroups that
obviously contain illegal material. If you aren't sure, then certainly
you ought to learn or seek advice.
>>Well, I would assume you would decide pretty quick. However, is
>>that really your only alternative? Are you suggesting that an ISP
>>has no way of controlling what they receive or distribute?
>Yes. What is to stop someone from posting an illegal message in any
>group? Nothing.
Of course, this isn't my point and I never mentioned this in previous
posts. In fact, I purposely stayed away from this issue. Remember,
I am only suggesting that an ISP ought to remove newsgroups that
are solely for the distribution of illegal material. However, since
you bring the point up, I suggest that in cases where 'an illegal
message' has been posted and the ISP is aware of the message, the
ISP ought to remove the article from their server.
>The only way we can control this sort of thing is to exmaine every
>article that comes in. This is easy enough at a newspaper, which
>publishes a few hundred articles per day and has a staff of dozens
>to do just this job. It's a bit more difficult at an ISP, where we
>get a hundred to a hundred and fifty thousand articles per day,
>and have zero staff dedicated to this job.
I disagree. You control this sort of thing by removing newsgroups
which exist solely for the distibution of illegal materials and
you can respond to complaints by customers. The key is that you
are making an effort to keep the feed free of such material.
Regards,
Shaun.
Gordon Mulcaster
In article <53jndn...@keats.ugrad.cs.ubc.ca>, Jordan James Hoff writes:
> I'm sorry Curt, but your arguments aren't valid. You can't hide behind
> the advanced technology of the Internet and say nothing can be done.
> Right now, it might be impossible to find an acceptable solution but
that
> doesn't mean you and those in the Internet industry shouldn't be trying
> to find one.
Tons of child porn goes through the mail every day. Why aren't you
advocating the post office open every piece of mail to check for it?
--
"Usenet is like a herd of performing elephants with diarrhea --
massive, difficult to redirect, awe-inspiring, entertaining, and a
source of mind-boggling amounts of excrement when you least expect
it."--sp...@cs.purdue.edu (1992)
gor...@portal.ca
Tom Klok
In article <325DD5E7...@iceonline.com>,
No arguement there.
> 2. there's nothing bad ot illegal in using it as long as you don't
> abuse/misuse their services.
If I forget to lock my car one day, I hope someone like you doesn't
come along and "borrow" it because you don't have one or yours doesn't
go as fast. It doesn't matter if you treat it well and park it in the
exact same place before I get back; it's still theft.
Using their server without permission is abuse. What is so hard to
understand about this?
Curt Sampson
In article <53k1vn$i...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
> >>However, I
> >>hope ISPs would come up with a more creative way to manage
> >>this problem rather than simply dropping the service.
>
> >You're the one who wants to create the problem, Sean. You find a
> >creative way to manage it. I can't think of one for the life of
> >me.
>
>How on
>earth can you point your finger at me as the one that is 'creating'
>the problem.
My proposal is that ISPs have no liability for content passing
through them. Your proposal is that ISPs should have liability when
they `know' that content is illegal.
That latter thing is a problem, for two reasons. The first is that
an ISP *cannot* know if some content is illegal. If we could, we
wouldn't have to have a court system to decide these things, would
we? Since we can't know for sure, questionable items will be dropped.
This places a severe `chill' on free speech. If you think that
upholding the law is more important than free speech, I suggest
you examine the current situtation in Singapore and see if living
in a country like that would appeal to you.
The second reason is that as soon as you make me responsible for
checking content--not just one package as I deliver it, as in your
courier example, but 125,000 news articles per day--anyone can shut
down any part of the news hierarchy they want to. All they have to
do is send me a message with a few thousand or tens of thousands
of message-IDs, saying that these messages have illegal content.
You have not suggested any way that it could be possible to examine,
say, even ten thousand messages per day. Given that it can't be
done, the two alternatives are to delete all of the messages, or
to just leave them there and get chucked in jail should even a
single one of those messages have illegal content.
So that is why this is a problem of your making, Shawn. You're
promoting a situation that could easily put ISPs in a position to
have to examine thousands or tens of thousands of messages per day,
and you're saying `well I can't see how to do it, but I would hope
that ISPs would come up with a solution.' You might as well pass
a law that says all ISP sysops must hover at least a half meter
above the ground when working, and then say `well I would hope that
these people would come up with a solution to the law of gravity.'
Also, this creates even more interesting concerns in the privacy
area. What if you are a client of mine, and someone informs me
that you're using our e-mail system to send illegal messages. If
I'm to be responsible for crimes I know are happening, I will now
have to go read every e-mail message you send and receive. Is that
what you would want me to do in this situation?
Robert
d8...@ugrad.cs.ubc.ca (Jordan James Hoff) wrote:
>In article <53iq1c$c...@cynic.portal.ca>,
>Curt Sampson <cu...@cynic.portal.ca> wrote:
>>>Wouldn't you expect a builder to understand the city bylaws?
>>I don't think that that's a good analogy at all. I'm not *publishing*
>>any of the stuff I move through my system. I'm just moving it
>>around. You're asking the truck driver to make sure that the drywall
>>he takes to the building site is up to code for that particular
>>building.
>
>instead young, exploited, innocent children. Not trucks.
>
Actually under the Canadian criminal law definition of child pornography,
there dosent have to be any actual children involved whatsover. If you cut out kids
faces from the Eatons catalog and put them on top of nude adult photos that is enough.
So the protecting exploited innocent children dosent necessarily fit all cases
Curt Sampson
>2. there's
>nothing bad ot illegal in using it as long as you don't
>abuse/misuse their services.
At least under US law, this is incorrect. Merely telnetting to port
119 of a server when you have not been given implicit or explicit
permission to do so is a violation of the criminal code. (And no,
that being open to the net at large does not constitute implicit
permission, any more than leaving the door of my house unlocked
constitutes implicit permission to anyone to enter.
Tom Klok
In article <klwong-1010...@news.dowco.com>,
Ken Wong <klw...@dowco.com> wrote:
>
>I regularily use three servers which carry 20,099, 23150, and 12530
>groups. They are run by large regional U.S. ISPs that are not part of a
>national one like Netcom. To counter censorship the first one has been
>dedicated by their administrators to public access. [...]
My appologies, then. Enjoy it while it lasts, because it'll soon
be shut down or so overloaded to be useless. What about the other
two?
Tom
rich
> >On 9 Oct 1996 01:23:45 GMT Tom Klok (a00...@giant.mindlink.net) wrote:
> >
> >>I'm not a fan of censorship either, and I hope some day soon the federal
> >>government will change the laws to allow ISPs to accept absolutely anything
> >>in a news feed without fear of the stormtroopers.
> >
> >Which laws are you referring to here, Tom? Certainly you aren't
> >suggesting that ISPs should be allowed to carry groups which are
> >intended specifically for the distribution of material that is
> >clearly illegal under the criminal code.
Yes ISP's should be allowed to carry stuff that is in CLEAR violation of
the criminal code.
Just who gets to decide what is criminal and what isn't??? It is
obviously not the people.
I am not for kiddie porn, and yes it is terrible, but instead of banning
it and keeping it and its buyers in the dark out of public scrutiny, the
public should be made aware (which the government is incapable of, who
wants intelligent masses anyways it would cause more problems than its
worth) of what is happening in this respect.
This is not to say yes legalize child pornography, but there needs to
be a grey area where concerned citizens can at least learn about this
form of child abuse and act to prevent its spread. We can't stop
something we know nothing about.
If people knew where and when kiddie porn was being sold, distributed
and used in this country, don't you think that people who are more
concerned over its spread and use would have a better chance at stopping
it or at least showing its consumers to the public so that everybody
knew just who these perverts are.
We shouldn't let the government be so benevelent as to lead us with
"blind" obedience. Besides when was the last time the government did
anything that was "good" for society, one of the things they consider
good is the GST and Free Trade, both of which make us slaves in our own
country.
just my .02
After all we are supposed to be living in a democracy aren't we??? Maybe
we are not...
Gordon Mulcaster
In article <53ktvk$5...@cynic.portal.ca>, Curt Sampson writes:
> You might as well pass a law that says all ISP sysops must
> hover at least a half meter above the ground when working,
Don't you do that now? If not, what's all the Jolt Cola and donuts for?
Joseph Abbott
On 10 Oct 1996 15:58:01 -0700, cu...@cynic.portal.ca (Curt Sampson)
wrote:
>In article <53jndn...@keats.ugrad.cs.ubc.ca>,
>Jordan James Hoff <d8...@ugrad.cs.ubc.ca> wrote:
>>Someone points out
>>that maybe something should be done about child porn on the net and all
>>he receives are answers that nothing can be done and we'll just have to
>>live with it ...
>
>Who said that? I never said such a thing. I just said it's immoral
>to hold me responsible (and make me pay the penalty) for bad things
>that other people do.
The thing that can be done is to prosecute the people who post it. If
you got all the ISPs to stop carrying a.b.p.e.children then the
pedophiles would stop posting there and post somewhere else instead.
Personally, i would rather have the porn on a porn group than showing
up in rec.pets.cats. Atleast when its all in a specific group its easy
to avoid.
As for censoring, it is currently imposible to censor anything on the
internet. The canadian government, and many other organizations are
working desperately to try to find a way to censor the net. And if
they ever do find a way, the net will be censored. And dont think that
just kiddie porn and hate literature will be banned.
Currently the Internet is blowing things wide open. For the first time
in the history of mankind people have a form of mass communication
that cant be censored. The internet is becoming what James Burke
described as a
"future world that we would describe as balanced
anarchy and they will describe as an open society,
tolerant of every view, aware that there is no single,
privileged way of doing things"
The internet could lead to that "open society" or, if they find a way
to censor it, it could lead to an even more ridged, conformist,
totalitarian society than we have now.
Just say NO to censorship. Be tolerant of all views.
thanks.
Joseph Abbott
*=*=*=*=*= Plutonian Web Design and Authoring =*=*=*=*=*
<<<http://www.geocities.com/Hollywood/3312/pluto.html>>>
___
Curt Sampson
In article <3261a482...@news.lynx.bc.ca>,
Joseph Abbott <jab...@lynx.bc.ca> wrote:
>
>The person who set up the server set it up in a way to allow people to
>telnet to port 119. He didnt have to allow access, but he chose to.
That's one possibility. Another is that he knew not much more than
you know about news servers, and didn't know how to close off access
properly, or even that he needed to close off access. Yet another
is that he's using news server software (such as some packages that
run under Windows NT) that doesn't let him close off that port to
certain users.
>So by doing so he has given permission for people to telnet there.
Right. And if you leave your door unlocked, you've given me permission
to enter your house.
>email everyone and ask their permission before telneting, ftping for
>anything else to there server. This wouldnt make the Internet a very
>effecient system, would it?
No. It's pretty obvious when you have implicit permission to do
that telnet or ftp. If someone advertises an anonymous FTP site to
the public at large, it's pretty obvious you have permission. The
same goes for telnet access, say, to a MOO. And even for NNTP
access, if it's published somewhere.
>The Internet and the client/servers that run on it are design to make
>information accessable easily. If you can access something on the
>Internet, providing you arent exploiting some design flaw, then you
>have been given permission from the owner of the server to do that.
Rubbish. The fact that so many programs are designed to make access
so easy is, for many server owners, a design flaw in and of itself.
A lot of people unwittingly leave services running or available to
outside users that they really shouldn't.
The logical extension of this argument is that it's so widely known,
and has been known for so long, that Sendmail 8.6.12 has security
holes in it, that I've been given permission by the owner of your
ISP to break into the mail machine and read or delete your mail.
cjs
van...@wimsey.com
jab...@lynx.bc.ca (Joseph Abbott) writes:
>The Internet and the client/servers that run on it are design to make
>information accessable easily. If you can access something on the
>Internet, providing you arent exploiting some design flaw, then you
>have been given permission from the owner of the server to do that.
Interesting theory, but I'd suggest reading the 2 sections of the
criminal code on computer crime (unauthorized access to a computer and
mischief to data are the names as I recall, I probably have the section numbers
on a supoena here somewhere) and then consider whether you think this argument
would stand up should you be charged. Both secitons are pretty broad and I
believe would probably apply to this case.
cha...@mis.ca
On Fri, 11 Oct 1996 09:23:48 +0000, rich <rst...@axionet.com> wrote:
:|>> >On 9 Oct 1996 01:23:45 GMT Tom Klok (a00...@giant.mindlink.net)
wrote:
:|>> >
:|>> >>I'm not a fan of censorship either, and I hope some day soon
the federal
:|>> >>government will change the laws to allow ISPs to accept
absolutely anything
:|>> >>in a news feed without fear of the stormtroopers.
:|>> >
:|>> >Which laws are you referring to here, Tom? Certainly you aren't
:|>> >suggesting that ISPs should be allowed to carry groups which are
:|>> >intended specifically for the distribution of material that is
:|>> >clearly illegal under the criminal code.
:|>
:|>Yes ISP's should be allowed to carry stuff that is in CLEAR
violation of
:|>the criminal code.
:|>
:|>Just who gets to decide what is criminal and what isn't??? It is
:|>obviously not the people.
:
:|>If people knew where and when kiddie porn was being sold,
distributed
:|>and used in this country, don't you think that people who are more
:|>concerned over its spread and use would have a better chance at
stopping
:|>it or at least showing its consumers to the public so that
everybody
:|>knew just who these perverts are.
:|>
:|>We shouldn't let the government be so benevelent as to lead us with
:|>"blind" obedience. Besides when was the last time the government
did
:|>anything that was "good" for society, one of the things they
consider
:|>good is the GST and Free Trade, both of which make us slaves in our
own
:|>country.
:|>
:|>
:|>just my .02
:|>
:|>After all we are supposed to be living in a democracy aren't we???
Maybe
:|>we are not...
Everyone has their own "democracy"...in the case of this country, it's
a matter of definition...No one would say anything so the government
started giving money to advocacy groups..today, the groups impact
public policy and the individual, while still equal before the law,
doesn't make public policy which becomes law...the government-paid
advocacy groups do...and they're all against illegal stuff (illegal ?
see above) on the web. Never mind that it might originate in Belgium
or Norway, or some of the more advanced
cultures..........................everything in this country is "red
herring" ... Just for a moment look at the issue of porn on the web
...What Web ?? We're on one of them, but do you realize how many
corporations, accounting firms etc have their own world wide web ?
HAH ! Thought there was just one didn't you. Then there are LAN's,
and BBS's...in fact, once porn consumers get to know each other, it is
not entirely impossible for them to all connect thru their very own
server....So the self serving bleating of politicians who in most
cases know NOTHING about the internet, is just that...self serving
bleating etc etc etc
What are the parameters within which we're # 1 ??
Joseph Abbott
On 11 Oct 1996 00:49:33 -0700, cu...@cynic.portal.ca (Curt Sampson)
wrote:
>In article <325DD5E7...@iceonline.com>,
>BORG <vlad...@iceonline.com> wrote:
>
>>2. there's
>>nothing bad ot illegal in using it as long as you don't
>>abuse/misuse their services.
>
>At least under US law, this is incorrect. Merely telnetting to port
>119 of a server when you have not been given implicit or explicit
>permission to do so is a violation of the criminal code. (And no,
>that being open to the net at large does not constitute implicit
>permission, any more than leaving the door of my house unlocked
>constitutes implicit permission to anyone to enter.
The person who set up the server set it up in a way to allow people to
telnet to port 119. He didnt have to allow access, but he chose to. So
by doing so he has given permission for people to telnet there.
If we dont accept this idea of permission, then you would have to
email everyone and ask their permission before telneting, ftping for
anything else to there server. This wouldnt make the Internet a very
effecient system, would it?
The Internet and the client/servers that run on it are design to make
information accessable easily. If you can access something on the
Internet, providing you arent exploiting some design flaw, then you
have been given permission from the owner of the server to do that.
Curt Sampson
In article <53v5r6$m...@nntp.ucs.ubc.ca>,>If they have the material on their
>server, what makes them less responsible than a pedophile
>who has the material on his computer at home?
The fact that, as an ISP, I didn't put it on to `my' server, nor
did I take it off, nor did I even examine it.
>I think
>they are more responsible since they are actually
>distributing the material.
So, for example, if I send you an illegal book in the post, Canada
Post is even more responsible than I am because they actually
delivered it to you? Don't forget that BC Tel is just as responsible
as those ISPs, since the material goes over their telephone lines.
You seem essentially to be saying that an ISP should not carry any
material it is not prepared to examine if it should have an idea
that it might be illegal. However, you have provided no reasonable
means by which we can determine if any particular piece of material
is actually illegal, nor have you provided any clue as to how an
ISP can reasonably examine up to several hundred thousand pieces
of material every day.
So do you have some sort of solution to these problems, or are you
simply asking ISPs to shut down? Or is there an alternative I've
missed?
cjs
Curt Sampson
In article <32641193...@news.lynx.bc.ca>,
Joseph Abbott <jab...@lynx.bc.ca> wrote:
>
>Setting your server to allow people to telnet to port 119 is
>*authorizing access* to port 119.
In which countries? I can't say whether or not this is valid in
Canada, but in the US your statement is dead wrong.
cjs
Curt Sampson
In article <32630da...@news.lynx.bc.ca>,
Joseph Abbott <jab...@lynx.bc.ca> wrote:
>
>Well I assume he chose to allow access.
I have already explained why you cannot make that assumption.
Yes, there are a lot of what you would term `idiot' sysadmins
out there. But many of them are not idiots, they just haven't
been given the time to learn how to do things right. Such is
a part of running some businesses.
>You would prefer that I
>assumed everyone who runs a server is an idiot and really doesnt want
>me to access the information that he/she has made available to the
>public.
Well, you can't honestly tell me that you've contacted the
administrator of every news server you've ever used and have checked
that he wants you to use his server, can you? It's dangerous
second-guessing the intentions of people you don't even know.
>have you ever visited a web page without first asking the owner of the
>server permission? *gasp* What if he didnt indent for you to use his
>server? You are using his server without his explicit permission!
A web server is a whole different ball game. Someone who advertises
a web server to the public (by giving out URLs) is giving permission
to the world to read the information there.
Surely you can tell the difference between a shop, where one may
enter freely, and a private residence, where one may not. The same
goes for news servers and for web servers.
>Face it, if you make your information available to the public on the
>internet, then the public has a right to view that info in the way
>that you set it up to be viewed (even if you didnt intend to set it up
>that way).
Face it, if you leave your door unlocked then I've got the right to
walk into your house and view anything there, even if you didn't intend
to set it up that way.
>>Right. And if you leave your door unlocked, you've given me permission
>>to enter your house.
>
>That is a very poor analogy. Most times when people try to compare
>internet things to "real life" situations they fail, and this is a
>good example of that. First of all, it is common practice to ask
>permission before entering someones house. It is NOT common practice
>to ask before telneting somewhere.
It may not be common practice, but it should be. You had damn well
better ask me for permission before telnetting to the shell machine
I run for Portal, for example. I give permission to do this by selling
you an acocunt. If you don't have an account, you need my explicit
permission.
This is just like a house. You don't have permission to go up to
the door and try the doorknob unless the owner gives you that
permission. If you rent the house from a landlord, he's not going
to say `you now have permission to try the doorknob on that door.'
It's implicit in his signing the contract with you. But that
permission still exists.
>And what a ridiculous place the Internet would be if it was.
Assume for the moment that it is common practice to get permission
before telnetting to a site. How does this make the Internet a
ridiculous place?
>I see, so in your vision of the Internet, all sites, ftp, telnet,
>gopher, www, etc must advertise their existence to all the users of
>the internet, otherwise people dont have permission to go there?
Exactly.
>If I
>do am archive search and it shows me an ftp server with a file I would
>like to download, how do I know if it has been advertised or not?
How did it get into the archive if it wasn't advertised? Answer:
it was advertised. Being in the archive is an advertisement in and
of itself. The only real question here is whether or not it was
advertised with the owner's consent.
>Yes they do. Too bad for them. Just because its easy to make a mistake
>when setting up a server, doesnt mean that we have to second guess
>what the intentions of the person who set it up are.
It's not hard to guess those intentions, any more than it's hard
for me to guess your intentions when you leave the door to your
house unlocked. I can make a pretty good guess that it's not because
you're opening it to the general public.
>If you *read* what I wrote you will i see I made a point of saying it
>is not right to exploit a security hole.
But the inability of certain Windows NT news servers to block access
from sites other than wanted ones is a security hole. I think what
you're trying to say is that security holes that are difficult to
exploit are not fair game, whereas those that are easy to exploit
are fair game. In which case, if you mail server is running an
i386-based OS, that sendmail is dead easy for me to exploit and is
thus fair game....
>Further more, reading
>someones email my infringe on other rights (like privacy) whereas the
>only complaint about telneting to the nntp is that it uses the server
>resources.
You may also have made available to you groups that are particular
to that server and only for internal consumption, in which case it's
quite possible you're violating an organisation's privacy.
And as far as those resources go, what gives you the right to use
them? It's only RAM and CPU, I know, but last I checked RAM and
CPU were not free. (If they are, let me know; I could use a more
powerful machine.)
cjs
Shaun Patrick Foy
On Fri, 11 Oct 1996 09:23:48 +0000 rich (rst...@axionet.com) wrote:
>> >On 9 Oct 1996 01:23:45 GMT Tom Klok (a00...@giant.mindlink.net) wrote:
>> >
>> >>I'm not a fan of censorship either, and I hope some day soon the federal
>> >>government will change the laws to allow ISPs to accept absolutely anything
>> >>in a news feed without fear of the stormtroopers.
>> >
>> >Which laws are you referring to here, Tom? Certainly you aren't
>> >suggesting that ISPs should be allowed to carry groups which are
>> >intended specifically for the distribution of material that is
>> >clearly illegal under the criminal code.
>Yes ISP's should be allowed to carry stuff that is in CLEAR violation of
>the criminal code.
Rich,
That isn't an option. If they have the material on their
server, what makes them less responsible than a pedophile
who has the material on his computer at home? I think
they are more responsible since they are actually
distributing the material.
Regards,
Shaun Patrick Foy
On 14 Oct 1996 23:14:25 -0700 Curt Sampson (cu...@cynic.portal.ca) wrote:
>In article <53v5r6$m...@nntp.ucs.ubc.ca>,
>Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>>server, what makes them less responsible than a pedophile
>>who has the material on his computer at home?
>The fact that, as an ISP, I didn't put it on to `my' server, nor
>did I take it off, nor did I even examine it.
>>I think
>>they are more responsible since they are actually
>>distributing the material.
>So, for example, if I send you an illegal book in the post, Canada
>Post is even more responsible than I am because they actually
>delivered it to you? Don't forget that BC Tel is just as responsible
>as those ISPs, since the material goes over their telephone lines.
Curt,
Do you think Canada Post would take a package from you if you told
them the package contained illegal material? You fail to include the
crucial point that the ISPs are actually aware that this stuff is
sitting on their server. Yes, if Canada Post knew you were sending
illegal material and had the means to remove themselves from the
formula then I certainly would say they are just as responsible.
However, I do think they are a little more aware of the issues and,
as I recall, they have acted on such things in the past. I seem to
recall BCTel shutting down a local phoneline that was distributing
hate material.
>You seem essentially to be saying that an ISP should not carry any
>material it is not prepared to examine if it should have an idea
>that it might be illegal. However, you have provided no reasonable
>means by which we can determine if any particular piece of material
>is actually illegal, nor have you provided any clue as to how an
>ISP can reasonably examine up to several hundred thousand pieces
>of material every day.
>So do you have some sort of solution to these problems, or are you
>simply asking ISPs to shut down? Or is there an alternative I've
>missed?
Well, nobody has informed me of the laws relating to fraud yet
I wouldn't go out and try and sell Internet Portal to someone
walking down the street. As far as reasonable means, that is
up to you to figure out. You are in the business of distributing
this material. Just because you can't find a way to eliminate
the illegal material does not make your actions any less illegal.
However, if I were an ISP, I would eliminate all groups that are
intended to carry binaries. Past that, I can only see an ISP taking
a reactive approach to the problem and simply deleting articles
when people complain. I think that would go a long way to showing
that you are interested in preventing the material from going through
your server.
spf
Curt Sampson
In article <53vchd$m...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>
>Do you think Canada Post would take a package from you if you told
>them the package contained illegal material?
Yes, I think they would. If I went and told them that packages of
illegal material were regularly being posted in the box at the
corner of 41st and Arbutus, and that Box 7219 at the main post
office was used solely for the reception of illegal material, I
think they would continue taking and delivering these packages. Do
you have any reason to think otherwise?
They might refer to the matter to the police, just as I would refer
the matter to the police if I found someone doing someting I thought
might be illegal on my systems.
>You fail to include the
>crucial point that the ISPs are actually aware that this stuff is
>sitting on their server.
No, ISPs are often not aware. Or are you labouring under the illusion
that there's some sort of system in place that prevents illegal
material from being posted to any but a certain subset of groups,
and will allow only illegal material to be posted to those groups?
>Yes, if Canada Post knew you were sending
>illegal material and had the means to remove themselves from the
>formula then I certainly would say they are just as responsible.
Wait a second, where does this `means to remove themselves from
the formula' qualification come in? I've already pointed out that
I don't have such means available, and you've implicitly agreed to
this by not showing any such means exist. Why should Canada post
get this exception and ISPs not?
>However, I do think they are a little more aware of the issues and,
>as I recall, they have acted on such things in the past. I seem to
>recall BCTel shutting down a local phoneline that was distributing
>hate material.
Was it shut down by BC Tel on their own initiative or by the request
of the law enforcement system? There's a big difference between
the two. If you're proposing a system whereby the law enforcement
system will tell me exactly what items I must remove from my system,
I'd be much more amenable to that.
>As far as reasonable means, that is
>up to you to figure out.
There are no reasonable means. There are no means at all, except
to cease operating my business. Since you're proposing that, are
you going to offer me alternative employment?
>However, if I were an ISP, I would eliminate all groups that are
>intended to carry binaries.
You'd start loosing business pretty quickly. Alt.binaries groups
are pretty darn popular. Also, in terms of freedom of thought,
information, and speech, it doesn't seem acceptable to me to toss
out a very large quantity of legal material in order to stop a
small quantity of illegal material. Other parts of the world, of
course, have different views. Singapore, for example, has a firewall
on the entire country. Do you approve of this action? Because it's
certainly quite effective in stopping the things you want to stop.
Also, you've not explained how, once more than a very few ISPs do
this, you're going to deal with all the binary posts appearing in
non-binary groups.
Remember the saying `the Internet interprets censorship as damage
and routes around it'? You can't shut off this material by removing
groups, Shawn.
>Past that, I can only see an ISP taking
>a reactive approach to the problem and simply deleting articles
>when people complain.
So it's ok if I delete your posts when someone complains about them,
then?
cjs
Shaun Patrick Foy
Curt,
Clearly, we are on entirely opposite sides of this fence. The
same questions keep arising. So, instead of arguing positions,
how about telling me what you will do if/when police show
up on your doorstep and want to seize your property? How are
you going to prevent this from happening? Do you think that
ISPs will continue to be ignored by law officials who haven't
quite figured out how to deal with this problem? Have ISPs
banded together and sought legal advice on the issue?
I don't want to leave you, or anyone, with the impression
that I want to restrict usenet. However, I have argued the
position that has been echoed by a number of my colleagues
at UBC and on the Net. I would hate to see any limitations
placed on usenet distribution alhtough I am expect that
illegal materials will cause this. Whether law enforcement
officials act against the individual, the ISP or both is
not at all clear. Regardless, you can bet they will act
on someone to try and prevent the distribution of this
material. I think that ISPs are the easiest target at the
moment. I would hope that ISPs are taking measures to
protect themselves; certainly that my ISP is taking measures
to protect themselves.
Regards,
Shaun.
Regards,
Shaun.
--
Curt Sampson
In article <53vg9l$m...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>Clearly, we are on entirely opposite sides of this fence. The
>same questions keep arising.
Yes, the same ones you won't answer. :-) Namely, why are you
proposing that it's better to shut down a very large amount of
legal speech than let just a little bit of illegal speech get
through. I notice that, though I've asked twice, you've never
indicated what your attitude is toward me removing your postings
from my system because a third party told me something in them
might be illegal.
In the end, I suppose what it comes down to is that the solution
you want is just not possible. When I point out that there's no
way of implementing it, you say that that's my problem. I'm afraid
the real world just doesn't work that way. You can't expect anyone
to comply with an impossible standard.
>...how about telling me what you will do if/when police show
>up on your doorstep and want to seize your property? How are
>you going to prevent this from happening?
I will give it to them, of course. I'll have no choice. At this
time I have no way of preventing that from happening. You'll note
that whether or not I take action to remove illegal material from
my system makes little difference at this stage; that BBS in Surrey
that was shut down was raided because had a CD-ROM mounted that
Canada Customs deemed suitable for importing into the country. (It
was bought off the shelf at a computer shop.)
However, when it reaches the courts, my actions do make a difference.
From what I have seen so far, if I have attempted certain actions
and failed, I am more culpable than if I have not attempted those
actions at all.
cjs
D Banks
Jay North (Dennis) wrote:
snip
> Bull Dung.. By your reasoning, I am in trouble. One Friday night
> while channel surfing on the TV, I discovered all the premium channels
> were in the clear. I decided to watch some of them. On Monday night
> they were gone again. What should I do? Refuse to watch them?
> Why were they available? Someone at the cable co either goofed or
> they were testing or whatever. I didn't order the premium channels &
> never got billed for them. Also most of the people I know on the same
> system discovered them & watched while they were on. Was that theft
> of cable? Bull Dung. They left it on.
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FWIW, It was a "free preview" weekend.
BORG
Shaun Patrick Foy wrote:
>
> Curt,
>
> Clearly, we are on entirely opposite sides of this fence. The
Well, you know, it's impossible to win in Usenet
discussions unless a party says "Yes, sorry,
I was wrong" which doesn't happen very often.
> how about telling me what you will do if/when police show
> up on your doorstep and want to seize your property? How are
> you going to prevent this from happening? Do you think that
> ISPs will continue to be ignored by law officials who haven't
> quite figured out how to deal with this problem? Have ISPs
> banded together and sought legal advice on the issue?
Why are you attacking Curt (as if he represented all
ISPs) and ignoring BCTel? Shouldn't they start
censoring illegal materials coming through their phone
lines as well? They are as much carriers of it as any ISP
who uses their lines is.
> I don't want to leave you, or anyone, with the impression
> that I want to restrict usenet. However, I have argued the
We already have such an impression.
> position that has been echoed by a number of my colleagues
> at UBC and on the Net. I would hate to see any limitations
> placed on usenet distribution alhtough I am expect that
> illegal materials will cause this. Whether law enforcement
> officials act against the individual, the ISP or both is
They should act against individual. Let's repeat this again:
ISP is not a publisher, it is a distributor, just like
BC-Tel, FedEx, Canadian Postal Service; actually, ISP
is not even a distributor, in most cases, it's a RE-distributor
of materials composed by others. Why aren't you waging
a war against other services through which some illegal
materials may be coming at the moment? Let's make
Canadian Postal Services open billions of letters
daily checking if Alice is sending Bob her pictures
taken when she was taken a bath and check ages of all
recipients. This seems neither possible nor reasonable
to me. Leave the Net alone and say NO to censorship! It
was created long before you even knew about its existence
and you're not to insist on changing the way it has
always operated. You don't like binaries? Don't read them.
Some do.
> not at all clear. Regardless, you can bet they will act
> on someone to try and prevent the distribution of this
> material. I think that ISPs are the easiest target at the
> moment. I would hope that ISPs are taking measures to
> protect themselves; certainly that my ISP is taking measures
> to protect themselves.
I hope you're taking measures to protect yourself.
Someone might be throwing a pound of cocain and a
bunch of porno magazines in your car trunk without your
knowledge just before you're about to go shopping
across the border.
Curt Sampson
In article <541n7m$1...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>With regards to my postings, I would be annoyed if you cancelled
>them because you suspected they had illegal materials in them,
>of course!
You would be annoyed, but you would still prefer to see your postings
cancelled than to see a few more rather than less postings of
illegal material on the net?
You do understand that anyone who doesn't like your postings can
simply submit the message-IDs for yours in with five hundred other
random message-IDs to me every morning, saying `these postings have
illegal content', and I would cancel the postings without examining
them, right?
> >You can't expect anyone
> >to comply with an impossible standard.
>
>Curt, I am not attempting to form any new standard. I am trying to
>apply a standard to ISPs that already exists elsewhere (criminal code).
The editor of a small newspaper might have to examine two or three
dozen articles per week to make sure they don't have any blatently
illegal content.
To examine everything that goes through my machines each day would
entail, for the news server alone, reading and judging approximately
125,000 articles per day. Assuming that we read and, when necessary
cancel articles at the rate of one every ten seconds (a rate I doubt
that can be sustained by a human through a workday, but what the heck,
I'll give it to you), it will take 347 man-hours per day, or a full time
staff of forty-four people, for Portal to check everything. I don't see
how, by any stretch of the imagination, you can see this as anything but
impossible for an ISP that currently employs 7 under-paid people and
runs on very tight margins.
And you're trying to apply a standard that's applied to people like
publishers, who pick and choose what they publish. You'll note that
this standard is *not* applied to organisations where other people
are in control of whether the material is made available on that
medium, such as the telephone company. An ISP is much more like a
telco than a book publisher.
>As far as how the real world works, I think that you are the one that
>is way off. If the courts deem that you are a distributor, rather than
>a conduit, then the fact that it is near impossible to regulate this
>material will have very little bearing on the outcome of the case.
Indeed. However, the courts are more likely to deem me a distributor
if I am editing the material passing through my system than if I do not
have anything to do with material passing through my system.
> >However, when it reaches the courts, my actions do make a difference.
> >From what I have seen so far, if I have attempted certain actions
> >and failed, I am more culpable than if I have not attempted those
> >actions at all.
>
>What makes you suggest this? What exactly have you seen?
The Prodigy case a couple of years ago. They were held to be
responsible for certain things appearing on their system only
because they made an attempt to control what could and couldn't
appear.
cjs
Curt Sampson
In article <541o08$1...@nntp.ucs.ubc.ca>,
Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>As far as BCTel is concerned, I could care
>less whether they get busted or how telcoms develop in general. The
>same for couriers, etc. I am genuinenly interested in the development
>of the internet.
You should care. If BC Tel was held to be responsbile for Internet
material passing over their circuits, they would not hesitate to
simply drop all services to those using those circuits to pass
Internet traffic. This would not be a pretty picture for the Internet
infrastructure in Vancouver.
>I think there are some obvious hurdles that will
>be faced by the community as a whole. One of the most pressing is
>censorship. How to deal with it? What motivates it? How to prevent
>it?
Well, what you are doing is encouraging something very much
approaching censorship. Remember my example of the person who wanted
to get all of your articles cancelled?
The main problem with your scheme is that you are making someone
with no interest in preserving that particular bit of speech
responsble for the content of it. If you post an article that might
have illegal content, and someone calls you on it, you can take it
to the courts, defend it, and get a proper judgement rendered on
it.
If, on the other hand, I'm responsible for your bit of speech, I
don't have the time or the inclination to defend it. There's no
gain for me to take that risk. So I'll just be safe and cancel your
post. It should be evident that this sort of thing is very damaging
to free speech in general, becase we move from suppressing speech
that *is* illegal to suppressing speech that *might be* illegal.
cjs
Curt Sampson
In article <541tb0$1...@nntp.ucs.ubc.ca>,>Well, you think it is not your responsibility if you can't do it cost
>effectively while I think it is your responsibility regardless of cost.
>If you can't do it cost effectively and remove only the articles that
>you want perhaps a better approach would be: 1) remove all binaries, or
>2) stop distributing news.
Well, that's it exactly. Since 1) can't be done (as soon as you
remove the binaries groups, people will simply start using the
non-binaries groups for their binaries), you are advocating that
all ISPs take action 2).
>*shrug* Obviously you are willing to bet your business on that.
I am betting my business anyway. You seem to think there's some
sort of difference between me carrying snuff porn in a.b.p.e.snuff-porn
and alt.test. I cannot for the life of me see why a court would
find that it's ok for me to do the latter, but not the former.
>Apparently, this isn't the case. If you make an attempt to remove
>some of the material, you can still make a legal argument that you
>are a conduit and not a distributor.
You greatly weaken your argument that you are a conduit because
you engage in explicitly non-conduit-like behaviour. That's what
nailed Prodigy.
> >The Prodigy case a couple of years ago. They were held to be
> >responsible for certain things appearing on their system only
> >because they made an attempt to control what could and couldn't
> >appear.
>
>Were they restricting distribution of binaries? As well, I thought
>this was a civil case. Do you know the details of the case?
It was a civil case, and it had nothing to do with binaries. However,
the principle is exactly the same. Prodigy was trying to argue that
they were a conduit, but the judge would not allow that because
they were not passing the information through unchanged. It was
very clear in the judge's write-up that this was the main reason
they were held responsible.
cjs
Gordon Mulcaster
In article <53vchd$m...@nntp.ucs.ubc.ca>, Shaun Patrick Foy writes:
> However, if I were an ISP, I would eliminate all groups that are
> intended to carry binaries.
You certainly wouldn't be a very popular ISP.
Shaun Patrick Foy
On 15 Oct 1996 04:04:06 -0700 Curt Sampson (cu...@cynic.portal.ca) wrote:
>In article <53vg9l$m...@nntp.ucs.ubc.ca>,
>Shaun Patrick Foy <sf...@zoology.ubc.ca> wrote:
>>Clearly, we are on entirely opposite sides of this fence. The
>>same questions keep arising.
>Yes, the same ones you won't answer. :-) Namely, why are you
>proposing that it's better to shut down a very large amount of
>legal speech than let just a little bit of illegal speech get
>through. I notice that, though I've asked twice, you've never
>indicated what your attitude is toward me removing your postings
>from my system because a third party told me something in them
>might be illegal.
My proposal suggests that an ISP is responsible for the materials
that they distribute. I have never suggested that you remove legal
material only that you remove illegal material. I have conceded
that it is not possible to remove only legal material at this point
and, therefore, you must do your best to remove the majority of
illegal material which, unfortunately, would result in the removal
of prefectly legit material. I don't see this as an optimal solution
but I do see it as a viable attempt towards removing illegal material
and protecting yourself as an ISP.
With regards to my postings, I would be annoyed if you cancelled
them because you suspected they had illegal materials in them,
of course!
>In the end, I suppose what it comes down to is that the solution
>you want is just not possible. When I point out that there's no
>way of implementing it, you say that that's my problem. I'm afraid
>the real world just doesn't work that way. You can't expect anyone
>to comply with an impossible standard.
Curt, I am not attempting to form any new standard. I am trying to
apply a standard to ISPs that already exists elsewhere (criminal code).
As far as how the real world works, I think that you are the one that
is way off. If the courts deem that you are a distributor, rather than
a conduit, then the fact that it is near impossible to regulate this
material will have very little bearing on the outcome of the case.
>>...how about telling me what you will do if/when police show
>>up on your doorstep and want to seize your property? How are
>>you going to prevent this from happening?
[snip]
>However, when it reaches the courts, my actions do make a difference.
>From what I have seen so far, if I have attempted certain actions
>and failed, I am more culpable than if I have not attempted those
>actions at all.
What makes you suggest this? What exactly have you seen?
Regards,
Shaun.
Shaun Patrick Foy
On Tue, 15 Oct 1996 11:12:15 -0700 BORG (vlad...@iceonline.com) wrote:
>> how about telling me what you will do if/when police show
>> up on your doorstep and want to seize your property? How are
>> ISPs will continue to be ignored by law officials who haven't
>> quite figured out how to deal with this problem? Have ISPs
>> banded together and sought legal advice on the issue?
>Why are you attacking Curt (as if he represented all
>ISPs) and ignoring BCTel? Shouldn't they start
>censoring illegal materials coming through their phone
>lines as well? They are as much carriers of it as any ISP
>who uses their lines is.
Attacking Curt? I would hardly say that. I think that Curt is the
only one that has expressed a desire to discuss this issue. Nobody
else has offered any constructive arguments. In fact, IP is my
ISP and has been very helpful. As well, IP does not carry many
of the groups to which I am referring, albeit for different reasons
than the ones I suggest. As far as BCTel is concerned, I could care
less whether they get busted or how telcoms develop in general. The
same for couriers, etc. I am genuinenly interested in the development
of the internet. I think there are some obvious hurdles that will
be faced by the community as a whole. One of the most pressing is
censorship. How to deal with it? What motivates it? How to prevent
it?
>> I don't want to leave you, or anyone, with the impression
>> that I want to restrict usenet. However, I have argued the
>We already have such an impression.
Tis a shame. A person can argue a point for a number of reasons.
Their personal beliefs don't have to, in fact aren't in my case,
reflected in their arguments.
>> position that has been echoed by a number of my colleagues
>> at UBC and on the Net. I would hate to see any limitations
>> placed on usenet distribution alhtough I am expect that
>> illegal materials will cause this. Whether law enforcement
>> officials act against the individual, the ISP or both is
>They should act against individual. Let's repeat this again:
>ISP is not a publisher, it is a distributor, just like
Says you. I say that the issue is not yet decided.
I answer the rest of your questions above.
>BC-Tel, FedEx, Canadian Postal Service; actually, ISP
>is not even a distributor, in most cases, it's a RE-distributor
>of materials composed by others. Why aren't you waging
>a war against other services through which some illegal
>materials may be coming at the moment? Let's make
>Canadian Postal Services open billions of letters
>daily checking if Alice is sending Bob her pictures
>taken when she was taken a bath and check ages of all
>recipients. This seems neither possible nor reasonable
>to me. Leave the Net alone and say NO to censorship! It
It is not up to us to say NO. It is up to us to deal with
the issue as it arises. I can say no til I am blue in the face
but it certainly wont affect what the courts decide.
>> not at all clear. Regardless, you can bet they will act
>> on someone to try and prevent the distribution of this
>> material. I think that ISPs are the easiest target at the
>> moment. I would hope that ISPs are taking measures to
>> protect themselves; certainly that my ISP is taking measures
>> to protect themselves.
>I hope you're taking measures to protect yourself.
>Someone might be throwing a pound of cocain and a
>bunch of porno magazines in your car trunk without your
>knowledge just before you're about to go shopping
>across the border.
Vlad, this isn't an argument, it is essentially cane waving.
If you want to place a reasonable argument, fine, do so and
I will do my best to respond.
Regards,
Shaun.
--
Shaun Patrick Foy
On 15 Oct 1996 22:27:51 -0700 Curt Sampson (cu...@cynic.portal.ca) wrote:
>To examine everything that goes through my machines each day would
>entail, for the news server alone, reading and judging approximately
>125,000 articles per day. Assuming that we read and, when necessary
>cancel articles at the rate of one every ten seconds (a rate I doubt
>that can be sustained by a human through a workday, but what the heck,
>I'll give it to you), it will take 347 man-hours per day, or a full time
>staff of forty-four people, for Portal to check everything. I don't see
>how, by any stretch of the imagination, you can see this as anything but
>impossible for an ISP that currently employs 7 under-paid people and
>runs on very tight margins.
Well, you think it is not your responsibility if you can't do it cost
effectively while I think it is your responsibility regardless of cost.
If you can't do it cost effectively and remove only the articles that
you want perhaps a better approach would be: 1) remove all binaries, or
2) stop distributing news.
>And you're trying to apply a standard that's applied to people like
>publishers, who pick and choose what they publish. You'll note that
>this standard is *not* applied to organisations where other people
>are in control of whether the material is made available on that
>medium, such as the telephone company. An ISP is much more like a
>telco than a book publisher.
*shrug* Obviously you are willing to bet your business on that. Personally,
I wouldn't even dream of taking that chance. Apparently, there are other
ISPs that wouldn't either since last I heard there were ISPs around
town that have eliminated a number of controversial groups.
>>As far as how the real world works, I think that you are the one that
>>is way off. If the courts deem that you are a distributor, rather than
>>a conduit, then the fact that it is near impossible to regulate this
>>material will have very little bearing on the outcome of the case.
>Indeed. However, the courts are more likely to deem me a distributor
>if I am editing the material passing through my system than if I do not
>have anything to do with material passing through my system.
Apparently, this isn't the case. If you make an attempt to remove
some of the material, you can still make a legal argument that you
are a conduit and not a distributor.
This means if you make no attempt to remove the material you argue
that you are a conduit and:
1) courts find you are a conduit - you are safe because you aren't
responsible for the materials other people put on your system.
2) courts find you aren't a conduit - you are guilty because you
clearly intended to distribute the material.
However, if you make attempts to remove the material then you argue
that you are a conduit and:
1) courts find you are a conduit - safe
2) courts find you aren't a conduit - you can now argue that you
had no intent to distribute illegal material as supported by your
efforts to remove it from your system.
Perhaps you should consult a lawyer on these issues. It may be money
well spent. If you have consulted your lawyer, what did (s)he say?
>> >However, when it reaches the courts, my actions do make a difference.
>> >From what I have seen so far, if I have attempted certain actions
>> >and failed, I am more culpable than if I have not attempted those
>> >actions at all.
>>
>>What makes you suggest this? What exactly have you seen?
>The Prodigy case a couple of years ago. They were held to be
>responsible for certain things appearing on their system only
>because they made an attempt to control what could and couldn't
>appear.
Were they restricting distribution of binaries? As well, I thought
this was a civil case. Do you know the details of the case?
Regards,
Shaun.
BORG
Shaun Patrick Foy wrote:
.....
> Well, you think it is not your responsibility if you can't do it cost
> effectively while I think it is your responsibility regardless of cost.
> If you can't do it cost effectively and remove only the articles that
> you want perhaps a better approach would be: 1) remove all binaries, or
> 2) stop distributing news.
Not a bad approach. Some of the binaries are illegal, let's
terminate them all. Some groups are "bad", let's stop
Usenet services. Some of citizens are criminals, let's
exterminate the whole nation. You start sounding like a little
Stalin (or Hitler?)
.......
> *shrug* Obviously you are willing to bet your business on that. Personally,
> I wouldn't even dream of taking that chance. Apparently, there are other
> ISPs that wouldn't either since last I heard there were ISPs around
> town that have eliminated a number of controversial groups.
...and lost a number of their customers. The trend is that
people try to stick with ISPs who provides more services
and less restrictions. I don't see anyone praising iStar
for censoring groups, but I see customers leaving them
instead. Vote with your feet.
BORG
Shaun Patrick Foy wrote:
......
> >BC-Tel, FedEx, Canadian Postal Service; actually, ISP
> >is not even a distributor, in most cases, it's a RE-distributor
> >of materials composed by others. Why aren't you waging
> >a war against other services through which some illegal
> >materials may be coming at the moment? Let's make
> >Canadian Postal Services open billions of letters
> >daily checking if Alice is sending Bob her pictures
> >taken when she was taken a bath and check ages of all
> >recipients. This seems neither possible nor reasonable
> >to me. Leave the Net alone and say NO to censorship! It
>
> It is not up to us to say NO. It is up to us to deal with
> the issue as it arises. I can say no til I am blue in the face
> but it certainly wont affect what the courts decide.
Yes, it is up to us to decide. Suppose, Vancouver courts
will explicitly ban pics of naked women in *binaries.
I open an account in Alberta (or in New-York or even
in Holland) and post from there. I will protest their
desision by my actions. How would they prosecute me?
What's the location of my crime? An nntp box somewhere
in Holland? Can they prove I was in Vancouver at the time
of posting? What if I was not in Vancouver but in Seattle
and telnetted to my box from there? You see, Patrick, usenet
doesn't care about the borders. While the courts are deciding,
people will continue doing what they did. Internet is too
flexible to be controlled by the governments. If it ever is,
then we will use the powerful tool of civil disobedience.
Everything's up to us, that's we who's making the Net of the
future, not stupid bureacrates in Washington or Ottawa.
Regards,
Rick Franchuk
BORG wrote:
> Yes, it is up to us to decide. Suppose, Vancouver courts
> will explicitly ban pics of naked women in *binaries.
> I open an account in Alberta (or in New-York or even
> in Holland) and post from there. I will protest their
> desision by my actions. How would they prosecute me?
> What's the location of my crime? An nntp box somewhere
> in Holland? Can they prove I was in Vancouver at the time
> of posting? What if I was not in Vancouver but in Seattle
> and telnetted to my box from there? You see, Patrick, usenet
> doesn't care about the borders. While the courts are deciding,
> people will continue doing what they did. Internet is too
> flexible to be controlled by the governments. If it ever is,
> then we will use the powerful tool of civil disobedience.
> Everything's up to us, that's we who's making the Net of the
> future, not stupid bureacrates in Washington or Ottawa.
The problems you describe go way beyond the comparitively simple
"problem" of potentially offensive/illegal usenet postings. There's
recently been a lot of furor over the jurisdiction of Law (which is
based on the physical) over crimes enacted on the 'Net (which is both
virtual and physical, although the physical can be spread to areas way
beyond traditional physical jurisdiction).
I can envision a couple possible scenarios:
a) A consortium of countries offering Internet services to thier
populace that have a concern with legal matters over the 'Net
will forge some sort of "Internet Extradition", where some
rules of where criminal-X will be hammered out amongst the
constituents. This is unlikely, but if it DOES happen, the
possibilities are frightening... would you like to be subject
to the whims of some foreign law process from a country that
could literally be half a world away?
b) Enforcment will bust people in local jurisdictions based on
local laws... in essence, the crime may have been commited
somewhere else, but you did it in our physical area, so we
busted you. This is more/most likely.
On a personal note, I have no problem with other people want to read
alt.sex.spank-the-gerbil or whatever. What they do is thier own thing.
So long as it's not in my face, I'm fine. Purveyors of those groups,
however, do not (and should not, in my opinion) have the RIGHT to demand
access to those groups from a particular ISP if that ISP decides to shut
those groups off. Just as much as you have the right to read and post to
whatever newsgroup you like, using or ignoring based on your preference,
so should an ISP... offering or discontinuing groups based on company
policy and legal concerns.
Now, that applies to groups as a whole. I personally have problems with
people going in and removing individual MESSAGES based on thier content,
and would consider that as censorship. If you're going to offer a group,
offer it in its entirety.
Thus endeth my rambling manefesto... ;)
-- Rick Franchuk -- Internet Portal -- mailto:ri...@portal.ca --
Disclaimer: These options aren't those of my employer, fellow
employees, or possibly even myself. Read at your
own risk. If hearing loss, blurred vision, vertigo
or loss of consciousness result, discontinue use.
Gordon Mulcaster
In article <541tb0$1...@nntp.ucs.ubc.ca>, Shaun Patrick Foy writes:
> Well, you think it is not your responsibility if you can't do it cost
> effectively while I think it is your responsibility regardless of cost.
Hmmm, that's the argument that protects BC-Tel and Canada Post... And
probably Rogers Cable...
Gordon Mulcaster
In article <541n7m$1...@nntp.ucs.ubc.ca>, Shaun Patrick Foy writes:
> My proposal suggests that an ISP is responsible for the materials
> that they distribute.
ISPs only distribute material on _their_ web pages and ftp servers. Not
usenet. Not email.
> I have never suggested that you remove legal
> material only that you remove illegal material.
Yes you have. You have suggested removing binarie groups that _may_ contain
posts that contain illegal ideas or images. That action would also remove
much material that isn't illegal.
> I have conceded
> that it is not possible to remove only legal material at this point
> and, therefore, you must do your best to remove the majority of
> illegal material which, unfortunately, would result in the removal
> of prefectly legit material.
See! You're doing it again!
> I don't see this as an optimal solution
> but I do see it as a viable attempt towards removing illegal material
> and protecting yourself as an ISP.
It's not a solution at all and it's a viable attempt at making himself more
vulnerable as an ISP. See Prodigy.
> With regards to my postings, I would be annoyed if you cancelled
> them because you suspected they had illegal materials in them,
> of course!
The example was deleting your posts because someone included them in a huge
list of messages that may have illegal material. How would you feel about
having your messages deleted because someone was trying to censor me? Your
posts being collateral damage.
> If the courts deem that you are a distributor, rather than
> a conduit, then the fact that it is near impossible to regulate this
> material will have very little bearing on the outcome of the case.
The proper term is common-carrier, not conduit.
The outcome will be the elimination of usenet in BC/Canada and all us
usenet readers will have to sign up with foreign NNTP servers. Oh, and Curt
goes to jail and the murderer who was in Curt's new bed get's early
paroll.
van...@wimsey.com
cu...@cynic.portal.ca (Curt Sampson) writes:
>delivered it to you? Don't forget that BC Tel is just as responsible
>as those ISPs, since the material goes over their telephone lines.
Which is of course the entire problem, BC Tel is likely not liable
because they are a common carrier, you as an ISP may or may not be liable
because it is unclear whether you would have common carrier like status (ISP
isn't one of the designated common carriers in the legislation I don't think)
before the courts. So far the free speechers have declined to start an ISP
and create and pay for a test case (although there are lots of them willing
for you to do so of course ...)
van...@wimsey.com
jab...@lynx.bc.ca (Joseph Abbott) writes:
>Are you a lawyer? If not I suggest you refrain from making
>speculations about what would and wouldnt stand up in court.
>Setting your server to allow people to telnet to port 119 is
>*authorizing access* to port 119.
Well exuse me for living! I hadn't been aware that you had the truth
revealed to you from on high (it must be nice to know everything). I'll try
to remember that you know everything and therefore don't want to hear (and
obviously don't listen to) any other opinion in future so as not to bother
you.
van...@wimsey.com
BORG <vlad...@iceonline.com> writes:
>Why are you attacking Curt (as if he represented all
>ISPs) and ignoring BCTel? Shouldn't they start
>censoring illegal materials coming through their phone
>lines as well? They are as much carriers of it as any ISP
>who uses their lines is.
Nope. BC Tel is designated a "common carrier" as is the Post Office.
This releaves them of some responsibility for content (see the interesting
series of articles from a Toronto lawyer in can.infohighway some time back
on the Istar removal of news groups for informed discussion on this subject).
Curt, my employer and any one else not specifically designated a common
carrier in the legislation is in a legal grey area and possibly subject
to prosecution. Since there is no current case law so far, setting some is
likely to be very expensive. This is one of the things that my employer
paid for a legal opinion on some years ago and I don't beleive there has been
any change (in the form of a trial) since then.
van...@wimsey.com
cu...@cynic.portal.ca (Curt Sampson) writes:
>I am betting my business anyway. You seem to think there's some
>sort of difference between me carrying snuff porn in a.b.p.e.snuff-porn
>and alt.test. I cannot for the life of me see why a court would
>find that it's ok for me to do the latter, but not the former.
The Toronto lawyer figures there is a difference. Even if you are
a common carrier (such as BC Tel) if you knowingly carry content that is
illegal then you are still liable. The lawyer's opinion is that from the
name of the news group a.b.p.e.snuff-porn you should be aware that it is
primarily concerned with illegal material and therefore should not be carried.
The same article in alt.test would be considered exempt should you be considered
the same as a common carrier as long as you were not aware (i.e. someone
hasn't alerted you to an illegal article in alt.test) that the illegal
content was there. Of course this still leaves the hole of "are you a
common carrier or not".
Jay North (Dennis)
On Tue, 15 Oct 1996 13:58:36 -0700, D Banks <david...@gdt.com>
wrote:
Nope, sorry bout that it was not. I called & asked.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . Everyone needs a little menace in their lives . . .
William Robert Night
Curt Sampson (cu...@cynic.portal.ca) wrote:
>: Joseph Abbott <jab...@lynx.bc.ca> wrote:
>: >
>: >Face it, if you make your information available to the public on the
>: >internet, then the public has a right to view that info in the way
>: >that you set it up to be viewed (even if you didnt intend to set it up
>: >that way).
>: Face it, if you leave your door unlocked then I've got the right to
>: walk into your house and view anything there, even if you didn't intend
>: to set it up that way.
If all of the homes in the area were identical and had signs on the front
lawn saying that they were for sale, and inviting you to come in, except
for that specific house... The problem with your argument is that
telneting to a site isn't the equivalent of trying to doorknob; it's the
equivalent of looking in the front lawn for a sign, and that sign is
either a guest account, (anonymous, etc) or the lack of a login prompt.
If the default on the internet was to assume that permission wasn't
given, as is the case with unlocked houses, then telneting around would
be an invasion of privacy, but because of the way the internet works,
that would be impossible.
I could send you e-mail asking if I could telnet to your machine, but
that just means that the e-mail program telnets to your machine. There is
no way of my reaching your machine that couldn't be abused if you set it
up incorrectly. That means that I can't reasonably be expected to ask for
permission first.
Unless you password something, with a non-guest account, or display a
message saying that access is not permitted except from certain people,
then it MUST be assumed to be permitted. If you don't allow any access,
then you shouldn't be on ANY network, because the purpose of a network is
for communication, and that is impossible without the presumption of
permission to telnet from one machine to another.
>: >That is a very poor analogy. Most times when people try to compare
>: >internet things to "real life" situations they fail, and this is a
>: >good example of that. First of all, it is common practice to ask
>: >permission before entering someones house. It is NOT common practice
>: >to ask before telneting somewhere.
>: It may not be common practice, but it should be. You had damn well
>: better ask me for permission before telnetting to the shell machine
>: I run for Portal, for example. I give permission to do this by selling
>: you an acocunt. If you don't have an account, you need my explicit
>: permission.
No, there is no reason why I should do this. Many programs (finger for
instance) telnet to other machines, and unless you make it known
blatantly that this is not allowed (by returning that response to a
request for finger information) then it must be assumed that it is permitted.
>: This is just like a house. You don't have permission to go up to
>: the door and try the doorknob unless the owner gives you that
>: permission. If you rent the house from a landlord, he's not going
>: to say `you now have permission to try the doorknob on that door.'
>: It's implicit in his signing the contract with you. But that
>: permission still exists.
The problem with what you say is that on the internet it is reasonable to
assume permission unless it is revoked.
>: >And what a ridiculous place the Internet would be if it was.
>: Assume for the moment that it is common practice to get permission
>: before telnetting to a site. How does this make the Internet a
>: ridiculous place?
Try contecting someone in any way over the internet without telneting to
their site.
>: >I see, so in your vision of the Internet, all sites, ftp, telnet,
>: >gopher, www, etc must advertise their existence to all the users of
>: >the internet, otherwise people dont have permission to go there?
>: Exactly.
And as such, this advertisment must be blatant, of the form "Everyone is
granted permission to visit my web site - signed by owner." So a simple
HTML link wouldn't be enough, because that link wasn't made by you, and
could have been put there without your permission.
Give it up, if you are too incompotent to set permissions so that the
default is to not allow access, and password the types of access you want
to allow private access to, or if nothing else, print a message stating
this, then you don't deserve to run a server.
>: >Yes they do. Too bad for them. Just because its easy to make a mistake
>: >when setting up a server, doesnt mean that we have to second guess
>: >what the intentions of the person who set it up are.
>: It's not hard to guess those intentions, any more than it's hard
>: for me to guess your intentions when you leave the door to your
>: house unlocked. I can make a pretty good guess that it's not because
>: you're opening it to the general public.
You aren't making allowance for the many cases in our society in which an
unlocked door IS an invitation.
Go out to the local university, pick the biggest building around, and try
the door. If it is unlocked, go in and look around.
This is equivalent to trying the base domain name (mit.edu) to see if it
has a public web page, or FTP site.
There have to be ways that people can contact you, and FTP, WWW, and
E-Mail are the standards, but they ALL involve telnetting to a machine.
How else do you want people to ask you for permission?
>: >If you *read* what I wrote you will i see I made a point of saying it
>: >is not right to exploit a security hole.
>: But the inability of certain Windows NT news servers to block access
>: from sites other than wanted ones is a security hole. I think what
>: you're trying to say is that security holes that are difficult to
>: exploit are not fair game, whereas those that are easy to exploit
>: are fair game. In which case, if you mail server is running an
>: i386-based OS, that sendmail is dead easy for me to exploit and is
>: thus fair game....
It is a BIG step from saying that the total lack of any security
implementation is a hole. Is it a bug that your car doesn't have wings?
Curt Sampson
In article <5476dc$4...@wolfe.wimsey.com>,
William Robert Night <wni...@giant.mindlink.bc.ca> wrote:
>If all of the homes in the area were identical and had signs on the front
>lawn saying that they were for sale, and inviting you to come in, except
>for that specific house... The problem with your argument is that
>telneting to a site isn't the equivalent of trying to doorknob; it's the
>equivalent of looking in the front lawn for a sign, and that sign is
>either a guest account, (anonymous, etc) or the lack of a login prompt.
I don't understand where you get this idea from. The vast majority
of systems on the Internet do not have guest accounts. The vast
majority were not put the for people outside of that organisation
to log in to.
My company and I together have oh, about eleven servers on the
Internet right now. Only one of those is for access for people who
aren't our staff, and even that one is only for access by our
customers.
However, I need to be able to access some of these systems from
elsewhere. That means I need to have a telnet daemon running,
because plenty of places don't support ssh. You're telling me that
if I'm going to make a service available for me to use, I must make
it available for everyone to use.
Well, I'm telling you that if you are going to have a house on a
public street, you're saying right then and there, by the existence
of the house and the existence of a door, that I am allowed to try
that door, and if it happens to be open, I'm allowed to go in and
look around. This argument is just as reasonable as the equivalant
argument for computers on networks.
>I could send you e-mail asking if I could telnet to your machine, but
>that just means that the e-mail program telnets to your machine.
No, it doesn't. Your e-mail uses the SMTP protocol to contact a
machine (not necessarially the one that I'm on). In this particular
case I've published my e-mail address at the top of this message,
so I have implicitly given you permission to contact any of the MX
hosts listed for that e-mail addreess using SMTP, to transfer mail.
That is not at all the same thing as giving you permission to telnet
to any of those machines.
>There is
>no way of my reaching your machine that couldn't be abused if you set it
>up incorrectly. That means that I can't reasonably be expected to ask for
>permission first.
No, that's the reason that you *should* ask for permission first;
you may find a way in that I didn't intend you to have, because I
set it up incorrectly. Your access to my systems should be based
on whether or not I want you to have access, not on how good my
system administration skills are and whether or not there are bugs
in my programs.
>Unless you password something, with a non-guest account, or display a
>message saying that access is not permitted except from certain people,
>then it MUST be assumed to be permitted. If you don't allow any access,
>then you shouldn't be on ANY network, because the purpose of a network is
>for communication, and that is impossible without the presumption of
>permission to telnet from one machine to another.
Again, you seem to be saying that if I put a machine on the Internet,
it's to make it available to the general public. Often it's not.
Often it's just to make it available to me when I'm in a different
location. Saying `well, you can't do that with the Internet' is
silly; you're just making the Internet less useful to everyone.
>No, there is no reason why I should do this. Many programs (finger for
>instance) telnet to other machines...
Finger does not telnet. Finger uses the finger protocol. Different port,
different protocol.
>>: Assume for the moment that it is common practice to get permission
>>: before telnetting to a site. How does this make the Internet a
>>: ridiculous place?
>
>Try contecting someone in any way over the internet without telneting to
>their site.
I do it all the time. I send e-mail. I browse the web and fill in
forms. I use services that sites publically advertise. So tell me
again, how does this make the Internet a ridiculous place.
>And as such, this advertisment must be blatant, of the form "Everyone is
>granted permission to visit my web site - signed by owner." So a simple
>HTML link wouldn't be enough, because that link wasn't made by you, and
>could have been put there without your permission.
No, any advertisement condoned by the machine's owner is fine. I
publish my e-mail address, therefore you have permission to contact
via SMTP for the purpose of transferrign mail any MX hosts listed
for that DNS entry. I publish a URL in my signature, therefore you
are allowed to contact port 80 on that machine for the purpose of
downloading web pages.
>Give it up, if you are too incompotent to set permissions so that the
>default is to not allow access, and password the types of access you want
>to allow private access to, or if nothing else, print a message stating
>this, then you don't deserve to run a server.
These are strong words from someone who knows so little about
networking that he can't tell the difference between a telnet and
an SMTP session.
The `permissions' on a server are not just set by the user. They
are also set through the interaction of ever designer and programmer
who has ever worked on a system. It is not possible to make a system
perfectly secure. Sometimes this is due entirely to the system
administrator setting up something incorrectly. Sometimes this is
due entirely to the designer or programmer setting up something
incorrectly. Most often it's a combination of the two. The sysadmin
might enable two different services, based on code from two different
places, and they might interact in a way not forseen by the system
administrator or the designers and programmers. That doesn't give
you the right to take advantage of them.
Given that you know so little about networking and security, it's
pretty presumptious of you to suggest that others don't deserve to
run a server.
>>: It's not hard to guess those intentions, any more than it's hard
>>: for me to guess your intentions when you leave the door to your
>>: house unlocked. I can make a pretty good guess that it's not because
>>: you're opening it to the general public.
>
>You aren't making allowance for the many cases in our society in which an
>unlocked door IS an invitation.
>
>Go out to the local university, pick the biggest building around, and try
>the door. If it is unlocked, go in and look around.
Yes indeed I am. I pointed out the difference between public and private
buildings in my last posting. You deleted that bit.
>>: But the inability of certain Windows NT news servers to block access
>>: from sites other than wanted ones is a security hole. I think what
>>: you're trying to say is that security holes that are difficult to
>>: exploit are not fair game, whereas those that are easy to exploit
>>: are fair game. In which case, if you mail server is running an
>>: i386-based OS, that sendmail is dead easy for me to exploit and is
>>: thus fair game....
>
>It is a BIG step from saying that the total lack of any security
>implementation is a hole. Is it a bug that your car doesn't have wings?
Of course it's a hole. You can get in through it, can't you?
My point is that it doesn't make any difference what the reason is
that you aren't prevented from doing somethig you shouldn't be
doing. The fact is, just because you aren't stopped from doing it
doesn't mean the system administrator wanted you to do it. If you
don't know if you're allowed to do something, you should ask, not
just assume you are.
Keep in mind that this is embodied in law in the US, at least.
Telnetting to a server which you've not been given permission to
access is in and of itself an illegal act, whether or not you type
anything to the login prompt after that.
cjs
Thomas Dzubin
cu...@cynic.portal.ca (Curt Sampson) wrote:
>>I could send you e-mail asking if I could telnet to your machine, but
>>that just means that the e-mail program telnets to your machine.
>
>No, it doesn't. Your e-mail uses the SMTP protocol to contact a
>machine (not necessarially the one that I'm on). In this particular
>case I've published my e-mail address at the top of this message,
>so I have implicitly given you permission to contact any of the MX
>hosts listed for that e-mail addreess using SMTP, to transfer mail.
>That is not at all the same thing as giving you permission to telnet
>to any of those machines.
I'm actually picking nits and I agree totally with what you are saying,
but I quite often send email by telneting to port 25 on the server and
having a keyboard macro do all the icky RFC 821 stuff. (This is because
on some machines, all I have is a TCP/IP-enabled KERMIT program)
<snip>
>I do it all the time. I send e-mail. I browse the web and fill in
>forms. I use services that sites publically advertise. So tell me
>again, how does this make the Internet a ridiculous place.
>
Again, another fun thing to do if you are really bored is to use
a telnet client for web browsing. I've done it. I also won a
bet by doing it too!
Again, I had nothing really useful to add to this whole thread, so
I thought I'd throw in something useless.
Thomas "who has nothing better to do late on Friday afternoon" Dzubin
Vancouver.
BORG
Curt Sampson wrote:
........
> My company and I together have oh, about eleven servers on the
> Internet right now. Only one of those is for access for people who
> aren't our staff, and even that one is only for access by our
> customers.
I am hereby to request your formal permission to
access the web page of portal.ca. Please reply
with a PGP-signed message and with a confirmation of
your supervisor.
.......
> No, it doesn't. Your e-mail uses the SMTP protocol to contact a
> machine (not necessarially the one that I'm on). In this particular
> case I've published my e-mail address at the top of this message,
...and you also published your nntp server name in
the Message-ID field. :)
> so I have implicitly given you permission to contact any of the MX
> hosts listed for that e-mail addreess using SMTP, to transfer mail.
> That is not at all the same thing as giving you permission to telnet
> to any of those machines.
How do I know that email address is published implicitly to give
me a permission to send you email but Mesage-ID is something
that prohibit me from telnetting to that host on 119? All
of the headers in your message contain lots of information
but nothing says what can be accessed and what can't be.
.....
> No, that's the reason that you *should* ask for permission first;
> you may find a way in that I didn't intend you to have, because I
> set it up incorrectly. Your access to my systems should be based
> on whether or not I want you to have access, not on how good my
> system administration skills are and whether or not there are bugs
> in my programs.
I simply refuse to believe that someone capable of
compiling and setting up Innd for thousands of customers
is unable to properly edit /etc/hosts.allow and /etc/hosts.deny
or whatever other files might be involved on his/her system.
> Again, you seem to be saying that if I put a machine on the Internet,
> it's to make it available to the general public. Often it's not.
Well, how do I know unless I try to access it? :)
.......
> Keep in mind that this is embodied in law in the US, at least.
> Telnetting to a server which you've not been given permission to
Even telnetting to SMTP and POP ports and trying to send a
message that way? My email client does the same thing when I,
for example, am sending this message to you, except,
my client sends HELO, MAIL FROM:, RCPT TO: and other
commands automatically, without making me type them. That's
the only difference I see between my email client opening
an SMTP connection to your host and doing the same thing
by "telnet mail.portal.ca smtp". I am sorry for not asking
your permission to send you this email message.
> access is in and of itself an illegal act, whether or not you type
> anything to the login prompt after that.
Regards,
Vlad
PS. Please reply in newsgroups.
Curt Sampson
In article <5490s9$a...@fountain.mindlink.net>,
Thomas Dzubin <dzu...@vcn.bc.ca> wrote:
>
>I'm actually picking nits and I agree totally with what you are saying,
>but I quite often send email by telneting to port 25 on the server and
>having a keyboard macro do all the icky RFC 821 stuff.
Ah, but you're not using the telnet protocol then. If you check
the source code to your telnet program, you will find that it uses
telnet protocol only when connecting to the telnet port on a remote
server, and uses clear-channel TCP otherwise. (Or it may try to
auto-detect for telnet protocol, but it won't get it on an SMTP
port.)
cjs
Joseph Abbott
NOTE: I am sending this again because it appears to have not gotten
thru the first time (sorry if you've seen it before)
On 13 Oct 1996 23:56:25 -0700, van...@wimsey.com wrote:
>jab...@lynx.bc.ca (Joseph Abbott) writes:
>
>>The Internet and the client/servers that run on it are design to make
>>information accessable easily. If you can access something on the
>>Internet, providing you arent exploiting some design flaw, then you
>>have been given permission from the owner of the server to do that.
>
> Interesting theory, but I'd suggest reading the 2 sections of the
>criminal code on computer crime (unauthorized access to a computer and
>mischief to data are the names as I recall, I probably have the section numbers
>on a supoena here somewhere) and then consider whether you think this argument
>would stand up should you be charged. Both secitons are pretty broad and I
>believe would probably apply to this case.
Are you a lawyer? If not I suggest you refrain from making
speculations about what would and wouldnt stand up in court.
Setting your server to allow people to telnet to port 119 is
*authorizing access* to port 119.
Joseph Abbott
*=*=*=*=*= Plutonian Web Design and Authoring =*=*=*=*=*
<<<http://www.geocities.com/Hollywood/3312/pluto.html>>>
___
Joseph Abbott
On 18 Oct 1996 10:42:32 -0700, cu...@cynic.portal.ca (Curt Sampson)
wrote:
>In article <5476dc$4...@wolfe.wimsey.com>,
>William Robert Night <wni...@giant.mindlink.bc.ca> wrote:
>Well, I'm telling you that if you are going to have a house on a
>public street, you're saying right then and there, by the existence
>of the house and the existence of a door, that I am allowed to try
>that door, and if it happens to be open, I'm allowed to go in and
>look around. This argument is just as reasonable as the equivalant
>argument for computers on networks.
No it's not. A house and a server are not the same thing. Wer have
certain customs, and in Canada it is not customary to enter someones
house without their permission. If you dont know this then you have
probably been spending too much time behind your computer.
It is customary on the Internet NOT to ask permission before using a
server that was set up specifically to do the thing you are using the
server to do.
Infact, i have *never* asked permission before telneting, ftping,
gophering, browsing the web, or emailing. (I have asked permission
before talk requesting and before fingering in some cases).
>
>No, it doesn't. Your e-mail uses the SMTP protocol to contact a
>machine (not necessarially the one that I'm on). In this particular
>case I've published my e-mail address at the top of this message,
>so I have implicitly given you permission to contact any of the MX
>hosts listed for that e-mail addreess using SMTP, to transfer mail.
To use your lame analogy which you continue to use again and again in
this thread, if you publish the address of your house does that mean
you want people to walk in without asking?
What in the would does advertising have to do with permission on the
Internet? Nothing. On the internet people give permission by allowing
access. Thats how it works on the Internet. Curt, this is NOT how it
works with houses so please dont wander into peoples houses. :)
>>There is
>>no way of my reaching your machine that couldn't be abused if you set it
>>up incorrectly. That means that I can't reasonably be expected to ask for
>>permission first.
>
>No, that's the reason that you *should* ask for permission first;
>you may find a way in that I didn't intend you to have, because I
>set it up incorrectly. Your access to my systems should be based
>on whether or not I want you to have access, not on how good my
>system administration skills are and whether or not there are bugs
>in my programs.
Bugs, of course, should never be exploited to gain access to a server.
No one is saying they should, so why do you constantly bring it up?
Secondly, most people on the Internet cant read your mind, so they
have no way of knowing what access you "intend" the public to have.
They only know what access you give the public.
>>>: Assume for the moment that it is common practice to get permission
>>>: before telnetting to a site. How does this make the Internet a
>>>: ridiculous place?
>>
>>Try contecting someone in any way over the internet without telneting to
>>their site.
>
>I do it all the time. I send e-mail. I browse the web and fill in
>forms. I use services that sites publically advertise. So tell me
>again, how does this make the Internet a ridiculous place.
Did you ask permission before sending an http request to that web
server you visited? Why do you say you need written permission to
access a telnet server, but dont seem to need any permission to access
a web server? Tha seems a bit ridiculous to me.
>No, any advertisement condoned by the machine's owner is fine. I
>publish my e-mail address, therefore you have permission to contact
>via SMTP for the purpose of transferrign mail any MX hosts listed
>for that DNS entry. I publish a URL in my signature, therefore you
>are allowed to contact port 80 on that machine for the purpose of
>downloading web pages.
So all these people who dont publish their web URL and email address
in their sigs, and all those people who dont even post to USENET under
your rules cant be emailed or have their web sites visited?
>The `permissions' on a server are not just set by the user. They
>are also set through the interaction of ever designer and programmer
>who has ever worked on a system. It is not possible to make a system
>perfectly secure. Sometimes this is due entirely to the system
>administrator setting up something incorrectly. Sometimes this is
>due entirely to the designer or programmer setting up something
>incorrectly. Most often it's a combination of the two. The sysadmin
>might enable two different services, based on code from two different
>places, and they might interact in a way not forseen by the system
>administrator or the designers and programmers. That doesn't give
>you the right to take advantage of them.
yes it does. It is unfortunate that servers are so complicated and
that errors are sometimes made. But life has to go on. The Internet
has to be usefull, and if everyone had to ask permission before using
a server on the Internet, it would not be usefull. You would be
flooded with more email requests than you could possibily handle.
I think it would be more usefull to spend your time trying to make
sure your server is set up properly rather than answering 100 email
msgs a day of people saying "can I vistit you web page?"
>>>: It's not hard to guess those intentions, any more than it's hard
>>>: for me to guess your intentions when you leave the door to your
>>>: house unlocked. I can make a pretty good guess that it's not because
>>>: you're opening it to the general public.
>>
>>You aren't making allowance for the many cases in our society in which an
>>unlocked door IS an invitation.
>>
>>Go out to the local university, pick the biggest building around, and try
>>the door. If it is unlocked, go in and look around.
>
>Yes indeed I am. I pointed out the difference between public and private
>buildings in my last posting. You deleted that bit.
Wow, another blow to your house analogy. Maybe its time to think of
another one... or better yet, talk about servers instead of houses!!
>
>Keep in mind that this is embodied in law in the US, at least.
>Telnetting to a server which you've not been given permission to
>access is in and of itself an illegal act, whether or not you type
>anything to the login prompt after that.
Yes, but permission is granted by setting up their server to allow you
access. See how sophisticated that is? Unlike your completely
unworkable vision of the internet where all permissions must be given
in writting.
Joseph Abbott
NOTE: I am reposting this because it appears to have not gotten thru
the first time.
On 13 Oct 1996 21:39:47 -0700, cu...@cynic.portal.ca (Curt Sampson)
wrote:
>In article <3261a482...@news.lynx.bc.ca>,
>Joseph Abbott <jab...@lynx.bc.ca> wrote:
>>
>>The person who set up the server set it up in a way to allow people to
>>telnet to port 119. He didnt have to allow access, but he chose to.
>
>That's one possibility. Another is that he knew not much more than
>you know about news servers, and didn't know how to close off access
>properly, or even that he needed to close off access. Yet another
>is that he's using news server software (such as some packages that
>run under Windows NT) that doesn't let him close off that port to
>certain users.
Well I assume he chose to allow access. You would prefer that I
assumed everyone who runs a server is an idiot and really doesnt want
me to access the information that he/she has made available to the
public.
have you ever visited a web page without first asking the owner of the
server permission? *gasp* What if he didnt indent for you to use his
server? You are using his server without his explicit permission!
Face it, if you make your information available to the public on the
internet, then the public has a right to view that info in the way
that you set it up to be viewed (even if you didnt intend to set it up
that way).
>
>>So by doing so he has given permission for people to telnet there.
>
>Right. And if you leave your door unlocked, you've given me permission
>to enter your house.
That is a very poor analogy. Most times when people try to compare
internet things to "real life" situations they fail, and this is a
good example of that. First of all, it is common practice to ask
permission before entering someones house. It is NOT common practice
to ask before telneting somewhere. And what a ridiculous place the
Internet would be if it was. In the future I hope you can stick to
talking about client/serverson the Internet if you want to prove
something about client/servers on the Internet. You cant prove
anything by analogy.
>
>>email everyone and ask their permission before telneting, ftping for
>>anything else to there server. This wouldnt make the Internet a very
>>effecient system, would it?
>
>No. It's pretty obvious when you have implicit permission to do
>that telnet or ftp. If someone advertises an anonymous FTP site to
>the public at large, it's pretty obvious you have permission. The
>same goes for telnet access, say, to a MOO. And even for NNTP
>access, if it's published somewhere.
>
I see, so in your vision of the Internet, all sites, ftp, telnet,
gopher, www, etc must advertise their existence to all the users of
the internet, otherwise people dont have permission to go there? If I
do an archie search and it shows me an ftp server with a file I would
like to download, how do I know if it has been advertised or not?
I guess you support mass email advertising, it would be the only way
to make your dream a reality.
>>The Internet and the client/servers that run on it are design to make
>>information accessable easily. If you can access something on the
>>Internet, providing you arent exploiting some design flaw, then you
>>have been given permission from the owner of the server to do that.
>
>Rubbish. The fact that so many programs are designed to make access
>so easy is, for many server owners, a design flaw in and of itself.
>A lot of people unwittingly leave services running or available to
>outside users that they really shouldn't.
Yes they do. Too bad for them. Just because its easy to make a mistake
when setting up a server, doesnt mean that we have to second guess
what the intentions of the person who set it up are.
>
>The logical extension of this argument is that it's so widely known,
>and has been known for so long, that Sendmail 8.6.12 has security
>holes in it, that I've been given permission by the owner of your
>ISP to break into the mail machine and read or delete your mail.
If you *read* what I wrote you will i see I made a point of saying it
is not right to exploit a security hole. Further more, reading
someones email may infringe on other rights (like privacy) whereas the
only complaint about telneting to the nntp is that it uses the server
resources.
David Hathaway
>Well, I'm telling you that if you are going to have a house on a
>public street, you're saying right then and there, by the existence
>of the house and the existence of a door, that I am allowed to try
>that door, and if it happens to be open, I'm allowed to go in and
>look around. This argument is just as reasonable as the equivalant
>argument for computers on networks.
Let's put this into a more "non-isp" but internet related slant...
What Mr. Foy is stating is simple. Whenever he logs onto the internet, from
wherever he does this from, if we can winkle out his IP number, we are free to
try and telnet to his home system. If he is running a telnet daemon, we can
login and have fun on his home system. Or, if he is running an ftp daemon,
similiar rules apply.
Or, to return to the house analogy that seems very popular...
Mr. Foy's stance with regards to "public" NNTP servers is equivalent to
walking up to an "owned" house, ie, someone's property, and finding the door
left unlocked, either accidentally due to operator error, or, (heaven forbid)
"locking is not supported on our doorlocks", a somewhat WinNT approach to
earlier news servers. Once Mr. Foy has discovered the unlocked door, he is
free to wander into the kitchen and make either a nice roast beef sandwich,
or, some tofu based delicacy.
One final comparision on a friday evening...
Suggest that I take 6 beers to a party. I put them in the fridge, and stand by
them, so some unknown person doesn't walk away with one of them. I haven't
read the docs for the fridge completely, thus I don't know how to secure the
beers within the fridge. Distractions take me elsewhere, perhaps a crashing
fundue server, and some leech lifts one of my Widmer's Black Bier from the
fridge. This is the type of behaviour that I'd associate with :
[A] a thief
in the house vein, [B] a thief
in the NNTP vein, [C] a thief
Ok, one final idea...
Just because I have power plugs (ports) on the outside of my house, is it
right for some nieghbour to walk over a plug in his extension cord?
No.
w w w . m o n k e y - b o y . c o m
David Hathaway, CEO Of monkey-boy.com, minder of the cats...
dav...@monkey-boy.com, dav...@electric.net
Home to Melinda's Home Page, http://www.monkey-boy.com/melinda/
David Hathaway
>Face it, if you make your information available to the public on the
>internet, then the public has a right to view that info in the way
>that you set it up to be viewed (even if you didnt intend to set it up
>that way).
Ok, let's make it really simple then. Find me a single example of a sysadmin
stating "hey, I have a free access public NNTP server available at
what.ever.com, come get your news here" Excepting Zippo...
For further points, try and find a sysadmin sig file with their news server
address included.
Information on news servers is rarely "advertised" in public as you suggest
when comparing it to web pages. Those that do, charge for access to
their news servers. Usually, people get the addresses for these "public" NNTP
servers off of some web page where some crack boffin has incanted some magic
script that ferrets out open NNTP hosts, and then, the regular visitors "try"
as many servers as needed until they find some that work. Of course, they have
to change news servers regularily as some sysops wake up and lock the doors...
>That is a very poor analogy. Most times when people try to compare
>internet things to "real life" situations they fail, and this is a
>good example of that. First of all, it is common practice to ask
>permission before entering someones house. It is NOT common practice
>to ask before telneting somewhere. And what a ridiculous place the
>Internet would be if it was. In the future I hope you can stick to
>talking about client/serverson the Internet if you want to prove
>something about client/servers on the Internet. You cant prove
>anything by analogy.
Utter BS, the analogy holds for many of us reading this thread. With regards
to telnetting, I'd suggest that the majority of places that one can telnet
have advertised addresses and are INVITING people to visit by having a guest
account, or some specific login to some specific service.
>Yes they do. Too bad for them. Just because its easy to make a mistake
>when setting up a server, doesnt mean that we have to second guess
>what the intentions of the person who set it up are.
Since you have it out for house comparisions, what you describe is similiar to
me being stupid enough to leave my car unlocked, keys in the ignition and
yourself being smart enough to notice and take advantage of this.
>If you *read* what I wrote you will i see I made a point of saying it
>is not right to exploit a security hole. Further more, reading
>someones email may infringe on other rights (like privacy) whereas the
>only complaint about telneting to the nntp is that it uses the server
>resources.
Server resources that you have neither paid for, nor have been invited to use.
Theft.
No matter how "public" the internet is, the servers are stilled owned by the
people who bought them. When you read an FTP site address, a telnet address,
an HTML address in some paper, newsgroup, email, ticket stub, it states "hey,
this server has this available, come use it! Do this to access it!" Ever see
any of those open NNTP servers doing such things?
William Robert Night
Curt Sampson (cu...@cynic.portal.ca) wrote:
>: William Robert Night <wni...@giant.mindlink.bc.ca> wrote:
>: >I could send you e-mail asking if I could telnet to your machine, but
>: >that just means that the e-mail program telnets to your machine.
>: No, it doesn't. Your e-mail uses the SMTP protocol to contact a
>: machine
>: >No, there is no reason why I should do this. Many programs (finger for
>: >instance) telnet to other machines...
>: Finger does not telnet. Finger uses the finger protocol. Different port,
>: different protocol.
[snip]
>: These are strong words from someone who knows so little about
>: networking that he can't tell the difference between a telnet and
>: an SMTP session.
Most ports (mail, finger, WWW) can be telnetted to and used directly.
Because of this, I refered to accessing them as telnetting.
There might be more accurate ways to state that, but because you could
easily understand what I was saying, and it was clearer (IMHO) to those
who don't care to be fluent in various network protocols, to refer to all
communication possible by telnetting, as telnetting, I don't feel that
what I said was wrong.
>: The `permissions' on a server are not just set by the user. They
>: are also set through the interaction of ever designer and programmer
>: who has ever worked on a system. It is not possible to make a system
>: perfectly secure.
Scissors on the network cables protect a machine from outside intrusion
wonderfully.
Given that there is no way short of this to make a system perfectly
secure, is shouldn't matter if someone from outside sends you e-mail
(which uses an interface which is often insecure) to ask permission to
use web pages or an ftp site, or just uses the desired service. You are
trusting the person not to attempt to break into your system in one
manner, shouldn't you also trust them to leave if they determine that the
site they have accessed is private?
>: Given that you know so little about networking and security, it's
>: pretty presumptious of you to suggest that others don't deserve to
>: run a server.
Even if I didn't have any experience with security, networking, or
computers in general, it would not be the least bit presumptuous of me to
suggest that you shouldn't attempt something you are unskilled at.
Would you say it was ridiculous of me to suggest that people should learn
how to drive before getting behind the wheel of a car, just because I
myself might not have a drivers license? How about if I said someone
should have firearms training before owning a gun, even if I myself
didn't have such training?
If you are incapable of performing an inportant job, you should not
attempt it. You should also not blame your failure on the environment (in
this case, the presumption of public permission prevalent on the internet.)
>: >You aren't making allowance for the many cases in our society in which an
>: >unlocked door IS an invitation.
>: >
>: Yes indeed I am. I pointed out the difference between public and private
>: buildings in my last posting. You deleted that bit.
Oops, sorry. Didn't notice that.
>: >It is a BIG step from saying that the total lack of any security
>: >implementation is a hole. Is it a bug that your car doesn't have wings?
>: Of course it's a hole. You can get in through it, can't you?
That's not a bug if the author never intended for there to be security.
It's like saying that the 3d-graphics API in MS-DOS 3.3 was buggy. There
was no 3D-graphics API, so any functions it was missing were of course,
due to bugs.
>: My point is that it doesn't make any difference what the reason is
>: that you aren't prevented from doing somethig you shouldn't be
>: doing. The fact is, just because you aren't stopped from doing it
>: doesn't mean the system administrator wanted you to do it. If you
>: don't know if you're allowed to do something, you should ask, not
>: just assume you are.
If the law of the land is such that you could reasonably assume
permission, then you should, unless notified otherwise.
It is usual for the companies to have public web pages, www.s3.com,
www.asustek.tw.com, www.mrbios.com, www.cirrus.com, etc... Because of
this, it is reasonable to assume that the web page at www.<company>.com
will be for public access.
>: Keep in mind that this is embodied in law in the US, at least.
>: Telnetting to a server which you've not been given permission to
>: access is in and of itself an illegal act, whether or not you type
>: anything to the login prompt after that.
Well, I doubt your interpretation of the statues, please post the
relevant documents. Keep in mind also that Canada is NOT a US state and
thus, US laws are not very relevant in Canada.
Curt Sampson
In article <54am82$n...@wolfe.wimsey.com>,
William Robert Night <wni...@giant.mindlink.bc.ca> wrote:
>Most ports (mail, finger, WWW) can be telnetted to and used directly.
>Because of this, I refered to accessing them as telnetting.
So let me get this straight. You are talking about access to a port
which is not the telnet port, using a protocol which is not the
telnet protocol, most frequently done using a program which is not
called `telnet,' and you want to call this `telnetting'. Hmm.
So how do you verbally differentiate these other accesses from
accessing the telenet port using the telnet protocol? Becuase to
to understand my argument, you have to understand that all of the
following are different things:
o downloading a page with a web browser;
o delivering e-mail with SMTP;
o accessing a machine using ftp and an anonymous account;
o accessing a machine usihng ftp and a non-anonymous account;
o accessing a MUD using telnet or a mud client;
o accessing a machine's standard login facilities on the telnet port.
I suggest we reserve the term `telnet' for accessing a machine on
the telnet port, usually using the telnet protocol. This is the
way it is understood by people in the industry, such as me. If
non-technical outsiders use it differently and inaccurately, there's
not a lot I can do about that. But I think it points up their lack
of in-depth understanding of TCP/IP networking.
>Scissors on the network cables protect a machine from outside intrusion
>wonderfully.
As does replacing the door of your house with a wall.
The basic problem with your argument seems to be this. You imagine
that if a system adminstrator leaves a way open for someone to get
into his machine, he put it there intentionally, and you're allowed
to use it. (1) Would you agree that that is your position?
>That's not a bug if the author never intended for there to be security.
Again, the author is not the system administrator. Are you saying
that if the author of a program didn't anticipate or feel worried
by a security threat, the person eventually running the program is
now forced to agree that he wants to give that access to the rest
of the world if he sets up that server?
Just to make sure this is quite clear, let's take an example. Joe
is the `sysadmin' at an office with about thirty people and connected
to the Internet. (I put `sysadmin' in quotes because he, like most
people in this sort of situation, is not actually formally trained
or even all that knowedgable; he just happens to be the one in the
office who can best keep the Windows NT server running.) Seeing
some benefit to the office, he sets up a news server program on
his Windows NT server to carry a few groups of interest to the
office, and also some local groups for intra-office communication.
Unfortuantely, the NNTP port on this server is left open to the
world. Not only can anyone who logs in snoop in those groups private
to the office, but when twenty or so people do it at once, his
entire server slows down and everybody in the office now runs more
slowly, reducing office productivity noticably.
So let's look at the two possibilites here. The first is that he
just doesn't know how to secure the NNTP port on that server, or
even that it needs to be done. (2) Are you saying that it's morally
correct to take advantage of his ignorance and use his news server,
regardless of the damage it's doing?
The second is that he can't secure the server port, because his
news server software doesn't have any way to allow access only to
particular parts of the network, and that Windows NT machine also
happens to be his router to the Internet, and so he has no packet
filtering he can turn on to block access. (3) Are you saying that he's
morally obligated to agree that the entire world is allowed to use
his news server in this circumstance?
(4) If you affirm either of these arguments, why is it not correct to
use exactly the same argument when it comes to me accessing your
ISP's mail server through a similar hole? Are we not arguing that
if they don't know about the hole, that's their tough luck, and I
can go read your mail, or if they do know about the hole, and
they've not fixed it, they have voluntarially agreed to let me read
your mail?
I'll leave other arguments until you've given me clear answers to
the questions marked (1) through (4) above.
cjs
Curt Sampson
In article <3269406...@news.lynx.bc.ca>,
Joseph Abbott <jab...@lynx.bc.ca> wrote:
>
>Setting your server to allow people to telnet to port 119 is
>*authorizing access* to port 119.
Would you like to place a bet on that? Something not entirely
insubstantial, say, $50. If so, follow-up here and then give me a
ring at work on Monday and we'll arrange for someone we mutually
trust to hold the money, and then we can give a sergeant I know of
in the RCMP Commercial Crime division a call, and see if he agrees
with that assessment.
cjs
Curt Sampson
In article <32680CDA...@iceonline.com>,
BORG <vlad...@iceonline.com> wrote:
>I am hereby to request your formal permission to
>access the web page of portal.ca. Please reply
>with a PGP-signed message and with a confirmation of
>your supervisor.
Do you also get written permission from Safeway before you walk
into their shops?
>How do I know that email address is published implicitly to give
>me a permission to send you email but Mesage-ID is something
>that prohibit me from telnetting to that host on 119?
How do you know that you have permission to go into the shop on
the corner without knocking, but you do need that permission to
come in to my house. You get a clue, that's how. If you can't learn
the Internet's social customs, you shouldn't be on it.
An e-mail address is a string that is designed to help you contact
me via e-mail. Therefore it implicitly gives you some (not full)
permission to contact me via e-mail. A Message-ID is an arbitrary
string that is intended to be unique amongst all other Message-IDs
in the world. The host name in it has no meaning; that host name
could be anything else unique to my system and the message-ID would
fullfill its purpose just as well.
>All
>of the headers in your message contain lots of information
>but nothing says what can be accessed and what can't be.
Nor is there a sign on the front of every building in the world
saying `Vladmir may enter here' and `Vladmir may not enter here.'
>I simply refuse to believe that someone capable of
>compiling and setting up Innd for thousands of customers
>is unable to properly edit /etc/hosts.allow and /etc/hosts.deny
>or whatever other files might be involved on his/her system.
Refuse all you like. Everyone makes mistakes from time to time.
And we're not just talkign about my news server; we're talking
about news servers set up by people who don't know much except they
want one. (See another recent reply I just made for an example.)
>Well, how do I know unless I try to access it? :)
And you do I know whether or not I'm allowed in to your house when
you're not home unless I try the doorknob? (Lord help you if you
ever forget to lock your door.)
cjs
Curt Sampson
In article <326b478e...@news.lynx.bc.ca>,
Joseph Abbott <jab...@lynx.bc.ca> wrote:
>
>It is customary on the Internet NOT to ask permission before using a
>server that was set up specifically to do the thing you are using the
>server to do.
So if Revenue Canada has a server with tax information on it set
up specifically so that their employees can access Canadians' tax
information, I don't need to ask permission to try to hack in and
look at your tax records. Neat.
>On the internet people give permission by allowing access.
You still seem to be under the illusion that if access is allowed,
that's always by intent rather than by accident. This is a ridiculous
assumption.
>Bugs, of course, should never be exploited to gain access to a server.
>No one is saying they should, so why do you constantly bring it up?
How do you know you're not exploiting a bug when you try to access
a server and succeed?
>>Yes indeed I am. I pointed out the difference between public and private
>>buildings in my last posting. You deleted that bit.
>
>Wow, another blow to your house analogy.
Oh, deleting the bits you can't answer is a valid counter to an
argument? I can see why you're not on the debating team.
cjs
Curt Sampson
In article <549vg1$c...@wolfe.wimsey.com>,
David Hathaway <dav...@electric.net> wrote:
>Usually, people get the addresses for these "public" NNTP
>servers off of some web page where some crack boffin has incanted some magic
>script that ferrets out open NNTP hosts, and then, the regular visitors "try"
>as many servers as needed until they find some that work.
Let you think David is making this up, I'd like to point out that
I get 20-30 attempts per day to use my news server from outside
and entirely unrelated sites. Yes it could be Portal customers who
are also customers of other ISPs forgetting to change their settings.
But that woudl make me wonder where our clients get all this money
to travel (or make long distance phone calls) to companies, ISPs
and educational institutions all over North America and Europe.
And I can't see how this isn't exactly parallel to the `trying the
doors of houses' analogy. I've only ever seen a small handful of
free, public access news servers in my entire career, thus showing
me and the rest of the world that any random news server is almost
certainly not going to be a public access news server, and I've
certainly never advertised mine as such, or advertised it at all.
cjs
Gordon Mulcaster
In article <54am82$n...@wolfe.wimsey.com>, William Robert Night writes:
> Well, I doubt your interpretation of the statues, please post the
> relevant documents. Keep in mind also that Canada is NOT a US state and
> thus, US laws are not very relevant in Canada.
If you telnet into a US server the US could push for your extradition, and
considering that you're a foreign national it could end up being a national
security issue...
Paul Kiesewetter
Does anyone have any information or feedback on the Computer
Graphics/Animation
program offered at CDIS (Center for Digital Imaging and Sound) in
Burnaby?
Its a 2-year program and seems pretty intense from their brochure - but
I'm
wondering about their reputation and quality. Anyone know
any graduates? Are they working? etc.
Any comments or rumours, experiences etc. would be greatly appreciated!
Paul.
-------------------------------------------------------------------
Paul...@gol.com
Tokyo, Japan
-------------------------------------------------------------------
Joseph Abbott
On 17 Oct 1996 20:26:10 -0700, van...@wimsey.com wrote:
>jab...@lynx.bc.ca (Joseph Abbott) writes:
>
>
>>Are you a lawyer? If not I suggest you refrain from making
>>speculations about what would and wouldnt stand up in court.
>
>>Setting your server to allow people to telnet to port 119 is
>>*authorizing access* to port 119.
>
> Well exuse me for living! I hadn't been aware that you had the truth
>revealed to you from on high (it must be nice to know everything). I'll try
>to remember that you know everything and therefore don't want to hear (and
>obviously don't listen to) any other opinion in future so as not to bother
>you.
I'll take this as a "yes Joseph, you are right and I am wrong. There
is no law that says you cant telnet to port 119 without written
permission."
Joseph Abbott
On Sat, 19 Oct 96 06:52:24 GMT, dav...@electric.net (David Hathaway)
wrote:
>
>What Mr. Foy is stating is simple. Whenever he logs onto the internet, from
>wherever he does this from, if we can winkle out his IP number, we are free to
>try and telnet to his home system. If he is running a telnet daemon, we can
>login and have fun on his home system. Or, if he is running an ftp daemon,
>similiar rules apply.
>
>Or, to return to the house analogy that seems very popular...
>
Again, you cant prove *anything* by analogy. Is this hard to
understand? If you dont believe me, then try an example:
Tell me everything you know and can possibly find out about ducks -
without showing how ducks are directly related to dogs in any way, can
you prove anything about dogs by only talking about ducks?
Ducks like to swim, ducks can fly.. and you know... ducks are a lot
like dogs, therefore dogs like to swim. <--- this is what you are
doing with your lame analogies. Stop doing it. It's lame.
If you want to talk about servers and prove something about servers
you must, at the very least, show how servers are directly related to
houses. Saying "in my mind, houses and servers are a lot alike" isnt
good enough.
Everyone wants to use this house analogy because they know that they
cant prove what they want to porve by talking about severs, becauyse
what they want to prove has NOTHING to do with servers on the
internet.
Analogies are bad. Examples are good. Find out the difference.
David Hathaway
>If you want to talk about servers and prove something about servers
>you must, at the very least, show how servers are directly related to
>houses. Saying "in my mind, houses and servers are a lot alike" isnt
>good enough.
>
>Everyone wants to use this house analogy because they know that they
>cant prove what they want to porve by talking about severs, becauyse
>what they want to prove has NOTHING to do with servers on the
>internet.
>
>Analogies are bad. Examples are good. Find out the difference.
Here it is, plain and simple.
A house and a server are private property.
You may be invited to use various parts of the server, such as ftp, sending
email, using their web server. All advertised services that a given server may
provide. NNTP servers are usually not publicly advertised as available
services, and nobody has coughed up an example yet.
William Robert Night
Curt Sampson (cu...@cynic.portal.ca) wrote:
> In article <3269406...@news.lynx.bc.ca>,
> Joseph Abbott <jab...@lynx.bc.ca> wrote:
> >
> >Setting your server to allow people to telnet to port 119 is
> >*authorizing access* to port 119.
> Would you like to place a bet on that? Something not entirely
> insubstantial, say, $50. If so, follow-up here and then give me a
> ring at work on Monday and we'll arrange for someone we mutually
> trust to hold the money, and then we can give a sergeant I know of
> in the RCMP Commercial Crime division a call, and see if he agrees
> with that assessment.
Love to. In the absense of other more obvious methods of communication,
allowing access is permitting access.
That is not to say that they are allowed to use the resources, but they
are allowed to check to see if there is a message that will specify in
more detail.
Just like port 23. If I telnet to your machine and try 'guest/guest' and
other such accounts, then logoff when I can't get anywhere with what I
could reasonably expect to be public account, you have no reasonable
complaint.
Call mindlink BBS, enter your username as 'guest'... Guess what you get,
info on the service, and information on how to buy an account. This is
often standard at commercial ISPs.