Re: Reliability of RPC services

[Marcus Brinkmann]

At Wed, 26 Apr 2006 14:48:13 -0600,
"Christopher Nelson" <address@hidden> wrote:
> You can't, obviously.  As system administrators, we don't want random
> people hooking their junk up to the computer.  It's not THEIR computer,
> so they don't get to decide what they can hook up to it, anyway.  

Random people don't even get access to YOUR computer, so what?

When we are talking about systems that are set up by one group of
people and accessed by another, then almost always we are talking
about systems involving the public to some extent.  For example,
library terminals, workplace desktop computers etc.

In these cases, it will not be what the system administrator wants
alone that counts.  Instead, there will be negotiation in public at
many levels, and the final result will be something that is subject to
policies that will always be public to some extent.  They will be
bounded by technical feasibility, of course, but that's what we are
working on, right?

> There are plenty of reasons why I want to deny you access to a so-called
> "safe" bus.  For example, I don't want you hooking up a USB network card
> to a computer, and potentially doing something malicious to the network
> with your device.

Uhm, to what network?  The one on the USB network card interface?  If
you give someone access to a network via a port, how can you prevent
them to hook up any device they want to the network, without actually
sitting behind them and hitting them over the head?  This example
doesn't make any sense to me.

> I don't want you to hook up a camera or a scanner
> that you can use to steal sensitive documents.

If I have access to sensitive documents, I can already steal them.  If
a camera or scanner is nearby, then it's even easier (with computer or
without).  Plus, I may even be morally (and legally) obligued to steal
them, for example if they are evidence of criminal activities that is
in the danger of being destroyed for cover-up.

> There are a lot of
> things I may not want you to do with a system that you use but DO NOT
> own.  If you can install a random driver, I cannot prevent those things
> because I do not know where on the USB device they may show up, and I do
> not know all the possible ID's of all the possible hardware that I
> forbid on my systems.  Therefore, it is imposssible for me to fabricate
> a set of policies that permit or deny and given device.

Obviously, you will then not use the Hurd.  Not only for this, but for
a number of other reasons as well.

As people will become more computer literate, and computers become
more ubiquitious, there will be a struggle of the users against the
system administrators.  Users will slowly wrestle more control over
the computers _they_ use.  It will then become the job of the system
administrator to allow that level of control and to make it safe at
the same time.  It will be more difficult, but they will have to learn
to deal with it.

Don't believe me?  It has happened before, take for example the
doctor-patient relationship and how patients have become a bit more in
control over their health care in the recent decades (at least in
Germany).  System administrators today are "gods in white robes", as
it happened so often in history where a new technique was developed
which was not yet understood widely.  But that's just for the moment,
it can change and it will change.

The Hurd will be an operating system that welcomes participation and
self-management by the users.  It will de-emphasize the system
administrators role.  It will not be a good tool for dictatorial
control, but it will protect users and applications from each other
and from mistakes.

Thanks,
Marcus