Rolf Kutz wrote:
> How does using smtps or vpn reduce abuse, if I
> would be sending mail over my ISPs smtpd anyway?
> And pointing to webmail doesn't really help
> either. The question is whether you want to
> offer _Internet_access or _web_access? Why not block
> everything but Port 80? Abuse can be done with
> ftp, ssh or netcat.
Because your ISP would then block you for abuse, and there would be an
audit trail. People are free to offer services as they please, just as
clients are free to purchase/use said services *if* they choose to.
That's one of the uses of the captive portal page: to explain to your
users what is or is not allowed on *your* network, which is *yours*, and
not *theirs*. They are your *guests* and they *should* behave as such.
> A million flies can't be wrong? I really hate
> internet cafés where I can't even run putty or
> they even block ssh and I can't log into my
> servers. If they offer Internet they should
> deliver unfiltered IP. Next thing you know is they
> block you from "harmful" websites, too.
That's the beauty of it. You *choose* to go wherever you want to go or
not depending on whether or not they give the service you want to receive.
In some countries there is a "due diligence" clause that requires
internet café operators, libraries and such, in order to get a business
license and/or permit, to install filters that will block any webpages
that explictly declare they are for adults only if minors are allowed
entrance and/or provide some basic protection. They won't fine you if a
kid walks in and bypasses your proxy, but they will fine you if you have
absolutely no protection whatsoever.
It's not as much a matter of "censorship" as much as "responsibility".
I once had a conversation with a school sysadmin who was told by the PTA
and whatever board of directors ran school policy that no filtering
whatsoever was going to be installed in the school's systems because "a
kid that's trusted becomes worthy of this trust", and that if you "begin
by distrusting you will get untrustworthy kids". This is similar to the
"closing specific ports" method of firewalling. You will find a lot of
people agree that it's more practical to only open your firewall to
traffic you actually *want* and *need* and not the other way around.
In fact, with m0n0, you could set up a different interface or vlan
without all the protections we've mentioned and charge a premium
(perhaps with more bandwidth). Again the market will take care of itself.
Oh, and by the way, the "million flies can't be wrong" argument is
similar to the "straw man" logical fallacy; it doesn't really refute the
point, it only provides us with enough information to know that *you*,
personally, hate it when network operators have a point of view
regarding what should and shouldn't be provided on their own networks
that is different from your own.
Have a great day...