On Sat, 4 Sep 2004, Anne P. Mitchell, Esq. wrote:
There is a reason why NNTP has been replaced by the blogosphere.
And that reason is spam. Not bad protocol design.
NNTP isn't the only network protocol subject to abuse. IRC is also a
favorite for abuse. Of the three, none have been effective at
controlling abuse through technical means.
Perhaps we should be asking for an example of where abuse _was_
successfully controlled by technical means (I think there are theoretical
grounds that this is impossible, but a counter example would certainly
make that less certain.)
And the the relative lack of a proficiency barrier to entry.
This is a popular myth. Proficiency is not a problem. The abusers are
quite proficient, and quite determined, and frequently quite resourceful.
Occasionally they take advantage of people who aren't proficient, but as
often as not they exploit very proficient operations. Every major vendor
has had vulnerabilities, and I've little doubt that many competently run
servers have been exploited. We don't find out about the security
exploits until a server is exploited, and the exploit is discovered and
reported. The myth is that somehow a proficient operator isn't
vulnerable. Belief in this myth ironically is the first obvious sign of a
lack proficiency.
--Dean