Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US House Passes P2P Ban On Federal Networks

Soulskill posted more than 4 years ago | from the you-can't-legislate-against-stupid dept.

Security 91

An anonymous reader writes "Recently, the US House of Representatives passed a bill in an attempt to ban peer-to-peer file-sharing applications on federal computers and networks. Similar bills have been proposed before, apparently in response to confidential government documents being found on LimeWire. The text of the bill, however, provides a very broad definition of 'peer-to-peer file sharing software,' and may extend to more than they intend (SMB? LDAP?)."

Sorry! There are no comments related to the filter you selected.

How will the government botnets run!?!? (5, Funny)

Orga (1720130) | more than 4 years ago | (#31632764)

I think this will greatly hinder our offensive capabilities in a cyberwar

Re:How will the government botnets run!?!? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31632922)

Don't worry, federal law is ignored by TLAs left and right. Our safety is secure!

Re:How will the government botnets run!?!? (1)

davester666 (731373) | more than 4 years ago | (#31635358)

Next up, a law against hiring stupid people to work for any level of gov't. If we're lucky, they'll word it poorly enough that it will include running in any election.

Re:How will the government botnets run!?!? (4, Informative)

Ron Bennett (14590) | more than 4 years ago | (#31632972)

Nah, the government will just contract that stuff out to the likes of Halliburton and Xe (formerly Blackwater).

Ron

NiggerWater, someone make another Company. (0)

Anonymous Coward | more than 4 years ago | (#31635596)

Before Xe (formerly BlackWater), moves to another name. Worse they can do now is create XeOS of which Palm will sell through their new line of PDA's called Failhand.

Re:How will the government botnets run!?!? (2, Informative)

supersat (639745) | more than 4 years ago | (#31637584)

Government contractors are covered by this bill as well.

Re:How will the government botnets run!?!? (1)

Nakor BlueRider (1504491) | more than 4 years ago | (#31633448)

Because the CIA is independent, would this even affect them at all?

Won't somebody PLEASE think of the Chinese?! :( (0)

Anonymous Coward | more than 4 years ago | (#31635632)

Won't somebody PLEASE think of the Chinese?! :(

Whitelist, not blacklist! (4, Insightful)

LoudMusic (199347) | more than 4 years ago | (#31632770)

This is an issue of what can be installed on federal computers? I believe there should be a list of what is allowed and everything else is disallowed. And NO ONE has admin access to their computer.

Come on people - federal security! Why the hell are they running MS OSes anyway?

Re:Whitelist, not blacklist! (1, Funny)

cbev (1769390) | more than 4 years ago | (#31632808)

Ever try to write an OS using Ada? You'd spend 14 billion dollars and you might get a functional word processor. Copy and paste would be an extra 2 billion, and double the development time of the project.

Re:Whitelist, not blacklist! (5, Funny)

Sir_Lewk (967686) | more than 4 years ago | (#31632916)

Clearly there are only two options:

  • Use a Microsoft OS.
  • Write your own in Ada.

Re:Whitelist, not blacklist! (2, Informative)

ShadowRangerRIT (1301549) | more than 4 years ago | (#31633238)

Technically, there are a few Defense Department regs that are supposed to require Ada. "Special" exemptions are granted as a matter of course though.

Re:Whitelist, not blacklist! (1)

jd (1658) | more than 4 years ago | (#31633294)

You mean Linux isn't written in ADA?
*ducks*

Re:Whitelist, not blacklist! (1)

Sulphur (1548251) | more than 4 years ago | (#31636130)

Were they ADA up?

Re:Whitelist, not blacklist! (3, Informative)

will_die (586523) | more than 4 years ago | (#31632948)

The US Air Force has this and it is a major pain.
It use to be that a base could keep its own list and the local people could control it, however a few years ago that was removed and now there is a central office that does all approvals. This office takes an average around 1 year to approve major software releases,aka Microsoft, and if it not then it takes longer.
However even then it is a people problem, the local base level admin and security people total ignore this and install almost anything they want.

Re:Whitelist, not blacklist! (1, Insightful)

girlintraining (1395911) | more than 4 years ago | (#31633044)

However even then it is a people problem, the local base level admin and security people total ignore this and install almost anything they want.

That tends to happen when the chain of command breaks as badly as it has here...

Re:Whitelist, not blacklist! (2, Interesting)

YrWrstNtmr (564987) | more than 4 years ago | (#31633422)

It use to be that a base could keep its own list and the local people could control it,

Centralized control and admin. Used to be, a base would control its own network. No more. Even your local proxy server is now being admined from elsewhere.

Re:Whitelist, not blacklist! (2, Funny)

cnkurzke (920042) | more than 4 years ago | (#31633478)

Even your local proxy server is now being admined from elsewhere.

Likely the system administration has been outsourced, and is now run from a CSC guy in Bangalore.

Re:Whitelist, not blacklist! (1)

gnapster (1401889) | more than 4 years ago | (#31637380)

Let's hope the Indian administrators are not using Chinese DNS to access the American proxies!

Re:Whitelist, not blacklist! (1)

Message (303377) | more than 4 years ago | (#31634118)

We have almost the same problem in the Army... there is a standard approval process that can take months or year to get something approved.. even basic things like a patch... and it doesn't even address things like do I need to get a webpart for SharePoint approved and if so what is someone really checking when it goes through the approval process

I kind of wish we had centralized censorship... as it is now someone may have access to one post but not another... and who knows when my post will get around to actually following the latest policy on social media... or I love when DoD or HQDA post a link on their website to some URL shortner or file hosting service and the local NEC has it blocked...

Re:Whitelist, not blacklist! (1)

hedwards (940851) | more than 4 years ago | (#31634404)

That's an issue of specifics not approach. They could fix it in a way that works. For instance security patches could get an almost automatic green light. New types of software would take much more scrutiny and ones that were similar to currently approved ones would require somewhat less.

But really, certain classes of application are just too dangerous and easy to screw up that they should be completely banned from the network. This is one of the rare areas where those stupid palladium chips could be an appropriate part of the solution. Additionally, some things just shouldn't be connected to the internet at all. If you need to do an update of one of those, you can hand carry the discs in after having verified the contents and verify them again on the way out. If it's that secure you kind of need that at minimum.

Re:Whitelist, not blacklist! (0)

Anonymous Coward | more than 4 years ago | (#31637272)

This reminds me of a large company I once worked for after having been sucked up in an acquisition. About once a year, usually after some virus outbreak completely unrelated to unapproved third party software, an email would come from the VP of development declaring something like "Only approved applications may be run on any corporate machine - see the list here. If you believe you need other software, contact Ms. Software Cop for consideration in the approved list or so Ms. Software Cop can identify an appropriate substitute approved product".

My response was always the same. I inventoried the software on my Windows PC and diffed it to the approved list. I of course found all sort of evil unapproved things on my machine (emacs, SysInternals tools, cygwin, Xming, Putty, WinDbg, etc).

I then sent this list (usually about 25 "free" software products) to Ms. Software Cop along with a short paragraph on each describing what it was, what I used it for, why I selected it over other alternatives, and an overview of the relevant license conditions. Then I asked if I should uninstall all these products -- but that I needed to know in the next three days as I would need to change my schedules to reflect the resulting loss of productivity and delaying the next release was going to be much less painful if done quickly.

Of course, I wouldn't hear back on my request, so I would begin to nag Ms. Software Cop with emails copied increasingly high on both her and my management chain. This would usually get a response and a phone discussion with Ms. Software Cop . I'd start with emacs - and be informed that the standard "approved" editor (which they paid real money for and I had never heard of - it seems someone thought it was cool because it would highlight C++ keywords and constructs and auto indent - wow!) should be adequate -- at which time I'd look at my .emacs file and innocently inquire about how the approved editor provided something like ediff and how, exactly, I could sort a set or records in it and how, exactly, I could do a global replace using regular expressions picking some part of the matched string as part of the replacement string. Poor Ms. Software Cop had no clue what I was talking about (and it didn't get better when we moved on to X or Putty). Eventually she would decide that she would have to research my list and that I didn't need to uninstall them until she got back to me. Of course, I requested a commitment to when she would get back to me and she would always say in "three weeks" (she seemed to guess my attention span was less than two weeks). I, of course, put an event in my calendar and three weeks and one day later I'd send an email (copied to all the same management folks I had copied the last nag email) noting I'd not heard back and asking if I should now delete the evil software and change my schedules. Of course, again, Ms. Software Cop would say she was still working on it. Then, about every three weeks I'd "rinse and repeat" until I was completely bored with the game (usually about three months of this) and send a final note indicating that since I hadn't heard back, I assumed that my applications were authorized until otherwise notified.

For some reason, Ms. Software Cop never sent me a holiday card - I was always hurt by that as I was trying so hard to help her do her job.

Re:Whitelist, not blacklist! (2, Insightful)

H0p313ss (811249) | more than 4 years ago | (#31632990)

Come on people - federal security! Why the hell are they running MS OSes anyway?

The answer is yes. Though if you do a full audit I'm sure you'll probably find a working copy of just about every operating system ever developed.

That being said I'd be very surprised if Windows is anything less than 90% of the market.

Re:Whitelist, not blacklist! (2, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#31633016)

While I would certainly hope that the fed's IT guys would be on top of their game, the idea of attempting to compile a central list(or, worse, have legislators try to do so) sounds like a 100% assured productivity killer.

Computer security is, surprise surprise, a technical enterprise(albeit with some organizational dynamics thrown in) WTF is congress doing in there? Should we start holding elections for sysadmins, just to make sure that the will of the people is there to defend the network?

The idea of a room full of subject-matter nonexperts writing overbroad and dubiously sensible mandates just so that they can describe themselves as "strong on security" makes me throw up in my mouth a little. Hopefully nobody tells them how much "p2p" is going on in a DFS or AFS setup, or a failover system...

Re:Whitelist, not blacklist! (1)

joocemann (1273720) | more than 4 years ago | (#31633100)

This is an issue of what can be installed on federal computers? I believe there should be a list of what is allowed and everything else is disallowed. And NO ONE has admin access to their computer.

Come on people - federal security! Why the hell are they running MS OSes anyway?

ECHO.

Re:Whitelist, not blacklist! (1)

Bugamn (1769722) | more than 4 years ago | (#31633816)

Eccentric Choise for Homogeneous Operators?

Re:Whitelist, not blacklist! (1)

wsanders (114993) | more than 4 years ago | (#31633280)

That's basically one more rule than what is there now for most employees. I can't speak for all, but my wife works for a federal agency, and she has no control over what happens to her computer. The whole building came in a few months ago, for example, to find they had been upgraded from XP to Windows 7 without any notice. Hilarity ensured! They have been switched back and forth between Exchange and Lotus Notes several times. And I can't send her any email attachments, they are usually and somewhat capriciously blocked.

In addition, control is from the top down. All email from the hinterland is routed via Washington, where presumably is it examined for evil and then archived forever.

She was issued a brand new out of the box IBM-branded Palm III in 2005. She finally got a Blackberry two or three years ago.

And so on, at the whim of whatever contractor they have selected to do IT (most of the federal-employed IT people have been let go and rehired as contractors.)

Re:Whitelist, not blacklist! (1)

shentino (1139071) | more than 4 years ago | (#31633324)

Because Microsoft lobbyists are in bed with congress critters.

Re:Whitelist, not blacklist! (5, Insightful)

YrWrstNtmr (564987) | more than 4 years ago | (#31633380)

I believe there should be a list of what is allowed and everything else is disallowed.

That's pretty much the way it is. They actually have a pretty secure MS ecosystem. Between DISA, NIST and USAF and Microsoft, they've come up with the Federal Desktop Core Configuration (FDCC) [nist.gov] (which is an outgrowth of the USAF 'Standard Desktop Computer' (SDC)).

Various security settings, GPO's, etc. If you use a standard FDCC image, it is pretty well locked down, AND can be administered from anywhere. Having said that...'locked down' as much as XP or Vista can be. But the VAST majority of users do not need much more than Office and the base OS. No real need for 8 zillion extra little tools, which may or may not have their own vuln's.
But there is quite a lot on the approved list. Installed on a case by case eval. Wireshark or Firefox, for example. It is up to each department to further refine that list. For instance, the USAF (mostly) bans Firefox in favor of IE7.

Why the hell are they running MS OSes anyway?

Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now. Take the Munich example and multiply the problems by 500. For better or worse, an org of that size can't just switch.

Re:Whitelist, not blacklist! (5, Funny)

stonewallred (1465497) | more than 4 years ago | (#31633492)

I went to your link, then went to the FAQ, which sent me back to the patch notes, with a link available for the FAQs, which took me back to the patch notes. If that is the best the federal government can do, I am brushing up on my chinese, russian and arabic, because we are all fucked.

Re:Whitelist, not blacklist! (1)

CapOblivious2010 (1731402) | more than 4 years ago | (#31633854)

If you use a standard FDCC image, it is pretty well locked down, AND can be administered from anywhere.

Gee, I can't imagine any problems with that aspect of the situation...

Re:Whitelist, not blacklist! (1)

YrWrstNtmr (564987) | more than 4 years ago | (#31633980)

Gee, I can't imagine any problems with that aspect of the situation...

Anywhere = the next desk over, or 3 states away. The trick is getting inside the network in the first place, and having the correct rights once you are in. If you want to require physical access to do any admin functions, let's go back many years.

Re:Whitelist, not blacklist! (1)

Jeian (409916) | more than 4 years ago | (#31634970)

Don't be dense. "Anywhere" being "anywhere that a valid administrative user is logged onto an authenticated machine."

It becomes a necessity when the helpdesk is located five states away, or on another continent.

Re:Whitelist, not blacklist! (1)

FlyingBishop (1293238) | more than 4 years ago | (#31634176)

Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now.

That is a problem, and it needs to be addressed. We cannot allow any piece of our infrastructure to be so dependent on a single company, especially not the OS.

Re:Whitelist, not blacklist! (1)

rtb61 (674572) | more than 4 years ago | (#31635936)

Now there is a rock solid example of proprietary lock in, it is too hard to change to something else regardless of whether it is better because the implementation might be worse. Once you get to that stage, the wisest thing to do, is an immediate swap, it breaks the lock in, it provides expertise in system changes and implementation, it breaks all existing security holes and it forces competition in supply contracts.

As for banning P2P software, that is really pointlessly dumb. Only approved software for specific use at each desktop should be installed, you never have a banned list you only have approved to install for a defined function list. I could bet my bottom dollar that once secure documents that ended up in P2P network lists did not get there by accident but where loaded onto the P2P network on purpose.

Re:Whitelist, not blacklist! (1)

grahammm (9083) | more than 4 years ago | (#31637738)

Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now. Take the Munich example and multiply the problems by 500. For better or worse, an org of that size can't just switch.

The other question is how did Windows become so entrenched? At one time, nearly all Government computers would have been running IBM's MVS, VM, DOS (the mainframe OS, not PC/MS DOS) etc, CP/M, VMS or some flavour of Unix. For many, especially clerical and 'call centre' like roles, users does a Windows PC offer better productivity and make the job easier than using a 3270 terminal connected to the mainframe to fill in forms and get back the responses.

Re:Whitelist, not blacklist! (1)

couchslug (175151) | more than 4 years ago | (#31633472)

They use MSFT OSs to avoid training users,

FWIW, migration could be as easy as giving the order. When the USAF went from terminals to PCs, it was simply a matter of telling them to adapt.

Re:Whitelist, not blacklist! (3, Insightful)

McGruber (1417641) | more than 4 years ago | (#31635938)

Come on people - federal security! Why the hell are they running MS OSes anyway?

I'm a career US federal government employee.

Right after the then-Governor of Texas became President, my employer (a federal agency) "standardized" on computers from a vendor headquartered in Round Rock, Texas. We were no longer allowed to purchase computers from any other company. This decision was made by a political appointee, appointed by the President.

Right after the same Administration settled the MS anti-trust suit, our agency "standardized" on MS-Software -- Windows is the only operating session we were allowed to run, our email was moved over to Exchange, our websites were moved to MS-platforms, we were forced to move to only MS applications (Word, Powerpoint, Excel), etc. While this sounds bad, it actually used to be worse - for a while, we could only buy PDAs that ran Windows/CE.

Although the political appointees who made these choices left in early January 2009, my agency continues to lock more and more of our data into proprietary MS formats - we are now moving as much of our internal data as possible into Sharepoint.

The current administration seems to be big fans of "the cloud". From where I sit, this means that instead of just overpaying for crappy software and crappy hardware, we are going to start overpaying for crappy network services and the bandwidth to support those services.

Re:Whitelist, not blacklist! (1)

pclminion (145572) | more than 4 years ago | (#31636364)

And NO ONE has admin access to their computer.

I have another genius idea. The doors to the buildings should be LOCKED at night!

(You know, the idiom "It goes without saying" is meant to be taken literally.)

IT department's nightmare (1, Insightful)

LostCluster (625375) | more than 4 years ago | (#31632814)

People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...

Re:IT department's nightmare (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#31633032)

Sounds like the IT department either needs more power, or someone who knows how to use an SRP...

Re:IT department's nightmare (1, Insightful)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31633092)

People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...

Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be. People turn their workstations into servers because the alternatively of wrestling with the company bureaucracy to arrive at an unsatisfactory solution isn't very appealing. It would be better for all involved to provide an easy way for people to do these things in a safe environment where it can be monitored.

Re:IT department's nightmare (1)

Anonymous Coward | more than 4 years ago | (#31633170)

Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be. People turn their workstations into servers because the alternatively of wrestling with the company bureaucracy to arrive at an unsatisfactory solution isn't very appealing. It would be better for all involved to provide an easy way for people to do these things in a safe environment where it can be monitored.

Also it would be even better with a pony.

if wishes were fishes... (0)

Anonymous Coward | more than 4 years ago | (#31633502)

why not just go all the way and wish for a unicorn while you're at it mr smarty-guy?


a well-hung unicorn...

Re:if wishes were fishes... (0)

Anonymous Coward | more than 4 years ago | (#31636658)

one musn't ask for too much

Re:IT department's nightmare (1)

einhverfr (238914) | more than 4 years ago | (#31633464)

I actually agree with you. However there is a major problem that has to be overcome: folks don't know what they want in advance and the process for getting it all working right later is difficult even if the IT department cooperates fully. Either the IT department is in control of the design of the db needed for some in-house tool or you are stuck back with the idea that folks (with no training in database management, formal or otherwise) are doing their db design in access and then moving the data over to a networked database server like MS SQL or PostgreSQL....

Re:IT department's nightmare (1)

YrWrstNtmr (564987) | more than 4 years ago | (#31633494)

Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be.

Generally, the job is not to dick around with the computer, but rather to produce something using the computer. Read and approve a report, produce a presentation, crunch some numbers in Excel.

I rail against the lockeddownness too. But in an org of that size, if you give people free reign, some people WILL screw it up. And when your org also contains the DoD, do we really want to allow 'free reign' to install and configure however you want?

Re:IT department's nightmare (1)

demonlapin (527802) | more than 4 years ago | (#31634090)

Free rein. Not normally a grammar nazi, but since the phrase appears to work with either word, I like to keep its origins alive.

Uh Oh (0)

Anonymous Coward | more than 4 years ago | (#31632828)

Emp. Added

With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface (UI) named Simple File Sharing and a new Shared Documents feature. This article describes the new file sharing UI and discusses the following topics:

Get em, DOJ!

Re:Uh Oh (1)

Logic Worshipper (1518487) | more than 4 years ago | (#31636990)

Not when your using active directory. You can't use your desktop to share with other users without the admin's permission.

U.S. House Passes Ban On Anti-Lobbying Efforts (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31632920)

read about it here [youtube.com] .

Have a weekend, loozars.

Yours In Ufa,
K. Trout

How am I supposed to patch World of Warcraft?? (0)

Anonymous Coward | more than 4 years ago | (#31632926)

Now how will I patch World of Wacraft on Federal Networks? Blizzard uses a torrent-based patching system. Won't someone think of the MMRPG players!?

Re:How am I supposed to patch World of Warcraft?? (0)

Anonymous Coward | more than 4 years ago | (#31633060)

Now how will I patch World of Wacraft on Federal Networks?

Even better question: why do you even think that you need to?

Re:How am I supposed to patch World of Warcraft?? (0, Informative)

Anonymous Coward | more than 4 years ago | (#31633288)

Morale reasons buddy! If you're deployed overseas in the military or even as a civilian contractor, there are fairly long periods of time where it can seriously get boring as fuck. I'd rather people blow off some steam in a game (when reasonable) rather than on other people or taxpayer bought materials and equipment. Besides bandwidth is typically cheaper in the long run than injuries, incidents, wastage, and damaged equipment.

what are ping times like over seas? and WOW may us (1)

Joe The Dragon (967727) | more than 4 years ago | (#31634262)

what are ping times like over seas? and WOW may use to much bandwidth to be download big updates like that.

Re:what are ping times like over seas? and WOW may (0)

Anonymous Coward | more than 4 years ago | (#31637686)

700-900 ms for the well connected folks... 1200-1800 for those lesser connected folks. The question is just how many sat hops you end up doing before you are connected into the global internet.

I am a network administrator for overseas DoD Networks.

Re:How am I supposed to patch World of Warcraft?? (2, Interesting)

matchhead650 (1680550) | more than 4 years ago | (#31635588)

Personal computer are not allowed on government networks, and you will get caught installing unauthorized software on a government computer. There are plenty of other internet options in the desert though.

Re:How am I supposed to patch World of Warcraft?? (1)

Sloppy (14984) | more than 4 years ago | (#31633704)

Hey, if I'm paying taxes for people to play games on the Social Security mainframe, they damn well be updated games with the latest patches to detect botting. We don't want our civil servants to slack on the job, automatically accruing gold and experience points while they sit back and read a book or something. Earn those achievements, government, or the Tea Party will vote you out!!

Bad law (3, Interesting)

LordSnooty (853791) | more than 4 years ago | (#31632944)

Why is computing subject to such vague law-making, so often? Do other sectors suffer to such a degree? Presumably, government law-drafters will call on experts to clarify finer points. But this often doesn't seem to happen with computing law.

Re:Bad law (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31633026)

Presumably, government law-drafters will call on experts to clarify finer points.

You spelled experts wrongs, its spelled lobbyists.

Re:Bad law (0)

Anonymous Coward | more than 4 years ago | (#31633116)

Why is computing subject to such vague law-making, so often? Do other sectors suffer to such a degree?

Absolutely. There is no sector of the law where somebody can't find a corner to hang all sorts of absurdity upon. That's why there is the legal code and the case law.

Perfectly reasonable (4, Insightful)

H0p313ss (811249) | more than 4 years ago | (#31632960)

If you read the bill it ONLY refers to OPEN-NETWORK p2p which they define as

The term ‘open-network’, with respect to software, means a network in which--
(A) access is granted freely, without limitation or restriction; or
(B) there are little or no security measures in place.

What part of this is unreasonable in any controlled environment? Can you think of any corporation that would allow such a thing?

I wouldn't even let my kids run such a thing.

N.B. This clearly does not cover things bittorrent since you have to explicitly publish individual files to it.

Re:Perfectly reasonable (0)

Anonymous Coward | more than 4 years ago | (#31633554)

Samba (SMB aka Microsoft Networking) qualifies as open-network by this definition.

Re:Perfectly reasonable (1)

H0p313ss (811249) | more than 4 years ago | (#31633904)

Samba (SMB aka Microsoft Networking) qualifies as open-network by this definition.

Samba can be secured. ANY unsecured distributed file system would qualify, any secured one would not.

Re:Perfectly reasonable (1)

mdmkolbe (944892) | more than 4 years ago | (#31633558)

This might be perfectly reasonable, but why does this have to be written into the law? Agency/Department rules seem like a more appropriate way to handle this.

Re:Perfectly reasonable (0)

Anonymous Coward | more than 4 years ago | (#31634646)

That's basically what the law does. In effect it tells the OMB to tell the agencies to deal with the issue.

Re:Perfectly reasonable (1)

BiggerIsBetter (682164) | more than 4 years ago | (#31637342)

I would say it's a reaction to ACTA. They're not an ISP, so have no safe-harbour, and therefore must ban anything like "open" P2P where they could potentially be held responsible.

Re:Perfectly reasonable (1)

supersat (639745) | more than 4 years ago | (#31637600)

The Internet is an open network. The SMB/CIFS protocol (which is the basis for Windows file sharing) lets you remotely connect to file shares over the Internet. Sure, most people have file sharing turned off (or at least firewalled), but Windows will still let you shoot yourself in the foot, just like P2P software will.

Re:Perfectly reasonable (0)

Anonymous Coward | more than 4 years ago | (#31639858)

Read the bill again. It applies to all networks (no restrictions to "open networks" in Sec. 2,) and directs the establishment of procedures for appealing for the use of specific software on open networks, on a case-by-case basis (2.b.)

The peer-to-peer definition may not apply to LDAP in general, as it concentrates on user-directed retrieval of files (Microsoft's LDAP-based Active Directory is excluded anyway under 4.3.b.iii ). NFS, SMB, FTP, HTTP, and CVS services do fall under the definition. Client-server applications are not inherently excluded, as long as "a compatible program, application, or software" (4.3.A.iii) can be used by the server's user to access or download files. I would expect most web servers in practical use also have a web browser installed.

Completely useless (1)

ZuchinniOne (1617763) | more than 4 years ago | (#31633006)

It's really a pity that politician don't think before they pass sweeping laws. As the net continues to grow and the way that we share data changes this law will almost certainly prevent the gov't from being able to do useful things online ... and will need to be adjusted or repealed.

And how exactly does banning P2P sharing prevent people from leaking classified docs?

Re:Completely useless (3, Insightful)

skine (1524819) | more than 4 years ago | (#31633504)

It's also really a pity that Slashdot admins don't think before posing sweeping accusations. As the number of political articles continues to grow and the way we rely on only reading the summary to understand the article almost certainly prevent users from being able to determine what is sensationalized ... and probably won't be adjusted or repealed when proven biased.

Well, after healthcare reform (0)

Anonymous Coward | more than 4 years ago | (#31633008)

After the debacle with Healthcare Reform does it surprise anyone that Congress would create an overly broad bill to carve out absurdly broad powers?

*ducks*

Code is Law (1, Insightful)

spazdor (902907) | more than 4 years ago | (#31633018)

Why is this being done as a federal law which regulates network users?

It seems to me that this is a policy that ought to be enforced by federal government sysadmins on their own networks, rather than by the government legislaors on the users of the network.
To use Lessig's parlance, this is a job for architecture, not law.

Re:Code is Law (1)

DrData99 (916924) | more than 4 years ago | (#31633198)

The way this works in reality (the words are in the bill, but may not be obvious):
The law instructs OMB to (within 90 days)issue guidance to agencies.
Agencies then have an additional 90 days to: ...establish or update personal use policies of the agency to be consistent with the guidance issued...
So congress passes law, OMB translates law into guidance, and agencies develop policies and procedures (architecture if you will).

Re:Code is Law (0)

Anonymous Coward | more than 4 years ago | (#31633750)

Why in the HELL did we need the law to begin with in this case?

So they can look like they're "doing something"? Wasn't the healthcare stuff enough damage as it was?

Re:Code is Law (1)

michael_cain (66650) | more than 4 years ago | (#31633848)

Why is this being done as a federal law which regulates network users? It seems to me that this is a policy that ought to be enforced by federal government sysadmins on their own networks...

In fact, the policy will be enforced by federal government sysadmins. Absent direction, those sysadmins (or their bosses) would be free to establish their own policies, possibly varying wildly from agency to agency, or choose to have none. But the only mechanism Congress can use to establish a single consistent policy is to pass a law. This is fairly routine; Congress passes lots of laws to establish policies for how the government is supposed to operate: document retention, required publication of results, etc, etc, etc.

Code is not Law. (0)

Anonymous Coward | more than 4 years ago | (#31635822)

(1)Code can be changed anytime at the whim of the dominating authority that owns that process, as is evidenced at the privy of the receptive King's or Queen's bench.
(2)Code is derived from the Legislative Enactment adhering to a mission statement representing a perview in limited liability.
(3)Code is a artificial construct with only detectable activities at variance to law.
(4)Code is not endemic but compliant in tolerable regards to negotiate and direct exchange between otherwise differing hosts.
(5)Law can't be changed and subconscious, never accurately translated but intentionally transcribed within scope of how it might adapt in a fictitious work of art re-played by actors in a theatre among audience to it's approval.
(6)Law is infra-natural and resonant.

(Ex. law is DNA, code is ploy of a Virus.)

But everything on the net is peer to peer! (0, Flamebait)

Hurricane78 (562437) | more than 4 years ago | (#31633062)

There are always at least two peers. And one of them, having the port open, is the server. Doesn’t matter if it has a GUI installed or is a laptop.

So in essence they are banning all connections that have a source and a target ip adress at the same time.

Wow. EPIC FAIL.

Re:But everything on the net is peer to peer! (2, Insightful)

vux984 (928602) | more than 4 years ago | (#31633270)

So in essence they are banning all connections that have a source and a target ip adress at the same time.

Or you could read the full article, and find out what they are really doing.

Wow. EPIC FAIL

So is a snap judgment based on a slashdot headline and reading the first few knee jerk responses.

Is it a good move by congress? No, not really. But did they really just ban connecting to the office network printer? No.

Re:But everything on the net is peer to peer! (1)

Hurricane78 (562437) | more than 4 years ago | (#31642208)

Only if you interpret things in the same completely wrong and retarded way as those idiots.

But I bet you also took the units of information from your TV host, and now talk in “libraries of congress” and clogging tubes, while referring to a lone display as “the computer”, because you got no fucking spine to stand by what you know (because you are the expert) is right, right?

Lame site... (1)

msauve (701917) | more than 4 years ago | (#31633176)

doesn't show the text in Opera. ( I'll assume it's a site problem, since Opera 10.51 scores perfect on all the acid tests).

Here's a better one [loc.gov] , and official, too.

executive branch cant develop its own IT policies? (0)

Anonymous Coward | more than 4 years ago | (#31633560)

thanks congress. Glad to hear it. You are a big help. Dont know what we would have done.

smb/ldap (1)

datapharmer (1099455) | more than 4 years ago | (#31633566)

Well unless they screwed up even more than usual, smb and ldap should be safe as they are server-to-client and not peer-to-peer... I can see this having some rather bad side effects on their network routing setups though.... No more netbios m-node etc.

Bill seems to contradict itself (1)

VTEX (916800) | more than 4 years ago | (#31633592)

It appears that this bill is extremely poorly written in how it defines peer-to-peer software:

From the bill:

(3) PEER-TO-PEER FILE SHARING SOFTWARE- The term ‘peer-to-peer file sharing software’--
(A) means a program, application, or software that is commercially marketed or distributed to the public and that enables--
(i) a file or files on the computer on which such program is installed to be designated as available for searching and copying to one or more other computers;
(ii) the searching of files on the computer on which such program is installed and the copying of any such file to another computer-- (I) at the initiative of such other computer and without requiring any action by an owner or authorized user of the computer on which such program is installed; and (II) without requiring an owner or authorized user of the computer on which such program is installed to have selected or designated another computer as the recipient of any such file; and
(iii) an owner or authorized user of the computer on which such program is installed to search files on one or more other computers using the same or a compatible program, application, or software, and copy such files to such owner or user’s computer; and

(B) does not include a program, application, or software designed primarily--
(i) to operate as a server that is accessible over the Internet using the Internet Domain Name system;
(ii) to transmit or receive email messages, instant messaging, real-time audio or video communications, or real-time voice communications; or

First off, wouldn't "the Internet Domain Name system" include reverse DNS? Secondly, "Peer-to-peer" software is nothing more than machines acting as both "clients" and "servers" and the broadness of what they believe "peer-to-peer" programs are could include public web servers.

The blind man describing the elephant (0)

Anonymous Coward | more than 4 years ago | (#31634048)

The House of Representatives ? ? ! !

That collection of dummies isn't smart enough to understand writing a check on an over-drawn bank account is fraud, under what stretch of the imagination are they qualified to define network configurations?

I'm sure they mean well, but then, so did the 5-yearold who put the cat in the toilet and pushed the flush handle thinking he was helping by giving the cat a bath.

An insider's perspective.. (0)

Anonymous Coward | more than 4 years ago | (#31634268)

I occasionally work as a lan administrator on a 'federally funded' network, and can tell you that network security on many fed networks as implemented is a joke.

True, there are some very secure federal government networks out there, but they are a hassle to try to use as they are 'whitelist' on just about everything (websites, software, applications), but it is the other end of the discussion that is more common. But at the same time I am jealous of the central command and control the lan administrators on those network possess.

There are US Government networks that are connected to the internet that:
- Do not have any automatic update services at all. Sneakernet updates on a CD-ROM.
- Virus scanning software is updated by hand distribution of definitions delivered by CD-ROMS mailed to the lan administrator.
- Open ports all over the place in the OS.
- Unneccessary applications installed.
- Multiple versions of the same software installed (Reader 7, 8, and 9.2!)
- No advertising blockers or adware removal tools.
- /User/Documents And Settings/ set to world readable/world writable.
- Active Directory incorrectly implemented.
- No "least permissions needed" policy. All accounts are administrators level.

On the other hand, you have the networks created by people who know what they are doing that have:
- Central point patch and anti-virus update management and distribution.
- GPO capability fully enabled.
- Compartmentalized active directory.
- File/Account permissions set properly.
- Operating system enforced password rotation/change policies.

I have actually seen a network whose 'security' was pretty much the limited bandwidth that it had to the outside world. It had 8 character passwords and no rotation/complexity policy. It was 3 years behind on patches and virus updates.

Uh oh, better turn off Windows Update! (1)

Xenophon Fenderson, (1469) | more than 4 years ago | (#31634276)

Because BITS is a peer-to-peer protocol [microsoft.com] :

Peer caching is a new feature of BITS 3.0 that allows peers (computers within the same subnet of a network that have the peer caching feature enabled) to share files. If peer caching is enabled on a computer, the Automatic Update agent instructs BITS to make downloaded files available to that computer's peers as well.

This is actually a really, really useful feature for those of us operating networks (on behalf of the federal government) with significant bandwidth constraints.

And never mind the fact that BitTorrent is great for transferring large data sets over slow and unreliable data links, even if it's just from one computer to another.

Re:Uh oh, better turn off Windows Update! (1)

TheLink (130905) | more than 4 years ago | (#31637832)

Windows Update could actually be intentionally turned off is many corporate environments.

The updates would be downloaded from a central location, and hopefully tested (to see if Microsoft has done yet another screw up or not).

And then they are pushed out to the clients via WSUS or whatever the company has decided to use for patch management.

Once you get to a high enough machine:admin ratio, it's often better to not have the computers self update just because Microsoft thinks it's time.

Re:Uh oh, better turn off Windows Update! (1)

Xenophon Fenderson, (1469) | more than 4 years ago | (#31650436)

BITS peer caching has its place even in environments that use WSUS [wordpress.com] .

Ultimately, what's ridiculous is the House's outlawing of a tool irrespective of intent. Sorry, no, it's worse than that. Because of their ignorance, they are attempting to outlaw an entire class of technologies that have great value to the federal government and its programs.

But without P2P.... (0)

Anonymous Coward | more than 4 years ago | (#31636040)

...how will we ever download those multi-mega page bills that seem to be all the rage in congress?

shooting the messanger (0)

Anonymous Coward | more than 4 years ago | (#31636122)

This is clearly an effort to shoot the messenger. P2P is ALWAYS used to send infringing material. P2P is NEVER used for any other purpose. Other methods of transmitting data on the internet are NEVER used to send infringing material. The mental retard who thought this one up, doesn't have ANY clue about what they are doing. When it fails, everyone cue up to laugh.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?