Hi, I work for the Internet Society, but this is my personal opinion. On Thu, Nov 26, 2020 at 02:59:10PM -0500, Rich Kulawiec wrote:
It would have cost them almost nothing to keep an old, separate email server with sufficient capacity and an appropriate contact database running on a disused desktop PC that was physically disconnected until needed. But they didn't. ]
I think this FTP discussion and the above share something, which is a presumption that there are things that are just sitting around and that don't require any attention. I think this is false, and I would like to suggest that just about everyone in this discussion knows that to be the case, but is forgetting it because the costs are externalized. This isn't meant to be a criticism, but just to draw to attention an important consideration about who decides. At a high level of abstraction, of course, FTP and the "old disused desktop PC that is physically disconnected until needed" have this quality: you just put them in place and ignore them until you need them. Yet we all know, I hope, that services that are actually connected (as would be the case for the FTP service) do in fact consume resources. If you're the sysadmin, every service you're operating is another threat vector and also another thing you have to test whenever upgrades are needed or migration has to happen. It's another monitor you need to maintain, and another opportunity for the pager to go off. Someone has to pay those costs, and the discussion about FTP ought to reflect, in fact, that there's a trade-off between those who want the service and those who are going to have to pay the maintenance costs. (Emphasising that I'm speaking for myself, I'd find the case for maintaining FTP to be a lot more compelling if the FTP preservationists were offering to run it.) Similarly, even though it is the inverse case, the system that has been unplugged long enough is rapidly shown to be worthless when it is put into use, unless it has been maintained, updates applied, and configuration changes related to the changing environment were kept up to date. Heaven help the shcool administrator who decided on a best-effort "keep the old PC around" strategy that had old contact data, contact data for former students, and that was missing new students' contact data. This is the reality behind the evergreen refrain, "Test your backups." As a practical matter, if you don't treat things you plan to rely on in emergencies as a first-class part of your production environment, they're much worse than nothing. They're false promises. So the real question has to be whether the additional protection is worth the cost of providing it. Too often, the way that calculation is made is, "Is it worth it _to me_ to keep this thing given that the cost is borne by someone else?" Some of those costs are in dollars only in a notional sense, and we don't need to care about the costs because it's someone else's problem. But I don't think that is a reasonble way to evaluate the trade-off. We should evaluate the trade as though we ourselves are paying the cost and receiving the benefit, and we should be scrupulously honest with ourselves about what those costs are likely to be in practice. Best regards, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxxxxx
