Does your D-link product need to be on ??

Discussion in 'Network Routers' started by Dave (from the UK), Apr 15, 2006.

  1. You may be aware from the BBC article

    http://news.bbc.co.uk/1/hi/technology/4906138.stm .

    or elsewhere that there is a serious flaw on many D-link products which
    get the time from the Internet using time servers. Whilst many time
    servers are open for anyone to use, D-link products are using those
    which are not.

    The time servers being abused are owned by individuals, the military,
    the US Government, some academic institutions and commercial companies.

    One owner of a Dutch time server at least is incurring very large costs
    due to this and even more costs in paying a consultant to find the problem.

    http://people.freebsd.org/~phk/dlink/

    To my knowledge no owners have asked for users to switch off their
    D-link products, but given they are abusing the time servers, it would
    be sensible to keep them switched off when not absolutely necessary.


    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 15, 2006
    #1
    1. Advertisements

  2. Its not a dutch but a danish server.
     
    Jakob Salomonsson, Apr 15, 2006
    #2
    1. Advertisements

  3. Sorry. You are right of course - I don't know what I was thinking of there.

    But it now appears there are forty odd servers throughout the world

    http://people.freebsd.org/~phk/dlink/letter2.html

    where this abuse is happening. So people with D-link products might
    well be using several of these without permission.


    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 15, 2006
    #3
  4. Its stupid done of D-Link
     
    Jakob Salomonsson, Apr 15, 2006
    #4
  5. Dave (from the UK)

    Scott Alfter Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    It would be even more sensible to change router settings to use an alternate
    address (like us.pool.ntp.org) instead. Instead of your router pinging
    addresses it shouldn't when it's on, it'll never ping those addresses at
    all. There's an option in there (in the DI-604, at least) to specify an NTP
    server to use. Fill it with something from *.pool.ntp.org and you're all
    set.

    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( http://alfter.us/ Top-posting!
    \_^_/ rm -rf /bin/laden >What's the most annoying thing on Usenet?

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFEQVoZVgTKos01OwkRAnxmAKDPm4UsgAkgGg6JOS8ADovd8CxyiACfQbPo
    wp9xSamK+rbVDeNjxDUDjTo=
    =SQgD
    -----END PGP SIGNATURE-----
     
    Scott Alfter, Apr 15, 2006
    #5
  6. Dave (from the UK)

    nobody Guest

    My old DI-804U doesn't seem to have such an option. But it surely
    pre-dates 2005 (that's when the problem started, as the BBC article
    states).

    NNN
     
    nobody, Apr 15, 2006
    #6
  7. True, but for many models the time servers can't be changed - the
    DWL-700AP I own is one such model. But the time servers it uses are OK
    to use.
    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 15, 2006
    #7
  8. That BBC article is not well written, so I would not tend to put much
    weight on what it says.

    Although the issue with the Danish time server started in 2005, there
    are many other time servers which are being accessed by D-link products
    which have restricted access.

    I have no idea if the names or IP addresses of any of those time servers
    were coded into older models - I suggest you ask D-link about the
    particular model(s) you have. You can get to their support page at:

    http://support.dlink.com/


    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 15, 2006
    #8
  9. Hmmm, usual Bimbo Broadcasting "Science & Technology" reporting job. Where
    do they get those people?
    Uhh.... where are those "many time servers"?
    This is not a question of "switch off". In fact, if the gateway/routers
    work well this would aggravate the "problem" because every switch-on would
    cause a look-up. Besides, people with ADSL or cable access want/need a
    permanent connection anyway.

    Why don't you check the NTP server which your Internet Gateway/router is
    using for NTP look-up? Mine -- not a D-Link -- is set from the factory to
    look up clock.isc.org and is so documented in the mfr's docs. In fact I've
    tried to find a Stratum-2 NTP server but none of those which were
    "documented" worked. The problem here is that the NTP "community" has
    their heads up their a... err, in the sand with their "open access - please
    notify by e-mail" and "use name only" comments and their docs are either
    obsolete or impossible to follow. Do'h this is not a lot of help.

    In the office I have our DC set to use time.nist.gov because I couldn't
    find anything else which worked - my ISP has a NTP.<ISPName> which maps to
    an IP address but the time look-up fails there. I suppose there's
    time.windows.com but I had trouble getting a response there - hardly
    surprising because that's what every (U.S.) Windows XP system is set to
    use.... and do we all want to depend on Bill Gates for our clock-time
    now?;-)

    I wonder how the conclusion was reached that *only* D-Link was at fault
    here? AFAIK D-Link is one of the few vendors which actually makes such
    equipment - it might be that their OEMs don't reprogram the NTP-Server
    field/algorithm in the configuration. It could also be that D-Link owners
    spend a lot of time re-booting their gateway/routers.:) If the Danish guy
    is getting a lot of hits, who do you think is responsible for programming
    his NTP Server address into D-Link routers?

    Calling this "vandalism" and "abuse" is nuts IMO. If you set up a Time
    Server, it's gonna take a LOT of hits simply because Stratum-2 is a mess of
    obsolete, non-functioning addresses. I have to ask what gateway/router
    vendors are supposed to program into their devices for "default" NTP
    look-up, given that most end-users are not expert enough to be fiddling
    with the configuration settings. Ideally, the ISP who supplies them to
    end-users would have a functioning NTP Server and then program that address
    in before delivery but that does not happen... apparently.
     
    George Macdonald, Apr 16, 2006
    #9
  10. Yes - I agree. That is particularly badly written I think.
    I have done - but it is not easy to do.

    It required downloading the firmware, decompressing *part* of the file
    and then using the strings command in UNIX to find the IP addresses.
    From that, the name of the servers could be found.

    The buy in Denmark whose time-server is affected told me how to do it.
    I doubt you should be using that.

    http://ntp.isc.org/bin/view/Servers/ClockIscOrg

    ServiceArea: BARRnet, Alternet-west, CIX-west
    AccessPolicy: OpenAccess
    Have a look at the above site and find one. Or use this (explanation a
    bit further down)

    Worldwide pool.ntp.org
    Asia asia.pool.ntp.org
    Europe europe.pool.ntp.org
    North America north-america.pool.ntp.org
    Oceania oceania.pool.ntp.org
    South America south-america.pool.ntp.org
    What is abuse then? Accocding to

    http://en.wikipedia.org/wiki/Abuse

    * Abuse is a general term for the use or treatment of
    * something (person, thing, idea, etc.) that causes some
    * kind of harm (to the abused person or thing, to the
    * abusers themselves, or to someone else) or is unlawful
    * or wrongful.

    If, as in this case, Pou-Henning is getting a large bill for the
    lockups, which are making up 90% of his traffic, then it is causing him
    harm. So it is abuse.
    I don't think it is a mess, but even if it was, that does not excuse you
    using one you don't have permission to use.

    My comptuer might be slow. Does tham meean I can use your computers
    resources without your permission?
    How about gateway/router vendors providing their own time servers,
    rather than use others without permission? It is not actually that
    expensive. A GPS receiver with a 1 pulse per second output connected to
    a Standford Research PRS-10 rubidium source would make a nice one with a
    72-hour holdover for stratum 2 if the GPS is lost.

    Or vendors can use a pool that have agreed to be in a pool

    http://ntp.isc.org/bin/view/Servers/NTPPoolServers

    i.e.

    Worldwide pool.ntp.org
    Asia asia.pool.ntp.org
    Europe europe.pool.ntp.org
    North America north-america.pool.ntp.org
    Oceania oceania.pool.ntp.org
    South America south-america.pool.ntp.org

    There are several more ways they could do it. They could for example use
    something like DNS. The router contacts the vendor's server which
    returns the IP address of a publically available time server. The router
    then connects to that to get the time.

    There are *many* way this could be implemented, but using a random NTP
    server that does not allow access is not a good way.
    Also, many like myself don't use a modem supplied by my ISP. And there
    are other devices, like my WiFi adapter which are not suplied by the ISP.


    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 16, 2006
    #10
  11. Yeah I knw where the "list" is but like I've said, many just don't work -
    the list is obsolete.
    So they're selling routers which are not configurable for that setting? I
    haven't seen a lot of different brands but my router does not show or allow
    changing the setting from its Web-based interface - have to use the Command
    Line from a Telnet session... which means reading the docs. This is not
    stuff for the average "consumer".
    Why should I not use it? It's one of the few with Open Access and no
    notification message required. It's even possible that the router mfr has
    obtained permission based on assurances of non-abuse and reasonably coded
    frequency of look-ups. If someone wants me to obey some "Service Area"
    convention, they'd better explain what that means - no such explanation is
    easily found.
    "Vandalism" requires some intent to do harm or "abuse". This was a mistake
    - the indignation of the recipient is overblown IMO given the extent of
    (lack of) guidance offered by, and the functional state of, the NTP
    infrastructure. It also appears that DK has no Stratum-2 servers at all
    and only two Restricted Access ones in Stratum-1 which both say "Open
    access to servers, please, no client use". Hmm, difficult to know what
    they mean by "servers" but it does seem like there is a problem with the DK
    Internet NTP infrastructure.

    The ethics of the situation are quite well covered in the University of
    Wisconsin/Netgear case - there's plenty of blame to go around and plenty of
    targets - things could have been done better all around.
    When you go look up a source of documentation, and follow their obscure,
    poorly written descriptions, written in their byzantine terminology, and
    find that after trying 3 or 4 of the apparently recommended "active" sites
    and none of them work, frustration generally leads to something which does
    work... even if it requires a "notification message".
    Ridiculous extrapolation. For one thing, I do not "publish" the method of
    access to my computer. What will most people do when faced with "here it
    is; don't use it... but nothing else, which is geographically close, is
    available"?
    Making up rules after the fact is always easy. AFAIK the "pool" concept is
    relatively new - things are continually evolving here and the rules in
    place now are not necessarily what was offered when firmware for any given
    router was being written. Also, the "Rules of Engagement" and other docs
    are hardly written for a quick reference.
    I'd think *most* gateway/routers are acquired by end-users and SMBs from an
    ISP - it would certainly help if NTP had a similar hierarchical structure
    to DNS name caching.
     
    George Macdonald, Apr 16, 2006
    #11
  12. Most seem to work for me, but I use a Sun workstation, not a D-link
    router, so I can't say I have tried with this. I suspect the muppet
    routers don't implement the protocol as well as the Sun.
    I'm not aware it can be done on mine at all. Luckily, none accessed have
    any restrictions.

    The ServiceArea is the geographic and/or network area the TimeServer is
    intended to serve.

    I personally did not use the word vandalism. But I think abuse is correct.
    Well, you don't have to use a local server and should not use a local
    one if it restricts access.
    I accept there is a *big* difference between intentionally hacking a
    machine (me hacking yours) and you or anyone else using an NTP server
    without realizing it. One is an accident, the other a deliberate act.

    But once you are aware you are not welcome at an NTP server, then I
    think the difference disappears.

    I will ask you the same question I asked the person posting as:

    Borked Pseudo Mail - ''

    If you were asked by an NTP server administrator (such as the owner of
    the Danish one) to stop accessing that server, and you were unable to do
    so by a firmware upgrade or reconfiguring the router, would you continue
    to access his server, even though he had asked you not to? If you had
    no other option, would you switch your router/modem off and not use it?

    Furthermore, what if the person asking you was from the US government or
    the US Navy, both of whom timeservers are being abused? Would you
    continue to use their time servers if you had no way of stopping your
    D-link product from doing it without switching it off?

    BTW, your ISP, Tellurian, might have something to say about it, as it
    would be against their rules:

    http://www.tellurian.com/usagepolicy.asp

    In particular:

    * Any "denial of service" attack, any attempt to breach
    * authentication or security measures, or any unauthorized attempt
    * to gain access to any other account, host or network is
    * prohibited, and will result in immediate service termination,
    * which may be without notice.

    I think you using the NTP server then would be an unauthorized attempt
    to gain access to another host.
    So that makes it right?

    I suggest if they are in the US, it would be rather foolish to continue
    to do it should a US government or navy official ask you to stop.
    No, the rules were in place before. I am not suggesting any rules at all.

    If vendors chose to implement products which use NTP servers it is up to
    them to work out how to do it without accessing other servers their
    intended end users are not supposed to. It is not up to me, or anyone
    else to tell them how to do it. I am just saying there are ways, but it
    is their decision. The rules have been in place a long while.
    I suspect, but don't know, that for a gateway router where the time can
    only be set to 1 second resolution, it makes no difference if you use a
    near or distant NTP server. The protocol corrects for network delays.
    Correction improves when multiple time servers are used but I doubt it
    is necessary unless the resolution is better than 1 second.

    On my own system, 5 time servers are used and corrections rarely exceed
    50 ms.

    My PDA usually syncs to a local time server (one of my own computers),
    but even if I send it to a distant one the other side of the Atlantic,
    the corrections are under 1 s.

    But to what accuracy you can set the time is really irrelevant for the
    discussion. You should not access ones you are not welcome at and to me
    at least continuing to do so once you are aware of the issue is no
    different from hacking another machine.

    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 16, 2006
    #12
  13. Dave (from the UK)

    Franc Zabkar Guest

    I have a DSL-302G modem/router. I don't use SNTP because the modem
    appears to write the updated time to its flash EEPROM every 15
    minutes. If I ran it 24/7, then this would result in approximately
    32,000 writes per year. IMO, it would have been better for the time to
    have been stored in RAM.

    - Franc Zabkar
     
    Franc Zabkar, Apr 16, 2006
    #13
  14. Dave (from the UK)

    Keith Guest

    ...and it wouldn't last more than 30 years at that rate! Sheesh!
     
    Keith, Apr 17, 2006
    #14
  15. Not if it defaults to a 24 hour update like mine does as I doubt very many
    broadband users operate their machine(s) less than once a day. And if it
    syncs at power up your suggestion would make the problem worse.
     
    David Maynard, Apr 17, 2006
    #15
  16. A bit Draconian to hold the user 'responsible' for something they're not
    only clueless about but unable to change even if they knew, don't you think?

    The question is 'who'?, knowledge, and intent.

    And just how is the individual user made 'aware'? And that includes made
    'aware' by an authority recognized to have the claimed authority.

    Things are seldom that simple and especially not when trying to lay blame
    and responsibility on people who had not one shred of participation in, nor
    knowledge of, the decisions leading to the alleged 'abuse'.

    First, your premise is self serving, pardon the pun. Accessing his server?
    You must be kidding. According to your comments above there's essentially
    no way for the user to even know a server is being accessed at all and now
    someone completely unknown claims a 'perfectly fine', according to the
    manufacturer of said item, is 'abusing' his server? Why should the end user
    believe this story?
    Now the end user *knows* he's kidding, or has no idea what the heck he's
    talking about, or is some new kind of internet fraud.
    The end user has no reason to worry about such a scenario because the gov
    knows who to go after: the manufacturer.

    The user is doing *nothing* nor making any 'attempt' to do something nor
    even aware anything is being done.

    Maybe I missed it but I'm not aware of any 'US government' announcement to
    stop using home routers.
    And if you got an unsolicited phone call from someone you never heard of
    saying your perfectly fine coffee maker was screwing up their toaster oven
    on the other side of the world you'd immediately unplug the thing and stop
    using it, right?

    The point isn't that the technical details are equivalent, the point is
    you're trying to lay blame onto folks who might think the analogy is accurate.
     
    David Maynard, Apr 17, 2006
    #16
  17. Yes I accept that if it only updates once/day. It seems to vary an awful
    lot - on some the time server can be configured, on others it can't. On
    some the update interval may be configured, on others it may not.

    I know mine can not be configured, but I also know all the servers are
    open-access, so it is not an issue.

    However, many of these D-link products are connecting to US military or
    government sites for which access is restricted.

    If the product is under warranty and you can't configure it to avoid
    restricted time servers, it *might* be possible to get a
    refund/replacement - it would depend an awful lot on the law in your
    country and/or the dealer you bought it from.

    If you can configure the ntp servers, the following will connect you to
    a random time server which has no access restrictions.

    Worldwide pool.ntp.org
    Asia asia.pool.ntp.org
    Europe europe.pool.ntp.org
    North America north-america.pool.ntp.org
    Oceania oceania.pool.ntp.org
    South America south-america.pool.ntp.org


    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 17, 2006
    #17
  18. I am not using a D-Link router. The list has nothing to do with routers
    per se - it's principal purpose for me is setting accurate time for our DC
    which, of course propagates to all other computers on the domain. The
    experience of finding a reasonably close, working, reliable NTP server was
    extremely frustrating... to the point of having to examine the Win 2K
    server logs for the evidence - I didn't need that diversion. I eventually
    found a recommended doc somewhere which said it's "OK" to use
    time.nist.gov, as long as it's not excessive, so I used it.
    That would be surprising.
    Yes, I can gather that much... OBVIOUSLY. This does not preclude that a
    mfr whose HQ is in a given area cannot arrange to use a server in that area
    for all its U.S. sales. For the "network areas" it's not a lot of use to
    specify a bunch of inner-circle coded names without explaining to the
    end-user what they mean. It's almost like those people *want* to
    obfuscate... invent some cryptic language for themselves and then have the
    nerve to complain when some naif violates their *unexplained* encoded
    rules.
    Depends what you mean - their after the fact attitude on correcting the
    situation and financial/technical compensation is abusive (U.S. lawyers...
    which I gather the UK lawyers are "learning" from). The incident itself is
    just an honest -- but likely incompetent -- mistake... with catastrophic
    results.

    OTOH, the guy is supplying a service to the majority(?) of the Danish ISP
    industry... who are profiting from the Internet in general... some of whose
    clients are no doubt using D-Link gateway-routers. The silence about their
    reaction, other than apparently wanting to apply excessive charges to their
    NTP "supplier", is incongruous to say the least... clean hands??
    The trouble is "restricted" has degrees of enforcement in general - the
    guidelines are malformed and badly expressed... and the anecdotal reports
    are ambiguous.
    That depends: e.g. my router only does a look-up on restarts, cold or warm,
    and AFAIK does not poll excessively to get synced, so I don't feel that's
    an enormous abuse; the Netgear and D-Link cases should have probably been
    the subject of a recall. I still don't understand why they continue to
    poll every hour or so once synced but, given that the D-Links have a
    configurable NTP address the ISP industry, at least those who supply D-Link
    gateway-routers bears some blame for the situation.
    I'm not using their servers and I'm not that interested in discussing
    hypotheticals as they apply to me.
    What NTP server are you talking about? Now you're getting impudent without
    assimilating already presented facts. I think you know what the above
    means and is targeted at - applying it to a published list of servers which
    are poorly documented might result in some "advice" on how to do things
    right *BUT* he'd have trouble taking things further since ntp.tellurian.com
    *does* exist but does not work. This same ISP supplied the gateway-router
    No, the rules have been in flux for a while.
    Depends on how the algorithm is implemented. Windows 2K/XP gives up if it
    can't get a consistent delay. It seems self-evident to me that use of a
    geographically close server is a better choice from several POVs.
     
    George Macdonald, Apr 17, 2006
    #18
  19. Peronsally I think the manufacturer (D-link) should take responsibility.
    At the minute users have not been made aware except via news reports and
    posts on newsgroups, but in principle they could be notified.

    According to The Register

    http://www.theregister.co.uk/2006/04/13/d-link_time_row_escelates/

    D-link have said they are aware of it and there may be a statement after
    Easter.
    I'm not blaming end users - I think the manufacturer is to blame. But
    end-users are actually using the time servers now. The legal
    implications of this in England are far from clear - I have no idea in
    another country.
    In the case of the Danish time-server, it is personally owned by an
    individual with an interest in accurate time measurement.

    http://people.freebsd.org/~phk/
    Well, despite claims on sites like the BBC that there is a problem,
    there is a distinct lack of denials from D-link, so you might reasonably
    assume there is some truth in this.

    A technically savvy end-user could determine it for him/her self. They
    may be able to inspect the firmware downloaded from the D-link site (as
    I did) following the suggestion of the Danish time server owner

    Or they could look at their firewall logs which should show the
    connections.
    Well it has hit the BBC in England, which has a reasonable amount of
    respect worldwide - although I am the first to admit this article is not
    very well written.

    http://news.bbc.co.uk/1/hi/technology/4906138.stm

    The technical reasons are not that hard to follow.
    I agree the manufacturer should be responsible, but it is not clear (at
    least in England) who is legally responsible.

    D-link have offered some money to the owner of the Danish time-server,
    but he feels it is insufficient.

    http://people.freebsd.org/~phk/dlink/

    Having had dealing with him before and know how much he has contributed
    to the FreeBSD project, I know that the extortion D-link claim would not
    be valid.

    But the manufacturer really can't do much about units in the field
    unless the end-user updates firmware.

    To me, the only sensible solution now, given many users will not update
    firmware, is for D-link to pay the time-server owners for the increased
    bandwidth. Then end users don't have to even update the firmware, as
    access to the time servers will be allowed.
    I agree they may not be aware (but some will be, as a results of posts
    like this).
    There is not. That is why I used the word "should" in there.

    It is not inconceivable that such a request will follow from one of the
    many US government time servers being abused. Not even the owner of the
    Danish time-server has requested it.

    However, more likely the military will move the names and IP address of
    their time-servers, alter all the machines that connect to the time
    servers, then send D-link the bill. That could be huge.

    If I had shares in D-link at the minute I would sell them!!

    No, but here it is a bit different.

    1) The story has hit numerous newsgroups, websites, including the BBC.
    Google has 73,000 hits as I write, but there is no denial from D-link.

    I think it would be reasonable to assume there is a problem if places
    like the BBC report it, but never report a denial from the company.
    There is no denial of this on the D-link web site.

    2) I can understand the logic here, but I would not the toaster/coffee
    maker one.
    I am *not* trying to lay blame on the end users. I feel D-link are to
    blame and should pay for their cock-up. If I was an end-user, and it was
    not possible to solve it with a firmware upgrade, I'd look at returning
    it under a warranty.

    --
    Dave K MCSE.

    MCSE = Minefield Consultant and Solitaire Expert.

    Please note my email address changes periodically to avoid spam.
    It is always of the form: [email protected] Hitting reply will work
    for a couple of months only. Later set it manually.
     
    Dave (from the UK), Apr 17, 2006
    #19
  20. 'Could be' but they still had nothing to do with it.
    About time (too good a pun to pass up)
    Glad to hear it but your whole argument, after stating 'the problem', has
    centered around the end users.
    See? After saying you weren't blaming end users you didn't manage even one
    more sentence before an implied threat of "legal implications."

    That's nice.
    Might. Might not. Might not know about it. Might wonder why it's 'their
    problem'. Might assume a 'business' is always wrong. Might think it's a
    matter for the courts. Might notice that there are tons of accusations and
    law suits everyday and not everyone is 'right'. Might imagine that if
    they're to do something someone will will at least drop a hint. Lot's of
    'mights'.

    "Technically savvy end-user" is almost an oxymoron and most people have
    enough things on their plate, some of which they actually care about, to
    become 'investigators' over a problem they likely don't understand in the
    first place even after being supposedly 'told', much less with a muddy story.

    Read the "theregister" link you just posted. There's not the slightest
    *hint* the end user is even involved, much less any clue whatsoever they
    should 'do' something about it. It's all 'd-link is' this or that. "D-Link
    is freeloading..."

    They'd have hard enough time getting clueless users to understand the
    matter if they *asked* for something. What would you expect the odds to be
    when they don't?

    No need to: "D-Link is now taking action."

    Nothing for the end-user to think about.

    Besides, if Mr. Poul-Henning Kamp and his gurus "have no way of figuring it
    out" then don't expect the end-user to.
    I'm not a court but, so far, nothing you've posted in the way of 'news' has
    even hinted the end-user has been asked to do anything and it's my guess
    that you suggesting some unspecified number of end-users 'probably heard
    about' the problem and should have then jumped to attention, investigated
    the matter, somehow figured out if their router is an affected model then
    taught themselves about time servers and router firmware, found a
    'solution' and then implemented it, all on their own, even though no one
    asked them to do anything, is going to be a hard sell.

    How the responsible parties resolve, or not, their dispute is their matter.

    I was dealing with your claimed point that simply because something the
    end-user had no knowledge of, nor decision process in, supposedly creates a
    'problem' he knows virtually nothing about, and likely wouldn't fully
    understand even if they had heard of it, and for which they haven't been
    asked to do a blessed thing even if all the rest were known, then that
    constitutes sufficient cause to accuse the end-user of "abuse." I'm saying
    it doesn't.

    But the point was that the hypothetical you proposed is inappropriate
    because no such thing has taken place from either the government *or* the
    owner of the time server in question, nor from any news article I've seen
    you post.
    Actually, it is because they would, at least first, go after the
    manufacturer who created the problem.
    Precisely, so it's premature, at best, to start accusing end-users of
    'abuse' when none one of any authority has asked them to do a blessed thing.

    Not without first contacting d-link to register the complaint and attempt a
    resolution.

    Which I said in the very next line.
    If you had waiting to respond till you read the next sentence you'd know
    that the end-user 'not understanding' was the point. Especially when the
    'news' gives no indication of the affected models, does not ask for
    anything to be done, and states "D-Link is now taking action."

    Then why are you arguing about end-user 'abuse' and how 'they could find
    out', should 'do something', and postulate 'legal implications'?
    The typical end-user won't because no one's even hinted they should/could
    do anything, much less asked, there's no clue given as to which models are
    affected (in the 'news' anyway) and everything 'works fine' as far as they
    can tell.
     
    David Maynard, Apr 17, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.