Full Disclosure mailing list archives
RE: Please post to the list
From: ratel <ratel () mailvault com>
Date: Sat, 23 Nov 2002 17:01:01 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- On 23-Nov-2002 13:03:24 -0500, you wrote:
Two words: AIR GAP.Not an option, therefore not worth discussing.Actually, it is an option, just not one you're in a position to take. Someone in your institution chose convenience over privacy long ago, fine. So did nearly everyone. But you can't pretend it's not a tradeoff.No, it's not an option. A university that disconnects from the
Internet is committing institutional suicide. In less than one semester, that university would be out of business. The faculty would be the first to leave, and the students would follow quickly. I didn't say disconnect from the internet, I said don't leave anything you really value on boxes you connect to the internet. As I said, it's all a tradeoff; surely it's within your power to encourage compartmentalization at least a little bit. All I know is I definitely rest easier knowing that any of you could root my machines to your heart's content and find nothing much of interest. On an individual level, removable storage media in a drawer next to your desk isn't that expensive and sure saves you some serious stomach acid. Speaking of stomach acid, I have reason to distrust IRC so profoundly I won't touch it unless I'm personally logging in from a completely separate and clean laptop that doesn't have even one byte of my real information on it. Is all the trouble really worth it to me? yes. Would I be arrogant and foolish enough to start issuing dares to people I don't know about how secure I am? You must be out of your mind. As long as you're connected to the internet at all you're running a risk. You make the informed choice about how much risk to take, you live with it. We're all in the same boat in that respect.
Do you really think the average sysadmin cares?No, not at all. I know the average American doesn't give a damn about anything beyond comfort and convenience. Who cares about abstract ideas, what governments do or what's happening our civil liberties as long as we've all got our cushy sysadmin jobs, TV, porn, and cold beer, right? I think the fact that so many intelligent and talented people are so complacent and apathetic is a real shame.Nice try. My statement was made *in the context* of this discussion of network
security, *not* as a blanket statement covering all situations. It *is* possible to deeply care about what goes on in government without being foolish enough to protest those actions within the context of the job you've been hired to do. I don't know what kind of jobs you've had--but can't you imagine that seeing some serious corruption and rot in your own sector and not speaking out against it (or trying to counter it in some way) would have the distinct possibility of leaving an incredibly bad taste in your mouth? I just can't accept the idea that we're somehow obliged to check our critical faculties and values at the door in the name of getting a paycheck. And I'll bet anyone who ever has knows exactly the kind of feeling I'm talking about. Almost palpable, isn't it.
And frankly, I don't *know* any admins whose jobs are cushy. (Perhaps
this reveals your ignorance on that issue.) I've known some incredibly cushy and incredibly hidebound and lazy admins and ISSOs, yes. Not at a university or small company, true. If that comprises the bulk of your experience, I'm certainly not one to argue with you.
The admins I know are overworked and underpaid, putting in many long hours outside the office to keep up with all the issues they have to deal with. I personally work about 12 -14 hours a day - 9 at the
office
and the rest at home, and I don't get weekends off. Not because my employer demands it, but because it's not possible to do the job I expect myself to do and keep up with changes in the industry in a 40 hour week. (I'm not complaining either. I *love* what I do.)
Well, you're a better man that the ones I was thinking of, that's for sure.
You sidestep the whole issue of the implication of governments being all-too-willing to keep vulnerabilities to themselves by dragging in something somebody else happened to have said in the same forum. Good job.I don't sidestep it. In the context of my job, there's *nothing* I
can do about it. Obsessing about it is simply a waste of the precious time that I have. Governments will do what governments will do. That's what most Germans under Hitler said. That's what the Chinese under Mao said, that's what the Russians said under Stalin said. I could sit here all night listing historical examples of people who said that. However, that's not what the Founding Fathers said. Nor any of the other people I respect most.
And I will vote my conscience on the issues. It is for others to
crusade > on issues that inspire them. I crusade on the ones that inspire me. As long as you're doing something. I've just come to the point where I feel like I haven't been doing enough.
So you actually mean to say you think JTF-CNA analysts believe in full disclosure? Oh wait, you don't care. Nevermind. Dream on.No, I never even hinted that. I'm simply saying that, within the
context of what I do at work, it's irrelevant. Irrelevant to your job, maybe, but I have a feeling one of these days sometime soon it's going to become all-too-apparent why it's not irrelevant to your life.
Unfortunately, I do lay awake at night about what's happening to this country. I wonder how bad it'll have to get before you quit feeling so smug and stop laughing too.Jesus once said, "The poor you will always have with you." I would
say, "The evil (or mal-intentioned, if you will) you will always have with you." But will the institutional structures coming into place in the form of the Department of Homeland Security, the Patriot Act, Palladium etc. give them the upper hand? Someone once said fascism is a condition where laws succumb to lawlessness in favor of the power of the state. If they keep chipping away at the Constitution and rule of law, that's exactly where we're headed.
Many americans don't believe it, but the place to effect change is the
ballot box. Always has been, and always will be. You don't have to be a ranting crusader to make changes occur. You simply have to vote and convince others to vote with you. Oh well, it's a start. http://www.lp.org Ratel. *** "Americans used to roar like lions for liberty. Now we bleat like sheep for security." - Norman Vincent Peale. -----BEGIN PGP SIGNATURE----- Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com iQA/AwUAPd/6VOYNtyh3zif9EQIYPwCg9v8pGMw40A67bTv3cfZtNg06FxwAoJM5 itDAlE+kp9DRSZrULS48aVyv =seOm -----END PGP SIGNATURE-----
Current thread:
- RE: Please post to the list, (continued)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Day Jay (Nov 22)
- Re: Please post to the list Alexander Bartolich (Nov 22)
- RE: Please post to the list b0iler _ (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- Re: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 22)
- RE: Please post to the list ratel (Nov 22)
- RE: Please post to the list Schmehl, Paul L (Nov 23)
- RE: Please post to the list ratel (Nov 23)
- Re: Please post to the list John Andersen (Nov 23)
- RE: Please post to the list Schmehl, Paul L (Nov 23)
- RE: Please post to the list Schmehl, Paul L (Nov 22)