Full Disclosure mailing list archives
RE: Who's to blame for malicious code?
From: Steve Wray <steve.wray () paradise net nz>
Date: Wed, 21 Jan 2004 20:43:49 +1300
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Paul Schmehl
[snip]
We expect people to change the oil in their cars regularly. Why don't we expect similar behavior in the computer world? Would you blame OpenBSD if a user got hacked because he hadn't bothered to patch?
The car analogy is a good one I think, to an extent. Something that I'm looking into at the moment are better ways to manage computer systems (see www.infrastructures.org) I think that the way we generally build and maintain computers today is a lot like the way that cars were built and maintained in the days before Henry Ford; each one is largely hand-build and maintained by craftsmen (ok, crafts *people*). There are ways to roll out identical builds and there are a few systems, largely still under development, for maintaining numbers of machines en-masse, but this really is in its infancy. The IT trade needs to grow up a bit. I fear that one of the problems in the IT industry, is that lots of sysadmins are very *very* keen. They are hard working. They typically *love* fixing computer problems. Thats the problem. They love fixing computer problems *so* much that they don't mind when computers go wrong. They love it, especially the hands-on approach, which is where all the time goes; manually logging in and editing files, etc. Me? I *hate* fixing computers. I am lazy as hell. So I try to make sure that they *don't* go wrong in the first place. Admins who leave it till something goes wrong and then *gleefuly* fix it up are the bane of my existance. ;) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Who's to blame for malicious code? Schmehl, Paul L (Jan 20)
- Re: Who's to blame for malicious code? Tobias Weisserth (Jan 20)
- Re: Who's to blame for malicious code? Paul Schmehl (Jan 20)
- RE: Who's to blame for malicious code? Steve Wray (Jan 21)
- Re: Who's to blame for malicious code? Ron DuFresne (Jan 21)
- Re: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
- Re: Who's to blame for malicious code? Paul Schmehl (Jan 20)
- <Possible follow-ups>
- Who's to blame for malicious code? Schmehl, Paul L (Jan 20)
- RE: Who's to blame for malicious code? Brent Colflesh (Jan 20)
- RE: Who's to blame for malicious code? Schmehl, Paul L (Jan 21)
- RE: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
- Re: Who's to blame for malicious code? Vlad Galu (Jan 21)
- RE: Who's to blame for malicious code? Ron DuFresne (Jan 21)
- RE: Who's to blame for malicious code? Schmehl, Paul L (Jan 21)
- RE: Who's to blame for malicious code? Tobias Weisserth (Jan 21)
- Re: Who's to blame for malicious code? Tobias Weisserth (Jan 20)