Santayana's Revenge

[Sean Donelan <sean () donelan com>]

On Fri, 28 April 2000, Paul Ferguson wrote:
> Not that I'm a money-grubbing, stock-sucking bastard, but speaking
> as a member of the "community", I'm a little spooked by how reckless
> journalism, and off-hand comments on mailing lists, affect peoples
> (read: companies) financial futures (this is actually just the tip
> of the proverbial iceberg).

Companies face a dilemma.  On one hand the FBI doesn't want them to
reveal critical information to the public.  The FBI is setting up an
InfraGuard program supposedly to allow companies to share "private"
information without it getting out to the public.

On the other hand the SEC wants them to keep all its investors informed
about material information.  Sharing information with only a few people
outside the company may also get you in trouble.

Is there a correct answer for all situations?  I don't know.  I've seen
bad outcomes from both no disclosure and full disclosure.

> If things/people/processes/architecture/etc. is at fault, then let's
> discuss it as a community that wishes to propel ourselves into the
> promising future. Otherwise, let's just demonize everyone whow learns
> their lesson the old fashioned way -- with failures.

But a lack of self-criticism does make a mockery of the claim that
Internet is a mature institution, and it exposes the net to the risk,
noted by Santayana, that those who don’t understand their history are
doomed to repeat it. (plagiarized from numerous places)

Are there really any new types of attacks?  Or is it just variations
on existing themes?