Firewall Wizards mailing list archives
Re: Ethics, morality, and mental retardation
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 29 Oct 2004 17:31:19 -0400
J. Oquendo wrote:
You're quite right Mr. Ranum, I say sentence everyone for the rest of their lives to rot in a prison at your taxpayer expense. Why not there is no such thing as reform.
Oh, my, this must be sophisticated sarcasm, indeed. It took a while for me to "get it." Reform and forgiveness are interesting concepts and take us into the realm of moral philosophy - an area people have historically disagreed about more than they've agreed. You seem to think I do not believe in reform; you are wrong. I think that an essential component of reform and forgiveness is showing remorse; admitting publicly that one made a mistake, and committing to better onself. This is one reason why judges are often less sympathetic in sentencing toward criminals who "throw themselves upon the mercy of the court" recognize they have done wrong, and vow not to repeat it. It's also why judges throw the book at those same criminals if they show up in the courtroom for the same crime. Mitnick had plenty of chances and warnings, judging by what I've bothered to read about him. He's also not been particularly remorseful - last time I shared a CNN spot with him, he trotted out the usual hacquer self-justifying "I was just curious" and "hackers help improve the system by testing it" nonsense. (I call it nonsense because uninvited "help" is welcome, and by choosing to not ask he placed himself on the wrong side of an important line). Has he reformed? He doesn't sound like it, to me.
Punish EVERYONE to a lifetime sentence.
Oh, grow up.
You seem to forget without a criminally malicious "hacker" you would have no career, nor business for that matter.
If I had a dollar for every time some narrow-minded moron has made that argument, I'd be retired someplace to a mansion, sipping mint juleps while I watched the servants spit-shine my row of pick-up trucks. Unfortunately, I'm not so lucky. You know what's wrong with that argument? Simply put: as a useful, positively creative person, I'D HAVE A CAREER NO MATTER WHAT. If there were no hackers, I'd be making a good living as a network manager doing what I originally started out interested in, building kick-ass distributed systems, solving problems, making money, and pushing the world forward one iota at a time. Unlike the useless, punk hackers, who are a drain on society (how many millions of dollars did Mitnick's "curiousity" cost Digital Equipment Corp, AT&T, and the US Taxpayers?) productive people will always find something interesting and useful to do. Indeed, if most of us security practitioners took 5 years off and sat on the couch drinking beer, we'd do less damage to society (as well as improving the financial picture for zymurgists!) than a single hacker does by penetrating a single system. One of the fundamental skills of a security analyst, systems analyst, and products builder is creative problem-solving. People who have that skill can live happy lives doing just about any technically challenging task. I'd happily trade my career as a security geek TOMORROW for a career as a diesel mechanic (engines are COOL!) if it'd make all the punk-ass hackers dry up and blow away. People who know how to solve problems and think analytically can do everything from renovate ziggurats to build firewalls or wrench on diesel engines if they want to. That's part of why I have so little patience for the hacker punks who obviously have some technical skills and are OK at system engineering - and have chosen to waste their skills by being a drain on humanity. Better they sit on the couch and smoke dope; at least it doesn't drag the rest of us down. We're sitting in the middle of a $6 billion/year industry that exists solely because of useless friction. Unlike the friction in physical systems, which is an unavoidable consequence of macroscopic reality (as we understand it) hacking, malcode, viruses, worms, all that garbage - is completely unneccessary. We are forced to fight this hard battle against unnecessary friction - for what? Not by choice. I'd just as soon leave my computers insecure. I used to. How do you think I got into security? Some punk-boy penetrated one of my computers and wasted my time - and so I got enlisted in this stupid war. I bet most of the people on this list would be perfectly happy doing something else cool and fun with computers, instead of having to try to get stupid users to comply with commonsense policies, or not to leave their firewalls down, etc, etc.
Did you ever consider that most of the black/greyhat community keeps the security world on its toes with discoveries that put food on your table?
Maybe you have an idea how insulting you've just been, and maybe you do not. If you still don't get it, maybe you can look me up at a conference someday and I will be happy to argue about it over beers.
Has it occurred to you that via someone's dabbling with the unthinkable they've perhaps prevented something even more unthinkable?
Thinking about the unthinkable is what most good security analysts do for a living. So you can counter it. But you do not have to become part of the problem before you can be part of the solution.
Money isn't everything in this world. There are a lot of people who have paid their dues in society whether you realize it or not, so your view of sentencing someone to a lifetime of punishment is flawed, and ridiculous.
You inferred that I was sentencing people to lifetime punishments. Don't call words you put in my mouth "flawed and ridiculous" - they're your words, not mine.
Have you not seen recent stats? You know the one that shows 1 in every 37 Americans has at some point gone through the "machines" of justice. Or did that elude you in your quest to punish people forever?
As I said before, it's all about admitting you made a mistake and going on and doing something else. Mitnick's obviously a smart guy who could probably do good work in some field other than one he pollutes with his presence. I bet you didn't know that I have a criminal record. :) Fortunately, it's quite minor, and it has nothing to do with my professional field, so it doesn't call my professionalism or ethics into doubt, so far as I can tell. I apologized, swore I wouldn't do it again and meant it, and there were smiles all around. Societies are infinitely adaptable about such things, it turns out - what they don't tend to forgive is criminals who repeatedly return to the same crimes and don't appear to get the point that society is trying to make - about how it might be a good idea to stop. Hacking is interesting - Donn Parker's studies show that hacking is almost an obsessive/compulsive sociopathy - it's self-reinforcing and the rate of recidivism is ridiculously high (but not as bad as pedophilia) Don't glorify it, don't reward it - get over it. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Ethics, morality, and mental retardation J. Oquendo (Oct 29)
- RE: Re: Ethics, morality, and mental retardation Pete Lindstrom (Oct 29)
- Re: Re: Ethics, morality, and mental retardation Scott Stursa (Oct 29)
- Re: Ethics, morality, and mental retardation Marcus J. Ranum (Oct 30)
- <Possible follow-ups>
- RE: Re: Ethics, morality, and mental retardation Ames, Neil (Oct 29)