Re: [PEN-TEST] No such thing as a stupid question....

["William D. Colburn (aka Schlake)" <wcolburn () NMT EDU>]

I work in close (physical) proximity to users (I'm not supposed to talk
to them though, and officially I can throw them out rudely if they come
into my office to ask questions).  Most of the users are dumb as a stump.
The dumb ones are the ones who never ask questions and just fail at what
they try to do, then complain later to others like themselves about how
hard it is.  The most annoying ones are the ones who do ask questions,
because they aren't afraid.  They don't "get it", but they want to, and
they will follow you around asking the most *inane* things.  Eventually
those people start to ask questions which are actually the answer
rewritten into a the form of a question (which makes them easy to
answer).  These kind of people then undergo some kind of spontaneous
transformation.  After several days to a week of asking inane things
they suddenly stop asking questions.  They had a moment of clarity;
they were enlightened; they are now in a position to answer *your*
questions.

The FAQ is no good to the first level of user (dumb as a stump and
unwilling to help themselves), nor to the second level of user (who
really needs human interaction to get them going).  As much as I hate
answering stupid questions, I remember what it was like for me when I
was one of those users.  All my stupid questions when I was a freshman
got me a coveted job as the computer science department sysadmin.  At
the time I didn't understand why they wanted to hire me.  I didn't meet
a single requirement on the job posting.  I had just barely figured out
that my password shouldn't be "schlake" (someone guessed it and used my
account to send me mail telling me I had a bad password) nor "Schlake"
(notice the sneaky capitalization I snuck in there which didn't thwart
them from guessing my password immidiately again when I changed it).
All I really knew how to do in UNIX was download game source code from
USENIX and compile it in /tmp.  And they made me a sysadmin!

Any sane question should be asked, and people should be polite enough
not to respond to a question they are annoyed to be answering.  Be
extra patient with the really annoying ones.  They are probably almost
"there" and just need a little push to get them on top of things.

On Tue, Nov 28, 2000 at 07:55:38PM -0800, Alfred Huger wrote:
> Hey folks,
>
> Three or four people have mailed me asking if I have a skill litmus test
> for users. The answer is, no. We should be able to entertain any sane
> question to this list as it pertains to pen-testing. Everyone needs to
> learn somewhere and that's what this list is for - learning.
>
> The only time I will kill off newbie questions is if they can be easily
> answered by fishing through the archives. Everyone deserves a fair shot
> and elitism *poisons* this industry. So seriously, let's not be internet
> rokstarz about this.
>
> Cheers,
> -al
>
> "Vae Victus"
> SecurityFocus.com

--
William Colburn, "Sysprog" <wcolburn () nmt edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn