lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: Please post to the list 

-----Original Message-----
From: ratel [mailto:ratel@...lvault.com] 
Sent: Saturday, November 23, 2002 1:08 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Please post to the list 

>>>
>>>Two words: AIR GAP.
>>
>> Not an option, therefore not worth discussing.
>
>Actually, it is an option, just not one you're in a position 
>to take. Someone in your institution chose convenience over 
>privacy long ago, fine. So did nearly everyone. But you can't 
>pretend it's not a tradeoff.

No, it's not an option.  A university that disconnects from the Internet
is committing institutional suicide.  In less than one semester, that
university would be out of business.  The faculty would be the first to
leave, and the students would follow quickly.

>>Do you really think the average sysadmin cares?

>No, not at all. I know the average American doesn't give a damn 
>about anything beyond comfort and convenience. Who cares about 
>abstract ideas, what governments do or what's happening our civil 
>liberties as long as we've all got our cushy sysadmin jobs, TV, 
>porn, and cold beer, right? I think the fact that so many 
>intelligent and talented people are so complacent and apathetic 
>is a real shame. 

Nice try.

My statement was made *in the context* of this discussion of network
security, *not* as a blanket statement covering all situations.  It *is*
possible to deeply care about what goes on in government without being
foolish enough to protest those actions within the context of the job
you've been hired to do.  And frankly, I don't *know* any admins whose
jobs are cushy.  (Perhaps this reveals your ignorance on that issue.)
The admins I know are overworked and underpaid, putting in many long
hours outside the office to keep up with all the issues they have to
deal with.  I personally work about 12 -14 hours a day - 9 at the office
and the rest at home, and I don't get weekends off.  Not because my
employer demands it, but because it's not possible to do the job I
expect myself to do and keep up with changes in the industry in a 40
hour week.  (I'm not complaining either.  I *love* what I do.)

>You sidestep the whole issue of the implication of governments 
>being all-too-willing to keep vulnerabilities to themselves by 
>dragging in something somebody else happened to have said in the 
>same forum. Good job.

I don't sidestep it.  In the context of my job, there's *nothing* I can
do about it.  Obsessing about it is simply a waste of the precious time
that I have.  Governments will do what governments will do.  And I will
vote my conscience on the issues.  It is for others to crusade on issues
that inspire them.  I crusade on the ones that inspire me.

>So you actually mean to say you think JTF-CNA analysts believe 
>in full disclosure? Oh wait, you don't care. Nevermind. Dream on. 

No, I never even hinted that.  I'm simply saying that, within the
context of what I do at work, it's irrelevant.

>Unfortunately, I do lay awake at night about what's happening to 
>this country. I wonder how bad it'll have to get before you quit 
>feeling so smug and stop laughing too.

Jesus once said, "The poor you will always have with you."  I would say,
"The evil (or mal-intentioned, if you will) you will always have with
you."  Many americans don't believe it, but the place to effect change
is the ballot box.  Always has been, and always will be.  You don't have
to be a ranting crusader to make changes occur.  You simply have to vote
and convince others to vote with you.

You can lose all the sleep you want worrying about the direction the
country is headed, but if you don't vote, it's meaningless.  (Given your
willingness to misinterpret what I'm saying, I will point out that I am
*not* saying that you don't vote.  I know nothing about you, and I'm not
making any judgments about you.)

Paul Schmehl (pauls@...allas.edu)
TCS Department Coordinator
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ