lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ka at khidr.net (Ka)
Subject: ranting.. was Re: (no subject) PS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At Dienstag, 26. November 2002 12:47 Silvio Cesare wrote:
> In sociology, they will often say that power is not power unless it is
> excercised. ...

This is also expressed in different forms later in your letter,
so it looks like that it's your opinion.

Basically your idea of "power" breaks down to being able to
act without having to fear consequences, if I got you correctly.
But that is not power, that is simply a childish attitude,
and being exercised by presidents doesn't make it any better.

Everything we do has consequences, even if we don't do anything,
it has consequences. Wether we like the outcome or not, is irrelevant.
The very action or inaction creates the consequences. This is a law
of nature.

Hence blackhats are a factor in the life of whitehats and whitehats
are part of blackhat environment. And 'factor' comes from 'fact';
if it came from fiction it would be called 'fictor'.


> However -
> If it is established that disclosure is either good or evil (black/white),
> and we are forced to live with that (primarily through legislation, check
> out the DMCA and even the RedHat advisories), it simply means that the
> disclosure is no longer excercising freedom (intent no longer applies now,
> since it is legislated), but simply a false freedom given to us by the
> powers that be, whenever they see fit.

I have not been asked, you have not been asked, so what the hack are you 
calling "established" ? At most it's an RFC and as far as I see it,
not even a simple majority in this list would support it without
modifications. Just one sentence before that paragraph you called
full disclosure "a personal choice" and seconds later you give in 
and bow down to "powers that be"?


> Disclosure is often seen about individual responsibility.  This I fully
> agree with - and It is not up to the "powers that be", wether it be
> the Government or Bill Gates, to enforce _our_ freedom upon us, and take
> it away without remorse.

Nobody can do that. You are giving them a power, which they don't have.
The powers that be would love to tell us what to do, they would LOVE
it. Because they CANNOT. And out of their incompetence, bad administration
and inability to guide the software development into better territories
they cry for laws. The same institutions and companies who have actively
- - though sometimes indirectly and often unaware - created the world-wide 
situation now cry "black hat!" or "full disclosure!" or even "terrorist!".

When everybody uses computers, it was Microsofts good deed, but when somebody 
uses M$ security flaws, it's the bad black boy who needs to be prisioned?
Industry is crippling the musical art with their greed and somebody
using modern technlogogy, to show how stupid the whole idea of property
in the intellectual realm is, is a criminal?

> Is disclosure about freedom then?  I believe so.

Absolutely. But nobody needs to give it to me.
I don't need laws and judges to tell me what to do, 
I can judge for myself. And if the laws don't
cover my conscious actions, it could as well be the
law which is wrong.

It's OUR internet, dammn, not Microsoft's, not the
property of any state or company! The internet is
human property, it belongs to everybody. The first
time in history we have something global, which
cannot be governed and ruled by big companies or
states.

So it's OUR response-ability to define how we like to
handle disclosure. And as far as I can see, we came up
with the decision that it's a personal decision what
and how to disclose.


Respectful Greetings to all
Ka
- -- 
If you don't hear the ancient music in the pines,
take off the copy protection from your brain.
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE944ev72vu22ltWBERAsnRAJ92q3oRpioOmXNEFc5eJpsvyOjSEACeOkIU
nm68Nw2QfnZp5RlPL5V52bU=
=ERW2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ