lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: Re: MS04-025 - Ignorance is truly bliss....

Ferguson@...sys.com wrote:

>On Thursday, 5 August 2004, hellNbak wrote:
>
>  
>
>The Internet is no longer a world of hippie hacker idealists, but quite simply 
>a global market. Because of lack of centralized authority overseeing it 
>(wasn't that what you fought for?), it is a wild style economy, often driven 
>by shoddy practices and cutting corners where customers won't notice, or
>marketing on the verge of deceit. This is how we do big business - honesty,
>altruism, and respect for ideals were never its strong sides, unless you
>could get a tax break doing those.
>
>  
>
I agree with this...


>But then, were the Internet and IT security still merely a hobby of a bunch
>of enthusiasts, you wouldn't be getting your paycheck, would you? 
>
I disagree here -- unless you're going to try to prove that those who 
created this technology weren't paid.  We have tons of example of 
so-called "hippy idealists" getting paid relatively large sums of money 
for their work over the past 30+ years.

>You
>benefit from these changes, with all their side effects. You tell your
>customers to buy products, not to distrust the system, to uncloak treasons,
>or banish false prophets. You tell them what they want to hear, then cash 
>the check so that you can afford to write rants about how the world should 
>be. The problem with socialist utopias where all do their jobs best, and get
>exactly what they deserve, is that they all seem to fail quite miserably
>(how odd). Unjust exploitation, trickery to claim undeserved credibility or
>recognition, commercialization of everything you can capitalize on - that's 
>what makes a country (or an industry) great.
>
>  
>
First of all, there hasn't been a single "socialist utopia" that actual 
subscribed to it's own stated ideals.

All of the supposed Socialist/Communist systems were fascist-style 
command economies which had much more in common with global capitalism 
than they ever did their socialist roots.  So, I fail to see the 
comparison.  The assumptions you're making are very Ayn Rand in their 
style... meaning that you're making the one capital failure that most 
cold-war economists made: that one could simply believe the propaganda 
laid out by groups on both sides of the economic ideological debate.

Reality, as has been slowly exposed, is much more complex. 

The same is true of the Internet.  Without the idealists the 
anarcho-capitalists that you're lauding here would never have been able 
to take root as they did.  We, the idealistic, want a playground for all 
with respect for those around you -- meanwhile, they want to smother all 
who stand in their way of getting profit, be they competition, 
idealists, or their own users.

I suppose the old saying must surely be true: there is a sucker born 
every minute.  Because without that fact, the anarcho-capitalists of the 
world would have been exposed long ago.

Profit and resource-gain are ultimately generated through the economic 
system operating properly.  This means that the tools of the economic 
system must operate properly.  The wheeling and dealing and excuse 
making of the anarcho-capitalists may make significant profits for them 
short term, but long term we all pay a much heavier price.  This is the 
story that is told in the so-called "socialist utopias" that you cite -- 
they didn't fail because they were socialist, they failed because their 
leaders were frauds who cared more for their own short-term profit than 
they did the long-term sustainability of the state.

The system that you're discussing above will ultimately succumb to it's 
own weight.  It is an inevitable law of economics. 

>What do you hope to achieve, or how do you believe your opinion is being
>relevant or novel, if you come to this audience, and state that CERT is no 
>longer credible, and is a bunch of crooks who live off selling advance 
>vulnerability warnings? Or that Microsoft is not exactly particularly devoted 
>to improving security of their products and protecting their customers?
>
>
>  
>
A better question is what does anyone hope to achieve by griping about 
something?  Perhaps increasing the rate of change?

          -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ