| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Oct 2008 22:30:13 +0100 From: n3td3v <xploitable@...il.com> To: full-disclosure@...ts.grok.org.uk, n3td3v <n3td3v@...glegroups.com> Subject: Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous On Wed, Oct 1, 2008 at 9:29 PM, <Valdis.Kletnieks@...edu> wrote: > On Wed, 01 Oct 2008 08:59:16 PDT, Trevow Andrews said: > >> No real research has even come out of Paul and Larry > > And? So? You *do* realize that "kick-ass researcher" doesn't directly imply > "kick-ass teacher", right? Quite often, the best researchers make *really bad* > teachers, because the same autism-spectrum and ADD issues that allow them to > focus on things when researching mean they *suck* at presentations. If > you've ever been to college, and gotten somebody who's got a zillion papers > published, but the class sucks because they can't lecture well, you've seen > this in action. > > The second issue is that teaching chews incredible amounts of time, and > directly impacts how much, if any, research you do - if you're on the road > 3 weeks of the month teaching, I guarantee that you'll not get much done the > other week. Sure, you may have spent 3 weeks teaching a *lot* of people a > *lot* of material, and had them all actually remember it - but your research > schedule takes a hit. > > The third thing to keep in mind is that "bleeding edge" doesn't always (and > in fact rarely, if ever) correspond to what's out in the real world. OK, so > you're peeved because the guy talked about WRT54G and didn't cover Kamikazi. > Have you bothered to actually *check* what the relative percentages *actually > in use* are? Yeah, Kamikazi may be cool, shiny, and uber-leet - but if it's > only got 5% market share and WRT54G has 95%, maybe he shouldn't be spending > a lot of time covering Kamikazi. > > Yes, SANS presentations often lag behind what's the cutting edge - but they're > teaching people about stuff they're likely to actually encounter. When they > send new cops to police school, they rarely spend lots time on how to pull over > a Ferrari, but they're hopefully going to learn a *lot* about all the little > details of pulling over a pickup truck (where to look for stuff in "plain > sight", where weapons may be stashed, etc). Why? Because they're going to be > pulling over dozens of pickup trucks a week, and maybe *once* in their lifetime > they're going to get to pull over a Ferarri. > > You remember that big horrible DNS hole from a few weeks ago? How many you > seen in the wild so far? And how many system you seen that actually gotten > whacked with a 4-year-old SQL exploit? > > Yep, thought so. > > (For all I know, these guys may indeed be sucky presenters *and* sucky > researchers - but I'm getting tired of the meme that it has to be taught > by a "leading researcher" for it to be of use - especially when you're trying > to teach nuts-n-bolts security to Joe Corporate. And if you think it's that > easy to teach - start doing it. Undercut SANS, charge only $1000 per head, > teach a class of 20 a week. You're looking at $80K of income *a month*. > Now ask yourself why there aren't *more* people doing it...) > I take it we can safely say Valdis is a fanboy of Sans and Pauldotcom then! Its a shame nobody else is.. ;) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists