On Mar 19, 2010, at 9:56 AM, bmann...@vacation.karoshi.com wrote:
On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote:
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
An ongoing area of work is to build better closed,
trusted communities without leaks.
Have you ever considered that public transparency might not be a bad
thing? This seems to be the plight of many security people, that they
have to be 100% secretive in everything they do, which is total
bullshit.
I thnk I'd settle for operators with Integrity. those who do what
they say.
If we had that, no secrecy would be needed.
But anyone who thinks publishing everything we learn about the miscreants is a
Good Idea, has never tried to take out a botnet or snow-shoe spammer or
Secrecy sucks. If you think those keeping secrets enjoy it[*], you just
haven't been bored to tears by working one of these issues. Seriously, most of
the work is mind numbingly horrible, and I have nothing but the utmost respect
for people who do it on a regular basis. (In case it is not clear, I do not
have to do it often, and for that I think whatever ghods there may be.)
Put another way: Do not dis those that make the Internet safer for you. They
spend time, effort, and money - frequently their own - and risk much more (ever
been sued by a spammer?). In return, they often get nothing. Before you
question (and to be clear, I am not saying you should not question), offer to
help and see things from their side.
--
TTFN,
patrick
[*] I'm sure there are a few who get off on the thrill. But that's the
exception, not the rule.