RE: "Perspective: Wresting free from a software straitjacket"

[Nick FitzGerald <nick () virus-l demon co uk>]

ferg to Keith Young:

> > > From Paul Vixie:
> > > http://news.com.com/2010-1002_3-6139456.html?part=rss&tag=2547-1_3-0-5 
> >
> > Exactly. When did we, the security community, stop believing in the
> > K.I.S.S. principle and start believing in the "buy the latest
> > IDS/IPS/firewall/enpoint-security/data-leak-protection/patching/vulnerab
> > ility-scanner/harddrive-encryption/anti-malware/log-correlation/etc/etc/
> > etc/etc" principle that we are poorly implementing today? 
>
> When the Internet stopped being a science project, and people
> started building businesses around it. The same snake-oil elsewhere
> in the business world leaks into cyberspace, too -- along with all
> of the other crapola. :-)

It is not just that simple that the evils of capitalism will out 
whereever its grubby money is cast...

There were _tons_ of people from the _inside_ of the science project 
who really should have known better than pushing their 60's liberal 
hippie quasi-academic crapola that "information wants to be free" and 
the Internet _as it was then_ was clearly the only/best model of 
extending the reach of that freedom.  Far too many of these jerk-offs 
complicitly joined the rapid deployment of the Internet as it was then 
into the commercial space and are at least as directly responsible for 
the crapola we have now as the capitalists are for layering their 
existant business models onto TCP/IP.

In fact, being ever so slightly devil's advocate-ish, I'll suggest that 
those technologists are _more_ responsible because they at least should 
have known that the technology they were pushing was never designed, 
built _OR INTENDED_ for "safe" use in the open sewer networking 
environment so many of them then started pushing.  _Their_ failure to 
act and recommend according to their own expert knowledge of what the 
Internet protocols were designed for makes them _more_ responsible than 
the capitalists who really only know the "take the best technical 
advice available about the new stuff you know squat about and make many 
investments in the hope a few pay off big" VC gambling model.

The most laughable aspect of all this is that pretty much the very same 
technologists who failed us so badly, yet entirely predictably, all 
those years back, are _still_ in as exalted positions as they were then 
(if in fact, not more so, as we have entrenched many of them in quasi-
official "Internet leadership" positions and like) and we _STILL_ seem 
to think they are the folk to turn to for advice on fixing the surplus 
excrement in the sewage system they foisted on us in the first place!

C'mon folk -- are we really all that damn fucking stupid?


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.