NSP-SEC - should read Integrity
Patrick W. Gilmore
patrick at ianai.net
Fri Mar 19 09:12:58 CDT 2010
On Mar 19, 2010, at 9:56 AM, bmanning at vacation.karoshi.com wrote:
> On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote:
>> On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
>>> An ongoing area of work is to build better closed,
>>> trusted communities without leaks.
>> Have you ever considered that public transparency might not be a bad
>> thing? This seems to be the plight of many security people, that they
>> have to be 100% secretive in everything they do, which is total
> I thnk I'd settle for operators with Integrity. those who do what
> they say.
If we had that, no secrecy would be needed.
But anyone who thinks publishing everything we learn about the miscreants is a Good Idea, has never tried to take out a botnet or snow-shoe spammer or ....
Secrecy sucks. If you think those keeping secrets enjoy it[*], you just haven't been bored to tears by working one of these issues. Seriously, most of the work is mind numbingly horrible, and I have nothing but the utmost respect for people who do it on a regular basis. (In case it is not clear, I do not have to do it often, and for that I think whatever ghods there may be.)
Put another way: Do not dis those that make the Internet safer for you. They spend time, effort, and money - frequently their own - and risk much more (ever been sued by a spammer?). In return, they often get nothing. Before you question (and to be clear, I am not saying you should not question), offer to help and see things from their side.
[*] I'm sure there are a few who get off on the thrill. But that's the exception, not the rule.
More information about the NANOG