NSP-SEC - should read Integrity

Patrick W. Gilmore patrick at ianai.net
Fri Mar 19 14:12:58 UTC 2010


On Mar 19, 2010, at 9:56 AM, bmanning at vacation.karoshi.com wrote:
> On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote:
>> On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
>>> An ongoing area of work is to build better closed,
>>> trusted communities without leaks. 
>> 
>> Have you ever considered that public transparency might not be a bad
>> thing?  This seems to be the plight of many security people, that they
>> have to be 100% secretive in everything they do, which is total
>> bullshit.
> 	
> 	I thnk I'd settle for operators with Integrity. those who do what 
> 	they say. 

If we had that, no secrecy would be needed.

But anyone who thinks publishing everything we learn about the miscreants is a Good Idea, has never tried to take out a botnet or snow-shoe spammer or ....

Secrecy sucks.  If you think those keeping secrets enjoy it[*], you just haven't been bored to tears by working one of these issues.  Seriously, most of the work is mind numbingly horrible, and I have nothing but the utmost respect for people who do it on a regular basis. (In case it is not clear, I do not have to do it often, and for that I think whatever ghods there may be.)

Put another way: Do not dis those that make the Internet safer for you.  They spend time, effort, and money - frequently their own - and risk much more (ever been sued by a spammer?).  In return, they often get nothing.  Before you question (and to be clear, I am not saying you should not question), offer to help and see things from their side.

-- 
TTFN,
patrick

[*] I'm sure there are a few who get off on the thrill.  But that's the exception, not the rule.





More information about the NANOG mailing list