Re: [tlug] The Peon's Guide to Secure System Development

[Josh Glover <jmglov@example.com>]

Quoth Edward Wright (Sun 2002-11-17 04:05:08PM +0900):
>
> Skipped this when I saw it on Bugtraq 'cause the author's "Abstract"
> made it sound like it would be a rant.

And rant it is, but, as you say:

> Well, in a way it is, but one worth reading.

And that is a great point: some things are worth ranting about, and some
rants are worth reading. Unfortunately, rant too much, and you get a
reputation as a ranter (Stallman, anyone?) and people tend to ignore you.

Which is why we security types are often ignored, because we are always
talking about how if the sky is not currently falling, it may bloody well
be soon. So the business types give us no funding... and in return, we are
unable to provide "good" security.

The goal of any person with a radical outlook (e.g. Open Source advocates,
anti-Microshite advocates, security advocates) who really wants something
to happen is to tone things down so that middle-of-the-road to
conservative people (WRT the issue in question, not politically, socially,
or fiscally conservative--what does that mean, anyway?) can identify and
understand the dangers of the status quo and the benefits of a different
outlook. Come across too strongly and you are dismissed, even if your
ideas are good.

Let's face it, people are basically resistent to change until their
situation becomes so shitty that change is the only option. People (like
many on this list) who would rather change gradually or radically to avoid
the shittiness in the first place are ignored and/or scorned.


--Josh "it's Monday morning and therefore I have the right to be as
pessi-sodding-mistic as I please" Glover


-- 
Josh Glover <jmglov@example.com>

Associate Systems Administrator
INCOGEN, Inc.
http://www.incogen.com/

GPG keyID 0x62386967 (7479 1A7A 46E6 041D 67AE  2546 A867 DBB1 6238 6967)
gpg --keyserver pgp.mit.edu --recv-keys 62386967

Attachment: pgp00031.pgp
Description: PGP signature