In other news today...
-
@remi said in In other news today...:
But not how Linux (or any open-source project, but this one in particular) is supposed to.
Part of the reason things work this way for the Linux project in particular, is that it started as a for-experts-by-experts project. A collection of the brightest minds, and very restricted. A meritocrasy, where everyone knows everyone. And now it's too big for that.
Sure, but we're not "in absence of other information" and in this case it's the entity supposed to create that trust that breaks it. To further your analogy, it's an ISO-certification company saying "we will stop delivering certifications to products made in NK because NK has shown that, and explained to us how, our certification process can be easily circumvented."
Yes, it's the typical knee-jerk reaction. Very human. It's useful as a stop-gap measure for buying time to fix shit. But unlike the knee-jerk reaction, actually fixing shit requires a leader who knows what he's doing, and powerful enough to steer the ship that way.
So unless we hear about Torvalds swearing hard enough to make sailors blush again, I bet no real fixing will happen.
-
@Gąska said in In other news today...:
@izzion said in In other news today...:
Sportsball done right:
Bauer on Tatis' post-homer trolling: 'I'm all for it'
Los Angeles Dodgers starter Trevor Bauer said he supported Fernando Tatis' post-homer celebrations Saturday night, saying he thinks "it's important that the game moves in that direction."
The weirdest thing I've ever heard about any sport is that in American football, it's considered bad sportsmanship to build up huge point lead. Like, scoring points is literally the goal of the game; why would anyone not want players trying to score?
It's usually more of an issue with kids' athletics. Not really at the pro level. Yeah, scoring points is the goal, but also to have fun, so yeah, like excessive celebration, running up the score intentionally is considered bad sportsmanship.
-
@Gribnit said in In other news today...:
@acrow said in In other news today...:
groups have face
It is also possible to attain negative face, and there are qualia associated with degrees of negative face.
Or, as it's more commonly known, heel.
-
@GuyWhoKilledBear said in In other news today...:
@Gribnit said in In other news today...:
@acrow said in In other news today...:
groups have face
It is also possible to attain negative face, and there are qualia associated with degrees of negative face.
Or, as it's more commonly known, heel.
Depends on the context, which is interesting. I am not always a heel, for instance. One of the indie games I play has decided (apparently itself) that one of the guys who wins most is the heel, for another instance. If I come in first, I have the whole crowd, if he comes in first, he has like 10% or less of the crowd. Kayfabe may be a more basic social mechanism than expected, which underscores the importance of neutralizing Vince McMahon.
-
@topspin said in In other news today...:
Eh, the message should be "contact Linus first and only keep the lower levels in the dark after getting the green light."
That is indeed the main ethical problem I have with the researchers' approach. With such an (outwardly) open and transparent organisation, they should have been able to get the green light from someone inside. Though I would guess that, had they done so, that person would find themselves at the centre of the shitstorm with everyone screaming for their departure.
So yes, if Linux's message was "guys, that wasn't cool, contact us first before doing that again" I could understand. But that's not quite (!) how I read their response...
But it seems Kroah-Hartman has about the same temperament as Torvalds and they'd probably have told them to GTFO anyway if they went for it the proper way.
Which is the next-level problem with the approach above. If the person you contact refuses, does that mean the organisation cannot be tested at all? Clearly not, it's widely accepted that you can test a product without asking the authors first (most vulnerabilities are not found with the authors of the code aware that someone else is prodding it!).
If only universities were aware of the potential for ethics problems that those studies can cause, and if only they had a committee that could approve (or not) such studies, and if only the authors of the research had contacted that board and got the green light from them... oh, wait, they are, there is, and they did.
At that point, Linux's stance means they believe a university ethics committee critically failed their job. Which is possible, I'm not saying they're perfect, but it's quite a step up from "students intentionally sent us bad code!"
-
@remi said in In other news today...:
students intentionally
sentset up us bad code!misread :belt_chives: :belt_scallion:
-
@remi said in In other news today...:
Which is the next-level problem with the approach above. If the person you contact refuses, does that mean the organisation cannot be tested at all? Clearly not, it's widely accepted that you can test a product without asking the authors first (most vulnerabilities are not found with the authors of the code aware that someone else is prodding it!).
Yyyyeahhh....but this wasn't "testing a product." The pen test analogy was the best, and you can bet that people won't be happy about that. And I don't think that the analogies to Front Page (huh?) HAKK0RZ!!!111 stories would work as a defense either.
-
@boomzilla said in In other news today...:
The pen test analogy was the best, and you can bet that people won't be happy about that.
But even that analogy doesn't really justify the response. Explain it (as in "we're pissed off you found a penetration vector so fuck off"), maybe, in a childish and vengeful way, but not justify it.
Use that analogy again if you like: would be OK if Facebook banned a person and their whole family because that person found a vulnerability and told it to Facebook without taking advantage of it?
Unless, again, your argument is "they should have asked first" but then we're back to the point of my post you quoted, what do you do when an org refuses to be tested and you believe there is a vulnerability? Hope no one else but you have thought about it or has bad intentions?
-
@remi said in In other news today...:
@boomzilla said in In other news today...:
The pen test analogy was the best, and you can bet that people won't be happy about that.
But even that analogy doesn't really justify the response. Explain it (as in "we're pissed off you found a penetration vector so fuck off"), maybe, in a childish and vengeful way, but not justify it.
Sez you.
Use that analogy again if you like: would be OK if Facebook banned a person and their whole family because that person found a vulnerability and told it to Facebook without taking advantage of it?
A correct analogy would be that you convinced someone at Facebook to add a vulnerability to their source code.
Unless, again, your argument is "they should have asked first" but then we're back to the point of my post you quoted, what do you do when an org refuses to be tested and you believe there is a vulnerability? Hope no one else but you have thought about it or has bad intentions?
You could have written an article stating that they aren't interested in testing the robustness of their review process. Again, I'll say that your analogy is wrong, but we won't know from this instance because they didn't ask.
-
@acrow said in In other news today...:
we'd trust an electrical appliance that comes from "Japan" to not randomly burst into flames
Not so very long ago (within my lifetime — ok, a really long time ago
), that wasn't true. "Made in Japan" had the same sort of reputation that "Made in China" had maybe 30 years ago, or something like "Made in Viet Nam" or "Made in Bangladesh" might have today. It was maybe the 1970s or thereabouts when their reputation for (lack of) quality improved.
-
@boomzilla said in In other news today...:
But even that analogy doesn't really justify the response. Explain it (as in "we're pissed off you found a penetration vector so fuck off"), maybe, in a childish and vengeful way, but not justify it.
Sez you.
Well, duh. That's my opinion, so of course that's what I'm saying. If you think otherwise, do you have an actual argument or just "nooooo"?
A correct analogy would be that you convinced someone at Facebook to add a vulnerability to their source code.
That's not an analogy, that's exactly what they did, simply changing the name of the company. And it's not a realistic change either, because Facebook code isn't built from public contributions, so "convincing" someone is an entirely different process from submitting a patch to lkml. So your change sneakily tries to make "convincing" as a bad thing (because in Facebook case, it would likely be), whereas in Linux case it's the way things are intended to work.
You could have written an article stating that they aren't interested in testing the robustness of their review process.
And... that's all? "I'm pretty sure bad guys could, hypothetically, sneak in bad code, but because they didn't want me to try, we all have to trust that there are no bad guys around doing that. Oh, btw, they say that their review process is perfect and that I'm just a nobody, so obviously all is fine and dandy, these are not the droids we're looking for, move on."
Sorry, I don't buy it. If you have a public process (to submit code) and you claim some guarantees about it, testing (in an ethical way) that the process does work shouldn't be held as a bad thing, and much less punished. The more public you are (i.e. Linux), the more you should expect people to check your credentials (i.e. test you).
-
@HardwareGeek said in In other news today...:
@acrow said in In other news today...:
we'd trust an electrical appliance that comes from "Japan" to not randomly burst into flames
Not so very long ago (within my lifetime — ok, a really long time ago
), that wasn't true. "Made in Japan" had the same sort of reputation that "Made in China" had maybe 30 years ago, or something like "Made in Viet Nam" or "Made in Bangladesh" might have today. It was maybe the 1970s or thereabouts when their reputation for (lack of) quality improved.Toyota Process. It works, bitches!
-
@remi said in In other news today...:
@boomzilla said in In other news today...:
But even that analogy doesn't really justify the response. Explain it (as in "we're pissed off you found a penetration vector so fuck off"), maybe, in a childish and vengeful way, but not justify it.
Sez you.
Well, duh. That's my opinion, so of course that's what I'm saying. If you think otherwise, do you have an actual argument or just "nooooo"?
They attempted to subvert the project and lost trust. Booting them out seems perfectly cromulent here.
A correct analogy would be that you convinced someone at Facebook to add a vulnerability to their source code.
That's not an analogy, that's exactly what they did, simply changing the name of the company. And it's not a realistic change either, because Facebook code isn't built from public contributions, so "convincing" someone is an entirely different process from submitting a patch to lkml. So your change sneakily tries to make "convincing" as a bad thing (because in Facebook case, it would likely be), whereas in Linux case it's the way things are intended to work.
Well, yeah, that's what they did. Not your thing about "finding a vulnerability" and I don't know why you would even mention something like that in this discussion.
You could have written an article stating that they aren't interested in testing the robustness of their review process.
And... that's all? "I'm pretty sure bad guys could, hypothetically, sneak in bad code, but because they didn't want me to try, we all have to trust that there are no bad guys around doing that. Oh, btw, they say that their review process is perfect and that I'm just a nobody, so obviously all is fine and dandy, these are not the droids we're looking for, move on."
Yeah, well. You asked. Who knows, you could shame them into doing their own testing or something. You don't go testing other security systems by breaking into someone's property and expect to not get in trouble when you get caught. Not sure why you think this is any different.
Sorry, I don't buy it. If you have a public process (to submit code) and you claim some guarantees about it, testing (in an ethical way) that the process does work shouldn't be held as a bad thing, and much less punished. The more public you are (i.e. Linux), the more you should expect people to check your credentials (i.e. test you).
Yeah, and I'm not going to cry for you when your stunt backfires and you get rightly booted out. The hole here in your position is that they didn't do their testing in an ethical way.
-
@boomzilla said in In other news today...:
@remi said in In other news today...:
@boomzilla said in In other news today...:
But even that analogy doesn't really justify the response. Explain it (as in "we're pissed off you found a penetration vector so fuck off"), maybe, in a childish and vengeful way, but not justify it.
Sez you.
Well, duh. That's my opinion, so of course that's what I'm saying. If you think otherwise, do you have an actual argument or just "nooooo"?
They attempted to subvert the project and lost trust. Booting them out seems perfectly cromulent here.
A correct analogy would be that you convinced someone at Facebook to add a vulnerability to their source code.
That's not an analogy, that's exactly what they did, simply changing the name of the company. And it's not a realistic change either, because Facebook code isn't built from public contributions, so "convincing" someone is an entirely different process from submitting a patch to lkml. So your change sneakily tries to make "convincing" as a bad thing (because in Facebook case, it would likely be), whereas in Linux case it's the way things are intended to work.
Well, yeah, that's what they did. Not your thing about "finding a vulnerability" and I don't know why you would even mention something like that in this discussion.
You could have written an article stating that they aren't interested in testing the robustness of their review process.
And... that's all? "I'm pretty sure bad guys could, hypothetically, sneak in bad code, but because they didn't want me to try, we all have to trust that there are no bad guys around doing that. Oh, btw, they say that their review process is perfect and that I'm just a nobody, so obviously all is fine and dandy, these are not the droids we're looking for, move on."
Yeah, well. You asked. Who knows, you could shame them into doing their own testing or something. You don't go testing other security systems by breaking into someone's property and expect to not get in trouble when you get caught. Not sure why you think this is any different.
Sorry, I don't buy it. If you have a public process (to submit code) and you claim some guarantees about it, testing (in an ethical way) that the process does work shouldn't be held as a bad thing, and much less punished. The more public you are (i.e. Linux), the more you should expect people to check your credentials (i.e. test you).
Yeah, and I'm not going to cry for you when your stunt backfires and you get rightly booted out. The hole here in your position is that they didn't do their testing in an ethical way.
Is this about Kris Kobach again? What changed your mind?
-
@Gribnit said in In other news today...:
@boomzilla said in In other news today...:
@remi said in In other news today...:
@boomzilla said in In other news today...:
But even that analogy doesn't really justify the response. Explain it (as in "we're pissed off you found a penetration vector so fuck off"), maybe, in a childish and vengeful way, but not justify it.
Sez you.
Well, duh. That's my opinion, so of course that's what I'm saying. If you think otherwise, do you have an actual argument or just "nooooo"?
They attempted to subvert the project and lost trust. Booting them out seems perfectly cromulent here.
A correct analogy would be that you convinced someone at Facebook to add a vulnerability to their source code.
That's not an analogy, that's exactly what they did, simply changing the name of the company. And it's not a realistic change either, because Facebook code isn't built from public contributions, so "convincing" someone is an entirely different process from submitting a patch to lkml. So your change sneakily tries to make "convincing" as a bad thing (because in Facebook case, it would likely be), whereas in Linux case it's the way things are intended to work.
Well, yeah, that's what they did. Not your thing about "finding a vulnerability" and I don't know why you would even mention something like that in this discussion.
You could have written an article stating that they aren't interested in testing the robustness of their review process.
And... that's all? "I'm pretty sure bad guys could, hypothetically, sneak in bad code, but because they didn't want me to try, we all have to trust that there are no bad guys around doing that. Oh, btw, they say that their review process is perfect and that I'm just a nobody, so obviously all is fine and dandy, these are not the droids we're looking for, move on."
Yeah, well. You asked. Who knows, you could shame them into doing their own testing or something. You don't go testing other security systems by breaking into someone's property and expect to not get in trouble when you get caught. Not sure why you think this is any different.
Sorry, I don't buy it. If you have a public process (to submit code) and you claim some guarantees about it, testing (in an ethical way) that the process does work shouldn't be held as a bad thing, and much less punished. The more public you are (i.e. Linux), the more you should expect people to check your credentials (i.e. test you).
Yeah, and I'm not going to cry for you when your stunt backfires and you get rightly booted out. The hole here in your position is that they didn't do their testing in an ethical way.
Is this about Kris Kobach again? What changed your mind?
Never go full @dangeRuss.
-
@boomzilla said in In other news today...:
The hole here in your position is that they didn't do their testing in an ethical way.
Yeah so instead of some long winded diversion about analogies you don't like, you could have cut through the chase and just quoted the relevant bit of the post you first answered to:
@remi said in In other news today...:
At that point, Linux's stance means they believe a university ethics committee critically failed their job. Which is possible, I'm not saying they're perfect, but it's quite a step up from "students intentionally sent us bad code!"
You disagree on that, fine, but take it up to the university level, and don't frame it as isolated bad guys.
-
@remi said in In other news today...:
@boomzilla said in In other news today...:
The hole here in your position is that they didn't do their testing in an ethical way.
Yeah so instead of some long winded diversion about analogies you don't like, you could have cut through the chase and just quoted the relevant bit of the post you first answered to:
I was addressing your dumb analogy for what it was. Not sure what your point is here.
@remi said in In other news today...:
At that point, Linux's stance means they believe a university ethics committee critically failed their job. Which is possible, I'm not saying they're perfect, but it's quite a step up from "students intentionally sent us bad code!"
You disagree on that, fine, but take it up to the university level, and don't frame it as isolated bad guys.
Uh, they did...they banned the entire university. As well they should have.
-
@boomzilla said in In other news today...:
As well they should have.
Yeah, I obviously disagree, but since you don't seem to have any actual argument to defend your position, I'll let you win this internet discussion.
-
@remi said in In other news today...:
@boomzilla said in In other news today...:
As well they should have.
Yeah, I obviously disagree, but since you don't seem to have any actual argument to defend your position, I'll let you win this internet discussion.
Not sure what you mean. They deliberately attacked the project. That's my argument.
All you have are bad analogies that don't even relate to the situation so I guess I'll accept your surrender since you've neglected to put up any sort of legitimate fight.
-
@boomzilla the real winner here, is me.
-
@boomzilla said in In other news today...:
Not sure what you mean. They
deliberately attackedset up a controlled experiment under the control of an ethics board to test the project. That's my argument.FTFY.
All you have are bad analogies that don't even relate to the situation
"Sez you."
you've neglected to put up any sort of legitimate fight.
I fully believe that you actually believe this.
-
@remi said in In other news today...:
@boomzilla said in In other news today...:
Not sure what you mean. They
deliberately attackedset up a controlled experiment under the control of an ethics board to test the project. That's my argument.FTFY.
All you have are bad analogies that don't even relate to the situation
"Sez you."
you've neglected to put up any sort of legitimate fight.
I fully believe that you actually believe this.
He's a neat one. Remember that one cow they built a transparent panel in the side of? You can actually see the stupid happening.
-
@remi said in In other news today...:
@boomzilla said in In other news today...:
Not sure what you mean. They
deliberately attackedset up a controlled experiment under the control of an ethics board to test the project. That's my argument.FTFY.
All you have are bad analogies that don't even relate to the situation
"Sez you."
Oh, yeah, also you think they shouldn't be punished. And your justification seemed to be broken analogies. Again, don't blame me for your dumb arguments.
you've neglected to put up any sort of legitimate fight.
I fully believe that you actually believe this.
Good.
-
@Gribnit said in In other news today...:
@remi said in In other news today...:
@boomzilla said in In other news today...:
Not sure what you mean. They
deliberately attackedset up a controlled experiment under the control of an ethics board to test the project. That's my argument.FTFY.
All you have are bad analogies that don't even relate to the situation
"Sez you."
you've neglected to put up any sort of legitimate fight.
I fully believe that you actually believe this.
He's a neat one. Remember that one cow they built a transparent panel in the side of? You can actually see the stupid happening.
If anything could convince him of my position here, surely it's your support.
-
@boomzilla said in In other news today...:
@Gribnit said in In other news today...:
@remi said in In other news today...:
@boomzilla said in In other news today...:
Not sure what you mean. They
deliberately attackedset up a controlled experiment under the control of an ethics board to test the project. That's my argument.FTFY.
All you have are bad analogies that don't even relate to the situation
"Sez you."
you've neglected to put up any sort of legitimate fight.
I fully believe that you actually believe this.
He's a neat one. Remember that one cow they built a transparent panel in the side of? You can actually see the stupid happening.
If anything could convince him of my position here, surely it's your support.
I don't think that would be reasonable. Consider if I caught wind of this and started acting as a malicious reverse oracle. I haven't learned yet but there's always the chance I might.
-
@boomzilla said in In other news today...:
And your justification seemed to be broken analogies.
Thank you for confirming that you only read part of the posts you reply to.
Again, don't blame me for your dumb arguments.
No, I'm blaming you for your lack of arguments.
-
@remi said in In other news today...:
you only read part of the posts you reply to.
Your not supposed to read any.
-
@remi said in In other news today...:
No, I'm blaming you for your lack of arguments.
The argument is simple. They abused the process and deserved to be excluded from it. They proved that they cannot be trusted. The university had approved their actions and earned its ban as well.
-
@boomzilla That's a dumb argument unless you want the trust in Linux to diminish, but you do you.
-
@remi said in In other news today...:
@boomzilla That's a dumb argument unless you want the trust in Linux to diminish, but you do you.
Sez you.
-
@boomzilla said in In other news today...:
Yeah, and I'm not going to cry for you when your stunt backfires and you get rightly booted out. The hole here in your position is that they didn't do their testing in an ethical way.
What would constitute "an ethical way" to test the process of code submission acceptance? Keeping in mind that this is a test of the people doing the acceptance, not of a technological system, and thus it can only be done without the people being tested being aware that it's a test, it's hard to see what they could possibly have done better, ethics-wise.
What this really looks like is, "researchers expose shoddy submission acceptance process, so embarrassed Linux folks go way overboard in retaliation."
-
@boomzilla said in In other news today...:
Not sure what you mean. They deliberately attacked the project. That's my argument.
It's a bad argument. An attack would have attempted to succeed. The researchers, by contrast, made affirmative efforts to fail at succeeding: they submitted it via email rather than as a GitHub PR so it couldn't accidentally get merged, and contacted the approvers immediately when they received word that it had been approved, so that they wouldn't merge it into the real codebase. This is exactly what an attacker would not do.
-
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
Yeah, and I'm not going to cry for you when your stunt backfires and you get rightly booted out. The hole here in your position is that they didn't do their testing in an ethical way.
What would constitute "an ethical way" to test the process of code submission acceptance? Keeping in mind that this is a test of the people doing the acceptance, not of a technological system, and thus it can only be done without the people being tested being aware that it's a test, it's hard to see what they could possibly have done better, ethics-wise.
You ask the people in charge. Then you have those people talk to the people inside the process if it fails. This should be obvious.
What this really looks like is, "researchers expose shoddy submission acceptance process, so embarrassed Linux folks go way overboard in retaliation."
Sez you.
Now, I don't disagree that it demonstrated some flaws. But I completely disagree that they went overboard.
-
@boomzilla said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
Yeah, and I'm not going to cry for you when your stunt backfires and you get rightly booted out. The hole here in your position is that they didn't do their testing in an ethical way.
What would constitute "an ethical way" to test the process of code submission acceptance? Keeping in mind that this is a test of the people doing the acceptance, not of a technological system, and thus it can only be done without the people being tested being aware that it's a test, it's hard to see what they could possibly have done better, ethics-wise.
You ask the people in charge. Then you have those people talk to the people inside the process if it fails. This should be obvious.
It's not at all obvious. Why is that relevant?
-
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
Yeah, and I'm not going to cry for you when your stunt backfires and you get rightly booted out. The hole here in your position is that they didn't do their testing in an ethical way.
What would constitute "an ethical way" to test the process of code submission acceptance? Keeping in mind that this is a test of the people doing the acceptance, not of a technological system, and thus it can only be done without the people being tested being aware that it's a test, it's hard to see what they could possibly have done better, ethics-wise.
You ask the people in charge. Then you have those people talk to the people inside the process if it fails. This should be obvious.
It's not at all obvious. Why is that relevant?
It's apparently relevant to demonstrate the lack of ethics around here.
-
@boomzilla said in In other news today...:
You ask the people in charge. Then you have those people talk to the people inside the process if it fails.
And if the people in charge are the people inside the process?
-
@boomzilla
That's not actually an answer.
-
@Mason_Wheeler said in In other news today...:
@boomzilla
That's not actually an answer.Neither are you... neither are you.
-
@Mason_Wheeler said in In other news today...:
@boomzilla
That's not actually an answer.Again, it's like trying to breach any other kind of security and then saying, "We were only pretending to be
retardedbad guys!"
-
@HardwareGeek said in In other news today...:
@boomzilla said in In other news today...:
You ask the people in charge. Then you have those people talk to the people inside the process if it fails.
And if the people in charge are the people inside the process?
What if they had a nuclear weapon?
-
@boomzilla said in In other news today...:
@HardwareGeek said in In other news today...:
@boomzilla said in In other news today...:
You ask the people in charge. Then you have those people talk to the people inside the process if it fails.
And if the people in charge are the people inside the process?
What if they had a nuclear weapon?
I don't, okay? Stop asking!
-
@boomzilla said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla
That's not actually an answer.Again, it's like trying to breach any other kind of security and then saying, "We were only pretending to be
retardedbad guys!"Oh, so then what legitimate white-hat security researchers do all the time?
-
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla
That's not actually an answer.Again, it's like trying to breach any other kind of security and then saying, "We were only pretending to be
retardedbad guys!"Oh, so then what legitimate white-hat security researchers do all the time?
Legitimate white hats don't do unsolicited pen tests on critical infrastructure.
-
@GuyWhoKilledBear said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla
That's not actually an answer.Again, it's like trying to breach any other kind of security and then saying, "We were only pretending to be
retardedbad guys!"Oh, so then what legitimate white-hat security researchers do all the time?
Legitimate white hats don't do unsolicited pen tests on critical infrastructure.
And Red's mobile takes the ball, he's running a
on the criticality of the specific infrastructure! Blue's mobile is flatfooted by the dissonance and their center is distracted - will Red's center receive the pass uninterrupted?
-
@Gribnit said in In other news today...:
@boomzilla said in In other news today...:
@HardwareGeek said in In other news today...:
@boomzilla said in In other news today...:
You ask the people in charge. Then you have those people talk to the people inside the process if it fails.
And if the people in charge are the people inside the process?
What if they had a nuclear weapon?
I don't, okay? Stop asking!
LOL, I once had a martial arts teacher who would use that when you had a "what-if" guy. Like, the instructor is demonstrating something and instead of focusing on the technique, the guy keeps changing up the scenario.
-
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla
That's not actually an answer.Again, it's like trying to breach any other kind of security and then saying, "We were only pretending to be
retardedbad guys!"Oh, so then what legitimate white-hat security researchers do all the time?
The ones who get contracts from organizations to do that, you mean? Which requires them to...uh...talk to the organization ahead of time?
-
@boomzilla said in In other news today...:
The ones who get contracts from organizations to do that, you mean?
No, I don't mean. A large and important part of security research is probing organizations that aren't self-aware enough to realize they require such contracts, or that might simply not want to know that their systems are vulnerable.
-
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
The ones who get contracts from organizations to do that, you mean?
No, I don't mean. A large and important part of security research is probing organizations that aren't self-aware enough to realize they require such contracts, or that might simply not want to know that their systems are vulnerable.
Doesn't sound very white hat. Grey, at best.
-
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
The ones who get contracts from organizations to do that, you mean?
No, I don't mean. A large and important part of security research is probing organizations that aren't self-aware enough to realize they require such contracts, or that might simply not want to know that their systems are vulnerable.
That is illegal in large parts of the world.
-
@Carnage said in In other news today...:
@Mason_Wheeler said in In other news today...:
@boomzilla said in In other news today...:
The ones who get contracts from organizations to do that, you mean?
No, I don't mean. A large and important part of security research is probing organizations that aren't self-aware enough to realize they require such contracts, or that might simply not want to know that their systems are vulnerable.
That is illegal in large parts of the world.
Those parts of the world are wrong.
