[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#129604: general: Social Contract: We Do Hide Problems



>>"Fabian" == Fabian Fagerholm <fabbe@paniq.net> writes:

 Fabian> On Sun, 2002-01-20 at 02:34, Manoj Srivastava wrote:
 >> You are missing the point below.  You are in no condition to
 >> assess the readiness of my backup security plans. Or are you assuming
 >> your customers are incompetent morons? No one but me can actually
 >> assess what usae I can make of the information provided. 

 Fabian> True, I can't know if you're competent enough to handle the
 Fabian> responsibility of securing your barn - which is, mind you,
 Fabian> *your* responsibility. The locksmith who made the lock you're
 Fabian> using has clearly stated (as I already mentioned in another
 Fabian> post to this thread) that there is no warranty for the
 Fabian> lock. He has a reputation of making good locks, and a
 Fabian> reputation of fixing problems within a reasonable time-frame
 Fabian> - however, this is a service he provides because he's a good
 Fabian> locksmith, not because there is a common rule that says he
 Fabian> must do so.

	Sounds very shifty to me. Or, to put it more charitably,
 sounds very defensive -- and certainly reduces my trust in the
 locksmith, him having to weasel behind a "you have no legally binding
 agreement" clause.

 Fabian> You also have no agreement with him that says he promises to
 Fabian> make available all information about his products as soon as
 Fabian> he receives it.

	Yeah, sure -- I also have no agreement with him that he'll not
 just give his design away to the thieves at the get go, but I still
 have expectations (which may even hold up in court)

	All of what you have said makes me trust the locksmith less.

 Fabian> Sure, you can use those... If the chain isn't completely
 Fabian> rusty...
 >> 
 >> How do *YOU* know about the status of _my_ chain?
 >> 
 Fabian> and the dogs like some raw beef the thieves might
 Fabian> bring along...
 >> 
 >> I know my dogs. I trust my dogs. I sure as hell no longer
 >> trust you ...
 >> 
 Fabian> and you don't run outta ammo...
 >> 
 >> Hell, if my 10cases of ammo and my cell phone to the sherriff
 >> aint enough to phase the crooks, you sure as hell don't have a
 >> solution to stop 'em either. 
 >> 
 >> Sounds like you are stretching things mighty thin just to keep
 >> in busies.

 Fabian> I'm not saying I know anything about those things. I'm just saying you
 Fabian> bought the lock because you probably thought it was a better solution
 Fabian> than the chain, the dogs, or the rifle.
 Fabian> If you don't trust the locksmith, you sure as hell shouldn't use his
 Fabian> locks.

 Fabian> Sorry, man, he's using the same lock mechanism as I am, just
 Fabian> as buggy.
 >> 
 >> Says you. You know all the locksmiths there are in town? You
 >> know about my nephew who is doing his masters in locksmithing? You
 >> know I can switch from using the parn door to using a portcullis? I
 >> casn get anti-theft monitorig service? That I can sleep in the barn?

 Fabian> You had better. The way you sound, I'm starting to think
 Fabian> there might be a real reason for someone to break into the
 Fabian> barn just to piss you off.

	See what I mean about trusting the locksmith?

 >> Who gave you the right to assume risks for my business?

 Fabian> I did not. I simply stated - in accordance with your wishes
 Fabian> to receive as much information as possible about security
 Fabian> issues of the lock - that you should know there isn't a lock
 Fabian> of this particular model (say, the "flatland" model) that
 Fabian> doesn't have this security flaw. You must assess the risk
 Fabian> yourself.

	But there are other brands. And there are other protective
 measures I can take if I knew the lock is vulnerable. Or other
 companies to go to (I mean, in the lock category called browsers, or
 MTA's, or even bind, there are multuple locksmiths making locks)

 >> Yeah right. If I were a thief, I would have a few people
 >> apprentice with the locksmiths -- that way I know way before the
 >> suvkers^H^H^H^Hfarmers about how to open locks.

 Fabian> Are you saying there is someone who has access to
 Fabian> non-disclosure-before-fix information that knowingly spreads the
 Fabian> information to black hats? If you have proof of this, it would be
 Fabian> interesting to see it.

	Proof? No, or they would bve in jail. In security, though, one
 does risk assessment, and assessment is oftne done without even a
 vestige of ``proof''. Indeed, asking for proof during risk assessment
 smacks of naivete.


	Ignoring the risk (and, in my assessment, looking at how
 widespread the communique between locksmiths is, there is no way in
 hell you can have any assurance there are no bad apples
 apprentices). 

 >> I see me and betsy have more places to visit. Indeed, perhaps
 >> I ought to get a lawyer and see about this conspiracy to defraud
 >> honest farmers by all themm locksmiths out there.

 Fabian> Perhaps you should get out of the farming business and start
 Fabian> a locksmith business instead. Only... You'd need to protect
 Fabian> yourself from raving farmers who claim your lock was the
 Fabian> reason their cattle was stolen, and try to make you pay.

	I would be more open about problems in my busness (espescially
 if that is carved in stone in front of my business -- the bit about
 being open), But, I am a mere farmer, and may not have the skillz or
 time to be a locksmith -- and a locksmith telling me ``if you don't
 like it, go do it yourself'' does not increase my love for the man.


 Fabian> Don't get me wrong, I'm not saying I won't tell you
 Fabian> everything about the flaws in my locks. I'm just saying, give
 Fabian> me some time so I can figure out what's really wrong before I
 Fabian> go shouting wolf.

	No.  Don't tell people exactly how to open the lock, but *DO*
 tell them there may be a problem, and please take precautions. You
 can tell me about flaws without going into gory (and thief helping)
 details. 

	manoj
-- 
 Expense Accounts, n.: Corporate food stamps.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C



Reply to: