Re: Bug#129604: general: Social Contract: We Do Hide Problems
>>"Fabian" == Fabian Fagerholm <email@example.com> writes:
Fabian> On Sun, 2002-01-20 at 02:34, Manoj Srivastava wrote:
>> You are missing the point below. You are in no condition to
>> assess the readiness of my backup security plans. Or are you assuming
>> your customers are incompetent morons? No one but me can actually
>> assess what usae I can make of the information provided.
Fabian> True, I can't know if you're competent enough to handle the
Fabian> responsibility of securing your barn - which is, mind you,
Fabian> *your* responsibility. The locksmith who made the lock you're
Fabian> using has clearly stated (as I already mentioned in another
Fabian> post to this thread) that there is no warranty for the
Fabian> lock. He has a reputation of making good locks, and a
Fabian> reputation of fixing problems within a reasonable time-frame
Fabian> - however, this is a service he provides because he's a good
Fabian> locksmith, not because there is a common rule that says he
Fabian> must do so.
Sounds very shifty to me. Or, to put it more charitably,
sounds very defensive -- and certainly reduces my trust in the
locksmith, him having to weasel behind a "you have no legally binding
Fabian> You also have no agreement with him that says he promises to
Fabian> make available all information about his products as soon as
Fabian> he receives it.
Yeah, sure -- I also have no agreement with him that he'll not
just give his design away to the thieves at the get go, but I still
have expectations (which may even hold up in court)
All of what you have said makes me trust the locksmith less.
Fabian> Sure, you can use those... If the chain isn't completely
>> How do *YOU* know about the status of _my_ chain?
Fabian> and the dogs like some raw beef the thieves might
Fabian> bring along...
>> I know my dogs. I trust my dogs. I sure as hell no longer
>> trust you ...
Fabian> and you don't run outta ammo...
>> Hell, if my 10cases of ammo and my cell phone to the sherriff
>> aint enough to phase the crooks, you sure as hell don't have a
>> solution to stop 'em either.
>> Sounds like you are stretching things mighty thin just to keep
>> in busies.
Fabian> I'm not saying I know anything about those things. I'm just saying you
Fabian> bought the lock because you probably thought it was a better solution
Fabian> than the chain, the dogs, or the rifle.
Fabian> If you don't trust the locksmith, you sure as hell shouldn't use his
Fabian> Sorry, man, he's using the same lock mechanism as I am, just
Fabian> as buggy.
>> Says you. You know all the locksmiths there are in town? You
>> know about my nephew who is doing his masters in locksmithing? You
>> know I can switch from using the parn door to using a portcullis? I
>> casn get anti-theft monitorig service? That I can sleep in the barn?
Fabian> You had better. The way you sound, I'm starting to think
Fabian> there might be a real reason for someone to break into the
Fabian> barn just to piss you off.
See what I mean about trusting the locksmith?
>> Who gave you the right to assume risks for my business?
Fabian> I did not. I simply stated - in accordance with your wishes
Fabian> to receive as much information as possible about security
Fabian> issues of the lock - that you should know there isn't a lock
Fabian> of this particular model (say, the "flatland" model) that
Fabian> doesn't have this security flaw. You must assess the risk
But there are other brands. And there are other protective
measures I can take if I knew the lock is vulnerable. Or other
companies to go to (I mean, in the lock category called browsers, or
MTA's, or even bind, there are multuple locksmiths making locks)
>> Yeah right. If I were a thief, I would have a few people
>> apprentice with the locksmiths -- that way I know way before the
>> suvkers^H^H^H^Hfarmers about how to open locks.
Fabian> Are you saying there is someone who has access to
Fabian> non-disclosure-before-fix information that knowingly spreads the
Fabian> information to black hats? If you have proof of this, it would be
Fabian> interesting to see it.
Proof? No, or they would bve in jail. In security, though, one
does risk assessment, and assessment is oftne done without even a
vestige of ``proof''. Indeed, asking for proof during risk assessment
smacks of naivete.
Ignoring the risk (and, in my assessment, looking at how
widespread the communique between locksmiths is, there is no way in
hell you can have any assurance there are no bad apples
>> I see me and betsy have more places to visit. Indeed, perhaps
>> I ought to get a lawyer and see about this conspiracy to defraud
>> honest farmers by all themm locksmiths out there.
Fabian> Perhaps you should get out of the farming business and start
Fabian> a locksmith business instead. Only... You'd need to protect
Fabian> yourself from raving farmers who claim your lock was the
Fabian> reason their cattle was stolen, and try to make you pay.
I would be more open about problems in my busness (espescially
if that is carved in stone in front of my business -- the bit about
being open), But, I am a mere farmer, and may not have the skillz or
time to be a locksmith -- and a locksmith telling me ``if you don't
like it, go do it yourself'' does not increase my love for the man.
Fabian> Don't get me wrong, I'm not saying I won't tell you
Fabian> everything about the flaws in my locks. I'm just saying, give
Fabian> me some time so I can figure out what's really wrong before I
Fabian> go shouting wolf.
No. Don't tell people exactly how to open the lock, but *DO*
tell them there may be a problem, and please take precautions. You
can tell me about flaws without going into gory (and thief helping)
Expense Accounts, n.: Corporate food stamps.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C