Re: [Full-Disclosure] Authorities eye MSBlaster suspect

From: Byron Copeland (nodialtone_at_comcast.net)
Date: 08/30/03

  • Next message: Paul Schmehl: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect" 
    To: Valdis.Kletnieks@vt.edu
Date: 29 Aug 2003 21:50:38 -0400

    On Fri, 2003-08-29 at 19:13, Valdis.Kletnieks@vt.edu wrote:
    > On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said:
    > > >And has it occurred to you that *MAYBE* his "high paying job" would
    > > >be more productive if he wasn't spending most of his time having to deal with
    > > >people breaking in, either proactively or reactively??
    > >
    > > that is his job
    >
    > You're totally missing the point.
    >
    > If I'm doing security 30 hours a week, that's 30 hours a week I'm not available
    > for other things.
    >

    ??? uh, the extended coffee breaks?

    > That's 30 hours I'm not spending helping do network performance tuning for the
    > mail server. I'm sure the 70,000 users of the mail server would prefer that
    > I was able to do that instead.
    >

    You mean... Member of the Exchange server mop & broom crew?

    > That's 30 hours I'm not spending designing a new, more featureful print
    > management system. I'm sure the people who get print jobs that we need
    > to keep running (accounts receivable, invoices, purchase orders, etc) would prefer
    > I was able to do that instead.
    >

    Your printer says it needs white toner.

    > That's 30 hours I'm not spending diagnosing compiler and kernel bugs. I'm sure
    > the researcher who has a $2M grant project dead in the water would prefer I was
    > able to do that instead.
    >

    > That's 30 hours I'm not spending working on a way to migrate users from Windows to Linux.
    > I'm sure the people who are looking at a $500K/year bill for Microsoft licenses (and want
    > a way to save money) would prefer I was able to do that instead.
    >
    > That's 30 hours I'm not spending deploying a new release of Listserv that has
    > features that my users are asking for. I'm sure that many of the users on our
    > 6,023 lists would prefer I was able to do that instead.
    >
    > You starting to see a pattern here?
    >

    Jack of all trades?

    > And yes, those are *ALL* things that are *part of* "my job". Many of them are
    > things I'd enjoy doing more. All of them are things that would provide more *direct*
    > benefit to my site than "doing security".
    >
    > And you can't weasel out by saying "Hire somebody else to do that other stuff" or
    > "hire somebody else to do security" - the point is that if we did hire somebody else,
    > then we'd only have 1 person of the 2 available for productive work. If we didn't
    > have to keep spending resources on security, BOTH people would be available then.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Paul Schmehl: "Re: [Full-Disclosure] Authorities eye MSBlaster suspect"