Dagmar wrote:
The title pretty much says it all. I'm only about halfway through it at the moment, but I don't want to be so full of giggles when I'm done that I forget to pass the URL along.

Read it, email it to co-workers and family. Even meter-maids and politicians should be able to understand the messages carefully contained therein.

It is Clue.

This is unfortunately like a lot of other idealistic rants in that while probably very correct, it is meaningless in a world that does not operate that way. It's like saying that government should be of and for the people and not corrupted. Yes, that's true. But it's impossible to remove corruption because that's just the way the world works. In the case of these ideas, you can't NOT operate in a Penetrate and Patch model because that's what EVERYONE ELSE IS DOING. Even if you were to base all of your internal systems in your control on removing code rather than patching, you don't live in a vacuum, so you'd still be enslaved to the Penetrate and Patch model. So while this is a great mental exercise, it offers little in the way of practicality for the modern CIO/CTO to do anything differently.

I also disagree entirely with the Hacking is Cool idea. If it wasn't for the culture that lures and instigates, perpetuates and expands this ethos, most of the people on this site would not have jobs or useful skills. Hacking is what taught many of us about How Things Work. Reverse engineering is a much needed skill that is woefully underabundant. If anything, we should be encouraging more of this type of curiosity and exploration. You, unfortunately, cannot remove human nature from this equation, so you will continue to get people that chose to use knowledge for evil rather than good. I fail to see how it's any different from anything else in life.

RE: The Six Dumbest Ideas in Computer Security