Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: University Researchers Challenge Bush Win In Florida
From: Gregory Gilliss <ggilliss () netpublishing com>
Date: Tue, 23 Nov 2004 15:27:34 -0800

Okay, I cry foul. While IAPW we would all like advisories to be tested
against all possible versions of all possible affected OS's, in the
world of academia (and Paul is welcome to contradict me on this if he 
cares to, since after all he's IN it) the rules are not the same as IAPW.

In academia, it's called "publish or perish". In reality, it's more like
publish or perish, and make damned sure you don't get caught plagerizing
or lying or publishing something incomplete, inaccurate, or otherwise
embarrassing to your host university. Everyone has a boss, and when your
boss consists of a bunch of potentially sensitive academics, it's best not
to piss them off, intentionally or otherwise.

So, while the circular reasoning comment is cute, I support Paul's somewhat
cautious approach. After all, if say we were discussing a vulnerability 
in Win2K or something similar, we would make damned certain that the 
thing works and worked properly and consistently before we pass it around
or disclose it, for fear of incurring the wrath of the population of this
list, for example.

So criticize all you want, but I think he's right. Historically what we
are witness to is the following:

Originally, the Office of the President was respected.
Kennedy (and possible prior to 1963) resulted in shaking our confidence
in the sacrosanct nature of the Office of the Presidency 
Nixon and Watergate  resulted in shaking our belief in the Person who
occupies the office (aka you can't trust politicians)
Bush Gore (2000) resulted in shaking out belief in the process of Electing
the person who occupies the office.
So, basically, we're witnessing the erosion of confidence in our national
government and the processes associated with it. I mean, when you get to
the point where you say "Why vote, they'll just rig the damned election!"
you're in Soviet Russia (or maybe the Ukraine).

BTW, please don't nit pick the dates and people and miss the frigging 
point. The point is - confidence in our national (yes, I apologize to
the non-US readers, but I suspect many of you will identify with this)
government and our "way of life" which is so ingratiated into our national
pride, etc...

What's the answer? Obviously the same as in security - embarrass the
bastards into playing by observable and verifiable rules. In our world
that's called open source. In the world of politics it's called something
else - citizenship or civics or "giving a damn".

So, in conclusion, I suggest that the cynics among us get out and get
active. I don't care which side you're on, but it's like the old saying - 
if you don't vote, you don't get to complain. If you want electronic
voting that's verifiable, write the damned software and post it on
sourceforge or someplace else. 

But, for heaven's sake, leave Paul alone. He's one of the few people
left on this list who makes sense occasionally.


On or about 2004.11.22 20:14:30 +0000, J.A. Terranson (measl () mfn org) said:

On Mon, 22 Nov 2004, bkfsec wrote:

Paul Schmehl wrote:

I disagree.  Until the research is credible and vetted, investigating
is premature.  Many people don't seem to understand, investigating
supposed discrepancies in the vote costs millions of dollars.  The
recount in Ohio will cost the state $1.5 million.  That's money that
could pay for other things.  So you don't run off on wild goose chases
just because some "researcher" says, "Oooooo, look at this.  This
looks really unusual."

You do realize that some people consider investigation and research to
be connected and that, if there is any implication of a problem (whether
the all-knowing creationist agrees or not) that that problem should be
"looked into" (does that better suit your vocabulary?)....

So, what you're really saying is that you're not willing to back an
investigation until an investigation is done which shows that an
investigation is warranted, correct?

Well, of course you'd believe that!  It's politically expedient for you.  :)

It also highlights a disturbing circular reasoning.  Considering that Paul
is TEACHING at a supposedly "respected" *university*, we should all be very
afraid of our nations schools.


Gregory A. Gilliss, CISSP                              E-mail: greg () gilliss com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]