Okay, I cry foul. While IAPW we would all like advisories to be tested against all possible versions of all possible affected OS's, in the world of academia (and Paul is welcome to contradict me on this if he cares to, since after all he's IN it) the rules are not the same as IAPW.
In academia, it's called "publish or perish". In reality, it's more like publish or perish, and make damned sure you don't get caught plagerizing or lying or publishing something incomplete, inaccurate, or otherwise embarrassing to your host university. Everyone has a boss, and when your boss consists of a bunch of potentially sensitive academics, it's best not to piss them off, intentionally or otherwise. So, while the circular reasoning comment is cute, I support Paul's somewhat cautious approach. After all, if say we were discussing a vulnerability in Win2K or something similar, we would make damned certain that the thing works and worked properly and consistently before we pass it around or disclose it, for fear of incurring the wrath of the population of this list, for example. So criticize all you want, but I think he's right. Historically what we are witness to is the following: Originally, the Office of the President was respected. Kennedy (and possible prior to 1963) resulted in shaking our confidence in the sacrosanct nature of the Office of the Presidency Nixon and Watergate resulted in shaking our belief in the Person who occupies the office (aka you can't trust politicians) Bush Gore (2000) resulted in shaking out belief in the process of Electing the person who occupies the office. So, basically, we're witnessing the erosion of confidence in our national government and the processes associated with it. I mean, when you get to the point where you say "Why vote, they'll just rig the damned election!" you're in Soviet Russia (or maybe the Ukraine). BTW, please don't nit pick the dates and people and miss the frigging point. The point is - confidence in our national (yes, I apologize to the non-US readers, but I suspect many of you will identify with this) government and our "way of life" which is so ingratiated into our national pride, etc... What's the answer? Obviously the same as in security - embarrass the bastards into playing by observable and verifiable rules. In our world that's called open source. In the world of politics it's called something else - citizenship or civics or "giving a damn". So, in conclusion, I suggest that the cynics among us get out and get active. I don't care which side you're on, but it's like the old saying - if you don't vote, you don't get to complain. If you want electronic voting that's verifiable, write the damned software and post it on sourceforge or someplace else. But, for heaven's sake, leave Paul alone. He's one of the few people left on this list who makes sense occasionally. G On or about 2004.11.22 20:14:30 +0000, J.A. Terranson ([EMAIL PROTECTED]) said: > > On Mon, 22 Nov 2004, bkfsec wrote: > > > Paul Schmehl wrote: > > > > > I disagree. Until the research is credible and vetted, investigating > > > is premature. Many people don't seem to understand, investigating > > > supposed discrepancies in the vote costs millions of dollars. The > > > recount in Ohio will cost the state $1.5 million. That's money that > > > could pay for other things. So you don't run off on wild goose chases > > > just because some "researcher" says, "Oooooo, look at this. This > > > looks really unusual." > > > > > You do realize that some people consider investigation and research to > > be connected and that, if there is any implication of a problem (whether > > the all-knowing creationist agrees or not) that that problem should be > > "looked into" (does that better suit your vocabulary?).... > > > > So, what you're really saying is that you're not willing to back an > > investigation until an investigation is done which shows that an > > investigation is warranted, correct? > > > > Well, of course you'd believe that! It's politically expedient for you. :) > > It also highlights a disturbing circular reasoning. Considering that Paul > is TEACHING at a supposedly "respected" *university*, we should all be very > afraid of our nations schools. > > -- > Yours, <SNIP> -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED] Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html