The media and our society
Steve T
If you haven't been following the phones on railway lines dispute,
then see that thread for an explanation of why I think this is a
relevant thread for this group. Education ahoy!
Your beliefs and behaviour are influenced by the media in a thousand
subtle ways, whether you are aware of it or not often in negative
ways, you are manipulated by the media every day, whether you are
aware of it or not, EVERYONE is vulnerable to this.
Discuss
Steve T
------------------------------------------------------------
| Why did the chicken cross the road ? |
| Because it hadn't read the manual |
------------------------------------------------------------
| Steve Trewick, more a collection of foul smells and bad |
| language than a real person. |
------------------------------------------------------------
JEB 926
out the lurkers from under the rock, " I'm off to dejanews to get more
information to post to the police" ( or somthing along those lines) was one of
the posts, that IMHO is NOT within the nature of the group, hell this is a
hacking/phreaking group, this shit is illegal, when sad people like this start
bitching about going to the police to report......Well you get my point!
I think this thread should remain dead!
Steve T
I'm not suggesting continuing the same thread, but starting a new one,
to examine a few issues surrounding the society we live in and how it
is influenced by the media and other factors.
One of the most widely used phrases in the HP scene is some kind of
variant on 'knowledge is power' and there is supposedly a strong
leaning towards freedom of information etc.
In order to understand _why_ knowledge is power, and why information
is extremely unlikely ever to be free, you must first have an
awareness of the socilogical and cultural factors that allow existing
power structures to remain in place.
If you look around you, you will find that the majority of people (in
this country at least) are badly educated and badly informed, they
know very little about politics, economics and a whole host of other
important issues that influence their lives on a daily basis.
Being into HP is supposed to about the search for knowledge, and an
understanding of the power that this knowledge brings, we are supposed
to people with a burning desire to know how the world works.
What sets us apart from the masses is our curiosity, our persistence
in the pursuit of knowledge that others can not or will not supply,
our disregard for traditional power structures.
Being into HP means that you are already standing on the fringes of
society, wheter you like it or not, it makes you different. It makes
you part of a potentially very powerful social grouping (why do you
think the governments of every nation on earth are so afraid of us?),
after all, knowledge is power, right?
But in order to understand the nature of this power (or at least the
potential of it) we need to have an awareness of the environment in
which we live, we need to know _WHY_ we are different, and what we are
different from.
My first post on this subject is somewhat misleading, most of the
people on this group will be (to a large extent) less vulnerable to
impressioning by the media and less likely to have traditional values
than J.Random Public, but I want to get a feel for what people
know/think already before I throw myself into a long discourse about
media/politics etc (or getting my tame expert to do it)
The fact is that every day of your life, you are lied to and misled
about important issues. There is no huge conspiracy at work, this is
just the cumulative effect of social and cultural stuctures and
behaviors.
But I think that this is something we need to be thinking about, as
we're supposed to care about these things. I know I do, and from
reading some of his stuff, I know that Vortex does to, but if no one
else is bothered, then I will kill this thread and just mail Vortex,
or find him on IRC.
Any feedback anyone ?
JEB 926
The main question is how do we gain knowledge, when it is made illeagal? Not
everyone is capable of navigating the telephone system or gaining access to
info on computer systems. The "Big Brother" does not want this to change, as
once people get a taste of freedom and information they will crave more. You
can allready see this happening with the net, all governments want to censor
the net, they just have not fully grasped the idea it is WORLD WIDE!, the
chineese have allready started a form of censorship, which is for what they
belive in their country, but it affects ALL of the plannet!. any information
that is on the net may be illegal in one country and perfectly harmless in
another. If the governments strart to censor or control the information on the
net, there will be very little left of any interest. This is the exact reson
that the level of knowledge is maintained low, so there are "classes" of
people, those who know and use that for government or buisness, those who dont
know as much and lead normal every day lives and those who know but have
learned it for personal reaons. when somone learns for their own knowledge, the
"system" becomes more worried that more of the public will follow, so the
information is made illeagl to find out or is very restricted and any use of
experimenting to find out the knowledge is made illegal. It seems that the
prime motivation is FEAR, fear of change. and in some respect are'nt we all
afraid of change to some degree?
Firestarter
possibly fear of the unknown or fear of something they dont understand.Very
little people in the goverment actually know how to use the internet so they
are afraid of people who can use it for things they wouldnt want us using it
for.
--
ICQ UIN: 6036731
phie zine: http://phiezine.zeris.net/
IRC: #hackers_ireland,#hackerzlair (dalnet)
Dogma
I agree with most of what you're saying bar the supposition that knowledge
is power. Knowledge does not yield power; it is information that provides
the tool to acquire power. This is the fact that poses a threat to an
established society.
Information, as we would all agree, in the world today, is just another
commodity that can be bought and sold, used and abused. This fact doesn't
just worry "them", but also "us". If someone wants information, they go and
get it. Some people have the ethic that forces them to learn for
themselves, others don't. These latter candidates are those who we should
be afraid of, not of the "them".
I have deliberately used the "them" and "us" representation, as until a
person can truly establish which side they are on, the enemy remains
unnamable. There are a growing number of people who suffer from paranoia,
fuelled entirely by media comment and popular culture.
The anarchic tendencies are not longer anything to do with anarchy, but the
more "cool anarchy" that has grown throughout the eighties and nineties.
Swampy is a good example of this. He lives in a burrow, yells "down with
the state", and does nothing but whinge and complain. If I had to choose
between this society and that of Swampy, then I'm afraid I'm going to be
above ground for a little longer. This common sense is why I don't present
a threat. There are those who would claim that I am a "slave to the
establishment". So be it. Although this society is imperfect, I do not see
any alternative worthy of the slightest consideration.
There are those about who I do not trust; this is my paranoia. The people
at the top of the list are those who announce that they are doing something
(anything) "in the public interest". On the whole, these are journalists.
These people are the real threat to society, both above and below ground.
They wrap their own beliefs up in words like "freedom", "protection of the
innocent", "justice". This disguise is only thin and can be penetrated by
those who are prepared to read between the lines. However, the damage is
already done as there are those who can not read between the lines, and
those that can't be bothered. To do this requires intelligence, vigilance
and an understanding on how people work. "They" call it cynicism, I call it
protectionism.
We've all seen examples of the bleeding heart brigade; a child is hurt, an
old lady is robbed, a black man doesn't get a job. You see the common
thread: It's all emotive.
Those with a scientific, rational and/or logical mind will ask the
question: Why are they telling me how to feel?
As soon as you start asking questions like this, you suddenly find yourself
in a new category. You are indifferent to "them" and "us"... there is only
"me".
So, if you insist on waging war against the state, please make sure you
make the distinction between state and establishment. You'll soon see that
the enemy is the one that has been whispering in your ear; telling you what
to believe, how to feel, and how to react. This is not the Goverment.
Vortex
lasts for a long while as it could be very interesting.
On 12 Aug 1998 21:19:37 GMT, jeb...@aol.com (JEB 926) wrote:
<snip>
>all governments want to censor
>the net, they just have not fully grasped the idea it is WORLD WIDE!, the
>chineese have allready started a form of censorship, which is for what they
>belive in their country, but it affects ALL of the plannet!.
See the Compuserve/Germany thing a few years back (which is still
continuing to this day I think...).
The Germans were essentially demanding that Compuserve remove all
porn/violence from the *worldwide* service, as the German laws against
the aforementioned are some of the toughest in the world.
In the end (IIRC) it ended up with the Germans bringing an obscenity
charge against Compuserve because they wouldn't take something away
from the world just so Germany could have their way.
>any information
>that is on the net may be illegal in one country and perfectly harmless in
>another. If the governments strart to censor or control the information on the
>net, there will be very little left of any interest.
Hmmm, I would say it would still be available - but a lot harder to
obtain. Now you can search Yahoo for "Hacking" and get a long list of
pages (admittedly mostly crap).
It would move over to private FTPs and webservers, which would be kept
very private and hidden.
A good example of this, and the sociological aspect of the h/p scene
in general is the film Harrison Bergeron (probably spelt wrong, by
Kurt Vonnegut if you want to look it up on IMD).
Watch it and apply it to what we are living here.
(One of my fave films actually :) )
Other suggested reading includes 1984 (Orwell), Farenheight 451
(another Vonnegut book IIRC) and to a lesser extent Brave New World
(Huxley) - or indeed anything by the above 3 authors.
<plug>(Oh, and there's a text on my website which is relevant to this
thread too :) )</plug>
>This is the exact reson
>that the level of knowledge is maintained low, so there are "classes" of
>people, those who know and use that for government or buisness, those who dont
>know as much and lead normal every day lives and those who know but have
>learned it for personal reaons.
So when people like us come into the picture it confuses the system -
we're kept down so we *don't* rise against the government/authorities,
on the rare occasion this does happen it's usually a violent form of
rebellion - riots etc, which can be quickly contained with large
pointy sticks. However, when society rebels intellectually -
undermining the system, it cannot be stopped with brute force as you
can conceal your intelligence, unlike you can conceal a petrol bomb
<g>
They get scared because we have the knowledge which they don't want us
to have. What they aren't scared of, however, is that we'll distribute
it to everyone becuase they know "everyone" just wouldn't care - why
do you think they enhance the image of a hacker as utterly evil or
just a sad geek?
Why is intelligence shunned? The "geek"/"nerd" image is applied to
anyone who has intelligence above the norm (admittedly some deserve it
;) ) but IMHO the label only fits absolute conformance with the rules.
The media promote this image in childrens television, for instance, so
intelligent kids are ridiculed, they hide their creativity and after a
while simply forget how to use it - they become just another
plebithian, 9-5 job, 2 kids and a nice house in the suburbs - it's
when intelligence is stimulated and encouraged that society
advances...
[Grand Conspiracies in kids TV? heh.]
The media does condition people - it does not, however, make the
decisions to follow through the stereotypes - they act on the will of
the people who act on the media - a cycle of ignorance - whos going to
stop it?
Not the government, if everyone would rather watch some mind rotting
sitcom than contest all the fucking shit that goes on at higher levels
then why would they want to step in?
Us? Who would listen? We're considered paranoid evil geeks (like it or
not :) ) by the masses, why would they listen to us?
Computers and telephony are a very good place to use excess
intelligence, keep the brain moving because there is so much to learn
and a lot of people who will help - Wozniak and Jobs of Apple were
phreaks (selling blueboxes :) ) and were two of the most successful
people in the Computer industry for a long time.
Gates (despite what he has become) bunked off school to experiment
with early computers. He is the most successful person in the computer
industry.
Mitch Kapor, of Lotus 1-2-3 fame is a multi-millionare and involved in
free speech/anti-censorship.
So, 2 ex-phreakers, an early hacker and a hacker sympathiser have
taken some of the top spots in the industry hall of fame...
How many people here will be more successful than average in later
life because they kept their minds open rather than losing their gift
in a dull grey classroom becuase they'd rather be popular than
intelligent? People here may keep their intelligence hidden at school
but in hack/phreaking what determines the best hacks/phreaks?
Intelligence and knowledge first.
If the information was distributed to everyone - 95% of people
wouldn't give a flying f*ck, they would ignore it and get on with
their lives. What They don't want is people who can see past the shit
picking up on things - a lot of people are intelligent enough to think
for themselves (just as a lot aren't), but their conditioning prevents
them from doing so - what would it take to change them?
Look at the Area 51/UFO craze over the past few years - why do the
government not act against stories and "leakages" of information?
Because it's been so overdone that who would believe serious evidence
now? The general public watch the films and "real life" programmes and
think, "well that's a good story, bit over the top though" - when real
evidence does arise it's "nowhere near as good as the films" and
ignored or ridiculed. Open minds are now another thing to laugh at -
after all, they're all paranoid crazies aren't they?
Science fiction is one of the only genres that will show what's
happening, see the references I made earlier. The followers of scifi
are portrayed as the stereotypical "Trekkie". No doubt there are
people like that around, but how many people in here would say their
favourite genre of fiction is Science Fiction? I'd guess about 9/10?
The 5% of the population that would listen is still three million
people - three million people of above average conciousness (and
probably intelligence too) - the three million would spread the
knowledge and gradually the system would be eradicated as people see
past it.
But what then?
Many people could not survive without the system - neither could
industry, economy, etc.
What now?
We would be in the position to gain the knowledge we desire so much,
but with everyone seeking answers noone will be there to do the menial
tasks such as building and maintaining the places we wish to explore
(such as telephone exchanges ;) ).
What would happen if the system was eradicated, would we (both as the
human race and as the hack/phreak "scene") survive or just crumble and
die?
Like it or not, are the ignorant masses actually the ones who make
hack/phreaking necessary or even possible?
If the media does not make the decisions about how much to keep the
general intelligence down then who does?
Discuss... :)
--
Vortex
mail: vorte...@innocent.com -- irc: dalnet #2600-uk
www: http://mercyground.ml.org/vortexuk -- pgp key: on website
"Life is like a Rollercoaster. It has its ups
and downs, and people will take it seriously
and get frightened. But, hey, it's just a ride"
sque...@clean.com
(snip)
>A good example of this, and the sociological aspect of the h/p scene
>in general is the film Harrison Bergeron (probably spelt wrong, by
>Kurt Vonnegut if you want to look it up on IMD).
Smashy or Nicey - some time past.
>Other suggested reading includes 1984 (Orwell)
>Farenheight 451 (another Vonnegut book IIRC)
Ray Bradbury, in fact. Or that French director (Godard?) if you mean the
FILM : - )
>and to a lesser extent Brave New World (Huxley)
>or indeed anything by the above 3 authors.
Four - if you count Bradbury!
>So when people like us come into the picture it confuses the system -
Privilege, I have read recently, derives from the Latin meaning
individual/private law. One law for THEM, another for US.
(snip)
> However, when society rebels intellectually undermining the system
>it cannot be stopped with brute force as you can conceal your
>intelligence, unlike you can conceal a petrol bomb <g>
Pol Pot rooted as those rascally intellectuals by rounding up all those
found wearing GLASSES!
Pesky short-sighted bookreaders. We'll put them to work in the fields where
they'll be too tired to foment counter-revolution. And perhaps we'll kill a
few million. What a pity the yanks supported him when he was just a wannabe
guerilla because it meant that they could lie to Congress about what they
were really up to on the Vietnam border before the War^H^H^H "Police
Action".
>why do you think they enhance the image of a hacker as utterly evil or
>just a sad geek?
Generalising from the particular, I guess. Agreed it *is* good propaganda.
>The media promote this image in childrens television, for instance, so
>intelligent kids are ridiculed, they hide their creativity and after a
>while simply forget how to use it - they become just another
>plebithian, 9-5 job, 2 kids and a nice house in the suburbs - it's
>when intelligence is stimulated and encouraged that society
>advances...
I suspect that if one took a scientific look at TV one would find that this
itself is something of a cliched view. I would hazard a bet that there have
been as many shows in the last decade that promote "intelligence" as
denigrate it; probably more (IMNSHO!)
>[Grand Conspiracies in kids TV? heh.]
>The media does condition people - it does not, however, make the
>decisions to follow through the stereotypes - they act on the will of
>the people who act on the media - a cycle of ignorance - whos going to
>stop it?
There are *many* experiences that go towards our respective programming
&/or conditioning. The Jesuits used to say something along the lines:
"Give me the Child until the age of seven and I will give you the Man".
Perhaps Larkin was a little more succinct when he wrote (ahem):
"They fuck you up, your mum and dad...."
I still think that one can break one's programming - but it can be mighty
hard!!
>Us? Who would listen? We're considered paranoid evil geeks (like it or
>not :) ) by the masses, why would they listen to us?
If you are interested in conspiracy theories, paranoia etc I would
recommend The Illuminatus Trilogy by Robert Shea and Robert Anton Wilson.
RAW also produces interesting non-fiction along the same lines.
>Computers and telephony are a very good place to use excess
>intelligence, keep the brain moving because there is so much to learn
>and a lot of people who will help - Wozniak and Jobs of Apple were
>phreaks (selling blueboxes :) ) and were two of the most successful
>people in the Computer industry for a long time.
>
>Gates (despite what he has become) bunked off school to experiment
>with early computers. He is the most successful person in the computer
>industry.
Well, Richard Branson, although from a fairly privileged background
certainly bucked the system in his youth and seems to continue today in a
similar vein. He has not been fully accepted into the Establishment
although we all like him because he eschews suit and tie.
>How many people here will be more successful than average in later
>life because they kept their minds open rather than losing their gift
>in a dull grey classroom becuase they'd rather be popular than
>intelligent?
I do not agree that these have to be mutually exclusive. Although sometimes
it may appear to be this way....
> in hack/phreaking what determines the best hacks/phreaks?
>Intelligence and knowledge first.
Cunning, I would say, also comes in useful in the activities you mention
and others not related to technology. Some might say that it is more akin
to instinct than to intelligence/knowledge....
>If the information was distributed to everyone - 95% of people
>wouldn't give a flying f*ck, they would ignore it and get on with
>their lives.
I suspect this is true. Can anyone post any counter-examples or otherwise
play Devil's Advocate, here!
>What They don't want is people who can see past the shit
>picking up on things - a lot of people are intelligent enough to think
>for themselves (just as a lot aren't), but their conditioning prevents
>them from doing so - what would it take to change them?
Better not say if you find out the mystery catalyst. One day *you* might be
top of the pile wanting to keep everyone the other side of the drawbridge!
>Science fiction is one of the only genres that will show what's
>happening, see the references I made earlier. The followers of scifi
>are portrayed as the stereotypical "Trekkie". No doubt there are
>people like that around, but how many people in here would say their
>favourite genre of fiction is Science Fiction? I'd guess about 9/10?
Me too!
>Many people could not survive without the system - neither could
>industry, economy, etc.
Factory fodder always required!
>Like it or not, are the ignorant masses actually the ones who make
>hack/phreaking necessary or even possible?
An interesting take on things. Have to think about that one.
>If the media does not make the decisions about how much to keep the
>general intelligence down then who does?
Consider the facts:
Biggest selling newspapers? Sun and Mirror
Most popular TV programmes? Corrie and Eastenders (usually)
Are they "lowest common denominator populist trash" or is this judgement
indicative of cultural snobbery? It does seem to be a chicken-and-egg
situation but this might be laziness on the part of myself....
Can anyone else dig back into why we/they put up with this crap. A point by
point rebuttal of postings is not necessary. Just post a single point of
relevance/interest if that is all that comes to mind. Someone else can
later summarise and we can all argue over any "conclusions" : -)
Cheers,
Squeakie
Postscript: Football, our national sport?
Well someone once said that more people went *fishing* so perhaps this
bucks the trend!
Dave
>Consider the facts:
>Biggest selling newspapers? Sun and Mirror
>Most popular TV programmes? Corrie and Eastenders (usually)
>
>Are they "lowest common denominator populist trash" or is this judgement
>indicative of cultural snobbery? It does seem to be a chicken-and-egg
>situation but this might be laziness on the part of myself....
>
>Can anyone else dig back into why we/they put up with this crap. A point by
>point rebuttal of postings is not necessary. Just post a single point of
>relevance/interest if that is all that comes to mind. Someone else can
>later summarise and we can all argue over any "conclusions" : -)
>
Don't forget that an important part of our evolution was the
develpment of herd/cooperative behaviour. I think that our perception
of other peoples beliefs/actions stll affects our own.
As for whether the 'nintey percent morons' environment makes for
hackers/phreakers, I would note that the way that large co's/systems
_rely_ on that ratio does make it beneficial to think independently.
(after all anyone with an IQ>20 knows how an electricity meter
works.!)
I do think that creative thinking, at the moment, needs to be
protected from the schools and legal system. It bears thinking about,
that our next evolutionary stage - as seen by those at the 'top' could
be into a huge tribe of willing and ignorant volunteers. With a few
bright sparks syphoned off to use their intellect to keep the rest of
us docile. - and themselves 'safe' !
Aplogies to all for the (all but) off topic waffle, but this sort of
thinking plays a part in my interest in the hpa community.
Apologies to the future if any of our thoughts are used by those
seriously twisted gits at the top to syphon the creative ones into the
sheep fold..
A final thought - give me many independant tribes of well educated
folk. Not one huge 1984 style system ;}
D.J.
Harm
vorte...@NOSPAM.innocent.com wrote:
> Here we go, nice long rant and a lot of questions - hope this thread
> lasts for a long while as it could be very interesting.
>
> On 12 Aug 1998 21:19:37 GMT, jeb...@aol.com (JEB 926) wrote:
> <snip>
> >all governments want to censor
> >the net, they just have not fully grasped the idea it is WORLD WIDE!, the
> >chineese have allready started a form of censorship, which is for what they
> >belive in their country, but it affects ALL of the plannet!.
> See the Compuserve/Germany thing a few years back (which is still
> continuing to this day I think...).
[snip]
> Other suggested reading includes 1984 (Orwell), Farenheight 451
> (another Vonnegut book IIRC) and to a lesser extent Brave New World
> (Huxley) - or indeed anything by the above 3 authors.
Farenheit 451 was in fact written by Ray Bradbury, who also did
"Martian Chronicles" and "Something Wicked this Way Comes".
> What would happen if the system was eradicated, would we (both as the
> human race and as the hack/phreak "scene") survive or just crumble and
> die?
I think you are probably right in your, and probably a lot of other
people in the h/p/a scene, philosophy. Also very good theory on the
possible downfall of the human race if everyone knew and cared!!
Harm
Firestarter
i have posted a list of places to write to that are under the FOIA.
ill do it again if you want.
although you mostly get things blacked out and dont get them for 3 years but
its worth a shot.
also you will be supprised just how much info you get by simply asking BT.
Vortex
wrote:
>I do think that creative thinking, at the moment, needs to be
>protected from the schools and legal system. It bears thinking about,
>that our next evolutionary stage - as seen by those at the 'top' could
>be into a huge tribe of willing and ignorant volunteers. With a few
>bright sparks syphoned off to use their intellect to keep the rest of
>us docile. - and themselves 'safe' !
Steve T
<Do...@check.whowhere.18be482329.net> wrote:
>
>I agree with most of what you're saying bar the supposition that knowledge
>is power. Knowledge does not yield power; it is information that provides
>the tool to acquire power. This is the fact that poses a threat to an
>established society.
I would disagree with that, you start off with DATA, which is raw
facts/figures etc, and on it's own, doesn't mean a great deal.
You progress to INFORMATION, which is DATA organised in a meaningful
way.
Then to KNOWLDEDGE which is information in a meaningful context.
For instance, if I know what a light switch is, and what it's for,
then I have INFORMATION about it. But if I want to get some light to
read by, I must process that information in a meaningful way in order
to get the KNOWLEDGE of how to turn the light on.
[I know thats not a very clear example, so if anyone wants to a better
discussion of the issues of knowledge and information, then check out
Artificial Intelligence, A Knowledge based approach by Morris W
Firebaugh, Chapter 9. ISBN 0-87835-325-9]
Therefore, I can have information without any implied potential for
power (eg if I don't understand it or know what it means, or how to
use it), but it is Knowledge (the information in a meaningful context)
that implies the potential for power.
Of course Knowledge doesn't automatically equal power, it must be
converted into power by correct application, and only certain types of
knowledge will yield power when so applied.
>Information, as we would all agree, in the world today, is just another
>commodity that can be bought and sold, used and abused. This fact doesn't
>just worry "them", but also "us". If someone wants information, they go and
>get it. Some people have the ethic that forces them to learn for
>themselves, others don't. These latter candidates are those who we should
>be afraid of, not of the "them".
Definiely, 'the establishment' (and I know more or less exactly who I
mean when I say that) only retain their power because of the people
who don't want to know what's going on. If everyone was questioning
them all the time, they'd soon be fucked, but hardly anyone does.
This ostrich approach, which is very visible in mainstreamn western
culture, scares the crap out of me.
>I have deliberately used the "them" and "us" representation, as until a
>person can truly establish which side they are on, the enemy remains
>unnamable. There are a growing number of people who suffer from paranoia,
>fuelled entirely by media comment and popular culture.
>
That's tricky though, how do you seperate someone who is paranoid
because of irresponsible media comment and popular culture from
someone who is paranoid because they are well informed and can see
real danger on the horizon. I am paranois about the effects of the
Y2K problem, because I have read extensively about it over the last
three years or so, but the media is only just starting to grab hold of
it, and when they start spewing out 'the world is going to end' type
stuff (which will be soon), there will be a lot more paranoid people
about, what makes me any better than them in this case ?
>The anarchic tendencies are not longer anything to do with anarchy, but the
>more "cool anarchy" that has grown throughout the eighties and nineties.
Defintely, this annoys me also, now everyone who listens to Oasis
thinks they're some kind of fucking anarchist, cos they listen to
music that is alternative, and talk like neanderthals. I've seen a
lot of this type of thing at Uni, there must be about 6K students
here, and you would expect that at least some of them would be
reasonably well informed, but this is not the case. There sole
contribution towards society is to listen to alternative music, read a
few 'risky' books, take some drugs, then pass their degree and go and
get a 9-5 graduate trainee position with some godawful corporate.
>Swampy is a good example of this. He lives in a burrow, yells "down with
>the state", and does nothing but whinge and complain. If I had to choose
>between this society and that of Swampy, then I'm afraid I'm going to be
>above ground for a little longer. This common sense is why I don't present
>a threat. There are those who would claim that I am a "slave to the
>establishment". So be it. Although this society is imperfect, I do not see
>any alternative worthy of the slightest consideration.
How many times over the last ten years have we seen people like
Swampy, every time a road is built, they gather in their hundreds and
protest. And what happens, nothing! Because by the time they get
there, the money has been spent, and the project will go ahead no
matter what they do. The people involved have simply made to much
investmet to allow anyone to get in their way. And where do these
people get their money from ? That's right, they all sign on the
dole, and then whinge that it's not enough. Gosh, what a HUGE
positive contribution to society they make.
>There are those about who I do not trust; this is my paranoia. The people
>at the top of the list are those who announce that they are doing something
>(anything) "in the public interest". On the whole, these are journalists.
>These people are the real threat to society, both above and below ground.
>They wrap their own beliefs up in words like "freedom", "protection of the
>innocent", "justice". This disguise is only thin and can be penetrated by
>those who are prepared to read between the lines. However, the damage is
>already done as there are those who can not read between the lines, and
>those that can't be bothered. To do this requires intelligence, vigilance
>and an understanding on how people work. "They" call it cynicism, I call it
>protectionism.
>
Tabloid journalism is one of the most insidious threats that we face
today, take for instance the Daily Mail, a recent editorial in the
Daily Mail stated that the Daily Mail is the paper of 'right
thinking....normal....moral..[etc] people'. and they claim to speak on
behalf of these people (which is a bit strong coming from a paper that
was giving away Diana scented candles to it's reader's)
This implys that anyone who disagrees with what is written in their
shitty paper is either a criminal or a deviant of some kind (words
that they use a lot)
Almost all newspapers and journalists have some kind of agenda, which
they conceal from their readers, but the tabloids are definitely the
worst, because their target demographic are more vulnerable to this
kind of influence (studies show that people who read tabloid
newspapers are the least likely to get information from other sources)
The Labour party would never have won such huge victory without the,
for example, the Mirror's 'Tony Tony, he's our man' journalism in the
lead up to the general election.
This works because, like you said earlier, there is such a large
proportion of society who just blindly accept what they are told
without questioning it. Raising the question, who's the worst, the
newspapers with their hidden agendas, or the populace, who believe
evrything they read, and don't ask questions ?
>We've all seen examples of the bleeding heart brigade; a child is hurt, an
>old lady is robbed, a black man doesn't get a job. You see the common
>thread: It's all emotive.
a la Princess Di, was that a sickening example of a media circus or
what. If it hadn't been built up so much, there would have been a
quiet funeral, and that would have been it, but [puts on Vic Reeves
voice] they wouldn't let it lie.
>Those with a scientific, rational and/or logical mind will ask the
>question: Why are they telling me how to feel?
>As soon as you start asking questions like this, you suddenly find yourself
>in a new category. You are indifferent to "them" and "us"... there is only
>"me".
And you are almost a pariah from normal society. It's surprising how
easy it is to become marginalised isn't it ?
>So, if you insist on waging war against the state, please make sure you
>make the distinction between state and establishment. You'll soon see that
>the enemy is the one that has been whispering in your ear; telling you what
>to believe, how to feel, and how to react. This is not the Goverment.
I would say that it's not -only- the Government, they certainly can't
be excused from everything, one of the reasons that we get so much
shite in the papers is because the new regime is so adept at
manipultaing the media, and hiding the truth from them (and
consequently, us)
But this is true of -any- Government, so really, it's the -system- of
Government (or at least the abuse of such) that causes the problem
there.
Steve T
>Pol Pot rooted as those rascally intellectuals by rounding up all those
>found wearing GLASSES!
>
>Pesky short-sighted bookreaders. We'll put them to work in the fields where
>they'll be too tired to foment counter-revolution. And perhaps we'll kill a
>few million. What a pity the yanks supported him when he was just a wannabe
>guerilla because it meant that they could lie to Congress about what they
>were really up to on the Vietnam border before the War^H^H^H "Police
>Action".
>
And Mao Tse Tung did it by saying something along the lines of 'Let a
hundred flowers blossom, let there be a hundred differnt points of
view' (I forget the exact wording) and then killing everyone who
disagreed with him. Nice guy.
[snip]
>I suspect that if one took a scientific look at TV one would find that this
>itself is something of a cliched view. I would hazard a bet that there have
>been as many shows in the last decade that promote "intelligence" as
>denigrate it; probably more (IMNSHO!)
[snip]
>There are *many* experiences that go towards our respective programming
>&/or conditioning. The Jesuits used to say something along the lines:
>"Give me the Child until the age of seven and I will give you the Man".
>Perhaps Larkin was a little more succinct when he wrote (ahem):
>"They fuck you up, your mum and dad...."
>I still think that one can break one's programming - but it can be mighty
>hard!!
Indeed, and there are two competing theories describing the effect of
media, the first (and wrong IMHO) is 'The Hypodermic' theory, which
hypothesises (is that how you spell it?) media conten as analogous
with a syringe, injecting beliefs etc into the audience.
The second is 'Feedback Theory', which is almost certainly the correct
one, which states that the media and the audience interact, and
feedback into each other. So the media basically represents elements
drawn -from- society and the feeds them back in (often distorted),
which then causes sociological/ideoligical change, which is
represented in the media, which..... etc etc ad infinitum.
>
>Consider the facts:
>Biggest selling newspapers? Sun and Mirror
>Most popular TV programmes? Corrie and Eastenders (usually)
>
>Are they "lowest common denominator populist trash" or is this judgement
>indicative of cultural snobbery? It does seem to be a chicken-and-egg
>situation but this might be laziness on the part of myself....
>
Very much a chicken and egg problem, soaps are the highest rated
programming on TV, and they generally aren't very
intelligent/provocative, but the central question here is -why- do so
many people veg out in front of eastenders instead of something more,
er, well, lets say 'thought provoking'.
Opinions I have com accross while looking at this range from 'everyone
is tired when they get home from a hard days work, so they can't be
arsed watching anything that requires any more effort' to the
disturbing possibility that the majority of people don't want their
thoughts provoked, thanks very much, and would rather just stay in
there current, non frightening, non big issue examining mindset, so as
not to be unduly worried about large important events over which they
percieve themselves to have no control.
>Can anyone else dig back into why we/they put up with this crap. A point by
>point rebuttal of postings is not necessary. Just post a single point of
>relevance/interest if that is all that comes to mind. Someone else can
>later summarise and we can all argue over any "conclusions" : -)
>
I will get my tame expert to have a dig around, I seem to remember
that she has some material on this somewhere, I will also get her to
have a read through this thread, and see what she has to say.
>Cheers,
>
>Squeakie
>
>Postscript: Football, our national sport?
>Well someone once said that more people went *fishing* so perhaps this
>bucks the trend!
>
Ah, cue football=religion argument ;-)
Steve T
Harm
<majes...@hotmail.com> wrote:
> their are ways to find out iinfo about all kinds of things.
> i have posted a list of places to write to that are under the FOIA.
> ill do it again if you want.
> although you mostly get things blacked out and dont get them for 3 years but
> its worth a shot.
> also you will be supprised just how much info you get by simply asking BT.
Could you repost this list. Thanks
Harm
Sarah Gilligan
( if all this has already been discussed please excuse me as I've only just
joined in...)
A bit of blurb on Media effects..... Media Effects theories have been
developed in the theoretical side of Media Studies ( as opposed to training
wannabe film makers) which as a subject is incredibly multidisplinary -
drawing upon psychology, sociology, socio-linguistics, cultural studies,
film studies and so on - They developed mainly from a mixture of
behaviorist approaches - e.g. - American military investigating how
'effective' their propaganda films were, and more Marxist 'ideology and
hegemony' approaches such as those proposed by the Frankfurt school (
Adorno, Marcuse and Horkhiemer - who were Jews who took as their starting
point the ways in which Hitler 'used' the Media - and why his ideas were
accepted / 'popular' with some.)
Various terms / theories are given several which overlap - (arguably just
done to confuse undergraduates trying to make sense of academic shite..),
Hyperdermic needle model
As Steve T, proposed - the idea that the Mass media communicate directly
with the mass audience - that the 'masses' are passive in their use of the
media, believing everything they are told - this was the model most adopted
by American theorists ( and the Daily Mail when it comes to Violence and
the Media 'debates).
In the UK though theorists argue that there is a more active relationship
with the text.....
Uses and Gratifications theory - argues that we use the media to gratify
'needs' - there can be seen to be four main types of 'need' gratified by
individuals use of the media:
1: 'Diversion' - escape from the constraints of routine, escape form the
burdens of problems, or as emotional release.
2: 'Personal relationships' - companionship, social utility
3: Personal identity - personal reference, reality exploration, value
reinforcement
4: Surveillance - need for information in our world
In addition to such theories there are those such as multi step flow which
argue for the impact of opinion leaders - whether they be part of the
ideological state apparatus ( teachers, police, 'institutions',
government...) or on a more personal level someone's peers in 'filtering'
information - and 'helping' people decide what issues are important.
Therefore people may look to their peers / opinion leaders for a version of
what is going on in the world rather than looking to established mass media
forms - for instance a family in Northern Ireland - may look to their local
opinion leaders for information on the latest 'confrontation', rather than
to the national news as that may not contain the 'version of events' that
they are looking for.
(linking in with Steve's idea of feedback theory.. )
The relevance of all the above waffle... well I subscribe to the uses and
gratifications school of thought, and also to the idea of negotiated and
oppositional readings of a text.. therefore will attempt now to defend the
millions of people who watch British soap operas such as Eastenders...
Here goes..
Annette Kuhn argues that: 'social concerns and trends are reflected in mass
media such as film and television, and that popular cultural forms can in
consequence be regarded as a gauge of social attitudes and social change'
- therefore 'issues' are tackled within such soap operas, from a variety of
perspectives - i.e AIDS issues - you have those who are pro / against and
don't know, and through the storylines the perspectives are worked through
and thus (one can argue) a viewer finds a place of identification, and may
go away and think about those issues.
Also there is the notion of the gendering of television genres that
repeatedly in research males will claim to favour action based narratives,
news documentaries and sport - and females soap opera and 'lighter'
entertainment, that has a focus upon dialogue and is more multiple. ( All
sorts of theories have been proposed linking this to theories of sexuality
- but I won't start)
Soap opera is forever dismissed by critics - and one can argue that this
is part is because it favours the female spectator - where multiple
viewpoints are presented, the narratives centre around the private sphere
rather than the public and the narrative develops through dialogue rather
than action and females are presented as strong and the males often as
'weak'.
Therefore this links into the notion of such programmes as 'wish
fulfillment' where characters have the guts to walk out on their husbands
or are able to talk things over with other people, when in reality they may
not be able to do that. There is also the notion of soap opera as
resisting closure - walking away wondering what will happen next -
therefore programmes become a form coin of cultural exchange - did you
watch.. and thus the 'issues' are brought to the surface and related to
reality, thus maybe leading to someone talking about their experience of
abuse.
Soap opera like melodrama and women's fiction has been slated by critics
(often men) for years - primarily because it does not conform to the
structures of identification and narrative as presented within (male
centred) mainstream texts -it was not until the rise of feminist approaches
to media and cultural studies that theorists began to recover these 'other'
genres and seriously concider their appeal.
And as for why 'people' don't watch 'serious' programmes - see above -
and... there is the notion of the visual style of such genres. In order
for programmes to be deemed 'serious' and worthy and objective and all
that, there has developed a specific visual style, that of the anchor (
often middle aged man) sat facing camera with very little stimulus in the
background - now all you out there may shout back - but if the sound was
switched off the television - would such an image intrigue you enough to
watch the programme. hmmmm... Yes the content may be interesting (to some)
but the visual style bloody isn't ! Hence one can argue the rise of people
like John Snow who have a presence who make it visually more interesting
and therefore capture peoples attention.
Also.. unless you have the time to spend you life searching and
interpreting information ( which many people with jobs and families don't)
it is difficult to gain intellectual access to the information - because
such 'serious' programmes assume a level of pre existing knowledge - if you
haven't got it then the stuff under discussion is often meaningless, and
there isn't supporting visual material to make it interesting enough to
make you stick with it... For instance, since the Learning Zone jazzed up
their programmes, 'real people' have access to them more easily than when
it was a bearded bloke in cords in front of a blackboard.
Also the way in which many people make sense of things is by discussing
them - therefore is the style doesn't make it watchable then the viewing
figures are lower and they do not become part of the conversation the next
day.. the same goes for film - people will watch blockbusters but won't
watch a slow dialogue based film - especially if its also: silent +/
subtitled+/ black and white.
Also due to the low viewing figures such programmes are often put in the
graveyard slot - when real people with jobs are usually trying to go to
sleep or having sex...hmmm given a choice - "Midnight Hour" or sex....
So in essence.. I would argue that people use a variety of forms to gain
access about the world, based on what is important to them... I think its
not just that people don't care, perhaps its that they do and real life
upsets people, start thinking about life too much and you'd panic/ worry /
become depressed / top yourself / stay in bed..yes if everyone knew about
politics etc they may want to do something - but the information is
presented in such a way that its inaccessible + / 'boring' - and there is
lots of stuff you can't do anything about -which cause do you support -
this is why charity contributions have gone down - there are so many
charities that people can't afford to give to them all, and feel bad if
they give preference to one over another - so don't give at all. People
have problems closer to their own life - money, bills, work, kids,
parents, death, illness.. which takes up a fair bit of peoples life - so
perhaps in their hour or two aday of space they want some mindless
drivel.....
But what do I know ???
-------------------------------------
sarah.g...@sunderland.ac.uk
Steve T <ca4...@isis.sund.ac.IHATESPAM> wrote in article
<35d483ca...@orac.sund.ac.uk>...
> On 13 Aug 1998 20:01:54 +0200, sque...@clean.com wrote:
>
> Indeed, and there are two competing theories describing the effect of
> media, the first (and wrong IMHO) is 'The Hypodermic' theory, which
> hypothesises (is that how you spell it?) media conten as analogous
> with a syringe, injecting beliefs etc into the audience.
>
> The second is 'Feedback Theory', which is almost certainly the correct
> one, which states that the media and the audience interact, and
> feedback into each other. So the media basically represents elements
> drawn -from- society and the feeds them back in (often distorted),
> which then causes sociological/ideoligical change, which is
> represented in the media, which..... etc etc ad infinitum.
>
>
> >
> >Consider the facts:
> >Biggest selling newspapers? Sun and Mirror
> >Most popular TV programmes? Corrie and Eastenders (usually)
> >
> >Are they "lowest common denominator populist trash" or is this judgement
> >indicative of cultural snobbery? It does seem to be a chicken-and-egg
> >situation but this might be laziness on the part of myself....
> >
>
> Very much a chicken and egg problem, soaps are the highest rated
> programming on TV, and they generally aren't very
> intelligent/provocative, but the central question here is -why- do so
> many people veg out in front of eastenders instead of something more,
> er, well, lets say 'thought provoking'.
>
> Opinions I have com accross while looking at this range from 'everyone
> is tired when they get home from a hard days work, so they can't be
> arsed watching anything that requires any more effort' to the
> disturbing possibility that the majority of people don't want their
> thoughts provoked, thanks very much, and would rather just stay in
> there current, non frightening, non big issue examining mindset, so as
> not to be unduly worried about large important events over which they
> percieve themselves to have no control.
>
> >Can anyone else dig back into why we/they put up with this crap. A point
by
> >point rebuttal of postings is not necessary. Just post a single point of
> >relevance/interest if that is all that comes to mind. Someone else can
> >later summarise and we can all argue over any "conclusions" : -)
> >
>
> I will get my tame expert to have a dig around, I seem to remember
> that she has some material on this somewhere, I will also get her to
> have a read through this thread, and see what she has to say.
>
> >Cheers,
> >
> >Squeakie
> >
> >Postscript: Football, our national sport?
> >Well someone once said that more people went *fishing* so perhaps this
> >bucks the trend!
> >
>
David
>The Germans were essentially demanding that Compuserve remove all
>porn/violence from the *worldwide* service, as the German laws against
>the aforementioned are some of the toughest in the world.
Bit of a dichotomy(sp?) that, considering most of the movies that are
obtained in vice busts originate in Germany.
>In the end (IIRC) it ended up with the Germans bringing an obscenity
>charge against Compuserve because they wouldn't take something away
>from the world just so Germany could have their way.
They did do that, but only because part of compuserve's system was based
in Berlin, a caching web-server/proxy and and a newsserver type system
both containing material that could be deemed pornographic (from the
reports I read, it seems that most of the complaints were about sites
stored on the proxy which were not under Compuserve's control anyway,
they had just been cached because a large number of horny compuserve
subscribers had wanted to view them :) ).
In the end, Compuserve just moved all their systems apart from PoPs and
mail-related systems out of Germany, ending the problem.
>Hmmm, I would say it would still be available - but a lot harder to
>obtain. Now you can search Yahoo for "Hacking" and get a long list of
>pages (admittedly mostly crap).
Could this be because the life of the site that contains new and
interesting stuff is very limited (with the exception of things like
rootshell and antionline)? Sooner or later the site will either be shut
down by the narcs reporting it, or by the ISP to avoid liability hassles.
>They get scared because we have the knowledge which they don't want us
>to have. What they aren't scared of, however, is that we'll distribute
>it to everyone becuase they know "everyone" just wouldn't care -
Or would use it to do r4d k00l things? This of course made with reference
to the phf exploit, which as has been mentioned earlier is next to
useless (apart from funny messages).
>Why is intelligence shunned? The "geek"/"nerd" image is applied to
>anyone who has intelligence above the norm (admittedly some deserve it
>;) ) but IMHO the label only fits absolute conformance with the rules.
>The media promote this image in childrens television, for instance, so
>intelligent kids are ridiculed, they hide their creativity and after a
Intelligent and "different" kids will always be ridiculed- simply because
to rise above the rest in any way draws attention to them. This is
probably always going to happen, look at Da Vinci, Copernicus and so on.
Extremely clever people, but they were not exactly taken seriously in
their time.
>[Grand Conspiracies in kids TV? heh.]
The only conspiracy I can see is that it is so dumb and pointless
nowadays, that it turns anyone watching it into dribbling cream-cheese
heads after not so very long. The same goes for most TV nowadays as there
are (or seem to be) fewer interesting documentaries than there were five
or six years ago. Even the once-excellent Horizon strand is for the most
part bloody stupid waffle for 50 minutes.
>So, 2 ex-phreakers, an early hacker and a hacker sympathiser have
>taken some of the top spots in the industry hall of fame...
I think this could be said to be true for most industries and activities.
It takes a special kind of person to reach the top and stay there, just
look at people like Rockerfeller, Edison, Brunel and so on. These could
not be considered normal people by any means and had a very exploratory
mentality, very similar to what can be found here.
>but in hack/phreaking what determines the best hacks/phreaks?
>Intelligence and knowledge first.
School does not require intelligence, it just requires you to know stuff
and not think. This is why I fail Chemistry exams repeatedly, because I
prefer to think rather than sit and memorise pages and pages of notes.
Knowledge is important, but it is not the only thing. Being able to think
allows you to create knowledge rather than just memorising the existing
facts.
>Science fiction is one of the only genres that will show what's
>happening, see the references I made earlier. The followers of scifi
>are portrayed as the stereotypical "Trekkie". No doubt there are
>people like that around, but how many people in here would say their
>favourite genre of fiction is Science Fiction? I'd guess about 9/10?
>
>The 5% of the population that would listen is still three million
>people - three million people of above average conciousness (and
>probably intelligence too) - the three million would spread the
>knowledge and gradually the system would be eradicated as people see
>past it.
>
>But what then?
>
>Many people could not survive without the system - neither could
>industry, economy, etc.
>
>What now?
>
>We would be in the position to gain the knowledge we desire so much,
>but with everyone seeking answers noone will be there to do the menial
>tasks such as building and maintaining the places we wish to explore
>(such as telephone exchanges ;) ).
>
>What would happen if the system was eradicated, would we (both as the
>human race and as the hack/phreak "scene") survive or just crumble and
>die?
>
>If the media does not make the decisions about how much to keep the
>general intelligence down then who does?
Those In Power, power being anything that gives you control over other
people, not necessarily just the government. For example, the salesperson
(PC...:o) would not wish for their clients (victims?) to be knowledgeable
about all the terms and conditions in that new Hire Purchase agreement,
as this would erode his "power" to fleece you out of lots of money.
>Discuss... :)
OK
Shall we assume for a minute that the system has been eradicated (this is
never going to happen, but anyway)? There would still be a vast number of
people who would be just dying to get back to being the spear-carriers and
water-bearers of whatever new society formed, because they would be too
afraid and unimaginative to do anything else. A new "upper" class would
form, probably nowadays it would be composed of the cleverer people rather
than the most homicidally insane. These people would be Those In Power, as
they would know everything that was going on, and would hence be able to
control the masses. Who for the most part, I think, are happy being lied
to, as they can cocoon themselves away from what is really going on, and
don't have to do anything frightening, like think.
Vortex man, you should right a book :)
-david
--
PGP Key and ICQ UIN available on request
Life these days is like being stuck up the proverbial highly polluted
shallow coastal waterway without a flat-bladed water manipulation tool.
Dave
<sarah.g...@sunderland.ac.uk> wrote:
>The 'Tame Expert' puts in her bit...
>( if all this has already been discussed please excuse me as I've only just
>joined in...)
>
Well. I have a few personal questions. Mostly aimed at you Sarah.
Firstly, why the particular interest in this group? I'm not trying to
nudge you elsewhere, I'm just looking for the perhaps intriguing
reason why you have decided to post these thoughts on such things
here.
Secondly, have you applied your educational perception to the use of
the 'net as a medium? what do you make of both the commercial and the
personal usage of the www and usenet? What do you make of the freedom
for the hackers and individual knowledge freaks that is available
here?
Also what do you make of the dead-head media (tv+sun:() portrayal of
the net as a communication + info exchange medium? Also of the lovely
dhm portrayal of the hackers/phreakers? -my personal opinion on that
one is that its natural for dumbo's to be scared of those that know
more than them, and also natural to try to prevent that knowledge
difference from being an access/power difference.
The most I'll say on your thoughts on the media, till we see others
reactions is that to me the problem is not making programs on
disasters/appeals with higher impact, its persuading people to _want_
to find out about the rest of the world. -persuade them to see that
their problems (how can I pay the phone bill etc) are nothing compared
to 'how do I keep my family alive through this year'. How about 'why
am I drinking coffe bought from a human rights abuser' etc.?
Finally what are (both) _your_ personal opinions on the morality of
hacking/phraking?
Please include your particular thoughts, to go with your educational
background knowledge.
later
D.J.
if (as I suspect you may) you get hassled for a subject that has not a
lot to do with technical knowledge of the phone system then (a)
rewrite your thoughts for relevance to phone phreaks/hackers, (b) try
www.dejanews.com to search for usenet conversations/groups that gel
with your interests, and (c) by all means email thoughts/questions to
me as the crossover of thought systems that has started this is deffo
of interest at least to me.
Don't be too easily scared off though, most of this group has some
opinions in your field. Just make it your unique beliefs rather than
generic course philosophy, and remember what we are about in this NG.
(well I should say 'they' - I'm an alien too!)
D.j.
red_mist
mailing list called 'church of virus' which discuses a lot of this. U
can visit the website at
http://www.lucifer.com/virus
there is a majordomo u can send message to but I can't remember the
address at the momenet. I've been on it for a while now and they always
have a few good discussions on there
--
Only the weak are blind when the mist descends
red_mist
Steve T
wrote:
>Well. I have a few personal questions. Mostly aimed at you Sarah.
>Firstly, why the particular interest in this group? I'm not trying to
>nudge you elsewhere, I'm just looking for the perhaps intriguing
>reason why you have decided to post these thoughts on such things
>here.
Sarah was posting in reply to some of the issues raised in the thread
by myself and others (i.e why do 9x% of the population watch soaps
etc), and because I asked her to.
>The most I'll say on your thoughts on the media, till we see others
>reactions is that to me the problem is not making programs on
>disasters/appeals with higher impact, its persuading people to _want_
>to find out about the rest of the world. -persuade them to see that
>their problems (how can I pay the phone bill etc) are nothing compared
>to 'how do I keep my family alive through this year'. How about 'why
>am I drinking coffe bought from a human rights abuser' etc.?
That was a point that Sarah and I were discussing which prompted that
post, discussing this (exceptionally valid) point is the next logical
step in the thread, but it was important (to me at least) to look at
some of the reasons why this 'ostrich' attitude is so prevalent, in
order to get a better handle on the various factors involved before
proceeding any further and looking at the H/P perspective and how this
relates to media/cultural/sociolgical variables.
>if (as I suspect you may) you get hassled for a subject that has not a
>lot to do with technical knowledge of the phone system then
>rewrite your thoughts for relevance to phone phreaks/hackers,
[Any hassle should go to me if anyone has a problem, see above.]
Blimey, there's an idea though,
How about it Gilly?, 'The social structures that define knowledge
boundaries and sense of personal responsibility within the general
populace are reinforced by mainstream media and it's subsequent effect
on mainstream culture and indvidual behaviour, how far can an
individual subvert these trends by applying knowledge of these factors
?'
I bet that would make your student's heads melt ;-) (Another Phd
idea?)
>Don't be too easily scared off though, most of this group has some
>opinions in your field. Just make it your unique beliefs rather than
>generic course philosophy, and remember what we are about in this NG.
>(well I should say 'they' - I'm an alien too!)
^^^^^^^^^^^^^^^^^^
Arrrrgh, so it's all true then, Aliens from space are taking over the
net. (Hmmm, crosspost to alt.alien.visitors anyone ?)
Blimey, this thread is getting really interesting.
Firestarter
when writing to them make it along the lines of:
"i herewith (<--yeah its stupid but they like that crap)request a copy,under
the FOIA regulations of documents relating to _________ If yours is not the
department to fulfill this request,i would be gratefull if you could
transfer my request.
Department of the Army:
Chief,FOIA/PA Division
US Army Information Systems Command
Crystal Square 2,Suite 201
1725 Jefferson David Highway
Arlington,VA 20350-2000
Department of Justice(yeah right!):
Office of Information and Privacy
FOIA Officer
Washington,DC 20530
Departmen of the Air Force:
11 MSS/IMS (FOIA)
Room 4A1088C
1000 Airforce Pentagon
Washington,DC 20330-1000
Federal Bureau of Investigation:
Department of Justice
FOIA Officer
Washington,DC 20535
Defense Intelligence Agency:
Mr Robert P.Richardson
Chief,FOIA Staff
Washington,DC 20340
Central Intelligence Agency (dont put the letters in the address):
Information and Privacy
Co-ordinator
Mr Lee S.Strickland
PO Box 1925
Washington,DC 20013
National Security Agency:
Central Security Service
FOIA Officer
Fort George G.Meade,MD 20755-6000
Department of the Navy:
Head,PA/FOIA Branch
Chief of Naval Operations
2000 Navy Pentagon
Washington,DC 20350-2000
their ya go,all american dominated as you can see but im sure if you ask
them to tell you of any english places they might be able to.
Firestarter
Sarah Gilligan wrote in message <01bdc894$d9b25520>subtitled+/ black and
white.
<alot of smart stuff snipped>
seems like we have some intelligent lurkers here.
Defiant
>their ya go,all american dominated as you can see but im sure if you ask
>them to tell you of any english places they might be able to.
on the TV last week. Its in London somewhere and no big secret, none of
them are, just the training areas are meant to be.
Defiant,
def...@cyberdefiant.demon.co.uk
www.cyberdefiant.demon.co.uk
-Life is just a dream on the way to death-
Steve T
<def...@cyberdefiant.demon.co.uk> wrote:
>On Sun, 16 Aug 1998, Firestarter [F] wrote....
>F>their ya go,all american dominated as you can see but im sure if you ask
>F>them to tell you of any english places they might be able to.
The UK doesn't actually have a Freedom Of Information Act yet, as it
is still passing through parliament. We are required to have one
under european law, but it has been suggested (by Private Eye) that
the current .gov.uk are trying to delay it or water it down.
>You can ask at your local police station. One of the MI? headquaters was
>on the TV last week. Its in London somewhere and no big secret, none of
>them are, just the training areas are meant to be.
Century house is (was?) one (MI6 I think) and there was an MI5
building on Gordon Street and one on Charles Street. They're
scattered all around whitehall apparantly. Perhaps the addresses of
some will be on their WWW site (www.mi5.gov.uk, I think). After
you've read that check out www.shayler.com. heh heh.
I suspect that as most MI5 types are just admin bods, translators and
analysts, they probably do most of thier training in house (wherevever
they are based in london).
However, if you go down to your local Army recruitment office and ask
about opportunities in intelligence, you will find out that after your
6 months Basic, you are sent to a base in Cheshire (Ashford[?], I
think, I can't remember, but I've got a map with it on, as we used to
go camping down there). Where you do your basic intelligence
training.
After this, you spend a minimum of three years in the Army, after
which you are allowed to apply for a transfer to MI5 or MI6.
The most interesting thing about this, is that one of the specialisms
described in the bumf (go and check it out) is something along the
lines of 'penetrating enemy computer systems'.
It would seem fairly likely that this is where MI5 get their field
officers from (or train them).
If you apply for a graduate position with the Diplomatic Corps, you
automatically recieve a recruitment pack from MI5 (I have actually
seen one, and it is piss funny, you realise that such things must
exist, but actually seeing one is a different matter). The one I saw
had a lovely photo of Stella Rimmington on the front page, and a load
of crap about MI5 don't do anything other than read foreign
newspapers. It also had a section which said that you should keep
quiet about the documents, but if it was you, what would you do? SHow
everyone of course (Look everyone, MI5 are trying to recruit me, I'm
gonna be a spy!!!!!).
One more interesting intelligence community bit, before I sign off.
MI5 (Hi guys, I hope you're enjoying this) can not actually arrest
you, if you are percieved as a national security risk, then MI5 will
put you under surveilance (and you will -not- have a clue that they
are), but when it comes time to bust you, they have to get a Special
Branch officer. (Hi guys, BTW your Manchester ports and airports crew
throw some fucking great parties)
Many things about the intelligence apparatus in this country aren't
exactly secret, they're just not widely known (which is a sneakier
way of doing the same thing, I suppose)
Steve T
>Vortex spake thusly in alt.ph.uk:
>
>V> The Germans were essentially demanding that Compuserve remove all
>V> porn/violence from the *worldwide* service, as the German laws against
>V> the aforementioned are some of the toughest in the world.
>Bit of a dichotomy(sp?) that, considering most of the movies that are
>obtained in vice busts originate in Germany.
Mmm, Berlin is the home of snuff movies, apparantly.
>V> In the end (IIRC) it ended up with the Germans bringing an obscenity
>V> charge against Compuserve because they wouldn't take something away
>V> from the world just so Germany could have their way.
>They did do that, but only because part of compuserve's system was based
>in Berlin, a caching web-server/proxy and and a newsserver type system
>both containing material that could be deemed pornographic (from the
>reports I read, it seems that most of the complaints were about sites
>stored on the proxy which were not under Compuserve's control anyway,
>they had just been cached because a large number of horny compuserve
>subscribers had wanted to view them :) ).
>In the end, Compuserve just moved all their systems apart from PoPs and
>mail-related systems out of Germany, ending the problem.
Not so. Earlier this year (june/july IIRC), Felix Somme, Genearl
Manager of Compuserve Germany, who was indicted (and resigned) in
april last year on 13 counts of distributing online pornography and
"other illegal material" [??], was given a two year suspended
sentence.
This was despite the fact that the prosecution changed it's mind half
way through, and requested that the charges be dropped.
The judge responsible for this atrocity was Judge Willhelm Hubbert.
>V> [Grand Conspiracies in kids TV? heh.]
>The only conspiracy I can see is that it is so dumb and pointless
>nowadays, that it turns anyone watching it into dribbling cream-cheese
>heads after not so very long. The same goes for most TV nowadays as there
>are (or seem to be) fewer interesting documentaries than there were five
>or six years ago. Even the once-excellent Horizon strand is for the most
>part bloody stupid waffle for 50 minutes.
I'd noticed that, definietly less high quality docu stuff, but this is
easily explained by the internal reorganisation of the BBC under Sir
John Birt, who in my opinion, is an evil bastard and should be
publically hung.
Basically, aunty beeb is 'dumbing down' their output, on the premis
that what the licence payers want is more 'quality drama' (hmm, not
much of that about) and less news/docu etc. If you feel as offended
by this assumption as I do. Please wite to the BBC (the address is on
their website) and tell them so.
Also, most of the serious news/docu output is going over to BBC
Digital (a la BBC 24 Hour News, etc). Which is going to be promoted
very agressivly, beacuse JB has spent a ridiculous amount of money on
it.
Also, those in government who are promoting the rush to Digital TV and
the sale of the old analouge bandwidth to cell phone companies etc,
have financial interests in the comapnies most likely to profit from
this.
[For a good read on this see about the last 6 months worth of Private
Eye, I'll dig some facts up, and post them here in a while]
>School does not require intelligence, it just requires you to know stuff
>and not think. This is why I fail Chemistry exams repeatedly, because I
>prefer to think rather than sit and memorise pages and pages of notes.
>Knowledge is important, but it is not the only thing. Being able to think
>allows you to create knowledge rather than just memorising the existing
>facts.
Yeah, anyone can pass their GCSE/A-Levels if they are prepared to
devote a large portion of their life to memorising huge chunks of
fairly arbitrary and often useless and/or inaccurate information.
It bugs ne that anyone with an open, enquiring mind will alomost
certainly perform badly in the current education system, as it favours
those who simply shut up an do what they're told, and learn what
they're told.
Creative thinking was more or less banned at my high school, as it
usually led to a breakdown in discipline (pupils starting to ask
'why', and questioning the authority of teachers, etc)
>V> We would be in the position to gain the knowledge we desire so much,
>V> but with everyone seeking answers noone will be there to do the menial
>V> tasks such as building and maintaining the places we wish to explore
>V> (such as telephone exchanges ;) ).
>V> What would happen if the system was eradicated, would we (both as the
>V> human race and as the hack/phreak "scene") survive or just crumble and
>V> die?
>Those In Power, power being anything that gives you control over other
>people, not necessarily just the government. For example, the salesperson
>(PC...:o) would not wish for their clients (victims?) to be knowledgeable
>about all the terms and conditions in that new Hire Purchase agreement,
>as this would erode his "power" to fleece you out of lots of money.
This is a very good point, thes kind of agreements (contracts) that
you are referring to here are known as 'Standard Form Contracts'.
What this means is that the person who puts the contract together
offers a standard set of Terms and Conditions to all their customers.
This doesn;t sound so bad, but it takes away any power the customer
has to negotiate their own terms, it is, effectively, a take it or
leave it situation. When all businesses do this (and most do now) the
consumer has very little power, as you can't go and find someone who
will tailor the cobtractual terms to your indivdual needs, so you are
forced to sign an SFC, agreeing to Ts+Cs that you might not lie, or do
without that product/service alltogether.
ALWAYS read ALL of any contract you sign, this is a must. I get
hassled for this all the time, but since doing law at A-Level, I will
not sign anything that I have'nt fully read.
>V> Discuss... :)
>OK
>
>Shall we assume for a minute that the system has been eradicated (this is
>never going to happen, but anyway)? There would still be a vast number of
>people who would be just dying to get back to being the spear-carriers and
>water-bearers of whatever new society formed, because they would be too
>afraid and unimaginative to do anything else. A new "upper" class would
>form, probably nowadays it would be composed of the cleverer people rather
>than the most homicidally insane. These people would be Those In Power, as
>they would know everything that was going on, and would hence be able to
>control the masses.
That depends on what we mean by 'eradicating the system'. The power
structures within our society now are hierarchical, but this is not
the only alternative.
Obviously, if you just topple the system, and don't replace it with
anything, then there will be a breakdown of society, and eventually,
simmilar power structures will form exactly as you say.
However, if there was a way of putting in place -different- structures
that would effectively perform the essential functions of the
original, this need not be the case.
Firstly you would need to know which of the functions of the existing
structures were essential (ie infrastructure management, economic
management etc) and then you would need to construct a new structure
which was capable of performing these functions, but was more
efficient and more beneficial to your J.Random Public, and (the really
hard part) avoids the social structuring that leads to people being
afraid/unable to think for themselves.
This is of course, incredibly difficult, and AFAIK, all attempts to do
this (ie 'Communism' and/or Marxism/Leninism) have failed, mostly
quite spectacularly.
IIRC this is the original idea (Bakunin, I think) behind Anarchy,
which does not mean 'without order', but 'without leader' (ie
Decentralised authority, as in networks, see where this is going ?)
There is a fairly good treatment of this in Distress by Greg Egan
(bang on right about Sci-Fi Vortex!), which is a lot easier to read
than Bakunin (or marx, or trotsky, etc)
>Who for the most part, I think, are happy being lied
>to, as they can cocoon themselves away from what is really going on, and
>don't have to do anything frightening, like think.
This is the thing that frightens me the most about society today.
>Vortex man, you should right a book :)
If this thread keeps going, we might get a book out of it ;-)
Sarah Gilligan
the reply to Dave's questions to the group.. Here goes:
----------
> From: Dave <david....@virgin.net>
> Firstly, why the particular interest in this group? I'm not trying to
> nudge you elsewhere, I'm just looking for the perhaps intriguing
> reason why you have decided to post these thoughts on such things
> here.
Well...
In his message, Steve T, had put:
> I will get my tame expert to have a dig around, I seem to remember
> that she has some material on this somewhere, I will also get her to
> have a read through this thread, and see what she has to say.
.... Well I am Steve's Tame Expert.. and via this wide ranging role, I
have
developed an outsider interest in both Hacking / Phreaking - both in terms
of activities undertaken but mainly as an overall outlook on life - so I
do occasionally read postings to this newsgroup, but due to my lack of
actual personal knowledge / experience feel, I have no place to contribute.
I suppose its kind of voyeuristic - joining in on a mental level without
touching....
Steve had suggested I had a read of this current thread - and decided to
hedge my bets and put my bit in. As an academic I find it interesting how
'outsiders' ( i.e those not trapped with me in the 'Ivory Tower') view
effects theories, and also real people's views on media usage (or lack of).
> Secondly, have you applied your educational perception to the use of
> the 'net as a medium? what do you make of both the commercial and the
> personal usage of the www and usenet?
Personally, I love the concept of the net - of all that information out
there, and the notion of virtual communities - being about to share
interests / information - interact with people no matter how bizarre their
interests - where (one could argue) many prejudices go out the window -
race, age, class, gender, disability - you are seen in terms of that shared
interest rather than a physical / culturally defined self. Related to
academic theory - to me its a case study example for uses and
gratifications - selecting for your own purposes - using it to further
define / refine an identity.
Also the notion of 'potentially' being able to find anything you want, and
especially as a learning resource. I can't get my students to read printed
media - such as newspaper articles, journals, book extracts - but I can get
them to read the same and higher levels of material on the net - heavy
academic material - which to me links to the idea of the net as more
interactive and stimulating than traditional media forms.
What drives me mad though is the apparent lack of structure - which I know
is changing - but spending hours and not being able to get to what I want.
This links into the commercial side - the apparent shear volume of sex
related sites - yes if you are going to argue that the net caters for all
tastes, freedom of information etc etc then yes it has its place - but I
get annoyed that it seems to be there when you don't want it - almost as an
attempt to tempt you to look.
Ideally I'd like the commercial use of the net to be less apparently
dominating - to be able to access more personally authored material - the
idea of being able to be 'published' on the web - sharing information for
the sake of sharing information without financial gain. One could argue
that with the increase in entry level HTML authoring tools and the ability
for packages like MS Office to convert files assists in widening the
prospect of more people putting material on web pages - but then there is
the cost aspect - in order for me to put stuff on the web with little
personal cost I have to put in on a advertising sponsored site such as
Geocities - thus spinning around in a vicious circle....
What do you make of the freedom
> for the hackers and individual knowledge freaks that is available
> here?
Although I may not be a hacker type - I can relate to the information
junkie syndrome - the temptation to loose myself forever in front of a
screen in search for more and more information is mainly halted by my
inability to pay the resulting phone bill ! I have few problems with the
notion of 'freeing' information and of the notion of hacking - where I do
have the problem is how that power / information is then used, if that
information is used in a vindictive way and disrupts 'innocent' peoples
lives.
> Also what do you make of the dead-head media (tv+sun:() portrayal of
> the net as a communication + info exchange medium?
Drives me mad that many seem to miss that the net is a 'medium' for
transmitting information - you get all the internet is evil... with little
explanation that the internet is no more evil than a pen and paper, it is
the content, produced by people arguably in response to a demand that is
the potential problem - but I suppose its yet another way of creating
'otherness' defining ourselves by what we are not - place the blame on
machines and it stops us looking at our own motivations / darkest desires
too closely
Also of the lovely
> dhm portrayal of the hackers/phreakers?
Once again the hacker becomes 'other' an outsider, focus on the 'criminal'
element and the notion of them as 'bad' and in theory makes them seem
unappealing - hmmm think the media get it wrong there - hence presumably
the attraction of the hacker persona for those who don't / don't want to
fit into the normal pigeon hole - for instance my angsty teenage brother !
Films like 'Hackers' could be seen to take bits of the 'politics' and
ideologies of Hacking, take out the 'computer nerd' stereotype ( arguably
see the lad who puts a gun to his head in Pump up the Volume) and replace
it with a variety of 'not conventionally attractive, but attractive in an
attitude kinda way' people in nice clothes and with fetish-y laptops and
hey presto hacking becomes trendy in a 'its trendy to be alternative' -
every fresher wearing Doc Martins type of way...
..
>
> The most I'll say on your thoughts on the media, till we see others
> reactions is that to me the problem is not making programs on
> disasters/appeals with higher impact, its persuading people to _want_
> to find out about the rest of the world. -persuade them to see that
> their problems (how can I pay the phone bill etc) are nothing compared
> to 'how do I keep my family alive through this year'. How about 'why
> am I drinking coffe bought from a human rights abuser' etc.?
>
I totally agree... but still don't know how to do it - I tend to end up
arguing the case for education rather than mass media - using the mass
media to support a wider aim of education - whether that be in a formal
teaching environment or like the benefit / awareness gig the Beastie Boys
did to raise awareness of the problems in Tibet - Thus I tend to argue for
a more effective / wide ranging use of appealing 'medium' - not ness'
sugaring up - but finding a method to get people to listen.
> Finally what are (both) _your_ personal opinions on the morality of
> hacking/phraking?
Like I said earlier - in principle I agree, but I'm the last of the fluffy
idealists - I'd like for a Robin Hood approach as opposed to a selfish
greed - using the knowledge and power for the benefit of others rather than
destructive.
But I'm just a voyeur !
And now I'm off to leave you all to it..... Sorry if my contributions have
annoyed anyone through this perhaps not being the place for them.... Sarah
---------------------------------------------------------------------
email: sarah_g...@hotmail.com
sarah.g...@sunderland.ac.uk
Harm
> Vortex man, you should right a book :)
>
> -david
If he did I'd sure as hell read it. Hey, good idea, alt.ph.uk: a novel.
Everyone could add a chapter or two.
Harm
Michael McCormack
Sarah Gilligan wrote in message
>The 'Tame Expert' puts in her bit...
>A bit of blurb on Media effects..... Media Effects theories have been
>developed in the theoretical side of Media Studies ( as opposed to training
>wannabe film makers) which as a subject is incredibly multidisplinary -
I find this fascinating. Like most "media creators", I've only ever learned
about three rules to judge the value of a story - but I'll get to that in a
minute.
>They developed mainly from a mixture of
>behaviorist approaches - e.g. - American military investigating how
>'effective' their propaganda films were, and more Marxist 'ideology and
>hegemony' approaches such as those proposed by the Frankfurt school (
>Adorno, Marcuse and Horkhiemer - who were Jews who took as their starting
>point the ways in which Hitler 'used' the Media - and why his ideas were
>accepted / 'popular' with some.)
If I remember rightly, the military studies took an oddly idiographic
stance - weren't the Frankfurters the first attempt to try a nomothetic
study of propaganda effects? Anyway, I've never been convinced that one can
argue from propaganda to democratic media - one assumes primacy of the
agenda, the other has a fuller set of motivations competing for dominance.
>As Steve T, proposed - the idea that the Mass media communicate directly
>with the mass audience - that the 'masses' are passive in their use of the
>media, believing everything they are told - this was the model most adopted
>by American theorists ( and the Daily Mail when it comes to Violence and
>the Media 'debates).
Not since the 50s. This belief is unknown in American newsrooms and untaught
(as far as I can tell) in modern journalism studies except as an historical
artefact. The Daily Mail believes there is a small proportion of the
population who will believe anything they are told. So does Uri Geller.
Let's not argue from the specific to the general when the Mail has taken
such pains to point out they are describing an exceptional minority.
>In the UK though theorists argue that there is a more active relationship
>with the text.....
>Uses and Gratifications theory - argues that we use the media to gratify
>'needs' - there can be seen to be four main types of 'need' gratified by
>individuals use of the media:
If you'll allow me to narrow this to newspapers, I can see some of the
arguments for and against these points more clearly. (I have the traditional
view of other media - they're made by people who couldn't cut it in print.
(Sorry, anyone from a visual/sonic medium))
>1: 'Diversion' - escape from the constraints of routine, escape form the
>burdens of problems, or as emotional release.
Half of this one I believe wholeheartedly. I spend every day looking for the
exceptional and I get paid to find it. I'm not sure that "diversion" is a
good description of the reader's motivation for reading it - I think it has
more to do with your points 3 and 4.
>2: 'Personal relationships' - companionship, social utility
Yes, again. I write differently for the Telegraph than I do for the Mail or
the News of the World. There is a constant attempt by editors to show who
does and does not agree with our readers' assumed worldview.
>3: Personal identity - personal reference, reality exploration, value
>reinforcement
>4: Surveillance - need for information in our world
Very tightly interwoven. The editor's job is to decide which stories in
which length best serve these needs. For example, the Sun's front page
usually holds more political stories than any other tabloid (20 years ago it
would have been the Mirror) but they're much, much shorter than what a
broadsheet would write about them on page 16.
>In addition to such theories there are those such as multi step flow which
>argue for the impact of opinion leaders - whether they be part of the
>ideological state apparatus ( teachers, police, 'institutions',
>government...)
Again, this assumes the existence of an agenda which has primacy in the
media creator's mind. I would argue that the close study of a newsroom might
consign this theory to the bin.
>or on a more personal level someone's peers in 'filtering'
>information - and 'helping' people decide what issues are important.
>Therefore people may look to their peers / opinion leaders for a version of
>what is going on in the world rather than looking to established mass media
>forms - for instance a family in Northern Ireland - may look to their local
>opinion leaders for information on the latest 'confrontation', rather than
>to the national news as that may not contain the 'version of events' that
>they are looking for.
>(linking in with Steve's idea of feedback theory.. )
This is widely practiced under the banner "news you can use". It is slowly
being abandoned as an operational model becuase the readers/viewers don't
seem to like it. I understand that bad implementation of a theory can result
in its seeming invalidation, but falling circulations among the papers that
have tried it make me a lot less comfortable with the feebdack notion than I
was five years ago.
<soap opera discussion snipped>
>And as for why 'people' don't watch 'serious' programmes - see above -
>and... there is the notion of the visual style of such genres. In order
>for programmes to be deemed 'serious' and worthy and objective and all
>that, there has developed a specific visual style, that of the anchor (
>often middle aged man) sat facing camera with very little stimulus in the
>background - now all you out there may shout back - but if the sound was
>switched off the television - would such an image intrigue you enough to
>watch the programme. hmmmm... Yes the content may be interesting (to some)
>but the visual style bloody isn't ! Hence one can argue the rise of people
>like John Snow who have a presence who make it visually more interesting
>and therefore capture peoples attention.
This begs the question - how many people actually need "serious programmes".
If we accept that there only are about 10,000 people in Britain able to make
any effective changes to society or our daily lives, should it matter that
"serious" programmes, "serious" magazines and "serious" newspapers are
visually, logically, or contextually unattractive to the rest? Democracy
doesn't imply functional equality. Further, if that 10,000 is the target for
serious programming, why has that format been chosen to appeal to them? The
answer to that, I think, effectively rubbishes the notion that any
programme/publication has more than sectoral appeal.
>Also.. unless you have the time to spend you life searching and
>interpreting information ( which many people with jobs and families don't)
>it is difficult to gain intellectual access to the information - because
>such 'serious' programmes assume a level of pre existing knowledge - if you
>haven't got it then the stuff under discussion is often meaningless, and
>there isn't supporting visual material to make it interesting enough to
>make you stick with it...
Again, the Telegraph knows its maximum circulation in Britain is probably
about 2 million. The Financial Times might say 800,000. The News of the
World knows it will probably never print 9 million copies a week again. A
publication's audience can often be defined by the people it chooses not to
speak to.
>Also due to the low viewing figures such programmes are often put in the
>graveyard slot - when real people with jobs are usually trying to go to
>sleep or having sex...hmmm given a choice - "Midnight Hour" or sex....
It's sooo tempting. Must.. not.. make.. pun..
>But what do I know ???
Quite a bit, I'd say, so I'd like to ask some questions your comments above
didn't address.
Most of what you've written oulines how a news organisation attempts to
serve its readers' needs and indicates how feedback theory has influenced
those attempts. "Uses and Gratifications" is a good, workable model of how a
reader interacts with a paper but leaves a lot of questions unasked, many of
them pertinent to the readers of this list.
Two examples:
1. Alec Muffett releases a new version of Crack. Telegraph (ok, me) reports
how security officials say they wish he hadn't. Shit hits fan among hacker
community.
2. Around the same time, Telegraph contributor make deliberate decision to
put a hacking story into the paper at least ever couple of months. Telegraph
never once varies its pro-law-and-order approach to the subject. Hackers
begin to see Telegraph as not a bad place to read about hacking.
The paper's "agenda" never moved - it thinks people should obey the law and
suffer the consequences when they don't. I don't see that the hackers'
agenda moved much in the same period either. The Telegraph hasn't persuaded
any hacker not to break the law. The hackers haven't persuaded the Telegraph
that the law is wrong.
Clearly hackers are reading the Telegraph for the reasons you outlined
above: personal identity, surveillance, personal relationships. But why did
the Telegraph choose to run the stories? I can't find an answer within the
structure you described.
I think the answer lie in a production model of media, one that ignores the
post-facto analyses that academics are given to.
News hacks have only five interests: money, sex, crime, power and football.
We look for behavioural exceptions that involve at least one of these
subjects. Once we've found them, we do employ variations of the need
analysis you describe to decide how much space/time to give them: how useful
is this to know, how entertaining is it, what peculiar appeal does it have
to our target audience. We also apply aesthetic criteria to the story to
decide what we can say about ourselves by running it. But the basic
description of "a story" is the same for everyone - it's the top two lines
of this paragraph.
By our criteria, the hacking stories were naturals for the Telegraph, long
before it was possible to employ any of the models you have described. Your
models serve to define the length and line of the stories, but they're not
necessarily all that useful in establishing whether or not the story should
be run. So, here are my questions:
What models exist to describe how a newpaper goes about choosing stories on
a given day?
Given that most traditional media are push-model, that no-one reads the
letters pages and that we don't, as a rule, market test, how does feedback
really apply to that decision-making process?
To what extent do theories of content acknowledge the existence of competing
agendas on the production side and heterogeneous agendas on the consumption
side?
How tightly is "surveillance" defined and how is it kept from becoming a
purely idiosyncratic or phenomenological expression?
Thanks for such a wonderfully analytical and informative post. I do hope
you'll find time to answer these questions. The theory and practice of
journalism too often find they have nothing in common.
Michael McCormack
Editor, Insider Technology
mon...@insider.co.uk
Steve T
<mon...@insider.co.uk> wrote:
Before I get going, thanks for a wonderful post Michael, it's
wonderful to see a real life journo getting involved in this debate,
and I'm sure that Sarah will be well chuffed.
>If I remember rightly, the military studies took an oddly idiographic
>stance - weren't the Frankfurters the first attempt to try a nomothetic
>study of propaganda effects? Anyway, I've never been convinced that one can
>argue from propaganda to democratic media - one assumes primacy of the
>agenda, the other has a fuller set of motivations competing for dominance.
Which is why the Hypodermic theory is flawed
> SG> As Steve T, proposed - the idea that the Mass media communicate directly
> SG> with the mass audience - that the 'masses' are passive in their use of the
> SG> media, believing everything they are told - this was the model most adopted
> SG> by American theorists ( and the Daily Mail when it comes to Violence and
> SG> the Media 'debates).
>Not since the 50s. This belief is unknown in American newsrooms and untaught
>(as far as I can tell) in modern journalism studies except as an historical
>artefact. The Daily Mail believes there is a small proportion of the
>population who will believe anything they are told. So does Uri Geller.
>Let's not argue from the specific to the general when the Mail has taken
>such pains to point out they are describing an exceptional minority.
This is still taught on most media/culture course in the UK AFAIK,
although no one is suggesting that it works, Sarah in particular, uses
it as a model to provoke her students into arguing that the
relationship between media and society is more complicated than that.
<snip Uses and Gratifications stuff>
> SG> In addition to such theories there are those such as multi step flow which
> SG> argue for the impact of opinion leaders - whether they be part of the
> SG> ideological state apparatus ( teachers, police, 'institutions',
> SG> government...)
>Again, this assumes the existence of an agenda which has primacy in the
>media creator's mind. I would argue that the close study of a newsroom might
>consign this theory to the bin.
I don't think that the multi step flow theory suggests any media
agenda (although I'll get to that), the 'opinion leaders' could be
anyone, the bloke down the pub, a parent or sibling, friends, or
someone at the office. In any social grouping there is generally at
least one person who could be considered to be the 'opinion leader'.
So, as an example, I read a story in the newspaper about a chemical
spill whcich is killing wildlife (crap example, but there you go), and
I go to work thinking "mmm, thats bad" and talk to my colleagues about
it. The office 'opinion leader' says something like "It's not so bad,
they know how to clean it up, so it will be OK", and when I go home,
thats what I think too.
Multi step flow merely argues that an individual will recieve a number
of influences from one or more (possibly disparate) sources, which
will effect their interpretation of the information the recieve
through the media. I think of it like a networked, interactive game
of chinese whispers.
Talking about TV newsrooms and agendas, did you -see- the BBC evening
news last night [SUNDAY 16]? Their use of language suggested very
much that they -were- working to an agenda, even if it -is- one that
most people would agree with.
>This begs the question - how many people actually need "serious programmes".
>If we accept that there only are about 10,000 people in Britain able to make
>any effective changes to society or our daily lives, [......]
Hmmm, I can see this turning into a semantic arguement, but here goes.
OK, This depends on how you define 'able to make any effective changes
to society...'. If you mean the legislature who have statutory
authority to make changes, and the powerful financial interests that
do it wheter we like it or not (Zenneca, Monsanto, etc) because they
have vast amounts of money to throw around (a great deal of which goes
towards influencing the legislature) then yes, there are only about
10,000 (probably even less).
But in saying this, you are effectiviely writing off any individual or
group which wishes to make changes, you are effectively saying, these
10,000 shall have the power, and everyone shall be powerless
> [.....] should it matter that
>"serious" programmes, "serious" magazines and "serious" newspapers are
>visually, logically, or contextually unattractive to the rest?
So only this powerful clique of 10,000 are allowed access to hard news
and information, and everyone else can just switch off and watch
corrie, thus allowing the ruling elite to manipulate our lives without
any interference or resistance from us.
I might be taking you wrong, but this seems to be what you are trying
to say. Do you believe this -should- be true, or merely that it -is-
true ?
>Democracy doesn't imply functional equality.
No political system implies 'functional' equality, someone always has
to be the toilet cleaner, but that isn't the point. Democracy (from
the greek 'rule of the people') implies that anyone living in one has
a right to say what happens within it. Obviously this right is not
absolute, as there will be conflicting opinions.
So while Democracy doesn't imply functional equality, it certainly
implies informational equality and equality in the decision making
process.
(Obviously we don't have any such thing, because we dont have a
Democracy, we have a 'Representative' Democracy which is a different
thing alotgether in theory, and totally unrecognisable in practice,
but I won't get started on that, or I'll be typing for hours)
So if Democracy implies this kind of equality, then it is just as
important for -everyone- to well informed.
<snip>
>Two examples:
>
>1. Alec Muffett releases a new version of Crack. Telegraph (ok, me) reports
>how security officials say they wish he hadn't. Shit hits fan among hacker
>community.
>2. Around the same time, Telegraph contributor make deliberate decision to
>put a hacking story into the paper at least ever couple of months. Telegraph
>never once varies its pro-law-and-order approach to the subject. Hackers
>begin to see Telegraph as not a bad place to read about hacking.
>The paper's "agenda" never moved - it thinks people should obey the law and
>suffer the consequences when they don't. I don't see that the hackers'
>agenda moved much in the same period either. The Telegraph hasn't persuaded
>any hacker not to break the law. The hackers haven't persuaded the Telegraph
>that the law is wrong.
You are trying to extrapolate the sociological impact of the entire
media spectrum from one single print news story.
Of course the Telegraph didn't change it's corporate opinion, or the
Hackers theirs. This type of change takes years.
>Clearly hackers are reading the Telegraph for the reasons you outlined
>above: personal identity, surveillance, personal relationships. But why did
>the Telegraph choose to run the stories? I can't find an answer within the
>structure you described.
Erm, no, you definitely seem have misunderstood something, why should
models of the media's impact on society explain which stories the
Torygraph (oops, did I say that) decides to use to boost it's
crumbling circulation.
>I think the answer lie in a production model of media...
<snip slander to academics>
>News hacks have only five interests: money, sex, crime, power and football.
>We look for behavioural exceptions that involve at least one of these
>subjects.
I thought you said that there was no agenda, that sounds like an
agenda to me.
>Once we've found them, we do employ variations of the need
>analysis you describe to decide how much space/time to give them: how useful
>is this to know, how entertaining is it, what peculiar appeal does it have
>to our target audience.
You examine the interests of the target audience, but you -don't- do
any audience research, therefore for any given story, it's relevance
to the target audience is decided by the editorial body, which get's
it's opinions from personal experience and media exposure, ie feedback
and/or multi step flow models, so it would seem that one or more of
those models -do- in fact explain the decision to run the story.
>By our criteria, the hacking stories were naturals for the Telegraph, long
>before it was possible to employ any of the models you have described. Your
>models serve to define the length and line of the stories, but they're not
>necessarily all that useful in establishing whether or not the story should
>be run.
I still have a feeling that you've deeply misunderstood something,
none of these models are intended to do any such thing, they are
models for examining the impact of media on society, not how the
Telegraph editorial team do their job. I agree that these issues are
part and parcel of the same overall picture, but the aim of the models
that Sarah was describing is to examine the -macroscopic- level, not
the -micrscopic-. As far as the microscopic goes, you're the man who
knows, as that's the level that you operate at, you are actually
involved with media production, so if anyone has the answers to these
questions, it's you.
>Given that most traditional media are push-model, that no-one reads the
>letters pages and that we don't, as a rule, market test, how does feedback
>really apply to that decision-making process?
-I- read the letters pages.
<snip hard questions>
<mass rant>
You stated that the Daily Mail claims to represent the minority, I am
afraid this is simply not true. My parents have read the Daily Mail
for my entire life, and I can clearly recall a number of occasions
where the Mail has claimed to represent 'the moral majority' or "the
majority of right thinking moral people", in it's editorials. You
will never convince me that this newspaper is anything other than a
steaming heap of blinkered, middle class, excrement, which shows it's
agenda in every article, on every page, and in every offer of free
Princess Diana Scented Candles to every reader. The Daily Mail never
encourages debate about issues, it always gives it's readers a moral
decision to save them from having to make one themselves, as far as it
is concerned, the DM is always right. I will leave it at that, and
not go into the issues of hypocrisy, exploitation or other appaling
behaviour that has been evident at the Mail, if anyone want's to read
about it they can subscribe to Private Eye
</mass rant>
Sorry about that, had to get it off my chest.
Firestarter
>The paper's "agenda" never moved - it thinks people should obey the law and
>suffer the consequences when they don't. I don't see that the hackers'
>agenda moved much in the same period either. The Telegraph hasn't persuaded
>any hacker not to break the law. The hackers haven't persuaded the
Telegraph
>that the law is wrong.
I wonder what Gail Thackeray would say about that......
hay gail!!! stop lurking and post!
David
>Not so. Earlier this year (june/july IIRC), Felix Somme, Genearl
>Manager of Compuserve Germany, who was indicted (and resigned) in
>april last year on 13 counts of distributing online pornography and
>"other illegal material" [??], was given a two year suspended
>sentence.
>
>This was despite the fact that the prosecution changed it's mind half
>way through, and requested that the charges be dropped.
>
>The judge responsible for this atrocity was Judge Willhelm Hubbert.
Ooops. I think I may have got confused with a solution that they were
considering or something. I lost track of the case when they stopped
following closely it in the San Jose Mercury, and, though I meant to, I
never got around to finding out what happened. Ooops, sorry people.
>Also, most of the serious news/docu output is going over to BBC
>Digital (a la BBC 24 Hour News, etc). Which is going to be promoted
>very agressivly, beacuse JB has spent a ridiculous amount of money on
>it.
Ah, the nub of the matter. Good old commercialism, which results in
everyone who doesn't actually want the new services getting royally
screwed in the ass. Again.
>[For a good read on this see about the last 6 months worth of Private
>Eye, I'll dig some facts up, and post them here in a while]
Heh, my newsagent doesn't actually carry it, which is a shame. I'll try
the website.
>ALWAYS read ALL of any contract you sign, this is a must. I get
>hassled for this all the time, but since doing law at A-Level, I will
>not sign anything that I have'nt fully read.
>Obviously, if you just topple the system, and don't replace it with
>anything, then there will be a breakdown of society, and eventually,
>simmilar power structures will form exactly as you say.
I thought that was what Vortex meant.
>This is of course, incredibly difficult, and AFAIK, all attempts to do
>this (ie 'Communism' and/or Marxism/Leninism) have failed, mostly
>quite spectacularly.
Mainly due to the corruption that will always be rife. I remember seeing
something like this on uk.local.nw-england, where it was said that if
there was a commune that had one person responsible for collecting eggs,
sooner or later they would likely start taking extra eggs if there were
not enough to go around.
>IIRC this is the original idea (Bakunin, I think) behind Anarchy,
>which does not mean 'without order', but 'without leader' (ie
>Decentralised authority, as in networks, see where this is going ?)
Hmmmm. Client/Server anyone? :)
Vortex
wrote:
>In article <35d4b217...@news.ukonline.co.uk>,
>vorte...@NOSPAM.innocent.com wrote:
> Farenheit 451 was in fact written by Ray Bradbury, who also did
>"Martian Chronicles" and "Something Wicked this Way Comes".
out of itself, Brave New World and 1984. 1984 is a lot more in-depth
than BNW and, IMHO, has a more solid plot. (BNW was more like a
diary/description of the society, while 1984 was in a more traditional
novel format)
Here's another interesting topic: Are science fiction writers
prophetic with their writing or does society follow science fiction
because the ideas are implanted by the stories and implemented by the
readers?
For example, look at 1984. It was written in 1948 yet "predicts"
wide-scale video surveillance, interactivity with televisual systems
(computers/interactive tv?) and even the Lottery - did Orwell
*predict* these things or were the talented designers of the
aforementioned given the original ideas from the scifi they read as a
kid?
Alec Muffett
"Michael McCormack" <mon...@insider.co.uk> writes:
> I find this fascinating. Like most "media creators", I've only ever learned
> about three rules to judge the value of a story - but I'll get to that in a
> minute.
Why, hello Michael, long time since we last crossed swords.
Being neither a sociologist nor an experienced media-arts person, I
don't believe that I am in strong a position to try and critique your
posting in depth (unlike most journalists I have met, I prefer not to
spout off about subjects I have encountered and formed views upon, by
phoning 'round half-a-dozen people) but I thought I should say that I
*do* really appreciate your choice of wording there:
"media creators"
...does sum it - the major forms of media - up for me, rather well;
selectively weaving a web to fulfill people's expectations of their
world view, rather than to challenge their knowledge and thinking.
My own approach to solving this is probably what you would describe as
a "cop-out" - ignore the print media, ignore all but the "hardest" TV
coverage, listen to world news services on shortwave and try and pick
up the gist of what is going on in the world, and then *think for
myself* and try and draw my own conclusions, rather than merely
frothing along in agreement with whichever pundit seems most
attractive and empathic to myself.
Of course, promotion of this sort of attitude *can* be scary to the
established media organisations - hence denigration as a "cop-out" -
because if everyone started demanding news shorn of comment and "human
interest", then there would be a hideous amount of dead space to fill
in the airwaves and on the newsprint.
Taking a cheap (but pertinent) shot, as I am permitted:
> Two examples:
>
> 1. Alec Muffett releases a new version of Crack. Telegraph (ok, me) reports
> how security officials say they wish he hadn't. Shit hits fan among hacker
> community.
Amazing how bad soundbite journalism can still sound years later.
As I remember our phone conversation, you (off the record?) told me
that you phoned around several sources of "security experts", and:
* Some actually said that they knew "Crack" already existed and lauded
it in private, although they couldn't say so publically for fear of
liability, and their management's ignorance.
* Others were under the impression that I was releasing a commercial
product which would have competed with their own market and
therefore they were honourbound to savagely attack it as a
"publicity stunt" to whip up attention.
One can only wonder how piss-poor ignorant and bad they must have
been at their jobs, not to know of a program which had been in
existence and on public release for over five years previously,
cited in several major books on the topic of Internet security.
...and further, as I remember, the shit not merely hit the fan in the
hacker community, but also in that of established security professionals;
perhaps you could plausibly - to the public - hide behind an excuse
that only "evil hacker doodz" hang out on USENET's comp.security.unix
and comp.security.misc groups, but you (and the public) would be
deeply wrong to do so.
It was small, but to me significant, comfort, to see your article and
your sources being flamed to high heaven by people whose achievements
in the field (of computing) I deeply respect, because even if you -
and the public - have no clue about who they are, you are almost
certainly, somewhere, utilising technologies that they created.
I reckoned that was about the best I could hope for; after all, that
is the way with creating media, isn't it?
1) promote minority viewpoints where they are reactionary
and in agreement with your target audience.
2) criticise minority viewpoints where they are radical
and in disagreement with your target audience.
3) go for shock value.
Or, in short: never let the facts challenge the way the punters think.
> 2. Around the same time, Telegraph contributor make deliberate decision to
> put a hacking story into the paper at least ever couple of months. Telegraph
> never once varies its pro-law-and-order approach to the subject. Hackers
> begin to see Telegraph as not a bad place to read about hacking.
>
> The paper's "agenda" never moved - it thinks people should obey the law and
> suffer the consequences when they don't. I don't see that the hackers'
> agenda moved much in the same period either. The Telegraph hasn't persuaded
> any hacker not to break the law. The hackers haven't persuaded the Telegraph
> that the law is wrong.
Ooh! I'm a victim of an media agenda! It's a conspiracy!
> Clearly hackers are reading the Telegraph for the reasons you outlined
> above: personal identity, surveillance, personal relationships. But why did
> the Telegraph choose to run the stories? I can't find an answer within the
> structure you described.
I'll give you one - "forget the big picture; shock sells papers".
- alec
--
# *** direct e-mail replies to the sender by replacing "ZZ" with "CO" ***
# alec muffett, oxford, uk - http://www.users.dircon.co.uk/~crypto/
# below: password cracker in one line of perl; echo guess | perl [args]
perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$c)=getpwent'
Defiant
>...and further, as I remember, the shit not merely hit the fan in the
>hacker community, but also in that of established security professionals;
>perhaps you could plausibly - to the public - hide behind an excuse
>that only "evil hacker doodz" hang out on USENET's comp.security.unix
>and comp.security.misc groups, but you (and the public) would be
>deeply wrong to do so.
but journalists have a way of "bending the truth". Many hackers follow
those groups, but I see mainly security professionals post there, and a
lot that are very well respected.
Also the media seems to have bent the term hacker, and modeled it into
what it believes a hacker is, but I won't go into that because we all
know what I am talking about.
Alec Muffett
>>that only "evil hacker doodz" hang out on USENET's comp.security.unix
>>and comp.security.misc groups, but you (and the public) would be
>>deeply wrong to do so.
>
In Michael's defense, I am not aware of his ever saying *that* -
however it seems to be the assumption that many journalists I have
since met have made, viz: that "real" and/or "respectable" security
people would never muddy their hands with USENET.
--
hard to love, hard to argue with, easy to hear from 5 miles away
Michael McCormack
Alec Muffett wrote in message ...
>but I thought I should say that I
>*do* really appreciate your choice of wording there:
>
> "media creators"
>
>...does sum it - the major forms of media - up for me, rather well;
>selectively weaving a web to fulfill people's expectations of their
>world view, rather than to challenge their knowledge and thinking.
That's fair more often than it's not. Newspapers are much more concerned
with profitability and identity than they are with education. Challenges
are, perhaps, not what anyone would expect from a daily paper on a daily
basis.
>My own approach to solving this is probably what you would describe as
>a "cop-out" - ignore the print media, ignore all but the "hardest" TV
>coverage, listen to world news services on shortwave and try and pick
>up the gist of what is going on in the world, and then *think for
>myself* and try and draw my own conclusions, rather than merely
>frothing along in agreement with whichever pundit seems most
>attractive and empathic to myself.
Begs the question, though, why do you trust the shortwave world news more
than you trust another media? I think I understand the reasons - it's more
neutrally analytical, it invites more contemplation, and it rarely works to
an obvious political or social agenda - but these are the same reasons it
can't make money. Journalism, whatever the Amercians believe, is first a
business and only occasionally a public service.
>Of course, promotion of this sort of attitude *can* be scary to the
>established media organisations - hence denigration as a "cop-out" -
>because if everyone started demanding news shorn of comment and "human
>interest", then there would be a hideous amount of dead space to fill
>in the airwaves and on the newsprint.
Good thing you said "established media organisations" - what you describe is
hack's paradise. It's only a nightmare to the accountants and publishers who
have to find a way to pay for it all.
>Taking a cheap (but pertinent) shot, as I am permitted:
Here we go...
>As I remember our phone conversation, you (off the record?) told me
>that you phoned around several sources of "security experts", and:
>
>* Some actually said that they knew "Crack" already existed and lauded
> it in private, although they couldn't say so publically for fear of
> liability, and their management's ignorance.
Liability yes, management ignorance no. Client ignorance, if I recall
correctly, was the fear.
>* Others were under the impression that I was releasing a commercial
> product which would have competed with their own market and
> therefore they were honourbound to savagely attack it as a
> "publicity stunt" to whip up attention.
Those that were under that impression were immediately told the
non-commercial nature of your work. The absence of a profit motive made them
even angrier.
> One can only wonder how piss-poor ignorant and bad they must have
> been at their jobs, not to know of a program which had been in
> existence and on public release for over five years previously,
> cited in several major books on the topic of Internet security.
I stopped wondering years ago. Professional, informed IT security advice is
a very uncommon thing.
>...and further, as I remember, the shit not merely hit the fan in the
>hacker community, but also in that of established security professionals;
>perhaps you could plausibly - to the public - hide behind an excuse
>that only "evil hacker doodz" hang out on USENET's comp.security.unix
>and comp.security.misc groups, but you (and the public) would be
>deeply wrong to do so.
At the time, I was impressed to see the volume of debate, not the quality.
The boundaries between academic and commercial thinking were made evident
very quickly. Your defenders, of which there were very many indeed, hailed,
for the most part, from academia (If I recall correctly - it has been a
while) where the free exchange of ideas is hallowed and one expects to
suffer the consequences of disclosure for the good of all. Commercial
security directors, as you might expect, saw it differently. And, to be
fair, so did at least one network security administrator at a reputable UK
university.
>It was small, but to me significant, comfort, to see your article and
>your sources being flamed to high heaven by people whose achievements
>in the field (of computing) I deeply respect, because even if you -
>and the public - have no clue about who they are, you are almost
>certainly, somewhere, utilising technologies that they created.
>
>I reckoned that was about the best I could hope for; after all, that
>is the way with creating media, isn't it?
For what it's worth, Alec, I think you became, briefly, a focal point for a
larger debate about freeware and its impact on comercially sensitive
software applications. You would not have been put in the position I placed
you if you had distributed a less commercially sensitive product. Let's not
confuse the media creator with the message.
> 1) promote minority viewpoints where they are reactionary
> and in agreement with your target audience.
Any chance you're available to edit the Daily Mail?
> 2) criticise minority viewpoints where they are radical
> and in disagreement with your target audience.
Or the Guardian's Referendum Party coverage?
>
> 3) go for shock value.
Or pick Jon Snow's ties?
>Or, in short: never let the facts challenge the way the punters think.
At least we agree that facts are useless without some form of
interpretation.
>Ooh! I'm a victim of an media agenda! It's a conspiracy!
Or it's the market at work. Both are attractive places to be martyred,
anyway.
>> Clearly hackers are reading the Telegraph for the reasons you outlined
>> above: personal identity, surveillance, personal relationships. But why
did
>> the Telegraph choose to run the stories? I can't find an answer within
the
>> structure you described.
>
>I'll give you one - "forget the big picture; shock sells papers".
Another point we agree on. If you drink bitter, we've got the makings of an
evening out.
>
> - alec
Alec Muffett
>Alec Muffett wrote in message ...
>
>>My own approach to solving this is probably what you would describe as
>>a "cop-out" - ignore the print media, ignore all but the "hardest" TV
>>coverage, listen to world news services on shortwave
>
>Begs the question, though, why do you trust the shortwave world news more
>than you trust another media? I think I understand the reasons - it's more
>neutrally analytical, it invites more contemplation, and it rarely works to
>an obvious political or social agenda
Very astute - pretty close to my own reasoning.
To me the bottom line is that, if you want the information at all,
eventually you have to get it from somewhere, and the world news
services do seem to be less propaganda oriented these days than they
were back in the late 70s and early 80s; moreover, you get to her
multiple sides of the same story, without the partisan bent; Radio
Sweden does some very good elemental coverage of British politics, for
instance, without much party-political boostering.
>- but these are the same reasons it
>can't make money. Journalism, whatever the Amercians believe, is first a
>business and only occasionally a public service.
Quite - I wish a few newspapers would come with labels to that effect.
>>* Some actually said that they knew "Crack" already existed and lauded
>> it in private, although they couldn't say so publically for fear of
>> liability, and their management's ignorance.
>
>Liability yes, management ignorance no. Client ignorance, if I recall
>correctly, was the fear.
Well, not expecting you to reveal your sources, I won't try pressing
for elucidation of that sentence; sounds rather like you were speaking
to a security consultancy which wanted to restrict their client's
access to information unless they were getting paid for it.
>>* Others were under the impression that I was releasing a commercial
>> product which would have competed with their own market and
>> therefore they were honourbound to savagely attack it
...
>Those that were under that impression were immediately told the
>non-commercial nature of your work. The absence of a profit motive made them
>even angrier.
And were they informed that they'd missed the boat several years earlier?
Or would exposing their ignorance of the extant state of internet
security tools (a) have made them angrier still, and/or (b) not be
part of a journalistic remit?
This reminds me of an earlier posting in this thread, which (to
paraphrase) implied what a scary thought it was, that people might
want to be spoonfed fluffy, non-challenging news, because they
actively do not *want* to have their world-view upset.
Alas I have for a long time believed this is the case, purely from my
experiences in diagnosing security holes in various networks and then
watching the fireworks when reporting them to the appropriate people
as "things which require fixing, fast".
Not infrequently I have been "held to blame", not for causing the
holes, but for finding them and requiring them to be fixed, causing
dis-satisfaction.
>> One can only wonder how piss-poor ignorant and bad they must have
>> been at their jobs, not to know of a program which had been in
>> existence and on public release for over five years previously,
>> cited in several major books on the topic of Internet security.
>
>I stopped wondering years ago. Professional, informed IT security advice is
>a very uncommon thing.
One wonders when you were struck by this blinding revelation, and
whether it was before you wrote your "Crack" article.
If so, why did you place enough faith in the commentary you sought
from your "sources", such that you then uttered it in your article?
>At the time, I was impressed to see the volume of debate, not the quality.
Can't say I was surprised, post-SATAN, post-COPS, post-Cracks v1-thru-v4;
when someone of the (apparently) reactionary mindset whips up a debate,
"all hell breaks loose" with astounding regularity.
>The boundaries between academic and commercial thinking were made evident
>very quickly. Your defenders, of which there were very many indeed, hailed,
>for the most part, from academia (If I recall correctly - it has been a
>while)
A lot of .EDU and research labs, there - possibly reflecting the
readership profile of USENET, of course - but also a selection of
American ISPs and "cool" SF-Peninsula companies where use of tools
like "Crack" is enshrined in company policy for checking security.
>Commercial security directors, as you might expect, saw it differently.
*SOME* commercial security directors, to be sure...
>And, to be fair, so did at least one network security administrator
>at a reputable UK university.
True, but one riled university admin doth not a firestorm of protest
make, especially when I think I can find several dozen who would have
backed me up, at the drop of a simple e-mail onto "uk-security".
You would find a few more nay-sayers, too, but the proportion would, I
think, lean heavily in my direction.
>For what it's worth, Alec, I think you became, briefly, a focal point for a
>larger debate about freeware and its impact on comercially sensitive
>software applications.
You flatter me, though I would love to hear your take on the impact of
(say) Linux, on the enterprise environment, where (eg:) some systems
administrators in the City are using it as a cheap server O/S - for
printer servers and the like - in defiance of their Director's bans on
use of "freeware" in the enterprise, ostensibly because it is
inefficient, insecure, illegal, unsupported, or whatever.
Just goes to show how out-of-touch some Corporate Directors can be,
with the way things actually *work* in their enterprise.
Hmm...
I wonder if that also goes for "commercial security directors" who
might pan release of a product like "Crack", out of ignorance of its
established function and existence?
> You would not have been put in the position I placed
>you if you had distributed a less commercially sensitive product. Let's not
>confuse the media creator with the message.
Well, thanks for acknowledging that you placed me in some sort of "position"
which was (presumably) foreign to me, and which I wished to avoid.
Working from this premise, one might then question the assertion that
put me into this position, viz: that I was behaving controversially
and/or possibly irresponsibly, in releasing an update to a functionally
trivial piece of code:
while [ you can read a word from a dictionary file ]
do
tweak it into several plausible mis-spellings
see if anyone is using one of these as a password
done
- which was neither high technology, nor indeed new, since the
original version came out in 1991. On these grounds, I can't really
see that the circumstances of the release of Crack 5.0 were really
important enough to engender that sort of publicity.
On the other hand, you should have no problem - should you ever need a
permanent job - of getting a position in the marketing department of
the Ford Motor Company.
With this experience, you should be able to reap pages of media
coverage, every time they redesign the ashtray on the Mondeo. 8-)
>>1) promote minority viewpoints where they are reactionary
>> and in agreement with your target audience.
>
>Any chance you're available to edit the Daily Mail?
Nah - my liver would never stand the stress...
>>2) criticise minority viewpoints where they are radical
>> and in disagreement with your target audience.
>
>Or the Guardian's Referendum Party coverage?
...and although of a libertarian tencency, I have little time for liberal
issues which do not directly intersect my sphere of interests.
Cynical, true, but focused.
>>3) go for shock value.
>
>Or pick Jon Snow's ties?
He must be one of those television newsreader people? Yes?
>>Or, in short: never let the facts challenge the way the punters think.
>
>At least we agree that facts are useless without some form of
>interpretation.
True, although I have a very short fuse for the interpretation of
"special correspondents"; if there's a war, and people are shooting
each other, I tend to consider it a bad-thing on principle ("a human
being is a terrible thing to waste") and I don't need someone to show
me about the privations of some select group of individuals who were
fortunate enough to get shot (getting shot) on camera.
Further, I suddenly get very edgy when the "special correspondent"
explains that the reason for this was that Country A supposedly sent
some troops into Country B's borderlands on a snooping mission, and
therefore Country B is retaliating by shooting everyone who has been a
pain in the neck for their government, and is declaring war on Country A.
It is never as simple as that.
Similarly, if Clinton gets a blow-job outside his marriage, I don't
really care what position he did it in, with whom, how many times,
what his wife is wearing, and what euphemisms the Americans are having
to come up with to avoid saying the word "fuck" on network television.
The important thing to me is that he is (a) doing a reasonably good
job at "Keeping the Free World Safe for Americans"(TM) and (b) doesn't
have to try nuking Cuba to cover it up.
I gather that the French have a rather amusing take on this sort of
thing, since infidelity seems to be a sanctioned part of political
life over there.
>>Ooh! I'm a victim of an media agenda! It's a conspiracy!
>
>Or it's the market at work. Both are attractive places to be martyred,
>anyway.
True, but some (myself included) would prefer not to be martyred at
the altar of corporate media, at all.
>>I'll give you one - "forget the big picture; shock sells papers".
>
>Another point we agree on. If you drink bitter, we've got the makings of an
>evening out.
Mine's a Pedigree for preference; Old Pec, BlackSheep ale, and Hook
Norton all welcome. Director's at a pinch. I seem to remember a
standing invite from some years ago.
- alec
Defiant
>however it seems to be the assumption that many journalists I have
>since met have made, viz: that "real" and/or "respectable" security
>people would never muddy their hands with USENET.
>
guess that makes them disreputable now ; ).
Michael McCormack
Alec Muffett wrote in message ...
>>Liability yes, management ignorance no. Client ignorance, if I recall
>>correctly, was the fear.
>
>Well, not expecting you to reveal your sources, I won't try pressing
>for elucidation of that sentence; sounds rather like you were speaking
>to a security consultancy which wanted to restrict their client's
>access to information unless they were getting paid for it.
Client ignorance more along the lines of: "Why am I paying you £X thousand
if you're going to go into print praising a product that could be used to
find security holes in my precious systems? Whose side are you on?"
>This reminds me of an earlier posting in this thread, which (to
>paraphrase) implied what a scary thought it was, that people might
>want to be spoonfed fluffy, non-challenging news, because they
>actively do not *want* to have their world-view upset.
I don't buy it. Death, doom and tragedy sell extremely well.
>Not infrequently I have been "held to blame", not for causing the
>holes, but for finding them and requiring them to be fixed, causing
>dis-satisfaction.
I'm awfully tempted to turn this argument back on you, Alec. There are
criticisms of the morality of releasing Crack widely. They are answerable
and, in my view, you've done all anyone could ask to answer them. Am I
entirely to blame for giving your critics a hearing or is it my job to do
that? We can argue forever about how balanced that piece was (judging from
the elapsed time, we may well do) but isn't there an argument that your
critics did deserve to have their opinions sounded?
>If so, why did you place enough faith in the commentary you sought
>from your "sources", such that you then uttered it in your article?
My definition of reliable may vary from the commercial market's. Whose
opinion is more widely sought, mine or theirs?
>>Commercial security directors, as you might expect, saw it differently.
>
>*SOME* commercial security directors, to be sure...
True indeed.
>True, but one riled university admin doth not a firestorm of protest
>make, especially when I think I can find several dozen who would have
>backed me up, at the drop of a simple e-mail onto "uk-security".
>
>You would find a few more nay-sayers, too, but the proportion would, I
>think, lean heavily in my direction.
I don't doubt it, Alec, but I suspect this has more to do with the
freeware/commerciality debate than it does with the moral choices being
debated.
>You flatter me, though I would love to hear your take on the impact of
>(say) Linux, on the enterprise environment, where (eg:) some systems
>administrators in the City are using it as a cheap server O/S - for
>printer servers and the like - in defiance of their Director's bans on
>use of "freeware" in the enterprise, ostensibly because it is
>inefficient, insecure, illegal, unsupported, or whatever.
If I told you I run Red Hat at home and Microsoft think I'm an agent of
Sun's, would that be enough clues?
>Well, thanks for acknowledging that you placed me in some sort of
"position"
>which was (presumably) foreign to me, and which I wished to avoid.
Public acts, public scrutiny.
>- which was neither high technology, nor indeed new, since the
>original version came out in 1991. On these grounds, I can't really
>see that the circumstances of the release of Crack 5.0 were really
>important enough to engender that sort of publicity.
New technology supplement, readers only then becoming acquainted with your
work... Importance is a loaded term, readability (commercial value?) is
probably more appropriate. And in my view, it was a good read.
>On the other hand, you should have no problem - should you ever need a
>permanent job - of getting a position in the marketing department of
>the Ford Motor Company.
I'm an Alfa man, actually, but I'm going to try to take that as a
compliment.
>>Or pick Jon Snow's ties?
>
>He must be one of those television newsreader people? Yes?
Yes.
>Mine's a Pedigree for preference; Old Pec, BlackSheep ale, and Hook
>Norton all welcome. Director's at a pinch. I seem to remember a
>standing invite from some years ago.
>
> - alec
Still standing.
Mike.
Defiant
>I'm awfully tempted to turn this argument back on you, Alec. There are
>criticisms of the morality of releasing Crack widely. They are answerable
>and, in my view, you've done all anyone could ask to answer them. Am I
>entirely to blame for giving your critics a hearing or is it my job to do
>that? We can argue forever about how balanced that piece was (judging from
>the elapsed time, we may well do) but isn't there an argument that your
>critics did deserve to have their opinions sounded?
releases a program to exploit it. The same questions came up with some
os the DoS attacks that route released the exploits for.
Since crack there have been loads of password crackers, its simple
process and anyone could make one with a little ammount of programming
knowlage.
David
>I don't buy it. Death, doom and tragedy sell extremely well.
Yes, but this news is still non-challenging, in that the media says
something along the lines of
"Oh gosh isn't such and such so terrible, and it must be prevented",
and promptly shows a load of gory pictures and lurid details. Whereupon
the masses nod their heads sagely and go right along with it. For an
example of this, look at the media circus surrounding the Diana incident.
The reason why such stuff sells well is that there is the voyeur in all of
us, causing is to slow down and gawp at motorway accidents, and bits of
third-world peoples who have got embroiled in a civil war. IMO of course
:)
>I'm awfully tempted to turn this argument back on you, Alec. There are
>criticisms of the morality of releasing Crack widely. They are answerable
>and, in my view, you've done all anyone could ask to answer them. Am I
>entirely to blame for giving your critics a hearing or is it my job to do
>that? We can argue forever about how balanced that piece was (judging from
>the elapsed time, we may well do) but isn't there an argument that your
>critics did deserve to have their opinions sounded?
Hmmm. I realise it is your job as a journalist to play devil's advocate,
but that is like banning crowbars in case people might use them to commit
burgalary. Better that the tool exists and is out there, to encourage
people to improve their security, rather than wait for someone to write
their own tool and use it to do something unpleasant to a system.
Alec Muffett
> apologies for the heavy-handed snippage
pas de probleme
> Client ignorance more along the lines of: "Why am I paying you ŁX thousand
> if you're going to go into print praising a product that could be used to
> find security holes in my precious systems? Whose side are you on?"
Alas for the world of Dilbert...
Of course, if the spin on your article would have inspired said
manager to say "My God! You mean you're "in" on this marvellous new
software which helps me find security holes in my precious systems?
Wow, you must be a really cutting-edge guy!" - then perhaps people
would not have been quite so cold-footed.
> >This reminds me of an earlier posting in this thread, which (to
> >paraphrase) implied what a scary thought it was, that people might
> >want to be spoonfed fluffy, non-challenging news, because they
> >actively do not *want* to have their world-view upset.
>
> I don't buy it. Death, doom and tragedy sell extremely well.
I concur, but that's not quite what I was arguing...
There are topics like:
{Women,Gay} Vicars Inhabiting The Sacred Pulpits Of This Sceptred Isle!
...which sell extremely well, because they are challenging (to most
reactionaries) but comprehensible in terms of size/personalities.
On the other hand, homelessness rarely gets in-yer-face coverage, I
submit because a lot of people would prefer to forget that it exists,
and moreover a lot of other people would *prefer* the remainder of us
to forget that it exists.
> >Not infrequently I have been "held to blame", not for causing the
> >holes, but for finding them and requiring them to be fixed, causing
> >dis-satisfaction.
>
> I'm awfully tempted to turn this argument back on you, Alec. There are
> criticisms of the morality of releasing Crack widely.
Go ahead - it's not like I haven't heard them before.
> They are answerable
> and, in my view, you've done all anyone could ask to answer them. Am I
> entirely to blame for giving your critics a hearing or is it my job to do
> that?
I admit, it is probably your job, but there comes a point when it is
like flogging a dead horse, and I submit that the foundations upon
which your story was based were fundamentally flawed, in that you
withheld the whole picture:
- Password Cracking is trivial to implement
(see signature below for example code in 1-line)
- This is version 5.0 of a program first released in 1991.
- The technique is well-known and documented in a variety
of scientific papers dating back to the 1970s, and was even
built in to the Internet Worm code, IIRC.
- Crack was based on COPS code of similar ilk, from pre-1988,
based in turn on a Berkeley password cracker of '82 vintage.
- All this info is now, and was then, publically available.
...you withheld this framework from your sources and your readership,
in order to elicit the desired level of reactionary frothing from your
sources and readership, because if you included this level of detail,
then your story would have fallen apart.
In short, you suppressed part of "the whole picture" to promote
knee-jerk reaction, rather than presented "the whole picture" to
challenge people's thinking.
I consider that rather naughty.
>but isn't there an argument that your
> critics did deserve to have their opinions sounded?
Yes, but I think my critics should have been criticising me from a
fully-informed point of view, otherwise it's not debate, it's just
tongue-lashing-for-profit.
> >You flatter me, though I would love to hear your take on the impact of
> >(say) Linux, on the enterprise environment,
>
> If I told you I run Red Hat at home and Microsoft think I'm an agent of
> Sun's, would that be enough clues?
Funny, I am in exactly the same position, though for more obvious reasons.
Incidentally, that RedHat CD you are using, contains a major system
library called "cracklib" which is used to try and prevent ppl
choosing stupid, guessable passwords.
I wrote it, and it is the reason I get free updaets from RedHat for
having done so (creatred a core utility).
It's a merely different front end to the Crack dictionary generator.
Just so you know, you're using Crack code, too... 8-)
> Public acts, public scrutiny.
Pah. I forgive you, so long as you don't make a habit of it.
> New technology supplement, readers only then becoming acquainted with your
> work... Importance is a loaded term, readability (commercial value?) is
> probably more appropriate. And in my view, it was a good read.
Of course - it's your job. Creating useful software for the masses is
mine. It just distresses me if your job makes mine harder - and
fortunately, it did not, in this case...
> >>Or pick Jon Snow's ties?
> >
> >He must be one of those television newsreader people? Yes?
>
> Yes.
Recognised the name, but the only ones I really recognise nowadays are
Paxo and Trev McDonald... all the rest are just blurs.
> >Mine's a Pedigree for preference; Old Pec, BlackSheep ale, and Hook
> >Norton all welcome. Director's at a pinch. I seem to remember a
> >standing invite from some years ago.
>
> Still standing.
name the venue.
Dave
<al...@crypto.dircon.ZZ.uk> wrote:
>"Michael McCormack" <mon...@insider.co.uk> writes:
>
>> >This reminds me of an earlier posting in this thread, which (to
>> >paraphrase) implied what a scary thought it was, that people might
>> >want to be spoonfed fluffy, non-challenging news, because they
>> >actively do not *want* to have their world-view upset.
>>
>> I don't buy it. Death, doom and tragedy sell extremely well.
>
>I concur, but that's not quite what I was arguing...
>
just butting in again, but disaster sells wonderfully well as long as
it does not impinge on the punters own world or reflect on his own
actions.
One of the hardest things about reporting social/countries mistakes
is to persuade the punter to accept their own partial liability. - the
point for me being that its a shame we protect our fluffy view of the
world by denying the problems, rather than at least saying 'I could
help but I can't be arsed/can't afford' etc.
D.J.
Firestarter
<al...@crypto.dircon.ZZ.uk> wrote:
> {Women,Gay} Vicars Inhabiting The Sacred Pulpits Of This Sceptred Isle!
>
>...which sell extremely well, because they are challenging (to most
>reactionaries) but comprehensible in terms of size/personalities.
you forgot peoples need to escape from reality by using conspiracy
theories to excuse normal everyday things
(god im a hypocrite!! but it is true)
David Burns
But wasn't this because German compuserve users had access to CSI's
worldwide database? Surely Germany would have been satisfied if all CSI
did was to ban all Germans' access to the offending material?
> Discuss... :)
Phew :)
If you were given a comprehensive mapping of every single phone number in
existance; along with details as to what's on the end; the easiest ways to
circumvent security; a foolproof way of getting free calls and easy means
of not being detected; would 'the scene' be how it is? No one would get
the 'buzz' of the first successful hack; since there would be no real
challenge.
Without secrecy there would be nothing to arouse the intrigue that everyone
has to drive someone to discover the secrets.
Yet if we were not so pushy and did not constantly try and find things out
through possibly illegal means that were secret; maybe we'd be told a
little more.
'the system' is hypocratic. It's one big feedback loop.
As long as we keep 'trying things out' the greater the security will become
and in turn the more we will want to 'break the code'. So you could say
it's 'them', the corporations and public services, and not us that gives us
the ambition and the challenge; and in turn the reward, to do what we do.
So we keep on doing it.
--
Dave / [=- X -=]
E-Mail: pol...@removethis.spuddy.mew.co.uk
Fido: 2:257/145.6
David Burns
novel.
> Everyone could add a chapter or two.
Heh. let DarkCyde Comms do the layout ;>
Michael McCormack
Dave wrote in message <35dc9a1a...@news.virgin.net>...
>just butting in again, but disaster sells wonderfully well as long as
>it does not impinge on the punters own world or reflect on his own
>actions.
I'm not sure that's true. Dunblane coverage sold well in Dunblane, Kyoto
earthquake coverage stiffed, "Diana died for your sins" coverage sold well
everywhere.
Michael McCormack
Alec Muffett wrote in message ...
> - Password Cracking is trivial to implement
> (see signature below for example code in 1-line)
>
> - This is version 5.0 of a program first released in 1991.
The fourth paragraph of the story indicated that Crack 5 is an updated
version of an existing program.
> - The technique is well-known and documented in a variety
> of scientific papers dating back to the 1970s, and was even
> built in to the Internet Worm code, IIRC.
>
> - Crack was based on COPS code of similar ilk, from pre-1988,
> based in turn on a Berkeley password cracker of '82 vintage.
>
> - All this info is now, and was then, publically available.
The third and fouth paragraphs indicate that both Crack and other password
crackers had been available for some time.
>...you withheld this framework from your sources and your readership,
>in order to elicit the desired level of reactionary frothing from your
>sources and readership, because if you included this level of detail,
>then your story would have fallen apart.
Nonsense. Nowhere have I ever suggested that Crack was some new beast
slouching towards Bethlehem. The fact of the update's release was the spur
for the story.
>In short, you suppressed part of "the whole picture" to promote
>knee-jerk reaction, rather than presented "the whole picture" to
>challenge people's thinking.
>
>I consider that rather naughty.
I consider your analysis flawed, as it makes fundamental errors of fact.
>Yes, but I think my critics should have been criticising me from a
>fully-informed point of view, otherwise it's not debate, it's just
>tongue-lashing-for-profit.
If I'm your critic, what information was I lacking when I wrote the piece.
It's not enough to say "You don't agree with me because you don't understand
all the circumstances." You haven't brought new information to my attention
and I stand by the belief that the release of Crack 5 was morally
questionable.
>Incidentally, that RedHat CD you are using, contains a major system
>library called "cracklib" which is used to try and prevent ppl
>choosing stupid, guessable passwords.
I mentioned this to my girlfriend (RedHat's there largely for her benefit)
whose comment was: "Why are you arguing with this guy - he's evidently a lot
smarter than you?" Nothing like the comforts of home...
>> Public acts, public scrutiny.
>
>Pah. I forgive you, so long as you don't make a habit of it.
What else is a reporter meant to make a habit of?
>name the venue.
Any cons going this summer we're both likely to be at?
Michael McCormack
David wrote in message ...
>Hmmm. I realise it is your job as a journalist to play devil's advocate,
>but that is like banning crowbars in case people might use them to commit
>burgalary. Better that the tool exists and is out there, to encourage
>people to improve their security, rather than wait for someone to write
>their own tool and use it to do something unpleasant to a system.
That's the freeware/academic view of things and I do understand it. The
other view says that money is a form of power and that tools which can be
used both to attack and defend should have high price tags. That way, the
potential victims (defined in a commercial view as companies and large
organisations) have better access to the tools than the potential attackers.
Capitalist morality at work.
Alec Muffett
"Michael McCormack" <mon...@insider.co.uk> writes:
> That's the freeware/academic view of things and I do understand it. The
> other view says that money is a form of power and that tools which can be
> used both to attack and defend should have high price tags.
Even if they require less effort to cook up (by one of the many thousands
of competent computer programmers in the world) than a good omlette does?
>That way, the
> potential victims (defined in a commercial view as companies and large
> organisations) have better access to the tools than the potential attackers.
> Capitalist morality at work.
#define SARCASM 1
Pity the net doesn't work like that then. Bummer, isn't it? 8-)
(speaking as a generally pro-capitalistic person)
Alec Muffett
Pardon the delay - life gets in the way of these things...
"Michael McCormack" <mon...@insider.co.uk> writes:
>The fourth paragraph of the story indicated that Crack 5 is an updated
>version of an existing program.
Mmmm...
% crypto:alecm $ less /home/alecm/crack/media-arts/telegraph.txt
| Although the program is intended to help system administrators
| improve their password security and find flaws in their own
| procedures, earlier versions of Crack have become a standard
| weapon in the hacker's arsenal, allowing easy access to poorly
| guarded systems.
Yep, although this doesn't say whether the timescale is years, or
days, and when followed by:
| Security advisors have been severely critical of Muffett's
| decision to make the program publicly available as freeware,
| comparing his action to "handing out guns at the exit gate of a
| prison."
...made it sound like Crack was breaking news, since "surely no-one
in their right mind would be *severely* critical after six years?"
Technically, you are correct, and I cannot therefore fault your
defense on anything other than empirical grounds, viz: that I don't
think your readership would have stopped to consider that there might
be one, two, or five years lapse in the story.
"Earlier versions", indeed...
>The third and fouth paragraphs indicate that both Crack and other password
>crackers had been available for some time.
...yet somehow they still reek of "HORRIFYING NEW TERROR!"
>Nonsense. Nowhere have I ever suggested that Crack was some new beast
>slouching towards Bethlehem.
Never said you did - your (at that point internet-naive?) expert
sources did that for you:
| [deleted] said: "What he's done
| is extremely irresponsible. This is like a gun-control advocate
| arming half the criminal population to highlight the dangers of
| guns."
...my own sources informed me that this particular source - at least
at the time - specialised in PC-Networking, and had little if any
experience of the Unix world and its professional mores.
In short, this is little better than vox pop; not to mention the
logistically laughable:
| A systems administrator at one of Britain's largest
| universities said: "This is a recurring problem in the security
| area. Gifted amateurs come up with very useful and innovative
| programs but release them to anyone who shows an interest.
| "He might have given copies to security professionals and let
| them circulate the program amongst themselves. It is a race to
| see if we can get it installed before anyone uses it against
| us."
...And before you lay into me saying this is a neat idea, go on then -
I challenge you to bell the cat, and suggest a reasonable plan which
would fairly and without discrimination provide access to a piece of
security software like "Crack" to a worldwide audience of all
"legitimate" Unix systems administrators, preventing its leaking into
the hands of "TERRIFYING 3L33T HAXOR-DUDES" and the like...
The fact that the only voice raised in my defense in your article, was
my own, might also suggest there was a particular slant against me in
the article; given the size of pro-crack support you cited earlier -
the stuff which poured out after publication - one can only suppose,
Michael, that you did not try hard enough to look for a pro-crack
viewpoint to support mine, either from laziness, or wilfullness.
But then, I suspect that you didn't know me from Adam back then, did you?
>The fact of the update's release was the spur for the story.
...and on such hair-trigger media ejaculations, the mighty beast of
Microsoft marketing subsists; it is a matter for regret...
>>In short, you suppressed part of "the whole picture" to promote
>>knee-jerk reaction, rather than presented "the whole picture" to
>>challenge people's thinking.
>>
>>I consider that rather naughty.
>
>I consider your analysis flawed, as it makes fundamental errors of fact.
A good technical defense, perhaps, but then most people do not expect
to have to read a newspaper with a mind to nitpick a story's subtext
of "ONGOING FURORE OVER INTERNET SECURITY" when in reality the last
time anyone who had reason to care - mark how I phrase that sentence -
to disagree with the release of such software was several years previously.
>>Yes, but I think my critics should have been criticising me from a
>>fully-informed point of view, otherwise it's not debate, it's just
>>tongue-lashing-for-profit.
>
>If I'm your critic, what information was I lacking when I wrote the piece.
I believe you lacked nothing other than the integrity to admit there
was no charge for me to answer for, other than one that you trumped up
amongst people who were largely:
(a) not competent to comment, or ...
(b) were restrained from speaking their mind in public by
Dilbertesque circumstance, backed by ...
(c) a very small minority of heartfelt critics, none of whom you found.
>It's not enough to say "You don't agree with me because you don't understand
>all the circumstances." You haven't brought new information to my attention
That is my task?
>and I stand by the belief that the release of Crack 5 was morally
>questionable.
Yes. It was. Questionable. In the same way that all the previous releases:
2.7 3.0 3.1 3.2 3.3 4.0 4.1
...(between 1991 and 1996) were *all* also morally questionable, were
weighed in the public arena on each occasion, and on each occasion
triumphed strongly on the basis of "the greater good" test of moral
justification, which is the only one that really matters.
Except to the tabloid media, where "what sells" is more important.
>I mentioned this to my girlfriend (RedHat's there largely for her benefit)
>whose comment was: "Why are you arguing with this guy - he's evidently a lot
>smarter than you?" Nothing like the comforts of home...
Well, maybe next time you'll run such a story past her? 8-)
>>>Public acts, public scrutiny.
>>
>>Pah. I forgive you, so long as you don't make a habit of it.
>
>What else is a reporter meant to make a habit of?
Well, if he is an IT reporter, he could try avoiding making an arse of
himself in front of the net.community by whipping up worthless public
condemnation in the face of established net.practice...
>>name the venue.
>
>Any cons going this summer we're both likely to be at?
Alas not - the life of a...
<EGO>
"world-famous professional network security researcher"
</EGO>
(fame largely achieved without the help of the media, I might add) is
a busy one, and I haven't had time to either (a) prepare a public
presentation worth doing, nor (b) spend time trying to scam a freebie.
Unless Ross is running something later this year?
- alec
Michael McCormack
Alec Muffett wrote in message ...
>
Nae worries. I'm about to disappear to London for a few days.
>...And before you lay into me saying this is a neat idea, go on then -
>I challenge you to bell the cat, and suggest a reasonable plan which
>would fairly and without discrimination provide access to a piece of
>security software like "Crack" to a worldwide audience of all
>"legitimate" Unix systems administrators, preventing its leaking into
>the hands of "TERRIFYING 3L33T HAXOR-DUDES" and the like...
Put a price tag on it in excess of £1500. Don't ship until the cheque
clears.
Yes, I know that would deprive a lot of legitimate sysads from using it. It
would also cut out the overwhelming majority of hackers. Don't like the
morality of using money to control access? Other people didn't like the
morality of using freeware to ensure some 3L33T HAXXORS would have their fun
with a far more professional and usable tool than they could code on their
own.
>The fact that the only voice raised in my defense in your article, was
>my own, might also suggest there was a particular slant against me in
>the article; given the size of pro-crack support you cited earlier -
>the stuff which poured out after publication - one can only suppose,
>Michael, that you did not try hard enough to look for a pro-crack
>viewpoint to support mine, either from laziness, or wilfullness.
Think again. Whose view does the Telegraph trust? That of a commercial
security operator - one that their own companies might employ - or an
academic who will defend anything he doesn't have to pay for? I write for an
audience. Journalism is not ontology.
>>I consider your analysis flawed, as it makes fundamental errors of fact.
>
>A good technical defense, perhaps, but then most people do not expect
>to have to read a newspaper with a mind to nitpick a story's subtext
>of "ONGOING FURORE OVER INTERNET SECURITY" when in reality the last
>time anyone who had reason to care - mark how I phrase that sentence -
>to disagree with the release of such software was several years previously.
Sorry, I don't buy that either. The parallel statement is: "Don't try him
for the second murder, the first one is the one where he went wrong."
>I believe you lacked nothing other than the integrity to admit there
>was no charge for me to answer for, other than one that you trumped up
>amongst people who were largely:
There was, and is, a charge for you to answer: is it morally acceptable for
you to distribute this software without making any attempt to ensure it
isn't given to people who intend to misuse it?
>Yes. It was. Questionable. In the same way that all the previous
releases:
>
> 2.7 3.0 3.1 3.2 3.3 4.0 4.1
>
>...(between 1991 and 1996) were *all* also morally questionable, were
>weighed in the public arena on each occasion, and on each occasion
>triumphed strongly on the basis of "the greater good" test of moral
>justification, which is the only one that really matters.
There was no Connected section to report the earlier releases. How can you
say it satisfied "the greater good" test when neither you nor I can estimate
the costs of its use in hacking?
>Well, if he is an IT reporter, he could try avoiding making an arse of
>himself in front of the net.community by whipping up worthless public
>condemnation in the face of established net.practice...
If I felt I had made an arse of myself, I wouldn't be asking the same
questions now I did then.
>Unless Ross is running something later this year?
I haven't heard - chances are I won't be south until October now, anayway.
Mike.
Alec Muffett
"Michael McCormack" <mon...@insider.co.uk>writes:
>>Pardon the delay - life gets in the way of these things...
Have a good one; can you recommend any decent watering holes?
My knowledge has dated seriously since leaving UCL in '88.
>>I challenge you to bell the cat, and suggest a reasonable plan which
>>would fairly and without discrimination provide access to a piece of
>>security software like "Crack"
>Put a price tag on it in excess of £1500. Don't ship until the cheque
>clears.
>
>Yes, I know that would deprive a lot of legitimate sysads from using it. It
>would also cut out the overwhelming majority of hackers.
So you don't think that "the greater good" is a worthwhile moral standpoint?
>Don't like the morality of using money to control access?
Actually, I did briefly consider this, once, and then decided that if
I actually got PAID for Crack, then people would
(A) sue me when it was misappropriated for use breaking into a system,
(B) make the government tax me for something that would yield very
little return,
(C) be of no great benefit to me because oa A and B, and...
(D) require me to life a life of product support, which is a crock.
>Other people didn't like the morality of using freeware to ensure some
>3L33T HAXXORS would have their fun with a far more professional and
>usable tool than they could code on their own.
...and yet significantly more *did* like the morality of being
provided with a tool to defend themselves from such.
You keep citing my detractors, yet in my life I have met very few
face-to-face; working from the "Yes, Prime Minister" line of political
defense, this sounds a lot like the media's common tack:
"Prime Minister, a lot of people are unhappy with [XXX]"
...to which my/the correct rebuff is:
"A lot of people? OK - Name them."
Shall we conduct a poll on uk-security, Michael, and see what numbers
we come up with, and live with the result?
>>The fact that the only voice raised in my defense in your article, was
>>my own, might also suggest there was a particular slant against me
...
>>Michael, that you did not try hard enough to look for a pro-crack
>>viewpoint to support mine, either from laziness, or wilfullness.
>
>Think again. Whose view does the Telegraph trust? That of a commercial
>security operator - one that their own companies might employ - or an
>academic who will defend anything he doesn't have to pay for?
This argument stands on its head - it simultaneously implies that:
1) Academics/Boffins are not to be taken seriously by the Telegraph -
presumably unless it suits a story to call them in as "experts".
...and...
2) That an employee of a "commercial security operator" will inherently
be more competent in the field of security than someone from
an academic background might.
(If you've met as many MIS contractors as I have,
you'll know this is damnably false)
...and I believe that it reeks of a (typically British) media attitude
that Experts, Boffins, Academics and the like, are all best isolated
in some Gulliverian research lab trying to extract sunbeams from
cucumbers, rather than trying to help people, since "naught but
disaster and dissatisfaction of the masses will come of it".
The difference between me and Alec Guinness - from "The Man in the
White Suit", one of my favourite Ealing comedies - is that the only
screaming horde after my blood is one of your imagining.
>I write for an audience. Journalism is not ontology.
Perhaps, but it should not be calumny, either.
>>A good technical defense, perhaps, but then most people do not expect
>>to have to read a newspaper with a mind to nitpick a story's subtext
>>of "ONGOING FURORE OVER INTERNET SECURITY" when in reality the last
>>time anyone who had reason to care - mark how I phrase that sentence -
>>to disagree with the release of such software was several years previously.
>
>Sorry, I don't buy that either. The parallel statement is: "Don't try him
>for the second murder, the first one is the one where he went wrong."
You know there's a notional award you can get, for comparing the
actions of someone flaming someone else on USENET, to the destruction
of the (eg:) Hitler and the WWII Holocaust.
I think you just won runner-up. 8-)
In my defence, m'lud, I would state that I see nothing wrong with your
"parallel statement" above; if I had committed {some crime} once, and
been not merely cleared by the jury but generally lauded by the judge,
and then followed up that crime later with further improvement and
similar result, it would certainly cast doubt upon whether my actions
should be considered criminal at all.
Your comparison of "releasing software" to "murder" seems merely to be
an instance of "Argumentum Ad Populum" - appealing to the people to
support your position - and I heartily recommend you go read:
http://www.faqs.org/faqs/atheism/logic/
- the "Constructing a Logical Argument" FAQ, before trying to pursue
your existing line of argument with me, further.
>There was, and is, a charge for you to answer: is it morally acceptable for
>you to distribute this software without making any attempt to ensure it
>isn't given to people who intend to misuse it?
Yes, I believe it is. "Greatest good", etc.
Shall we go ask the people, rather than continue to speculate?
( Of course, some would say that it is the function of a journalist to
speculate, and I would agree, but surely journalists are not meant to
speculate to the exclusion of facts. 8-] )
>>Yes. It was. Questionable. In the same way that all the previous
...
>>(between 1991 and 1996) were *all* also morally questionable, were
>>weighed in the public arena on each occasion, and on each occasion
>>triumphed strongly on the basis of "the greater good"
>
>There was no Connected section to report the earlier releases.
<CRUMBLY_VOICE>
"...So where were you, when I was changing the way people thought
about internet security, sonny-boy? ..."
</CRUMBLY_VOICE>
>How can you
>say it satisfied "the greater good" test when neither you nor I can estimate
>the costs of its use in hacking?
Ask the people. The uk-security maillist is a filtered list of
academic and commercial systems administrators, and you have to be
"cleared" as a professional good-guy to join (although there is no
"experience" requirement) so I think it wouldn't be to hard to find a
willing sample of professional people, interested in security, to
answer just one question on the topic.
And please, don't try directing this into a "financial cost is the
important thing, and is inestimable" - you and I both know that the
costs in the IT industry - or any business - by their nature have a
high degree of intangibility and their meaningful analysis is a black
art, or evem pure hokum, depending on your point of view.
Especially when - regarding security - people are loathe to discuss
anything, for fear of (at least) embarassing themselves.
>If I felt I had made an arse of myself, I wouldn't be asking the same
>questions now I did then.
Ah - but there's the proviso; whether you "felt it". 8-)
>>Unless Ross is running something later this year?
>
>I haven't heard - chances are I won't be south until October now, anayway.
Ah bother - well do let me know, and maybe we can go do a 2600 meet or
something daft and media-friendly.
- alec
--
alec muffett, sun microsystems laboratories, alec.muffett @ uk.sun.com
Steve T
<mon...@insider.co.uk> wrote:
>If I'm your critic, what information was I lacking when I wrote the piece.
>It's not enough to say "You don't agree with me because you don't understand
>all the circumstances." You haven't brought new information to my attention
>and I stand by the belief that the release of Crack 5 was morally
>questionable.
Morally questionable in what sense, was it 'morally questionable'
because of the nature of the program, (i.e. it's ability to expose
weak passwords in a *nix password file) or because it was made freely
available to anyone.
If your belief is founded on the second argument, then are you saying
that it is 'morally questionable' to allow individuals to posses the
same tools as corporations ?
Steve T
<mon...@insider.co.uk> wrote:
>David wrote in message ...
>
> D> Hmmm. I realise it is your job as a journalist to play devil's advocate,
> D> but that is like banning crowbars in case people might use them to commit
> D> burgalary. Better that the tool exists and is out there, to encourage
> D> people to improve their security, rather than wait for someone to write
> D>their own tool and use it to do something unpleasant to a system.
>That's the freeware/academic view of things and I do understand it. The
>other view says that money is a form of power and that tools which can be
>used both to attack and defend should have high price tags.
But Crack (and the many other simmilar tools available) can't be used
to 'attack' anything. An 'attacker' would already have performed
their 'attack' in order to obtain the password file. Granted, Crack
and it's ilk can be used as part of an overall 'attack' strategy, but
in order to make effective use of the information produced by such a
tool, an 'attacker' would need to be of a fairly high level of
technical competence. In which case, as Alec has pointed out, they
would be able to construct their own password cracking tool.
I am nowhere near as competent a programmer as Alec, but it given that
all the information required to develop a Crack-alike tool is freely
available (most of it in the *nix man pages), it would only take me, a
couple of days, maybe a week at most, of concerted effort to produce a
simmilar tool. In which case, downloading a program like Crack merely
saves me time.
>That way, the
>potential victims (defined in a commercial view as companies and large
>organisations) have better access to the tools than the potential attackers.
How about people who run homebrewed linux/free-bsd/etc systems, who
are as vulnerable (if not more so) to attack than 'companies and large
organisations', who would not be able to afford high price tags on
commercial products, how about people (like me) who run their own
linux systems, how about people (like me) who have a deep interest in
computer security technology and who would like to be able to learn as
much about as possible (for reasons including a desire to be employed
in the field) but who, if required to shell out thousands of pounds,
would have no chance of learning anything at all ?
>Capitalist morality at work.
No, it has nothing to do with capitalism at all. This is the morality
of a hierarchical power structure which has a vested interest in
keeping power in the hands of those who already have it.
If you think this is 'Capitalist' morality, then I would love to hear
your definition of Capitalism, as I'm sure it deviates quite
substantially from the any definition of the word that can construed
from the work of Adam Smith.
Alec Muffett
Alec Muffett <al...@crypto.dircon.ZZ.uk> writes:
> >Sorry, I don't buy that either. The parallel statement is: "Don't try him
> >for the second murder, the first one is the one where he went wrong."
...
> Your comparison of "releasing software" to "murder" seems merely to be
> an instance of "Argumentum Ad Populum" - appealing to the people to
> support your position - and I heartily recommend you go read:
Actually, there's a more up-to-date URL:
http://www.infidels.org/news/atheism/logic.html
...which is more readable, and which I believe puts your argument
somewhere between "Argumentum Ad Populum" (appeal to the masses, who
presumably abhor murder) and "The Extended Analogy" fallacy.
Michael McCormack
Alec Muffett wrote in message ...
No. I'm only down once every few weeks and I tend to go where I'm directed
by the people entertaining me. I do remember (parts of) a wonderful night at
the Texas Embassy somewhere near Nelson's Column.
>So you don't think that "the greater good" is a worthwhile moral
standpoint?
I don't think it's a verifiable claim, but we'll get to that lower down.
>Actually, I did briefly consider this, once, and then decided that if
>I actually got PAID for Crack, then people would
>
>(A) sue me when it was misappropriated for use breaking into a system,
>(B) make the government tax me for something that would yield very
> little return,
>(C) be of no great benefit to me because oa A and B, and...
>(D) require me to life a life of product support, which is a crock.
Perfectly sensible. Doesn't help resolve the moral argument but I respect
the grounds for the decision.
>You keep citing my detractors, yet in my life I have met very few
>face-to-face; working from the "Yes, Prime Minister" line of political
>defense, this sounds a lot like the media's common tack:
>
> "Prime Minister, a lot of people are unhappy with [XXX]"
>
>...to which my/the correct rebuff is:
>
> "A lot of people? OK - Name them."
>
>Shall we conduct a poll on uk-security, Michael, and see what numbers
>we come up with, and live with the result?
I think it would be more revealing to do the poll on the security mailing
list at the same time we poll the same audience "for the record" in a
national newspaper read by the governors of funding bodies. I'd bet my next
salary cheque the results don't match. For that reason, I don't think we're
having a debate that can be resolved by empirical testing.
>This argument stands on its head - it simultaneously implies that:
>
>1) Academics/Boffins are not to be taken seriously by the Telegraph -
> presumably unless it suits a story to call them in as "experts".
>
>...and...
>
>2) That an employee of a "commercial security operator" will inherently
> be more competent in the field of security than someone from
> an academic background might.
>
> (If you've met as many MIS contractors as I have,
> you'll know this is damnably false)
>
>...and I believe that it reeks of a (typically British) media attitude
>that Experts, Boffins, Academics and the like, are all best isolated
>in some Gulliverian research lab trying to extract sunbeams from
>cucumbers, rather than trying to help people, since "naught but
>disaster and dissatisfaction of the masses will come of it".
I won't dispute that the logic is screwy. Looked at in the right light
though... Market-loving newspapers (The Telegraph) assume their readers are
more likely to trust the view of a market operator (security con) than a
market analyst (security researcher). The reasons are as Thatcherite as they
are obvious. I have always agreed with you that underfunded academics love
Crack (god, the puns keep coming). I argue that they are acting as much in
their own self-interest as the cons. In that light, who's a better source?
For a hack, it depends who the audience is.
>The difference between me and Alec Guinness - from "The Man in the
>White Suit", one of my favourite Ealing comedies - is that the only
>screaming horde after my blood is one of your imagining.
I think we've already explored the reasons they screamed and the reasons
they didn't raise torches and surround the castle.
>>I write for an audience. Journalism is not ontology.
>
>Perhaps, but it should not be calumny, either.
It wasn't.
>You know there's a notional award you can get, for comparing the
>actions of someone flaming someone else on USENET, to the destruction
>of the (eg:) Hitler and the WWII Holocaust.
>
>I think you just won runner-up. 8-)
Godwin's Law. A shameful restriction on melodrama.
>Your comparison of "releasing software" to "murder" seems merely to be
>an instance of "Argumentum Ad Populum" - appealing to the people to
>support your position - and I heartily recommend you go read:
>
> http://www.faqs.org/faqs/atheism/logic/
>
>- the "Constructing a Logical Argument" FAQ, before trying to pursue
>your existing line of argument with me, further.
Cheers, Alec. The Jesuits got there first and did a more thorough job than
an FAQ could. If you don't like bloodstained analogies, too bad.
>>There was, and is, a charge for you to answer: is it morally acceptable
for
>>you to distribute this software without making any attempt to ensure it
>>isn't given to people who intend to misuse it?
>Yes, I believe it is. "Greatest good", etc.
>
>Shall we go ask the people, rather than continue to speculate?
Whose opinions matter to both of us? I think we've been clear all along to
make the distinction between your audience and mine. I don't see any
overlap.
><CRUMBLY_VOICE>
>"...So where were you, when I was changing the way people thought
>about internet security, sonny-boy? ..."
></CRUMBLY_VOICE>
Regrettably, you're not that much older than me.
>Ask the people. The uk-security maillist is a filtered list of
>academic and commercial systems administrators, and you have to be
>"cleared" as a professional good-guy to join (although there is no
>"experience" requirement) so I think it wouldn't be to hard to find a
>willing sample of professional people, interested in security, to
>answer just one question on the topic.
>And please, don't try directing this into a "financial cost is the
>important thing, and is inestimable" - you and I both know that the
>costs in the IT industry - or any business - by their nature have a
>high degree of intangibility and their meaningful analysis is a black
>art, or evem pure hokum, depending on your point of view.
Actually, the problem of assigning financial costs seems less ridiculous to
me than the idea that you, of all people, would suggest resolving a moral
question by a vote. Right and wrong, in the true moral sense, are not
susceptible to the opinion of any sample group. In the journalistic sense,
they are susceptible to the whims of any sample group you care to use to
make your point.
>Ah bother - well do let me know, and maybe we can go do a 2600 meet or
>something daft and media-friendly.
I'll let you know. I have a large piece on freeware in mind for my Christmas
issue - that's got to be worth a few drinks.
Michael McCormack
Steve T wrote in message <35e1bde...@orac.sund.ac.uk>...
(plus one other post which I have edited in below)
>Morally questionable in what sense, was it 'morally questionable'
>because of the nature of the program, (i.e. it's ability to expose
>weak passwords in a *nix password file) or because it was made freely
>available to anyone.
>
>If your belief is founded on the second argument, then are you saying
>that it is 'morally questionable' to allow individuals to posses the
>same tools as corporations ?
Yes, the second argument. Partly yes for the second part of the sentence. If
you can find a way to distinguish responsible (or at least accountable)
individuals from the rest, I have no problem with wide distribution. If you
can't make that distinction, I think you have to bear some responsibility
for allowing a thing you have made to be misused.
>How about people who run homebrewed linux/free-bsd/etc systems, who
>are as vulnerable (if not more so) to attack than 'companies and large
>organisations', who would not be able to afford high price tags on
>commercial products, how about people (like me) who run their own
>linux systems, how about people (like me) who have a deep interest in
>computer security technology and who would like to be able to learn as
>much about as possible (for reasons including a desire to be employed
>in the field) but who, if required to shell out thousands of pounds,
>would have no chance of learning anything at all ?
I take you back to the question of accountability. If I can't guarantee
(even to a miniscule degree) your accountability for your use of the
product, should I not ask myself if you should have it? (More lower down.)
>>Capitalist morality at work.
>No, it has nothing to do with capitalism at all. This is the morality
>of a hierarchical power structure which has a vested interest in
>keeping power in the hands of those who already have it.
Wake up. That is capitalism as it is employed in the late 20th C.
>If you think this is 'Capitalist' morality, then I would love to hear
>your definition of Capitalism, as I'm sure it deviates quite
>substantially from the any definition of the word that can construed
>from the work of Adam Smith.
Smith's relationship to capitalism bears an almost exact resemblance to
Marx's relationship to Marxism. Capitalism is as much a system for the
preservation of social order as it is an efficient means of pricing and
distribution. If you want to debate on 18th century terms, find another
sucker.
Tools like Crack have an immediate and potentially destructive use. Had Alec
published (and he may well have done, for all I know) a paper making
observations about the crackability of certain files by certain methods - a
paper decription of Crack - his actions would never have merited a newspaper
story.
Why does the production of the tool matter? Because, when used with other
widely available tools, it allowed relatively naive users a much better
chance of gaining access to systems than they would have had without it.
Why does the method of distribution then involve moral issues? Because
unfettered, free distribution introduced the chance that some individuals
would use the tool to do harm.
Where does capitalist morality enter the picture? Because money is not
equally available to everyone. It is much more commonly found in the hands
of companies and organisations with systems and data to protect than it is
in the hands of (typically) high school kids who wanna do something kewl.
Setting a price on Crack starts to limit its availability to people you'd
rather not see using it.
Yes, I admit and have admitted all along, it also debars many responsible
people and organisations from owning it. I think that's a fair trade. Alec
doesn't.
Let's be clear about what we're arguing. There's no moral wrong if Linux
drives Windows off the face of the earth. My company does no moral wrong by
using a shareware scanner governor instead of paying more money for a
commercial equivalent. Freeware - as a category - isn't at issue, nor is the
moral desirability of capitalist systems.
The question at issue is: was it morally ideal to distribute Crack freely to
anyone? I say no for the reasons given above.
Steve T
<mon...@insider.co.uk> wrote:
>
>Alec Muffett wrote in message ...
> AM> ...And before you lay into me saying this is a neat idea, go on then -
> AM> I challenge you to bell the cat, and suggest a reasonable plan which
> AM> would fairly and without discrimination provide access to a piece of
> AM> security software like "Crack" to a worldwide audience of all
> AM> "legitimate" Unix systems administrators, preventing its leaking into
> AM> the hands of "TERRIFYING 3L33T HAXOR-DUDES" and the like...
>Put a price tag on it in excess of £1500. Don't ship until the cheque
>clears.
>Yes, I know that would deprive a lot of legitimate sysads from using it. It
>would also cut out the overwhelming majority of hackers. Don't like the
>morality of using money to control access?
Ah, I see, use money as a tool to keep the unwashed masses from
getting their hands on anything which may imbue upon them the same
knowledge and/or power as the rich. I would regard -this- as
exceptionally questionable from any kind of moral standpoint.
>Other people didn't like the
>morality of using freeware to ensure some 3L33T HAXXORS would have their fun
>with a far more professional and usable tool than they could code on their
>own.
As you are an IT journo, I would expect you to have a slightly better
understanding of the situation than this.
<SNIP (sorry, BW saving)>
>Think again. Whose view does the Telegraph trust? That of a commercial
>security operator - one that their own companies might employ - or an
>academic who will defend anything he doesn't have to pay for?
Hmm, well, for a start AFAIK Alec -is- a reputable commercial security
operator, and if you are suggesting that any supporting POV from an
academic would relvolve around the fact that Crack costs nothing, you
are serioulsy out of order. Granted Academia is skint, but to suggest
that this would be the main factor in any academic opinion is both
incorrect and offensive.
> I write for an audience. Journalism is not ontology.
Once again, we are returning to the idea of an agenda in any given
rag. You write (in the Telegraph and the mail) for an audience who
are largely techno-illiterate and almost entirely what I would
describe as 'reactionary old Tory bastards', and so you throw out
'EvIl HaX0rs take over world' bullshit that you know they will lap up
as it fits their existing perception of the internet as a bed of vice
and crime, and 'hackers' as the progeny of the beast.
Again, I find this strange, as I would understand an IT journo to know
better. So either you don't know better, and should take some time to
find out, or you slant your story to fit the paper's agenda.
Which ?
>There was no Connected section to report the earlier releases.
Which suggests that you should perhaps have given some background
information, before launching into your 'Alec Muffet, satan of the
internet, hands out weapons to children', rant. In order to fill the
gap in your readers knowledge. But then that would hardly have
allowed you to use the 'SHOCK HORROR !!' slant that you did, would it
?
>How can you
>say it satisfied "the greater good" test when neither you nor I can estimate
>the costs of its use in hacking?
You can not estimate the cost, becuase you will never get any kind of
accurate figures from anyone. Companies who have suffered a breach
(in the rare event that they admit it) usually put som huge, entirely
arbitray figure on it, as this makes it easier to justify expenditure
of resources by enforcement agencies in investigating, and also makes
it easier to prosecute a case in front of a jury, who will be
impressed by the magnitude of the figure, and ignorant of near
anything else.
>If I felt I had made an arse of myself, I wouldn't be asking the same
>questions now I did then.
And receiving the same answers, which you still refuse to accept.
------------------------------------------------------------
| 'Those who use arms well cultivate The Way, and keep the |
| rules. Thus they can govern in such a way as to |
| prevail over the corrupt.' Sun Tzu, The art of War |
------------------------------------------------------------
Steve T
<mon...@insider.co.uk> wrote:
>Steve T wrote in message <35e1bde...@orac.sund.ac.uk>...
>(plus one other post which I have edited in below)
> ST> Morally questionable in what sense, was it 'morally questionable'
> ST> because of the nature of the program, (i.e. it's ability to expose
> ST> weak passwords in a *nix password file) or because it was made freely
> ST> available to anyone.
> ST> If your belief is founded on the second argument, then are you saying
> ST> that it is 'morally questionable' to allow individuals to posses the
> ST> same tools as corporations ?
>Yes, the second argument. Partly yes for the second part of the sentence. If
>you can find a way to distinguish responsible (or at least accountable)
>individuals from the rest, I have no problem with wide distribution. If you
>can't make that distinction, I think you have to bear some responsibility
>for allowing a thing you have made to be misused.
In which case, I challenge you to come up with a single workable
method of distinguishing 'responsible' or 'acountable'
groups/individiuals from any other kind.
>>>Capitalist morality at work.
> ST> No, it has nothing to do with capitalism at all. This is the morality
> ST> of a hierarchical power structure which has a vested interest in
> ST> keeping power in the hands of those who already have it.
>Wake up. That is capitalism as it is employed in the late 20th C.
I'm all to well aware of that, I'm not an idealist of any type, that
doesn't mean I have to think that this type of 'crony capitalism' is
right.
> ST> If you think this is 'Capitalist' morality, then I would love to hear
> ST> your definition of Capitalism, as I'm sure it deviates quite
> ST> substantially from the any definition of the word that can construed
> ST> from the work of Adam Smith.
>Smith's relationship to capitalism bears an almost exact resemblance to
>Marx's relationship to Marxism.
Funny you should mention that, I was going to make that point myself,
although I was going to phrase it "Captialism as we know it is as much
a travesty of Smith's ideas as Marxism in the USSR was of Marx's", so
it looks as though we have some common ground after all :-)
>Capitalism is as much a system for the
>preservation of social order as it is an efficient means of pricing and
>distribution.
Hmm, this is very complex issue, in a strictly theoretical sense, this
is largely incorrect as politics and economics should be able to
operate independently of each other. As this is clearly not the case
in the real world, I guess I have to concede that point, but as I have
already pointed out, that doesn't mean that I have to like or condone
either the system, or the 'order' it imposes.
>If you want to debate on 18th century terms, find another
>sucker.
Actually I was making the argument based on my reading of Ormerod and
Galbraith, and from my own education in Business/Economics, which are
all circa 20th Century.
>Tools like Crack have an immediate and potentially destructive use.
I would disagree, Crack has no 'immediate' destructive use, the only
way to use it 'immediately' is on your own machine, and if I want to
destroy my own system, that's my business.
>Had Alec
>published (and he may well have done, for all I know) a paper making
>observations about the crackability of certain files by certain methods - a
>paper decription of Crack - his actions would never have merited a newspaper
>story.
>Why does the production of the tool matter? Because, when used with other
>widely available tools, it allowed relatively naive users a much better
>chance of gaining access to systems than they would have had without it.
I still feel that this is an arguable point, these supposedly naive
users would already have had to gain access to the system in order to
retrieve the password file. Gone are the days (hopefully) when you
could just ftp it. I haven't seen an unshadowed password file for a
long time (although I'm open to the possibility that they still
exsist), which leads me on to the second part of my argument, which is
that the 'vulnerabilies' exploited by Crack (and many, many simmilar
tools available) are caused by sites operating poor security policies.
Crack only works because sysadmins have allowed their users to choose
un-secure passwords, the knowledge and tools required to prevent this
were available quite some time before Crack was, and are certainly
widely available (and publicised) now. So a 'naive user' can only
cause problems for a 'naive' sysadmin. You wouldn't leave your car
parked on a London street, full of valuables, with the windows open
and the doors unlocked, and then, on discovering that you had been
robbed, deny any personal responsibility, now would you ?
This diminshes (or it should) the risk to large sites, where large
costs result in the event of a security breach of this type, so if we
are going to use the good old Capitalist moral evaluation, this makes
Crack far less pernicious, as it can do far less damage in monetary
terms.
>Why does the method of distribution then involve moral issues? Because
>unfettered, free distribution introduced the chance that some individuals
>would use the tool to do harm.
>Where does capitalist morality enter the picture? Because money is not
>equally available to everyone. It is much more commonly found in the hands
>of companies and organisations with systems and data to protect than it is
>in the hands of (typically) high school kids who wanna do something kewl.
>Setting a price on Crack starts to limit its availability to people you'd
>rather not see using it.
So if charging a large amount of money for something limits it's
availability to those who would only use it in a way that you would
approve of, how come HMG can approve a GBP X million weapons shipment
that is then used to massacre civilians and government opposition in
the country that was granted the end user licencse ?
>Yes, I admit and have admitted all along, it also debars many responsible
>people and organisations from owning it. I think that's a fair trade. Alec
>doesn't.
No, and nor do I. It makes no sense from a Business (or even
capitalist) point of view. Take this example. Bloke X, a smart young
graduate from a good university, decides to start a business. He
discovers from his research that there is currently high demand both
in Europe and the US for active security testing of information
systems. This pleases him greatly, as his skills lie in this
direction, and he knows that that he can recruit other like minded and
highly skilled individuals from amongst his contacts in the 'hacking
scene'. As he is a recent graduate, he has no money and no house or
other substantial assets with which to secure a loan.
He will be able to obtain a limited amount of funding through various
EU and .gov.uk sponsored grant schemes and possibly then be able to
obtain a business start up loan from a bank (but ONLY if he already
has funding, as most banks will only match the funds you can raise
yourself).
The funds he does manage to acquire will almost certainly be somewhat
less than the GBP 10,000 that most business profiles suggest he will
need to form his start up.
In order to start his business he will need to procure a fair amount
of hardware and software, pay for marketing, and pay his staff.
If products such as Crack were highly priced, he would be unable to
afford the requisite software to start his business, and thus the idea
would die as soon as he presented his business plan to the bank
manager or other financial advisor.
(In fact, even with Crack being free, he will still be pushing it to
obtain the nesc. hardware for this amount of cash)
Thus enterprise and entrepeneur[ship|ism|is that even spelled right ?]
(supposedly the life blood of capitalism) is thwarted.
This type of use of money as a mechnasim of political ccntrol merely
guarantees that only corporates with vast amounts of funding/credit at
their disposal can play the game, and keeps small players locked out.
I think you would find that most economics/business texts would argue
that this situation is -bad- for the economy.
>Let's be clear about what we're arguing. There's no moral wrong if Linux
>drives Windows off the face of the earth. My company does no moral wrong by
>using a shareware scanner governor instead of paying more money for a
>commercial equivalent. Freeware - as a category - isn't at issue, nor is the
>moral desirability of capitalist systems.
>The question at issue is: was it morally ideal to distribute Crack freely to
>anyone? I say no for the reasons given above.
Those reasons being, as I understand, and please feel free to correct
me if I've misconstrued it, that it is morally questionable to make it
easy to obtain anything which could conceivably be used to cause harm.
In which case, anything sharp (or blunt and heavy) should be priced
out of reach of the ordinary person to prevent such items as
nailfiles, scissors, garden tools, bricks, those pointy combs or
cricket bats being used as offensive weapons.
I can understand your arguments, but logically, this kind of system
leads to fallacy.
I also have a problem with your argument that the amount of money a
person/organisation has is a suitable metric for deciding how
'responsible' or 'accountable' they are. Frankly, if this were the
case, the world wouldn't be such a f*cked up mess.
There are issues to be addressed here, but I don't think you're
looking in the right place, if you want to take issue with the
potential misuse of a tool, you'd be better off looking at the
underlying factors which could cause such misuse, but I don't suppose
that 'School age children might crack passwords because they are
bored, undermotivated, not stimulated by a festering education system
and unable to find their own identity in a media saturated society'
makes much of a Telegraph headline does it, no hook, no angle, no
reaffirmation of right wing perceptions.
If you are afraid of what members of society will do with some
knowledge/power/tool/item, you need to start fixing your society, not
burning witches at the media alter.
Steve
Michael McCormack
<nd3d89n...@crypto.dircon.ZZ.uk>...
> Michael, why does this smack to me of your trying to defend yourself
> one minute with (questioable?) logic, and the next, pointing to your
> Editor and saying "he made me do it, it's what the punters want!".
Well, let's not drag him into it. I've been around long enough to know what
he wants without being told. If we're examing the morality of the
reporting, the responsibility lies with me.
> So there is no objective media. Ever? How utterly disappointing.
I don't believe it exists. Of course, I don't believe history is objective
either. Actually, I'm not entirely convinced of the objectivity of science.
However, this is going rapidly OT.
> >Cheers, Alec. The Jesuits got there first and did a more thorough job
than
> >an FAQ could.
>
> Oh gods - not another Catholic's boys-school education; if we ever go
> head-to-head over something serious, there'll be an explosion.
I'm sure they're delighted to know we're still arguing morality after all
these years.
> Quite (I'm 30, how old are you?) but I have been in this Internet lark
> since I was 18 - 2nd year Astronomy, UCL - and been doing security as
> a professional responsibility since I was 20; pretty much to the
> exclusion of anything else since 1993.
Well, I guess that makes you "Sonny" as I'll be hitting 32 this Christmas.
First email account in 1981/2 if my aging memory serves. I can remember
thinking: "This is no substitute for paper."
> As a long-term pro-Linuxer (since v0.96) with a good view of the
> corporate IT enterprise, my personal opinions on the matter are at
> your disposal, for the cost of a few pints.
Done. I'll be in touch in October.
Mike.
--
Michael P McCormack
Editor, Insider Technology
mon...@insider.co.uk
Michael McCormack
Dave <david....@virgin.net> wrote in article
<35e4d75f...@news.virgin.net>...
> Just interjecting for fun. I don't see the point in restricting
> knowledge just for fear of how it could be used, that leaves the
> knowledge in the hands of a minority, which imho is more dangerous
> than everyone having it...
>
> D.J.
>
Flippant or not, I'm fairly sure that's not what this argument is about.
Michael McCormack
Steve T <ca4...@isis.sund.ac.IHATESPAM> wrote in article
<35e49576...@orac.sund.ac.uk>...
> >Yes, the second argument. Partly yes for the second part of the
sentence. If
> >you can find a way to distinguish responsible (or at least accountable)
> >individuals from the rest, I have no problem with wide distribution. If
you
> >can't make that distinction, I think you have to bear some
responsibility
> >for allowing a thing you have made to be misused.
>
> In which case, I challenge you to come up with a single workable
> method of distinguishing 'responsible' or 'acountable'
> groups/individiuals from any other kind.
I thought I had made the point by implication: it usually isn't possible or
even likely. Trust is central to computer security so I'm sure this is
familiar ground to you. Hence the alternative discriminator: price.
> I'm all to well aware of that, I'm not an idealist of any type, that
> doesn't mean I have to think that this type of 'crony capitalism' is
> right.
Crony capitalism is one of many possible outcomes of using price as the
means to discriminate between possible and impossible users. It isn't the
necessary outcome. Look at the effect of first and business-class air
travellers on economy fares for the counter-example.
> Actually I was making the argument based on my reading of Ormerod and
> Galbraith, and from my own education in Business/Economics, which are
> all circa 20th Century.
I wouldn't. If you've been following this thread since the beginning,
you'll know I don't think much of theory, particularly those that are now
at least 20 years out of date for the economy their models are derived
from. Economics moves faster than academics.
> >Why does the production of the tool matter? Because, when used with
other
> >widely available tools, it allowed relatively naive users a much better
> >chance of gaining access to systems than they would have had without it.
>
> I still feel that this is an arguable point, these supposedly naive
> users would already have had to gain access to the system in order to
> retrieve the password file. Gone are the days (hopefully) when you
> could just ftp it. I haven't seen an unshadowed password file for a
> long time (although I'm open to the possibility that they still
> exsist), which leads me on to the second part of my argument, which is
> that the 'vulnerabilies' exploited by Crack (and many, many simmilar
> tools available) are caused by sites operating poor security policies.
A lot of this is fair, so let's flesh out the argument. I don't think you'd
argue that in late 1996, good point-and-click hacking tools could defeat
poor system security. (With the release of Back Orifice, I'd argue that
those stakes have just been upped.) Those tools put "relatively naive
users" inside systems they had real trouble understanding. Crack opened up
the possibility of their investigation by successfully impersonating a
valid user - if we don't admit that, then we don't admit that Crack has any
potential value to a hacker at all.
Are the vulnerabilities exploited by Crack caused by sites operating poor
security policies? Absolutely. Do I buy your analogy that:
>You wouldn't leave your car
> parked on a London street, full of valuables, with the windows open
> and the doors unlocked, and then, on discovering that you had been
> robbed, deny any personal responsibility, now would you ?
No. Poor security policies are a consequence of two things: no brains and
no money. Very often no brains is a consequence of no money. Where
knowledge is a commodity you can price, this kind of analogy breaks down.
It costs money (in either time or staff costs) to be aware of what's safe
and what's not in the on-line world. Alec, I think, would argue that Crack
is a means of reducing that cost. I have argued that it may only shift the
burden of cost.
As hackers adopt Crack, more sophisticated attacks are possible by a
greater population of attackers. Well-protected commercial sites should not
suffer. Poorly-protected sites which have employed the brains to hear of
and adopt Crack become immune. Poorly-protected sites which can't afford
brains become even more vulnerable.
None of us know who's right in our predicitons of the outcomes of Crack's
release. Pricing hacking damage is nearly impossible. Pricing it finely
enough to see if I'm right is absolutely impossible. That's why this whole
argument has been cast in moral terms. And please note: I have never said
that Alec is definitely wrong, only that his actions are open to question.
The quotes run in the original piece illustrate the depth of feeling among
his critics that his actions should be questioned.
> So if charging a large amount of money for something limits it's
> availability to those who would only use it in a way that you would
> approve of, how come HMG can approve a GBP X million weapons shipment
> that is then used to massacre civilians and government opposition in
> the country that was granted the end user licencse ?
Are you asking me to defend the morality of arms sales to countries that
have repressive domestic regimes or are you genuinely asking if HMG doesn't
know that's what they will be used for? Don't ask me to defend a British
government - I vote SNP for a reason.
> No, and nor do I. It makes no sense from a Business (or even
> capitalist) point of view. Take this example. Bloke X, a smart young
> graduate from a good university, decides to start a business.
<snippage of the trials of a young entrepreneur>
> If products such as Crack were highly priced, he would be unable to
> afford the requisite software to start his business, and thus the idea
> would die as soon as he presented his business plan to the bank
> manager or other financial advisor.
> Thus enterprise and entrepeneur[ship|ism|is that even spelled right ?]
> (supposedly the life blood of capitalism) is thwarted.
Bollocks from top to bottom. If this young man really is good, if really
does understand the potential market for his services, he will atrract
backers ready to bankroll the venture. Your argument betrays a fundamental
ignorance of the methods of capital formation and, by extension,
capitalism. Entrepreneurship only works as well as the minds of the
entrepreneurs. Tell your young man all he lacks is a better education in
how the world works.
> This type of use of money as a mechnasim of political ccntrol merely
> guarantees that only corporates with vast amounts of funding/credit at
> their disposal can play the game, and keeps small players locked out.
Sure, now explain Linux. (Don't, I'm going to make a better reference to
this later.)
> I think you would find that most economics/business texts would argue
> that this situation is -bad- for the economy.
I suspect the authors of those texts would distance themselves from your
arguments as fast as their little feet would carry them.
> Those reasons being, as I understand, and please feel free to correct
> me if I've misconstrued it, that it is morally questionable to make it
> easy to obtain anything which could conceivably be used to cause harm.
How about: "you can be certain will cause harm."
> In which case, anything sharp (or blunt and heavy) should be priced
> out of reach of the ordinary person to prevent such items as
> nailfiles, scissors, garden tools, bricks, those pointy combs or
> cricket bats being used as offensive weapons.
>
> I can understand your arguments, but logically, this kind of system
> leads to fallacy.
Not if you look at like a capitalist. What price do you assign to the
knowledge of what those pointy tools can be used for? I'd argue zero, as I
can remember Mummy's constant cry: "Don't stick that in your sister's eye!"
The knowledge of what Crack can be used for carries a commercial value.
Until the price of that knowledge is zero, someone will pay it.
> I also have a problem with your argument that the amount of money a
> person/organisation has is a suitable metric for deciding how
> 'responsible' or 'accountable' they are. Frankly, if this were the
> case, the world wouldn't be such a f*cked up mess.
Personally, I blame the abandonment of the classical scale by 20th C
composers. On the other hand, I think the world's in its best state for the
last 1,000 years. On your point, organisations that have the ability to
spend £1500 on a piece of software tend to have boards. Those boards are
legally accountable for the actions of the bodies they advise. The metric
for accountability isn't a moral, it's material.
> There are issues to be addressed here, but I don't think you're
> looking in the right place, if you want to take issue with the
> potential misuse of a tool, you'd be better off looking at the
> underlying factors which could cause such misuse, but I don't suppose
> that 'School age children might crack passwords because they are
> bored, undermotivated, not stimulated by a festering education system
> and unable to find their own identity in a media saturated society'
> makes much of a Telegraph headline does it, no hook, no angle, no
> reaffirmation of right wing perceptions.
The problem isn't that it's not a Telegraph story, the problem is that it
isn't news. "O generarium viperorum..." is a very old story indeed.
And a couple of points to round out the argument. Freeware messes up any
kind of capitalist thinking because it introduces a price distortion into
the equation that capital theory can't handle. To produce freeware, people
like Alec are deliberately reducing the price of their efforts to zero.
In the obvious way, that dramatically reduces the costs to user who wish to
take advantage of their work. In a more subtle way, it pushes unexpected
costs onto those who must react to the work's widespread availability.
No-one but Alec has asked what I actually think of what he did - not as a
reporter, just my own view. The two are different - my job as a reporter is
to ask, and as far as I can, answer the obvious questions in a limited
space. Personally, I find entirely convincing Alec's argument that the
burdens of becoming a commercial operator and charging for Crack were too
onerous to make it possible. Those restrictions would have made it
impossible for to accomplish much of the good work he has done for sysops.
I support freeware but I am aware that many of its costs are hidden.
Freeware security programs, I would insist, are likely to become the
flashpoint for debates over morality for a simple reason: they can do harm
(and thus push costs) onto those bodies least able to defend themselves.
The same arguments I apply to Crack, I would apply to Back Orifice. I would
not apply them to PGP or Linux. I hope the reasons why are now obvious.
Mike.
Steve T
<mon...@insider.co.uk> wrote:
>
>Steve T <ca4...@isis.sund.ac.IHATESPAM> wrote in article
><35e49576...@orac.sund.ac.uk>...
> ST> In which case, I challenge you to come up with a single workable
> ST> method of distinguishing 'responsible' or 'acountable'
> ST> groups/individiuals from any other kind.
>I thought I had made the point by implication: it usually isn't possible or
>even likely.
Then why bother trying.
>Trust is central to computer security so I'm sure this is
>familiar ground to you.
Hmmmmm
>Hence the alternative discriminator: price.
So, as we can't decide who is likely to be responsible, we just decide
to use monetary status as an arbitrary device to control the
dissemination of a potentially harmful item. Inspired.
>> I'm all to well aware of that, I'm not an idealist of any type, that
>> doesn't mean I have to think that this type of 'crony capitalism' is
>> right.
>
>Crony capitalism is one of many possible outcomes of using price as the
>means to discriminate between possible and impossible users.
You seem to have missed my point almost completely. And that sentence
is utterly irrelevant. 'price as a means to discriminate between
possible and impossible users', oh dear. What I argued has nothing to
do with that. It is quite obvious that for any item that has a price,
price is a means of discrimination between possible and impossible
owners.
>It isn't the necessary outcome.
I never said it was, I said it is what we have, and it is what you are
supporting with your arguments that any tool or item of information
that may -potentially- be used against the wealthy or the powerful be
resticted in such a way that is only available to them.
>Look at the effect of first and business-class air
>travellers on economy fares for the counter-example.
Oh please, as you said in an earlier post, find another sucker.
>> Actually I was making the argument based on my reading of Ormerod and
>> Galbraith, and from my own education in Business/Economics, which are
>> all circa 20th Century.
>
>I wouldn't. If you've been following this thread since the beginning,
>you'll know I don't think much of theory, particularly those that are now
>at least 20 years out of date for the economy their models are derived
>from. Economics moves faster than academics.
Right, let's work through this from top to bottom shall we ?
>I wouldn't. If you've been following this thread since the beginning,
If -you- had been following this thread from the begining, you would
be aware that it was in fact myself that opened the debate, and you
would also have realised by now that the thread was originally
intended to discuss the effects on society of the media and other
influential factors such as education.
>you'll know I don't think much of theory,
I know that you completely failed to understand any of the theories
that were presented here, and I have archived posts that prove it
quite adequately.
>particularly those that are now at least 20 years out of date for
>the economy their models are derived from.
Two points here.
Firstly, you are assuming that any argument I make is drawn directly
from the texts I am describing. I realise that as a Telegraph
Journalist, this may be hard for you to accept, but I am quite capable
of drawing my own conclusions from texts with which I either a:)
disagree, or b:) agree with only partially. Think again.
Secondly, have you actually read any of Ormerod's stuff, such as, just
as an example "The Death Of Economics", which suggests that most
economic theory is flawed and way out of date ?.
It rather sounds like you haven't, as this seems to be the point -you-
are trying to make.
<snip>
> ST> which leads me on to the second part of my argument, which is
> ST> that the 'vulnerabilies' exploited by Crack (and many, many simmilar
> ST> tools available) are caused by sites operating poor security policies.
>A lot of this is fair, so let's flesh out the argument. I don't think you'd
>argue that in late 1996, good point-and-click hacking tools could defeat
>poor system security.
Well, I'm not sure that I understand that sentence, but in fact, I
would argue that in late 1996 (it's 1998 now, BTW), good point and
click hacking tools -could- defeat poor system security, and did.
Which is the point that I was making.
>(With the release of Back Orifice, I'd argue that
>those stakes have just been upped.)
OK, fine, go and download a copy, read the documentation, and then
tell me that anyone who gets hit with BO was operating a good security
policy.
>Those tools put "relatively naive
>users" inside systems they had real trouble understanding.
Ok, at this point, I feel it is important for you define what you mean
by 'naive'.
>Crack opened up
>the possibility of their investigation by successfully impersonating a
>valid user - if we don't admit that, then we don't admit that Crack has any
>potential value to a hacker at all.
Crack obviously has some potential value to a 'hacker', but it does
not help a 'hacker' with an attack by itself, as we both know.
>Are the vulnerabilities exploited by Crack caused by sites operating poor
>security policies? Absolutely. Do I buy your analogy that:
> ST> You wouldn't leave your car
> ST> parked on a London street, full of valuables, with the windows open
> ST> and the doors unlocked, and then, on discovering that you had been
> ST> robbed, deny any personal responsibility, now would you ?
>No. Poor security policies are a consequence of two things: no brains and
>no money. Very often no brains is a consequence of no money. Where
>knowledge is a commodity you can price, this kind of analogy breaks down.
>It costs money (in either time or staff costs) to be aware of what's safe
>and what's not in the on-line world. Alec, I think, would argue that Crack
>is a means of reducing that cost. I have argued that it may only shift the
>burden of cost.
And I think that Alec would be right. There is a very darwininan
process that occurs when programs such as Crack or Satan become
available, they cause evolutionary pressure which forces a rethink of
security measures and policies, thus ensuring that information about
potential vulnerabilities and solutions is widely distibuted.
If I'm a small time *nix admin, and I can't afford to buy Crack at
GBP 1500 or however much you thought it shuld be, Im out of luck in
testing my user's passwords. And then I'm vulnerable, and someone who
has more money available isn't. So when it comes time for 'Mr
supposedly naive hacker' to go shopping, he picks me, and I'm f*cked.
Then I have to spend X time and money on getting my system up, with
little idea of how. This shifts the burden of cost on to me, and I
can't afford it.
The shift works both ways. But if I -do- have crack, I can secure my
site, for free, and that cost never occurs. The big admins can do the
same, and save themselves a few bob to boot. Less cost involved all
round, not more.
>As hackers adopt Crack, more sophisticated attacks are possible by a
>greater population of attackers.
Stealing a password file and then running it through crack is -NOT- a
sophisticated attack.
>Well-protected commercial sites should not
>suffer. Poorly-protected sites which have employed the brains to hear of
>and adopt Crack become immune.
Hmmm.
>Poorly-protected sites which can't afford
>brains become even more vulnerable.
Not if Crack etc are free, and not if they have the minimum amount of
grey matter to RTFM, even if it just the docs that came with their
system. This is exactly the kind of evolutionary pressure I meant.
Sites will -get- secured because the tools to do it are free, and
because of the risk of tools being misused.
>None of us know who's right in our predicitons of the outcomes of Crack's
>release. Pricing hacking damage is nearly impossible. Pricing it finely
>enough to see if I'm right is absolutely impossible. That's why this whole
>argument has been cast in moral terms.
And by 'greater good to the greater number' style morals, it is badly
flawed.
>And please note: I have never said
>that Alec is definitely wrong, only that his actions are open to question.
>The quotes run in the original piece illustrate the depth of feeling among
>his critics that his actions should be questioned.
Well, I would still argue that you were very very selective with your
quotes, you could have found a -lot- more people who wouldn't have
responded with such a wailing and a gnashing of teeth, and would have
done so in a far less emotive manner.
> ST> So if charging a large amount of money for something limits it's
> ST> availability to those who would only use it in a way that you would
> ST> approve of, how come HMG can approve a GBP X million weapons shipment
> ST> that is then used to massacre civilians and government opposition in
> ST> the country that was granted the end user licencse ?
>Are you asking me to defend the morality of arms sales to countries that
>have repressive domestic regimes or are you genuinely asking if HMG doesn't
>know that's what they will be used for? Don't ask me to defend a British
>government - I vote SNP for a reason.
Neither, as I am well aware of the answer to the question, and I would
never encourage anyone to defend such things. I am asking you to
defend you standpoint that wealth can be used to measure trust or
responsibility or whatever, when this is quite clearly not the case in
the real world.
<snip>
>Bollocks from top to bottom.
Wrong.
>If this young man really is good, if really
>does understand the potential market for his services, he will atrract
>backers ready to bankroll the venture.
I would say that this is arguable.
>Your argument betrays a fundamental
>ignorance of the methods of capital formation and, by extension,
>capitalism.
Dont patronise me, I am very familliar with methods of capital
formation, if you know so much then suggest where this mythical store
of capital that's just waiting to be thrown around resides, not with
the TEC, not with EU or HMG grants, not with banks. What do you
suggest, ask your friendly local millionaire ?
>Entrepreneurship only works as well as the minds of the
>entrepreneurs. Tell your young man all he lacks is a better education in
>how the world works.
The young man is an entirely theoretical construct, be careful how you
read things. And again, you are being patronising in a way I find
particulalry offensive.
>> This type of use of money as a mechnasim of political ccntrol merely
>> guarantees that only corporates with vast amounts of funding/credit at
>> their disposal can play the game, and keeps small players locked out.
>Sure, now explain Linux. (Don't, I'm going to make a better reference to
>this later.)
>> I think you would find that most economics/business texts would argue
>> that this situation is -bad- for the economy.
>
>I suspect the authors of those texts would distance themselves from your
>arguments as fast as their little feet would carry them.
You seem to get more patronising as you go along with this post, have
you been having a bad day.
Name me one single text book, theory or individual who will cite one
single reason why corporate monopolies are good for economies. And
again, I think you should read the posts more carefully, before knee
jerking your responses.
>> Those reasons being, as I understand, and please feel free to correct
>> me if I've misconstrued it, that it is morally questionable to make it
>> easy to obtain anything which could conceivably be used to cause harm.
>
>How about: "you can be certain will cause harm."
But you can't be -certain-, can you ?
> ST> I can understand your arguments, but logically, this kind of system
> ST> leads to fallacy.
>Not if you look at like a capitalist.
But I don't, (becuase I am not a capitalist), and neither do you, you
are looking at it like an elitist.
>What price do you assign to the
>knowledge of what those pointy tools can be used for? I'd argue zero, as I
>can remember Mummy's constant cry: "Don't stick that in your sister's eye!"
>The knowledge of what Crack can be used for carries a commercial value.
>Until the price of that knowledge is zero, someone will pay it.
As a 'capitalist' I would expect you to know that everything has a
price (or at least a cost of some type). The question is always
weather the price is worth paying. You have failed to convince me
that the supposed 'cost to society' of releasing Crack and other tools
freely is not worth paying.
> ST> I also have a problem with your argument that the amount of money a
> ST> person/organisation has is a suitable metric for deciding how
> ST> 'responsible' or 'accountable' they are. Frankly, if this were the
> ST> case, the world wouldn't be such a f*cked up mess.
>Personally, I blame the abandonment of the classical scale by 20th C
>composers. On the other hand, I think the world's in its best state for the
>last 1,000 years.
ROFL
That's one of the funniest things I've heard for a long, long time. I
suggest that you get out more. Just because the world is in 'it's
best state for the last 1000 years', doesn't mean it isn't fucked up
now. Look around you.
>On your point, organisations that have the ability to
>spend Ł1500 on a piece of software tend to have boards. Those boards are
>legally accountable for the actions of the bodies they advise.
Oh really, you're at it again. Do you assume that I have no idea of
the basics of company formation. Do you want me to start quoting from
company law, or start talking about articles and memorandums of
association, do you really assume such basic ignorance on my part.
This is the most obvious reply you could have made, and I'm not stupid
enough to have overlooked it. Nor am I naive enough to simply roll
over to it. If you are under the impression that just because a
compnay has a board, or indeed even shareholders, that is in some way
publically accountable, then you are somewhat astray of reality.
You and I both know that big companies get away with all manner of
dodgy dealings on a day to day basis because they have enough money to
ensure that either they aren't caught or that if they are, they win
their case in court. And please, don't start up patronising me about
the legal system, as I am qualified in law.
>The metric
>for accountability isn't a moral, it's material.
You still haven't provided a good argument as to how using wealth as a
metric is supposed to ensure the kind of characteristics you want.
>> There are issues to be addressed here, but I don't think you're
>> looking in the right place, if you want to take issue with the
>> potential misuse of a tool, you'd be better off looking at the
>> underlying factors which could cause such misuse, but I don't suppose
>> that 'School age children might crack passwords because they are
>> bored, undermotivated, not stimulated by a festering education system
>> and unable to find their own identity in a media saturated society'
>> makes much of a Telegraph headline does it, no hook, no angle, no
>> reaffirmation of right wing perceptions.
>
>The problem isn't that it's not a Telegraph story, the problem is that it
>isn't news. "O generarium viperorum..." is a very old story indeed.
So it is, but perhaps people need reminding every so often, just
because it isn't a new phenomenena, doesn't mean that it doesn't
deserve media coverage. Princess Diana has been dead for a year, and
she's getting plenty of coverage, and none of it says "Princess Still
Dead SHOCK!". You can always find a new angle, as you are well aware.
>And a couple of points to round out the argument. Freeware messes up any
>kind of capitalist thinking because it introduces a price distortion into
>the equation that capital theory can't handle.
Yeah, that's right, so ? I personally enjoy it immensely when things
like that happen.
>To produce freeware, people
>like Alec are deliberately reducing the price of their efforts to zero.
>In the obvious way, that dramatically reduces the costs to user who wish to
>take advantage of their work. In a more subtle way, it pushes unexpected
>costs onto those who must react to the work's widespread availability.
My heart bleeds, see above, and see further above, I think this
argument is badly flawed, besides which, all development, all progress
has a price. Survival of one species may mean extinction for another,
tough.
<snip>
>I support freeware but I am aware that many of its costs are hidden.
>Freeware security programs, I would insist, are likely to become the
>flashpoint for debates over morality....
such as this one :-)
> .....for a simple reason: they can do harm
>(and thus push costs) onto those bodies least able to defend themselves.
>The same arguments I apply to Crack, I would apply to Back Orifice. I would
>not apply them to PGP or Linux. I hope the reasons why are now obvious.
BO is an entirely different kettle of fish as it is designed almost
expressly with intrusive attacks in mind, but I would still argue that
ultimately, it will (or it bloody should) force MS to sort out some
decent security for their OS's and raise awareness of the weak
security of their stuff. The overall effect of this, in time, will be
positive. (and will also help the Linux cause as a side effect)
Like I say, I can fully understand your arguments, but I'm afraid that
you are trying to argue from a moral standpoint with which I have no
sympathy, and which seems to be tied to some bizzare notion of capital
as the ultimate truth. You rant that I'm using theory that is 20
years out of date, haven't you heard, this is the -information- age,
Steve T
Michael McCormack
bit touchy, for a number of reasons. I propose to try to re-establish the
basic framework for the debate then go back to the points at issue.
Hopefully we can both calm things down and get the discussion moving in the
right direction again.
And yes, I was more than a little bit patronising in the last posting and I
apologise for it. You were right, it wasn't necessary or welcome.
So, I'll do this in three parts: a clarification of some of the incorrect
assumptions that are starting to poison the argument, a restatement of what
we're debating, then my views on the points raised in your last posts. The
first two aren't meant to be my "final say" on what we're talking about and
what we're not, just an effort to put things back on track.
To allow this kind of restructuring, I'm going to take many of the points
you've raised out of order. If that causes problems, feel free to do the
same if you choose to reply.
Clarifications:
1. Why are Alec and I having this debate? In my view, there are three basic
reasons. First, the questions raised in the piece: was the act of releasing
Crack5 morally acceptable (and from that, was the coverage honest)? Second,
should Alec have been put in the position of having to answer such a
question, particularly when his quotes were surrounded by some very hostile
language from (largely anonymous) security "professionals"? Third, and I
suspect the reason the debate has lingered for so long, Alec and I have both
questioned each other's professional integrity either directly or by
implication in the course of our discussions. Neither of us is inclined to
let those comments lie.
2. Am I the voice of capitalism? I doubt it. Let's both stop mistaking the
argument for the man. You've made it clear you're arguing as much from
observation (if not more) as theory. I'm happy to accept that and I'll stop
pissing on academia as a consequence. If I'm arguing from a capitalist
standpoint in defending the construction of a Telegraph piece, I think we'd
both agree that's logical - the paper is aimed, largely, at capitalists and
that aim affects the way pieces are constructed.
3. What is the purpose of this thread? If we want to resume a broad
discussion of the role and effects of the media using coverage of hacking as
our example, fine with me. I believe there isn't enough contact between
media theorists and media practitioners, that serious problems occur as a
result, and I'm delighted to be involved in any discussion between the two
sides. I appreciate that you have a well-informed interest in the subject
and I found the posting from your "tame expert" fascinating. (By the way,
I'd be extremely grateful if you could persuade her to try answering some of
the questions I posed to her.) If we are here to rehearse the arguments for
and against the report of Crack 5's release in the Telegraph, I'll do that
too. If we're trying to tie the two subjects together - to use that piece as
an example of a larger picture - I have honest doubts about the life and
utility of the argument. The two people with the best-informed perspectives
have established that they're not going to agree on the fundamentals.
That gives us three options for a debate, and I'll leave it up to you to
choose which one you want to pursue. If you can see other options, I'll
follow you.
Restatement:
Option1: Why does the media report on hacking the way it does?
Option2: Why did the Crack 5 piece in the Telegraph read the way it did and
what were the effects of its publication?
Option3: Is that piece typical of hacking coverage and what does it indicate
about how hacking is likely to be covered in the future?
For what it's worth, I can see the point of splitting the thread - these are
all interesting questions. I have to admit, I'm unlikely to have enough time
to pursue more than one of them effectively.
My views on your last post:
Steve T wrote in message <35e9a249...@orac.sund.ac.uk>...
>So, as we can't decide who is likely to be responsible, we just decide
>to use monetary status as an arbitrary device to control the
>dissemination of a potentially harmful item. Inspired.
<and>
>This is the most obvious reply you could have made, and I'm not stupid
>enough to have overlooked it. Nor am I naive enough to simply roll
>over to it. If you are under the impression that just because a
>compnay has a board, or indeed even shareholders, that is in some way
>publically accountable, then you are somewhat astray of reality.
I don't think the monetary discriminator is entirely arbitrary. You've noted
that you have a background in law but have suspicions about the morality of
businesses and their boards. I admit I buried my point in an unwarranted
mass of sarcasm, so I'll restate it: I believe the price means fewer
teenagers with kewl haxxoring in mind will get copies of the product. I
believe that if a list of the organisations buying the product is kept, the
boards of those organisations can be held liable for civil and criminal
penalties if the police trace a misuse of the product back to them. I don't
believe that businesses are more moral than anyone else, I do believe that
commercial sale can be used to place some restrictions on ownership and,
more importantly, ensure that anyone in possession of Crack5 knows that the
knowledge of his possession can be turned over to an investigating force. I
believe people are more honest when there's a paper trail.
<and>
>You seem to have missed my point almost completely. And that sentence
>is utterly irrelevant. 'price as a means to discriminate between
>possible and impossible users', oh dear. What I argued has nothing to
>do with that. It is quite obvious that for any item that has a price,
>price is a means of discrimination between possible and impossible
>owners.
<and>
>I never said it was, I said it is what we have, and it is what you are
>supporting with your arguments that any tool or item of information
>that may -potentially- be used against the wealthy or the powerful be
>resticted in such a way that is only available to them.
I may well have missed your point entirely. I wrote under the impression
that you felt I wanted to see useful things restricted to an overclass. With
all respect to Alec, I find Linux more useful than Crack 5 and I'm damn glad
it's freeware. It's not my job to protect the wealthy and powerful, I'm
arguing that the unrestricted release of Crack5 placed poor and ignorant
sysops (and their companies/organisations) at greater risk than they were
before.
>>Look at the effect of first and business-class air
>>travellers on economy fares for the counter-example.
>
>Oh please, as you said in an earlier post, find another sucker.
All right, hands up, I didn't think you'd fall for that one.
>If -you- had been following this thread from the begining, you would
>be aware that it was in fact myself that opened the debate, and you
>would also have realised by now that the thread was originally
>intended to discuss the effects on society of the media and other
>influential factors such as education.
<and>
>I know that you completely failed to understand any of the theories
>that were presented here, and I have archived posts that prove it
>quite adequately.
And I think we've now reached a point where we need to restate what we're
going to debate. We've largely stopped listening to each other and started
pissing each other off. I think it's because even a long post doesn't let us
take positions where we can adequately synthesise information from a number
of fields.
>Firstly, you are assuming that any argument I make is drawn directly
>from the texts I am describing. I realise that as a Telegraph
>Journalist, this may be hard for you to accept, but I am quite capable
>of drawing my own conclusions from texts with which I either a:)
>disagree, or b:) agree with only partially. Think again.
Point taken.
>Secondly, have you actually read any of Ormerod's stuff, such as, just
>as an example "The Death Of Economics", which suggests that most
>economic theory is flawed and way out of date ?.
>
>It rather sounds like you haven't, as this seems to be the point -you-
>are trying to make.
I have read some, but not nearly all, of what Ormerod has written, and what
I have read strikes me as a good economic investigation of the "Death of
History" position. I would argue that, like most economists, he's arguing
about the validity of models, not the state of economics and capitalism
itself. However, this is probably not very germane to any of the topics
we've been addressing.
>>A lot of this is fair, so let's flesh out the argument. I don't think
you'd
>>argue that in late 1996, good point-and-click hacking tools could defeat
>>poor system security.
>
>Well, I'm not sure that I understand that sentence, but in fact, I
>would argue that in late 1996 (it's 1998 now, BTW), good point and
>click hacking tools -could- defeat poor system security, and did.
>Which is the point that I was making.
This isn't very important, but I was trying to set the scene at the time of
Crack5's release.
>>(With the release of Back Orifice, I'd argue that
>>those stakes have just been upped.)
>
>OK, fine, go and download a copy, read the documentation, and then
>tell me that anyone who gets hit with BO was operating a good security
>policy.
Did that, read that. A good security policy is hard to find (and, as I have
argued, is usually found inside organisations with lots of money). I think
we would both agree that BO, in some ways, has forced a rethink of what
defines a good security policy when the user is root. That fact of Microsoft
life has not been as widely understood, even among sysops, as it might have
been.
>Ok, at this point, I feel it is important for you define what you mean
>by 'naive'.
For starters, how about an 18 year old with a wardialler, six months'
experience with Linux, a beige box and an attitude? I agree that this
definition could be crucial to our approach to what the "naive" attacker can
accomplish, so I'll accept any modifications you want to offer that help us
narrow the field.
>And I think that Alec would be right. There is a very darwininan
>process that occurs when programs such as Crack or Satan become
>available, they cause evolutionary pressure which forces a rethink of
>security measures and policies, thus ensuring that information about
>potential vulnerabilities and solutions is widely distibuted.
I agree with this but I think it's only one side of the coin. Evolutionary
pressures cause harm and extinctions. I have argued that these will be borne
largely by organisations that can't afford to be smart. This takes us right
back to the moral question. From your posts, I'm guessing that you'd agree
with me that Darwinism is an amoral process. I think people shouldn't be
equally amoral.
>If I'm a small time *nix admin, and I can't afford to buy Crack at
>GBP 1500 or however much you thought it shuld be, Im out of luck in
>testing my user's passwords. And then I'm vulnerable, and someone who
>has more money available isn't. So when it comes time for 'Mr
>supposedly naive hacker' to go shopping, he picks me, and I'm f*cked.
I don't agree that Mr Haxxor will have the £1500 to buy the product. It's
probably worth interjecting that Alec could, if he had taken the route of
becoming a commercial entity, offered Crack5 to educational and charitable
instutions for a nominal fee, provided they could offer him a headed-paper
order and a name/telephone number he could check.
Before we start, I'm not blind to the opportunity for fraud here. But I
think it's better (morally) to make some attempts to control who gets Crack
than to make none.
>The shift works both ways. But if I -do- have crack, I can secure my
>site, for free, and that cost never occurs. The big admins can do the
>same, and save themselves a few bob to boot. Less cost involved all
>round, not more.
The shift does work both ways. Less cost involved all round, quite possibly.
A shift in cost to those orgs that can't afford the brains to know what
Crack is and why they need it, almost definitely.
>Stealing a password file and then running it through crack is -NOT- a
>sophisticated attack.
I think the phrasing "more sophisticated" really matters here, especially as
I'm taking my attacker to be very naive indeed.
>Not if Crack etc are free, and not if they have the minimum amount of
>grey matter to RTFM, even if it just the docs that came with their
>system. This is exactly the kind of evolutionary pressure I meant.
>Sites will -get- secured because the tools to do it are free, and
>because of the risk of tools being misused.
This is the basic premise of freeware and - I'd put it in 48-point type if I
could - I agree with it. My point is that there will be casualties of this
process and that the distributors of free security tools should be ready to
accept that they will be pointed to as the ones who tooled up attackers -
for free.
>And by 'greater good to the greater number' style morals, it is badly
>flawed.
That's as much my point as yours. If we want to investigate the morality of
Crack's distribution, we have to look not at the bigger picture, but Alec's
role. Could he have done more to protect people without unduly limiting the
good Crack makes possible? I think that's a question a newspaper is entitled
to ask. My own view is that he probably couldn't, given his disinterest in
becoming a commercial entity. That leads us to another set of questions I
think a paper is entitled to ask: Are we (Britain) ready to allow the
unfettered distribution of these programs? Do we accept that the ultimate
greater good is a fair trade for the damage some systems will suffer? Would
the mechanism for attempting to control the distribution of such security
tools be so onerous and unwieldy as to make the whole process a farce? If
so, (and I believe so) what are we going to do, if anything?
>Well, I would still argue that you were very very selective with your
>quotes, you could have found a -lot- more people who wouldn't have
>responded with such a wailing and a gnashing of teeth, and would have
>done so in a far less emotive manner.
This part of the argument is well-rehearsed. Alleging selctivity of quotes
is a very serious smear of a hack's reputation. Don't assume any agenda had
primacy in the coverage of this release. The fact remains that, out of more
than a dozen interviews with academic and commercial sysops plus security
advisors, Alec received one piece of lukewarm support, which was included in
the article.
Alec has pointed out very capably, and I accept, that his audience and the
Telegraph's definition of "expert source" do not coincide. I hold the view
that what you see depends where you stand.
>Neither, as I am well aware of the answer to the question, and I would
>never encourage anyone to defend such things. I am asking you to
>defend you standpoint that wealth can be used to measure trust or
>responsibility or whatever, when this is quite clearly not the case in
>the real world.
I wouldn't, although I can see from the posting I made why you could
honestly interpret my comments in that way. I was arguing not for the
greater morality of wealth but for the paper trail and its role in keeping
organisations honest.
>>If this young man really is good, if really
>>does understand the potential market for his services, he will atrract
>>backers ready to bankroll the venture.
>
>I would say that this is arguable.
It is, but I think I've got the winning hand. In Scotland alone there's a
pool of £9m+ looking for electronic ventures to back. I suspect there's less
in Sunderland but if you go to London you can starting adding zeros to that
figure. More lower down...
>Dont patronise me, I am very familliar with methods of capital
>formation, if you know so much then suggest where this mythical store
>of capital that's just waiting to be thrown around resides, not with
>the TEC, not with EU or HMG grants, not with banks. What do you
>suggest, ask your friendly local millionaire ?
This non-mythical store of capital is largely represented in Britain by
three sources: 1. Quangos designed to introduce entrepreneurs to private
investors (usually in amounts between £5,000 and £500,000, mostly at the
smaller end of that scale). Your local Lec will have details of an "Angel"
program near you. If they don't, try farther south.
2. Financial advisors. This isn't the quick route but many have clients
looking for private investment vehicles. These aren't, generally,
millionaires, just guys with a few thousand lying around that they want to
take a punt with. Finding them is not a quick job but a young man with good
ideas, a solid business plan and the patience to do a year's worth of
networking will find them.
3. Venture Capitalists. There aren't many in Sunderland and they aren't
going to be very interested in a venture that will finally turn over less
than £10m a year but they will take any entrepreneur's call.
>You seem to get more patronising as you go along with this post, have
>you been having a bad day.
I did, I was, I apologise.
>Name me one single text book, theory or individual who will cite one
>single reason why corporate monopolies are good for economies. And
>again, I think you should read the posts more carefully, before knee
>jerking your responses.
I can actually think of a few, none still alive. As I think we'll both
accept, that wasn't the argument I was making.
>But you can't be -certain-, can you ?
I think I can. It's debatable, I accept, but I suspect Alec himself would
agree that Crack has been used for things some sysops wish it hadn't.
>But I don't, (becuase I am not a capitalist), and neither do you, you
>are looking at it like an elitist.
I deserve that, given the tone of my last post. I don't make the argument
that concentrations of capital are a universal solution to moral problems. I
would argue that, in the case of Crack5's release, a corporate structure cou
ld have improved the situation for some sysops. Let's not magnify a specific
argument to a field it wasn't intended to address.
>As a 'capitalist' I would expect you to know that everything has a
>price (or at least a cost of some type). The question is always
>weather the price is worth paying. You have failed to convince me
>that the supposed 'cost to society' of releasing Crack and other tools
>freely is not worth paying.
Using a capitalist's arguments, I would disagree that everything has a price
or can be priced. The "cost to society", expressed as a cost to cash-poor
organisations, may well be worth paying. I argue that it's a fair question
to ask.
>>Personally, I blame the abandonment of the classical scale by 20th C
>>composers. On the other hand, I think the world's in its best state for
the
>>last 1,000 years.
>
>ROFL
>
>That's one of the funniest things I've heard for a long, long time. I
>suggest that you get out more. Just because the world is in 'it's
>best state for the last 1000 years', doesn't mean it isn't fucked up
>now. Look around you.
You'll appreciate that a disabled immigrant may take a different view of
things, as might someone who looks at world hunger, poverty and mortality
tables. "Fucked up" is a relative term.
>You still haven't provided a good argument as to how using wealth as a
>metric is supposed to ensure the kind of characteristics you want.
The characteristic I want is a named person the police can interview if an
attack using Crack5 can be traced. I think a high price gives you a better
chance of having a name.
>>The problem isn't that it's not a Telegraph story, the problem is that it
>>isn't news. "O generarium viperorum..." is a very old story indeed.
>
>So it is, but perhaps people need reminding every so often, just
>because it isn't a new phenomenena, doesn't mean that it doesn't
>deserve media coverage. Princess Diana has been dead for a year, and
>she's getting plenty of coverage, and none of it says "Princess Still
>Dead SHOCK!". You can always find a new angle, as you are well aware.
True enough. It's just not what I like to write about.
>>And a couple of points to round out the argument. Freeware messes up any
>>kind of capitalist thinking because it introduces a price distortion into
>>the equation that capital theory can't handle.
>
>Yeah, that's right, so ? I personally enjoy it immensely when things
>like that happen.
Me too. I think the uselessness of capital theory should spur the makers of
freeware to think creatively about whether they should try to control access
to it and if so, how.
>My heart bleeds, see above, and see further above, I think this
>argument is badly flawed, besides which, all development, all progress
>has a price. Survival of one species may mean extinction for another,
>tough.
I dislike amoral arguments. Your heart may not bleed but I suspect the
cash-poor organisations at risk of harm wish it would.
>>I support freeware but I am aware that many of its costs are hidden.
>>Freeware security programs, I would insist, are likely to become the
>>flashpoint for debates over morality....
>
>such as this one :-)
Spot on.
>BO is an entirely different kettle of fish as it is designed almost
>expressly with intrusive attacks in mind, but I would still argue that
>ultimately, it will (or it bloody should) force MS to sort out some
>decent security for their OS's and raise awareness of the weak
>security of their stuff. The overall effect of this, in time, will be
>positive. (and will also help the Linux cause as a side effect)
I agree with almost all of that. I think Crack5 can be put in the same
category as BO if that category considers tools an attacker can use.
>Like I say, I can fully understand your arguments, but I'm afraid that
>you are trying to argue from a moral standpoint with which I have no
>sympathy, and which seems to be tied to some bizzare notion of capital
>as the ultimate truth. You rant that I'm using theory that is 20
>years out of date, haven't you heard, this is the -information- age,
>
>Steve T
Hopefully, most of the misundertandings encapsulated in this paragraph have
now been resolved. The moral standpoint I'm advocating is ridiculously
simple: if you have made a tool that can do harm, shouldn't you at least
think about what you can do to reduce the potential for harm?
Mike.
Michael McCormack
Editor, Insider Technology
mon...@insider.co.uk
Misc
.ac.IHATESPAM> writes
<snip>
>Once again, we are returning to the idea of an agenda in any given
>rag. You write (in the Telegraph and the mail) for an audience who
>are largely techno-illiterate and almost entirely what I would
>describe as 'reactionary old Tory bastards', and so you throw out
>'EvIl HaX0rs take over world' bullshit that you know they will lap up
>as it fits their existing perception of the internet as a bed of vice
>and crime, and 'hackers' as the progeny of the beast.
<snip>
The issue that software vendors are still providing inadequate/insecure
software is one that has been around for ever, but I rarely see coverage
of it in newspapers. (although I suspect that with an "apropriate"
journalist writing the story, it could be made interesting).
How is the release of "crack" news?
--
__|`|SHoX_ _
(_-< `\ _\ ' /
(___/_|_(_)_,_\
Misc
.ac.IHATESPAM> writes
>On 30 Aug 1998 13:35:39 GMT, "Michael McCormack"
><mon...@insider.co.uk> wrote:
>>Steve T <ca4...@isis.sund.ac.IHATESPAM> wrote in article
>><35e49576...@orac.sund.ac.uk>...
>
>>None of us know who's right in our predicitons of the outcomes of Crack's
>>release. Pricing hacking damage is nearly impossible.
"Damage" due to hacking is an interesting concept. When a system is
hacked, there is the possibility that no "damage" has been inflicted at
all.
>>> Those reasons being, as I understand, and please feel free to correct
>>> me if I've misconstrued it, that it is morally questionable to make it
>>> easy to obtain anything which could conceivably be used to cause harm.
>>
>>How about: "you can be certain will cause harm."
>
>But you can't be -certain-, can you ?
I have always been of the opinion that no one should stop anyone from
doing what they want providing that they do no harm to others. The
argument presented above is identical for many things; the availability
of guns, the rating of films, the availability of drugs, pollution, etc.
People should not be allowed to use these things illegaly, however i see
no reason to deny them access to these things at all. We are not nannies
to everyone else.
<snip>
>>And a couple of points to round out the argument. Freeware messes up any
>>kind of capitalist thinking because it introduces a price distortion into
>>the equation that capital theory can't handle.
>
>Yeah, that's right, so ? I personally enjoy it immensely when things
>like that happen.
>
>>To produce freeware, people
>>like Alec are deliberately reducing the price of their efforts to zero.
No. The cost of his efforts was his time, but his time is (arguably)
worth what he would have paid for the software were it commercially
available from elsewhere. Also he has gained recognition and (now) media
coverage.
>> .....for a simple reason: they can do harm
>>(and thus push costs) onto those bodies least able to defend themselves.
>>The same arguments I apply to Crack, I would apply to Back Orifice.
Anyone who falls "victim" to either of these two programs is suffering
from ignorance of what constitutes a breach of security. The
introduction to the victim of BO, or the acquisition of encrypted
passwords to use with crack, is a breach of security in itself. BO and
Crack are one of many many conceivable tools which given the above
conditions could be used for either the same or slightly different
purposes; basically, if the above conditions are met, the "victim" is
vulnerable to just about any hack.
If BO did not exist, then someone else would have made it exist. All
things will come to pass.
>BO is an entirely different kettle of fish as it is designed almost
>expressly with intrusive attacks in mind, but I would still argue that
>ultimately, it will (or it bloody should) force MS to sort out some
>decent security for their OS's and raise awareness of the weak
>security of their stuff.
MS has a "secure" OS, it's called NT. Win95 is not intended to be
secure, never was, and isnt. However, even with the features of security
embedded in NT, a home user with no clue will still fall foul to attacks
delivered the same way as BO, because they dont know any better. NOTHING
can stop this through software alone. Fortunately, clueless individuals
are not usually the targets of this type of attack.
Misc
<mon...@insider.co.uk> writes
>I believe the price means fewer
>teenagers with kewl haxxoring in mind will get copies of the product.
you obviously know little about software culture.
High priced software means that the only people who would get it would
be companies with a large budget and those people who would never buy it
anyway (specifically, teenagers). Re: piracy. Specifically, those
smaller companies with a smaller budget, but just as many legal
obligations, would be deprived of teh product.
Misc
>knowledge of his possession can be turned over to an investigating force.
oh please! We are not dealing with fissionable material here. Anyone
with any inclination could write their own copy of crack, or at least
possibly a less capable tool.
The issue is NOT "who owns crack" it's "who is vulnerable to crack
attacks". NO ONE should be vulnerable to crack attacks. This however is
an ideal scenario.
Misc
>arguing that the unrestricted release of Crack5 placed poor and ignorant
>sysops (and their companies/organisations) at greater risk than they were
>before.
the counter argument is as follows. The unrestricted release of such
tools promotes security enhancement. An initial problem with over use of
such attacks is reduced quickly by the communities natural response to
such a threat - repairing their systems so they are not vulnerable.
Without this reaction, less attacks may happen over all, however any
which do will be worse.
Misc
>argued, is usually found inside organisations with lots of money).
No, it is not. A good security policy with regards to back orifice, is
not to allow ppl to install software without the permission of the IT
staff. (In the case of organisations with no IT staff, without trusting
the source of the program to be installed).
Misc
>good Crack makes possible?
Why does Alec have any obligation to protect people from each other?
Misc
>attack using Crack5 can be traced. I think a high price gives you a better
>chance of having a name.
Uhm... an attack using any crack based tool cannot be traced.
Misc
>agree that Crack has been used for things some sysops wish it hadn't.
Sysops with a grasp on what crack is for would regard it's availability
as inevitable and ignore this entire argument, instead concentrating on
making sure that access to the information needed to gain passwords
using crack is not available to hackers.
Misc
>think about what you can do to reduce the potential for harm?
Heh, this is open to debate, but put simply, EVERYTHING can be used for
harm, and yet only some of them are illegal. Personally I think that
banning things which can be used badly (but are not exclusively for
this) is wrong. Thats just me. None of this is applicable to software,
however, because it is technically very different. There is nothing bad
about obtaining passwords using crack from a passwd file. However, using
those passwords illegally is bad.
Alec Muffett
> Dave <david....@virgin.net> wrote in article
> > Just interjecting for fun. I don't see the point in restricting
> > knowledge just for fear of how it could be used, that leaves the
> > knowledge in the hands of a minority, which imho is more dangerous
> > than everyone having it...
>
> Flippant or not, I'm fairly sure that's not what this argument is about.
Just a quick noote - alas I have not the time to attack the main
thread again for a few days - but I think it is a interesting related
point being made here, although perhaps not for the reasons stated.
I do professional security training sometimes, and I know for a fact
that unless you demonstrate to systems admin people - let alone
manager-types with no experience - that hacking a network of machines
is largely a matter of automated persistence nowadays, then the
reality of the need for them to go home and secure their systems
escapes them totally.
Hence the "ITOD" toolkit on www.crypto.dircon.co.uk - diddy versions
of Crack/ AutoHack/COPS/ISS/other evil pieces of code Michael thinks
should never have been allowed to see the light of day without a hefty
price-tag, and written to show how utterly piss-simple it is to do.
Usually, there's this stunned-fish expression for a few seconds, once
they get the drift, and then comprehension dawns like the sun.
It must be a human-nature thing.
Anyway, back to the point: on the grounds of my experiences as a
trainer (cited above) I believe that there is a big difference between
knowing something (because you are told it) and actually
seeing/understanding/believing it.
A lot of people - but only I suppose a minority who were interested -
KNEW about password cracking from Dan Klein's paper on the topic in
the early 80's, with facts and figures which were eventually borne out
by Crack, but nobody actually did squat about it until Crack was released.
I submit this is because very few people actually COMPREHENDED the risk.
So, likewise to the above correspondent, I submit that restricted
knowledge of security problems leads to no good at all; I acknowledge
that I have not provided a strong argument here, but leave it to the
reader to infer my reasoning... alas I have not the time to write more,
but may do so later.
Michael McCormack
Misc wrote in message ...
>you obviously know little about software culture.
>
>High priced software means that the only people who would get it would
>be companies with a large budget and those people who would never buy it
>anyway (specifically, teenagers). Re: piracy. Specifically, those
>smaller companies with a smaller budget, but just as many legal
>obligations, would be deprived of teh product.
I think you're restating an argument that's already been covered in this
thread although the introduction of piracy puts a new twist on things. Would
you argue that more teenagers will get the product if its pirated than they
would if it's freely downloadable?
Michael McCormack
Misc wrote in message ...
>oh please! We are not dealing with fissionable material here. Anyone
>with any inclination could write their own copy of crack, or at least
>possibly a less capable tool.
I think there's some truth in this but there's also a grey area that's worth
exploring. My impression is that very few people who have taken the time and
trouble to learn to code well and to think hard enough about electronic
security to see the point of Crack from a sysop's perspectuve are likely to
launch damaging attacks. Call it old school hacking if you like but I have
far more faith in the moral judgement of someone who has worked to earn some
knowledge and ability.
The people who worry me are the ones just barely able to work a wardialler
and get Crack installed on their mother's PC on the fourth try. Lacking the
respect that comes from doing your own hard work, they are more likely to
misuse Crack, in my view. It's their actions that form the basis for my
questions.
>The issue is NOT "who owns crack" it's "who is vulnerable to crack
>attacks". NO ONE should be vulnerable to crack attacks. This however is
>an ideal scenario.
Exactly right. I think we have to ask what we're going to do about freeware
security products until the time comes when the understanding of them is
pervasive.
Michael McCormack
Misc wrote in message ...
>the counter argument is as follows. The unrestricted release of such
>tools promotes security enhancement. An initial problem with over use of
>such attacks is reduced quickly by the communities natural response to
>such a threat - repairing their systems so they are not vulnerable.
>
>Without this reaction, less attacks may happen over all, however any
>which do will be worse.
Sure, and I think Steve was right to cast this as an evolutionary process.
My question is, since we know evolution cause a lot of harm and extinctions,
is there a better method? There may not be but I think a newspaper has the
right to ask the question.
Michael McCormack
Misc wrote in message ...
>No, it is not. A good security policy with regards to back orifice, is
>not to allow ppl to install software without the permission of the IT
>staff. (In the case of organisations with no IT staff, without trusting
>the source of the program to be installed).
I didn't mean that a good security policy was hard to invent, I meant that
you don't find many of them in practice outside companies and organisations
with money. What you've suggested above is something one rarely finds in
smaller companies, as I'm sure Alec would agree, given his consulting
experience.
Michael McCormack
Misc wrote in message ...
>Why does Alec have any obligation to protect people from each other?
That's an excellent question. The best answer I can give is that the things
he makes can be used to do harm, things whose potential to do harm may not
be understood by all of the people who could be harmed by them. In that
position, I think he has a moral duty to at least think about how the things
he makes should be distributed. (And yes, I know he's done that. I think a
newspaper is entitled to ask if he made the right decision.)
Michael McCormack
Misc wrote in message ...
>Sysops with a grasp on what crack is for would regard it's availability
>as inevitable and ignore this entire argument, instead concentrating on
>making sure that access to the information needed to gain passwords
>using crack is not available to hackers.
I accept that entirely. My concern is for the sysops who don't have that
grasp and the organisations that can't afford to employ sysops who have that
grasp.
Michael McCormack
Misc wrote in message ...
>Heh, this is open to debate, but put simply, EVERYTHING can be used for
>harm, and yet only some of them are illegal. Personally I think that
>banning things which can be used badly (but are not exclusively for
>this) is wrong. Thats just me. None of this is applicable to software,
>however, because it is technically very different. There is nothing bad
>about obtaining passwords using crack from a passwd file. However, using
>those passwords illegally is bad.
I wouldn't agree with banning Crack and I would almost certainly campaign
against any outside enforcement measures to limit its availability. I think
the creator of the program has to make those decisions and that no other
system than self-governance will work. But, as you said, that's just me.
By the way, I have some problems with the idea that obtaining other people's
passwords using crack is ok.
Michael McCormack
Misc wrote in message ...
>Uhm... an attack using any crack based tool cannot be traced.
Sorry? You've confused me. I can think of at least two arrests in Europe in
the past six months of hackers who were employing crack-like tools. They
were traced, I imagine, by means that have nothing to do with crack. I
wasn't linking the tracing process to the use of crack and I'm not sure what
to reply to your objection.
Michael McCormack
Misc wrote in message <6O$oPLA+q...@sleepi.demon.co.uk>...
>>>To produce freeware, people
>>>like Alec are deliberately reducing the price of their efforts to zero.
>
>No. The cost of his efforts was his time, but his time is (arguably)
>worth what he would have paid for the software were it commercially
>available from elsewhere. Also he has gained recognition and (now) media
>coverage.
I agree with that but Steve and I were arguing about the effects of price,
not cost.
>Anyone who falls "victim" to either of these two programs is suffering
>from ignorance of what constitutes a breach of security. The
>introduction to the victim of BO, or the acquisition of encrypted
>passwords to use with crack, is a breach of security in itself. BO and
>Crack are one of many many conceivable tools which given the above
>conditions could be used for either the same or slightly different
>purposes; basically, if the above conditions are met, the "victim" is
>vulnerable to just about any hack.
And if we agree that this class of victims exists, should we do anything to
protect them? More specifically, should Alec have done?
Michael McCormack
Editor, Insider Technology
mon...@insider.co.uk
Michael McCormack
Misc wrote in message ...
>.ac.IHATESPAM> writes
The post you refer to hasn't shown up on my server. I wonder if Steve could
be persuaded to repost it.
Michael McCormack
morning. Thanks to Misc. for quoting from it or I wouldn't have known it
existed. Thanks also to Microsoft for once again screwing up my day with
their useless newsreader.
Steve T wrote in message <35e412d0...@orac.sund.ac.uk>...
>Ah, I see, use money as a tool to keep the unwashed masses from
>getting their hands on anything which may imbue upon them the same
>knowledge and/or power as the rich. I would regard -this- as
>exceptionally questionable from any kind of moral standpoint.
I'm hoping that the argument I made for the paper trail in my last,
exceptionally long, posting means this part of the debate can be left
behind.
>Hmm, well, for a start AFAIK Alec -is- a reputable commercial security
>operator, and if you are suggesting that any supporting POV from an
>academic would relvolve around the fact that Crack costs nothing, you
>are serioulsy out of order. Granted Academia is skint, but to suggest
>that this would be the main factor in any academic opinion is both
>incorrect and offensive.
I agree with this. Does the average Telegraph reader? I hope so but I'm less
certain. I do know that the Telegraph is entirely comfortable running new
events past established companies for their views. I also know that the
academic sysops I interviewed were just as uncomplimentary to Alec as the
commercial ones (granted, one lukewarm exception, although Alec wasn't
pleased to be classed as a gifted amateur). I would suggest that the
organisations most likely to say good things about Crack are the ones with
good brains and no money. That sounds a lot like Academia to me.
>Once again, we are returning to the idea of an agenda in any given
>rag. You write (in the Telegraph and the mail) for an audience who
>are largely techno-illiterate and almost entirely what I would
>describe as 'reactionary old Tory bastards', and so you throw out
Pretty broad strokes here. In the Telegraph's Connected section, I assume
the readers are naive but interested and can relate the stories to their own
experiences. Between you, me and the rest of the Usenet, I assume most Mail
readers are dead from the neck up and the beltline down. Of course, their
hearts beat for England...
>'EvIl HaX0rs take over world' bullshit that you know they will lap up
>as it fits their existing perception of the internet as a bed of vice
>and crime, and 'hackers' as the progeny of the beast.
What I do write is that there is a small element of malicious, desturctive
hackers, largely between the ages of 15 and 20, who are capable of costing
innocent organisations a lot of money. I also write that, in my view, they
get off with very light punishements on the rare occasions that they are
caught and, again in my view, that British police forces could use more
money to help them combat on-line crime. In my view, the internet is largely
a hotbed of dull things (I suppose that makes it a coldbed) with the
potential to accomplish transformations in the way people obtain and use
information. What are the odds we'd be having this discussion in its
absence?
>Again, I find this strange, as I would understand an IT journo to know
>better. So either you don't know better, and should take some time to
>find out, or you slant your story to fit the paper's agenda.
>
>Which ?
I've already made it clear to Alec that I don't believe objective journalism
exists. I have tried to argue that papers attempt to interview the "neutral"
commentators they believe their readers are most likely to trust on the day.
If that's slant, I've never once written an objective piece in my life, nor
has any other hack I've ever met.
>Which suggests that you should perhaps have given some background
>information, before launching into your 'Alec Muffet, satan of the
>internet, hands out weapons to children', rant. In order to fill the
>gap in your readers knowledge. But then that would hardly have
>allowed you to use the 'SHOCK HORROR !!' slant that you did, would it
Forgive me, but I don't recognise that as a description of what I wrote. I
wrote that the release of the new version of Crack had pissed off a long
list of security consultants. Does anyone deny that that was true? My
impression is that Alec's unhappiness stems from the fact that I couldn't
find a single defender of his actions and that the arguments of his
detractors were grossly over the top. I'm genuinely not being patronising
when I say this - but - I have made enough money from SHOCK HORROR
journalism that I can smell it across the room. That piece doesn't qualify
for the role. (I refer you to Porn Barons Flood Scotland's Postboxes, July
1996 in your super soaraway 10p Scottish Sun, for an example of me in full
cigar-chewing, no-words-above-seven-letters-style.)
>You can not estimate the cost, becuase you will never get any kind of
>accurate figures from anyone. Companies who have suffered a breach
>(in the rare event that they admit it) usually put som huge, entirely
>arbitray figure on it, as this makes it easier to justify expenditure
>of resources by enforcement agencies in investigating, and also makes
>it easier to prosecute a case in front of a jury, who will be
>impressed by the magnitude of the figure, and ignorant of near
>anything else.
There's a complex set of arguments expressed there that are tempting to
explore but as I wrote in another post, I'm not convinced there's any merit
to "greatest good, least cost" arguments when both sides agree the figures
are meaningless. Alec's role and choices are the moral questions that
interest me.
>>If I felt I had made an arse of myself, I wouldn't be asking the same
>>questions now I did then.
>
>And receiving the same answers, which you still refuse to accept.
That's perhaps not an accurate summary of what's changed since the debate
started. Since the publication of the piece I have come to agree with Alec
that his decision not to become a commercial distributor absolves him of a
lot of the blame I once thought he deserved (and before we start - the
Telegraph didn't blame him for anything. That piece was strict reporting and
we couldn't find anyone to defend him in print). We have also established
that to find defenders, we should have gone outside what a Telegraph hack
would normally consider typical sources. And we established (I believe to
Alec's satisfaction) that the number of people willing to defend him
socially or on the net is much larger than the number willing to do so in
the Telegraph. I call all of those understandings progress.
And that leaves the question: what are you and I going to do to advance the
debate, and potentially the understandings?
Firestarter
out of hand.
ive enjoyed it at first
mainly lurking and reading some very good points of view
but it is becoming just a debate between 2 people occasionly 3
i dont think thats what newsgroups are about
i think thats what email is about!
Defiant
>I agree with this. Does the average Telegraph reader? I hope so but I'm less
>certain. I do know that the Telegraph is entirely comfortable running new
>events past established companies for their views. I also know that the
>academic sysops I interviewed were just as uncomplimentary to Alec as the
>commercial ones (granted, one lukewarm exception, although Alec wasn't
>pleased to be classed as a gifted amateur). I would suggest that the
>organisations most likely to say good things about Crack are the ones with
>good brains and no money. That sounds a lot like Academia to me.
believes in free programs/source, there is nothing wrong with that.
>What I do write is that there is a small element of malicious, desturctive
>hackers, largely between the ages of 15 and 20, who are capable of costing
>innocent organisations a lot of money. I also write that, in my view, they
>get off with very light punishements on the rare occasions that they are
>caught and, again in my view, that British police forces could use more
>money to help them combat on-line crime. In my view, the internet is largely
>a hotbed of dull things (I suppose that makes it a coldbed) with the
>potential to accomplish transformations in the way people obtain and use
>information. What are the odds we'd be having this discussion in its
>absence?
something I didn't do as you know Michael, I have been released but was
told that I could spend 5 years in a detention centre if I was
prosecuted for it. Luckily the police saw the error of their ways and
dropped everything against me.
>Forgive me, but I don't recognise that as a description of what I wrote. I
>wrote that the release of the new version of Crack had pissed off a long
>list of security consultants. Does anyone deny that that was true? My
>impression is that Alec's unhappiness stems from the fact that I couldn't
>find a single defender of his actions and that the arguments of his
>detractors were grossly over the top. I'm genuinely not being patronising
>when I say this - but - I have made enough money from SHOCK HORROR
>journalism that I can smell it across the room. That piece doesn't qualify
>for the role. (I refer you to Porn Barons Flood Scotland's Postboxes, July
>1996 in your super soaraway 10p Scottish Sun, for an example of me in full
>cigar-chewing, no-words-above-seven-letters-style.)
admins were jealous that he released a superior product that they would
have tried to cash in on, for free. If he didn't release it, it would be
security through obsecurity. Lots of people have been pissed off at
route for the DoS attacks he has released. But truth is that these
releases have forced the bugs to be fixed, long time after they were
originally found. If it were not for people releasing the attacks
companies like Microsoft would get away with releasing buggy code all
the time, and would rarely fix things.
If you would go into the moral reasons as to releasing programs, what
about things such as Cyber Cop, that scan for vunerabilities. I don't
have a copy of this, but did have a copy of it when it was known as
Ballista, so it may not be free source anymore. Programs like this are
available freely, and pose more of a threat that Crack.
References:
Routes page - www.infonexus.com/~daemon9
Alec's page - www.users.dircon.co.uk/~crypto
NAI (CyberCop) - www.nai.com
--
Defiant, PGP keys on page.
mailto:def...@cyberdefiant.demon.co.uk
http://www.cyberdefiant.demon.co.uk
http://www.infowar.co.uk/digital-eclipse
Defiant
read it don't download it.
Misc
<mon...@insider.co.uk> writes
>
>
>I think you're restating an argument that's already been covered in this
>thread although the introduction of piracy puts a new twist on things. Would
>you argue that more teenagers will get the product if its pirated than they
>would if it's freely downloadable?
>
I'd argue that price will have no effect on the number of teenagers
obtaining this product who wanted it in the first place.
Misc
<mon...@insider.co.uk> writes
>By the way, I have some problems with the idea that obtaining other people's
>passwords using crack is ok.
It is widely held that once you have an encrypted password list that it
is merely a matter of time until you have that passwords themselves as
well. On some systems, the password list is available to anyone with an
account on that system. In setups such as these, someone obtaining the
passwords (some) of the users is inevitable really; however there is no
moral or legal problem unless that person is inclined to intrude on the
system using those passwords.
This could turn into a debate on a seperate issue however.
Misc
<mon...@insider.co.uk> writes
>
>Misc wrote in message ...
>
>
>
>Sorry? You've confused me. I can think of at least two arrests in Europe in
>the past six months of hackers who were employing crack-like tools.
Yes, because all attacks on Unix systems which do not rely on buffer
overun exploits in privaleged services rely on a hacker obtaining an
encrypted passwd file - and then running crack on it.
> They
>were traced, I imagine, by means that have nothing to do with crack. I
>wasn't linking the tracing process to the use of crack and I'm not sure what
>to reply to your objection.
You suggested that registering owners of crack centrally would help to
catch perpetrators of crack based intrusions. I suggest that it would
make very little difference in practise (due to piracy, and the fact
that 1 person using crack cannot be distinguished from another).
Misc
<mon...@insider.co.uk> writes
>And if we agree that this class of victims exists, should we do anything to
>protect them? More specifically, should Alec have done?
My point is that by delaying or witholding such materials as crack, we
make the death of the less cluefull slower, but just as inevitable.
Dave
<mon...@insider.co.uk> wrote:
>I think you're restating an argument that's already been covered in this
>thread although the introduction of piracy puts a new twist on things. Would
>you argue that more teenagers will get the product if its pirated than they
>would if it's freely downloadable?
>
>Michael McCormack
>Editor, Insider Technology
>mon...@insider.co.uk
>
>
Well this is something I have thought a few times, I happen to think
that a warez version of the product would get to far more of the
moronic destructive types, it would appear on warez sites and be
downloaded by the deadhead types who wouldn't even of thought of it if
it was just sitting on a security site somewhere for free d/l
D.J.
Sean Reilly
e-mail me
Sean Reilly
TMsm464339
>that you felt I wanted to see useful things restricted to an overclass. With
>all respect to Alec, I find Linux more useful than Crack 5 and I'm damn glad
>it's freeware. It's not my job to protect the wealthy and powerful, I'm
>arguing that the unrestricted release of Crack5 placed poor and ignorant
>sysops (and their companies/organisations) at greater risk than they were
>before.
I apologise in advance if I'm wasting bandwidth (this argument is somewhat out
of my depth).
If you're arguing that the unrestricted release of Crack5 placed poor and
ignorant sysops at greater risk of attack, I would say that there are three
potential angles from which to attack the problem.
-restriction of the release of Crack
-an attempt to resolve the poorness of the sysops
-an attempt to resolve the ignorance of the sysops
The most obvious one of those to discount, IMO, is the second one, since in a
capitalistic system, it is like a pyramid, where there are many poorer people
supporting fewer rich people.
The second most obvious one to discount, IMO, is a restriction on the release
of Crack. Because, at the end of the day, trying to restrict software to
specific users is quite difficult, because software is so easy to copy. Also,
if Crack is quite easy to write, then if there is an expensive version being
sold to sysops with the money, someone without the money will write another
one, and undercut the existing one, or give it away - the point being that one
way or another it will leak out, gradually. And the poorer sysops are not
getting the *opportunity* to check their security (legally), at least not at
the same rate as the (presumably more likely to get hold of a copy, legally or
otherwise, sooner) naive hacker. Therefore you have removed their means of
defence, on the premise that you can control adequately the release of the
means of attack. If you are wrong?
I would think that the best approach is a cheap/freely available Crack, and to
solve possible problems with this, the issue is to try and solve the ignorance
of the sysops. How this would take effect is another issue in itself, the
question as to who the responsilibity for the security should lie with, in what
proportions:
-the user
-the system supplier(s)
-the government
In the first case it is the job of the user to secure their systems. However,
when so many users lack time/money, if you want security, then the
responsibility moves onto the system supplier. Now if the system supplier does
not fulfill their security obligations, the issue falls (loosely) to the
government, which is supposed to enforce law and order.
If you can resolve the ignorance of the user, by whatever means, the value of
Crack as a hacker's tool will diminish, as more and more users have secured
their networks to ensure that Crack is not useful as part of an attack. Whereas
if the price puts Crack beyond the reach of the smaller sysops, a hacker
getting their hands upon it will have rich pickings indeed...
Since it seems to have been established that the users are not able to resolve
security issues independently, then either one would expect the suppliers to
assume a bigger responsibility in keeping their networks secure at lower
prices. If the suppliers fall down, and pressure from either government or the
users does not force them to take a better standpoint, then the government
would need to establish some body (non-profit) in order to raise awareness of
sysops to get the tools, which they could, of course, afford.
The rise of the 'canned' hacking tool, freely distributed, surely, ultimately
requires equal competition from the security sector - i.e. the use of 'canned'
security tools, cheap or free, to allow sysops to compete on a level playing
field with the hackers. If your naive hacker can use a canned, free/cheap tool
to attack, isn't the competitive solution to match that tool with a canned
defence tool? And to attack the problem from the ignorance point of view,
rather than trying to control the spread through price (software piracy tends
to disprove this approach)?
Shiva
--
"Information is Knowledge, Knowledge is Power, Power is Dangerous"
"Information Overload... I've a thousand pages on it..."
"Play with fire - burn your fingers"
Alec Muffett
> I think you're restating an argument that's already been covered in this
> thread although the introduction of piracy puts a new twist on things. Would
> you argue that more teenagers will get the product if its pirated than they
> would if it's freely downloadable?
No, but I would argue that the interested group of "haxxors" would get
the software in either case, pretty-well equally...
Alec Muffett
> The people who worry me are the ones just barely able to work a wardialler
> and get Crack installed on their mother's PC on the fourth try.
That Michael's girlfriend uses RedHat Linux was interesting, but to
find that his *mother* runs a PC Unix at home, I find *astounding*. 8-)
(There is a obvious point hidden behind that joke)
> Exactly right. I think we have to ask what we're going to do about freeware
> security products until the time comes when the understanding of them is
> pervasive.
To coin a phrase, until such time as knowledge of security tools
becomes pervasive, we should "seek to pervade the knowledge" and
ignore this typically reactionary media proposition that there exists
a problem "which someone must do something about!"
Unix systems administrators don't in the main find the existence of
Crack to be a problem, so (to be direct) one might ask, who asked the
media to go round saying "something must be done about them!".
Such an attitude smacks of busybodyness, not journalism.
Alec Muffett
> >Why does Alec have any obligation to protect people from each other?
>
> That's an excellent question. The best answer I can give is that the things
> he makes can be used to do harm, things whose potential to do harm may not
> be understood by all of the people who could be harmed by them.
Allowing for the moment the fact that the things which I make can also
be USED TO DO GOOD, and on those grounds there is nothing to prevent
my distributing my tools for the greater good of the community, then
one is left with no more onus upon me to do anything other than to
ensure as many people as possible know if their existence and the
ramifications thereof.
In short, distribute wide and free.
No? 8-)