I think this quote is appropriate to this situation:
"A commercial, and in some respects a social, doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lockpicking long before locksmiths discussed it among themselves, as they have lately done. If a lock -- let it have been made in whatever country, or by whatever maker -- is not so inviolable as it has hitherto been deemed to be, surely it is in the interest of *honest* persons to know this fact, because the *dishonest* are tolerably certain to be the first to apply the knowledge practically; and the spread of knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too earnestly urged, that an acquaintance with real facts will, in the end, be better for all parties."
-- Charles Tomlinson's Rudimentary Treatise on the Construction of Locks, published around 1850
The more widespread the knowledge, including that knowledge as represented in sample programs, about how simple these techniques are, the more people will take seriously their responsibility to maintain the security of their systems.
Update: Oct 04, 2002 at 2107 - Corrected spelling.
| [reply] |
That's funny, I can recall a certain article about writing ping scripts. There are "professional" tools out there that do the same thing. i.e. fping Does that mean you're wrong??? No, it's just another example used for references as my script is intended to check services on existing hosts. You completely warped my simple administrative script into a "weak" hacker tool. | [reply] |
It's a Perl beginner program, whose purpose initially appeared to be to be nothing more than a junior cracking tool.
I've said it multiple times in the original node This was not intended as a hacker tool!!! I am a UNIX Administrator that decided to write a Perl script that checks available services on UNIX workstations. Merlyn, why do you continue to post false assumptions?
/dev/null | [reply] |
I've said it multiple times in the original node This was not intended as a hacker tool!!!
I recall nothing in the original version, nor even the version standing now, that disclaims it as not being a "hacker" tool.
As to why I keep saying it, it's because it's true for me that my impression was that it was a "hacker" tool. You cannot disclaim that. It may not have been what you intended, but you cannot redefine what I thought when I first reacted. So I do not post "false assumptions". I post my initial conclusion. And while you now claim that I'm incorrect, I see no reason to rewrite any history.
-- Randal L. Schwartz, Perl hacker
| [reply] |
merlyn you sure get combative when challenged on your assumptions. You don't know why he wrote the script. Your conclusion is based on an assumption
You could have avoided this whole mess by using a little tact and offered some wisdom. But with typical chest beating you basically declared him to be a wannabe hacker and or a script kiddy.
It's rather funny as I seem to recall you getting incensed that people keep stating to you that you think that code should not be posted here unless it is written by someone of your level. Then I read in another thread:
The message that triggered this thread was not written by either an expert in security or an expert in Perl. It's a Perl beginner program, whose purpose initially appeared to be to be nothing more than a junior cracking tool.
This place is supposed to be about learning. A port scanner can be abused as many other things. Everything does not require a disclaimer. We don't see them on Guns and shoot for that matter I guess we could put a disclaimer on pens as they technically could be used as a weapon.
And what is this?
Furthermore, and more importantly, we cannot have the Monastery seem like it harbors people who experiment with cracking tools. We must take a stand, or it will undermine what I believe to be the purpose of the Monastery.
Now, if vroom counter-argues, I'll be happy to listen. But that would be a pretty decent shock, given that the Monastery is now also an element of YAS/TPF, which inherited the PerlMonks mission, which also inherited the Perl Institute's mission, of which I was a founding board member (and significant contributor) of both. Stonehenge has also been a significant contributor to YAS/TPF.
If vroom chooses to harbor crackers, then I will ask the YAS/TPF board to disown the Monastery. You can't have it both ways.
You going to hold your breath until you get your way?
Rather then assuming, you might ask some questions. This place does not harbor crackers. Awhile back a person posted a rather lame virus script Problem with quotes. People challenged him and he tried to hide his mistake by changing the original post.
Just admit it. Your intent was right but your approach could have been better
| [reply] |