I just wrote a post over at Computerworld entitled The Security of Web 2.0 - an Oxymoron. Then I find this story about Senators McCain and Schumer proposing legislation that will require sex offenders to register their IM names and email addresses. I need to read more about this bill. Like typical security legislation passed by our government, this one appears on the surface to be nothing but security theater and something else to boost Schumer and McCain’s appeal before the presidential elections.
Think about it. How difficult is it to create a different IM name or email address?
The registration provisions would make failure to notify the authorities of all e-mail addresses a felony punishable by up to 10 years in prison.
Uhhh, so? These perverts are already breaking the law and facing jail time and some serious nastiness in the big house (child molesters supposedly don’t fair well in prison - though I have no proof of that). What makes anyone think they are going to change their ways because of another law?
Don’t get me wrong. I am fully on board for catching these “people”. I have children and would unleash all hell if one of these sick, twisted individuals even came close to one of my kids. But another law on the books that effectively does nothing to help the situation is just words on paper. Just make the behavior illegal (which it is) and make the punishment such that if the perv is caught he never sees the light of day again (there are a couple of punishments that would fit that description - you decide which one is right for you).
Vet
Â
Before you read this post, go take a look at my “Rules” for my blog.
Â
OK, now that you are back, let me piss off some people. During this election season, I have to say that most of the security bloggers out there stayed out of the fray by sticking to what their blogs are about, namely: security. And my blog rules state that I will do the same. Basically, if you want to discuss a law or other political issue that pertains to security, then fine. I will do the same. Martin McKeay and I have had our friendly blog disagreements concerning phone tapping, phone tracing, tracking terrorists, and privacy stuff. Alan Shimel and I have done the same to a degree. All that is fine because that kind of stuff is relevant to security. You can make judgements and assumptions as to our political leanings based on what we have posted (and maybe the region of the country we each live in), but that is no guarantee as to where we stand because we have made no definitive statements on the subject (I haven’t read all of Martin’s or Alan’s stuff, but I haven’t seen it in any of the stuff I have read).
I say this because I read a couple of posts from security bloggers during this last election season that, in my opinion, are just a little off. One post was by the Great One, Mr. Schneier himself. He says he is glad to see the Republicans get some of the brunt of the electronic polling problems. He backs off of that kinda quickly, but it shows his bias clearly. Another is by a blogging buddy of mine, Christian Koch (might not be a buddy after I writie this, but I hope all is still well). In his post, he doesn’t even try to hide his feelings at all (not saying that he should have to, but you will see where I am going with it below).
First of all, I want to say that I respect everyone’s views, even if I don’t agree with them or understand them.
Second, if you have a blog, then it’s your fingers doing the typing, so you have full freedom to write about anything you want. I get that, and I would never say you can’t.Â
However, don’t we, as security bloggers, owe it to our readers to stay a level above all this mud slinging and give content that is relevant to security? It seems a tab bit like false advertising if you have a blog that is advertised as a security blog and you use it to blast a politician or a political party because you don’t like their politics.
And another reason not to show which side you are on is because it tends to taint your readers’ opinions of you from then on. If you try to come at an argument with logical, non-biased opinions, your debate will still be tainted by your blantantly-stated political beliefs. That is no better in my mind than if you stated that you liked TippingPoint IPS better than anyone else’s, then tried to go into a debate about IPS products and tried to stay neutral. There is nothing wrong with stating your opinion on the matter because you are free to say what you want. But your opinion will be tainted from then on. And you would never again be able to be neutral on the debate (at least, not for a long time) because you can’t switch to neutral once you have got in gear.
Anyway, my two cent’s worth. You may think I am just frustrated because I did not like the outcome of the election. But you really can’t make that statement, because I have never said which side I am on, regardless how many clues you think I have given. So there!
And Christian, just to hopefully ease hurt feelings, I thought the cartoon in your post was pretty funny.
Vet
…but it is also one big pain in the neck! I have been thrown into the process of answering an RFP (request for proposal) for a city government down here in Texas, and I cannot begin to tell you how tedious and ridiculously complicated the whole process can be. RFPs can be complicated enough with corporations. But when you get one from a governmental entity, you have so many other things to worry about (there are a ridiculous number of special considerations and conditions when you do work for governments).
Another thing I am finding out first hand is that many government workers (not all, but I wouldn’t think it too far from the truth in saying most) are functionally inept in their positions, at least when it comes to technical matters. Though I have had some inkling of this from talking to peers over the years, it amazes me when I see it so closely.Â
First of all, the RFP is very poorly written.
Second, it is incomplete.
Third, when you try to ask questions to work out the inconsistencies, the answers are often, “Because I say so”, or “Don’t question why our network is setup as it is.”
I don’t know if we will win this contract or not. If we don’t, then we have wasted a LOT of man hours.  I guess it is worth the payout if it happens, but I have to wonder if anyone has figured out the cost of NOT getting one of these and compared it to the potential profit. I am sure someone has.Â
And if you are thinking that I make a salary, so it doesn’t matter, then think again. I have about 4 projects for which I am either scoping or actively talking to clients to complete. Two of these are sure things, and two are 50% or above on probability. And these aren’t some small deals you can just sneeze at. There is good money to be made here. So the more time I do this dang RFP, the less time I am working on some potentially good profit for Accuvant. All to work on a deal that no one has a good idea whether it will come through.
Oh well, business is business!
Vet
I just wrote a post over at Computerworld entitled The Security of Web 2.0 - an Oxymoron. Then I find this story about Senators McCain and Schumer proposing legislation that will require sex offenders to register their IM names and email addresses. I need to read more about this bill. Like typical security legislation passed by our government, this one appears on the surface to be nothing but security theater and something else to boost Schumer and McCain’s appeal before the presidential elections.
