 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Stephen <mcavoysAT@aoldotcom> wrote:
> Wrong is wrong, illegal is illegal no mater the intentions.
Not all crimes have the same severity, and crimes can have mitigating
factors. It's not even uncommon for someone to not to be prosecuted even
though he broke the letter of the law, because the circustances were so
mitigating.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 14 Sep 2008 09:14:54 -0400, Warp <war### [at] tag povrayorg> wrote:
>Stephen <mcavoysAT@aoldotcom> wrote:
>> Wrong is wrong, illegal is illegal no mater the intentions.
>
> Not all crimes have the same severity, and crimes can have mitigating
>factors. It's not even uncommon for someone to not to be prosecuted even
>though he broke the letter of the law, because the circustances were so
>mitigating.
This is true and in my opinion correct. John's question hangs on this point but
another aspect is; did the person in question "know" what he did was "wrong in
law" whether he agreed with the law or not.
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sun, 14 Sep 2008 15:15:41 +0200, andrel <a_l### [at] hotmailcom> wrote:
>>
>> I agree with "somebody".
>> Wrong is wrong, illegal is illegal no mater the intentions. As others have said
>> there are other ways to let people know if there is a security leak. Also
>> further education should not only teach technical subjects but some
>> understanding of morals as well. I think that some of the differences in answers
>> has to do with age and experience. Younger people often think that if they mean
>> no harm then they are doing no wrong.
>
>And partly by cultural background. As a true Dutchman I am horrified by
>laws passed on good intentions and 'ethics'. You should pass laws that
>solve problems (preferably after identifying what the real problem is),
>not ones that are counterproductive.
>
We have a saying: "The road to Hell is paved with good intentions"
>Possibly the dividing line in this discussion is that on the one hand
>people argue that it is forbidden and others who argue that that law
>simply should not have existed in that way.
>
>> It is also up to the authorities what any punishment is due. Whether it is light
>> or heavy.
>
>The case is in Canada so there may be some hope that the judgment is by
>authorities based on facts. I don't know the details of the Canadian system.
If it is based on facts then he is "guilty as charged" If it is based on
intentions then the spirit of the law can be taken into account.
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"andrel" <a_l### [at] hotmailcom> wrote in message
news:48C### [at] hotmailcom...
> On 14-Sep-08 5:43, John VanSickle wrote:
> > Doctor John wrote:
> >>
http://www.canada.com/ottawacitizen/news/city/story.html?id=25110a8f-a73a-43a0-a2a5-1daa08d147d1
> > It is not substantively different from a situation where you live in an
> > apartment for which the landlord has failed to install adequate door
> > locks. You cannot break into other people's apartments in order to
> > demonstrate the inadequacy of the existing security. You tell the
> > landlord, advise the tenants, and if nothing happens, move out.
> It is the same sort of wrong comparison that 'somebody' made. The
> difference is that this vulnerability is known and hacking a system
> often involves a new exploit that is unknown to the owners. A better
> comparison might be a house owner with a large fence around his house
> with spikes on top. One day a guy walks up to him and says: 'You know
> that large tree on your property, that has very long branches reaching
> over the fence. I was walking past that and though it might be a easy
> access to your property. I tried the largest low hanging branch and
> indeed it could easily support me.' After which the house owner calls
> the cops and have him arrested for breaking into his property.
Good for him. I'd call the cops too. What's it his business entering my
property? "I was walking by" doesn't make sense either. Nobody walking by
"accidentally" climbs a tree. And if he was really concerned for my safety,
why not come point out to me the branch *without* violating the law?
That it was easy to do or that the owner failed to perfectly secure
something is not an excuse for breaking the law. Where do you draw the line?
If the guy had to use a ladder to get to a branch, would you then willing to
consider it a crime? If the guy had to use a helicopter to land on the tree
or the property, would you consider that a crime now? See, there are always
ways to compromise a property or a system if you have a criminal mind.
Unless the suspect can show that he went into the property by mistake during
his daily walk, and if the property owner did not draw a line around his
property, then I'd let him go. Otherwise, if he's made an effort to climb a
tree, use a ladder, use a helicopter... etc, it's clear what he intended to
break the law, clear and simple.
> > Consider for a moment the results of allowing people to hack first, and
> > then report the results of their hacking. People who are hacking for
> > criminal reasons will, if caught, claim that as a defense.
> Not necessary, the guy in question apparently had no criminal intentions
What do you call breaking the law?
> I can understand your position, but I also know that there is a large
> group of systems that is not adequately protected. If the system will be
> hacked mostly third persons will suffer the consequences. Protecting the
> sysops with a law that prohibits hacking will increase the problem.
False dichotomy again. Why do you assume that the system will be hacked by a
third person? It's a matter of opportunity, means and motive, and not all
are present for anyone on the street. Clairvoyance defenses like that don't
work, and with good reason. If you see someone speeding down the street, are
you given a free pass to ram him? After all, he's going to get into an
accident, right? And it's better that at least the other side anticipates
the accident...
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Warp" <war### [at] tagpovrayorg> wrote in message
news:48cc0297@news.povray.org...
> somebody <x### [at] ycom> wrote:
> > > A security hole report does not cause waking up the sysadmin in the
> > > middle of the night and paying overtime wages or taking the system
> > offline.
> > Really? If I send you an e-mail listing all your financial and
confidential
> > information, won't you
> No, because I don't read my email in the middle of the night, while
> sleeping.
You should. If you did, you'd only waste the rest of your night. If you read
your e-mail in the morning and get my e-mail, you'll waste the rest of the
day.
> > > It causes the sysadmin to send a report to the software house with
which
> > > they have a software license so that they will fix the security hole.
At
> > > regular working hours.
> > Not all systems are such turnkey operations, and the vendor won't
himself
> > have a fix for every type of security breach even if they were.
> And thus it's better for the sysadmins *not* knowing about the security
> hole?
It's best for the sysadmins to have fixed the hole before anybody hacked the
system. Next best is for them knowing about the hole and nobody having
hacked the system. Next best is for them to not know about the hole and
nobody having hacked the system... etc.
You are using the psychic defense: If I didn't hack the system, someone more
malicious than I would, so I'm doing the sysadmins a favour. Sorry, that's a
ridiculous argument .
Yes, crimes sometimes can have positive after effects. Had someone had shot
the engineer of the passenger train that crashed in California that morning,
everything would have turned out better, no? But can we base our legal
systems on possibilities?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 14-Sep-08 16:50, somebody wrote:
> "andrel" <a_l### [at] hotmailcom> wrote in message
> news:48C### [at] hotmailcom...
>> On 14-Sep-08 5:43, John VanSickle wrote:
>>> Doctor John wrote:
>
http://www.canada.com/ottawacitizen/news/city/story.html?id=25110a8f-a73a-43a0-a2a5-1daa08d147d1
>
>>> It is not substantively different from a situation where you live in an
>>> apartment for which the landlord has failed to install adequate door
>>> locks. You cannot break into other people's apartments in order to
>>> demonstrate the inadequacy of the existing security. You tell the
>>> landlord, advise the tenants, and if nothing happens, move out.
>
>> It is the same sort of wrong comparison that 'somebody' made. The
>> difference is that this vulnerability is known and hacking a system
>> often involves a new exploit that is unknown to the owners. A better
>> comparison might be a house owner with a large fence around his house
>> with spikes on top. One day a guy walks up to him and says: 'You know
>> that large tree on your property, that has very long branches reaching
>> over the fence. I was walking past that and though it might be a easy
>> access to your property. I tried the largest low hanging branch and
>> indeed it could easily support me.' After which the house owner calls
>> the cops and have him arrested for breaking into his property.
>
> Good for him. I'd call the cops too. What's it his business entering my
> property? "I was walking by" doesn't make sense either. Nobody walking by
> "accidentally" climbs a tree. And if he was really concerned for my safety,
> why not come point out to me the branch *without* violating the law?
1) if the branch is weak enough there is no danger, so no need to call
2) as you failed to notice, I never said he entered the property. You
(and my fictional character) assume that he did, just as the assumption
in our case here is that the student was doing something malicious. (yes
I come to that later)
>
> That it was easy to do or that the owner failed to perfectly secure
> something is not an excuse for breaking the law. Where do you draw the line?
> If the guy had to use a ladder to get to a branch, would you then willing to
> consider it a crime? If the guy had to use a helicopter to land on the tree
> or the property, would you consider that a crime now? See, there are always
> ways to compromise a property or a system if you have a criminal mind.
> Unless the suspect can show that he went into the property by mistake during
> his daily walk, and if the property owner did not draw a line around his
> property, then I'd let him go. Otherwise, if he's made an effort to climb a
> tree, use a ladder, use a helicopter... etc, it's clear what he intended to
> break the law, clear and simple.
>
>>> Consider for a moment the results of allowing people to hack first, and
>>> then report the results of their hacking. People who are hacking for
>>> criminal reasons will, if caught, claim that as a defense.
>
>> Not necessary, the guy in question apparently had no criminal intentions
>
> What do you call breaking the law?
The student had apparently no intention to cause harm to the system or
gain himself or anybody else anything by the act. The only reason you
may call him a criminal is that there is a law there that should have
been different. As a student you may excuse him for not yet knowing that
some laws don't make sense and can be used in perverse ways. In this
case a law that was intended to prosecute malicious hackers is misused
to protect an incompetent sysop at the expense of a naive student.
Aside: I don't know about your place, but here we consider somebody
innocent until proven to have broken the law.
>> I can understand your position, but I also know that there is a large
>> group of systems that is not adequately protected. If the system will be
>> hacked mostly third persons will suffer the consequences. Protecting the
>> sysops with a law that prohibits hacking will increase the problem.
>
> False dichotomy again. Why do you assume that the system will be hacked by a
> third person? It's a matter of opportunity, means and motive, and not all
> are present for anyone on the street. Clairvoyance defenses like that don't
> work, and with good reason. If you see someone speeding down the street, are
> you given a free pass to ram him? After all, he's going to get into an
> accident, right? And it's better that at least the other side anticipates
> the accident...
>
Either you did not understand what I said, or you have absolute no idea
how the world works.
BTW I consider this discussion closed as far as I am concerned. I feel
very uncomfortable talking to a 'somebody' with an e-mail address of
'x### [at] ycom'. Feel free to start a new tread on anonymity in our newsgroups.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
somebody wrote:
> "Warp" <war### [at] tagpovrayorg> wrote in message
> news:48cc0297@news.povray.org...
>> No, because I don't read my email in the middle of the night, while
>> sleeping.
>
> You should. If you did, you'd only waste the rest of your night. If you
> read your e-mail in the morning and get my e-mail, you'll waste the rest
> of the day.
o_O
Are you seriously suggesting I should read my email in the middle of the
night just in case somebody mailed me with my financial information?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
John VanSickle wrote:
> and if nothing happens, move out.
And the problem remains unsolved.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sun, 14 Sep 2008 17:40:37 +0200, andrel <a_l### [at] hotmailcom> wrote:
>
> I feel very uncomfortable talking to a 'somebody' with an e-mail address of
>'x### [at] ycom'. Feel free to start a new tread on anonymity in our newsgroups.
I concur.
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Nicolas Alvarez" <nic### [at] gmailcom> wrote in message
news:48cd392c@news.povray.org...
> somebody wrote:
> > "Warp" <war### [at] tagpovrayorg> wrote in message
> > news:48cc0297@news.povray.org...
> >> No, because I don't read my email in the middle of the night, while
> >> sleeping.
> > You should. If you did, you'd only waste the rest of your night. If you
> > read your e-mail in the morning and get my e-mail, you'll waste the rest
> > of the day.
> o_O
>
> Are you seriously
Well, you answered your own question there, didn't you?
> suggesting I should read my email in the middle of the
> night just in case somebody mailed me with my financial information?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
