-- Faustine:
I think it's dangerous and entirely to your disadvantage to dismiss everyone doing government work in computer security as a donut- chomping incompetent Barney-Fife-clone imbecile.
Anyone can laugh at the department heads on C-SPAN, but did you ever stop to think about who's really doing the hardcore research for the NSA at Ft. Meade--and elsewhere?
James A. Donald:
To judge by their most recent crypto ballsup, some donut chomping incompetents.
Faustine
That's just as inaccurate as condeming everyone who ever worked for Microsoft as clueless because of their corporate propensity for security lapses. You wouldn't go that far, would you?
Microsoft, as a whole, is incompetent at security. All supposedly secure software coming out of Microsoft varies from poor to worthless. Does anyone doubt it? They take standard well known methods and make well known bungles in applying it and customizing it. We do not get to see much of the spook output. What we have seen in recent years is not good. During world war II the government sucked up all the best people from the open sector, and put them to work in the secret sector. For example most of the words greatest scientists wound up hand making nuclear weapons. However, one would expect, with the passage of time, that people who work in secret would suffer from Parkinson's law, and this appears to be happening.
I know of an old-school NSA red teamer who's been teaching programming and engineering since before either one of us was born. An honest-to-god mathematical genius. Some of those old wizards could teach us all a thing or two. But whether the donut-chomping incompetents have the upper hand is anyone's guess. I wouldn't bet on it in the long run.
I would bet on it in the long run. It is inherent in the nature of government. Without the market weeding out the unfit and pressuring everyone for excellence, bureaucracies unavoidably decay for well known reasons. Microsoft produces crap security because most of their customers do not know any better. Therefore NSA will produce crap security because their customers are forbidden to know any better. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG FwLinDdmbEa6PhxFDMsPXCIlj97FlY1YpxKNR3KV 4FBpZ7okXglgl5/19J96vLLEaPc1wi1VxGVTGCRJf