Re: Caddx NX-8E - RS232 ASCII Codes

["Robert Green" <ROBERT_GREEN1963@xxxxxxxxx>]

"wkearney99" <wkearney99@xxxxxxxxxxx> wrote in message
news:aPWdnaFEo563TkDfRVn-iQ@xxxxxxxxxxxxxxxx
> > Here's a test.  Call up Ft. Knox and ask for the alarm protocols for the
> > gold vaults.
>
> How about picking examples that are even close to relevant?  That's
> certainly not.

How about even *giving* us an example before finding fault with mine?  And
remember, just because you don't understand the relevance doesn't make it
irrelevant.  :-)   I'll try again.

Alarm makers are trying to protect their assets.  Is there some reason they
are not entitled to try to protect the integrity of their intellectual
property?  Or is their some reason you *have* to buy from a manufacturer who
refuses to cross-license their IP to you for nothing in return?  Or is there
something you're offering that panel maker for access to his protocol that I
didn't catch?  They're stupid if they give away something for nothing,
aren't they?  I don't believe in patronizing stupid vendors.

You claimed that "security through obscurity" was "pathetic", IIRC.  My Fort
Knox *analogy* is therefore quite relevant.  Anyone charged with protecting
something REALLY valuable doesn't go about revealing the details of that
protection to any Joe on the internet who asks.  They usually don't reveal
it to anyone who doesn't have a "need to know."

Why do they call the men who protect the president "The Secret Service?"
Wouldn't your theory of "non-obscure security" dictate that they call it the
"Public Service" and copiously publish where the President will be at all
times and how many people will be guarding him and what weapons they will
carry?  You should be starting to see why your comment has provoked my
rather incredulous response.

Perhaps you can explain to me why you, or me or any Joe Websurfer, would be
entitled to design details about a HA or alarm panel?  You should have known
what level of tech support they offered when you bought it, right?  It
shouldn't be surprising that I and others feel the less a panel maker
reveals about the innards, the more secure a product they make.  Sure there
are scoundrels that use secrecy to conceal shoddy design, but you can't just
cover every situation with a blanket indictment of obscurity's value to
security the way you did.

Do you *honestly* believe that an alarm manufacturer would make their
customers any safer by providing anyone who asks all the details of their
hardware?  If so, then YOU buy from them.  Let me buy from the people that
don't think that's such a good idea for their customers. (-:

The casinos don't publish the numerous ways they check for cheats or their
"cheat books" (faces of cheaters and dossiers of their preferred techniques)
because they know that the more thieves know, the more they'll be cheated.

> Likewise, spare us the 9/11 hype.  Sure, it was indeed a tragedy but it
has
> nothing to do with the thread.

Jeez.  You must see red a lot.  Please pardon my unsolicited headshrinking
Bill, but when something seems to light up your hot button LED, your ability
to make logical connections appears to suffer.  I'm pretty sure if we had
you hooked up to a polygraph or an EEG we could see some pretty big spikes
as you heard the words "9/11" or "security by obscurity" or "Group
Moderator" or "WiFi is totally safe" being spoken.  :-)

Slow down, get a cup of coffee, sit down at the PC and I'll go over this
again, because it's clear you didn't make the connection.  Perhaps my
writing was too obscure. :-)

The Feds are spending BILLIONS on "security through obscurity."  They are
removing thousands of previously public documents about the national
infrastructure from the WWW.  Why do you think they are doing that?  Because
security often comes through obscurity.

The best minds they could find decided that granting access to building
plans and infrastructure to someone in (insert terrorist symp nation here)
via the WWW may help them plan their attack.  I'm sorry if this seems some
sort of cheap sentimental shot at 9/11 to you, but to me it's a very real
indication that experts believe in limiting critical infrastructure
information to those with a need to know.  It's proof that's occurring all
around us that with total openness comes a certain amount of risk.

So, seeing information being limited all around them at a national and local
level, isn't it reasonable for an alarm panel maker to at least *assume*
that less is safer?  Watching what their own government is doing to become
more secure, aren't they right in believing the less details they give out
about system internals, the less likely they will be hacked?  This is just
the way of the world.

Now I will readily agree it's NOT the way to design a worldwide internet,
but it may well be appropriate to most other things that need protection.
Obscurity figures prominently not only in protecting national
infrastructure, but in the protection of almost all valuable assets, whether
it's gold in Ft. Knox or casino chips or plutonium or my frikkin' household
goods!

Why do you think the NSA is the most obscure branch of the federal
government?  Because "Security" is its middle name.  I mean, c'mon, Bill, it
hits you like a mackerel in the face everywhere you look.  Now if you had
said something less general like "some vendors hope that obscurity will hide
the shoddy underlying nature of their goods" and given an example of the
perpetual buffer overflow exploits that infest MS Windows, I would have had
to agree with you.  But the further you move away from the one example, the
more heartburn I have with your contention's global assertion.

Are you familiar with US secrecy protocols like CONFIDENTIAL, SECRET, TOP
SECRET, SCI or SAP? I am, and it grates me to read a sweeping generalization
about "security through obscurity" being "pathetic."  A TS violation
(revealing information or material which reasonably could be expected to
cause exceptionally grave damage to the national security) can get you put
to death.  Killed.  Dead.

When you get as TS clearance, they make you sign a paper saying that you
understand the penalties for making TS data "unobscure." People have been so
spooked by what those penalties are that some have opted out.

Someone other than me clearly believes in obscurity being a good thing for
security purposes.

Decisive victories like Midway were possible because neither the Japanese
nor the Germans built an obscure enough code nor kept it secret enough.  All
we needed to break those codes were the design documents and some Polish and
English geniuses.  We had the advantage of one of the most obscure languages
on the planet, Navajo.  The Axis couldn't break it.  Obscurity is good.

In fact, it's a really, really good adjunct to security in almost everything
BUT the internet and that's because the internet is so unique in its
interconnectivity.  Please don't assume that one oddball case where
obscurity is a hindrance sets the mark.

< Click! (MY hot button thermal breaker just reset) >  :-)

--
Bobby G.