My Anti-Drama Code of Conduct

Man, there are a lot of hurt feelings out there lately. In my industry, they call it security drama. But it goes way beyond that. Post your political and religious beliefs and someone is quick to tear you apart.

I’m not going to summarize the latest examples. A lot of Facebook and Twitter streams are already clogged with all that snot. Instead, I’m going to tell you the behavioral code I try to live by when blogging and using social media.

Mood music:

When I blog, I opine forcefully. I make no apologies and I don’t back down. After 20-plus years in journalism — 11 of it focused on information security — I know that if I make a forceful argument, as many people will disagree with me as those who agree.  This is especially true if the topic is religion or politics. I also know that I’m going to get it wrong once in awhile, since opinions usually come about as a story is unfolding, before all the facts are in place. I also know that I’m going to offend people once in a while without meaning to.

With all this in mind:

  • I go out of my way not to insult people with name calling. This wasn’t always the case, but over time I realized nothing good comes of it.
  • When people take issue with something I write, I don’t respond. I used to but decided that doing so isn’t much different from whining. And since I’ve already made my case in a post, I see no reason to repeat myself. If someone is critical of what I say, I let the comment stand. Everyone is entitled to their point of view. And if someone is an asshole, that’s all the more reason not to respond. Engaging assholes is pointless, because their agenda isn’t to have a constructive discussion in the first place.
  • When I realize I was wrong about something, I promptly admit it.
  • If I post something that triggers traumatic memories for someone, I’ll take the post off of Facebook. Some folks will complain that we’ve become too politically correct and that we can’t worry about the few who complain. But that’s not the point. My agenda is to share an experience or belief — never to do someone harm. Some folks will claim they’ve been triggered over something and will never look at my writing for what it is. When that’s the case, I tell them to unfriend me. If we’re not connected, you won’t see my posts. Problem solved.
  • If I wade into what people see as drama in my industry, it’s because I think I can bring some people to the middle ground. Increasingly, though, I stay away from that. When passions reach critical mass, injecting reason becomes impossible.
  • Even when writing about unhappy experiences, I try to point out the positives. My father’s final weeks were painful, but I got to spend a lot of time with him and make sure nothing was left unsaid. Sad periods have their beauty, too.

If you think these examples are helpful to you, I’m glad. If not, that’s fine, too. I’m telling you what I do, not what I think you should do.

Buzz and Woody: Triggers are everywhere

Cut Mary Ann Davidson Some Slack

These last two days the infosec community has been consumed by a blog post Oracle CSO Mary Ann Davidson wrote. In that post she railed against security researchers who reverse-engineer Oracle’s code and nudge the database giant with their vulnerability findings. (Oracle removed the post, but The Wayback Machine captured it and it’s been distributed far and wide anyway.)

Mood music:

Davidson argued that Oracle does just fine finding and fixing its vulnerabilities and that outsiders who butt in are messing with end-user license agreements and overall company sovereignty.

Having reported on Oracle vulnerabilities for years, I found her position flawed. I’ve seen time and again how researchers find flaws and Oracle leaves them unfixed, sometimes for years. That tells me the company doesn’t have a handle on its security problems. I also think it’s important that companies welcome the help of outside researchers. In the fight against the bad guys, companies can use all the help they can get. Google and Microsoft understand this, and their bug bounty programs enhance their overall security.

Oracle took the post down, saying it doesn’t accurately reflect the company’s view of customers. If you’re Davidson, that’s gotta sting. Her not responding to the criticism makes the situation worse. I suspect Oracle has muzzled her, and the company itself isn’t returning reporters’ calls. Not that the company has ever been good at returning calls. It was a closed-off culture when I was reporting on its security flaws a decade ago.

We can disagree with Davidson, but we should remain professional rather than stoop to childish taunts.

She forcefully argued her position, and the relationship between security researchers and tech companies is an important, ongoing topic. I’ve seen a lot of people criticizing her position respectfully, which is good. But I’ve also seen the usual vitriol-laced pile-on. Hundreds of people are ripping her to shreds, often doing so with the same amount of snark they criticized her for using in her post. With these debates people can get mean, and that’s too bad.

I’ve known Davidson for a long time. We haven’t always seen eye to eye, but she’s a good, intelligent person and I respect her a lot. It’s sad to see her character unnecessarily killed in an online, public execution.

I hope she gets through this. I suspect she will.

Finally, it’s worth noting that those of us who write are always going to get it wrong from time to time. I’ve had my share of stinkers. We’re all human and emotion does funny things to the brain. That’s what I’m trying to keep in mind during this latest infosec firestorm.

Disagreement is good. But when you remove kindness, it turns to poison.

MARY ANN DAVIDSON

Stripping the Drama from DEF CON

People in my industry love the word drama. The word is tossed out like Tootsie Rolls at a holiday parade. In my opinion, the word is used a bit too much, especially in the month or two before the DEF CON hacker conference in Las Vegas.

Mood music:

Each year, someone suggests there’s sexism at the conference, and someone responds by yelling “Drama!” Each year, someone complains about an overabundance of drunken debauchery and someone else cries “Drama!” This year, I saw the word floating around because some spouses have a group called H(a)ck3rWives, designed to help “spouses, kids, parents, supporters in general everywhere decode their hackers and come together.” In this case, the drama appears to be that some spouses feel a support network is needed in the first place.

Personally, I don’t see these things as drama.

If some people want to network and their common bond is that their loved ones are away at hacker conferences all the time, good for them. If it helps, more power to them. If someone sees sexism or drunken disturbances and wants them dealt with, have at it.

Most people can handle their booze at these events, and most treat the opposite sex with the appropriate respect. But there are usually one or three who cause trouble. In those cases, it’s reasonable if people complain and demand action.

Good people can and certainly will disagree with me on those points. That’s not drama, either. It’s part of a healthy discussion.

To be fair, ours is a community with many colorful personalities. When strong personalities debate and disagree, it’s easy to see the situation as dramatic, even if the issues they discuss aren’t dramatic in the true sense of the word.

I’m looking forward to DEF CON next month. I’ll network, spread the good word for my company, blog and podcast about the talks and hopefully walk away smarter than when I arrived.

Those aren’t dramatic things, but they’ll do just fine.

Comedy and Tragedy Masks on a Stage

When People Don’t Like A Discussion, They Call It Drama

Since I write a lot about how we talk to each other in this blog and my professional one, I hear the word drama a lot. It’s almost always used to describe something people don’t want to discuss. It’s a one-word arsenal meant to shoot down anyone you disagree with. I get shot at a lot. And I’m perfectly fine with it.

Yesterday I publicly took a local newsman to task for relishing his coverage of the Boston Marathon bombings a little too much. He was on Facebook, telling us about how he had the best information and the best inside sources at the hospitals and in law enforcement. He ripped politicians who didn’t come right out and call this a terrorist attack. He kept track of the death count like a scorekeeper at a ballgame, going on about how the media was reporting three deaths but his tally was four.

He boasted that his info was the best, better than Fox, better than the Eagle-Tribune, a local newspaper he competes with fiercely. He carried on exactly as he has in the past, and that’s why I wrote this post a few weeks ago. When all you can do is toot your horn during your reporting, you become part of the problem in media today.

The reaction to my criticism was swift. Some agreed with me, while others defended him. The defenders accused me of creating drama, as if covering a national tragedy like a ballgame wasn’t drama itself. One person said I was engaging in a “form of adult bullying.” Another told me I needed to “get laid.”

As my 9 year old likes to say: “Whatever.”

Facebook is a place where everyone loves to express their outrage and pride with memes and sayings that are not fact-checked. That’s drama, too.

If I smell something that stinks, I’m going to say something about it. As a writer, that’s what I do. If it offends you, unfriend me or unsubscribe from my posts.

Better yet, do something about the drama you create.

kirk yelling at kahn

A Crohn’s Disease Attack, Put To Music

During a severe Chrohn’s Disease attack in the mid-1980s — around the time I was discovering Van Halen‘s older albums — I found one song that really personified what I was feeling.

It’s the final song on the band’s debut album from 1978, which is also the year I was first attacked by this disease.

As I’d spend the early-morning hours sitting on the toilet in the upstairs bathroom of 22 Lynnway, Revere, losing blood, clutching my gut and making a thousand deals with God, that song would reverberate through my head, over and over.

I had forgotten about it over the years. But this morning, for the hell of it, I decided to listen to that first Van Halen album on the drive to work. Somewhere along Route 128, the song came on, and I was transported back in time.

I went a lot of years without listening to the song. It’s not that it brought back the bad memories. It’s just that I’ve been listening to other things, including Van Halen’s new album, “A Different Kind Of Truth.”

Looking back, I’m glad I had that song going through my head during the overnight Crohn’s attacks. It put noise and words to what I was feeling, and made those long hours of darkness feel a little less lonely.

As I replay the new Van Halen album over and over, I’ve found another song that fits my life today. It’s a track called “Blood and Fire.”

Those two words fit the feeling (fire) and result (blood) of a Crohn’s attack. But the song is about coming out the other side, making it through the blood and fire and doing, as David Lee Roth sings, a victory dance.

http://youtu.be/nwXzBn3W1xM

Thanks for the coping music, boys.