lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: aliver at xexil.com (aliver@...il.com)
Subject: Good old conformity.

On Sat, 17 Aug 2002, David Benfell wrote:
> And how would you describe the crap that's been repeatedly posted to
> this list?  I call it obviously nonsensical.  By repetition, it becomes
> a tantrum, just like a two year old, screaming "I want!!! I want!!! I
> want!!!" over and over.

Motivations and identities being unclear, you are making assumptions who
is doing what and why. Again, I'm apathetic due to some very trivial
efforts with procmail filters.

> > You kind of derailed here. First you exaggerate using a straw-man tactic
> > (the "massive forces of darkness advancing.. blah blah")
> It is your "phrack" children who invoke this imagery.

In case it wasn't clear to you before, I have nothing to do with the
#phrack folks. I also have no idea why certain individuals are spamming
the list. I honestly don't care much as it has nearly no effect on me.

> > experience with people who show a prejudice against metal-heads and freaks
> > in general. They are scum in my mind.
>
> My, aren't we getting sensitive?

Sure. However, it would seem that if that's the best you can do in your
own defense that there may be some truth to what I have offered as a
suspicion. Again, a little bird whispers "conformist" in my ear.

> > Don't believe me? Tell it to the
> > parents of Brian Deneke or to Kori Pienovi.
> >
> And what possible relevance does this have?  On topic, please.

It requires a bit of abstract interpretation, I understand. It would seem
that this is a skill that you are not adept at. Let me put it to you in
more simple terms and use smaller words so you can follow without
straining yourself to try to understand. Brian was a friend of mine who
was murdered by a whitehat. Not a whitehat in our "security industry"
terms, but a jock who went around wearing a head-fitted white baseball
cap. Perhaps this is some familiar imagery to some of us. His murderer was
a football "hero" in his hometown and he decided that the best way to end
a brawl with Brian was to run him over with his car during a drunken
stupor.  It's a story more or less like "The Outsiders" if you remember
this one from grade school. He was killed for being different. The
relevance is that you liberally characterized some of these so called
"children" with some negative undertones without adequate knowledge of who
they were, how many there were, how they are organized, or what their
motivations are. Then you threw on the reference to Heavy Metal. This is
generally a hint to me that a person is very probably a reactionary
conformist. This personality type reminds me of personalities and
attitudes responsible for murdering Brian and raping Kori. I'm comparing
you with these people because you seemingly share some traits with them.
How is that? Clear enough for you?

> > Nope, and I don't believe that you and he are even on the same page. The
> > way I read it, it was a rebuke for whitehats. His arguments are
> > aggressive, no doubt, but they do well to confute the whitehat propaganda
> > which is definitely a bigger problem to me personally.
> Whitehat propaganda?  Come on now.

Yes, whitehat propaganda. You are reading correctly. Your response "Come
on now" doesn't do much to rebut my assertions or the assertions of the
original poster. In my opinion it's because you lack any rational basis
for doing so and thus you are reduced to such an absurd response.

> I don't much care how security flaws are exposed.  I want to hear about
> them and see that they're being addressed.

Well, you won't hear about them from me, and due to your self-confessed
non-programmer status and your self-admitted lack of motivation to change
that; you probably won't be finding any yourself either. The best you can
hope for is what Scott calls "charity" from others, and I think it has a
nice ring to it.

> I'm surprised I even have to say this here; I would think I'm preaching
> to the choir.

Glad to surprise you.

> But the "phrack" children, and their more intellectual apologists, would
> have us believe that somehow secrecy is safer.

First off, I'm making an assumption here that your addressing me and
perhaps a few others in the latter group. My response to this is twofold.

1. I don't have any connection or anything to do with the #phrack
   business, I've told you this before and you don't seem to be getting
   it. Perhaps you wish to lump me in with them to make me an easier
   target. Sorry, but it's not working.

2. I find your assertion about "having you believe" that keeping
   vulnerabilities secret is safer for you ridiculous. If you have read
   anything I've posted, you would know that's not a fair statement of my
   position. Simply put, I don't give my work away to people I don't like.
   You don't care? No problem; neither do I. We can just agree to stay
   away from each other whitehat to blackhat. The only difference is that
   I'm still going to be sitting on information that you could use, but
   not visa-versa. If you don't believe that, then again it's no big deal
   because I don't care.

> As if somehow, there are really only a couple of wizards who can find
> these dastardly flaws.

I'm not sure if you are meaning the #phrack guys or if you are again
lumping everyone who doesn't share your opinions together. I am not
deluded enough to believe that I'm the only one to find security flaws in
software. That's certainly not a unique skill. I'm saying that I make a
habit of finding them on a semi regular basis and can do so at will. I'm
also saying that I'm now certainly not inclined to share the results of
that effort with folks like you. Lastly, I'm pointing out that you cannot
do it on your own (by your own admission). Which is something you should
give some thought to before you go pissing on people like me whom your
kind has grown dependant (as in a leach) on.

> It's a comic book mentality, more evidence of childishness.

No, it's a false assertion that you make in order to prop up a weak
argument. Your continued reference to "children" implies that you really
do tie anyone who doesn't share you views into one big bundle. If you see
me as the same as the #phrack folks, you have misread things entirely.

> > > And I would not imply that I could by asserting that others have not.
> > That's because you can't. You've already mentioned that, so let's move on.
> But you miss the point.  Quoting nearly verbatim a Defcon presentation
> does not demonstrate any mastery of anything other than, perhaps,
> transcription.  More likely, it shows an ability to use cut and paste.

I happened to listen to the talk you are referring to.  I also heard some
striking resemblance to the post you reference. However, that doesn't make
it any less applicable to someone like, say, yourself (an admitted
non-programmer).

> When lecturing people about their lack of skill, it helps if you possess
> those skills yourself.

Agreed. It would certainly help. However, that's assuming that you
honestly wish to establish some credibility or respect with them. In my
case, I'm quite tempted to post a bit of code to the list just to shut up
the first few folks who ask for proof that I can put my skills where my
mouth is. However, if that challenge were issued by someone like you, I
don't think I'd venerate it, since you are (once again by your own
admission) not even capable of distinguishing the merit of any such
display of skill. Furthermore, I don't think it'd be appropriate to
attempt to prove myself in a forum with so many whitehats. I'd prefer that
you all think that I'm only full of talk and continue to underestimate and
marginalize folks like me. It makes things much easier.

> he is unknown to us, and cannot be said even by reputation to possess
> these skills.  Therefore, I challenge his authority.

Well doubting his credibility is one thing, but I can't help but think
that, plagiarized  or not, his point is well taken by you and I both. The
difference is that you just don't like it since it denigrates your
position.

> I suspect that most people on this list can distinguish the appearance
> of intellect as displayed in the arguments you support from arguments
> that actually have substance.  Real arguments have structure.  Those
> arguments which you support do not.

You have a striking tendency to make assertions, but then become
delinquent with any facts to back them up. What "real" arguments? I hope
you aren't referring to your vaporous content already well dismantled.
Where I provide ample evidence, example (which comprise what you call
"structure"), you provide only empty accusations backed up by hollow
assertions.

> Put in terms you might understand, a rant does not qualify as an
> argument.

Really? Well thank you very much for that absolutely ground breaking
revelation. I'm sure the entire list is in your debt for pointing out such
a profound truth.

> > More incoherent attempts at trivializing what you don't agree with? Nice
> > try but you come off pretty diaphanous.
> It is your "phrack" children who invoke comic book imagery with a
> comic book mentality.  Who's being thin?

Here we go again. Once more for the people in the back row: I'm not
associated with #phrack despite your repeated attempts to tie us together.
It's just as flimsy now calling them my "children" as it was with your
original post.

> Comments on mail filters do not change the fact that you are attempting
> to rationalize the behavior of a group of children who are attempting to
> subvert this list for no clear reason other than the possibility that
> some grownups might take their fun away.

No comments on mail filters are something which you really need to take to
heart. The bit about rationalizing the behavior of a group of children is
sort of in left field somewhere. However, thanks for the further
illumination on the character of your tactics. Attempting to
simultaneously  group me in with some other people you are fond of calling
names is a nice platitude, but lacking in weight.

aliver

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ