| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: azmodan at linux.online.no (Mads Tansø) Subject: requires full discussion of political and legal aspects of security If anyone on this list doesn't "like" or "approve" of some of the more or less useless discussions, aren?t they free to either block, autodelete or just don't read the mail they consider to be garbage? By replying to it with useless comments on why these topics shouldn't be on the list, they end up amplifying topics, creating even more junkmail for us others to read, autodelete or even block mailaddys for... >From my point of view; if you aren?t capable of adding a block-rule for the mails you don?t want to receive you've got nothing to do on such a list. Now, go cry... Ooh.. Did I hear $500 for the openssh 0-sec? Oh, wait, ya'll probably more interested in spamdeleters for this list than security, so ill go release it on p4ck3tst0rm instead... be0tches... Mads Tansoe a.k.a Azmodan Dark Magic Network Crew /* Wouldn?t ya all love to be able to put yer name on yer mails? Woohoo ;p Freedom of speech, freedom to friggin copy and distribute yer dvds, dl metallica and write some nifty exploits... All with the law behind YOU? Say YES to .NO.. What we exploit today, others will exploit tomorrow.. Dark Magic Network Crew */ -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Matthew Murphy Sent: 19. april 2003 21:41 To: Full Disclosure Cc: jasonc@...ence.org Subject: Re: [Full-Disclosure] requires full discussion of political and legal aspects of security ----- Original Message ----- From: "Jason Coombs" <jasonc@...ence.org> To: "Matthew Murphy" <mattmurphy@...rr.com>; "Full Disclosure" <full-disclosure@...ts.netsys.com> Cc: "Len Rose" <len@...sys.com> Sent: Saturday, April 19, 2003 1:25 PM Subject: RE: [Full-Disclosure] requires full discussion of political and legal aspects of security > Matthew Murphy wrote: > > These kind of discussions, while interesting to some list members, are not > > why I subscribe to this list. The list's purpose is for discussion of > > security issues -- Theo de Raadt's poor cry baby routine is not a security > > issue. Please keep off-topic discussions like this to a minimum, as they > > will destroy this list. List subscribers, many of whom are looking for > > actual vulnerability details (and not discussion of world ideals), will > > begin to leave in droves if posters do not learn to show basic restraint. > > If it isn't a security issue, don't post it. Period. I will adopt this > > policy from this post forward, and I encourage others to do the same. > > As somebody who has conspicuously and intentionally pushed for more political > discussion on this list, I must say first that I disagree completely and > second that I have no intention of withholding political discussions from this > list so you'll either have to tolerate (or filter) me, or lobby Len to block > my postings if they really offend you. I don't find your posts offensive, I find them to be useless junk mail that clutters my inbox. If I wanted to hear your political views, I would have joined a list of politicians. I joined a list of security researchers -- specifically hoping that the lack of oversight would keep political things (e.g, selective moderation) out of the list. Obviously, posters like yourself will make sure that goal is never reached. While it is not possible to have a discussion without some *sense* of politics, it is possible not to have *political discussion*. I could understand a story about something relevant to me that you legitamitely think I need to know -- some threat to my well-being, occupation, etc. I don't see how some U.S. government agency cutting off money to Theo De Raadt impacts me, or many of the list's other subscribers to the point where people's extremist political ramblings need to be flooding my inbox every 5 minutes. > Geek crypto tech cipherpunk penetration and vulnerability discussions without > political and legal context encourage and foster gross misunderstanding of > reality and place those who engage in security and cryptography research at > risk of unreasonable prosecution and persecution beyond socially acceptable > and beneficial self-regulation. I didn't say we needed to have another BugTraq, I just said the discussion needs to be *relevant*. And, btw, if you think this list is self-regulation, you're sadly mistaken. Self-regulation (essentially anarchy -- by the proper meaning anyway) cannot happen in security. The minute there is a need for security, self-regulation has failed. > You've already made a political statement by joining this list: you reject the > politics of partial-disclosure or no disclosure on the grounds that you and > those who rely on you for expertise are best served when everyone receives > full and timely disclosure of vulnerability details. You are implicitly > insisting that forces of oppression that curtail disclosure and discussion do > far more harm than good. By joining this list, I hoped to keep political garbage like Symantec's hiding of information, selective moderation, etc. from coming here. I did not join this list for an open-ended political discussion, but for an open-ended discussion of *security issues* as is in the charter. > I reject your implication, and the implication of others on this list who have > communicated as much to me in the past, that political and legal discussions > pertaining to security are harmful to the list's well-being and focus. Pertaining to security how? Other than the fact that Theo De Raadt is an OS project manager with a security interest, and he lost money he admitted he never needed... that's just too much of a stretch, especially when the list charter says politics should be avoided "at all costs". > You've probably noticed that with a couple exceptions we all know better than > to engage in flame wars, especially over a non-technical political or legal > matter. That assertion is ridiculous, because this *is* a non-technical political matter we are dealing with here. :-) > This self-regulation is working, and the tone and scope of discussion > on this list coupled with the lack of restrictive moderation makes it superior > to bugtraq and others. I would wonder about that assertion. In its current state, this list drowns my e-mail box in so much ridiculous junk that it becomes nearly impossible to search through a week's worth of postings (a hundred or so), and find the few things which actually deserved a place here. > The most compelling reason to support thoughtful and well-informed political > and legal discussions rather than cast hate upon them as having nothing to do > with the topic of security is that we who support full disclosure are wise, > patriotic, law-abiding realists whose understanding of the technical subject > matter combined with our experience in the real world convince us beyond any > doubt that only the self-interested minority of power and money elite benefit > from suppressing full disclosure -- and we recognize, being realists, that > every disclosure made without the full support of the self-interested minority > places those responsible at risk. > > You cannot seriously sit on the sidelines of this list, exposing yourself to > (nearly) zero risk (*), and benefit from the hard work being done and hard > risks being taken by others, while simultaneously proclaiming that discussion > of the political and legal risks being taken by those who do the work that > benefits you is somehow off-topic. As a poster to the list, and a reader of the list, I get very little benefit from political discussions such as these. Had this discussion involved something such as a grant specifically for the purpose of *security* (and not just concerning the personal reputation of Theo De Raadt), I would have had some knowledge to gain from it. The way it is now -- mindless political ramblings about "free speech" from all corners of the world -- teaches me nothing about security or any related matter. Had this been a discussion of threats to/reasons for support of free speech, I would have had a good context. The way this discussion has been presented has no context, only the rantings of a Canadian cry baby about U.S. law. Further, I'd be interested in what makes you believe you have taken substantially more risk than I have, as a fairly regular contributor to the list. Were I not a regular contributor, I would have long ago un-subscribed so that I didn't have to put up with thoughtless political rants and useless junk e-mail such as your post here. > In the good 'ol days there used to be an explicit requirement for > contributions from every member who benefits from the risks being taken by > others. Either you contributed, and thus took some risk yourself, or you were > not entitled to benefit from the risk-taking of others. We've moved beyond > that point now, and realize that it would be wrong to withhold the benefits > from anyone: this is the essence of full disclosure. > > But don't tell me this list is not political. If it's just bugtraq without > Dave Ahmad then I need to unsubscribe. What about the provision in the charter that says "politics should be avoided at all costs"? That seems to say that the list's goal is ***NOT*** politics. > (*) During World War II, the Nazis apparently used telephone company records > to find out who called who. Whenever they hauled a family off to a gas > chamber, they were sure to check that family's telephone records to determine > who else they needed to haul off to the gas chamber also. Therefore, simply > subscribing to this list with an e-mail address that is traceable to your real > identity places you at risk whether you choose to believe it or not. Anyone > who fails to understand the full scope of information security risk, inclusive > of its sometimes-subtle and sometimes-dangerous political and legal aspects, > fails to understand both history and human nature. I have to wonder what relevance this has to the list, other than to state that the goal of the list, with *or without* the political discussion, is the ultimate freedom of information. I fail to see how such off-topic, fringe political discussion contributes to that goal. By saturating the list with details that most subscribers do not find useful, you are drowning out useful information with ultimately useless political baggage. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists