lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: zorkshin at (Justin Shin)
Subject: Feeding Stray Cats

Actually, I subscribe to the Full Diclosure list not because I think it will be full of relevant, accurate posts but because any guy has as much of a say as, let's say, RedHat's Security Department (ugh, RedHat). Now yes, I know there are many stupid posters, myself one of them :) but I can "ban" them by filtering the stupid ones out. Ironically, its the stupid people who post the most, usually.

Now, there is a moderated and an unmoderated list already. The moderated one is BugTRAQ, the unmoderated one is Full Disclosure. I have no qualms with BT other than its slow speed, but this is a problem on any moderated list.

Just a thought.

-- Justin
-----Original Message-----
From: [mailto:full-disclosure-admin@[Justin Shin]]On Behalf Of Josh
Sent: Monday, November 10, 2003 3:46 PM
To: Schmehl, Paul L
Subject: Re: [Full-Disclosure] Feeding Stray Cats

How does one filter for stupidity?  We could use the Flesch-Kincaid algorithm (, however that would make people who speak using words like "misunderestimated" float to the top.  


The message I sent originally was laden with a bit of animosity as I have seen both public and private lists destroyed by similar patterns.  My intention was to encourage members to listen before speaking.

Here is the rubric that I would use if we could pull it off:
Post Rating 1-10
5 = Barely on Topic
10 = Spot on

We could develop a simple page to grade posts and posters, and if enough people contributed, we could then develop mean average scoring which would allow us to develop our own individual procmail filters.  This would allow each person to self moderate.  Slashdot is a similar example, however this would simply be an off list collection of data which could be used in whatever means each user would like.

 Better would be to increase the SNR (my apologies to those who noticed in my earlier post, I was busy being frustrated) by privately sending messages to posters who just don't get it to explain to them their errors, thus avoiding public humiliation/flame war.  I think that a bit of elitism/self policing would be in order.  While the charter is nice being as loose as it is,  it may be time to spell out in the charter certain tabu's. We could possibly develop a list ettiquette document which could be sent to those who are offenders to spell out the do's and do-not's of the list just a bit more clearly than the charter.  By creating a separate document, we can avoid screwing up the charter.

Another possibility is for new members to have a "waiting period" of a month or 3 where their posts will be moderated (this would solve the issue of pressing exploits).

All of those who are responding with the, "learn to use filters" or "deal with it" replys are going to contribute to the downfall of the list.  There are many lists which have gone this way.

My $.02


Schmehl, Paul L wrote:

-----Original Message-----
[] On Behalf Of 
Kenneth Ekdahl
Sent: Monday, November 10, 2003 4:38 AM
Subject: Re: [Full-Disclosure] Feeding Stray Cats

One way to solve this could be to split this list into two; 
one moderated and one un-moderated. All mail gets sent to the 
un-moderated list, to avoid the suspicions of censorship that 
makes this list different from bugtraq, and those mail that 
pass moderation, or is sent from someone who is known from 
previous posts to be serious, will also be sent to the moderated list.

One of the wonderous things about computing is the distributed nature of
it.  By spreading the work across many hands, the job is easy to do.
Yet, what you are suggesting is that Len et. al. do all the work, while
the people who get bugged by certain posts do none.

A much better suggestion would be, "Learn how to use filters".  The
people subscribed to this list are *assumed* to have at least a
tangential interest in security.  Given that, one would *think* that
they have at least enough capability to set up a simple mail filter
(pick your poison, your choice of OS) that would eliminate the noise and
still give them what they want.

Paul Schmehl (
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member 

Full-Disclosure - We believe in it.


Powered by blists - more mailing lists