lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <dc5035b80809151245u6ac653f6oe61278e1a05d652f@mail.gmail.com>
Date: Mon, 15 Sep 2008 20:45:51 +0100
From: "Od Orf" <mr0d0rf@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [RFC] Very Low Signal to Noise Ratio on FD

Dear All,

I've been reading Full Disclosure for quite some time and, for the
most part, value the content I find here.  It helps me with my work
and helps me keep abreast of developments in the wonderful worlds of
network and application security.

In this post, I seek to spark some discussion as to how this
unmoderated list might improve it's effectiveness with regard to
"self-policing" and how subscribers might employ methods to filter
extraneous content whilst retaining that which is truly valuable.

On a personal level, I have tried in the past to filter out posts
which fail to meet certain criteria using both blacklists and
whitelists of content keywords.  I've found these to be ineffective in
so much as either filtering the signal or not filtering the noise to
varying degrees.  I've tried blacklisting email addresses where the
content is often of little value, but again this is not very effective
at filtering out noise (although it usually has very little negative
impact on the signal).
These methods have taken-up far too much time to implement and manage
for their levels of effectiveness and perhaps exceed the time spent
manually reviewing posts to determine their worth.

Many of you would no doubt agree that the dissatisfaction with the
level of noise is oft expressed (which often generates further noise).

One possible solution which would require consensus might to be apply
lessons learned by parents and other adults with responsibility for
children.
When dealing with a child displaying anti-social or otherwise
undesired behaviour, one should not engage the child at that same
level.  For example, one should not retort as this implies permission
and complicity.  Instead a clear indication should be given that the
behaviour of the child does not meet the required level of
desirability.  This should be done in a non-threatening, but
authoritative response and delivered in an articulate and consistent
manner.  The key is to set clear boundaries.
Failure to stay within clearly defined boundaries carries a penalty,
such as a child time-out (naughty-chair) where the child is removed to
an area where they are unable to participate but can observe the
continuation of normal activity.

Obviously I am not comparing any FD users to children nor suggesting
they be treated as such, but I think that an approach similar to this
may have some merit for dealing with the phenomenon of noise
escalation which often occurs in response to a noisy event.

If, for example, a message was posted to the list which was perceived
to be undesirable, disrespectful or otherwise noisy it might help a
great deal if firstly the poster were gently chided with respect to
their post and secondly the post elicited no other response and
certainly none which might be perceived as undesirable.  The latter I
think is most important because without such responses, there is a)
less noise generated and b) less fuel for those who repeatedly post
trivial and useless or inflammatory material.

Finally, I should say that I am acutely aware that this post may
itself be construed as noise, but I hope humbly that it is received in
the spirit with which it is meant.

I welcome your ideas and recommendations.


Sincerely,


Iain O'Dorf

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ