Re: Administrivia: Discussion - Making this list subscriber-only

From: Jens Rehsack (rehsack@liwing.de)
Date: 08/27/02


Date: Tue, 27 Aug 2002 21:21:41 +0200
From: Jens Rehsack <rehsack@liwing.de>
To: Mark Murray <mark@grondar.za>


Mark Murray wrote:
>
> > > How will that stop off-topic chatter?
> >
> > Never. But neither your way does. I'm subscribed and I answer to your
> > off-topic post. So we both are the off-topic chatters you want stop.
> > Sure?
>
> :-)
>
> I am conducting this discussion under the "Administrativia" flag, so
> while it may be off-topic, it is of indirect-but-important relevance
> to the list.
>
> This is a focussed discussion that will cease abruptly when a conclusion
> is reached (hopefully!).
>
> > > > This allows to post validated senders only but keeps freedom to all
> > > > people who wants post.
> > >
> > > _Less_ freedom is actually needed. It is precisely that freedom which
> > > has allowed the list to become a question-and-answer (or HOWTO) list
> > > that has dropped the signal value so badly.
> >
> > Pardon, but IMHO this list is read by "security experts". So if I have
> > a security related question, I ask here. I'm a good developer, I have
> > many knowledge 'bout secure programming and know to protect my box
> > enough for stupids. But one the one hand there're many people who have
> > much less knowledge to security than me and on the other hand a lot
> > of guru's to me.
>
> Most of the real FreeBSD security experts avoid this list (or treat it
> as a "scan-only" list). The reason for this is the treatment of the
> list as "newbie questions welcome". That is not the original purpose
> of the list.

But it's a public list with sponsors from industry and persons...

> > What I want to say with that: What is a stupid question to me or not
> > security related ot sth. else may important to others with other kind
> > of thoughts. What a sort of guys we'll be if we judge 'bout the security
> > relate of a posting?
>
> Fair question (if I understand you correctly).
> Relevant:
> o Policy issues
> o Security bug details or fixes to security holes.
> o Experience of effective defences, including documentation of known
> problems.
> o Interesting security-related code.
> ... etc.

> Off-topic:
> o Any common sysadmin task.

May be ok, may not. Depends on the "common" of the task. If it's "so"
common, someone could add it to FAQ or handbook, couldn't someone?

> o "Which should I use FOO, or BAR?"

I have seen many question like "Should I you ipfilter pr ipfirewall?",
and those questions really have some reason:
a) Neither IPFilter nor IPFirewall is really good documented.
   It tooks a lot of expirience and "wisdom" to know hints for use
   in special situations.
   But - in that case - there should be a "security-questions" list.
b) Very less people knows that both filters could coexists.

> o Any topic which is more relevant to another list.

Who decides that? On which rules? I think, a collective reply with the
right list could help more.

> o Spam, or replies to spam.

This could be managed using
a) spam filter for list (what would be done already)
b) spam filter (rtbl) at your gateway
c) auth-requests on first post

> ... etc.

> > So I cannot follow your way to close this list. If you want have a private
> > list, why you don't found your own one?
>
> I don't want a private list. I want a high-signal freebsd-specific one.

So a good thing would be a security-questions list. Newbies can ask there
and the "high-signal" R.I.P. Sounds a little bit ok to me...

But: if someone found the list address, (s)he had read some manual before.
So there's a place where some rules could be noted...

> > > Depends on the "end". Here I mean a dramatic drop in newbie questions
> >
> > Who decides what's a newbie question an what's not? You? Me? Santa Claus?
> > And everyone started on a small ground... - that's the way.
>
> There are places for newbie questions. This is not it. The list

Not for newbie-security-related. When I was new I was happy 'bout security-list.

> sort-of evolved towards this, and as this happened, the guru-factor
> droppeed, and the question-factor rose. The list is now a low-signal
> duplicate of -questions/-newbies.

That's not really true, but I see, what you mean. But if you ask me for
my real oppinion: Add all things you don't wanted ask anymore to the
faq/doc/handbook and (let) commit it. So in 6 month those things aren't
asked anymore...
It's a more friendly way ...

> > > and a consequent increase in the technical content/discussion
> > > ratio. I also hope to attract back the security gurus, and thus
> > > further improve the signal content.
> >
> > This will not work. Let me explain what I believe what such a list
> > is for: I think, some people found a list for security related
> > discussions to make it much easier to help each other. Over the
> > month and years to original guru's are getting better and better
> > while the quality of the list in in everyone's mouth. So some more
> > guys and girls are subscribing to participate one every hint and a
> > lot of stressed people are just asking sth. and discuss just a small
> > (personal preferred) problem, an idea, sth. else.
>
> -Questions is a "help-each-other" list. So is USENET. We don't need
> any more, and unfortunately over time some folks have gotten used
> to this status quo. This may seem harsh, but such folks have a
> little unlearning to deal with. Sorry! :-)

I think that -question is a freebsd related "help-each-other" list.
An security related one is missed at the moment. Remember: the usenet
has many categories, too.

> > And some of the guru's get bored, but many new guru candidates
> > subscribed, helped, talked and - sometimes - chatted 'bout security (I
> > remember an obfuscation discusion not long ago).
>
> That fact that some time in the past, this may have worked for individuals
> is, erm, unfortunate. I can go to extremes ("Theft works for robbers" etc),
> but I think you may understand me if I say the means does not justify
> the ends.
>
> > So in my opinion this list is good just as is. If you are much more
> > expirienced and wiser so you have two choices. Go away to a wisdom /
> > guru list or stay (what we all prefer) and let us have part of your
> > wisdom.
>
> You are welcome to stay, you are welcome to read. Pleas understand that
> I don't want you to go naway; I want you to accept a higher signal ratio,
> and nI want you to not (unwittingly) contribute to the noise :-)

Of course, but please understand me if I say: let the other ones follow us.
But I think (after that discussion) a -security-questions is necessary.
Using force is not solution for the world, just for small numbers of people.
Give 'em a chance.

> > I do not want defend idiots, but - please - there is a difference
> > between newbie (what I could be in the eyes of many) and idiots /
> > torks.
>
> Lets not get extreme - we mostly agree. Lets see how this initiative
> pans out.

Agreed.

> M
> --
> o Mark Murray
> \_
> O.\_ Warning: this .sig is umop ap!sdn

-- 
L     i  W     W     W  i                 Jens Rehsack
L        W     W     W
L     i   W   W W   W   i  nnn    gggg    LiWing IT-Services
L     i    W W   W W    i  n  n  g   g
LLLL  i     W     W     i  n  n  g   g    Friesenstraße 2
                                  gggg    06112 Halle
                                     g
                                 g   g
Tel.:  +49 - 3 45 - 5 17 05 91    ggg     e-Mail: <rehsack@liwing.de>
Fax:   +49 - 3 45 - 5 17 05 92            http://www.liwing.de/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • Re: Newbie Questions
    ... Subject: Newbie Questions ... On Sun, 5 Aug 2001, Joe Warner wrote: ... > I'm a newbie when it comes to security and I have a few basic questions. ... update the domain information address everytime the connection fall ...
    (Security-Basics)
  • Re: Newbie Questions
    ... Subject: Newbie Questions ... On Sunday 05 August 2001 10:42 am, Joe Warner wrote: ... > I'm a newbie when it comes to security and I have a few basic questions. ... The security risk of a broadband connection to the internet is obvious ...
    (Security-Basics)
  • Re: Newbie Questions
    ... Subject: Newbie Questions ... >>these sorts of attack get people by ... I'm assuming that most crackers would incorporate ... Security is NOT a process of reacting to events. ...
    (Security-Basics)
  • Newbie Questions
    ... Subject: Newbie Questions ... I'm a newbie when it comes to security and I have a few basic questions. ... 15 minutes - 2 days of going live on the internet with a broadband connection. ... what about dial-up connections? ...
    (Security-Basics)
  • Re: Administrivia: Discussion - Making this list subscriber-only
    ... > off-topic post. ... but IMHO this list is read by "security experts". ... There are places for newbie questions. ... > guys and girls are subscribing to participate one every hint and a ...
    (FreeBSD-Security)