[ale] Please stop spamming the list (Was: Re: researcher develops new secure login procedure)

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Fri Oct 11 12:53:28 EDT 2013 

Mike T,

I'm sorry if I've offended you ... yet again.  That is never intentional.

There are a number of erroneous conclusions in your message that I wish 
to address.

Let's talk about the "off topicness" of this list.

People may disagree about this, but, suppose, just for the sake of 
discussion, that "on topic" is a message which mentions some form of 
Linuxish OS, including Android, Unix, etc.  Also, the message could be 
considered on topic if it's obviously relevant to those topics.

The message is not excluded if it mentions Windows, Mac, IOS, 
Blackberry, etc., as long as it meets the above criteria.

I did an analysis of all the message threads on ALE for the last 30 days 
or so.  The following are the ones which could be considered to be off 
topic based on the criteria I mentioned.  This list has many off topic 
messages other than mine.  Some of those get the most discussion.  That 
proves two things.  A) People are interested in those topics.  B) 
They're interested in talking about them.

Note to the posters of the following messages.  My intent is not to 
criticize your messages.  It is to simply point out the nature of the 
discussions we have.  If the messages were marked as OT, I don't say 
anything about that.  If not, I label it not marked.

09/10 - home media file server - mentions windows stuff - not marked
09/10 - nsa compromised ... - not marked
09/11 - motorcycle
09/11 - eye glasses - your post Mike, on my OT thread, marked both OT 
and Way OT
09/13 - hyundai autos - my thread - marked both OT and Way OT
09/13 - amp noise
09/14 - nano w32 binary - mentions windows stuff
09/15 - office depot android tablet sale - my thread - arguably not off 
topic
09/16 - ethanol gas
09/16 - need 5" android tablet for obd - my thread - not marked - 
arguably not off topic initially
09/17 - comcast modem
09/18 - is tech world ending - your thread Mike - arguably off topic - 
not marked
09/19 - office overhead - not marked
09/22 - lenovo sale rep - not marked
09/25 - wifi routers - not marked
09/25 - usb ethernet - not marked
09/27 - 5" tablet --> ultragauge - my thread - now marked OT
09/27 - googlian calendar
09/27 - sqarespace - not marked
09/28 - essay made me laugh - not marked
09/30 - fwd robotics programming help needed - my thread
10/02 - tom clancy's death - my thread - marked both OT and Way OT
10/03 - pearl hackers - not marked
10/05 - web hosting - not marked
10/06 - bitcoin atm
10/07 - engineer available for work - my thread
10/09 - openpgp smart cards - not marked
10/10 - video editing software - not marked
10/10 - morals of .net consulting - mentions windows stuff - not marked
10/10 - contradictions in patching - my thread - not marked - arguably 
not off topic since patching relates to every computer user on the planet
10/10 - secure login research - my thread - not marked - arguably not 
off topic since logins relate to every computer user on the planet

So, from this list, you can clearly see three things.  A) This list has 
plenty of OT content, whether I'm contributing or not.  B) most of the 
OT messages are flagged as OT, including those by me.  C) Some people 
who post OT messages, including you and me and others, don't mark the 
message OT some of the time.

I never post anything to the list that I don't think will be interesting 
to the readers.  I generally do flag OT messages as such.

See further comments inline below.

On 10/11/2013 9:29 AM, Michael B. Trausch wrote:
> On 10/10/2013 08:32 PM, Ron Frazier (ALE) wrote:
>> Steve Gibson has just announced some new secure login research he's been doing.  It looks pretty promising and may ultimately be able to substantially replace or augment user names and passwords.  I thought I'd pass it along.  He says it's generating lots of interest, including some from the w3c.  It's open spec and open standard and he's giving it away.  Maybe it will become a standard someday.
>
> Look, we've covered this time and time again.
>
> Steve Gibson is */not/* a security expert.  Stop putting him on a 
> pedestal, and PLEASE stop spreading bad information.  That new 
> "secure" login procedure has AT LEAST one fatal flaw, and I think 
> two.  It is not suitable for use, and in fact straight username and 
> password over TLS is more secure.
>

That's your opinion and you're welcome to it.  However, you don't speak 
for everyone in the group and your opinions are not universal.  I have 
other opinions and I'm just as welcome to them.  The readers here can 
form their own opinions.

Here are some FACTS.

1) I use Gibson's Spinrite product and it has been useful to me.
2) On many occasions, I've found his security related advice to be 
helpful to me.
3) Some people on this list have also stated publicly that they've used 
Spinrite and that it was helpful to them.
4) Some people on this list have directly benefited from security 
related information which I shared which came from Steve Gibson.  Case 
in point, the potential vulnerability that some routers have where they 
can be attacked from the wan side via upnp queries.  At least a couple 
of people used the test routine that I mentioned on Steve's site, found 
their routers were vulnerable, and took action to fix the problem.  They 
also specifically thanked me for posting the information here.

The research project I mentioned is about a week old.  It is entirely 
possible that it has flaws in it at this point, and it's a work in 
progress of collaborative development by hundreds of interested parties.

If you have the knowledge of security and crypto to thoroughly evaluate 
it, which apparently you do, why don't you get on his newsgroup and 
contribute to help make the problem of secure login less of a problem 
for the world, rather than just bash my post?  I don't have the 
necessary knowledge to help in a meaningful way.  You probably do.  
Others here do.  So go help out if you can.

> At this point, I am respectfully asking you to quiet down on the list.
>

I'm not doing anything on this list that many other people don't do.

> The last thread you started was on Windows.
>

WRONG.  The last thread I started was about the nature of patching your 
OS, of any type, to keep it as secure as possible.  It talks about 
Windows, Linux Mint, and Android, and is totally relevant to this list.

> This thread is invoking Gibson (again), despite much rather on-topic 
> discussion to the fact that Gibson isn't a suitable source of security 
> information.  This is at least the third or fourth off-topic post from 
> you this week that I can recall—and quite impolitely without the OT.
>

The topic of secure login is absolutely and totally relevant to anyone 
with a computer.

> Please stop spreading bad information and please stop discussing your 
> trials and tribulations with your Microsoft products at all on this list.

I never intentionally spread bad information.  Some of it, you may 
think, is bad information.  But, usually, I just point to potentially 
useful resources and the readers can make their own decision.

> You can't seem to put "[OT]" in when it needs to be done—so please 
> just stop altogether.
>

I already proved that's not true with my analysis of the OT postings 
here, including mine.  I generally do flag my OT messages as such.

>     Much appreciated,
>
>     Mike
>

Mike, as I said, I never intend to offend you or anyone else.  However, 
I think you seem to have a personal vendetta against me, and perhaps 
Steve Gibson.  I think you've had it ever since I started participating 
on this list, years ago.  I have no idea why, as you don't even know me 
except for what I write here.  I think you're biased and prejudiced 
against me and you complain about things I do specifically which are 
very similar or identical to things that others do.

Regardless of your reasons or motives for singling me out for criticism, 
I'm asking you respectfully to tone that down and treat me 
professionally, just as you would any one else here.  If you want to 
complain about OT posts that are not marked, let's complain about all of 
them.  If you want to complain about OT post whether marked or not, 
let's complain about all of them.  If you want everyone to never discuss 
anything that's not linux specific, which I doubt this group is capable 
of doing, then everyone should do that.

I'm never one to shy away from a debate, and if we want to let the facts 
speak for themselves, I'm all for it.

As to my postings on the list, I will attempt to do the following: post 
messages that I believe to be relevant and interesting and helpful to 
the readers, and mark the ones that are OT as such.  These are things 
I've been doing anyway.

Sincerely,

Ron


-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com
Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20131011/e5286157/attachment.html>

More information about the Ale mailing list