[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Feeding Stray Cats

Actually, I subscribe to the Full Diclosure list not because I think it will be 
full of relevant, accurate posts but because any guy has as much of a say as, 
let's say, RedHat's Security Department (ugh, RedHat). Now yes, I know there 
are many stupid posters, myself one of them :) but I can "ban" them by 
filtering the stupid ones out. Ironically, its the stupid people who post the 
most, usually.

Now, there is a moderated and an unmoderated list already. The moderated one is 
BugTRAQ, the unmoderated one is Full Disclosure. I have no qualms with BT other 
than its slow speed, but this is a problem on any moderated list.

Just a thought.

-- Justin
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com 
[mailto:full-disclosure-admin@[Justin Shin]      lists.netsys.com]On Behalf Of 
Josh
Sent: Monday, November 10, 2003 3:46 PM
To: Schmehl, Paul L
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Feeding Stray Cats


Paul,
How does one filter for stupidity?  We could use the Flesch-Kincaid algorithm 
(http://www.measurementexperts.org/term_pop.asp?ID=112), however that would 
make people who speak using words like "misunderestimated" float to the top.  

IDEAS:

The message I sent originally was laden with a bit of animosity as I have seen 
both public and private lists destroyed by similar patterns.  My intention was 
to encourage members to listen before speaking.

Here is the rubric that I would use if we could pull it off:
Post Rating 1-10
1 = OFF TOPIC
5 = Barely on Topic
10 = Spot on

We could develop a simple page to grade posts and posters, and if enough people 
contributed, we could then develop mean average scoring which would allow us to 
develop our own individual procmail filters.  This would allow each person to 
self moderate.  Slashdot is a similar example, however this would simply be an 
off list collection of data which could be used in whatever means each user 
would like.

 Better would be to increase the SNR (my apologies to those who noticed in my 
earlier post, I was busy being frustrated) by privately sending messages to 
posters who just don't get it to explain to them their errors, thus avoiding 
public humiliation/flame war.  I think that a bit of elitism/self policing 
would be in order.  While the charter is nice being as loose as it is,  it may 
be time to spell out in the charter certain tabu's. We could possibly develop a 
list ettiquette document which could be sent to those who are offenders to 
spell out the do's and do-not's of the list just a bit more clearly than the 
charter.  By creating a separate document, we can avoid screwing up the charter.

Another possibility is for new members to have a "waiting period" of a month or 
3 where their posts will be moderated (this would solve the issue of pressing 
exploits).

All of those who are responding with the, "learn to use filters" or "deal with 
it" replys are going to contribute to the downfall of the list.  There are many 
lists which have gone this way.

My $.02

-Josh
full-disclosure@nicepeople.org


Schmehl, Paul L wrote:

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com 
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of 
Kenneth Ekdahl
Sent: Monday, November 10, 2003 4:38 AM
To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Feeding Stray Cats

One way to solve this could be to split this list into two; 
one moderated and one un-moderated. All mail gets sent to the 
un-moderated list, to avoid the suspicions of censorship that 
makes this list different from bugtraq, and those mail that 
pass moderation, or is sent from someone who is known from 
previous posts to be serious, will also be sent to the moderated list.

    
One of the wonderous things about computing is the distributed nature of
it.  By spreading the work across many hands, the job is easy to do.
Yet, what you are suggesting is that Len et. al. do all the work, while
the people who get bugged by certain posts do none.

A much better suggestion would be, "Learn how to use filters".  The
people subscribed to this list are *assumed* to have at least a
tangential interest in security.  Given that, one would *think* that
they have at least enough capability to set up a simple mail filter
(pick your poison, your choice of OS) that would eliminate the noise and
still give them what they want.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html