Re: Symantec Change Posting Criteria (was Re: Administrivia)

[Nick FitzGerald <nick () virus-l demon co uk>]

Etaoin Shrdlu <shrdlu () deaddrop org> wrote:

> Note that I've removed the CC list from hell. I am certainly not interested
> in Al Huger's response, having had mixed dealings with him in past.  ...

My guess is the millions he expects from selling some of his presumably 
rather large wadge of Symantec shares in a couple of years are clouding 
his judgement (not that it was ever particularly good in my opinion 
anyway...).

<<snip>>
> cepacolmax () hushmail com wrote:
>
> > By the way, my response post to pen-test (quoted below), merely defining
> > the reasons for which I choose not to post from my corporate email, was
> > also denied.
>
> I read, and agreed with your very civilized response (which I've clipped,
> for the sake of brevity). This is (IMNSHO) a thin attempt at preventing
> commentary on a product that obviously needs commenting upon. I've posted
> on all the SF lists at one time or another, and if anyone truly believes
> that Etaoin Shrdlu is my given name, well... Not to mention the fact that
> Miss Elydyr deserves courtesy and respect, whether or not her given name is
> Gwendolynn. She's been posting with that name, consistently, for long
> enough, that it's recognized, and respected, and the idea that suddenly odd
> looking names are unacceptable is tripe.
>
> > Note that this post infringes neither on the original list charter, nor
> > on the moderator's ammendments as stated.
>
> No, of course it doesn't infringe, but then, you appear to still be
> searching for reason, and I tell you that it is a doomed search.  ...

Indeed.

SF list moderators have consistently not accepted (but not actively 
rejected either -- they all come back after the list server software 
notices they've hit the moderation acceptance timeout) my messages to 
their lists for approximately the last three months.  In that time I 
have posted on the same general topics and in the same general style 
(or perhaps somewhat "constrained" on average) and (at least until the 
last couple of weeks) at about the same list traffic-relative 
frequency, as I had previously, when about 50-70% of my posts were 
apparently acceptable.  More disturbing is that several of the threads 
I've posted responses to have had other messages, apparently scribbled 
out by intellectually challenged baboons, accepted and posted, offering 
the most outrageous and clearly wrong "advice".  (Actually, in the time 
I've been actively censored thus, the incidents list moderator "slipped 
up" and posted one of my responses -- I wonder if he was censured by 
the powers that be at SF for that lapse?)

As for "searching for reason" on SF lists: I agree with "Etaoin" -- 
forget it as a lost cause.

And think about the bigger picture folks...  Can Symantec -- tight in 
bed with MS and others on the OIS, and dependent on MS cooperating with 
it (and even more so now that MS owns an AV product and thus may 
"threaten" to enter the market sector that made Symantec what it is...) 
-- afford keep running any of the SF lists as they historically ran?  
If so, for how much longer?

Oh, and on the "searching for reason" issue -- in my experience, and 
with the singular exception of Elias, the folk that the moderate the SF 
lists are not gonadally developed enough to contemplate, let alone 
accept, discussion of the quality of their moderation on the list and 
mainly are not even mature and confident enough in their choices to 
reply privately to questions about the same.

> ... And now to
> address that danged troublemaker, GfE, herself.

8-)

<<snip>>
> > > On Mon, 7 Jul 2003, Alfred Huger wrote:
>
> Crap, so I deleted most of it.

Are we surprised?

> > > > 1.   If you want to post about a product  positive or negative you
> > > > cannot do so from a Huhsmail or other such account.
> > > >
> > > > 2.   If you plan to post use your real name or do not post.
> > > >
> > > > 3.   Be polite  period.
> > > >
> > > > 4.   Do not use this as a forum to take shots at your competitor
> > > > or I will see you and your company banned from every list we have here
> > > > (except Bugtraq).
>
> Boy, this is where I really start to get annoyed. If they're anonymous, how
> can he know who ought to be banned?  ...

Well, he seems to believe that making them not post through Hushmail 
will make their real identities transparent.  I guess he believes in 
the tooth fairy too...

> ...  Will he ban a certain well-known virus
> company, if they misbehave? Sounds like a potential law suit in the making.

Well, very few AV folk post in SF lists anyway, because for most of 
their history the SF lists seem to have had an unannounced "deny posts 
from anyone from an AV company" policy.  The attitude has seemed to be 
"sure they can join the lists" and read the often chronically inane BS 
that commonly passes as "security expert" opinion on AV technical 
matters, "but they'd better not try to post any responses".

As a result, all manner of virus-related stupidity has gone largely 
unchallenged in SF lists because those who have some of the best 
possible input to make have continually had their responses bounced 
back after the list time-outs (as I am now "suffering").  And, I am not 
so naive as to imagine that there are not other "avoid" lists or 
categories or, that there may not be "friendlies" lists too.

All very cunning were your plan to build up a certain perception to 
develop a particular market orientation to boost the value of your 
shareholding...

> But wait, here comes my favorite line from GfE:
>
> > > This isn't full-disclosure, the last time I checked. To the best
> > > of
> > > my knowledge, pen-test is a moderated list. Surely the moderator
> > > is
> > > capable of noting the difference between "Your product sukz0rs"
> > > and
> > > "The product proved unable to stand up to traffic above 100Mhz"
> > > - and
> > > of passing the appropriate posting through, whether it has "John
> > > Doe"
> > > or "thunderfallingdown" attached to it as a moniker.
>
> Yah know? Doesn't this seem to just get right to it? Hey, Al, what's up
> with this, are you on the verge of losing your job?  ...

I doubt it -- last I heard, the lunatics were taking over the Symantec 
asylum.  If true, it sounds like Al should fit right in...

> ...  Have we all become
> targets? Oh, and I'm getting reealll tired of the following message:
>
> This is the Postfix program at host outgoing2.securityfocus.com.
>
> I'm sorry to have to inform you that the message returned
> below could not be delivered to one or more destinations.
>
> For further assistance, please send mail to <postmaster>
>
> If you do so, please include this problem report. You can
> delete your own text from the message returned below.
>
>                         The Postfix program
>
> <moby () xitac com>: mail for xitac.com loops back to myself
>
> I've received close to a hundred of those from outgoing2.securityfocus.com,
> and I'm sure it's not finished. Bleagh.

At least you don't seem to be getting a stream of these:

Hi! This is the ezmlm program. I'm managing the
incidents () securityfocus com mailing list.

I'm working for my owner, who can be reached
at incidents-owner () securityfocus com.

I'm sorry, the list moderators for the incidents list
have failed to act on your post. Thus, I'm returning it to you.
If you feel that this is in error, please repost the message
or contact a list moderator directly.

--- Enclosed, please find the message you sent.

[...]





Yet...  8-)


(Oh, and yes, as always, this is posted over my real name and that is 
my real phone number...)



-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html