Erm, something is definately up tonight. Message is below, for those of you
who didn't want to touch this message.
I can't get to the site listed in the message, so I have no idea what its
trying to deliver exactly.
Anyone care to comment?
Brian Bruns wrote:
Erm, something is definately up tonight. Message is below, for those of you
who didn't want to touch this message.I can't get to the site listed in the message, so I have no idea what its
trying to deliver exactly.Anyone care to comment?
SpamAssassin whacked it good -
X-Virus-Scanned: by amavisd-new at mailgate.pbp.net
X-Spam-Status: Yes, hits=8.0 tagged_above=-999.0 required=5.0 tests=BAYES_01,
FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_TAGS, HTML_MESSAGE, MIME_HTML_ONLY,
NORMAL_HTTP_TO_IP, NO_REAL_NAME, WEIRD_PORT
Ok, so what's the answer to this?
We can sit around all day analyzing these emails. It doesn't matter where
they came from or who compromised which hosts - at this point, that's
immaterial. At some point in the Internet's development, we could have had
the FBI kick down the door of this guy and cart him away, and NANOG is safe
once again. Not anymore - even if this guy is "reachable", there will be
five others tomorrow, and ten others next week. I'm sure this is all over
IRC by now.
These issues, combined with the ever worsening S:N ratio on this list are
destroying it. Some of the folks who have long been mainstays of the NANOG
community don't even read it anymore.
Its time to figure out what to do about this, employing a proactive stance.
The answer is not "start a new mailing list". Names have power, as they say,
and NANOG has the juice. So, a few simple proposals for people to chew
over...
1) Turn on list moderation and recruit a corp of volunteer moderators. The
FAQ volunteers did a good job, BTW. Dave Farber's IP list (not Internet
Protocol, its Interesting People), is a good example of a low volume
moderated list.
2) Convert this list into a blog or discussion forum with some sort of
moderation. Yes, the idea of SlashNog is disturbing, but email is a pretty
weak medium at this point in time, for multipoint communications of an
important nature. We have stuff like RSS that may be better suited.
3) Figure out a better way to "gatekeep" nanog-post, to keep the number of
permitted posters down and to confirm their identities.
4) Shut it down. Will the last engineer on NANOG-L kill the lights?
This forum is not of any use if any significant percentage of the posters
are teenage IRC-lurking hackers or spammers. We need to "do the Darwin" -
change or die.
This isn't a mindless screed (although I do feel much better now :). Those
who are experts in this area should post their ideas about how to
save/reform/transform nanog-l. I'm sure Susan will be very receptive - it
can't be nice to have some bozo's forging your email and sending out virus
infected mail to THOUSANDS of your colleagues.
If folks fear attack or retribution, please forward your comments to me and
I'll anonimyze them before posting.
Thanks!
>
> Erm, something is definately up tonight. Message is below, for those of you
> who didn't want to touch this message.
>
> I can't get to the site listed in the message, so I have no idea what its
> trying to deliver exactly.
>
> Anyone care to comment?Ok, so what's the answer to this?
We can sit around all day analyzing these emails. It doesn't matter where
they came from or who compromised which hosts - at this point, that's
immaterial. At some point in the Internet's development, we could have had
the FBI kick down the door of this guy and cart him away, and NANOG is safe
once again. Not anymore - even if this guy is "reachable", there will be
five others tomorrow, and ten others next week. I'm sure this is all over
IRC by now.These issues, combined with the ever worsening S:N ratio on this list are
destroying it. Some of the folks who have long been mainstays of the NANOG
community don't even read it anymore.Its time to figure out what to do about this, employing a proactive stance.
The answer is not "start a new mailing list". Names have power, as they say,
and NANOG has the juice. So, a few simple proposals for people to chew
over...1) Turn on list moderation and recruit a corp of volunteer moderators. The
FAQ volunteers did a good job, BTW. Dave Farber's IP list (not Internet
Protocol, its Interesting People), is a good example of a low volume
moderated list.
I vote for number 1 and volunteer my self to help moderate this hell hole err
list.
If folks fear attack or retribution, please forward your comments to me and
I'll anonimyze them before posting.Thanks!
--
Daniel Golding
Network and Telecommunications Strategies
Burton Group
Joshua Brady
[...]
Its time to figure out what to do about this, employing a proactive
stance. The answer is not "start a new mailing list". Names have
power, as they say, and NANOG has the juice. So, a few simple
proposals for people to chew over...
[...]
While these are all good ideas, I think we'll be fine if we simply
exercise a little self-restraint, and familiarize ourselves with the
"delete thread" functions of our respective mail clients.
If you want the net.kooks, armchair traceroute engineers, sales
droids, and blackhats posing as legitimate security researchers,
who've came out of the woodwork to go away, don't indulge them with a
response. Ignore them and they'll stop.
My $0.02,
-a
Its time to figure out what to do about this, employing a proactive stance.
The answer is not "start a new mailing list". Names have power, as they say,
and NANOG has the juice. So, a few simple proposals for people to chew
over...1) Turn on list moderation and recruit a corp of volunteer moderators. The
FAQ volunteers did a good job, BTW. Dave Farber's IP list (not Internet
Protocol, its Interesting People), is a good example of a low volume
moderated list.
Direct moderation of every post I don't particularly like - this shuts
free speach which is important and that is seed as bad for moderator may
not be for many others; besides it creates an unfortunate delay and some
subjects posted to the list were of most value when being posted within
that short period of time - like when particular fiber cut occured or
when somebody needs immediate help from such and such network, etc.
One of the options to direct moderation that some lists use is to better
identify subjects by main grouping. Usually by adding [subject group] on
the subject line and if you're not interested in anything [email-related]
for example, you'd ignore such threads from the start and only focus on
[bgp-routing] for example. We could come up with acceptable list of
subjects and much later require every posted to use them when the people
become familiar with how to do this. Moderator can change the grouping if
it has not been chosen appropriately and post to the maillist when the
subject should be closed. Those who regularly do not choose group
correct can be set so that their posts are moderated. Setting subject
would also some effect on viruses that would not be able to provide posts
with correct subject either.
2) Convert this list into a blog or discussion forum with some sort of
moderation. Yes, the idea of SlashNog is disturbing, but email is a pretty
weak medium at this point in time, for multipoint communications of an
important nature. We have stuff like RSS that may be better suited.
Not everybody agrees we are rather used to email and mail lists,
particularly people here I suspect.
3) Figure out a better way to "gatekeep" nanog-post, to keep the number of
permitted posters down and to confirm their identities.This forum is not of any use if any significant percentage of the posters
are teenage IRC-lurking hackers or spammers. We need to "do the Darwin" -
change or die.
Regarding those posting anonymously trying to go after others, this is
problem with email in general that we either have to allow newcomer to
communicate with you (presumed trust) which opens it up for abuse we all
now hate or we can moderate ourselve to just few trusted persons and
verify everybody new (which approach is also now hated by some for being
very intrusive on especially when mail lists get involved).
I'm not certain how we can deal with it properly in general, but PGP
seems to answer this in that person's identity must be verified by
others. Possibly this can be adapted either directly (require digital
signature) or indirectly that new poster must be confirmed by two
existing mail list members to be able to post.
Or possibly simpler approach is that first-time posters are by default
moderated and then after say 4 or 5 posts, it is automaticly removed.
P.S. I'm not sure the situation with NANOG-l is that bad. Any high-traffic
list has its own noise problems in general and I think it has not been
that high here that you could not easily just ignore the thread when it
turns into noisem, nor is amount of spam (non-existant) or viruses (none
up until recently). I've seen it a lot worth ...