[Wsuug] (no subject)

Andrew Jaswa ajaswa at gmail.com
Tue Dec 29 22:34:45 EST 2009 

On Tue, Dec 29, 2009 at 11:35 AM, Reese <reese at inkworkswell.com> wrote:

> Are the WSUUG archives public or private?

Check out the link at the bottom of every email that gets sent out
though the list.  It appears to be fairly self evident to me...

> If we are going to have materials like this in our archives, they
> should be private IMO. I do not think we want to garner a reputation
> for being a repository of or gateway to exploit code. Links to such
> things should be visibly broken, the truly curious can reassemble
> those links if they want to investigate - if the archives are public
> and it is desired to keep them public.

I really don't see the issue here. Google does the same thing. Albert
thought that the code was interesting and shared with the group. Just
because the code in question wasn't originally intended for good, what
can you learn from it? For example: Here is a bit of code that could
disable my server. I think I'm going to read the code, setup a test
environment and figure out how to protect myself from this sort of
attack.

I would encourage this sort of sharing as it brings awareness to
issues like this.

Why would breaking links in your emails be good? Adam quickly found a
blog post about the subject and posted it. Is it OK for Adam to post a
link to the blog post (with the bit of offending code that matters)
and is it not OK for Albert to link directly to the offending code? Is
there really a difference?

If you feel strongly about this then by all means when you post links
to potentially malicious code (which could be any code if not tested
correctly) feel free to break up the URL to that it is hard for a user
to click on. And if you feel even more strongly, by all means
encourage others to do the same.

I won't condone this sort of censorship and feel it is entirely pointless.

With that being said I would like to see that conversations are on
topic (mainly web development and the likes) and I would step in if
people started posting links to warez sites (etc..) or directly to
malicious code that got run in a users browser. But alas no all Albert
did was provide a link to a educational resource to assist you in
making an informed decision about who to select as your hosting
provider and to better protect yourself. I don't believe that warrants
taking the list private.

> Andrew, would you attend to verifying the current status of the WSUUG
> archives and take appropriate action if necessary? Or, write me offlist
> for some alternatives.

Per my comments above I do not see the need for any action.

More information about the Wsuug mailing list