[Wsuug] (no subject)

[Ryan Brunsvold]

Well said, Andrew.

I don't think we run the risk of garnering a negative reputation for
providing informative links. Even If a member had posted the actual code
with a "use this to hack XYZ" message, the integrity of the group would only
suffer if we failed to take administrative action against that specific
member.

Members should be encouraged to post educational links to issues that could
potentially affect everyone in the group or the
Accessibility/Usability/Security community at large. As for the posting of
"visibly broken" links, I'm confused as to the relevancy of that approach.
It seems a bit arcane and could potentially have the undesirable affect of
forcing participants to provide obtuse, non-specific information about
specific topics or worse, not participate in discussions at all.

All we can do with this list is educate and organize. The responsible
application of code or advice falls to the individual developer.

On Tue, Dec 29, 2009 at 10:34 PM, Andrew Jaswa <ajaswa at gmail.com> wrote:

> On Tue, Dec 29, 2009 at 11:35 AM, Reese <reese at inkworkswell.com> wrote:
>
> > Are the WSUUG archives public or private?
>
> Check out the link at the bottom of every email that gets sent out
> though the list.  It appears to be fairly self evident to me...
>
> > If we are going to have materials like this in our archives, they
> > should be private IMO. I do not think we want to garner a reputation
> > for being a repository of or gateway to exploit code. Links to such
> > things should be visibly broken, the truly curious can reassemble
> > those links if they want to investigate - if the archives are public
> > and it is desired to keep them public.
>
> I really don't see the issue here. Google does the same thing. Albert
> thought that the code was interesting and shared with the group. Just
> because the code in question wasn't originally intended for good, what
> can you learn from it? For example: Here is a bit of code that could
> disable my server. I think I'm going to read the code, setup a test
> environment and figure out how to protect myself from this sort of
> attack.
>
> I would encourage this sort of sharing as it brings awareness to
> issues like this.
>
> Why would breaking links in your emails be good? Adam quickly found a
> blog post about the subject and posted it. Is it OK for Adam to post a
> link to the blog post (with the bit of offending code that matters)
> and is it not OK for Albert to link directly to the offending code? Is
> there really a difference?
>
> If you feel strongly about this then by all means when you post links
> to potentially malicious code (which could be any code if not tested
> correctly) feel free to break up the URL to that it is hard for a user
> to click on. And if you feel even more strongly, by all means
> encourage others to do the same.
>
> I won't condone this sort of censorship and feel it is entirely pointless.
>
> With that being said I would like to see that conversations are on
> topic (mainly web development and the likes) and I would step in if
> people started posting links to warez sites (etc..) or directly to
> malicious code that got run in a users browser. But alas no all Albert
> did was provide a link to a educational resource to assist you in
> making an informed decision about who to select as your hosting
> provider and to better protect yourself. I don't believe that warrants
> taking the list private.
>
> > Andrew, would you attend to verifying the current status of the WSUUG
> > archives and take appropriate action if necessary? Or, write me offlist
> > for some alternatives.
>
> Per my comments above I do not see the need for any action.
> _______________________________________________
> Wsuug mailing list
> Wsuug at list.wsuug.org
> http://www.thelinuxlink.net/mailman/listinfo/wsuug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.thelinuxlink.net/pipermail/wsuug/attachments/20091229/94e4daa0/attachment-0001.html>