<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Mike T,<br>
<br>
I'm sorry if I've offended you ... yet again. That is never
intentional.<br>
<br>
There are a number of erroneous conclusions in your message that I wish
to address.<br>
<br>
Let's talk about the "off topicness" of this list.<br>
<br>
People may disagree about this, but, suppose, just for the sake of
discussion, that "on topic" is a message which mentions some form of
Linuxish OS, including Android, Unix, etc. Also, the message could be
considered on topic if it's obviously relevant to those topics.<br>
<br>
The message is not excluded if it mentions Windows, Mac, IOS,
Blackberry, etc., as long as it meets the above criteria.<br>
<br>
I did an analysis of all the message threads on ALE for the last 30
days or so. The following are the ones which could be considered to be
off topic based on the criteria I mentioned. This list has many off
topic messages other than mine. Some of those get the most
discussion. That proves two things. A) People are interested in those
topics. B) They're interested in talking about them.<br>
<br>
Note to the posters of the following messages. My intent is not to
criticize your messages. It is to simply point out the nature of the
discussions we have. If the messages were marked as OT, I don't say
anything about that. If not, I label it not marked.<br>
<br>
09/10 - home media file server - mentions windows stuff - not marked<br>
09/10 - nsa compromised ... - not marked<br>
09/11 - motorcycle<br>
09/11 - eye glasses - your post Mike, on my OT thread, marked both OT
and Way OT<br>
09/13 - hyundai autos - my thread - marked both OT and Way OT<br>
09/13 - amp noise<br>
09/14 - nano w32 binary - mentions windows stuff<br>
09/15 - office depot android tablet sale - my thread - arguably not off
topic<br>
09/16 - ethanol gas<br>
09/16 - need 5" android tablet for obd - my thread - not marked -
arguably not off topic initially<br>
09/17 - comcast modem<br>
09/18 - is tech world ending - your thread Mike - arguably off topic -
not marked<br>
09/19 - office overhead - not marked<br>
09/22 - lenovo sale rep - not marked<br>
09/25 - wifi routers - not marked<br>
09/25 - usb ethernet - not marked<br>
09/27 - 5" tablet --> ultragauge - my thread - now marked OT<br>
09/27 - googlian calendar<br>
09/27 - sqarespace - not marked<br>
09/28 - essay made me laugh - not marked<br>
09/30 - fwd robotics programming help needed - my thread<br>
10/02 - tom clancy's death - my thread - marked both OT and Way OT<br>
10/03 - pearl hackers - not marked<br>
10/05 - web hosting - not marked<br>
10/06 - bitcoin atm<br>
10/07 - engineer available for work - my thread<br>
10/09 - openpgp smart cards - not marked<br>
10/10 - video editing software - not marked<br>
10/10 - morals of .net consulting - mentions windows stuff - not marked<br>
10/10 - contradictions in patching - my thread - not marked - arguably
not off topic since patching relates to every computer user on the
planet<br>
10/10 - secure login research - my thread - not marked - arguably not
off topic since logins relate to every computer user on the planet<br>
<br>
So, from this list, you can clearly see three things. A) This list has
plenty of OT content, whether I'm contributing or not. B) most of the
OT messages are flagged as OT, including those by me. C) Some people
who post OT messages, including you and me and others, don't mark the
message OT some of the time.<br>
<br>
I never post anything to the list that I don't think will be
interesting to the readers. I generally do flag OT messages as such.<br>
<br>
See further comments inline below.<br>
<br>
On 10/11/2013 9:29 AM, Michael B. Trausch wrote:
<blockquote cite="mid:5257FD29.7020006@naunetcorp.com" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<div class="moz-cite-prefix">On 10/10/2013 08:32 PM, Ron Frazier
(ALE) wrote:<br>
</div>
<blockquote
cite="mid:e9e376df-85a8-4959-bb61-5a829c7fa55c@email.android.com"
type="cite">
<pre wrap="">Steve Gibson has just announced some new secure login research he's been doing. It looks pretty promising and may ultimately be able to substantially replace or augment user names and passwords. I thought I'd pass it along. He says it's generating lots of interest, including some from the w3c. It's open spec and open standard and he's giving it away. Maybe it will become a standard someday.</pre>
</blockquote>
<br>
Look, we've covered this time and time again.<br>
<br>
Steve Gibson is <b><i>not</i></b> a security expert. Stop putting him
on a pedestal, and PLEASE stop spreading bad information. That new
"secure" login procedure has AT LEAST one fatal flaw, and I think two.
It is not suitable for use, and in fact straight username and password
over TLS is more secure.<br>
<br>
</blockquote>
<br>
That's your opinion and you're welcome to it. However, you don't speak
for everyone in the group and your opinions are not universal. I have
other opinions and I'm just as welcome to them. The readers here can
form their own opinions.<br>
<br>
Here are some FACTS.<br>
<br>
1) I use Gibson's Spinrite product and it has been useful to me.<br>
2) On many occasions, I've found his security related advice to be
helpful to me.<br>
3) Some people on this list have also stated publicly that they've used
Spinrite and that it was helpful to them.<br>
4) Some people on this list have directly benefited from security
related information which I shared which came from Steve Gibson. Case
in point, the potential vulnerability that some routers have where they
can be attacked from the wan side via upnp queries. At least a couple
of people used the test routine that I mentioned on Steve's site, found
their routers were vulnerable, and took action to fix the problem.
They also specifically thanked me for posting the information here.<br>
<br>
The research project I mentioned is about a week old. It is entirely
possible that it has flaws in it at this point, and it's a work in
progress of collaborative development by hundreds of interested parties.<br>
<br>
If you have the knowledge of security and crypto to thoroughly evaluate
it, which apparently you do, why don't you get on his newsgroup and
contribute to help make the problem of secure login less of a problem
for the world, rather than just bash my post? I don't have the
necessary knowledge to help in a meaningful way. You probably do.
Others here do. So go help out if you can.<br>
<br>
<blockquote cite="mid:5257FD29.7020006@naunetcorp.com" type="cite"> At
this point, I am respectfully asking you to quiet down on the list.<br>
<br>
</blockquote>
<br>
I'm not doing anything on this list that many other people don't do.<br>
<br>
<blockquote cite="mid:5257FD29.7020006@naunetcorp.com" type="cite"> The
last thread you started was on Windows.<br>
<br>
</blockquote>
<br>
WRONG. The last thread I started was about the nature of patching your
OS, of any type, to keep it as secure as possible. It talks about
Windows, Linux Mint, and Android, and is totally relevant to this list.<br>
<br>
<blockquote cite="mid:5257FD29.7020006@naunetcorp.com" type="cite">
This thread is invoking Gibson (again), despite much rather on-topic
discussion to the fact that Gibson isn't a suitable source of security
information. This is at least the third or fourth off-topic post from
you this week that I can recall—and quite impolitely without the OT.<br>
<br>
</blockquote>
<br>
The topic of secure login is absolutely and totally relevant to anyone
with a computer.<br>
<br>
<blockquote cite="mid:5257FD29.7020006@naunetcorp.com" type="cite">
Please stop spreading bad information and please stop discussing your
trials and tribulations with your Microsoft products at all on this
list.</blockquote>
<br>
I never intentionally spread bad information. Some of it, you may
think, is bad information. But, usually, I just point to potentially
useful resources and the readers can make their own decision.<br>
<br>
<blockquote cite="mid:5257FD29.7020006@naunetcorp.com" type="cite"> You
can't seem to put "[OT]" in when it needs to be done—so please just
stop altogether.<br>
<br>
</blockquote>
<br>
I already proved that's not true with my analysis of the OT postings
here, including mine. I generally do flag my OT messages as such.<br>
<br>
<blockquote cite="mid:5257FD29.7020006@naunetcorp.com" type="cite">
Much appreciated,<br>
<br>
Mike<br>
<br>
</blockquote>
<br>
Mike, as I said, I never intend to offend you or anyone else. However,
I think you seem to have a personal vendetta against me, and perhaps
Steve Gibson. I think you've had it ever since I started participating
on this list, years ago. I have no idea why, as you don't even know me
except for what I write here. I think you're biased and prejudiced
against me and you complain about things I do specifically which are
very similar or identical to things that others do.<br>
<br>
Regardless of your reasons or motives for singling me out for
criticism, I'm asking you respectfully to tone that down and treat me
professionally, just as you would any one else here. If you want to
complain about OT posts that are not marked, let's complain about all
of them. If you want to complain about OT post whether marked or not,
let's complain about all of them. If you want everyone to never
discuss anything that's not linux specific, which I doubt this group is
capable of doing, then everyone should do that.<br>
<br>
I'm never one to shy away from a debate, and if we want to let the
facts speak for themselves, I'm all for it.<br>
<br>
As to my postings on the list, I will attempt to do the following: post
messages that I believe to be relevant and interesting and helpful to
the readers, and mark the ones that are OT as such. These are things
I've been doing anyway.<br>
<br>
Sincerely,<br>
<br>
Ron<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new email messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT techstarship.com
Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU
</pre>
</body>
</html>