-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Armbrust wrote:
> I think this question needs more real facts than poll results. Why not
> do a 1 month (or less, if a spam problem develops) test run to see if
> allowing yahoo accounts is still a real problem. Then take a poll -
> with real facts backing up the choices of the poll.
In the "old days" yahoo didn't do any account verification. So, it was
simple for bots to sign-up and spam.
Yes, things are better today. Yes, the block is probably not needed. But the
issue at hand is -not- technical, it's political (community?). Block went
in on a vote, block should go out on a vote.
> Arbitrary decisions like this seem rather draconian when people (like
> me) don't know the history or the reasoning behind the decisions that
> were made years ago.
Decision was anything but arbitrary.
First a flame. :-) IF everyone would read postings via linux MUA (probably
win32 tbird now too) this would -not- have been such a big issue. Maybe
even more generic, if people would read email on non-window boxes and
non-outlook MUAs. This issue would not have surfaced.
Here is the history. Step into my retro-machine. Please step keep your hands
and feet inside at all time. Remain seated for the duration of the ride
until it comes to a complete stop.
Spambot forged or compromised someones yahoo account. Sends a post to
tclug-list. The payload of the post was malware. Don't remember which, but
the type that does:
for poor_sap in outlook.addressbook; do
outlook.send($poor_sap)
done
At first most of the old-guard chuckled, "Stupid outlook!", even changed the
name to "Lookout!". At the time trusty elm or this niffty new(!) program
mutt scoffed at this malware.
The chuckled turned into groans quickly. Tclug-list being a "trusted" email
source, phished (term didn't even exist at this time!) people into opening
the email. Pandemic! Now multiple -legit- tclug addresses are posting to
the list (and elsewhere) with malware.
Surprise! Shock! Anger!! Many people at this time (still?) read tclug-list
via outlook (look to the archives for the thread on why people are still
reading tclug via outlook! :-) )
Lots of anger directed at myself, TCLUG, the world about how TCLUG infected
their computer. We have a PR nightmare on our hands. Terrible timing since
Linux is just getting recognized as a legit win32 replacement on the
server. Regardless if the problem is a win32 issue, not a linux issue. The
messenger (really!, mailman/linux) gets shot here.
Have to remember this is pretty new to win32 people at this time and tools
and behaviors of the past made for this malware to spread easily. I
honestly think most people didn't have a virus scanner on their win32 box.
I brought the mailing list down to prevent further infections. Cleaned out
the queues of all malware. Changed clamav and spamassassin (SA) to scan all
messages regardless (was limiting to < 100K, message in question was 102K).
It was all too late, tclug-list is in some spammer database. Clamav prevents
the really malicious stuff, but the "normal" spam is still making it
through SA.
Call for action. Poll. Discussion. Result: block yahoo. Long threads on
alternatives to reading the list, etc, most devolved into outlook bad,
windows bad, this is twin cities LINUX users group.
In the end, like most flamefests, the actually issue was drowned about by
the standard FOSS jihads: distro, MUA, OS, until almost a decade later.
Please exit to the left side of the ride. Check your seating area for any
valuables as you leave. Thank you for riding retro-machine.
There was technical merit, there was community incentive. Are both valid
today? Probably not, but as I stated above. It's not a technical issue.
All making a little more sense now?
- --
Bob Tanner <tanner at real-time.com> | Phone : (952)943-8700
http://www.real-time.com, Minnesota, Linux | Fax : (952)943-8500
Key fingerprint = AB15 0BDF BCDE 4369 5B42 1973 7CF1 A709 2CC1 B288
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEoEZ/fPGnCSzBsogRAl7lAJ4xWaqxs4Jjnx8GhtqHaMpn6XVKqACfa/YJ
LYxfqZ2vA7KcXf1b+iX+IDU=
=awDa
-----END PGP SIGNATURE-----