:: Re: [DNG] Way forward
Top Page
Delete this message
Reply to this message
Author: Rick Moen
To: dng
Subject: Re: [DNG] Way forward
Quoting Edward Bartolo via Dng (dng@???):

> Although, I was not present in the conferences, I can imagine what was
> the problem. That prank was completely misplaced: as someone replied,
> one does not joke with security.

Ordinarily, I am in agreement with this view, but _details matter_. So,
no, IMO this is a wrong-headed argument when viewed in context, and in
my view is harmful to the project. You're of course absolutely entitled
to your opinion (just as I'm entitled to my opinion that your opinion is
ill-conceived and actively harmful).

Here is how I phrased the matter, quite a few days ago, on the #devuan
IRC channel:

19:46 < redrick> And, for the record, I really liked the prank, too.
19:47 < redrick> Eh, wrong window.
20:00 < watchcat> heh
21:23 < redrick> watchcat:  It was a comment directly to KatolaZ, actually.
                 Although my view has shades of grey, to be honest.  I've long
                 worried about a major open source project being taken down by
                 security exploit on or just before April 1, as that would be
                 one of the times sysadmin response would be impaired, along
                 with New Year's Eve, etc.
21:24 < redrick> This isn't even the first open source project claiming such a
                 security breach.  I've always responded with good security
                 advice in case it's real but on a fake-seeming occasion.[1]
21:25 < redrick> Although in this case, the notion of intruders converting the
                 compromised site to gopher was an adequate tip-off to anyone
                 who stopped to think.  Not a credible real-world outcome,
                 ergo, nicely done on balance.
21:27 < redrick> So, on the one hand, I have sympathy to those who say it's
                 uncool to do a prank about security breaches.  OTOH, a total
                 site conversion to gopher on 70/tcp?  Really?
21:28 < furrywolf> if something is worth doing...  :P
21:29 < redrick> It really almost qualifies as a moby hack.  Huge points for
                 style, in my view.
21:40 < redrick> IMO, the perfect April Fools prank is one that's presented in
                 a completely, consistently deadpan fashion, but if you stop to
                 think is ludicrous.  BBC set the benchmark for that in 1957,
                 in its report about the traditional spaghetti harvest in
                 Switzerland.  https://www.youtube.com/watch?v=tVo_wkxH9dU
                 Callers to Auntie Beeb who asked for advice about how to grow
                 their own spaghetti trees were told 'Place a sprig of
                 spaghetti in a tin of tomato sauce and hope for the best'.
                 That's the way to do it!  And I see KatolaZ's prank as part of
                 that worthy tradition.
21:43 < redrick> That clip is IMO worth the time of anyone who hasn't yet seen
                 it.  62 years, and still hilarious.
21:51 < furrywolf> I've seen it.  :)

[1] On a quick search, I couldn't find an example of one of my private
notes to project leaders claiming a major security breach just before
or on April 1st, but here's an example involving a claimed major
legal attack on open source institutions, that turned out to be a
coordinated April Fools prank -- which poses a similar problem:

Date: Thu, 1 Apr 1999 01:35:46 -0800
From: Rick Moen <rick@???>
To: editor@???
Subject: Clarification requested
X-Mailer: Mutt 0.95.4i
X-CABAL: There is no CABAL.
X-CABAL-URL: There is no http://linuxmafia.com/cabal/
X-Eric-Conspiracy: There is no conspiracy.
X-Eric-regex-matching: There are no stealth members of the conspiracy.

Hello there!

I'm an activist in the San Francisco Bay Area Linux community,
and noticed that Arcterex (ufies.userfriendly.org), Illiad and his
attorney Michael Scott DeWitt (www.userfriendly.org), Scott James
Remnant (segfault.org). and Mike Popovic (www.bedope.com) all
have almost identical notices on your Web sites.

Assuming this is real, you all have my sympathy. But there's an
unfortunate coicidence(?): It's April 1st.

None of those four Web hosts says, so far, "Yes, we know it's April
Fools Day, but we're serious. We're under real, serious legal attack."
If you four are _not_ pulling off an April Fools prank in questionable
taste, then it'd be (in my view) an excellent idea to specifically
disclaim that intent. Immediately.

I don't mean to add to your woes, if such they be.

Cheers,              "By reading this sentence, you agree to be bound by the
Rick Moen             terms of the Internet Protocol, version 4, or, at your
rick (at) linuxmafia.com   option, any later version."  -- Seth David Schoen