Slashdot Mirror
Aleph1 Passes The Bugtraq Baton
Rogue_F writes: "The long running security mailing list
Bugtraq
is getting a new moderator. Elias Levy (the real name of the familiar Aleph1) has decided to move on to other things.
For nearly six years he has been moderating bugtraq with a high degree of success. No one doubts the usefulness of bugtraq, but many people probably dont appreciate what a 'clean' list it is. No spam, no flames, no relgious security wars, instead you get good wholesome security information.
Aleph1 details in this
message that he is moving on to other security projects and that David Ahmad is taking over moderation duties.
Bugtraq continues to churn out quality security information on a daily basis, and it looks like it will continue to do so for quite some time to come." List moderators and maintainers seem universally denied their due credit -- people like Zack Brown (of Kernel Traffic fame) end up getting noticed only when --infrequently -- they go on vacation.
It sounds good to see Bugtraq getting a good, unbiased moderator.
<wik>/bin/finger that girl in the back row of machines.
Bugtraq is probably one of the most-read sites to hackers and the like on the internet today. Information should be free, even if people use it for malicious purposes. Someday people will forget malice, and have no reason to use the information. Lets hope this new moderater thinks the same way.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
It isn't the scribes that get remembered, but the people who actually create the bugs.
Honestly though, Kernel Traffic has been one of my favorite sites. The concept itself is quite innovative. It is indeed a tough job making sense out of the mad mad world of the LKML, and what's more? filter out the trash, the hate and give people the lowdown on kernel development.
Zack, I doff my hat to you...
for the long and short of the kernel
and for the cousins too.
It's reassuring to note that the new moderater has been standing in for sometime. Moderating BugTraq must be difficult at times, but it's been really nice to see such an important list run so well.
It's good to see that someone is getting credit where it is due, especially since he has such a low profile job. Important, but low profile.
This guy is brilliant. Hopefully the new moderators will be able to live up to Elis Levy's wisdom.
Tired of free ipod spam sigs? Opt ou
Because I'm thinking that 'aleph2' has a nice ring to it... :)
The 'usual discussions' were sometimes let through, but Elias never let them go on too long. The spam was almost non-existant. And anytime I had a problem with recieving items from the mailing lists, he was always quick to fix them.
Aleph1's contribution to the security community has been sizable, and he shall be remembered. Even if only for future "gR33+5 +0 4l3ph1!!" in exploit code to come.
Thank you for contributing your time and energy herding 50,000 cats at the same time. Some of us appreciate it a great deal.
(Not to downplay david's already noticable contribution of course. `8r) )
Gonzo Granzeau
"Nothing the god of biomechanics wouldn't let you into heaven for.." -Roy Batty
I for one owe Mr. Levy a tremendous debt of gratitude for his service at BugTraq. It has provided me, my students, and my professional colleagues a tremendous resource for research (via the archives) as well as virtually real-time vulnerability notification. Together with NTBugTraq, it provides a tremendous resource for the white hat community, without the fluff, spam, flames and noise of unmoderated lists and newsgroups.
The hard moditorial work done by Mr. Levy is what makes BugTraq the useful tool that it is.
While I have no doubt that Mr. Ahmad will serve the community in an excellent fashion, Mr. Levy will be a really hard act to follow, and I for one will miss his unseen hand.
Remove the caps and hold to a mirror.
While Kernel Traffic is very good for what it is (a summary of more or less everything on the kernel mailing list in a given week), for my purposes the LWN kernel page is even better. They summarize a few issues in enough detail to actually understand what is going on, and then give some links to other stuff that happened. Anyway, with respect to the LWN kernel page, or Kernel Traffic, or other such efforts: Would greater public recognition make it easier to keep resources like this going? Would it help if there were a better way of dividing it up into multiple volunteers (not that I can think of how to do it as easily as for code or the Open Directory Project)? Activities like these are indeed a pretty useful part of open source development/use.
I don't think the 'anti-openbsd' stance was one that aleph1 maintained, but more one of the community as a whole, only because the sheer amount of activity on other OS's.
and yes, if you attempt to prove that there is an unhackable OS, sorry you're going to get slashed up and down. `8r)
Gonzo Granzeau
"Nothing the god of biomechanics wouldn't let you into heaven for.." -Roy Batty
OpenBSD has good out-of-the-box security, but a clueful admin can make a linux/freebsd/netbsd box just as secure. And an incompetent admin can make an openbsd box insecure *very* fast. The motto with OpenBSD is good code auditing and fixing (Linux distros have this as well now, Debian's Security team does a great job), and a locked up default install. Most linux distros skew on this last part and need some security adjustments to make them more secure.
Either way I don't consider my locked up debian box to be less secure than an equivalent OpenBSD box, considering the linux kernel is secure and the programs running on top are the same.
Pedro Côrte-Real.
1) OpenBSD hasn't been remotely hacked. There have been local exploits (hence "Four years without a remote hole in the default install!"
and not "Four years without a hole in the default install!").
2) Theo deserves a little smacking when he missteps. Thats not to say he hasn't done a great job and I think he and the openbsd team have done a wonderufl job and I enjoy using obsd. However when one has the attitude that Theo has I can't help but think he deserves a little smack when something is wrong (as does anyone who thinks their shit don't stink).
--"Karma is justice without the satisfaction"
You know, the popular Marathon game produced by Bungie.net? THE MAKERS OF Myth2:SoulBlighter for Linux?
You mean the same bungie.net that was bought and crushed by Microsoft to stifle competing Linux software? Yes. that Bungie.net.
But I'm sure you already Gnu that.
Interview with Elias Levy (Alpeh1)
Bugtraq is probably the best security mailing list around. However while the quasi-founder (technically Aleph1 didn't start Bugtraq as I was surprised to find out) is quite prominent online I wasn't able to find any detailed information about him or Bugtraq (except for one old interview). So here for you to enjoy is an interview with Aleph1.
Kurt: Where does the name Aleph1 come from?
Elias: Its comes from transfinite mathematics. There exists many "infinite" numbers or sets. The first infinite number is small omega or alef null. It is also called countable infinity. Many infinite sets can be mapped one-to-one with each other. For example, the set of all natural numbers can be mapped one-to-one with the set of odd natural numbers. Yet one is a subset of the other. Both these sets are said to have a cardinality of alef null. Alef One is the first cardinal number after alef null (i.e. the first set that cannot be mapped one-to-one to a set of cardinality alef null).
Click here (http://www.seifried.org/security/articles/2001101 5-elias-levy-interview.html) for more.
The very function of a moderator is bias. A moderator must make value judgments about what should be on the list and what should not be.
What I think you mean by 'unbiased' is 'without biases I don't like'.
Alfred Huger is leaving the security focus incidents list. Kind odd that they all quit at once.
when the Levy breaks?
At last they changed those incredibly bad frames.
I always used to have to turn javascript off and reload the frame by itself to read anything on their website.
First I'd like to state that Aleph1 did a terrific job, and also the community should thank Security Focus, and Alfred Huger for their support of BT over the last couple years. Without their support it's hard to know where BT would be today.
Secondly I think it would be interesting if Slashdot could do an interview with Scott Chasin, aka Doc Holiday, the original founder of BugTraq. There are some of us who still remember when BT started and are interested in reliving the motivations behind it's inception.
Lastly, I'd like to say that certain comments made at Blackhat this year were quite inappropriate, (regarding BugTraq). It's unfortunate what damage (unnamed) small-minded members of the community can have -- for a service that has been free, useful, and especially today, increasingly important.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Well, if that's his real name, it sounds to me like the name of the famous occultist Éliphas Lévi, (1810-1875), or Alphonse-Louis Constant, who was well known for his works on occultism, notably on the Tarot, and association with Freemasonry and Rosicrucian thought. "Aleph One" is a particularly apt handle for someone with that name, as Éliphas Lévi used the Hebrew letter "Aleph" to denote the first Tarot card, the Magician, in his Cabalistic studies of the cards. I dunno, perhaps his name was just a coincidence, and he got the Aleph One handle from there.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Having run about 18+ mailing lists (all at the same time), I know just how much work it is. (One of those lists was very heavy traffic.)
Not only do you have to deal with keeping things on traq, but you have to deal with all the other problems that people never see.
* Bounced mail when people drop their e-mail accounts. (And it is even more fun when it turns out to be forwarded from some other account.)
* Dealing with clueless users who accuse your domain of being a spam service when some piece of spam gets past your filters. (And informs your ISP and his ISP and you get to spend a few days digging out the mess.)
* People who are too clueless to figure out how to unsubscribe.
* Admins who are too clueless to figure out how to unsubscribe a user, but are clued enough to find your home phone number and call you demanding that you unsubscribe them.
* People who were subscribed by someone else and have no clue what a mailing list even is...
* Running Linux out of file handles. (It was an old kernel.)
* Dealing with all the complaints when the system melts, the system gets moved, things get weird with the system clock and/or plain demonic possession.
And all sorts of other things that ate at my insides.
And you get little or no thanks for any of it.
"Trademarks are the heraldry of the new feudalism."
You mean like this message to bugtraq where he clearly gives credit to every single person, including some guy named Brett Dikeman for telling him about the tab to spaces issue of I Love You? Would this be you?
A lot of people are praising Levy when they probably never had to deal with him in the real world.
He certainly has his petty side. Not so long ago he unsubscribed a couple of dozen people from one well known security company from all of the bugtraq lists, because one of their executives had the temerity to criticize him on an independent forum.
Can you say 'petty'?
Hopefully the new moderator won't behave like that.
You've must have been on some alternate reality bugtraq list. During most of the time Chasin managed the list bugtraq was no moderated. He only started it moderating it at the end when things became unbearable.Not to mention that list back then had a handful of subscribers and now has almost fifty thousand.
OK. Here is what I am wondering? What is the significance of the nickname "Aleph1?"
Is it a reference to Eliphas Levy, the 19th century ceremonial magician whose name seems a lot like Elias Levy? After all Levy was quite into the ritual aspects of the Hebrew alphabet from a Hermetic point of view, and the first letter of that writing system was "Aleph" meaning "Ox" and associated, in the Sepher Ytzirah with Air and moderation between extremes (summer/winter, heaven/earth, fire/water) embodied in the other mother letters of Mem ("Water") and Shin ("Tooth").
It is kinda interesting to see the Hermetic and Computer worlds collide occasionally. Better get back to summoning those daemons....
LedgerSMB: Open source Accounting/ERP
You mean like this message to bugtraq
Yes, that's the one. It's a special thing we do with posts from time-to-time, we call it a "summary". It's when the moderator takes the time out of his day to collect a bunch of e-mail on a subject, tracks who gets credit, and puts them into a single e-mail for the sake of brevity. The alternative is to let through 20 individual e-mails that have massively quoted previous mails, etc..
http://www.phrack.org/show.php?p=49&a=14
Aleph1's second most well known contribution, I guess.
Everyone who is still unsure of Elias's use of Aleph1 should read the definition of Aleph from the William Gibson Aleph.
Hm.. You present an interesting point...
I would try and define what I mean by unbiased, but I think that "without biases I don't like" pretty much is correct.
<wik>/bin/finger that girl in the back row of machines.