Slashdot Mirror
Aleph1 Passes The Bugtraq Baton
Rogue_F writes: "The long running security mailing list
Bugtraq
is getting a new moderator. Elias Levy (the real name of the familiar Aleph1) has decided to move on to other things.
For nearly six years he has been moderating bugtraq with a high degree of success. No one doubts the usefulness of bugtraq, but many people probably dont appreciate what a 'clean' list it is. No spam, no flames, no relgious security wars, instead you get good wholesome security information.
Aleph1 details in this
message that he is moving on to other security projects and that David Ahmad is taking over moderation duties.
Bugtraq continues to churn out quality security information on a daily basis, and it looks like it will continue to do so for quite some time to come." List moderators and maintainers seem universally denied their due credit -- people like Zack Brown (of Kernel Traffic fame) end up getting noticed only when --infrequently -- they go on vacation.
It sounds good to see Bugtraq getting a good, unbiased moderator.
<wik>/bin/finger that girl in the back row of machines.
Bugtraq is probably one of the most-read sites to hackers and the like on the internet today. Information should be free, even if people use it for malicious purposes. Someday people will forget malice, and have no reason to use the information. Lets hope this new moderater thinks the same way.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
It isn't the scribes that get remembered, but the people who actually create the bugs.
bugtraq
Honestly though, Kernel Traffic has been one of my favorite sites. The concept itself is quite innovative. It is indeed a tough job making sense out of the mad mad world of the LKML, and what's more? filter out the trash, the hate and give people the lowdown on kernel development.
Zack, I doff my hat to you...
for the long and short of the kernel
and for the cousins too.
Maybe they have those on bugtraq?
It's reassuring to note that the new moderater has been standing in for sometime. Moderating BugTraq must be difficult at times, but it's been really nice to see such an important list run so well.
But, I thought we knew where all the bugs where already. In Windows.
Why do we need to track them?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
test
It's good to see that someone is getting credit where it is due, especially since he has such a low profile job. Important, but low profile.
David Ahmad??
You're going to hand over the most important public security mailing list to an arab?
are you nuts?
Of course, if you use OpenBSD you don't really need to bother reading BugTraq, as OpenBSD has never been successfully hacked. BugTraq is, in my experience, a resource hackers use to learn about the latest Win2K and Redhat vulnerablities - which means security conscious admins of those OSs need to read it as well. For the rest of us, it's not that useful.
This guy is brilliant. Hopefully the new moderators will be able to live up to Elis Levy's wisdom.
Tired of free ipod spam sigs? Opt ou
Because I'm thinking that 'aleph2' has a nice ring to it... :)
The 'usual discussions' were sometimes let through, but Elias never let them go on too long. The spam was almost non-existant. And anytime I had a problem with recieving items from the mailing lists, he was always quick to fix them.
Aleph1's contribution to the security community has been sizable, and he shall be remembered. Even if only for future "gR33+5 +0 4l3ph1!!" in exploit code to come.
Thank you for contributing your time and energy herding 50,000 cats at the same time. Some of us appreciate it a great deal.
(Not to downplay david's already noticable contribution of course. `8r) )
Gonzo Granzeau
"Nothing the god of biomechanics wouldn't let you into heaven for.." -Roy Batty
I for one owe Mr. Levy a tremendous debt of gratitude for his service at BugTraq. It has provided me, my students, and my professional colleagues a tremendous resource for research (via the archives) as well as virtually real-time vulnerability notification. Together with NTBugTraq, it provides a tremendous resource for the white hat community, without the fluff, spam, flames and noise of unmoderated lists and newsgroups.
The hard moditorial work done by Mr. Levy is what makes BugTraq the useful tool that it is.
While I have no doubt that Mr. Ahmad will serve the community in an excellent fashion, Mr. Levy will be a really hard act to follow, and I for one will miss his unseen hand.
Remove the caps and hold to a mirror.
Thanks to Aleph,
Who kept us from killing each other, or
killing the moron who posted an ad for
some new windows security product...
Guttermouth is a really good band.
While Kernel Traffic is very good for what it is (a summary of more or less everything on the kernel mailing list in a given week), for my purposes the LWN kernel page is even better. They summarize a few issues in enough detail to actually understand what is going on, and then give some links to other stuff that happened. Anyway, with respect to the LWN kernel page, or Kernel Traffic, or other such efforts: Would greater public recognition make it easier to keep resources like this going? Would it help if there were a better way of dividing it up into multiple volunteers (not that I can think of how to do it as easily as for code or the Open Directory Project)? Activities like these are indeed a pretty useful part of open source development/use.
OSAMA RULES!!!
Posting anonymously to escape the Karma slap that comes with having an opinion.
You other brothers can't deny
That when a girl walks in with an itty bitty waste
And a round thing in your face
You get sprung, wanna pull up tough
'Cause you notice that butt was stuffed
Deep in the jeans she's wearing
I'm hooked and I can't stop staring
Oh baby, I wanna get wit'cha
And take your picture
My homeboys tried to warn me
But with that butt you got makes
Ooh, Rump-o'-smooth-skin
You say you wanna get in my Benz?
Well, use me, use me
'Cause you ain't that average groupy
I've seen them dancin'
The hell with romancin'
She's wet, wet,
Got it goin' like a turbo 'Vette
I'm tired of magazines
Sayin' flat butts are the thing
Take the average black man and ask him that
She gotta pack much back
So, fellas! (Yeah!) Fellas! (Yeah!)
Has your girlfriend got the butt? (Hell yeah!)
Tell 'em to shake it! (Shake it!) Shake it! (Shake it!)
Shake that healthy butt!
Baby got back!
Timmy: Quick cap'n, it's time to traq some bugs.
Cap'n Justice: Hahaha, excellent idea timmy, we must stand up for american ideals of truth, justice, and changing columns of ones into columns of zeros, to prevent other people from doing the same, but timmy, there's one problem...
Timmy: What's that Capt'n Justice?
Cap'n Justice: Traq isn't how you spell track. It's hardly even close, and even sounds slightly french.
Timmy: Since we're speaking, how could you even tell?
Cap'n Justice: Ah, Touché mon frere, but you forgot one thing: Soap. You stink like a french bugmaker.
Timmy: Mwa ha ha, you cannot stop me now, for I am ze Fronch I337 haxeur. Mwahaha
Cap'n Justice: Ha! your feeble BASIC coded Trojans cannot hurt me. You shall fold like your country's armies!
Timmy Le Haxeur: NOOOOO I shall taunt you! Away with your list! Stop it! Ohhhh my bugs, my precious bugs
My Karma is so good, I'm the Dalai Lama...or something.
You know, the popular Marathon game produced by Bungie.net? THE MAKERS OF Myth2:SoulBlighter for Linux?
You mean the same bungie.net that was bought and crushed by Microsoft to stifle competing Linux software? Yes. that Bungie.net.
But I'm sure you already Gnu that.
Interview with Elias Levy (Alpeh1)
Bugtraq is probably the best security mailing list around. However while the quasi-founder (technically Aleph1 didn't start Bugtraq as I was surprised to find out) is quite prominent online I wasn't able to find any detailed information about him or Bugtraq (except for one old interview). So here for you to enjoy is an interview with Aleph1.
Kurt: Where does the name Aleph1 come from?
Elias: Its comes from transfinite mathematics. There exists many "infinite" numbers or sets. The first infinite number is small omega or alef null. It is also called countable infinity. Many infinite sets can be mapped one-to-one with each other. For example, the set of all natural numbers can be mapped one-to-one with the set of odd natural numbers. Yet one is a subset of the other. Both these sets are said to have a cardinality of alef null. Alef One is the first cardinal number after alef null (i.e. the first set that cannot be mapped one-to-one to a set of cardinality alef null).
Click here (http://www.seifried.org/security/articles/2001101 5-elias-levy-interview.html) for more.
The very function of a moderator is bias. A moderator must make value judgments about what should be on the list and what should not be.
What I think you mean by 'unbiased' is 'without biases I don't like'.
Alfred Huger is leaving the security focus incidents list. Kind odd that they all quit at once.
when the Levy breaks?
At last they changed those incredibly bad frames.
I always used to have to turn javascript off and reload the frame by itself to read anything on their website.
He let the list go to hell - Chasin never let so much clueless shit get through.
First I'd like to state that Aleph1 did a terrific job, and also the community should thank Security Focus, and Alfred Huger for their support of BT over the last couple years. Without their support it's hard to know where BT would be today.
Secondly I think it would be interesting if Slashdot could do an interview with Scott Chasin, aka Doc Holiday, the original founder of BugTraq. There are some of us who still remember when BT started and are interested in reliving the motivations behind it's inception.
Lastly, I'd like to say that certain comments made at Blackhat this year were quite inappropriate, (regarding BugTraq). It's unfortunate what damage (unnamed) small-minded members of the community can have -- for a service that has been free, useful, and especially today, increasingly important.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
No spam, no flames, no religious security wars, instead you get good wholesome information. Wow, the exact opposite of slashdot!
I discovered, and told Levy, about how a second version of the I-love-you worm had formed, using spaces instead of tabs in the code, and was floating by most antivirus software.
I read a story a few days later in which he practically quoted me word-for-word, without credit; he basically uses the mailing list members info they send him, trying to get him to email the info out to the list, and acts like HE discovered the information, etc(I challenge anyone to find a SINGLE article in which Levy is quoted/interviewed and actually GIVES CREDIT TO HIS SOURCE.) Oh, then there's the articles he writes, where he basically regurgitates what list members tell him, and slaps his name on it without a single thank you, credit, mention, etc.
Later, he gave my BOSS credit in a post to the Bugtraq list for discovering+reporting it my boss knew, because we were hosed despite our email antivirus protection, and I was desperately trying to find why, and I told him first...but he swears he didn't tell Levy anything.)
If it wasn't for the list, the guy wouldn't know shit about anything.
Oh, and moderating a list like BugTraq is nothing. Try moderating a list of 2,000 people with open posting(ie, anyone who is a member can post.) It's like the difference between supervising a class of 40 year old adult-ed students and a room full of hyperactive 1st graders.
Well, if that's his real name, it sounds to me like the name of the famous occultist Éliphas Lévi, (1810-1875), or Alphonse-Louis Constant, who was well known for his works on occultism, notably on the Tarot, and association with Freemasonry and Rosicrucian thought. "Aleph One" is a particularly apt handle for someone with that name, as Éliphas Lévi used the Hebrew letter "Aleph" to denote the first Tarot card, the Magician, in his Cabalistic studies of the cards. I dunno, perhaps his name was just a coincidence, and he got the Aleph One handle from there.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Having run about 18+ mailing lists (all at the same time), I know just how much work it is. (One of those lists was very heavy traffic.)
Not only do you have to deal with keeping things on traq, but you have to deal with all the other problems that people never see.
* Bounced mail when people drop their e-mail accounts. (And it is even more fun when it turns out to be forwarded from some other account.)
* Dealing with clueless users who accuse your domain of being a spam service when some piece of spam gets past your filters. (And informs your ISP and his ISP and you get to spend a few days digging out the mess.)
* People who are too clueless to figure out how to unsubscribe.
* Admins who are too clueless to figure out how to unsubscribe a user, but are clued enough to find your home phone number and call you demanding that you unsubscribe them.
* People who were subscribed by someone else and have no clue what a mailing list even is...
* Running Linux out of file handles. (It was an old kernel.)
* Dealing with all the complaints when the system melts, the system gets moved, things get weird with the system clock and/or plain demonic possession.
And all sorts of other things that ate at my insides.
And you get little or no thanks for any of it.
"Trademarks are the heraldry of the new feudalism."
A lot of people are praising Levy when they probably never had to deal with him in the real world.
He certainly has his petty side. Not so long ago he unsubscribed a couple of dozen people from one well known security company from all of the bugtraq lists, because one of their executives had the temerity to criticize him on an independent forum.
Can you say 'petty'?
Hopefully the new moderator won't behave like that.
OK. Here is what I am wondering? What is the significance of the nickname "Aleph1?"
Is it a reference to Eliphas Levy, the 19th century ceremonial magician whose name seems a lot like Elias Levy? After all Levy was quite into the ritual aspects of the Hebrew alphabet from a Hermetic point of view, and the first letter of that writing system was "Aleph" meaning "Ox" and associated, in the Sepher Ytzirah with Air and moderation between extremes (summer/winter, heaven/earth, fire/water) embodied in the other mother letters of Mem ("Water") and Shin ("Tooth").
It is kinda interesting to see the Hermetic and Computer worlds collide occasionally. Better get back to summoning those daemons....
LedgerSMB: Open source Accounting/ERP
http://www.phrack.org/show.php?p=49&a=14
Aleph1's second most well known contribution, I guess.
...read the subject as more or less something about bugtraq passing aleph1 number of bugs (batons?), thereafter spitting his or her coffee violently all over his or her respective keyboard in an angry realization that somehow Microsoft must have sneaked windows 2000 or some other bloatware onto us unsuspecting volunteer bug-reporters and quickly burgeoning the number of bugs in the database to past the first degree of countability?
Argh, too much discrete mathematics!
A 'natural' style keyboard, too, 80 bucks it cost me. grumbly humph.
Everyone who is still unsure of Elias's use of Aleph1 should read the definition of Aleph from the William Gibson Aleph.
Hm.. You present an interesting point...
I would try and define what I mean by unbiased, but I think that "without biases I don't like" pretty much is correct.
<wik>/bin/finger that girl in the back row of machines.