Searching \ for '[PIC] PICList archive no longer private. Was: subs' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/devices.htm?key=pic
Search entire site for: 'PICList archive no longer private. Was: subs'.

Exact match. Not showing close matches.
PICList Thread
'[PIC] PICList archive no longer private. Was: subs'
2005\09\14@154619 by James Newton, Host

face picon face
First, sorry to continue this on the [PIC] tag, but everyone needs to see
it.

WHAT:
Based on this discussion and the growing number of public "feeds" of the
PICList with NO or little security I am going to stop requiring registration
for viewing of the PICList.com archive of the PICList.

HUH?
In case you are confused: This eMail list (spam_OUTpiclistTakeThisOuTspammit.edu) is hosted by MIT
and I and several others are list owners. PICList.com is a wiki-type web
site I host that is meant to be a FAQ and archive for the email list. And
may need to be a backup of the email list if MIT ever drops us. <insert
deity> forbid.

WHY:
I was aghast at how easy it is to rip some of these public "feeds" to get
email addresses and more. For a spammer harvesting target emails, it is
instant gratification. No need to subscribe and wait for emails, just rip
them _right now_! We can go about and kill the feeds (e.g. we killed the
blogger feed due to error messages it sent to members when they posted) but
if we kill the "public" feeds, then the public has no way to read the
PICList except via the "private" feeds.

One argument for the public archives is that they do not require email
registration to view as the PICList.com archive does. Some people object,
violently in some cases, to giving out their email address in order to see
other peoples email addresses. Hummm... I wonder why? Anyway, even people
who have no known affiliation to spammers and are respected members in good
standing of our little community have objected to the registration. And some
have opened up feeds to public archives apparently in response to that.

If we go and kill the public feeds, the objection will be (has been) that
the PICList.com archive is private.

In my mind, that is the freaking point, but if people are going to open
these public feeds, which do little or NOTHING to protect your email
address, in response to the main archive being private, then it may be for
the best to make the main archive public and just make sure it mungs the
heck out of the emails, looks for site rippers and spiders, and tries, best
it can to stop your email address from getting into the hands of a spammer.

HISTORY:
The primary reason why I required registration to access the archive in the
past is that the email address of the person who registered to access the
archive was encoded into a batch of fake email addresses that are fed back
what ever spider software they use in hidden "mailto" links. For example, if
".....scumbagKILLspamspam@spam@hotmal.com" registers and gains access to the archive, then spiders
the pages to collect your address, he will also collect an address like
"98ujq234kf8uspamKILLspampiclist.com" which has a number encoded in it which I can
cross to ".....scumbagKILLspamspam.....hotmail.com" if I ever receive an email addressed to
"EraseME98ujq234kf8uspam_OUTspamTakeThisOuTpiclist.com" and then I can report to "abusespamspam_OUThotmail.com" not
only that the email was spam, and (from its headers) who sent it, but also
who mined the email address. Totally brilliant if I do say so myself.

However... In practice it is useless... @spam@abuseKILLspamspamhotmail.com doesn't understand
or care that their email account was used to /harvest/ email addresses for a
spammer, they only care if their email account was used the /send/ spam. If
that. And receiving and processing emails from a bogus account is pain on my
server for technical reasons.

SUMMARY:
So, I'm going to drop the private status and allow anyone to view the
archive. Before I do that, I'm going to review the munging of email
addresses, both the person who posts and any email addresses found in the
body of the post, just to make sure it is pretty darn "mungerific." Spell
check will have fun with that one.

Right now an email like KILLspamjamesnewtonKILLspamspampiclist.com will get munged randomly to
something like _SpamBeGone_jamesnewtonSPAM@RemoveMEKillTakeThisOuTspamSPAMpiclist.com_SpamBeGone_
or spamBeGoneTakeThisOuTjamesnewtonSTOPSPAMspamBeGonespamRemoveMEpiclist.comSPAM_OUT or
TakeThisOuTjamesnewton@spam@@piclist.com all of which can be deciphered by a
human with a little care and half a brain. But emails in the body are not
munged and so I will add that next.

All the spider traps, rip stop, fake email feeds, etc.. Will remain. One of
the fake emails will feed the harvesters ip address back to them and so on.

POSTSCRIPT:
Are you still reading? Wow... Nothing personal, but like... You need to get
a life. Ok?

---
James Newton: PICList webmaster/Admin
TakeThisOuTjamesnewtonEraseMEspamspam_OUTpiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com




> {Original Message removed}

2005\09\14@162318 by olin piclist

face picon face
James Newton, Host wrote:
> So, I'm going to drop the private status and allow anyone to view the
> archive.

Big deal.  Given that all that stuff is out there already, security at your
site is pointless.

> Before I do that, I'm going to review the munging of email
> addresses, both the person who posts and any email addresses found in
> the body of the post, just to make sure it is pretty darn
> "mungerific."

Why bother?  It's all out there already.  Spammers found my piclist-only
email address years ago, and I get the same amount of spam on it as my real
email addresses.  Unless you enjoy doing this, closing the barn door after
the horses fled, died of old age, and the rest of the barn burnt down is a
waste of time.

In a perfect world it would be nice to keep the archive private.  People say
different things when they think they are talking privately to a closed
group versus expecting it to be recorded for all to see for all time.  The
only real problem I see is folks that may have thought they were having a
closed conversation in days past will now have it made public.  But there's
nothing that can be done about it, so there's no point fretting about it.
Nobody that's been paying attention could possibly have the illusion that
anything they say today on the list will remain private.

In other words:  It sucks, but that's the way it is.  Get over it.


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

2005\09\14@164139 by Bob Blick

face picon face

>> Before I do that, I'm going to review the munging of email
>> addresses, both the person who posts and any email addresses found in
>> the body of the post, just to make sure it is pretty darn
>> "mungerific."
>
> Why bother?  It's all out there already.

Hey, yours maybe. I only get a spam every month or so, and I'd like to
keep it that way, thank you very much.

-Bob

2005\09\14@213731 by Chen Xiao Fan

face
flavicon
face
Even though spam can not be totally avoided (my junk list
contains 7000 unique domains), it will be nice that
everyone does a little to help.

I think gmane.org is doing a good job in this aspect.

Regards,
Xiaofan

{Original Message removed}

2005\09\14@214752 by James Newton, Host

face picon face
Well, its just great that this generated so much discussion.

Since most of you seem to have lives, I went ahead and did it. The
piclist.com archive is now public.

I would be very curious to see how some of you see email addresses in the
body rendered. If you think it isn't being munged, try to copy or otherwise
automatically get an email address from the body and notice what you get.

If you see email addresses with strange gaps, then you aren't using IE but
at least they will be easy to read. Still hard to copy.

If you see the email addresses with weird words in them, you aren't running
a modern brower or if you are, please do a screen capture and send it to me
with the name of your browser, etc...


I hope people get some good use out of the archive and send me lots of
feedback on what you like and don't like about it.

You can do "instant" searches by going to URLs like
http://www.piclist.com/techref/postbot.asp?by=thread&id=VOIP And by instant
I mean... Well... 14 seconds isn't bad

And you can link to any days posts like this
http://www.piclist.com/techref/postbot.asp?id=piclist/2005/08/31 which
really is instant.

Or see all the threads in a specific time like this:
www.piclist.com/techref/postbot.asp?by=thread&year=2005&month=09
pretty darn quick...

Or to a specific post like this
http://www.piclist.com/techref/postbot.asp?id=piclist\2001\06\24\074402a

---
James Newton: PICList webmaster/Admin
RemoveMEjamesnewtonspamTakeThisOuTpiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com





> {Original Message removed}

2005\09\15@044315 by Howard Winter

face
flavicon
picon face
James,

On Wed, 14 Sep 2005 18:47:51 -0700, James Newton, Host wrote:

>...<
> I hope people get some good use out of the archive and send me lots of
> feedback on what you like and don't like about it.

It looks good here (using FireFox under OS/2) and I like the way it mungs the email address in a different way
each time.  

I'd like to change the email address I use for PIClist to something unique, to see if/when it gets out there
with the spammers.  Obviously for stuff I send I have to do it at this end, but how do I do this for the
address that you send it to?

Cheers,


Howard Winter
St.Albans, England


More... (looser matching)
- Last day of these posts
- In 2005 , 2006 only
- Today
- New search...