[Dumpsterfire] Introduction, apology, and vague hand-waving at a list charter
Fri Jan 11 11:55:13 EST 2019
Thanks for joining. My apologies to everyone who bumped into difficulties
signing up around 11 AM EST yesterday: the server was slashdotted.
I have the logs in hand and will figure out how to avoid a repeat.
(Of course, no failure analysis is complete without responsibility
avoidance and blame assignment, so I intend to pick one of you at random
and lay it at your feet. You're welcome.)
We're here to talk about the ongoing litany of IoT failures -- which features
new entries almost every day. Perhaps in time we'll be able to construct
a taxonomy of privacy and security mistakes.
"When we're about to do something stupid, we like to catalog
the full extent of our stupidity for future reference."
--- Commander Ivanova
Maybe, MAYBE, if we're very fortunate, we'll be able to stop making those
mistakes. Or perhaps more realistically, we'll be able to understand what
trouble ensues from continuing to repeat them.
Normal rules of mailing list etiquette apply: don't top-post, don't
full-quote, don't send "test" messages, use plain text not HTML, wrap
your lines, don't send links with embedded tracking, thread your replies
properly, blah blah blah.
Attachments in open formats (e.g., png, pdf, etc.) are fine; those in
proprietary formats aren't.
Everyone who subscribes will initially be moderated, so there will be a
delay between when things are sent and when they appear. As I see that
people are active participants, I'll clear those moderation flags one
by one and messages from those people will just go through.
The list is configured for DMARC mitigation, which means that none of us
will be happy with the state of Reply-To, including me. Best advice is
to use a mail client (like mutt) that makes editing the headers as easy as
editing the message and get in the habit of modifing as required/desired.
There are significant email defenses in place here, so if you're sending
via a misconfigured mail server or a network that's been observed emitting
abuse, you may have issues. I'll check the logs for those every day
or so, or you can report them by using the email address you'll see if
your message is rejected by the MTA. There are also working RFC 2142
addresses here as well if you need them.
More information about the Dumpsterfire