[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Talk: ssh - are you nuts!?!

I love how this guy assumes that everyone in the world lives within a days driving distance of silicon valley.

I know, I know, I hate contributing to the further delinquency of a troll. Yes developers should hear objective views of their code, yes constructive criticism is a wonderful thing, but this just isn't it. Although I think it would be entertaining to see one man take on the entire information security research community single-handed, it is hardly advantageous for OpenBSD/OpenSSH, because its obvious the guy doesn't want to tell anyone anything that doesn't attend his "talk". Yes, it may very well benefit OpenSSH greatly if the guy had solid arguments against current SSH implementations, but only if he would actually voice them to the developers.

I find it a sad state of affairs when user groups have go to this level to get attention.

At 07:36 AM 1/4/01 -0800, you wrote: 
I beg to differ. My points should be clear enough, base on
my posting. Should persons fell that my comments are unjustified
they are welcome to come to a meeting of SVBUG and rebuf my
statements.

                                Jessem.



On  4 Jan, Lipscomb, Al wrote:
> I think the problem here (based on the original postings and offline email)
> is that the speaker is attempting to give a talk when they do not even
> understand the technology. Check the archives for more info.
>
>> -----Original Message-----
>> From: Jeff Wyman [mailto:wysoft_(_at_)_wysoft_(_dot_)_tzo_(_dot_)_com]
>> Sent: Thursday, January 04, 2001 9:40 AM
>> To: Internet Chat
>> Cc: opentrax_(_at_)_email_(_dot_)_com; tech_(_at_)_openbsd_(_dot_)_org
>> Subject: Re: The Talk: ssh - are you nuts!?!
>>
>>
>> I think developers like to hear all points of view on their
>> products, both
>> good and bad. How else would they know what and how to improve their
>> product?
>>
>> On Thu, 4 Jan 2001, Internet Chat wrote:
>>
>> > Sending this to the guys who made OpenSSH, is really bad taste.
>> >
>> > It's like me sending a mesages saying ur "talk" is useless,
>> evil and ....
>> >
>> > i don't think the developers like it.
>> >
>> > On Thu, 4 Jan 2001 opentrax_(_at_)_email_(_dot_)_com wrote:
>> >
>> > >
>> > >                  SSH - are you nuts!?!
>> > >                  by Jesus Monroy, Jr.
>> > >
>> > > I'm too tired to get this out, but i promised it would
>> > > be available, so here it is.
>> > >
>> > > The Offical Part
>> > > ----------------
>> > > On Jan. 4, 2001, a talk entitled "ssh - are you nuts!?!"
>> > > will be given at the SVBUG (Silicon Valley BSD User Group)
>> > > monthly meeting by Club President Jesse Monroy, Jr.
>> > > Details available at:
>> > >
>> > >  http://www.svbug.com/events/
>> > >
>> > >
>> > > My part
>> > > -------
>> > > Today at 7:45pm (local time) this talk will start.
>> > > People say I'm nuts, sometimes I think they are
>> > > right. Currently, I've heard hundreds of points
>> > > of views, read dozens of papers, and comtemplated
>> > > solutions with vicious circles. Two days before
>> > > Christmas I related this to my brother-in-law,
>> > > a Havard/Yale/Cambridge MBA. His response was,
>> > > "Builds character."; hmm.. Thanks.
>> > >
>> > > Other club presidents ask me, "Are you serious
>> > > about this?" My business partner expressed, just
>> > > after Christmas, "Is this worth it?"  I'll admit,
>> > > at times, this whole thing has been a bit crazy.
>> > >
>> > > So as I've said today at 7:45pm local time, here
>> > > in Silicon Valley, I will be speaking.
>> > > The title is "SSH - are you nuts!?!"
>> > >
>> > > What do I mean by this? Well to get exactly what
>> > > I mean you may:
>> > >
>> > > 1) Come to the talk. Details are available at:
>> > >  http://www.svbug.com/events/
>> > > 2) See my notes after the talk - posted to:
>> > >  http://www.svbug.com/past/
>> > > 3) Or see the event with on-line video
>> > >    when it's available later this year.
>> > >
>> > > For those you you interested, below are selected points
>> from my talk.
>> > >
>> -------------------------------------------------------------------
>> > > -What I won't  be saying
>> > >  -SSH is evil.
>> > >  -SSH is useless.
>> > >  -SSH is a bad idea.
>> > >  -Authentication/Encryption is a hoax or does not work.
>> > >  -Public Key Encryption does not work. (I have no proof.)
>> > >  -I can break Public Key Encryption. (At least, not now.)
>> > >  -I USE SSH. (1 or 2)
>> > >  -I never intend to use SSH.
>> > >  -My systems have never been compromised.
>> > > -My frame of reference
>> > > -What I will be saying
>> > >  -Voice my personal complaints
>> > >  -Expose encryption/security myths
>> > >  -Investigate the technical specs/issues
>> > >  -Investigage Technical, Social, Economic, Financial Problems
>> > >  -Investigate attackers and attacks
>> > >  -Tell you where to get SSH
>> > >  -Showing alternatives
>> > > -Why I'm doing this
>> > > -My Personal Complaints
>> > > -What people have to say
>> > > -SSHv1 vs. SSHv2
>> > > -SSHv2 Features
>> > > -The SSH Specs (the problems within)
>> > > -Authentication/Encryption - Two methods to argue
>> > >  -can never be broken
>> > >  -can always be broken
>> > > -SSH(v2) Faults
>> > >  -New Technical problems it creates
>> > >  -Technical Problems outside of SSH control
>> > >  -There are common misconceptions about it's functionality
>> > >  -Social Problems
>> > >         -Economic Problems
>> > >  -Financial Problems
>> > >  -Still Subject to ...
>> > > -Who wants your data
>> > > -What is the Man-In-The-Middle
>> > > -Your Governments Involvement
>> > > -What SSH programs there are
>> > > -What alternatives you have
>> > >  -Start with a Strategem
>> > >  -Technical Prevention
>> > >  -Technical Counter Measures
>> > > -Last words
>> > >
>> > >
>> > >
>> > >
>> >
>> >
>> >
>> >
>>
>>
>>
>
>
>
>


--
Will Barton
Senior Systems & Network Administrator
WytheNet, Inc



Visit your host, monkey.org