• Proposal on “Code Red” moderation.

    Author
    Topic
    #2452925

    In general, I am not in favor of MORE moderation, I think we have enough and, perhaps more than enough, here.

    But there is an issue brought up in passing by Susan “Patch Lady” Bradley in a comment in another thread; this issue is the posting in the “Red Hot” forum of security emergent threats that are sometimes garnered from sources of unclear reliability, including those from “experts” blogging on unlikely threats to Internet users, doing so mainly to attract attention to themselves, as measured in clicks. Reposting such dubious information on unlikely dangers may cause unnecessary worries to many of us that have enough real ones already these days.

    Considering this, I wish to propose the following:

    (1) A new Rule concerning what can be posted in the “Code Red” forum.

    (2) Additional to this rule, a list of 20 or so generally considered to be reliable sources of information on security-related matters. This list to be subject to periodic review for necessary deletions of sources now deemed unreliable and their replacement with those now seen as reliable ones.

    (3) The Rule itself, requiring that only comments substantiated with URL links to articles emanating from those 20 sources are to be accepted.

    (4) The Rule and 20-list to be emailed once, when first adopted and once after every revision,  to Subscribers and posted in “Code Red” or elsewhere so it can be easily accessed.

    I don’t expect to be loved by everyone for having posted this proposal. But, generally speaking, I never do.

    The floor is open for cogent discussion.

    Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

    MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
    Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
    macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • This topic was modified 1 year, 8 months ago by OscarCP.
    • This topic was modified 1 year, 8 months ago by RetiredGeek. Reason: Change "Red Hot" to "Code Red"
    1 user thanked author for this post.
    Viewing 10 reply threads
    Author
    Replies
    • #2452950

      Interesting to learn who or what these reliable sources are, what criteria are supposed to be used, and not in the last place: what tongues will not be accepted even if the original sourcetext isn’t in american-english?

      * _ being 20 in the 70's was fun _ *
      1 user thanked author for this post.
      • #2452955

        Fred, excellent question:

        I hope the important details emerge from the discussion here.

        As to tongues, I think that as long as Google Translate or similar works for a particular language to create an English version of  the most relevant parts of an article, that is how one could use a source originally not in English. But I suspect that the ones that end in the 20-list would already have an English version for the security articles, as for example does

        https://borncity.com/win/category/software/

        One does not need to read German to read the articles there in English, a language which I think everyone at AskWoody already understands well enough to read what is posted here, for example, and to reply to those comments or make one’s own.

        Por ejemplo yo.

        So, please, suggest if you like, what sources you think might be in that 20-list.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2452954

      just…over the top

      • #2452956

        I was and am hoping, as mentioned in my original comment, for cogent answers: clear, to the point, reasoned, based on demonstrable facts.

        Looking forward to those, the floor is still open.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2452963

      There’s a “red hot” forum here? Where?

      • #2452967

        Mele20: Go to “Forums” by clicking the word in the top menu bar in AskWoody page. Then scroll down for a while and you’ll find it. It is dedicated to security issues.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        • #2452975

          Sorry … it is called “Code Red”, as Susan has clarified in her following comment. Apologies for the confusion. (I call the forum “Red Hot” in my own mind, and that has leaked into my writing here!)

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

          2 users thanked author for this post.
      • #2452971

        Forum: Code Red – Security/Privacy advisories @ AskWoody

        It’s actually Code Red – not Red Hot.

        Parts of Southern USA will be red hot next week so stay cool.

        Susan Bradley Patch Lady/Prudent patcher

        1 user thanked author for this post.
    • #2452970

      There’s a problem here… in security I can point to many a reputable source that has gotten sucked into the hype.  So listing 20 locations and saying that these sources are ALWAYS believable is not workable.

      There was a recent news item the other day and the researcher on social media claimed the sky was falling and it just wasn’t true.

      Bottom line, the best way to determine if something is legit is to let the community of security news sources to hash it out and not declare that this list never makes mistakes and we should always believe them.

      We’re all human. We all have to determine the actual risk to ourselves. We all have to process the information.   Bottom line the best way is to post something you see in another venue and then hash it out with other posters.  Not to mandate what should – or should not – be posted.

      Susan Bradley Patch Lady/Prudent patcher

      1 user thanked author for this post.
      • #2452974

        SB: Quite so. I believe that, if not mandating, then recommending sources would be better than doing nothing. It is very hard for those not experts on security matters to know where to get a confirmation or denial of something someone posts in Code Red.

        I am still hopeful that some will answer my proposal with some good ideas, not necessarily the one I am proposing, rather than keeping the status quo that I think is not working well enough. I believe there is a real problem that is best not to ignore. Others of course, might disagree for their own reasons.

        I look forward to hear more about my proposal, whether for, against, or for something else, which is why started this thread in the first place.

        So I hope this thread continues to its natural conclusion, with either an agreement of some kind on how to curate “Code Red”, or else it just peters out for lack of interest.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2452976

         

        Susan: “So listing 20 locations and saying that these sources are ALWAYS believable is not workable.

        Of course not always: the list, as I explained in my original comment, would be subject  to periodic reviews and changes according to how things are at the time.

        By the way, perhaps someone would be so nice as to correct the title of the tread replacing “Red Hot” with “Code red?” If someone does, then I say “thank you” to the doer.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2452991

      Your proposal would require additional moderation and as you are one of the first to complain about moderation…

      I would not vote for any change that required more moderation duties.

      cheers, Paul

      • #2452993

        Paul T: Someone still has to moderate what is posted in Code Red, isn’t it so? I think that my proposal would simplify this, not make it more difficult or add significant work to it. It even can be partly automated with a script. Besides, in my opinion, this is the forum that requires the best and most serious moderation, to avoid the propagation of false alarms.

        Anyway: I have asked others for thoughtful, concrete additions or changes, or proof that there is a better way, or simply to stay away from this thread.

        Feel free to do so. Because you all are, whether I say so or not.

        For my part, I have said what I had to say. This is not up to me to decide, or ever said or thought it was.

        Through action or inaction, everyone else now will do that.

        Good night.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2453008

      Someone still has to moderate what is posted in Code Red

      Posts by registered users are not moderated. Some that don’t follow the rules are edited / trashed.
      Your proposal would require full vetting of every post and checking of links.

      It even can be partly automated with a script

      Unlikely you could script such a thing. And we don’t want non-standard, unsupported changes to the standard software.

      cheers, Paul

      2 users thanked author for this post.
      • #2453080

        Paul T: “Unlikely you could script such a thing. And we don’t want non-standard, unsupported changes to the standard software.

        You are correct, but I said nothing about using a script added to the “standard software.” One can run the “standard software” and a script (or program) in the same computer, side by side, can’t one? At least I can: in fact, I do this sort of thing often in my own work.

        The trick is to pass to the script the name of the alleged experts’ security organization running the site given as reference by someone in a Code Red comment (I imagine that looking into what is in that site and whom it belongs to is part of a conscientious moderator’s work) so it can read it and compare with those in the list, certainly not a complex program or script to code, returning an “in the list” or “not in the list” message. I would further think that cutting and pasting is one possible way of achieving such transfer. There may be others more convenient than this one.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2453241

        Quite confusing most people don’t get it that Code_Red usualy means vulnerabilities, 0days, flaws , ransomattacks etc. needing immediate network action.

        The other inconveniences are about behaviour of people and companies, that are controlled by algorithms. The State California  (in a way) and the EU Australia are taking action (in time) to control data-abuse by the datacompanies , political parties , monopolists.

        It’s very optimistic that people think to understand algorithms, but they don’t get it that these mathematical constructions can be compared with a broncode of a complicated operating system, meaning: without the broncode of a algorithm one cannot tell for sure what these algorithms do.

        For shure there is a lot of money to be made in this datafield.

        .

        * _ being 20 in the 70's was fun _ *
        1 user thanked author for this post.
    • #2453021

      Parts of Southern USA will be red hot next week so stay cool.

      So will be the south of France and Spain . . . just much too warm for the time in the seison

      * _ being 20 in the 70's was fun _ *
      • This reply was modified 1 year, 8 months ago by Fred.
      1 user thanked author for this post.
    • #2453033

      Of course not always: the list, as I explained in my original comment, would be subject to periodic reviews and changes according to how things are at the time.

      In all due respect… just factual and just without being personal as always.

      Susan is absolutely right.
      The round wheel was invented a long time ago.

      This also applies to the existing international IT and computer community security alerts.
      Take a look at the genesis of how the international official (government-related) “Warnings and Advice” came about.
      The National Cyber ​​Security Communities (NCSC’s) of a number of countries agreed upon that a system of high to low Probability of Vulnerability plus a high to low Probability of  a likely Damage is the most workable. Rather early the U.S.A. followed these guidelines.
      i.e.:
      Individual countries and organizations have the responsibility to translate these Security Advisories into local and individual advisory of measures.
      These so called strategical advisories for measures are to be taken up and implemented by the individual organizations own CERT’s (Computer and Emergency Response Team’s), so that these must lead to the actual measures for the System Administrators of the various networks.

      There are many unknown people at work in this line of security business. To understand this better there is still some reading and study to do for many people.

      in short:
      Over here it is much easier to rely in general on the good warning system that the various specialists of this Askwoody’s site use.

      * _ being 20 in the 70's was fun _ *
      • #2453072

        Thanks Fred. I am not referring to those official sources (that would definitely have to be in that 20-list), but those from non-official Web sites dedicated to security matters, where things not infrequently are exaggerated (or, I would add, even wrong), as Susan (someone that you are referring to) has explained already in another thread and is what started me thinking about this in more detail and depth than usual.

        For example: some time ago I remember getting a Code Red email warning all who received it that Google is getting our key words when making a search with it, as part of predicting the rest of what we are trying to ask to be searched (a helpful feature that often I could do without and actually do without).

        My reaction? Well, duh! Any search engine gets your key words, how else will it search for what you are looking for? Your key words entered with a browser go to Google, or whatever the search engine might be, concretely to some of the engine’s dedicated server farms, where they are processed by the search algorithms and, in the case under consideration, also by some algorithm used to predict what you might be entering next. (DuckDuckGo does this too.) If there is something to worry about, is that Google, or whatever, might be building a profile of you based on your previous and current search.

        Is that bad? No idea. All I know for certain is that if Google has built over the years a good profile of me, there is no evidence of it in the search “hits” I get, particularly the ones at the very top of the page, that are often not of the slightest relevance to what I am looking for or of anything I might be possibly interested in otherwise (e.g. old Punk Rock bands). So if Google is building my profile for some nefarious purpose from what I search for with its engine, then Google is making a terrible job of figuring me out.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2453130

      I don’t expect to be loved by everyone for having posted this proposal. But, generally speaking, I never do.

      Oh Oscar please don’t worry about that 😛😁

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
    • #2453360

      I don’t expect to be loved by everyone for having posted this proposal. But, generally speaking, I never do.

      Oh Oscar please don’t worry about that 😛😁

      Atleast this “Code Red Moderation” isn’t moderated to ∅°Kelvin (yet).

      * _ being 20 in the 70's was fun _ *
    • #2453939

      I don’t need a list of 20. I get most of my well moderated security news from Wilders Security Forums and BleepingComputer. Occasionally also Malwaretips Forums.

      Windows 10 Pro 22H2

      2 users thanked author for this post.
      • #2454015

        Good on you, JohnW (“I don’t need a list of 20.“)

        My point in starting this thread is that AskWoody needs one, for the benefit of its users. For example, for us not to get emails with scary texts describing a problem that, on further inspection, turns out not to be so. At least for those of us who are able to figure out that it is not so. Something that not everyone here may be able to do effectively in some cases, or even in most cases.

        Worrying people unnecessarily is not acceptable, at least not to me.

        By the way, about something someone wrote here earlier on: I am not given to complaining about moderation, only about incorrect moderation, at least when it happens to me, that is the only time I have directly knowledge of it. Although others have let me know that they also have been treated in such incorrect way. This is not a bane on all of us users, but even so, it is wrong and should not happen. There is no inconsistency between my attitude to incorrect moderation and my opinion that more (correct) moderation is necessary in Code Red.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        1 user thanked author for this post.
        • #2454017

          … scary texts describing a problem that, on further inspection, turns out not to be so.

          … my opinion that more (correct) moderation is necessary in Code Red.

          Do you have examples of topics you consider were scaremongering?

          • #2454021

            Not necessarily “scaremongering”, because that implies some bad intention on the part of the poster. I intend to post the titles, with a link, of those that turn out to be significantly less dramatic than presented by the poster, as they show up in my mail box. I would appreciate it if others did the same.

            A recent one that, in my opinion, might belong in the “with unnecessarily alarming subject title and, or email-text description” category, was on a security vulnerability discovered in Intel and AMD chips that, on reading the article at the URL provided in the initial comment, turned out to be perhaps nothing to worry about. At least this one had a built-in reassurance — for those who seeked it.

            Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

            MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
            Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
            macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    Viewing 10 reply threads
    Reply To: Proposal on “Code Red” moderation.

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: