Dump

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Dump

Sebastian Urbach
Hi all,

I also set up a ftp-server for the dump, for those who want less
overhead-traffic.

ftp://key-server.de

Anonymous user-login works. User ftp should also work. The dump will be
refreshed weekly.

You are all welcome to use this dump since there is no traffic
limitation on my side :-)

Let's take a look into my crstal ball, oh surprise i see a lot of
traffic ahead :-)))))

--

Mit freundlichen Gruessen / yours sincerely

Sebastian Urbach

----------------------------------------------------------
Angewoehnung geistiger Grundsaetze ohne Gruende
nennt man Glauben.
----------------------------------------------------------
Friedrich Nietzsche (1844 - 1900)
Philosoph, Essayist, Lyriker und Schriftsteller

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Christoph Anton Mitterer-2
Hi.

I guess it would make sense to put a list of all sites providing regular
keydumps on the googlecode webiste.


Cheers,
Chris.

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Dump

R P Herrold
On Wed, 13 Oct 2010, Christoph Anton Mitterer wrote:

> I guess it would make sense to put a list of all sites providing regular
> keydumps on the googlecode webiste.

just becaiuse something CAN be done does not mean it should be
done, and here particularly with a fine cache of email
addresses intact for spammers to target (rather than having
to pull them one-off)

I think you are running around solving a problem that does not
exist, and impariing the privacy of a whole community's
members

-- Russ herrold

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Robert J. Hansen-3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/13/2010 9:36 PM, R P Herrold wrote:
> just becaiuse something CAN be done does not mean it should be done,
> and here particularly with a fine cache of email addresses intact
> for spammers to target (rather than having to pull them one-off)

Two things:

1.  Shielding email addresses is just bad strategy.  If your anti-spam
measure is built on keeping your email address secret, then once your
email address gets out (and they all do, eventually!) your plan falls
apart.  It is wiser to assume the spammers already have your email
address and rely on anti-spam measures that are robust even then.

Kerckhoff's Principle, paraphrased: "the adversary knows the system."
In crypto we build systems and assume the bad guys have perfect
knowledge about how the system works, about everything involved in the
system except the secret key.  Kerckhoff's works well for crypto.  It
also works well for anti-spam measures: assume the spammer already knows
about you.

2.  People who upload their certificates to the server have already made
a conscious decision to publish their certificates far and wide.
They've voluntarily entered their email addresses into a worldwide
searchable database where anyone, /anyone/, can get a copy of it.
Keeping the keydump away from Google is not going to make life any
harder for the spammers.  There's already strong evidence suggesting
spammers are already harvesting the keydump anyway.

> I think you are running around solving a problem that does not
> exist,

No comment on this.

> and [impairing] the privacy of a whole community's members

This is nonsense.
-----BEGIN PGP SIGNATURE-----

iFYEAREIAAYFAky2bIEACgkQI4Br5da5jhA1ogDcDBvf18YA8MI7s6FP177iAdrZ
k9cwBWaOfnrwJADeNtlEe7ixQYM/KcoRPh9VhfD3md5JtO1Zdvma/A==
=JOLy
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dump

John Clizbe-3
In reply to this post by R P Herrold
R P Herrold wrote:
> On Wed, 13 Oct 2010, Christoph Anton Mitterer wrote:
>
>> I guess it would make sense to put a list of all sites providing regular
>> keydumps on the googlecode webiste.

Yes, Chris. It would, especially after losing Peter's site. It would also be
great if we could expand the number of sites offering keydumps so Marco's site
doesn't have to bear all of the traffic.

> just becaiuse something CAN be done does not mean it should be done, and here
> particularly with a fine cache of email addresses intact for spammers to
> target (rather than having to pull them one-off)

Ahhhhh, the perennial keyserver SPAM canard.

Newsflash, it's been done with keydumps. It's probably still being done.

Do you REALLY think spammers pull addresses one-by-one?

Several years ago, keyserver SPAM was a frequent topic on the Enigmail list,
with lots of paranoia and little fact. several of us on the Enigmail team
already knew that harvesting was being done, but we wondered to what extent was
that contributing to the overall volume of SPAM received.

The best we could determine at that time, the volume of SPAM that we could
attribute to keyserver harvesting was indistinguishable from that that resulted
as random noise. You'll get MUCH more SPAM as a result of writing a message to
an email list.

One hypothesis for this is that crypto users are low value SPAM targets, i.e.,
if someone is technically savvy enough to be using crypto, he's also savvy
enough to be blocking SPAM upstream from his INBOX.


> I think you are running around solving a problem that does not exist, and
> impariing the privacy of a whole community's members

Actually, it's a problem that does exist. For a long time, the SKS community had
two sites offering keydumps. One had to shutdown last month, putting all the
traffic onto a single site.

The biggest hurdle to setting up a keyserver is the initial populating of the
nearly 2.9M keys. It's perfectly reasonable to list sources for where to get the
initial data dump at the same place one gets the software. Granted, not that
many actually get SKS from the GoogleCode site -- most are installing a .deb or
.rpm via a package manager, but a central source for tech help needs to exist
and there's not really a better choice than the project's own pages.

Please explain how making available publicly available information is impairing
privacy. That argument sounds a tad too much like "Security by Obscurity" and
the abysmal success of that approach is widely known.



--
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:[hidden email]?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Christoph Anton Mitterer-2
In reply to this post by R P Herrold
On Wed, 2010-10-13 at 21:36 -0400, R P Herrold wrote:
> just becaiuse something CAN be done does not mean it should be
> done, and here particularly with a fine cache of email
> addresses intact for spammers to target (rather than having
> to pull them one-off)
I guess you underestimate today's spammers a bit,.. everyone knows about
keyservers, and everyone can simply crawl through them. And there are
publicly known dumps available, apart from that.
Maintaining a list of those would just help the respective admins to
keep their traffic a bit smaller.


> I think you are running around solving a problem that does not
> exist, and impariing the privacy of a whole community's
> members
Really,... anyone who beliefs in privacy or anti-spam-measures by not
publishing his email and/or his key has either to completely stay
"alone" (in terms of being non reachable) or accept the fact that
addresses will get known by spammers and that the only real measure
against spam are spam filters, and not childish "don't tell ya my
address or make stupid things like email(at).-domain.com (yes, also
spammers know how to use regular expressions).

Cheers,
Chris.

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Christoph Anton Mitterer-2
In reply to this post by John Clizbe-3
On Wed, 2010-10-13 at 22:25 -0500, John Clizbe wrote:
> Yes, Chris. It would, especially after losing Peter's site. It would also be
> great if we could expand the number of sites offering keydumps so Marco's site
> doesn't have to bear all of the traffic.
Maybe the following would be the best:
Change all the documentation of SKS (e.g. also README.Debian or things
like that in distribution's packages) to tell people that they should
get the initial keydump from
ftp/http://one.common.domain/
Which is actually just a round robing DNS like the sks pool.



> Ahhhhh, the perennial keyserver SPAM canard.
Yeah it's really ridiculous to see this over and over again, just about
the same as when people demand to have their keys removed, which really
just shows how they don't understand critical parts of the whole web of
trust...


> Actually, it's a problem that does exist. For a long time, the SKS community had
> two sites offering keydumps. One had to shutdown last month, putting all the
> traffic onto a single site.
I guess the main fact that was keeping people from offering this so far,
is that it could really require a lot of traffic,... but if a pooling
system would be there, it would probably easy to convince many people in
taking part.


Cheers,
Chris.

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Jonathan Wiltshire
In reply to this post by John Clizbe-3
On Wed, Oct 13, 2010 at 10:25:41PM -0500, John Clizbe wrote:
> Yes, Chris. It would, especially after losing Peter's site. It would also be
> great if we could expand the number of sites offering keydumps so Marco's site
> doesn't have to bear all of the traffic.

Absolutely agree, and by chance I was already in the middle of preparing
regular dumps from my server anyway.

I had two motivations:
 - sharing some of the load, especially since we've already seen that this
   service can vanish very quickly otherwise
 - I struggled to find a good and recent dump when I first set up my box.
   I found plenty of advice on how to import the dump, and how to set up
   gossip sync, but no actual locations for *doing* this.


> The biggest hurdle to setting up a keyserver is the initial populating of the
> nearly 2.9M keys. It's perfectly reasonable to list sources for where to get the
> initial data dump at the same place one gets the software. Granted, not that
> many actually get SKS from the GoogleCode site -- most are installing a .deb or
> .rpm via a package manager, but a central source for tech help needs to exist
> and there's not really a better choice than the project's own pages.

I'm happy to take on preparing a patch for the Debian package with
instructions on where to find this list, but it will be too late for the
next release now.

--
Jonathan Wiltshire

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Dump

R P Herrold
In reply to this post by John Clizbe-3
On Wed, 13 Oct 2010, John Clizbe wrote:

> Do you REALLY think spammers pull addresses one-by-one?

>> I think you are running around solving a problem that does not exist, and
>> impariing the privacy of a whole community's members

> Please explain how making available publicly available information is impairing
> privacy. That argument sounds a tad too much like "Security by Obscurity" and
> the abysmal success of that approach is widely known.

I'll unsubscribe from this list at the end of the day.  I dont
need the sarcasm from the last couple of posts.  I did not
just roll off of the turnip truck as to spam -- I was  active
from the start with the DSBL (and before that the predecessor
ORBZ [domain has expired - link removed]) anti-Open Relay,
anti-spam identification tool.  'A credentials war is
rarely useful on the Usenet'

At DSBL we did distributed one-off 'host at an IP' testing of
potentially spam producing, organically assembling a 'vetted'
list of IPs that were demonstrably mis-configured; the
counter approach is a 'wholesale' listing of blocks of IPs
based on generalizing rules (is the name not se tin a PTR, is
the name one that looks like: a dialup, a residential, a block
from a disfavored country

The issue is one off vs. wholesale, and the initial inquiry
from the .edu poster demonstrates that it is not generally
known how to get all 2.9 million without effort beyond that of
a casual attacker

Facilitating anonymous wholesale transfers increases the size
of the population able to readily have a corpus to spam at,
with a set of assumedly valid email addresses and matching ID
information

Please explain how adding to that pool of bad actors by
providing ready access to a frequently updated corpus is a
win -- If I were a black-hat, I'd be building a new product
already to leverage those wholesale updates

-- Russ herrold

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Robert J. Hansen-3
> The issue is one off vs. wholesale, and the initial inquiry from the .edu poster demonstrates that it is not generally known how to get all 2.9 million without effort beyond that of a casual attacker

The initial inquiry from the .edu poster demonstrates only that the original poster didn't know.  Generalizing from a single data point is not wise.

> Facilitating anonymous wholesale transfers increases the size of the population able to readily have a corpus to spam at, with a set of assumedly valid email addresses and matching ID information

(a) they already have it, and

(b) people who upload their certificates to servers willingly accept the risk of their email address being public in exchange for the benefit of having their certificates being easily findable -- and who are you to say their wishes should be ignored?


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Jens Leinenbach
In reply to this post by R P Herrold
 If I were a black hat, I would set up my own SKS server instead of
downloading a dump again and again. ;)


Jens


2010-10-14 14:20; R P Herrold:
> Please explain how adding to that pool of bad actors by providing
> ready access to a frequently updated corpus is a win -- If I were a
> black-hat, I'd be building a new product already to leverage those
> wholesale updates


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Dump

R P Herrold
In reply to this post by Robert J. Hansen-3
On Thu, 14 Oct 2010, Robert J. Hansen wrote:

>> The issue is one off vs. wholesale, and the initial inquiry
>> from the .edu poster demonstrates that it is not generally
>> known how to get all 2.9 million without effort beyond that
>> of a casual attacker

> The initial inquiry from the .edu poster demonstrates only
> that the original poster didn't know.  Generalizing from a
> single data point is not wise.

Trimming away and ignoring clearly stated questions to reframe
away hard parts is a common 'debate society tactic' -- engage
or be ignored

Just to be clear I asked:

>> Please explain how adding to that pool of bad actors by
>> providing ready access to a frequently updated corpus is a
>> win -- If I were a black-hat, I'd be building a new product
>> already to leverage those wholesale updates

-----------------------------

>> Facilitating anonymous wholesale transfers increases the
>> size of the population able to readily have a corpus to
>> spam at, with a set of assumedly valid email addresses and
>> matching ID information

> (b) people who upload their certificates to servers
> willingly accept the risk of their email address being
> public in exchange for the benefit of having their
> certificates being easily findable -- and who are you to say
> their wishes should be ignored?

'There you go again' Clearly a false generalization. From the
archive:

Date: Tue, 18 May 2010 15:21:48 +0200
From: "Martetschlaeger, Matthias" <Matthias.Martetschlaeger@ elided>
To: "[hidden email]" <[hidden email]>
Subject: [Sks-devel] Delete key from keyserver

I thought it was an easy question but after several hours of
searching though the archive and multiple webpages, my last
hope is to get some help from this mailing list.

I simply want to delete a key from my sks-keyserver. It is a
standalone key server with not synchronization.

------------------------------

-- Russ herrold

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Dump

R P Herrold
In reply to this post by Jens Leinenbach
On Thu, 14 Oct 2010, Jens Leinenbach wrote:

> If I were a black hat, I would set up my own SKS server instead of
> downloading a dump again and again. ;)

>> ready access to a frequently updated corpus is a win -- If I were a
>> black-hat, I'd be building a new product already to leverage those
>> wholesale updates

Indeed, and there is clearly a Cost / Benefit analysis to
perform here; it makes sense to me that a blackhat with
infinite resources would engineer a entire solution set.  But
that is not what I saw as to the 'usual spammers -- they
looked for the casual 'easy and low hanging fruit' to exploit
first

The world is not a perfect place, but filled with shades of
gray.  But my question is:
  Why facilitate casual exploitation?

-- Russ herrold

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Robert J. Hansen-3
On 10/14/10 10:13 AM, R P Herrold wrote:
> Indeed, and there is clearly a Cost / Benefit analysis to perform here;
> it makes sense to me that a blackhat with infinite resources would
> engineer a entire solution set.

It makes sense to me that a spammer would find a broke undergrad in
CompSci and say, "hey, I'll pay you $100 to grab me a copy of every
email address that's on the global keyserver network."

"Infinite" resources is putting things a little strongly.  "Routine and
unexceptional business expense" is more accurate.

> The world is not a perfect place, but filled with shades of gray.  But
> my question is:
>     Why facilitate casual exploitation?

This presupposes the system *is not already* being harvested.  As
several people have told you, there is reason to suspect that it is.
Given this, I can't engage your question since it seems built on
assumptions that are not true.

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Robert J. Hansen-3
In reply to this post by R P Herrold
On 10/14/10 10:07 AM, R P Herrold wrote:
> Trimming away and ignoring clearly stated questions to reframe away hard
> parts is a common 'debate society tactic' -- engage or be ignored

This has become tedious.  Rather than answer my questions, you accuse me
of engaging in cheap theatrics and attempt to claim some kind of moral
high ground.

>> (b) people who upload their certificates to servers willingly accept
>> the risk of their email address being public in exchange for the
>> benefit of having their certificates being easily findable -- and who
>> are you to say their wishes should be ignored?
>
> 'There you go again' Clearly a false generalization.

For it to be a false generalization (much less a 'clearly false'
generalization) you must present evidence that most users do /not/
understand the keyserver network is a public resource.  So far I've yet
to see it.

Neither is the message you quoted relevant to the discussion.  The
person asking this question was running a standalone, *non-synching*
server.  This person is totally irrelevant to the question of what the
*synching* keyserver community should do.

Even then, there are always people who don't read the manuals.
Exceptions to the rule do not disprove the rule: they only prove the
rule has exceptions.  By your reasoning it is "clearly a false
generalization" to say that, e.g., citizens must pay taxes, on the
grounds that some people manage to successfully commit tax fraud.

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Jeff Johnson-12
In reply to this post by John Clizbe-3

On Oct 13, 2010, at 11:25 PM, John Clizbe wrote:

> R P Herrold wrote:
>> On Wed, 13 Oct 2010, Christoph Anton Mitterer wrote:
>>
>>> I guess it would make sense to put a list of all sites providing regular
>>> keydumps on the googlecode webiste.
>
> Yes, Chris. It would, especially after losing Peter's site. It would also be
> great if we could expand the number of sites offering keydumps so Marco's site
> doesn't have to bear all of the traffic.
>

If its useful, I happen to have SKS and mongodb (which has gridfs file put/get operations)
co-resident.

I just fired up a loop to see if feasible: Yes feasible, ~10secs per *.pgp file to load
into gridfs.

Anyone interested in using mongo gridfs for SKS dump file distribiution?

All I'm saying in the above is described here (with an example):

        http://www.mongodb.org/display/DOCS/GridFS+Tools

73 de Jeff




_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

R P Herrold
In reply to this post by Robert J. Hansen-3
On Thu, 14 Oct 2010, Robert J. Hansen wrote:

> On 10/14/10 10:07 AM, R P Herrold wrote:
>> Trimming away and ignoring clearly stated questions to reframe away hard
>> parts is a common 'debate society tactic' -- engage or be ignored
>
> This has become tedious.  Rather than answer my questions, you accuse me
> of engaging in cheap theatrics and attempt to claim some kind of moral
> high ground.

Review the bidding.  I rather believe you initiated the
uncivil tone, and I have been mild in reply:

Hansen:
> herrold:
>> and [impairing] the privacy of a whole community's members
> This is nonsense.

and an EOM.  I think that qualifies as rude.  I am pretty sure
I have not 'claim some kind of moral high ground', but rather
characterized your selective quotation as not fairly done


The only question I see that you have asked of me was the
following ...

>>> (b) people who upload their certificates to servers willingly accept
>>> the risk of their email address being public in exchange for the
>>> benefit of having their certificates being easily findable -- and who
>>> are you to say their wishes should be ignored?
>>
>> 'There you go again' Clearly a false generalization.

This was a strawman you framed (and a false one at that).

I have never suggested imparing one off queries.  As you
suggest that it is common knowledge that easy ** bulk **
availability (I went through 'one off' vs. 'wholesale' before
of course) of the entire corpus is something to have expected,
would you mind pointing me to a URL to that effect?

I have certainly NEVER consented to, nor uploaded any data to
a SKS keyserver, and yet I find my details there


As to unanswered questions from me, they remain open:

> Please explain how adding to that pool of bad actors by
> providing ready access to a frequently updated corpus is a
> win

and

> Why facilitate casual exploitation?


At the onset I suggested that this was a misapplication of a
capability, to impair quanta of privacy (expected or not,
abused or not) by removing a technical barrier than acts as a
dike to stop all but the taller waves from flooding an area

In looking at the archive I see 191 *.pgp files each 22M big
(roughly 4 gig of data) it seems and in excess of 2 million
email addresses from prior comments in this thread -- When
dealing with the MIT keyserver and the PGP keyserver before
that, I am substantially certain that I was not provided
notice of collection and possible reuse along the lines of the
EU Data Privacy Directive.  There is no right to correct nor
delete data, from the example thread I cited

I remain unconvinced that making 'voracious and wholesale'
data collection simple and efficient through anonymous FTP
from a Eurpoean site is a sound idea.  If the US had
functional data privacy laws, I would make the same suggestion
as to a US site

Convince me that helping chip away at privacy by making a
realtively hard to gather mass anonymously available to more
is a social good, with more than dismissive rhetoric, if you
believe such a case exists

-- Russ herrold

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: Dump

Christoph Anton Mitterer-2
On Thu, 2010-10-14 at 12:42 -0400, R P Herrold wrote:
> Review the bidding.  I rather believe you initiated the
> uncivil tone, and I have been mild in reply:
>
> Hansen:
> > herrold:
> >> and [impairing] the privacy of a whole community's members
> > This is nonsense.

This was not even offensive,.... but just the truth. If you make such
big claims, you'll have to life with it, if others (knowing it better)
tell you so.

Cheers,
Chris.

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Robert J. Hansen-3
In reply to this post by R P Herrold
On 10/14/10 12:42 PM, R P Herrold wrote:
> Review the bidding.  I rather believe you initiated the uncivil tone,
> and I have been mild in reply:
>
> Hansen:
>> herrold:
>>> and [impairing] the privacy of a whole community's members
>> This is nonsense.
>
> and an EOM.  I think that qualifies as rude.

That qualifies as direct.  If I had called you names, questioned your
commitment, heaped aspersions on your personal character, etcetera, that
would be ad-hominem and beyond the pale.

Your *ideas*, though, are fair game.  As they should be, as they must
be.  You are not your ideas.  In my daily work, probably ninety percent
of my promising ideas ultimately turn out to be crap.  When one of my
co-workers listens to me pitch an idea, gives it fair consideration, and
then says, "Rob, it's crap," I thank him for his time.  He's given me
everything I could ask for: not only his consideration, but also his
*judgment*.  He has given me his professional opinion in a clear and
unambiguous manner.  I can choose to abandon my research project or I
can choose to continue it.  Maybe it will pan out and maybe it won't.
But I will never be able to claim my colleagues did not give me the
benefit of their clearest, most direct judgment.

I have had co-workers who think that "you're stupid" is a good
criticism.  I'm glad to no longer work with them.  But I am genuinely
grateful for my co-workers who have listened fairly and then told me,
"Rob, this is nonsense."

If you really think that criticism of your ideas and proposals -- even
harsh and blunt criticism -- rises to the level of a personal attack
against you, well... I don't know what to say about that, besides that I
have no desire to speak with you further.

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Dump

Jesus Cea-2
In reply to this post by Jeff Johnson-12
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14/10/10 17:49, Jeff Johnson wrote:
> Anyone interested in using mongo gridfs for SKS dump file distribiution?

How do you cope with malfunctioning/hostile/malicios MongoDB instances?.

- --
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
[hidden email] - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:[hidden email]         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBTLiHUplgi5GaxT1NAQIOxAP/X97hAEBUMcuL4iX6Q7V+N+Hvk0I31lSa
qenwstT3m48d+aG5mGieNM4kA6ODmj1Z9g1XqOYcJZd1hCw0EDppZE/Mc3h9Dltq
drEZljs0Su5z8I8be0mJhLQx4tP/h7mGzZ3htAOHB28xp2IDAWRvpdyBIVHPNwIr
ckUXNrPtYfc=
=H8ar
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
12