[sf-lug] Monday meeting and Bobbie Sellers' news

Rick Moen rick at linuxmafia.com
Thu Apr 19 20:18:44 PDT 2018


Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> Well you described it as "absurdly over-featured", it is really not
> but the features need more separation with a replaceable router module
> or/and replaceable  WiFi module but in a compact design in my opinion.

I very much do not agree, for reasons I think I have already amply explained.

Moreover, I note in passing that you are _not_ explaining why the
Netgear is, in your view, 'not absurdly over featured to the 
consumer level user or people with space and even shelf space limitations'.
For example:

> And it is not because the features are not used.

I asked you which items of the large feature set I posted from the
hardware documentation you have any conceiveable use for, and said that
the typical answer would be about three or four out of a list of
many times that.  I notice you aren't responding.  Possibly because I
made a rather telling point, eh?

The rest of what you wrote didn't respond to my point, either.

>> If you wish to argue otherwise, kindly go through the feature list I
>> posted upthread, and tell me which of those functions you actually need
>> and use.  Long experience suggests that a sober and thoughtful answer to
>> that is going to end up being a list of about three or four out of many
>> times that.
> 
> I did that already.

No, you really didn't.  But I infer that the correct answer would be
about three out of four out of many times that.


>> That would cover 'over-featured' in the sense of 'more than the user
>> actually has a practical use for', but also relevant is the additional
>> sense of 'tending to bloat the attack surface'.  Which was the _most_
>> important point.  Your so-called 'DSL modem' just got pwned:  How do you
>> figure that happened, Bobbie?
> 
> I detailed that previously.

No, you really didn't.  You said that Cloudfare advised that the Netgear
had been pwned, but nothing about how.


> Of course I may have aroused the resentment of some troll on Usenet
> when I pointed out that cloudflare was malware when it was being
> advertised by said troll as a fast new DNS server at 1.1.1.1.

Highly unlikely.  Practically all security compromises are the action of
automated scripts.


> I doubt very much that I am.

Are you now using a replacement 'residential gateway' with a large
feature set, using a proprietary firmware load?  My understanding is
that you are.  I believe you said that you'd applied the vendor's most
recent canned firmware upgrade, and that is laudable and at least a
start.  But I do suggest you rethink the basic approach.

I'm not going to keep harping on that, though, because it's your funeral
and I'm neither being paid to look after your security nor am I
volunteering.  So, anyway, best of luck.

> Well it was a device that did what I needed done.

I didn't know until now that you needed your computing taken over
silently by remote criminals.  ;->


> How much space do you need to assemble a Raspberry PI device?
[...]

Bobbie, I'm now considerably more than _done_, here.  I am not about to
do basic research for you, I am not your free-of-charge tutor for things
you refuse to learn, and I have a _lot_ better things to do with my
life.  If you would rather wallow in ignorance and suffer the same
security problems without ever learning to fix them, good luck.


> You seem like a very intelligent person but you write as though every
> one responding to you is challenging your expertise.  No one is.

You seem like an intelligent person, but you write as though it were a
moral imperative to argue every time I'm trying to tell you something
important.  It isn't.

Horse.  Water.  Drink.




More information about the sf-lug mailing list