LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Letters page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Community help as an attack vector

[Posted January 4, 2006 by ris]

From:  James Dixon <jdixon-AT-pobox.com>
To:  letters-AT-lwn.net
Subject:  Community help as an attack vector
Date:  Sun, 25 Dec 2005 21:09:08 EST

 
I'm afraid the potential may be more real than we would like.
 
I used to respond to questions on the free linux support site before it
died. On at least three occasions, I was asked if I would be willing
to remotely access the machine in question as root and work on it. The
only contact these people had with me was my posts on the forum and my
name given at the end of the posts. In each case, I declined and
pointed out that offering root access to an almost complete stranger
was ot really a good idea. Instead I usually gave the person the
contact addresses for their nearest LUG's and suggested they contact
them to see if they could arrange for onsite support from a qualified
support person.
 
It would be reassuring to think my experience was unique, but I doubt
that's the case.
 
Oh, this is emailed, as I'm not a subscriber. I read you free edition
weekly, but I can't really justify your subscription rates. I'd love
to be able to do so, but barring winning the lottery, I don't see that
it's likely. This is not intended as a criticism of your rates, as I
know that you keep them as low as possible, and that even the current
rates don't really meet your needs.
 
You're welcome to publish this in your letters section, or copy it to
the comments section o fthe appropriate story, as you see fit. You may
edit it as required.
 
James Dixon
jdixon@pobox.com
   

(Log in to post comments)

Community help as an attack vector

Posted Jan 7, 2006 12:51 UTC (Sat) by man_ls (subscriber, #15091) [Link]

I read you free edition weekly, but I can't really justify your subscription rates. I'd love to be able to do so, but barring winning the lottery, I don't see that it's likely.
If you just want to justify paying money, it is easy if you compare LWN with printed magazines. Let us see the pros and cons for each proposition.

Magazines come nicely printed on glossy paper and bound; they also come packed with ads and stupid coupons, which you must take the time to browse. There are hundreds of pages, but most of it is junk; back when I was a Mac user and bought MacWorld, I found that I barely read twenty pages in all. Finally, any professional magazine that you find on a newsstand is likely to cost $5 to $10 (PC Magazine is $6, while Dr Dobbs and Linux Journal go for $5); even if you subscribe dirt-cheap, the price will probably be between $1 and $3 per edition ($1.66 for the first two, while Linux Journal will set you back $2.83).

LWN is timely delivered via the net. You you must supply the paper and ink yourself if you want to print it; but then you only have a few text ads on top of the page. Add to this the level of comments on the site and the ability to participate in discussions (which you can do as a guest, but by the time the free edition comes out most comment topics are stale). Finally, current LWN rates are:

The individual subscription rate is US$5/month; we also offer a "starving hacker" rate of $2.50 per month and a $10/month premium rate.
At the regular level and with 4 editions a month, that is $1.25 each. On the starving hacker level it's about 62 cents per edition. All in all, a great value in my view.

Assuming you can pay the prices mentioned, which you probably can if you can afford an internet connection at all, it all boils down to whether you enjoy the contents. I know I do.

Community help as an attack vector

Posted Jan 12, 2006 16:15 UTC (Thu) by arcticwolf (guest, #8341) [Link]

It may not be clear to you, but there are people who just don't have *any* money to spare really. Yes, 2 bucks 50 (or even 5 bucks) a month for four regular editions and the occasional extra feature is cheap - and for more people who make thousands of bucks a month working in a decent-paying job, it's literally peanuts.

But not everyone's like that. There's students, for example, or people who're just plain out of work, or people from poorer countries, and what's cheap for you may not be cheap for everyone else. Myself, I can't afford a subscription to LWN anymore, not even at the "starving hacker" level, for example; I'd really like to support LWN, and I'd really like to be able to read new features as soon as they come out instead of having to wait one or two weeks, but I literally can't afford it, because I have to spend what little money I make on food, clothes and similar things.

Your comment reminds me a bit of the "if they have no bread, let them eat cake" quote misattributed to Marie Antoinette - I think you just don't understand that "it's cheap", or even "it's comparatively cheap" does not equate "Literally everyone's able to afford it".

donate subscriptions

Posted Jan 12, 2006 18:57 UTC (Thu) by pimlott (guest, #1535) [Link]

Occasionally, when LWN's subscription policy is discussed, people offer to donate subscriptions to "really starving" hackers. You might gently probe around for such kind souls.

Community help as an attack vector

Posted Jan 9, 2006 20:04 UTC (Mon) by tres (guest, #352) [Link]

I am a channel operator for the IRC Gentoo channel on Freenode and I can tell you that I often have to tell people the dangers involved in asking people to fix their machines remotely. At least in your case there is some indication that you know what you are doing. I have seen people ask complete strangers to help them 'fix' their boxes and often have to shut that type of discussion down. It still amazes me to see it but it no longer surprises me. The thing that worries me the most is that if/when something bad happens to their machine (intentional or not) by one of the people recruited from the channel, who do not represent Gentoo in anyway, that the Gentoo name will be used when they complain about the way things turn out to the detriment of Gentoo. I've chatted with some of the ops from #debian, #ubuntu, and others distro's channels too and the problem seems to be widespread. Unfortunately, I don't believe this situation will change anytime soon.

Regrads,
RiverRat

Community help as an attack vector

Posted Jan 12, 2006 23:17 UTC (Thu) by anton (guest, #25547) [Link]

Guests can comment, too (e.g., this comment). There is the usual
delay, and you have to register.

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds