Bearing in mind that I'm not especially a fan of Gadi,
The thing is it would be really nice to have some functional separation between the business of this list which is operating a network, and the security focused lists, and the botnet/phishing/spam lists, addressing policy lists, the internet standards list, and so forth.
The thing is that there's always been too much functional separation between the business of this list which is operating a network, and the security focused lists. The business of operating a network has often conveniently ignored anything that doesn't actually cause the network to collapse, but which regardless makes the network a less-than-nice place to be. Is spam directly related to the business of Network A peering via BGP to Network B? Doubtful. However, where does that change? What sort of things are operational? As long as we choose to interpret "operating a network" as being merely things that involve enable on a router, yes, it's way off-topic. Sadly, many (most?) networks view their operation in a way that emphasizes this sort of attitude. As a result, we still don't have basic security things that should /also/ be a fundamental part of netops, such as BCP38 at any point where it is reasonable to do so (like at virtually every edge).
You and I and lots of other people on this list are on on many or all of those sorts of lists.
In most organizations larger than a handful of people, the netops people are not necessarily the same as the security people, and I've often found that the groups do not understand issues happening in the other arena.
While cross-pollination is acceptable and in fact desired dragging the business of one group of community interests in to the domain of another is not appropriate.
Were they all truly separate, this would be true. They're not all truly separate. Pretending that they're separate would be a convenient way to allow your network to continue peeing in the pool, ignoring problems, which (sadly) doesn't seem to be an unusual attitude at certain networks. Those of us who have been implementing BCP38-style filtering since before BCP38 existed, on the other hand, may take a slightly more mature view of what "network operations" involves, and it sure covers a lot more ground than what you can do with enable on a router. I do not consider host security to be directly connected to netops. However, it certainly has an impact, and to a certain extent, a little occasional discussion is warranted. Gadi may tend to bring along a little too much discussion, though. I think a lot of people would agree with that.
In the particular case of Gadi, I resent the persistent grandstanding and offers of assistance and assurances that's he's on the job.
Okay, annoying, granted.
That's essentially all advertising for his consulting business and I don't think it's appropriate on this list. I for one do not flog the products of my employer on this list, nor do you, or most other people who participate.
Yeah, um, uh, that fink is always trying to sell me something, uh, hm, except I can't remember what, or find its web site, or even substantiate that claim. He posts from linuxbox.org, which seems to have no web page, usually posts without a signature, etc. Maybe you could outline where he's doing all this evil advertising. If you want to paint Gadi with this brush, you should be aware that the criteria necessary to bring him down on that basis will almost certainly cover Paul Vixie and a whole bunch of other highly respected members of this community.
I tolerate this sort of behavior in the security arena (read bugtrac these days) though I resent the fact that it's de rigeur in the space for many disclosures to essentially be advertising for the consultants doing the work, virus updates are advertising for anti-virus companies etc.
I find it sadly ironic that the netops community, which largely runs huge commercial for-profit networks, would think that others would handle the security aspects for them - and do it for free. What's pathetic is that these same large networks usually can't be bothered to do much (or anything) to eliminate the environment which provides work opportunities for security consultants. Gadi? Annoying, definitely. But nothing compared to the resistance of this community to the idea that netops has anything to do with the sorts of security issues Gadi brings up. I just had to comment on this. I'll go back to lurking now. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.