On October 9, 2015 7:30:28 PM Mirimir <mirimir@riseup.net> wrote:
On 10/09/2015 07:21 PM, Shelley wrote:
On October 9, 2015 6:16:10 PM Mirimir <mirimir@riseup.net> wrote:
Maybe because Mike _published_ the fucking logs, just because JYA was doing the mirror shades thing about whether the archive was or was not genuine? I mean, JYA can be a very funny man. For sure. But does that justify publishing Cryptome access logs?
When the logs have been distributed by Cryptome via USB and torrents as part of the archive for over a year? Yeah, it's fair game.
If that's true, JYA was being either unimaginably stupid, or unimaginably weird. Still, there was no need to publish the logs just to make a point. Redacted excerpts and hashes of the files would have been enough, no?
He did post a redacted version. Then JYA accused him of everything from faking the data to being a spy. When we post about vulns on FD/ wherever, we follow the process of notifying and following up before posting publicly - which we only do when devs or corps refuse to acknowledge or outright deny. Right? That's exactly how he went about it, and then was attacked in a most nonsensical manner (we didn't even get a notorious JYA poetic diatribe!) In addition, as previously mentioned, these datasets have been in the wild for > 1yr. As someone who may have found my own data in the access logs, I still say he did the right thing.
Note that he removed those files once JY finally gave an explanation.
True. But publishing them was still unwarranted.