On Tue, 2009-05-19 at 03:02 +0200, Michael Monnerie wrote:
> On Sonntag 17 Mai 2009 Yet Another Ninja wrote:
> > > That said, I'll implement and test it, and hopefully it's good,
> > > with no FPs.
> >
> > How can score of 0.001 cause a false positive?
>
> I didn't mean that the final result be a FP, just this one ruleset.
> Shouldn't the goal be to have no FPs and lots of corrects?
I believe that's exactly the goal.
> > Considering most will use any old obsoleted ruleset without asking
> > questions (SARE) just coz others say its kewl, any generic fear of
> > FPs is totally unfounded as its all under the end user's control.
> > As with any published BL data, nobody is asking you to reject,
> > discard or closely trust the data published in the respective list.
>
> Interesting way to see this.
Hmm, I kind of understand this. I've too often told people to disable
very, *very* outdated rule-sets, I spotted in debugging output. That's
stuff explicitly labeled "< 3.x", but used with recent SA versions. At
best in conjunction with the ">= 3.x" version"...
The point here is, that it's a test. Score as you please. If you want,
you can even equally counter the score, just to get the hit for stats.
It's solely at your discretion, and the list *will* go away. At least at
that URI, and might come back at a long-term domain.
> I maintain the ZMI_GERMAN ruleset that a
> *lot* of people use, and whenever someone complains a FP (which were
> very few since the list was created in October 2005), I blame myself and
> improve. Not insult others saying "your fault".
Again, I believe the "your fault" wasn't the intention. But that this is
a test, *needs* testers, and you can do it without *any* impact to your
results.
> DNSBLs that create lots of FPs are quickly disabled by admins who have
> customers in their back. I didn't want to insult anybody, but it should
> be clear that if a ruleset is to be used it should have an advantage.
That's the goal to be shown, isn't it? :)
> I installed it on a small server [...]
Cool. IMHO. :) Running it locally, too. Got already some stats, but I
guess I want to wait a day or two more, after updating cf files
yesterday, before posting the results.
Oh, and Alex seemed slightly annoyed and impatient last week. ;) Just
let's see how it scores! I do.
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
