Attrition.org Frequently Asked Questions (FAQ)

Original: September 10, 1999

Updated: April 24, 2021


What is attrition.org?

In the early days, we received this question frequently. Each time we gave a different answer depending on mood and frame of mind. Some people got a line or two summary ending with "just check it out", while others get a five minute diatribe trying to explain what it is. Rather than write a FAQ, we originally wrote a 'Why' page that attempted to give the quickie answer to this question. Even with that page, it wasn't enough many times due to the varied nature of content.

Put simply, it is "an eclectic collection of general internet and computer security resources". That's what we have called it for over twenty years. Originally, the content was driven by half a dozen core users between the primary pages and each user's personal page. As staff has changed, content has remained more static as user pages typically vanished and weren't replaced with new content. Instead, the new users would contribute to the primary pages.

What are the basics?

Here are some basic truths about the system and the people who run it.

Do you have a philosophy around Attrition?

The original idea of the Attrition site was somewhat of a fluke. Since the site has gone live, there has been little to no long-term direction or planning involved. This thing started out as a site only receiving 1112 visitors the first month (19782 hits). We were quite surprised we ever surpassed that. Over time the content started taking shape, either as collections of data that were dispersed or the start of commentary about the Information Security (InfoSec) industry.

Looking back, if any philosophy exists behind Attrition and the site, we might say it was one of learning, sharing knowledge, and going with the flow... until it is time not to. This last part is primarily in the form of the long-running Errata section that has come with a few detractors to say the least.

Why "Attrition"?

The answer to this question has evolved over the last half year. When moving from sekurity.org, jericho wanted a name that was not explicitly security related, wasn't a .com, wasn't this, and wasn't that. We ended up settling on a name that was sufficiently 'dark' in that it did not bring images of rabbits dancing in the flowers. The dark moods and oozing cynicism are best summed up in a word like attrition, not just because of the text book definition, but the lack of understanding people display toward the idea of it. Maybe we grew into the name more than it was appropriate to begin with.

What's your value?

Perhaps one of the most prevalent reasons people find Attrition of value is that our site is a content site rather than a 'Portal' or 'Aggregator' or whatever. When we started, sites were rushing to be called "portals", and the term bothered us. Sites with nothing but links to other sites had always been annoying before, so why then were they applauded when this new term was applied to them? Over time, some of these sites have manifested into good resources when they keep current with their links, offer several resources so that the reader may make an informed choice, etc.

Perhaps the somewhat disjointed clutter of topics on our front page is a natural side effect of being a content site rather than a portal. Regardless, Attrition resolved itself to never turn into a useless mass of links to other sites. We thought there were enough of those littering the net over twenty years ago. Look where we are now; that's a business model.

Do you have any sense of style?!

Some may argue the word 'style' is lost on Attrition. We'd disagree in a big way. Look at the mass of web sites out there. Take a good look and consider what kind of 'style' they have. With a few exceptions, web sites suck and offer little style of their own. Burdening the site with annoying and ugly banners, pop-ups, and wasted dead space, too many look like the other as far as style. Worse, many typically show no regard for intuitive interfaces. And we have no style? Come on..

Despite many people bitching, we will not change our style for you. Quit asking. Content is more important than pretty graphics or nice layout and that will remain our focus. In this day and age of programming, you are more than welcome to create your own front end to our pages. You can do your own local CSS to override our colors, change our fonts, or just read the HTML source where we occasionally put fun bits. We are here for information.

The Attrition Phenomenon

No, that is not our term at all. Back in 1999, an incredibly talented web designer said that she "couldn't understand the popularity of the attrition phenomenon" or something close to that. After explaining the above ideas to her, she finally conceded that even though we had no stunning graphics, no unique layout, and no overall aesthetically pleasing image, there was still some appeal to the site. Considering her web design changed my notion that web sites and design were essentially useless and a complete waste of time, her admission told me we were doing something right. Besides, I know that our plain style stomped on every last design nerve in her body.

Have you been served legal things like subpoenas?

Yes, check out our Attrition Canary page. We don't have much faith in warrant canaries as they are a card house of sorts. If an organization was compelled to do something, they could have been compelled not to update their canary, right? So we'll try to update it periodically to show it is current, but rest assured, we have no intention of hiding any legal action against us.

Do you offer a bug bounty?

Sure! But not for pedestrian scammy bullshit "findings" about a missing defense-in-depth DNS setting or something. Execute a command on this server, send us a complete write-up, and you qualify for a bounty. Pop a shell? Gain root? We'll take that seriously and send you a box of shit with some fun stuff and maybe a little cash. Remember, we're not a business, that is extremely generous in our eyes. If you aren't happy with that payout, move on.

What is my take-away from this long screed?

This site is run in our spare time. We do it because we want to, and do it for the masses. As it stands, we put up with more shit than most sites for a variety of reasons. Everything from lame insult mail to threats of lawsuits and occasionally threats of bodily harm or death. Let us go ahead and respond to those (past and future). Fuck off. They are a waste of time on all sides as your threats will not dissuade us. Short of constructive criticism, mail like that is laughed at and replied to sarcastically. Mail like that may also end up on our section called "Going Postal".

Attrition is a free service provided to you, at a cost to us. Shut up and appreciate it for what it's worth please. Don't like it? Don't look.

As I am fond of saying: Expect less, you'll be disappointed less.

-- Attrition.org Staff


main page ATTRITION feedback