Tasmanian Devil

Dec 6, 7:25 PM, IM

Arshan* to me:

noscript saved me today, literally, from none other than the infamous samy

Dec 7, 3:16 AM, Email

From: samy**
To: Giorgio Maone
Subject: giorgio, i'm mad at you


I am mad at you. My friend, Arshan Dabirsiaghi, whom I will refer to from now on only as "the persian", was viewing a web page. The web page in question had what the kids these days are calling, "XSS". The XSS was malicious. As malicious as a chicken nugget from McDonalds. Worse, maybe.

But you see, my friend, the persian, was not affected. Why is this you ask? I asked him the same thing. He told me that I should blame you for him being safe. I don't think he literally meant come to you and blame you, but you see, I am coming to you anyway and blaming you. He was running this extension (of his penis) known only as NoScript, or what I will refer to as "the devil's plugin". And for this, I am angry. Angry at the plugin, the use of it, and by extension the author. You, sir, you. That is all. All I can do now is attempt to correct your rights.

Good morrow to you, fine sir.

Your frienemy,

*Arshan Dabirsiaghi of Aspect Security and OWASP, lead developer of the OWASP Anti-Samy Project.
** The infamous Samy, author of the eponymous MySpace XSS Worm.


The original Samy's message contained a slightly antizionist joke about Arshan's supposed descent. I edited it out even if Samy gave his consent for verbatim publishing, because Guanxi made me notice that some people may find it offensive rather than parodic, or even worse read it as an implicit justification for antisemitism.

Update 2

I re-edited the original message after Samy suggested me a way to make it become, "all of the sudden accurate rather than offensive".

15 Responses to “Samy, Anti-Samy and the Devil”

  1. #1 Marcin says:

    But Arshan does not run NoScript... o_O

  2. #2 Giorgio says:

    How do you know that?
    And most important, why should he lie both to me and Samy about that?

  3. #3 guanxi says:

    Could you publish Samy's e-mail without the offensive content? I know Samy said it, not you, but publishing it here just helps to spread it around, not only here but on Planet Mozilla.

    Thanks for NoScript. I'm a happy user (and a donor).

  4. #4 Marcin says:

    lol.. Arshan for the longest time has been messing with me into thinking that he doesn't run NoScript or any other browser-based defenses. I kind of just continued it :P

  5. #5 Pseudonymous Coward says:

    Hahaha, you funny bastards!

  6. #6 Giorgio says:

    Thanks for your feedback. I do get your point, but when I asked Samy if I could publish his message, edited or verbatim, he gave his consent for publishing it verbatim.

    That said, the mood of his text seems quite playful and parodic of the "mad scientist" stereotype: just like I don't think he's really mad at me or seeking revenge, I don't believe he really despise Hebrews, but just throwing in a parody making fun of antisemitism and antisemitic nutbags.

    Regarding corrections, I'm afraid planets fetch a static copy of articles, therefore even if I edited something, updated content wouldn't propagate.

  7. #7 arshan says:

    we're both of persian descent, so the jew jokes are par for the course, and, for the record, sans malice. most brown people are anti-zionist rather than anti-semitic, in reality

  8. #8 guanxi says:

    @Giorgio and arshan:
    I know it's just a comment in a blog, and it might seem that my posting these responses is an overblown response. But I think that, by the time society moves beyond private jokes and comments to public statements and actions, it's already too late. Those public statements and actions occur because the ideas have become privately acceptable, and the politician knows he has support for them.

    And these ideas have been such a curse on humanity -- is there a worse one? -- how many have died or suffered, for nothing. The time to act and change things is now, one blog comment at a time. Please consider helping out!

    I understand that you might take it that way, but when you publish something you can't control how others will understand it. Many will see it this way: 'Here, a little anti-semitism is so common that it's generally understood; so acceptable that it's said in passing jokes; and we care so little about offending Jewish people that we don't hesitate'.

    How about replacing the offending words with "[Arshan]" -- if samy really cares about the offending phrase, it definitely shouldn't be published -- or just take down his note and paraphrase it.

    "we’re both of persian descent, so the jew jokes are par for the course, and, for the record, sans malice. most brown people are anti-zionist rather than anti-semitic, in reality"

    It's sad for me to hear that "jew jokes" are so normal (and I should say, the Persians I know wouldn't agree). Have you considered these questions?: 1) How it makes someone feel to learn that they are stereotyped so much that it's a common joke? 2) How you would feel about similar Persian jokes, for example if Persians were stereotyped as thieves (and I'm just picking something random; I don't think that and am not aware that it's a stereotype), and you heard someone say (about someone a non-Persian thief) 'that persian took my money'? 3) The consequences of these prejudices and stereotypes: How much suffering has it caused, from Germany to Japan to the U.S. (to Italy), from Iran to their Sunni neighbors to Israel, from Lahore to Mumbai?

    It's too bad that these ideas result in such problems. Unlike the other causes of war and suffering, like the distribution of natural resources, this one is in our power to stop.

    Thanks for considering my concerns!

  9. #9 Giorgio says:

    I edited the offending words out, even if I believe the positive discussion developed in comments (especially yours) largely outweighs any hypothetical damage the original message might do.

  10. #10 arshan says:

    not to get all serious, but openness and humor are more effective than censorship. samy and i represent 2nd generation iranians in america (well, i'm a halfsie) - already breaking from the cultural biases that plague our history. if you don't know a single antisemitic iranian, you don't many. and that's really the core of the joke: neither of us are antisemitic.

    "2) How you would feel about similar Persian jokes, "

    for every jew joke we make, there's 3 iranian/terrorist jokes, even though persians have a very shitty resume for representing terrorism. stereotypes are often wrong and stupid, and that's what we're implicitly playing with.

    one of the running gags on my soccer team (which is about half black) is that if i were black i'd be the leading scorer and a captain, and that their racial advantage is too much for me to overcome. do you think these types of jokes divides us, or help brings us together? i know that on the micro scale they do the latter, but i guess you could argue that on the macro sale they do the former, but i'd have to see some hard science.

    i'm not a sociologist or psychologist so i guess i can't authoritatively say if comments like ours are a net benefit or detrimnet to society's progress in diminishing hate, but i guess i have found my own opinion.

    one thing we can agree on, samy's a schlimiel, oy vey!

  11. #11 samy says:

    8 years spent learning Hebrew in a synagogue and I still can't joke about ze Jews. I suppose I have no reason to learn Italian anymore! Lucky ma1.

    I completely understand where you're coming from. I also hate when the Persians take my money. I kid, I kid!

  12. #12 arshan says:

    imagine a persian jew - the horror.

  13. #13 guanxi says:

    Agreed, the discussion probably outweighed the original. Still, thanks for editing it; very clever of you (and/or Samy)

    I think the jokes depend on context. I tell off-color jokes all the time about everyone (though I can't think of any good Persian jokes!), and I agree that it brings people together, but the audience is people who I know do not take seriously the underlying prejudice and who wouldn't think that I took it seriously. On a semi-public forum like this one, there is no way to know who is reading it or who they'll take it. That's why I act differently here.

    Also, I think there's a difference between (to use a different example) a bunch of white people, in a mostly white bar in the US, telling a black joke, and a black person telling the same joke in the same place.

    On the other hand, South Park says outrageous things and yet they seem to bring people together, so it's not so simple. Anyone for Chef's Chocolate Salty Balls?

  14. #14 sirdarckcat says:

    haha, yep.. noscript users are the worst victims.. :( it makes exploitation harder.. anyway, I would like to thank giorgio, because all the CSS attacking stuff started for finding a way to bypass NoScript protections..

    [hidden]it would be fun to hack giorgio :D, hehe.., just kidding :)[/hidden]

  15. #15 owaspscrubbr - Search your databases for stored cross-site scripting (XSS) attacks. | PenTestIT says:

    [...] hackademix.net » Samy, Anti-Samy and the Devil [...]

Bad Behavior has blocked 965 access attempts in the last 7 days.