To: The Israeli Group of Linux Users Copy to: Prof. Yigal Burstein, Senior Advisor to the President for Information Systems, Weizmann Institute of Science Copy to: Aviva Greenman, Head of the Computing Center, Weizmann Institute of Science
Hello,
It is my sad duty to inform you all, that the archives of the Linux-il mailing list hosted at http://plasma-gate.weizmann.ac.il/Linux/ will be closed really soon. No, it's not because I'm tired of maintaining the site. The real cause is ... viruses. Yes, that's right. I'm not joking.
You see, some smart heads at the Computing Center of the Weizmann Institute decided that the only way to stop the wave of the MS-oriented viruses that flooded the Internet recently is to block all SMTP traffic to the weizmann.ac.il domain except a single firewalled mail relay. So far, so good. Well, it could be good - if the person(s) in charge could prove they're capable at anything except crossing the fingers. Meantime, email addresses that get too much spam are simply disabled so the humble misconfigured relay w/ antivirus software doesn't choke leaving the whole thousands of the Institute's personal out of email reach. Again, I'm not joking. Only @plasma-gate, four email addresses were disabled for more than two weeks! And when the emails do arrive, sometimes with hours of delay, they're often broken. I had to manually reconstruct MIME messages on several occasions. But, if that wouldn't be enough, now they stepped even further along their noble quest for everyone's security. Namely, all email addresses not of the form of [EMAIL PROTECTED] (and the archive robot's [EMAIL PROTECTED] is among them) are simply banned and delivery attempts will fail. Forwarding, even inside the DMZ, won't be allowed as well. Today, I was told the new policy will be enforced in a few days or so.
No, I don't know why a simple MX record would circumvent the security. A plausible explanation is that the knowledge required to properly configure the relay is a way beyond the basic IQ level required to be considered a security expert at the WICC. When asked, the only answer I got was "This is the official policy".
A few words about the "official policy" formation here at Weizmann. I don't know whether this is a common practice in other academic institutions in Israel, but here, a "senior advisor" among the leading scientists is periodically elected to serve as a supervising force over the CC decisions. In practice, though, this is just a trick to allow the CC high-level officials to do whatever they want. First, they persuade the advisor about something (and he obviously believes to the "experts") and then any argument becomes impossible. Arguing with the advisor on the technical terms is pointless (he might be great in his scientific field, but not specialist in the computer/network/security stuff, of course). On the other hand, any discussion with the "experts" ends immediately with "This is the official policy. Talk to the advisor". The loop.
And don't think I gave up easily. I fought hard. Actually, I've been fighting hard since the very first days of plasma-gate's existence. Back in 1994, it took 3 (three) months of endless discussions culminated in a meeting with the dean to be allowed to connect a Linux server to the LAN. You can't believe which security disasters were foreseen by the "experts" then. In comparison, the ten plagues of Egypt would be a joy, according to them. Some of the "experts" are still on board. BTW, by that time, no firewall existed at WIS, all home directories were NFS-exported RW to the whole world, passwords were sent in the clear text over the wire, the public FTP server was full of pirated warez, and viruses were flourishing in wild on the users' PCs. So much about the security awareness. Since then, there have been countless attempts to shut plasma-gate down, either completely or just some services. In parallel to throwing some handfuls of sand in the wheels, the "experts" were busy improving other aspects of the institute's security. For example, the warez FTP server was shut down. You see, when it comes to pressing the power button, the reaction is swift (just a couple of years). MX is something different. BTW, Weizmann remains a noticeable exception among the MACHBA institutions that doesn't provide a single FTP mirror even internally, let alone serving the community.
In short: I'm tired. Struggling with hardware or software issues is challenging. Struggling with stupidity and ignorance isn't.
Regards,
Evgeny
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]