[Discuss] FYI: We the People...
Petitioning President Obama to End Software Patents. http://www.patentlyo.com/patent/2011/11/we-the-people-petitioning-president-obama-to-end-software-patents.html?utm_source=feedburnerutm_medium=emailutm_campaign=Feed%3A+PatentlyO+%28Dennis+Crouch%27s+Patently-O%29 HYC on the go ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Security
On Thu, Nov 03, 2011 at 07:56:41AM -0400, Daniel Feenberg wrote: On Wed, 2 Nov 2011, Dan Ritter wrote: Everyone wants to connect their iPad or phone... so we got a cheap cable modem from Comcast, wired up a WiFi router, and let them play. You don't really need a separate uplink - just connect the visiting hardware upstream of the firewall. I can point to complete physical separation when the auditors come. That's worth more than the Comcast bill. -dsr- -- http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. You can't fight for freedom by taking away rights. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Data including email, stored in the cloud, may be available to law enforcement without search warrant
On 11/3/2011 8:47 AM, scottmarydavid...@gmail.com wrote: http://www.wired.com/threatlevel/2011/10/ecpa-turns-twenty-five/ Paraphrasing the article: According to the 1986 Electronic Communications Privacy Act, the law still considers data that has been left on cloud servers for longer than six months to be abandoned.. Law enforcement officers will continue to have access to citizens' stored communications that are more than six months old without a warrant as long as they assert that the content is relevant to a criminal investigation. The law also allows law enforcement to access all files stored in the cloud for longer than six months without a warrant, even though cloud storage services, like Dropbox, did not exist in 1986. A federal appeals court last year ruled that email stored in the cloud for longer than six months still requires a warrant for access, but the ruling applies only to Kentucky, Michigan, Ohio and Tennessee. This is a problem that can be easily solved by using end-to-end encryption. The capability is already built-in to every common email client. Bill, who encrypts all his email to prevent the FBI from finding out how boring his life is. -- Bill Horne 774-219-7638 (cell) 339-364-8487 (office) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Data including email, stored in the cloud, may be available to law enforcement without search warrant
On Thu, Nov 3, 2011 at 1:07 PM, Daniel C. dcrooks...@gmail.com wrote: On Thu, Nov 3, 2011 at 11:06 AM, ma...@mohawksoft.com wrote: This is a problem that can be easily solved by using end-to-end encryption. The capability is already built-in to every common email client. Assuming your ISP allows encryption to a server on your premises. Most email servers are outside of your premises and thus in the custody of a provider. The problem is that there is no 4th amendment protection for your data in the custody of a vendor. They can be ordered to hand over your data, unencrypted, by any number of government agencies. I'm not sure what you're saying. Email clients can encrypt and decrypt - there's no need to rely on the provider to do any work, and you don't need an email server at your home to encrypt an email before you send it, or decrypt after it's received. -Dan I suspect he's talking about transport encryption (SSL/TLS) while you're talking about message encryption (PGP/GPG) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] GMail doesn't recognize mailing lists
Daniel C. dcrooks...@gmail.com writes: On Thu, Nov 3, 2011 at 12:18 AM, Greg Rundlett (freephile) g...@freephile.com wrote: Why doesn't GMail reply to list by default?! Does this lack of feature bug you? Gmail is behaving correctly. The reply-to header is set by the mailing list administrator, and should be obeyed by the mail client. If you want this list to reply to list by default, feel free to argue your case here but be warned that this topic is almost always a sticky morass of flames, dogma and other unpleasantness. Reply should reply to the original sender, not to the list. That is what the Reply-to-List and Reply-All functionality is for. -Dan -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH warl...@mit.eduPGP key available ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Security
Dan Ritter wrote: Everyone wants to connect their iPad or phone... so we got a cheap cable modem from Comcast, wired up a WiFi router, and let them play. Good approach. Obviously it can also be implemented using appropriate router/firewall/VLAN rules, rather than a physically separate WAN connection. I can point to complete physical separation when the auditors come. That's worth more than the Comcast bill. Sure, but aren't there dozens of other places in your infrastructure where your security *is* dependent on firewall rules, and thus you still need to assure the auditors of the integrity of those systems? I bet when these foreign devices need access to the corporate network, you're still using a VPN, which then makes the whole corporate LAN accessible to the infected machine. I get that it can be complicated to forward specific ports (via ssh or otherwise), but never got why large corporations were always so willing to completely open their internal networks to their employee's home computers, and always preferred VPNs to port forwarding (which I find far simpler to setup, than a VPN client). -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Security
On Thu, Nov 03, 2011 at 05:43:13PM -0400, Tom Metro wrote: I can point to complete physical separation when the auditors come. That's worth more than the Comcast bill. Sure, but aren't there dozens of other places in your infrastructure where your security *is* dependent on firewall rules, and thus you still need to assure the auditors of the integrity of those systems? Yes... and we don't let random devices from outside connect to them. If a visitor comes in with a computer, they get to use the WiFi. I bet when these foreign devices need access to the corporate network, you're still using a VPN, which then makes the whole corporate LAN accessible to the infected machine. I get that it can be complicated to forward specific ports (via ssh or otherwise), but never got why large corporations were always so willing to completely open their internal networks to their employee's home computers, and always preferred VPNs to port forwarding (which I find far simpler to setup, than a VPN client). Actually, we don't have a VPN. We use SSH port forwarding, as you describe. Less sophisticated users know that they click on the icon we provide which opens a shell window which asks for their passphrase. They don't particularly know that they have a key which is guarded by that passphrase, or that their browser is configured with an autoproxy that recognizes our internal domain names (different from the outside one) and routes those requests over the SSH forwarding tunnel. Locking them out is a simple matter of disabling their accounts on the small number of machines that serve as SSH gateways. Glamorous and sexy? No. Works really well, with well-understood failure modes? Yes. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss