[anti-abuse-wg] WHOIS (AS204224)

[David Hofstee]

Hi,

Neither do I. But what I do think is that RIPE should do the work that it is 
set out to do, namely registration of data. It should do that very well. Make 
sure that the data is sufficient, valid and remains to be valid. And that clear 
indicators of that not happening should be seen as a problem/abuse. That does 
not make them the internet police, it makes them police their own data validity 
(the only thing of value). 

In that line of thought: I would like email validation on a regular basis. 
There are so many email addresses that do not work properly (what then is the 
sense of registering invalid data?). 

Now, I'm not sure how much mandate they get to execute a good job consistently. 
But it should at least be in their rules. Yours sincerely,


David Hofstee
MailPlus B.V. Netherlands
AS51514

-Oorspronkelijk bericht-
Van: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] Namens Brian Nisbet
Verzonden: dinsdag 3 november 2015 11:20
Aan: anti-abuse-wg@ripe.net
Onderwerp: Re: [anti-abuse-wg] WHOIS (AS204224) ...
I do not believe the RIPE NCC are or should become the Internet police, for 
many reasons, ...

Re: [anti-abuse-wg] WHOIS (AS204224)

[Brian Nisbet]

Ronald,

I'm not finding a great place to ask these questions in your 
conversation with Sander, so I'm going to ask them here.


You said, at one point, that you did not see the point in reporting 
these issues, or even just specifically the AS204224 issue to the NCC. 
Given the investigations you've done, I amn't sure why not? I accept 
that the goal should be to improve the process, but surely reporting on, 
and potentially dealing with, bad actors is still worth it if you've 
gathered all the data anyway?


However the core point here is I will, once again, extend an invite to 
you, to Suresh, to Sascha, to Jeffrey, to Aftab, to everyone on this 
list who is interested in this issue, to work on a policy that might help?


As Sander said earlier, the community works on policy. The NCC, whether 
they are technically able or not, will not put any such verification in 
place unless the community asks them to. This is the way this system 
works, from the bottom up.


This is something that Tobias and I have discussed bringing to the 
Database Working Group, but time has not permitted in this period 
between meetings. I fully intend to allocate time to work on this during 
the winter. But if you (all of you, any of you) want something done, 
then the Policy Development Process is the way to do it and the more 
people involved (to a point :) ), the better.


I do not believe the RIPE NCC are or should become the Internet police, 
for many reasons, but change is made incrementally in this community and 
maybe movement is possible in a direction that would be useful? And if 
we make a policy and it's wrong, we can make a different, better, 
policy. That's the beauty of it.


Thanks,

Brian
On 03/11/2015 03:06, Ronald F. Guilmette wrote:

In message <31d31283-06bf-40d7-afdf-6bed4b119...@steffann.nl>,
Sander Steffann  wrote:


Someone needs to CALL the phone number listed there and simply ask if
Mr. Soloviev is available.  Once he is on the line, someone needs to ask
if he even works for Mashzavod Marketing Services, and if so, whether or
not he or his company requested an AS from RIPE NCC in early July.


The spammer putting in a fake/temporary/etc mobile of VoIP number there
is easy, and the person answering the phone would just confirm
everything.


As a *general* matter, yes.  A bad actor could IN GENERAL put his own
cell number into the WHOIS record, and by so doing, could, in theory
at least, utterly foil _simple_ attempts to learn his true identity...
at least if he used a so-called "unlisted" telephone number that could
not be looked up in a public data base.  (Do you folks in Europe even
still have such things as both "listed" and "unlisted" phone numbers
anymore?)

But we weren't discussing the problem IN GENERAL.  Rather, we were
discussing the specific case of AS204224 and the specific contact
phone number that appears in its RIPE WHOIS record, i.e. +7-812-3630014.

In this specific case, all one has to do is to google that phone
number.  When you do, you'll see that this number isn't by any means
just some miscreant's anonymous cell number that was only issued this
past July, when the fradulent records for AS204224 were created.  If
it were, then there would be few if any google search results.  But
that's not what we see.

Rather, in this specific case you get around 255 different google
search results for that number, many of them dating back years, and
all of them from web pages that make specific reference to Mashzavod
Marketing Service.  In short, +7-812-3630014 *is* the actual phone
number of the *actual* Mashzavod Marketing Service company.  Nothing
could be more clear.

Furthermore, one of the hits you get from a google search on that
phone number even gives the domain name of the actual company's web
site, i.e. www.zaomms.ru.  Looking at that web site (in Google Translate)
and simply going to the "Contacts" page, we find not only a perfect
match for the phone number (+7-812-3630014) but also (translated) the
name of the head of the company, Boris A. Solovyov, which also happens
to be a perfect match for what is in the WHOIS record for AS204224.

This is a lot like checking that forward and reverse DNS for a given
IP address match.  It is easy to do, and in this case, everything
checks out completely.  Everything is a perfect match.

That leaves us with only a few possibilities:

1)  The actual 16-year-old oil & gas equipment company Mashzavod Marketing
Service itself actually _did_ obtain a new AS number from RIPE NCC this
past July, and the company itself, whether by mistake/accident or due to
actual malevolent intent, _did_ itself actually start announcing routes
to several /19 bogons. (The bogons in question just happen to be in APNIC
space, but that fact is not at all important.)

2)  The actual 16-year-old oil & gas equipment company Mashzavod Marketing
Service itself actually _did_ obtain a new AS number from RIPE NCC this
past July, but then VERY SHORTLY 

Re: [anti-abuse-wg] WHOIS (AS204224)

[Sander Steffann]

Hi Roland,

> The old saying is "The best is the enemy of the good".  Validation and/or
> verification of RIPE WHOIS data can be improved, even though any system
> which attempts to do so most probably cannot be made foolproof.

Ok

> No.  You're still thinking in terms of constructing an iron-clad and
> absolutely foolproof system that utterly prevents all fraud.  I'm
> suggesting a system with vastly less ambitious goals, one which would
> simply check that the voice phone number for a given person or entity
> listed in the RIPE WHOIS db *isn't* simply disconnected, out-of-service,
> the number of a FAX machine, the number of a company or individual whose
> identity has been stolen, or the number of an unrelated brothel in
> Amsterdam.   That alone would be a vast improvement over the current
> status quo, I think.

Agreed

> Similarly, in the case of mailing addresses, either RIPE NCC or the LIRs
> could check the data base of one of the aforementioned service bureaus
> that serve that mailing industry, to see if the addresses in RIPE WHOIS
> records even exist.  A clever crook will still put in the address of
> some vacant lot somewhere, or maybe his local meat market or police
> station, but at least we wouldn't be looking at "123 Galaxy St., Mars,
> The Universe" and such utter nonsense as that.

NASA is going to be so disappointed ;)
But seriously: I agree

>> My apologies. I didn't mean to imply that accuracy of the RIPE DB is a
>> mere detail. That accuracy has been the reason behind quite a few
>> policies! I meant to say that policy doesn't contain implementation
>> details. The way a policy is implemented is left to the RIPE NCC. The
>> policy just says that contact information has to be up to date.
> 
> I want to understand.  Are you saying that RIPE NCC could unilaterally
> just decide to start performing phone verification of contact points
> listed in the WHOIS data base?

It probably would need a mandate from its members to approve the extra budget 
for implementing those checks etc. But I don't see why they couldn't.

> Even for amateur sleuths such as myself, every additional data point
> helps during an investigation.  The example of AS204224 is illustrative.
> If I knew for certain that someone had positively validated the phone
> number when that AS has been assigned in July, then I would also know,
> almost to a moral certainty, that the company itself, and not some
> identity thief, was the party engaged in the recent routing hanky
> panky.

Understood

> You are thinking about formal, government-held business records.  I myself
> am not.  Official government business records, when available, are helpful
> to investigations.  But if they aren't available, then they aren't, and
> that's all there is to it.  You work with what you have.

+1

> OK.  I promise not to attach too much value to a validated phone
> number.  Seriously, I agree with you that checking the phone number
> isn't a panacea, but it's better than nothing.

Glad we're agreeing :)

> I apologize.  You are correct,   That comment on my part was utterly
> uncalled for, and I would very much like to retract it.

Consider it retracted :)

> But I hope that you understand my sensitivity.

I do. Sometimes when discussing difficult subjects the wording can get a bit 
too strong. I can deal with that, and I know you have good intentions.

I now understand your ideas better, and understand that you are looking for a 
first step in improving the database accuracy. Not looking for a complete 
solution as I was :)  I think we reached the point where we should ask the RIPE 
NCC on their opinion on this and to see what they think is doable.

Cheers,
Sander

[anti-abuse-wg] Whois database verification

[Karl-Josef Ziegler]

Hello!

Several years ago I already got a postcard with a verification code to prove that my postal address is correct. And this was not a paid service but a large freemailer with thousands of customers. So, no it's not rocket science and yes it was already done this way in large quantities (by another service provider).

Best regards,

Karl-Josef Ziegler
 
 

[anti-abuse-wg] Also seeking input [branching from 'WHOIS (AS204224)']

[Jeffrey Race]

Dear group members,

For many years I've silently followed these discussions and
now a project is emerging on which I'd like to ask whether
any of you knowledgeable members might wish to help.  The
project starts in a different place but will inform your 
deliberations.

Background:  Two years ago I began a research project at
the Harvard Kennedy School on "Pathologies of Public-
Decision-making," to answer the question: Why do very
smart and well-informed persons make decisions with
catastrophic consequences, even though warned in advance--
and what can be done to mitigate this pathological behavior?
The findings will be based on a series of case studies including 
the Iraq War and  2007/08 financial crisis (building on my earlier
work on the Vietnam War).It turns out that decision-making 
processes in all these cases share structural similiarities leading
to the adverse  outcomes.

As for us on this group, the decision process leading to the
present rules for internet messaging seems to have
strong resemblances to the other cases   You are all smart 
and we were adequately warned in advance and all the way 
along (as this thread illustrates, and over the years I've monitored 
many dozens of threads like this one).   But the result has been
catastrophic: most messages are spam, with a heavy economic cost
in terms of cleanup and prevention costs and the burden of fraud.
So I will include a case study on the spam/abuse phenomenon
and why so many smart people (like those on this and related
lists I monitor) have produced such adverse outcomes.

I am planning to complete my book manuscript next year and hope
to be writing up this part of the draft early in '16.I invite anyone
interested in commenting (or even working with me in writing this
chapter) to send me a note off-list.

To understand my approach please see the "Pathologies" page 
linked on my website noted below. Best to invest 10 minutes in 
viewing the MP4  file.  A quick summary appears in the linked PDF 
but if you are not read into this type of analysis the elaboration in 
the spoken  version will help a lot.

My thanks in advance to any of you who find this of interest and
might be able to help make the final result something unusual.

Jeffrey Race, President
Cambridge Electronics Laboratories

Co-organizer, "Buddhism Rejoins the Great Conversation in India"
 Pune, India, November 22-24, 2014
   (Centre for Buddhist Studies University of Oxford)

International Center of Excellence --- University of Yangon (2014)
  "Introduction to Economics and Political Economy"
 (under auspices of School of Advanced International Studies,
The Johns Hopkins University, Washington DC)
  
Ash Center Fellow  Harvard University (2012-13) 


+1 617 629-2805086  709-7645 
 (follows me worldwide)(in Thailand)


Current projects and forthcoming publications:


 **

   "The Vietnam War as an Early Warning"
  

 **

"Pathologies of Public Decision-making"
   informal title:
 "How Not To Be An American Blunderer"

   
   (Presented at Harvard University  on 5/26/2015)




On Tue, 3 Nov 2015 14:37:10 +, Brian Nisbet wrote:

>On 03/11/2015 14:14, Gert Doering wrote:
>> Hi,
>>
>> On Tue, Nov 03, 2015 at 01:49:18PM +, Sascha Luck [ml] wrote:
>>> On Tue, Nov 03, 2015 at 07:13:17PM +0530, Suresh Ramasubramanian wrote:
 I would actually prefer any such proposal to come from within
 the regular RIPE community, rather than from one of us
 outsiders.
>>>
>>> For once I agree completely. If this goes to an actual proposal,
>>> this needs to be in APWG as it would be:
>>>
>>> a) address policy
>>> b) affecting the entire community
>>>
>>> Any contractual changes will also need membership approval via GM
>>> vote anyway.
>>
>> I'm not so sure about APWG.  "Spending resources" is traditionally
>> ncc-services-land, "combating abuse" is definitely anti-abuse-wg... so
>> discussing the details here, and sending a heads-up over to APWG and
>> ncc-services is good enough for me...
>
>We're getting deep into minutiae at this point, but this is actually 
>something I had planned to try and bring to the DB-WG and we'd see where 
>we went from there. That said, I simply haven't had the time over the 
>summer.
>
>Suresh, your point is noted, however I was asking more for people to 
>undertake to help, rather than to lead.
>
>Ok, I realise I have said this before, but given the proximity of RIPE71 
>I will undertake, during that week, to iron out some of the important 
>minutiae and figure out if DB remains the best place for this and go 
>from there.
>
>I would still love if there were more people from this working group who 
>were willing and able to help 

Re: [anti-abuse-wg] WHOIS (AS204224)

[ripedenis]

Hi all

Interesting conversation. It took me a while to read it all. I would like to 
add a few of my own thoughts based on my experiences. Although I will target my 
comments in response to specific points raised by many of the contributors to 
the discussion, I offer all my comments with the intention of being objective 
and constructive :)

For those who don't know me let me first declare my position regarding the RIPE 
Database. I worked for the RIPE NCC for 14 years entirely focused on the RIPE 
Database. I have been involved in the design, development, analysis, 
specification, operation, legal and privacy issues, policy implementation and 
documentation of all parts of the database service since the deployment of the 
first RPSL version in 2001. I no longer work for the RIPE NCC or anyone else 
connected with the service. Everything I say here is my own opinion and based 
on publicly available knowledge. I am not giving away any secrets here (not 
that there are any) :)

Ronald
"I neither mentioned nor asked about out-of-region objects."
"then proceeded to announce a bunch of self-evidently bogus routes to 
relatively large swaths of APNIC address space."

Last time I checked APNIC address space is 'out of region' for RIPE. Although 
the discussion has been largely based around the verification of data in the 
RIPE Database, and I agree that is an important issue, the main reason people 
are concerned about this data seems to be because of what 'bad guys' do with 
the resources they acquire based on invalid data. A lot of what they do also 
seems to involve out of region resources. If we eliminated the false 
registration of ROUTE objects in the RIPE Database for out of region resources 
then we would have removed one of the main causes why many 'bad guys' offer 
false data to obtain a legitimate RIPE ASN. So in a way we are back to the same 
discussion we had 6 months ago just before the last RIPE Meeting.

That discussion seemed to centre on wonderful, technically brilliant, 
perfectionist systems of cross registry authentication to solve the entire 
problem. Six months on and I haven't seen any further discussion on the 
subject. At the time I offered a quick and simple solution, not to the entire 
problem, but to the issue of untrusted ROUTE objects in the RIPE Database. All 
the parts needed for it already exist in the RIPE Database software. It could 
be up and running in a month and we could now have more trusted ROUTE objects. 
But alas no one was interested in my quick, dirty solution and continue to 
pursue perfection.

"When was the DECISION made not to bother to verify the phone numbers and 
mailing addresses that go into the RIPE WHOIS data base?  And also: Who made 
that specific DECISION?"
"the verification of phone and address parts of RIPE WHOIS records isn't being 
done because it wasn't even ever considered as being either necessary or useful 
enough to even insert the idea into the front end of the meat grinder known as 
"The Policy Development Process" "

Historically this has never been part of the RIPE Database design. So there has 
never been any decision NOT to do something. There has simply never been any 
decision to do something. It has been brought up many, many times over the 
years. But never even reached the stage of becoming the topic of a policy 
proposal. It is always shot down for being technically difficult, 
administratively difficult, "we are not the internet police", or it is 
pointless because all you prove is the 'bad guys' phone or email address is 
valid. These may all be true. But if you want anything like this to happen, 
regardless of who does it (RIPE NCC or members), then you have to move beyond 
the initial arguments against it, propose a policy and take it through the 
stages of discussion. If there is a consensus on doing it/something/whatever 
then that will happen.

"the name of the company, as shown in the RIPE WHOIS record, *and* the phone 
number also shown there, and perhaps also (I didn't check) even the mailing 
address in the WHOIS are all 100% correct and accurate.  They all appear to 
point to a real, and most probably 100% legitimate oil & gas parts supplier."
"In this case, the available evidence suggests that the identity of this 
perfectly legitimate company was simply stolen, and then used by someone 
totally unconnected to the real company in order to obtain a RIPE AS 
registration."

This point has been said by others, but I will put it in a slightly different 
way. The RIPE NCC has been tasked as the Data Controller of the RIPE Database. 
There are formal Terms & Conditions on the use of the RIPE Database that cover 
who is allowed to put what into and take whatever out of the Database and do 
what with. The responsibility for accountability for the contents of the RIPE 
Database is distributed. The RIPE NCC is primarily responsible for validating 
the information about it's members. As all these members pay an annual fee to 

Re: [anti-abuse-wg] WHOIS (AS204224)

[Suresh Ramasubramanian]

Thanks - I've hung around apricot and apnic long enough to know how that works  
(though these past few years I can't travel so I'm simply on the apricot / 
Sanog fellowship and program committees)

I haven't ever attended a ripe meeting though and wasn't aware of this wg - in 
my circles (security) apwg is the anti phishing wg :)

Beyond that - thank you for that detailed post

--srs

> On 04-Nov-2015, at 5:35 AM,   
> wrote:
> 
> Accepting the confusion on your definition of APWG, anything agreed by a RIPE 
> working group is implemented by the RIPE NCC. The RIPE NCC may not agree with 
> everything or may argue constructively for other options, but in the end once 
> the community has reached consensus the RIPE NCC WILL implement the decision. 
> The difficulty is sometimes getting the community to reach a

[anti-abuse-wg] Mimecast.com

[andre]

Hello,

Has anyone of you had much/any dealings with this crowd: Mimecast.com ?

Less than 1% of our email volume exchanges with them, and yesterday
after complaining about abuse/UBE from them and receiving no response,
escalated to @telstra and then all of a sudden they are returning all
email in a loop:

  supp...@mimecast.com
host service-alpha-inbound-b.mimecast.com [91.220.42.231]
SMTP error from remote mail server after end of data:
554 Email rejected due to security policies -
https://community.mimecast.com/docs/DOC-1369#554

Then, when I email them from a different server, it goes through the
first time and viola, the second email, same block, on the "new" server"

From their website: They provide email filtering services, this feels
like they are extorting money from me, which I will not pay of course.

But, have any of you had any similar experiences? As they are
providing this type of "service" to some of our @gov departments
as well as other large companies, I will have user blowback - what
do I tell my users? We are blocked because we dared complaining? 
or we are blocked because we do not pay?

any advice will be appreciated, obviously this type of behavior breaks
email and the larger the "protectors" become, the more control they
have...

tia

andre 

Re: [anti-abuse-wg] WHOIS (AS204224)

[Brian Nisbet]

On 03/11/2015 14:14, Gert Doering wrote:

Hi,

On Tue, Nov 03, 2015 at 01:49:18PM +, Sascha Luck [ml] wrote:

On Tue, Nov 03, 2015 at 07:13:17PM +0530, Suresh Ramasubramanian wrote:

I would actually prefer any such proposal to come from within
the regular RIPE community, rather than from one of us
outsiders.


For once I agree completely. If this goes to an actual proposal,
this needs to be in APWG as it would be:

a) address policy
b) affecting the entire community

Any contractual changes will also need membership approval via GM
vote anyway.


I'm not so sure about APWG.  "Spending resources" is traditionally
ncc-services-land, "combating abuse" is definitely anti-abuse-wg... so
discussing the details here, and sending a heads-up over to APWG and
ncc-services is good enough for me...


We're getting deep into minutiae at this point, but this is actually 
something I had planned to try and bring to the DB-WG and we'd see where 
we went from there. That said, I simply haven't had the time over the 
summer.


Suresh, your point is noted, however I was asking more for people to 
undertake to help, rather than to lead.


Ok, I realise I have said this before, but given the proximity of RIPE71 
I will undertake, during that week, to iron out some of the important 
minutiae and figure out if DB remains the best place for this and go 
from there.


I would still love if there were more people from this working group who 
were willing and able to help with the drafting, of course, because that 
would help the whole thing along (and not let me get utterly distracted 
by my day job).


Of course if it is decided that AA-WG is the right place for such a 
proposal, I would have to re-evaluate my involvement, but we've 
mechanisms in place to deal with that.


Thanks,

Brian

Re: [anti-abuse-wg] WHOIS (AS204224)

[Suresh Ramasubramanian]

If someone regular is willing to set a direction that I see a chance of 
achieving consensus  with - I will contribute as much as I can when 
participating remotely.  I do believe in putting my effort where my mouth is :)

--srs

> On 03-Nov-2015, at 8:07 PM, Brian Nisbet  wrote:
> 
> Suresh, your point is noted, however I was asking more for people to 
> undertake to help, rather than to lead.

Re: [anti-abuse-wg] WHOIS (AS204224)

[David Hofstee]

Again: Implementation details. 

But, if such mails were to be sent, it would remind them that their address is 
registered and that they have a responsibility for an online resource. 
Additionally: I get mailinglist reminders every month (and they do not bother 
me). Not sure if that would actually be a problem. 

Although there are many role objects that are registered, not all addresses are 
different. One could check once for all roles. Yours sincerely,


David Hofstee
MailPlus B.V. Netherlands

-Oorspronkelijk bericht-
Van: Gert Doering [mailto:g...@space.net] 
Verzonden: dinsdag 3 november 2015 16:53
Aan: David Hofstee
CC: anti-abuse-wg@ripe.net
Onderwerp: Re: [anti-abuse-wg] WHOIS (AS204224)

Hi,

On Tue, Nov 03, 2015 at 04:17:19PM +0100, David Hofstee wrote:
> Every email address in the RIPE database should work. There is a 
> reason to register an email address (and that is not for historical 
> purposes). There should be someone that is able to read those emails 
> (or it should serve its purpose). If it doesn't work, and that was 
> determined correctly (and maybe escalated to the org itself), then it 
> should be removed.

I totally agree that it should work, but you can't test that without actually 
sending something there which causes a human to do something.

Now, for a LIR contact, this is ok ("part of the job description").

For an end user, I share Sasha's sentiments - this is contact information to be 
used for *contacting* them, not for harrassing them with robots they don't want 
to know about.

In doubt, send mail to the *LIR* asking "are your customer contact x, y and z 
still valid?" - and I seem to remember that the NCC is actually doing that 
(verifying end user contracts for sponsoring LIRs).  The NCC has a business 
relation with the LIR, and part of that contract is "make sure your end user 
registration data is valid".

I could see an occasional call in the case of "funny smelling things"
("so the LIR claims that this is valid, but we start to distrust the LIR"), but 
not automated and regular calls/emails to end users...  
(some might call this "spamming", and under german law, it might actually be 
unless prior consent or a contractual relation exists)

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14  Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444   USt-IdNr.: DE813185279

Re: [anti-abuse-wg] WHOIS (AS204224)

[Suresh Ramasubramanian]

If you can tell me just how a consensus at APWG and MAAWG, say, or on various 
actually security focused lists, that the RIPE community needs policy changes 
is going to make an iota of difference to what policies get implemented by RIPE 
NCC

Right now, most other lists that I see this thread start up on, there are a few 
people who defend RIPE NCC - and a lot of people who dump on it for this kind 
of thing.   I haven’t seen any difference being made by any of this, and I’ve 
seen such threads over the past few years, on different fora.   

The exact converse applies, however, in a RIPE meeting or in the AAWG, where 
the defenders of RIPE are many, and people criticizing it pitifully few in 
number, and occasionally, like RFG, rather noisy in nature, which doesn’t quite 
help but which is not quite relevant to the continual problem RIPE NCC has with 
criminals gaming their systems while staying perfectly within whatever 
restrictions are in place.

—srs

> On 03-Nov-2015, at 7:19 PM, Sascha Luck [ml]  wrote:
> 
> On Tue, Nov 03, 2015 at 07:13:17PM +0530, Suresh Ramasubramanian wrote:
>> 
>> I would actually prefer any such proposal to come from within
>> the regular RIPE community, rather than from one of us
>> outsiders.
> 
> For once I agree completely. If this goes to an actual proposal,
> this needs to be in APWG as it would be:
> 
> a) address policy b) affecting the entire community
> 
> Any contractual changes will also need membership approval via GM
> vote anyway.
> 
> rgds,
> Sascha Luck
>