Re: ssh and root
Benoît Sibaud [EMAIL PROTECTED] writes: BTW: I would prefer to keep the main cvs repository local and copy (rsync ?) it to the foreign sever, if that's possible. Or would this confuse cvs on the other server? Would I have direct write access to 'my' files in the (foreign) repository or only over cvs? Hints welcome. (I only know about SF) I don't think you can rsync the SF CVS. You can import your files in, but you don't have a full control on your files: you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And you don't have ssh access to SF CVS servers AFAIK (only to users server). From what one hears about current changs in SF politics it is questionable if nowadays one should not prefer savannah anyway. See for example: http://www.fsfeurope.org/news/article2001-10-20-01.en.html Let me cite one line from there: 'Features for exporting a project from SourceForge have been removed.' I don't like this! Thank you for your answer. Robert Epprecht Benoît Sibaud -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable In message [EMAIL PROTECTED], Robert Epprecht writes: Beno=EEt Sibaud [EMAIL PROTECTED] writes: (I only know about SF) I don't think you can rsync the SF CVS. You can= import your files in, but you don't have a full control on your files:= you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And= you don't have ssh access to SF CVS servers AFAIK (only to users server). From what one hears about current changs in SF politics it is questionable if nowadays one should not prefer savannah anyway. See for example: http://www.fsfeurope.org/news/article2001-10-20-01.en.html Let me cite one line from there: 'Features for exporting a project from SourceForge have been removed.' I don't like this! This is getting pretty off-topic, but FYI, you can download a nightly sna= pshot of your complete CVS repository from sourceforge at the following URL: http://cvs.sourceforge.net/cvstarballs/projectname-cvsroot.tar.gz - -- = Ted Cabeen http://www.pobox.com/~secabeented@impuls= e.net = Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen@pobo= x.com I have taken all knowledge to be my province. -F. Bacon secabeen@cabee= n.org Human kind cannot bear very much reality.-T.S.Eliotcabeen@netco= m.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (OpenBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE8GOMboayJfLoDSdIRAmu3AJ0exOCZ1ge9h2lYdFF+erfzLBxNWgCdHK0q xaExBNSVyEGMTSlQl5PciOU= =X8Mu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
On Thu, Dec 13, 2001 at 01:54:49PM +0100, Robert Epprecht wrote: Benoît Sibaud [EMAIL PROTECTED] writes: BTW: I would prefer to keep the main cvs repository local and copy (rsync ?) it to the foreign sever, if that's possible. Or would this confuse cvs on the other server? Would I have direct write access to 'my' files in the (foreign) repository or only over cvs? Hints welcome. (I only know about SF) I don't think you can rsync the SF CVS. You can import your files in, but you don't have a full control on your files: you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And you don't have ssh access to SF CVS servers AFAIK (only to users server). From what one hears about current changs in SF politics it is questionable if nowadays one should not prefer savannah anyway. See for example: http://www.fsfeurope.org/news/article2001-10-20-01.en.html Let me cite one line from there: 'Features for exporting a project from SourceForge have been removed.' I don't like this! Sorry to be off topic, but I had to reply.. I'm the Sr. Systems Administrator for SourceForge.net. We still allow users to download their nightly CVS tarball and they can easily download their web directories.. hell they can mirror their file releases via rsync also.. the thing they are talking about is the ability to export 'tracker' (aka bug tracking, etc..) information off the website.. We used to have a data export tools for this, but we made a major backend changes (mysql - postgresql) and some of the data types changed. We honestly forgot they were there. We had exactly 3 requests in the 6-8 months since we made this change of people asking for this feature back. It just wasn't a priority. The code is OpenSource.. submit a patch.. I'm sure we'll take it.. -- - U Any setuid root program that does an exec() somewhere is just a less user friendly version of su. -- Olaf Kirch on bugtraq 2000-08-07 1024D/6388D686 7928 83A9 16CD 52FD F77F 11ED FC04 B683 6388 D686 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
Uriah Welcome [EMAIL PROTECTED] writes: Sorry to be off topic, but I had to reply.. I'm glad you did. The blame to become so OT is on me, please excuse. I'm the Sr. Systems Administrator for SourceForge.net. We still allow users to download their nightly CVS tarball and they can easily download their web directories.. hell they can mirror their file releases via rsync also.. the thing they are talking about is the ability to export 'tracker' (aka bug tracking, etc..) information off the website.. We used to have a data export tools for this, but we made a major backend changes (mysql - postgresql) and some of the data types changed. We honestly forgot they were there. We had exactly 3 requests in the 6-8 months since we made this change of people asking for this feature back. It just wasn't a priority. The code is OpenSource.. submit a patch.. I'm sure we'll take it.. Thank you for your reply, Robert PS: I'll stop now, it is very interesting but probably too much OT. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
Benoît Sibaud [EMAIL PROTECTED] writes: BTW: I would prefer to keep the main cvs repository local and copy (rsync ?) it to the foreign sever, if that's possible. Or would this confuse cvs on the other server? Would I have direct write access to 'my' files in the (foreign) repository or only over cvs? Hints welcome. (I only know about SF) I don't think you can rsync the SF CVS. You can import your files in, but you don't have a full control on your files: you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And you don't have ssh access to SF CVS servers AFAIK (only to users server). From what one hears about current changs in SF politics it is questionable if nowadays one should not prefer savannah anyway. See for example: http://www.fsfeurope.org/news/article2001-10-20-01.en.html Let me cite one line from there: 'Features for exporting a project from SourceForge have been removed.' I don't like this! Thank you for your answer. Robert Epprecht Benoît Sibaud
Re: ssh and root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable In message [EMAIL PROTECTED], Robert Epprecht writes: Beno=EEt Sibaud [EMAIL PROTECTED] writes: (I only know about SF) I don't think you can rsync the SF CVS. You can= import your files in, but you don't have a full control on your files:= you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And= you don't have ssh access to SF CVS servers AFAIK (only to users server). From what one hears about current changs in SF politics it is questionable if nowadays one should not prefer savannah anyway. See for example: http://www.fsfeurope.org/news/article2001-10-20-01.en.html Let me cite one line from there: 'Features for exporting a project from SourceForge have been removed.' I don't like this! This is getting pretty off-topic, but FYI, you can download a nightly sna= pshot of your complete CVS repository from sourceforge at the following URL: http://cvs.sourceforge.net/cvstarballs/projectname-cvsroot.tar.gz - -- = Ted Cabeen http://www.pobox.com/~secabeen[EMAIL PROTECTED] e.net = Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] x.com I have taken all knowledge to be my province. -F. Bacon [EMAIL PROTECTED] n.org Human kind cannot bear very much reality.-T.S.Eliot[EMAIL PROTECTED] m.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (OpenBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE8GOMboayJfLoDSdIRAmu3AJ0exOCZ1ge9h2lYdFF+erfzLBxNWgCdHK0q xaExBNSVyEGMTSlQl5PciOU= =X8Mu -END PGP SIGNATURE-
Re: ssh and root
On Thu, Dec 13, 2001 at 01:54:49PM +0100, Robert Epprecht wrote: Benoît Sibaud [EMAIL PROTECTED] writes: BTW: I would prefer to keep the main cvs repository local and copy (rsync ?) it to the foreign sever, if that's possible. Or would this confuse cvs on the other server? Would I have direct write access to 'my' files in the (foreign) repository or only over cvs? Hints welcome. (I only know about SF) I don't think you can rsync the SF CVS. You can import your files in, but you don't have a full control on your files: you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And you don't have ssh access to SF CVS servers AFAIK (only to users server). From what one hears about current changs in SF politics it is questionable if nowadays one should not prefer savannah anyway. See for example: http://www.fsfeurope.org/news/article2001-10-20-01.en.html Let me cite one line from there: 'Features for exporting a project from SourceForge have been removed.' I don't like this! Sorry to be off topic, but I had to reply.. I'm the Sr. Systems Administrator for SourceForge.net. We still allow users to download their nightly CVS tarball and they can easily download their web directories.. hell they can mirror their file releases via rsync also.. the thing they are talking about is the ability to export 'tracker' (aka bug tracking, etc..) information off the website.. We used to have a data export tools for this, but we made a major backend changes (mysql - postgresql) and some of the data types changed. We honestly forgot they were there. We had exactly 3 requests in the 6-8 months since we made this change of people asking for this feature back. It just wasn't a priority. The code is OpenSource.. submit a patch.. I'm sure we'll take it.. -- - U Any setuid root program that does an exec() somewhere is just a less user friendly version of su. -- Olaf Kirch on bugtraq 2000-08-07 1024D/6388D686 7928 83A9 16CD 52FD F77F 11ED FC04 B683 6388 D686
Re: ssh and root
Uriah Welcome [EMAIL PROTECTED] writes: Sorry to be off topic, but I had to reply.. I'm glad you did. The blame to become so OT is on me, please excuse. I'm the Sr. Systems Administrator for SourceForge.net. We still allow users to download their nightly CVS tarball and they can easily download their web directories.. hell they can mirror their file releases via rsync also.. the thing they are talking about is the ability to export 'tracker' (aka bug tracking, etc..) information off the website.. We used to have a data export tools for this, but we made a major backend changes (mysql - postgresql) and some of the data types changed. We honestly forgot they were there. We had exactly 3 requests in the 6-8 months since we made this change of people asking for this feature back. It just wasn't a priority. The code is OpenSource.. submit a patch.. I'm sure we'll take it.. Thank you for your reply, Robert PS: I'll stop now, it is very interesting but probably too much OT.
Re: ssh and root
Hi, BTW: I would prefer to keep the main cvs repository local and copy (rsync ?) it to the foreign sever, if that's possible. Or would this confuse cvs on the other server? Would I have direct write access to 'my' files in the (foreign) repository or only over cvs? Hints welcome. (I only know about SF) I don't think you can rsync the SF CVS. You can import your files in, but you don't have a full control on your files: you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And you don't have ssh access to SF CVS servers AFAIK (only to users server). -- Benoît Sibaud -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
Hi, BTW: I would prefer to keep the main cvs repository local and copy (rsync ?) it to the foreign sever, if that's possible. Or would this confuse cvs on the other server? Would I have direct write access to 'my' files in the (foreign) repository or only over cvs? Hints welcome. (I only know about SF) I don't think you can rsync the SF CVS. You can import your files in, but you don't have a full control on your files: you can't remove directories from your CVS tree, and you can't change file permissions on your files (be careful if you commit script or executable). For both, you'll have to submit a request to SF team. And you don't have ssh access to SF CVS servers AFAIK (only to users server). -- Benoît Sibaud
Re: ssh and root
Vineet Kumar [EMAIL PROTECTED] writes: * Robert Epprecht ([EMAIL PROTECTED]) [011208 02:31]: I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. Rather than root, add your user account to group staff. This gives you access to /usr/local. I'll do that, thank you for good advice (including your warnings). So, when doing this, only do it to accounts you trust very well and that are very well-guarded. It's best to only give group staff to (the person(s) who is/are root)'s user account(s). This is a 'multi user single person' machine ;-) It is one step better than using root directly, though (IMO). good times, Same to you! Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
Vineet Kumar [EMAIL PROTECTED] writes: * Robert Epprecht ([EMAIL PROTECTED]) [011208 02:31]: I need ssh to access some cvs servers. [ ... ] I'm not sure I completely understand your situation, [ ... ] nor do I ;-) That's why I ask... Actually I want to do *two* different things (my question was about #1): 1) I want to access a (foreign) cvs server and store the files locally under /usr/local. From the answers I've got here I think the way to do this is to set up a user to do the cvs down-loads and add him to group staff. 2) I am writing a program with a local cvsroot but am planing to upload the cvs tree to a server like savannah or sf. AFAIK this is done over ssh, which I'm not familiar with. I try to have my setup right, not to bother the people there with my beginners questions. BTW: I would prefer to keep the main cvs repository local and copy (rsync ?) it to the foreign sever, if that's possible. Or would this confuse cvs on the other server? Would I have direct write access to 'my' files in the (foreign) repository or only over cvs? Hints welcome. Again, I don't understand exactly what you're trying to do, so forgive me if some of these clues are irrelevant. I have found your explanations very interesting, including the parts that do not really map to my current situation. If you're trying to access something for which you need root on the remote machine, no. [ interesting stuff snipped ] Just ask if you need more help setting it up. Thank you. I fear I *will* have some more questions... Robert Epprecht
Re: ssh and root
* Robert Epprecht ([EMAIL PROTECTED]) [011208 02:31]: I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. Rather than root, add your user account to group staff. This gives you access to /usr/local. It should be noted, though, that this account becomes stronger than you can possibly imagine. (Well, not really, but it's easy for it to get root). One prime example of this is that /usr/local/sbin and /usr/local/bin come first in root's path. One could place a uid binary version of this there very easily: /usr/local/sbin/ls: cp /bin/bash ~h4x0r/r00t5h3ll chmod u+s ~h4x0r/r00t5h3ll rm /usr/local/sbin/bash exec /bin/ls $ARGS So, when doing this, only do it to accounts you trust very well and that are very well-guarded. It's best to only give group staff to (the person(s) who is/are root)'s user account(s). It is one step better than using root directly, though (IMO). This is also why you should specify full pathnames to anything you invoke as root =) good times, Vineet -- Satan laughs when # I disapprove of what you say, but I will we kill each other.# defend to the death your right to say it. Peace is the only way. # --Beatrice Hall, The Friends of Voltaire, 1906 msg04744/pgp0.pgp Description: PGP signature
Re: ssh and root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vineet Kumar [EMAIL PROTECTED] writes: * Robert Epprecht ([EMAIL PROTECTED]) [011208 02:31]: I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. Rather than root, add your user account to group staff. This gives you access to /usr/local. That would indeed be a lot better than ssh'ing in as root. I believe the default setup doesn't even let you (or was that a configuration question?). It should be noted, though, that this account becomes stronger than you can possibly imagine. (Well, not really, but it's easy for it to get root). One prime example of this is that /usr/local/sbin and /usr/local/bin come first in root's path. On my machine these come last by default(!) when I su user@frodo:~$ su Password: frodo:/home/user# echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin frodo:/home/user# and they are not even there when logging in as root frodo login: root Password: [...] Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. frodo:~# echo $PATH /usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11 frodo:~# Besides, when r00t you use full pathnames, not? - -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/ iD8DBQE8FUqCFsfyfWvjfZARAldtAJ47K/2STWf/fWny6AwLN2gC+k+VYwCcCQAH Bt1IvMKp58m/g2VDpQQFxoE= =CVXg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
* Robert Epprecht ([EMAIL PROTECTED]) [011208 02:31]: I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. Rather than root, add your user account to group staff. This gives you access to /usr/local. It should be noted, though, that this account becomes stronger than you can possibly imagine. (Well, not really, but it's easy for it to get root). One prime example of this is that /usr/local/sbin and /usr/local/bin come first in root's path. One could place a uid binary version of this there very easily: /usr/local/sbin/ls: cp /bin/bash ~h4x0r/r00t5h3ll chmod u+s ~h4x0r/r00t5h3ll rm /usr/local/sbin/bash exec /bin/ls $ARGS So, when doing this, only do it to accounts you trust very well and that are very well-guarded. It's best to only give group staff to (the person(s) who is/are root)'s user account(s). It is one step better than using root directly, though (IMO). This is also why you should specify full pathnames to anything you invoke as root =) good times, Vineet -- Satan laughs when # I disapprove of what you say, but I will we kill each other.# defend to the death your right to say it. Peace is the only way. # --Beatrice Hall, The Friends of Voltaire, 1906 pgptUlrdr29IT.pgp Description: PGP signature
Re: ssh and root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vineet Kumar [EMAIL PROTECTED] writes: * Robert Epprecht ([EMAIL PROTECTED]) [011208 02:31]: I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. Rather than root, add your user account to group staff. This gives you access to /usr/local. That would indeed be a lot better than ssh'ing in as root. I believe the default setup doesn't even let you (or was that a configuration question?). It should be noted, though, that this account becomes stronger than you can possibly imagine. (Well, not really, but it's easy for it to get root). One prime example of this is that /usr/local/sbin and /usr/local/bin come first in root's path. On my machine these come last by default(!) when I su [EMAIL PROTECTED]:~$ su Password: frodo:/home/user# echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin frodo:/home/user# and they are not even there when logging in as root frodo login: root Password: [...] Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. frodo:~# echo $PATH /usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11 frodo:~# Besides, when r00t you use full pathnames, not? - -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/ iD8DBQE8FUqCFsfyfWvjfZARAldtAJ47K/2STWf/fWny6AwLN2gC+k+VYwCcCQAH Bt1IvMKp58m/g2VDpQQFxoE= =CVXg -END PGP SIGNATURE-
ssh and root
I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. Robert Epprecht. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh and root
Robert Epprecht [EMAIL PROTECTED] writes: I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. You may take a look at http://www.linuxia.de/linux.en.html#CVS further down there is a section about CVS over ssh. Ciao Racke -- Die Erde bleibt keine Scheibe. --- The earth remains no disk. For projects and other business stuff please refer to COBOLT NetServices (URL: http://www.cobolt.net; Email: [EMAIL PROTECTED]; Phone: 0041-1-3884400) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ssh and root
I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. Robert Epprecht.
Re: ssh and root
Robert Epprecht [EMAIL PROTECTED] writes: I need ssh to access some cvs servers. As the files are stored locally below /usr/local/ and ordinary users have no write access there I called ssh-keygen as root. But now I have my doubts if this was The Right Thing to do regarding security. I *do* trust the cvs servers in question and am not paranoid about security, but I do want a reasonable security level. Comments welcome. You may take a look at http://www.linuxia.de/linux.en.html#CVS further down there is a section about CVS over ssh. Ciao Racke -- Die Erde bleibt keine Scheibe. --- The earth remains no disk. For projects and other business stuff please refer to COBOLT NetServices (URL: http://www.cobolt.net; Email: [EMAIL PROTECTED]; Phone: 0041-1-3884400)