Re: [pydotorg-www] Repeated outages of python.org

[Patrick Ben Koetter]

Am 28.07.2011 14:56, schrieb s...@pobox.com:
> 
> Richard> What makes you believe you can confirm that at some point in
> Richard> the past couple years none of them were scripts?
> 
> You could all be scripts now, but weren't back then...  (I've met you as
> well.) :-)

Skip met them, but then he got annoyed ...
 ;)

p@

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Amtsgericht MünchenPartnerschaftsregister PR 563




smime.p7s
Description: S/MIME Cryptographic Signature
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[skip]

Richard> What makes you believe you can confirm that at some point in
Richard> the past couple years none of them were scripts?

You could all be scripts now, but weren't back then...  (I've met you as
well.) :-)

Skip
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

"Martin v. Löwis" wrote:
>> Could someone please point me to the wiki pages that already
>> exist for this and any other information that may be useful ?
> 
> http://wiki.python.org/moin/Admin

Thanks.

>> I'd also need a list of current admins
> 
> That list will be difficult to produce.

Well, then let's start with a list of all admins, including
no longer active ones.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 28 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Martin v. Löwis]

> Could someone please point me to the wiki pages that already
> exist for this and any other information that may be useful ?

http://wiki.python.org/moin/Admin

> I'd also need a list of current admins

That list will be difficult to produce.

Regards,
Martin

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

M.-A. Lemburg wrote:
> "Martin v. Löwis" wrote:
>> I disagree. Administrators tend to forget where the information is
>> stored, and how to access it; they are also uncertain as to whether
>> certain aspects are documented at all. Giving Google access to this
>> information (or any other search engine) simplifies maintenance.
> 
> A wiki on a separate server would make that information
> just as easily available, so I don't really buy into that
> argument of unorganized administrators (which I don't think
> we have on python.org).
> 
> The PSF has a Trac installation that could be used for this.
> It's hosted on a separate managed servers, so the information would
> be available even if python.org goes down.
> 
> I can create an instance and user accounts for you to use.

Could someone please point me to the wiki pages that already
exist for this and any other information that may be useful ?

I'll then go ahead and setup a Trac instance for the admins to
use. I'd also need a list of current admins to setup their
accounts.

Aside: I guess that would even help those mythical "unorganized"
admins, since they'd only need to bookmark a single URL rather than
remember what to search for on Google ;-)

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 28 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Ralf Hildebrandt]

* Richard Jones :

> > I'm assuming Carl is actually joking, but nonetheless, I have personally met
> > Barry, Martin and Sean (at least, maybe Marc-Andre as well), so I can
> > confirm that at some point in the past couple years none of them were
> > scripts.
> 
> What makes you believe you can confirm that at some point in the past
> couple years none of them were scripts?

Prof. Weizenbaum would surely enjoy this thread.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Richard Jones]

On 28 July 2011 11:01,   wrote:
>
>    >> You obviously haven't met any of our administrators. :)
>
>    Carl> Has anyone?
>
>    Carl> It might be good if someone could visually confirm they exist and
>    Carl> aren't actually a script.
>
> I'm assuming Carl is actually joking, but nonetheless, I have personally met
> Barry, Martin and Sean (at least, maybe Marc-Andre as well), so I can
> confirm that at some point in the past couple years none of them were
> scripts.

What makes you believe you can confirm that at some point in the past
couple years none of them were scripts?
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[skip]

>> You obviously haven't met any of our administrators. :)

Carl> Has anyone?

Carl> It might be good if someone could visually confirm they exist and
Carl> aren't actually a script.

I'm assuming Carl is actually joking, but nonetheless, I have personally met
Barry, Martin and Sean (at least, maybe Marc-Andre as well), so I can
confirm that at some point in the past couple years none of them were
scripts.

Skip
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Barry Warsaw]

On Jul 27, 2011, at 06:17 PM, Carl Karsten wrote:

>On Mon, Jul 25, 2011 at 2:20 PM, Barry Warsaw  wrote:
>> On Jul 25, 2011, at 09:16 PM, M.-A. Lemburg wrote:
>>
>>>A wiki on a separate server would make that information
>>>just as easily available, so I don't really buy into that
>>>argument of unorganized administrators (which I don't think
>>>we have on python.org).
>>
>> You obviously haven't met any of our administrators. :)
>
>Has anyone?
>
>It might be good if someone could visually confirm they exist and
>aren't actually a script.

I can confirm that.  Of course *I* might be a script, so you probably
shouldn't take my word for it.

-Barry


signature.asc
Description: PGP signature
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Carl Karsten]

On Mon, Jul 25, 2011 at 2:20 PM, Barry Warsaw  wrote:
> On Jul 25, 2011, at 09:16 PM, M.-A. Lemburg wrote:
>
>>A wiki on a separate server would make that information
>>just as easily available, so I don't really buy into that
>>argument of unorganized administrators (which I don't think
>>we have on python.org).
>
> You obviously haven't met any of our administrators. :)

Has anyone?

It might be good if someone could visually confirm they exist and
aren't actually a script.

-- 
Carl K
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Barry Warsaw]

On Jul 25, 2011, at 09:16 PM, M.-A. Lemburg wrote:

>A wiki on a separate server would make that information
>just as easily available, so I don't really buy into that
>argument of unorganized administrators (which I don't think
>we have on python.org).

You obviously haven't met any of our administrators. :)

-Barry


signature.asc
Description: PGP signature
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Barry Warsaw]

On Jul 24, 2011, at 11:34 AM, Thomas Wouters wrote:

>Barry, it seems many people with root access on (at least) dinsdale aren't
>on roto-rooters. We should probably fix that, and make sure everyone is
>added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
>remote console/powerswitch as well (unless they have a reason not to want
>that access, I guess.)

I was mostly off-line this weekend, but I just approved Antoine's, Georg's,
and Michael's subscriptions to roto-rooters.

-B


signature.asc
Description: PGP signature
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[skip]

>> While having documentation of the setup is essential, I don't think
>> making that documentation available outside the group of
>> administrators is a good thing to do.

Martin> I disagree. Administrators tend to forget where the information
Martin> is stored, and how to access it; they are also uncertain as to
Martin> whether certain aspects are documented at all. Giving Google
Martin> access to this information (or any other search engine)
Martin> simplifies maintenance.

I agree with Martin.  I do very little actual maintenance, only of the
SpamBayes setup on mail.python.org.  That's about all I can ever remember
how to do.  Heaven help you, for instance, if you ever need me to update
someone's ssh pub key. :-)  At the very least, if I am the last resort
available, I know I can poke around the wiki to figure that out.

A compromise might be to use Google docs to share this information between
just the admins.  Or create a RotoRooters group on the wiki and add
appropriate ACLs to the root page(s) on the wiki.  The Google Docs solution
would also have the advantage that, just like the roto-rooters email alias,
it doesn't depend on any of the python.org infrastructure.  Presumably, in
the face of a significant outage people might still be able to find what
they are looking for.

Skip
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Georg Brandl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am 25.07.2011 21:16, schrieb M.-A. Lemburg:
> "Martin v. Löwis" wrote:
>>> So you deliberately make it easy for potential attackers to find out
>>> about everything they need to know in order take over the site.
>>> 
>>> Could you explain the reasons behind this ?
>> 
>> This information is not meant for attackers, but for people contributing to
>> the maintenance of the site. It may also help attackers, but only a little
>> so, since they can easily gather the information, anyway.
>> 
>> You seem to favor obscurity as a means of security. Please understand that
>> this gives a false sense of security.
> 
> No, not really. Not having the information readily available doesn't make it
> more secure (obscurity never increases security), but it does make it harder,
> and thus, raises the bar for script-kiddies.

This is similar to running SSH on a non-standard port: praised by many as the
ultimate security measure, but in reality it only delays people by the amount
of time it takes to do a portscan.

Georg
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk4twnQACgkQN9GcIYhpnLBQOwCgrpq7yUrbnImF/Zfp9YB1msnL
nR0Anie6euH3/NPBaBj1fdDDoZU5F+mA
=yT5z
-END PGP SIGNATURE-
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

"Martin v. Löwis" wrote:
>> So you deliberately make it easy for potential attackers to
>> find out about everything they need to know in order take over
>> the site.
>>
>> Could you explain the reasons behind this ?
> 
> This information is not meant for attackers, but for people contributing
> to the maintenance of the site. It may also help
> attackers, but only a little so, since they can easily gather the
> information, anyway.
> 
> You seem to favor obscurity as a means of security. Please understand
> that this gives a false sense of security.

No, not really. Not having the information readily available doesn't
make it more secure (obscurity never increases security), but it does
make it harder, and thus, raises the bar for script-kiddies.

>> While having documentation of the setup is essential, I don't think
>> making that documentation available outside the group of administrators
>> is a good thing to do.
> 
> I disagree. Administrators tend to forget where the information is
> stored, and how to access it; they are also uncertain as to whether
> certain aspects are documented at all. Giving Google access to this
> information (or any other search engine) simplifies maintenance.

A wiki on a separate server would make that information
just as easily available, so I don't really buy into that
argument of unorganized administrators (which I don't think
we have on python.org).

The PSF has a Trac installation that could be used for this.
It's hosted on a separate managed servers, so the information would
be available even if python.org goes down.

I can create an instance and user accounts for you to use.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Martin v. Löwis]

> So you deliberately make it easy for potential attackers to
> find out about everything they need to know in order take over
> the site.
> 
> Could you explain the reasons behind this ?

This information is not meant for attackers, but for people contributing
to the maintenance of the site. It may also help
attackers, but only a little so, since they can easily gather the
information, anyway.

You seem to favor obscurity as a means of security. Please understand
that this gives a false sense of security.

> While having documentation of the setup is essential, I don't think
> making that documentation available outside the group of administrators
> is a good thing to do.

I disagree. Administrators tend to forget where the information is
stored, and how to access it; they are also uncertain as to whether
certain aspects are documented at all. Giving Google access to this
information (or any other search engine) simplifies maintenance.

Regards,
Martin
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Radomir Dopieralski]

On Mon, Jul 25, 2011 at 20:52, M.-A. Lemburg  wrote:
> "Martin v. Löwis" wrote:
>>> If you look through the archives, it's very easy to find out about
>>> the infrastructure setup being used to run python.org. Take e.g.
>>> this thread as example:
>>>
>>> http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results
>>
>> This information is also published in the Wiki, and deliberately so.
>>
>> There is nothing secret about the setup of python.org, except for the
>> actual passwords.
>
> So you deliberately make it easy for potential attackers to
> find out about everything they need to know in order take over
> the site.
>
> Could you explain the reasons behind this ?
>
> While having documentation of the setup is essential, I don't think
> making that documentation available outside the group of administrators
> is a good thing to do.

In my experience, if you need to rely on obscurity as your security
measure, then you are in a very bad position.

-- 
Radomir Dopieralski, http://sheep.art.pl
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

"Martin v. Löwis" wrote:
>> If you look through the archives, it's very easy to find out about
>> the infrastructure setup being used to run python.org. Take e.g.
>> this thread as example:
>>
>> http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results
> 
> This information is also published in the Wiki, and deliberately so.
> 
> There is nothing secret about the setup of python.org, except for the
> actual passwords.

So you deliberately make it easy for potential attackers to
find out about everything they need to know in order take over
the site.

Could you explain the reasons behind this ?

While having documentation of the setup is essential, I don't think
making that documentation available outside the group of administrators
is a good thing to do.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Martin v. Löwis]

> If you look through the archives, it's very easy to find out about
> the infrastructure setup being used to run python.org. Take e.g.
> this thread as example:
> 
> http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results

This information is also published in the Wiki, and deliberately so.

There is nothing secret about the setup of python.org, except for the
actual passwords.

Regards,
Martin
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[anatoly techtonik]

On Sun, Jul 24, 2011 at 12:13 PM, Georg Brandl  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> once again python.org is either very unresponsive or dead.
>
> Do we have the resources to monitor it a little more carefully
> from now on until we found out what the cause is?  Could it be
> some kind of attack?

I setup a basic monitor on https://pydotorg.appspot.com/ that measures
latency or records failure if python.org fails to respond within 7
seconds. I planned to add some charts to it, but run out of time. If
anybody can help to do this probably using
http://imagecharteditor.appspot.com/ - I'll export data in required
format. The samples are taken every minute starting from today.

--
anatoly t.
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Michael Foord]

On 25/07/2011 13:18, M.-A. Lemburg wrote:

Michael Foord wrote:

On 25/07/2011 12:26, M.-A. Lemburg wrote:

I have a very strong
preference for keeping the archives public unless we absolutely have to.
I'd rather offending messages were scrubbed from the archive than the
list archives made private.

That's not possible, I'm afraid, since the list archives on python.org
are not only being picked up by Google, but also other sites which
then co-host them, e.g.

http://markmail.org/search/?q=pydotorg-www#query:pydotorg-www
list%3Aorg.python.pydotorg-www+page:1+state:facets
http://www.mail-archive.com/pydotorg-www@python.org/info.html
http://blog.gmane.org/gmane.comp.python.pydotorg-www


That's only if the archives are left long enough for the spiders to pick
them up. Not guaranteed to prevent information leakage but may be
sufficient in individual cases.

It seems that those sites are directly signed up to the mailing
list, so there is no lag which could be used to scrub such
messages.

Making the archives private wouldn't solve this either.


Ok.


BTW: How often do you actually search on this mailing list ?


What I often do is browse the archives, having to log in is a nuisance.
I also link to discussions on the list - making them private effectively
prevents that as people have to join the  list just to view the
archives. Occasionally when I can't find a particular discussion I use
search to find it.

Well, then what do you recommend to keep such infos off the net ?


Not posting them to a public list! Plus having policies and security
infrastructure in place that does not allow harm due to accidental
revealing of information.

This could just as easily have been posted to python-list or some other
public list, we should have policies in place to cope with this.
Whatever those policies are should apply to this list.

True. I'm just not sure how this could be done, though. The only
way appears to be moderation, but that's not really feasible without
a whole team of moderators.

I meant policies to deal with the results of actual information leakage 
(plus "social policies" to prevent it happening) - not moderating every 
message to every public list we run!


Michael

--
http://www.voidspace.org.uk/

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

Michael Foord wrote:
> On 25/07/2011 12:26, M.-A. Lemburg wrote:
>>> I have a very strong
>>> preference for keeping the archives public unless we absolutely have to.
>>> I'd rather offending messages were scrubbed from the archive than the
>>> list archives made private.
>> That's not possible, I'm afraid, since the list archives on python.org
>> are not only being picked up by Google, but also other sites which
>> then co-host them, e.g.
>>
>> http://markmail.org/search/?q=pydotorg-www#query:pydotorg-www
>> list%3Aorg.python.pydotorg-www+page:1+state:facets
>> http://www.mail-archive.com/pydotorg-www@python.org/info.html
>> http://blog.gmane.org/gmane.comp.python.pydotorg-www
>>
> That's only if the archives are left long enough for the spiders to pick
> them up. Not guaranteed to prevent information leakage but may be
> sufficient in individual cases.

It seems that those sites are directly signed up to the mailing
list, so there is no lag which could be used to scrub such
messages.

Making the archives private wouldn't solve this either.

 BTW: How often do you actually search on this mailing list ?

>>> What I often do is browse the archives, having to log in is a nuisance.
>>> I also link to discussions on the list - making them private effectively
>>> prevents that as people have to join the  list just to view the
>>> archives. Occasionally when I can't find a particular discussion I use
>>> search to find it.
>> Well, then what do you recommend to keep such infos off the net ?
>>
> Not posting them to a public list! Plus having policies and security
> infrastructure in place that does not allow harm due to accidental
> revealing of information.
> 
> This could just as easily have been posted to python-list or some other
> public list, we should have policies in place to cope with this.
> Whatever those policies are should apply to this list.

True. I'm just not sure how this could be done, though. The only
way appears to be moderation, but that's not really feasible without
a whole team of moderators.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Michael Foord]

On 25/07/2011 12:26, M.-A. Lemburg wrote:

Michael Foord wrote:

On 25/07/2011 11:52, M.-A. Lemburg wrote:

Michael Foord wrote:

On 25/07/2011 10:10, M.-A. Lemburg wrote:

Hi Michael,

Michael Foord wrote:

On 25/07/2011 09:56, M.-A. Lemburg wrote:

Could one of the list admins please turn the list archive
of the pydotorg-www list into a private one ?

I don't think it's a good idea to let our setup information leak
to the Internnet via search engines.

The *point* of pydotorg-www is that it is a public list. Private
information should be sent to pydotorg not pydotorg-www.

I was only talking about the archives, not making it a private
list altogether.

Sure, but losing public archives, and the ability to use search engines
to search the archives is a big loss.

We don't make the archives of other public lists private because someone
sent an email they shouldn't have done - in fact we generally refuse to
even remove those emails from the archive.

Right, but this mailing list is special in the sense that it
discusses an important piece of the Python infrastructure.

Unlike other mailing lists where such leakage usually only has impact
on the one accidentally sending it, it can cause potential harm to
the PSF servers in case of this list.

Does the information leaked present a real risk?

If you look through the archives, it's very easy to find out about
the infrastructure setup being used to run python.org. Take e.g.
this thread as example:

http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results

Thomas' email has revealed more information in that direction.
It's not a direct risk, though.


I have a very strong
preference for keeping the archives public unless we absolutely have to.
I'd rather offending messages were scrubbed from the archive than the
list archives made private.

That's not possible, I'm afraid, since the list archives on python.org
are not only being picked up by Google, but also other sites which
then co-host them, e.g.

http://markmail.org/search/?q=pydotorg-www#query:pydotorg-www
list%3Aorg.python.pydotorg-www+page:1+state:facets
http://www.mail-archive.com/pydotorg-www@python.org/info.html
http://blog.gmane.org/gmane.comp.python.pydotorg-www

That's only if the archives are left long enough for the spiders to pick 
them up. Not guaranteed to prevent information leakage but may be 
sufficient in individual cases.




BTW: How often do you actually search on this mailing list ?


What I often do is browse the archives, having to log in is a nuisance.
I also link to discussions on the list - making them private effectively
prevents that as people have to join the  list just to view the
archives. Occasionally when I can't find a particular discussion I use
search to find it.

Well, then what do you recommend to keep such infos off the net ?

Not posting them to a public list! Plus having policies and security 
infrastructure in place that does not allow harm due to accidental 
revealing of information.


This could just as easily have been posted to python-list or some other 
public list, we should have policies in place to cope with this. 
Whatever those policies are should apply to this list.


Michael

--
http://www.voidspace.org.uk/

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Antoine Pitrou]

M.-A. Lemburg  writes:
> 
> If you look through the archives, it's very easy to find out about
> the infrastructure setup being used to run python.org. Take e.g.
> this thread as example:
> 
>
http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results

I'm not sure what is sensitive in that thread. Any determined attacker can
certainly get that information (and much more) by themselves.

All in all, I agree with Michael. It is important that people can know easily if
a problem has been reported or not, without having to subscribe or log in. It is
also important to know if problems are being acted upon, again without having to
subscribe.

Obviously, sensitive information should only be communicated privately, but that
shouldn't rule out the existence of a public channel.

Regards

Antoine.


___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Chris Withers]

On 25/07/2011 11:29, Michael Foord wrote:

On 25/07/2011 10:10, M.-A. Lemburg wrote:

Hi Michael,

Michael Foord wrote:

On 25/07/2011 09:56, M.-A. Lemburg wrote:

Could one of the list admins please turn the list archive
of the pydotorg-www list into a private one ?

I don't think it's a good idea to let our setup information leak
to the Internnet via search engines.

The *point* of pydotorg-www is that it is a public list. Private
information should be sent to pydotorg not pydotorg-www.

I was only talking about the archives, not making it a private
list altogether.

Sure, but losing public archives, and the ability to use search engines
to search the archives is a big loss.

We don't make the archives of other public lists private because someone
sent an email they shouldn't have done - in fact we generally refuse to
even remove those emails from the archive.

The detail revealed in this email isn't critical, and I don't think we
should lose public archives because of it.


+1

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

Michael Foord wrote:
> On 25/07/2011 11:52, M.-A. Lemburg wrote:
>> Michael Foord wrote:
>>> On 25/07/2011 10:10, M.-A. Lemburg wrote:
 Hi Michael,

 Michael Foord wrote:
> On 25/07/2011 09:56, M.-A. Lemburg wrote:
>> Could one of the list admins please turn the list archive
>> of the pydotorg-www list into a private one ?
>>
>> I don't think it's a good idea to let our setup information leak
>> to the Internnet via search engines.
> The *point* of pydotorg-www is that it is a public list. Private
> information should be sent to pydotorg not pydotorg-www.
 I was only talking about the archives, not making it a private
 list altogether.
>>> Sure, but losing public archives, and the ability to use search engines
>>> to search the archives is a big loss.
>>>
>>> We don't make the archives of other public lists private because someone
>>> sent an email they shouldn't have done - in fact we generally refuse to
>>> even remove those emails from the archive.
>> Right, but this mailing list is special in the sense that it
>> discusses an important piece of the Python infrastructure.
>>
>> Unlike other mailing lists where such leakage usually only has impact
>> on the one accidentally sending it, it can cause potential harm to
>> the PSF servers in case of this list.
> 
> Does the information leaked present a real risk?

If you look through the archives, it's very easy to find out about
the infrastructure setup being used to run python.org. Take e.g.
this thread as example:

http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results

Thomas' email has revealed more information in that direction.
It's not a direct risk, though.

> I have a very strong
> preference for keeping the archives public unless we absolutely have to.
> I'd rather offending messages were scrubbed from the archive than the
> list archives made private.

That's not possible, I'm afraid, since the list archives on python.org
are not only being picked up by Google, but also other sites which
then co-host them, e.g.

http://markmail.org/search/?q=pydotorg-www#query:pydotorg-www
list%3Aorg.python.pydotorg-www+page:1+state:facets
http://www.mail-archive.com/pydotorg-www@python.org/info.html
http://blog.gmane.org/gmane.comp.python.pydotorg-www

>> BTW: How often do you actually search on this mailing list ?
>>
> 
> What I often do is browse the archives, having to log in is a nuisance.
> I also link to discussions on the list - making them private effectively
> prevents that as people have to join the  list just to view the
> archives. Occasionally when I can't find a particular discussion I use
> search to find it.

Well, then what do you recommend to keep such infos off the net ?

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Michael Foord]

On 25/07/2011 11:52, M.-A. Lemburg wrote:

Michael Foord wrote:

On 25/07/2011 10:10, M.-A. Lemburg wrote:

Hi Michael,

Michael Foord wrote:

On 25/07/2011 09:56, M.-A. Lemburg wrote:

Could one of the list admins please turn the list archive
of the pydotorg-www list into a private one ?

I don't think it's a good idea to let our setup information leak
to the Internnet via search engines.

The *point* of pydotorg-www is that it is a public list. Private
information should be sent to pydotorg not pydotorg-www.

I was only talking about the archives, not making it a private
list altogether.

Sure, but losing public archives, and the ability to use search engines
to search the archives is a big loss.

We don't make the archives of other public lists private because someone
sent an email they shouldn't have done - in fact we generally refuse to
even remove those emails from the archive.

Right, but this mailing list is special in the sense that it
discusses an important piece of the Python infrastructure.

Unlike other mailing lists where such leakage usually only has impact
on the one accidentally sending it, it can cause potential harm to
the PSF servers in case of this list.


Does the information leaked present a real risk? I have a very strong 
preference for keeping the archives public unless we absolutely have to. 
I'd rather offending messages were scrubbed from the archive than the 
list archives made private.



BTW: How often do you actually search on this mailing list ?



What I often do is browse the archives, having to log in is a nuisance. 
I also link to discussions on the list - making them private effectively 
prevents that as people have to join the  list just to view the 
archives. Occasionally when I can't find a particular discussion I use 
search to find it.


All the best,

Michael Foord

--
http://www.voidspace.org.uk/

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

Michael Foord wrote:
> On 25/07/2011 10:10, M.-A. Lemburg wrote:
>> Hi Michael,
>>
>> Michael Foord wrote:
>>> On 25/07/2011 09:56, M.-A. Lemburg wrote:
 Could one of the list admins please turn the list archive
 of the pydotorg-www list into a private one ?

 I don't think it's a good idea to let our setup information leak
 to the Internnet via search engines.
>>> The *point* of pydotorg-www is that it is a public list. Private
>>> information should be sent to pydotorg not pydotorg-www.
>> I was only talking about the archives, not making it a private
>> list altogether.
> Sure, but losing public archives, and the ability to use search engines
> to search the archives is a big loss.
> 
> We don't make the archives of other public lists private because someone
> sent an email they shouldn't have done - in fact we generally refuse to
> even remove those emails from the archive.

Right, but this mailing list is special in the sense that it
discusses an important piece of the Python infrastructure.

Unlike other mailing lists where such leakage usually only has impact
on the one accidentally sending it, it can cause potential harm to
the PSF servers in case of this list.

BTW: How often do you actually search on this mailing list ?

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Michael Foord]

On 25/07/2011 10:10, M.-A. Lemburg wrote:

Hi Michael,

Michael Foord wrote:

On 25/07/2011 09:56, M.-A. Lemburg wrote:

Could one of the list admins please turn the list archive
of the pydotorg-www list into a private one ?

I don't think it's a good idea to let our setup information leak
to the Internnet via search engines.

The *point* of pydotorg-www is that it is a public list. Private
information should be sent to pydotorg not pydotorg-www.

I was only talking about the archives, not making it a private
list altogether.
Sure, but losing public archives, and the ability to use search engines 
to search the archives is a big loss.


We don't make the archives of other public lists private because someone 
sent an email they shouldn't have done - in fact we generally refuse to 
even remove those emails from the archive.


The detail revealed in this email isn't critical, and I don't think we 
should lose public archives because of it.


All the best,

Michael




Michael

Thanks.

Thomas Wouters wrote:

On Sun, Jul 24, 2011 at 11:19, Thomas Wouters   wrote:


On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou
wrote:


Georg Brandl   writes:

Do we have the resources to monitor it a little more carefully
from now on until we found out what the cause is?  Could it be
some kind of attack?

It looks like power-cycling privileges should be given to more people
(Georg for
example :-)), to avoid potentially long outages likes this.


The problem isn't really 'powercycle privileges', but 'sysadmins
looking
after the machines'  (the former should come with the latter.) I
haven't
been involved with the setup and maintenance of these machines, and I
shouldn't be the only one who can powercycle them -- everyone with
root on
the machine really should be able to, and everyone on
roto-root...@wooz.org (the non-python.org list of admins) has received
instructions at one point or another (actually,  multiple times now.)


Barry, it seems many people with root access on (at least) dinsdale
aren't
on roto-rooters. We should probably fix that, and make sure everyone is
added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
remote console/powerswitch as well (unless they have a reason not to
want
that access, I guess.)




___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www





--
http://www.voidspace.org.uk/

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Ralf Hildebrandt]

* M.-A. Lemburg :
> Ralf Hildebrandt wrote:
> > Done
> 
> Thanks.

I disabled it again. We should discuss this. Public Archives or not?
-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

Ralf Hildebrandt wrote:
> Done

Thanks.

> * M.-A. Lemburg :
>> Could one of the list admins please turn the list archive
>> of the pydotorg-www list into a private one ?
>>
>> I don't think it's a good idea to let our setup information leak
>> to the Internnet via search engines.
>>
>> Thanks.
>>
>> Thomas Wouters wrote:
>>> On Sun, Jul 24, 2011 at 11:19, Thomas Wouters  wrote:
>>>


 On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou  wrote:

> Georg Brandl  writes:
>>
>> Do we have the resources to monitor it a little more carefully
>> from now on until we found out what the cause is?  Could it be
>> some kind of attack?
>
> It looks like power-cycling privileges should be given to more people
> (Georg for
> example :-)), to avoid potentially long outages likes this.
>

 The problem isn't really 'powercycle privileges', but 'sysadmins looking
 after the machines'  (the former should come with the latter.) I haven't
 been involved with the setup and maintenance of these machines, and I
 shouldn't be the only one who can powercycle them -- everyone with root on
 the machine really should be able to, and everyone on
 roto-root...@wooz.org (the non-python.org list of admins) has received
 instructions at one point or another (actually,  multiple times now.)

>>>
>>>
>>> Barry, it seems many people with root access on (at least) dinsdale aren't
>>> on roto-rooters. We should probably fix that, and make sure everyone is
>>> added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
>>> remote console/powerswitch as well (unless they have a reason not to want
>>> that access, I guess.)
>>>
>>>
>>>
>>>
>>> ___
>>> pydotorg-www mailing list
>>> pydotorg-www@python.org
>>> http://mail.python.org/mailman/listinfo/pydotorg-www
>>
>> -- 
>> Marc-Andre Lemburg
>> eGenix.com
>>
>> Professional Python Services directly from the Source  (#1, Jul 25 2011)
> Python/Zope Consulting and Support ...http://www.egenix.com/
> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/
>> 
>>
>> ::: Try our new mxODBC.Connect Python Database Interface for free ! 
>>
>>
>>eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>>Registered at Amtsgericht Duesseldorf: HRB 46611
>>http://www.egenix.com/company/contact/
>> ___
>> pydotorg-www mailing list
>> pydotorg-www@python.org
>> http://mail.python.org/mailman/listinfo/pydotorg-www
> 

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

Hi Michael,

Michael Foord wrote:
> On 25/07/2011 09:56, M.-A. Lemburg wrote:
>> Could one of the list admins please turn the list archive
>> of the pydotorg-www list into a private one ?
>>
>> I don't think it's a good idea to let our setup information leak
>> to the Internnet via search engines.
> 
> The *point* of pydotorg-www is that it is a public list. Private
> information should be sent to pydotorg not pydotorg-www.

I was only talking about the archives, not making it a private
list altogether.

> Michael
>>
>> Thanks.
>>
>> Thomas Wouters wrote:
>>> On Sun, Jul 24, 2011 at 11:19, Thomas Wouters  wrote:
>>>

 On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou 
 wrote:

> Georg Brandl  writes:
>> Do we have the resources to monitor it a little more carefully
>> from now on until we found out what the cause is?  Could it be
>> some kind of attack?
> It looks like power-cycling privileges should be given to more people
> (Georg for
> example :-)), to avoid potentially long outages likes this.
>
 The problem isn't really 'powercycle privileges', but 'sysadmins
 looking
 after the machines'  (the former should come with the latter.) I
 haven't
 been involved with the setup and maintenance of these machines, and I
 shouldn't be the only one who can powercycle them -- everyone with
 root on
 the machine really should be able to, and everyone on
 roto-root...@wooz.org (the non-python.org list of admins) has received
 instructions at one point or another (actually,  multiple times now.)

>>>
>>> Barry, it seems many people with root access on (at least) dinsdale
>>> aren't
>>> on roto-rooters. We should probably fix that, and make sure everyone is
>>> added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
>>> remote console/powerswitch as well (unless they have a reason not to
>>> want
>>> that access, I guess.)
>>>
>>>
>>>
>>>
>>> ___
>>> pydotorg-www mailing list
>>> pydotorg-www@python.org
>>> http://mail.python.org/mailman/listinfo/pydotorg-www
> 
> 

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Michael Foord]

On 25/07/2011 09:56, M.-A. Lemburg wrote:

Could one of the list admins please turn the list archive
of the pydotorg-www list into a private one ?

I don't think it's a good idea to let our setup information leak
to the Internnet via search engines.


The *point* of pydotorg-www is that it is a public list. Private 
information should be sent to pydotorg not pydotorg-www.


Michael


Thanks.

Thomas Wouters wrote:

On Sun, Jul 24, 2011 at 11:19, Thomas Wouters  wrote:



On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou  wrote:


Georg Brandl  writes:

Do we have the resources to monitor it a little more carefully
from now on until we found out what the cause is?  Could it be
some kind of attack?

It looks like power-cycling privileges should be given to more people
(Georg for
example :-)), to avoid potentially long outages likes this.


The problem isn't really 'powercycle privileges', but 'sysadmins looking
after the machines'  (the former should come with the latter.) I haven't
been involved with the setup and maintenance of these machines, and I
shouldn't be the only one who can powercycle them -- everyone with root on
the machine really should be able to, and everyone on
roto-root...@wooz.org (the non-python.org list of admins) has received
instructions at one point or another (actually,  multiple times now.)



Barry, it seems many people with root access on (at least) dinsdale aren't
on roto-rooters. We should probably fix that, and make sure everyone is
added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
remote console/powerswitch as well (unless they have a reason not to want
that access, I guess.)




___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www



--
http://www.voidspace.org.uk/

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Ralf Hildebrandt]

Done

* M.-A. Lemburg :
> Could one of the list admins please turn the list archive
> of the pydotorg-www list into a private one ?
> 
> I don't think it's a good idea to let our setup information leak
> to the Internnet via search engines.
> 
> Thanks.
> 
> Thomas Wouters wrote:
> > On Sun, Jul 24, 2011 at 11:19, Thomas Wouters  wrote:
> > 
> >>
> >>
> >> On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou  wrote:
> >>
> >>> Georg Brandl  writes:
> 
>  Do we have the resources to monitor it a little more carefully
>  from now on until we found out what the cause is?  Could it be
>  some kind of attack?
> >>>
> >>> It looks like power-cycling privileges should be given to more people
> >>> (Georg for
> >>> example :-)), to avoid potentially long outages likes this.
> >>>
> >>
> >> The problem isn't really 'powercycle privileges', but 'sysadmins looking
> >> after the machines'  (the former should come with the latter.) I haven't
> >> been involved with the setup and maintenance of these machines, and I
> >> shouldn't be the only one who can powercycle them -- everyone with root on
> >> the machine really should be able to, and everyone on
> >> roto-root...@wooz.org (the non-python.org list of admins) has received
> >> instructions at one point or another (actually,  multiple times now.)
> >>
> > 
> > 
> > Barry, it seems many people with root access on (at least) dinsdale aren't
> > on roto-rooters. We should probably fix that, and make sure everyone is
> > added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
> > remote console/powerswitch as well (unless they have a reason not to want
> > that access, I guess.)
> > 
> > 
> > 
> > 
> > ___
> > pydotorg-www mailing list
> > pydotorg-www@python.org
> > http://mail.python.org/mailman/listinfo/pydotorg-www
> 
> -- 
> Marc-Andre Lemburg
> eGenix.com
> 
> Professional Python Services directly from the Source  (#1, Jul 25 2011)
> >>> Python/Zope Consulting and Support ...http://www.egenix.com/
> >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/
> 
> 
> ::: Try our new mxODBC.Connect Python Database Interface for free ! 
> 
> 
>eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>Registered at Amtsgericht Duesseldorf: HRB 46611
>http://www.egenix.com/company/contact/
> ___
> pydotorg-www mailing list
> pydotorg-www@python.org
> http://mail.python.org/mailman/listinfo/pydotorg-www

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[M.-A. Lemburg]

Could one of the list admins please turn the list archive
of the pydotorg-www list into a private one ?

I don't think it's a good idea to let our setup information leak
to the Internnet via search engines.

Thanks.

Thomas Wouters wrote:
> On Sun, Jul 24, 2011 at 11:19, Thomas Wouters  wrote:
> 
>>
>>
>> On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou  wrote:
>>
>>> Georg Brandl  writes:

 Do we have the resources to monitor it a little more carefully
 from now on until we found out what the cause is?  Could it be
 some kind of attack?
>>>
>>> It looks like power-cycling privileges should be given to more people
>>> (Georg for
>>> example :-)), to avoid potentially long outages likes this.
>>>
>>
>> The problem isn't really 'powercycle privileges', but 'sysadmins looking
>> after the machines'  (the former should come with the latter.) I haven't
>> been involved with the setup and maintenance of these machines, and I
>> shouldn't be the only one who can powercycle them -- everyone with root on
>> the machine really should be able to, and everyone on
>> roto-root...@wooz.org (the non-python.org list of admins) has received
>> instructions at one point or another (actually,  multiple times now.)
>>
> 
> 
> Barry, it seems many people with root access on (at least) dinsdale aren't
> on roto-rooters. We should probably fix that, and make sure everyone is
> added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
> remote console/powerswitch as well (unless they have a reason not to want
> that access, I guess.)
> 
> 
> 
> 
> ___
> pydotorg-www mailing list
> pydotorg-www@python.org
> http://mail.python.org/mailman/listinfo/pydotorg-www

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


::: Try our new mxODBC.Connect Python Database Interface for free ! 


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Antoine Pitrou]

It doesn't look like a software problem at all, perhaps xs4all could take a look
at the hardware and see if something seems problematic?

Regards

Antoine.


___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Thomas Wouters]

On Sun, Jul 24, 2011 at 11:19, Thomas Wouters  wrote:

>
>
> On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou  wrote:
>
>> Georg Brandl  writes:
>> >
>> > Do we have the resources to monitor it a little more carefully
>> > from now on until we found out what the cause is?  Could it be
>> > some kind of attack?
>>
>> It looks like power-cycling privileges should be given to more people
>> (Georg for
>> example :-)), to avoid potentially long outages likes this.
>>
>
> The problem isn't really 'powercycle privileges', but 'sysadmins looking
> after the machines'  (the former should come with the latter.) I haven't
> been involved with the setup and maintenance of these machines, and I
> shouldn't be the only one who can powercycle them -- everyone with root on
> the machine really should be able to, and everyone on
> roto-root...@wooz.org (the non-python.org list of admins) has received
> instructions at one point or another (actually,  multiple times now.)
>


Barry, it seems many people with root access on (at least) dinsdale aren't
on roto-rooters. We should probably fix that, and make sure everyone is
added to ~psf/.ssh/authorized_keys on xs4all.nl so they can access the
remote console/powerswitch as well (unless they have a reason not to want
that access, I guess.)

-- 
Thomas Wouters 

Hi! I'm a .signature virus! copy me into your .signature file to help me
spread!
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Thomas Wouters]

On Sun, Jul 24, 2011 at 06:37, Antoine Pitrou  wrote:

> Georg Brandl  writes:
> >
> > Do we have the resources to monitor it a little more carefully
> > from now on until we found out what the cause is?  Could it be
> > some kind of attack?
>
> It looks like power-cycling privileges should be given to more people
> (Georg for
> example :-)), to avoid potentially long outages likes this.
>

The problem isn't really 'powercycle privileges', but 'sysadmins looking
after the machines'  (the former should come with the latter.) I haven't
been involved with the setup and maintenance of these machines, and I
shouldn't be the only one who can powercycle them -- everyone with root on
the machine really should be able to, and everyone on roto-root...@wooz.org(the
non-python.org list of admins) has received instructions at one point or
another (actually,  multiple times now.)

-- 
Thomas Wouters 

Hi! I'm a .signature virus! copy me into your .signature file to help me
spread!
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

Re: [pydotorg-www] Repeated outages of python.org

[Antoine Pitrou]

Georg Brandl  writes:
> 
> Do we have the resources to monitor it a little more carefully
> from now on until we found out what the cause is?  Could it be
> some kind of attack?

It looks like power-cycling privileges should be given to more people (Georg for
example :-)), to avoid potentially long outages likes this.

Regards

Antoine.


___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www

[pydotorg-www] Repeated outages of python.org

[Georg Brandl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

once again python.org is either very unresponsive or dead.

Do we have the resources to monitor it a little more carefully
from now on until we found out what the cause is?  Could it be
some kind of attack?

Georg
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk4r4iAACgkQN9GcIYhpnLCYBgCgrDcF0SVwExHuKniUGziiKuYk
ELAAn1h8IYpgFf/Ug5Ipj96cm9hh9eco
=4n10
-END PGP SIGNATURE-
___
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www