Re: [swinog] nic.ch no NS
Salut, On Wed, May 07, 2014 at 07:54:07PM +0200, g...@switch.ch wrote: I'm not going to comment this, but maybe the following anecdote will make you feel better. I originally wanted to use ns.ch for the ch name servers. This was turned down internally because it would violate our two-letter second level domain rule, which, I'm sure you know, makes these domains unavailable for registration with the exception of the Kantonskürzel, which are assigned to the proper authorities. So the domain ns.ch is kept available in case the cantons of northern switzerland ever fusion into one big one. Very clever, reveals a lot of foresight! Tonnerre signature.asc Description: Digital signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] BÜPF...again ; )
Salut, Viktor, On Sat, 21 Aug 2010 08:24:52 +0200, Viktor Steinmann wrote: - Facebook bashing is hip among the IT community. However on Facebook you only share what you want to share and you can even lie about all of your personal details, even create a fake personality. If you have privacy concerns, don't put it on the Internet - be it Facebook or any other site. In any case it's in no way comparable with someone spying on your private computer, where you keep your real private data, not the crap you put on Facebook. That's a nice theory you have, and I totally agree when it comes to Facebook. (Not because of my employer though, just my personal opinion.) However, there are very legitimate reasons why people in our world may want anonymity, and this level of anonymity can only be reached on the Internet, as you cannot hide your body or your voice patterns in the real world. And some people have lived through some awful things in their lives and are in dire need for such anonymity. You may of course claim that these people have lived before the Internet — yes, they have, and they had it much worse. I'm glad that the Internet is helping to prevent people from committing suicide or hurting and crippling themselves every day. It helps people find other people to listen to them and to confirm to them that they are valuable and that they're right when they think they're treated unacceptably. And it does all of this. Destroying this anonymity by introducing more and more surveillance measures at large, monitoring any kind of traffic and forcing people to give away their identity with every Internet conversation is NOT helping, it is killing this amazing thing we have for, as we all know, no good reason. Anonymity is a protecting blanket. Just saying. Regards, Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ProLiant Debian
Salut, On Mon, 15 Feb 2010 04:33:03 -0800 (PST), Stanislav Sinyagin ssinya...@yahoo.com wrote: with sunoracle servers, you end up with disk bays that are difficult to buy if you need to increase the disk capacity. And the original Sun disks cost a fortune. That is so not true! Even if you buy a Sun Fire with 0 hard disks you still get all drive bays along with the server so you can mount your own disks in a minute. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Greylisting
Salut, Stanislav, On Mon, 19 Oct 2009 12:30:09 -0700 (PDT), Stanislav Sinyagin wrote: Martin implemented this hack in a FreeBSD kernel module. Of course this gives more room for performance, but then it binds the solution to a specific OS and kernel release. I personally feel there's something wrong if the kernel has to deal with an application-level protocol. On the other side, you usually install a dedicated server just for incoming mail processing. It's fairly easy to implement in Postfix: smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit_mynetworks, check_helo_access hash:/usr/pkg/etc/postfix/checks/helo_checks, sleep 30, reject_unauth_pipelining, permit There you go. -- Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] EJPD = Access Denied??
Salut, On Wed, Aug 05, 2009 at 08:16:12PM +0200, Marc Balmer wrote: maybe they are blocking their site because the content is inappropriate? that would indeed be a smart move. Or confidential. Tonnerre pgpxL7beIpQDD.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] BE
Salut, On Fri, Jul 31, 2009 at 06:07:40PM +0200, steven.glog...@swisscom.com wrote: aah.. you were the guy reloading all the time ,-) number 3 on list ,-)) Thanks for registration! See you on 6th of July 2009 - starting around 18.30 o'clock. Hum, how am I ever going to make it? Tonnerre pgpKw0BUja0uj.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Vorratsdatenspeicherung
Salut, On Mon, Jul 13, 2009 at 07:53:12AM +0200, Xaver Aerni wrote: Und wenn es wirklich nur um das geht das der Bund die Möglichkeit hat mitzuhören. Tja dann ist die einfachste Lösung. Der Bund kauft sich 5 Boxen (kleinste Version) und hängt die entsprechenden Dslams in der Telefonzentrale an. Da muss der ISP ja nicht mal was mitbekommen... Wäre für alle Beteiligten die billigste und auch sicherste Lösung. Diese Möglichkeiten hat der Bund doch schon seit den frühen Nullern. Es gibt sogar einen ETSI-Standard dazu. Allerdings kann man darüber natürlich nur die aktuell fliessenden Daten abfangen, und der Bund scheut sich wie die anderen Regierungen vor Kosten. Daher ist das Equipment was da an der ETSI-Schnittstelle hängt meist so dimensioniert dass man nur einen geringen Prozentsatz der Bevölkerung gleichzeitig abhören könnte - ist billig und erlaubt Stichproben. Für das was hier gewünscht ist - Datamining bis zu 6 Monate zurück - will der Bund aber nicht die Kosten tragen. Die Abhörmaschinerie an den ETSI-Schnittstellen müsste aufgerüstet werden so dass die ganze Zeit aufgezeichnet wird, und Unmengen von Platten müssten zur Ablage gekauft werden. Die Auswertung des ganzen gewarehousten Datenguts ist dann noch ein weiteres Problem. Das will der Staat gerne abschieben, daher erlegt er den ISPs diese Bürde auf. Die ISPs müssen im Ernstfall jederzeit innert kürzester Zeit diese Daten liefern können. Wo sie die speichern und wie sie die da schnell wieder raus bekommen, kümmert den Staat nicht - es ist mal wieder nicht sein Geld. Janu. Wiegesagt, dieses Thema war Ende 2007 heiss, ich frage mich warum man mit einer solchen Verzögerung jetzt drauf springt. Wenn jemand eine tolle Idee hat, wie man das gut angefochten bekommt, wäre das toll, aber mittlerweile sind soweit ich weiss die Einspruchsfristen auch vorbei und die Einsprüche von damals fanden nicht genug Anklang. IMO muss der Staat einfach einsehen dass die BÜPF nicht mehr zeitgemäss ist (ob sie das je war ist eine andere Frage). Tonnerre pgppGnz7R3YLN.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Vorratsdatenspeicherung
Salut, On Mon, Jul 13, 2009 at 09:40:57AM +0200, Andre Oppermann wrote: Einen Mirror-Port oder gar Remote-SPAN kann bereits jetzt jeder entsprechend kompetente Techniker aufsetzen. Da ändert sich nicht viel. Bei der Überwachung darf man aber keine ganzen Ports auf einem LNS weiterleiten, sondern nur den Traffic eines einzelnen, ganz klar bestimmten, Kunden, bzw. Anschlusses oder Login. In einem automatisieren Prozess wird wohl kaum ein beliebiger Mitarbeiter die Daten auf seinen Arbeitsplatz weiterleiten können, um dort mal mit Wireshark zu schauen was so läuft. Hier geht es aber nicht um real time monitoring sondern um data retention. Tonnerre pgpz8rNMnePi9.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Vorratsdatenspeicherung
Salut, On Mon, Jul 13, 2009 at 04:47:08PM +0200, Andreas Fink wrote: Also auf meinem Büchlein steht Einladung zur Vernehmlassung und nicht Gesetz, Vorschrift oder ähnliches. Also sowas wie wir wollen folgendes ins Gesetz schreiben. Was haltet ihr davon. Eine Vernehmlassung kann aber meiner Meinung nach nur öffentlich sein und nicht vertraulich. Ich bin daher der Auffassung dass wenn ich was UNAUFGEFORDERT zugeschickt kriege und ich das noch kommentieren darf, dann darf ich das auch veröffentlichen. Oder hab ich mit dem EJPD ein NDA unterzeichent und weiss nix mehr davon? Reden wir hier alle von demselben Büchlein…? Tonnerre pgpsBz20qNUGj.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Vorratsdatenspeicherung
Salut, Silvan, On Sun, Jul 12, 2009 at 10:14:09PM +0200, Silvan Gebhardt wrote: hmm, das wäre schon was für den neuen piratenparteivize *gg* - dass das der bund übernehmen muss Bringt aber recht wenig, du kannst ja nicht damit rechnen dass bei dir ermittelt wird. Tonnerre pgplIQaTT99ub.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Vorratsdatenspeicherung
Salut, On Sun, Jul 12, 2009 at 10:14:09PM +0200, Silvan Gebhardt wrote: hmm, das wäre schon was für den neuen piratenparteivize *gg* - dass das der bund übernehmen muss Ergänzung zu vorher: (Andernfalls wäre plötzlich kriminelle Klientel ein Prestigekunde.) Tonnerre pgpmwdXNNYymp.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Vorratsdatenspeicherung
Salut, On Sun, Jul 12, 2009 at 10:55:03PM +0200, Marc Balmer wrote: Ich werde in jedem Fall dafür sorgen, dass sämtliche ADSL Leitungen unter meiner Kontrolle zu nahezu 100% ausgelastet sein werden, permanent, damit sich die Harddisk der Hilfssheriffs auch gut füllen. Wenn das dass Benutzer täten, dann wäre die Vorratsdatenspeicherung schnell erledigt. Nein, die ISPs wären damit schnell erledigt. Du füllst damit ja nicht die Festplatten des Staates sondern die der ISPs. Vermutlich überleben das dann nur die 2-3 grössten. Der Brainfuck bei der ganzen Sache ist ja dass die ISPs gezwungen werden diese Terabytes an Daten vorzuhalten und nicht der Staat. Tonnerre pgp9aOWOXPEJu.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] AS3303 down?
Salut, On Mon, Jun 15, 2009 at 06:57:26PM +0200, IndianZ wrote: Is it possible that this incident is related to the freshly released phrack article Exploiting TCP and the Persist Timer Infiniteness? http://phrack.org/issues.html?issue=66id=9#article I assert that it's definitely possibly possible, though unlikely. Tonnerre pgp6pu2w6i9Fn.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Censurship in Germany Take 2
Salut, Peter, On Mon, 20 Apr 2009 22:49:29 +0200, Peter Guhl Listenempfänger wrote: Of course the police will be swamped with useless data. Of course crawlers will cause most of the traffic; lots of them beeing spam harvesters hard to track. If I'm really mean I put an iframe on my website which includes some child pr0n site. This way I can mass produce terror suspects. -- Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Contact address to send responses to the cybercrime convention to
Salut, During the meeting the issue was raised that people don't know where to send responses to the consultation about the cybercrime convention legislation to. The contact address: Eidgenössisches Justiz- und Polizeidepartement Informationsdienst Bundeshaus West CH-3003 Bern Don't forget to put a note in the subject telling what you're talking about. The information about this process can be found on the web site of the EJPD: German: http://www.bj.admin.ch/bj/de/home/dokumentation/medieninformationen/2009/ref_2009-03-13.html French: http://www.bj.admin.ch/bj/fr/home/dokumentation/medieninformationen/2009/ref_2009-03-13.html For questions: Andrea Candrian, Office fédéral de la justice, T +41 31 322 97 92 More information from the Chaos Computer Club, including the most important points of controversion: https://wiki.chaostreff.ch/Hackerparagraph Tonnerre pgpUEQjdJLisY.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
Salut, On Tue, Mar 24, 2009 at 05:01:08PM +0100, Ihsan Dogan wrote: Instead of educating politicians it would make more sense, if the IT people would be more involved in politics. The IT industry is doing more for the GDI (BIP) than the farmers, but unfortunately we are not organized. That's maybe a good long term vision but I don't see that happen at this precise moment. I'm doing my best. :-) Switzerland allows us to have a direct influence in politics. We should use this right! Sure, but in terms of fine-grained control over the process it does not really grant the people more rights than they have in any other country. Nevertheless, those rights suffice to make our mark, using either strategy. But you must admit that your suggestions are rather long-term while mine are mid-term. I'm sure he understood the issue. Actually, it's not hard at all to understand this issue. The problem is, that most of the people are not aware about the problems. Sure. Tonnerre pgpJ1FQkrvcGP.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
Salut, On Mon, Mar 23, 2009 at 11:46:12AM +0100, Ihsan Dogan wrote: Instead of educating politicians it would make more sense, if the IT people would be more involved in politics. The IT industry is doing more for the GDI (BIP) than the farmers, but unfortunately we are not organized. That's maybe a good long term vision but I don't see that happen at this precise moment. Either way, the number one priority is still to submit a response to the proposal, then the lobbying can be #2 on the agenda. Friday evening I was at an Apéro and I had personal contact with the FDP Nationalrat Markus Hutter. I've spoke with him and he promised me to bring up this topic at the Rechtskomission. Very good! Just please ensure beforehand that he understood the issue. ;-) Tonnerre pgpfxrlMO40Yt.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
Salut, On Fri, Mar 20, 2009 at 11:18:08PM +0100, Patrick Tybo wrote: About the blacklist: tcpdumd/snoop and wireshark: no way, maybe metasploit on a gray line, mostly 0day stuff floating from irc to email to email etc are a real problem. Can you give me a legal guarantee that tcpdump will in no case be considered as a hacker tool? No, you can't. It always depends on mood and understanding of the judge in question, and potentially other factors. Tonnerre pgplT3ZPnN5uI.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hackerparagraph (fwd)
Salut, Christa, On Wed, Mar 18, 2009 at 04:22:13PM +0100, Christa Pfister wrote: If SWINOG agrees (do you have any decision procedures?), I would submit a draft by 15 May 2009. The Vernehmlassung ends 30 June, so that would leave us enough time for discussion. Thanks a lot for the offer. I'd be very glad to see something like that. At https://wiki.chaostreff.ch/Hackerparagraph we have so far collected a bit of stuff we found important, if you can use it and if it saves you some time. Other than that, I'd like to join the club of people who owe you a drink of your choice. Tonnerre pgp9ZwAfEXH1r.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: Re: Hackerparagraph
Salut, Ihsan, On Thu, 19 Mar 2009 10:54:28 +0100, Ihsan Dogan wrote: For that it would make sense, if we would get in contact with the political parties. At the moment, it seems that none of the parties in the parliament have an opinion on this issue. That is of course also very important. Firstly, politicians need to be educated on these issues; secondly, I would also dislike it if someone just calls me when he needs me to vote for something he wants and then leaves me alone again, without building up any relationship or explaining his thoughts. Feels a bit like abuse, eh? Either way, the number one priority is still to submit a response to the proposal, then the lobbying can be #2 on the agenda. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: AW: Hackerparagraph
Salut, Andreas, On Tue, 17 Mar 2009 12:18:28 +0100, Andreas Fink wrote: Now what does that mean? It is basically what the germans have done under the Hackerparagraph. It disallows software which could potentially be used for hacking to be distributed. The result of this was for example that in germany the WiFi tools to verify your WiFi security dissapeared. Why? because someone COULD use it for hacking. A similar problem might arise with tools like tcpdump and snoop (for Solaris), which are great for debugging various issues in TCP connections (MTU problems, stalled connections due to window size issues, firewall rule debugging, etc. pp.) but could of course reveal a plaintext password or two in the process. What I want to say with this is that it affects us all in some way or other, not just the developers and wifi fans. Another example is: if you want to be eligible for certain infrastructural offerings (in public key infrastructures, for example, as a certificate reseller) or government contracts, it might be required in some case to get ISO certification for security. This process has to be conducted by an ISO certified IT security company. However, how do they do it if all of their tools are forbidden due to the new law? You'll have to find a company in a country where hacker tools are allowed, and fly them in just to perform a simple penetration test. And even if you're just a relaxed person in terms of security and run Nessus or Metasploit against your machines every couple of monthes - those are hacker tools. You effectively have no way but to hope that you fixed all flaws in your system, and instead of proactivity, you have to let the bots break down your server first, then rescue the user data, reinstall and try again. This is painful and cost intensive. I think we should respond to this proposal to keep above paragraph out of the law. Otherwise we wouldn't even be able to help the police if they are investigating because the tools to do this are also used by hackers sometimes. I absolutely agree with this and would like to ask everybody here to submit his impression of the law to the EJPD as they demand. It is important for them to understand that there is a majority of the people they're trying to help with in this case who do not agree, and who already have developed much better processes. They must learn that this is not how IT security works. So please take 30 minutes or an hour and make a submission. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPV6 Go (lazy providers)
Salut, Stanislav, On Mon, 2 Mar 2009 14:14:31 -0800 (PST), Stanislav Sinyagin wrote: What you can fit into 2MB flash is Linux kernel 2.4.x, plus some very limited number of libraries, daemons and utilities. Also, even the newest 2.6.x kernel is permanently popping up with ipv6 improvements and bugfixes. It is physically impossible to run a 2.6.x Linux system from 2MB flash. You can, however, run it from 4MB, and there's even some room for ipv6. The dd-wrt software for Linksys routers seems to support it, but I didn't test it. A slimmed down NetBSD kernel can fit into 2MB including IPv6 support. (You have to put some work into it though.) unfortunately, NetBSD is way behind Linux in regards to new hardware support, especially for those consumer-grade devices. Most of the new reference boards come with quite poorly designed Linux BSP, and I haven't heard of any BSD support from the embedded hardware vendors. Besides, as I told already, this linux/bsd hacking is for geek enthusiasts. Consumer electronics vendors will just push new hardware to the market. You only claimed before that common IPv6 implementations are hard to fit onto a small amount of flash memory, which is not true. Also, I do see many consumer-grade devices capable of running NetBSD without any modification besides installation, but that's really off-topic. I looked into the ipv6 linux kernel sources, and found quite a lot of hton/ntoh conversions. Also, for example, subnet mask matching is way more complex in foreign endianness :) I fixed part of a BGP toolchain today and didn't need to do any extensive byte order conversions on my little-endian netbook, merely because I was aware of what operations I (can) perform in network byte order and which I can't. ipv6 has many more bytes to swap in the packet header, that's the only reason :) Only 64 of them are ever needed. Woah there, what a coincidence that most modern CPUs come with 64-bit registers (and those will eventually end up in the embedded market was well in a couple of years. Well, not the current CPUs, don't take me by the word, I dare you. :-P). Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPV6 Go (lazy providers)
Salut, Stanislav, On Wed, 25 Feb 2009 15:43:29 -0800 (PST), Stanislav Sinyagin wrote: so, what? I'm not telling that ipv6 is impossible, I'm just telling that there's no standard as such. And none of the big telcos would afford building a custom solution: everyone waits for standards to be published. No, the standards are there. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPV6 Go (lazy providers)
Hey, Fredy, On Thu, 26 Feb 2009 10:25:38 +0100, Fredy Kuenzler wrote: If you don't get extra v4 space in 1000 days, don't even consider to complain. You have been warned. Since RIPE is planning to reclaim unassigned allocations, I expect a potential heart infarct of old IPv4 routers (Cogent? UPC?) maybe even before that point in time... 277302 IPv4 network entries using 8.5M of memory 1957989 prefix entries using 59.8M of memory 313918 BGP path attribute entries using 23.9M of memory RIB using 94.3M of memory Let's see what is going to happen. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPV6 Go (lazy providers)
Salut, Stanislav, On Tue, 24 Feb 2009 14:17:07 -0800 (PST), Stanislav Sinyagin wrote: in DSL market, it's even worse: the Broadband Forum has not released yet any ipv6 related document... Well, almost every modem supports the bridge mode, where IP6CP can be applied without any problems. The (in)famous Cisco 877(?) also supports it according to Tron. And then there was this bug in a development version of the BSD PPPoE stack where the LCP would be torn down if no IP6CP could be established (even if the IPCP connection was up). ;-) Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SWITCH Sourceforge mirror available again
Salut, Mario, On Mon, 23 Feb 2009 11:17:55 +0100, Mario Iseli wrote: sorry - that's not entirely true! Sometimes you have a dependency on the Layer2-Protocol to support new Layer3-Protocols. It's now always as nice as Ethernet where you just change the Ethertype. For example take DOCSIS, you can use native IPv6 only with the 3.0 standard of DOCSIS, which most cable operators in .ch don't use yet So you were too lazy to upgrade to DOCSIS 3.0 ;-) Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Something to hide: yes!
Salut, Per Jessen wrote: But when you're taking part in a relatively public and open debate or forum, why would you find it necessary/appropriate to conceal your identity? For example for disclosing secrets without being punished, aka whistleblowing. Tonnerre signature.asc Description: OpenPGP digital signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] WG: login banner
Salut, Christa, On Thu, 29 Jan 2009 15:13:20 +0100, Christa Pfister wrote: There can be legal requirements in different contexts, such as adult content, data protection issues, copyright protected content etc. I often draft disclaimers and legal wording for websites, so contact me offlist for any specific questions. You needn't even become my client to discuss a few basis issues... Christa Hold on, adult content via SSH? What exactly do you have in mind? Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] WG: login banner
Salut, Michael, On Fri, 30 Jan 2009 13:32:25 +0100, Michael Naef wrote: http://aeolus.ch/home/blog.php#Idioten%20Signaturen What's the problem with these disclaimers in signatures? Tonnerre DISCLAIMER: IF YOU RECEIVE THIS EMAIL IN ERROR, YOU ARE HEREBY LEGALLY OBLIGED TO PHYSICALLY DESTROY ALL MEDIA WHICH EVER CONTAINED THE MAIL (HARD DISKS, MEMORY, ETC. OF BOTH THE WORKSTATION AND THE MAIL SERVERS), ALONG WITH ALL MATERIAL USED TO TRANSFER, LIQUIDATE ANY COWORKERS WHICH MIGHT HAVE HAD A GLANCE OF THE EMAIL (ESPECIALLY THE SYSTEM ADMINISTRATORS), AND RASP YOUR HEAD OFF WITH A VERY FINE GRATER. signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] About (not) Swisscom UMTS
Salut, Nico, On Fri, 7 Nov 2008 11:51:14 +0100, Nico -telmich- Schottelius wrote: Just as a normal 08/15 I experienced that booking a ticket on sbb.ch can be almost impossible, as sbb.ch either has a session handling problem or swisscom has a nat handling problem (maybe a bit of both). Interestingly, I also often experience the your session is invalid/timed out message from sbb, when just accessing the timetable function. I can absolutely not confirm this I'm afraid... Everything seems to be working fine. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SwiNOG Mailing List Policy Change
Salut, Tobias, On Thu, 23 Oct 2008 09:24:38 +0200, Tobias König wrote: Anyway the settings have been changed so that this reply-to field should be my address. Thanks a whole lot! Oh, what do I say, ten whole lots! Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Marco, On Mon, 20 Oct 2008 14:15:41 +0200, Marco Fretz wrote: What I'm trying to say is: As a mail service provider (recipient side) you can use greylisting and if there are some buggy mailers out there in the internet (or in your local network) it's not a greylisting problem and it's not your problem. they have to fix there mailer problems (sender side). it's not the ISP who has to adapt mail services to buggy customer stuff ^^ Or maybe you just didn't listen... Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Martin, On Fri, 17 Oct 2008 10:18:31 +0200, Martin Ebnoether wrote: What do you do, when customers are quitting their contracts because they think they receive too much spam? Which of the two groups will it be for you? You're falsely implying that greylisting is the only way to fight SPAM. In fact, I don't receive much SPAM at all due to my strategies, none of which prevent the newsletters people subscribe to. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Per, On Fri, 17 Oct 2008 12:47:48 +0200, Per Jessen wrote: Another option is to disable greylisting just for that one mailserver. This implies that either you know all servers hosting broken scripts (NP-complete I think) or your customers will always communicate problems. Usually they encounter them and rant about it on their Stammtisch and then change provider to someone with one hell of a lot of SPAM. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Marco, On Fri, 17 Oct 2008 15:21:59 +0200, Marco Fretz wrote: Of course I know what you mean. That's the thing every webhoster have to fight with. Last year I was on the Secure Linux Admin Conference in Berlin. There was a workshop how to protect shared hosting webservers... I am talking about the recipient side. I don't think it's a safe assumption that all scripts _your_ _mail_ _users_ will receive mail from are under your control. If I remember correctly the 2nd or 3th step was: prevent the users from using SMTP (or any other port) to the internet and only allow the destination you choose, your mailrelay servers, http proxy, etc. That is great, but not everyone does that. In fact the number of providers which do that is fairly low. I would do so myself, also for the reason that this prevents people owning a web service to spam around in a volatile manner, but that's not the point at all. crap customer scripts don't look like a reasonable argument against greylisting to me. though some webhosting customers might send mails with their mailer script to recipients which are not on your mail server and this other mail server maybe is also protected with greylisting, ergo same problem ergo problem not solved... For the receiving server, it is. do you see what I mean, now? :) or maybe I didn't fully understand the issue you had. No, you don't. but agreed it's always hard to decide if you want secure systems or happy users. That would be true if there was no way around greylisting, but there is. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Michael, On Fri, 17 Oct 2008 15:40:18 +0200, Michael Naef wrote: And that is something a customer with his little online shop will show open ears to you explaining him why to change his mailer script. That's illusionary. Most of the time they don't care about the one or two customers you at $technically_intelligible_isp have. They care about gmail and hatemail because they are the large ones. Your two customers just don't cover the cost of changing the running system. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Stanislav, On Fri, 17 Oct 2008 08:42:49 -0700 (PDT), Stanislav Sinyagin wrote: actually greylisting works pretty well, and the whitelist of exceptions is relatively small (not more than 300 entries as far as I remember). Also if you communicate the value of it to the customers, they tend to agree that having 90% of spam filtered before entering the system is worth waiting for half an hour for email from a new source. They don't care as long as they receive all mails they want to. It's also a matter of resources: if you don't want or cannot enable greylisting, you have to invest more resources into a more sophisticated mail filtering software. Even if it's available for free, still developing and maintaining your solution might become too expensive. I've found a different method to be at least equally time-saving: rejecting SPAM rather than accepting and deleting it. The basic dialog looks about like this: Out: 220 planck.ngas.ch ESMTP Postfix (2.5.1) In: HELO gurgel.org Out: 250 planck.ngas.ch In: MAIL FROM: [EMAIL PROTECTED] Out: 250 2.1.0 Ok In: RCPT TO: [EMAIL PROTECTED] Out: 250 2.1.0 Ok In: DATA Out: 354 End data with CRLF.CRLF In: [...] In: . Out: 550 Keep your SPAM to yourself. The scheme doesn't look as great as it works. The end result is that the spammer learns that the address is not reachable (because permanent errors are usually received for non-existent addresses) and won't retry as frequently as for others. This keeps the level of incoming SPAM really low. In addition, it has the great advantage that if a sender really happens to fall into the false positive trap, he will discover it immediately by receiving a mail from his own mail server saying that the mail could not be delivered, rather than to notice after days that the other end has deleted or never read the mail. Greetings from inside the Grenchenbergtunnel, Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Daniele, On Thu, 16 Oct 2008 00:05:38 +0200, Daniele Guazzoni wrote: You'd rather blame the lazy programmers who don't cares about RFCs and other standards ! I think that blame is for people who don't care about solutions. I care for my users and their ability to receive the mail they want, as long as it is reasonable. While I do think that these scripts are broken and terribly wrong, I have no power over their programmers and cannot make them change the scripts. I, however, also don't have the authority to tell my users not to want to receive that newsletter. So you see, what I am saying is that greylisting prevents users from receiving these mails, not that these mails are good or correctly sent. But being a solution oriented provider, this is a clear reason why I cannot use greylisting. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Salut, Marco, On Thu, 16 Oct 2008 15:22:39 +0200, Marco wrote: fully agreed. thats a bad argument against greylisting. if php scripts or other webserver stuff, like newsletter servers, etc.. use their own MTA which is most likely a fancy carp script, as you said, then its actually not the ISPs problem if a mail won't get delivered. Technically, this is perfectly right, and personally I would like to see everyone writing such scripts burn in hell. But if your users insist on receiving the mail, you will either have to disable greylisting or to get a better set of customers. This is basically the collision between lazy technicians coming up with excuses why they're not responsible and stupid users who cannot do things right. I'm afraid that the purely technical point of view is not worth a dime if your users look for alternative providers. Do you see what I mean? Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hot Red Flames (Was: IRC Server dead ?)
Salut, Per, On Tue, 07 Oct 2008 07:38:56 +0200, Per Jessen wrote: The idea of open source is not so much that you get to check it yourself, but much more that it is open for hundreds of thousands of other people to check. If for instance the quality/security of a piece of code is proportional to the number of times it's been reviewed, then yes, open source is quite possibly more secure. You should read the more recent publications on the subject. The idea that this actually happens is a pure illusion. I think that the advantage of Open Source does indeed lie in the fact that you have the ability to fix things yourself, and that, whatever you start, you have a large pool of preexistent code you can build on. And the ability to learn from it etc. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hot Red Flames (Was: IRC Server dead ?)
Salut, Marco, On Tue, 07 Oct 2008 08:47:41 +0200, Marco Fretz wrote: I usually don't have a look at the code at all. But point is, it's code, tested and build by a community not a closed company with their own, secret business goals...! I don't want be a victim of global marketing data collection and stuff like that... Maybe you noticed already, maybe not, but in reality, Open Source communities tend to care a lot about marketing. This is why they try to disguise security patches as performance enhancement - oh wait, that was Apple. But indeed such things happen, in large amounts, even in the Open Source world. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] open source illusions (was: Hot Red Flames (Was: IRC Server dead ?))
Salut, Per, On Tue, 07 Oct 2008 14:01:24 +0200, Per Jessen wrote: fixing something yourself is also pretty much an illusion, except for those few people who are sufficiently involved. When have you last _had_ to fix anything yourself in a stable release of any open source project? Being a member of the security scene, I write patches for Open Source software almost every day. And what about you? Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] open source illusions
Salut, king of the huns, On Tue, 7 Oct 2008 16:40:13 +0200, Attila Kinali wrote: Anyone who has ever written more than a few lines of C code knows that gcc is crap... unfortunately, it's the best compiler out there. The comercial compilers usualy segfault at every second file of my favorite compiler testbench, commonly known as FFmpeg. Well, at least Intel did a good job of fixing most of their bugs, but it took them years. How long it will take sun to fix their compiler, which is even worse is anyones guess. WFM with SUNWcc on sol10u5. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hot Red Flames (Was: IRC Server dead ?)
Hey, Ihsan, On Tue, 07 Oct 2008 22:53:28 +0200, Ihsan Dogan wrote: One of the big reasons why people are buying commercial software products is, that they can get support and SLA. Most of the open source projects cannot provide that. Not by themselves, but you can get that support through other means, either from a distributor like Red Hat or Univention or from a solutions provider like us. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IRC Server dead ?
Salut, Roman, On Mon, 06 Oct 2008 16:15:47 +0200, Roman Hochuli wrote: It's simple, it's vintage, it's reliable and clients are available for pretty much every known device. Or in other words: it's plain geeky. Reason enough? ;) Nah. IRC is ubiquitous, that's it. If you want something geeky, there's ICB or SILC. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] List policy discussion (was: Check out my Facebook profile)
Hey Stony, On Wed, 24 Sep 2008 08:33:28 +0200, Viktor Steinmann wrote: In the last months we've seen more and more end-user questions, vacation-bounces, off-topic and spam-like mails on the list. It turned out that my Bayesian SPAM filter, which I initially trained to filter out n3td3v postings on full-disclosure, also killed this case. I'd suggest you try this technology, it does a lot more than people expect it to. Any suggestions how to keep the noise level low in the future? Don't send HTML mails. ;-) Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Anyone from Green here?
Salut, Stanislav, On Thu, 11 Sep 2008 03:54:47 -0700 (PDT), Stanislav Sinyagin wrote: Anyway, who's going to send email directly from a broadband connection, instead of using the ISP's relay? :-) The case of an ISP's mail server accepting mail originating from a non-ISP address (e.g. not @tiscali.ch for tiscali, just as an example) to a non-local address is not very common as far as I can tell. That may well be a reason why one might have to do it. Alternatively, one can of course get some fully managed solution but that's not what you might want if you do special magic or don't trust anyone or have whatever other legitimate reason. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] This is what Linus Torvalds calls OpenBSD crowd ...
Salut, Marco, On Mon, 21 Jul 2008 16:16:31 +0200, Marco Fretz wrote: I think it's not worth the discussion in the openbsd list aswell. BSD (OpenBSD) and Linux are way different, different strategies and goals... But its just amusing to read. The discussion took place on misc@, which is also known as [EMAIL PROTECTED] I would suggest not to take it overly seriously, and I strongly discourage you to take misc@ as the opinion (or waste of time) of the OpenBSD team. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] ORSN putt?
Salut, Starting from this morning at 05:20, all name resolutions over the ORSN appear to fail. dnstracer output: Tracing to (whatever) via 127.0.0.1, timeout 15 seconds 127.0.0.1 (127.0.0.1) |\___ E.ORSN-SERVERS.NET [.] (213.161.0.90) * * * |\___ J.ORSN-SERVERS.NET [.] (193.93.167.222) |\___ H.ORSN-SERVERS.NET [.] (213.144.148.130) |\___ B.ORSN-SERVERS.NET [.] (2a02:0060::0001::::0002) |\___ B.ORSN-SERVERS.NET [.] (193.238.157.110) |\___ K.ORSN-SERVERS.NET [.] (2001:4b88:9000:::::) |\___ K.ORSN-SERVERS.NET [.] (217.173.157.225) |\___ F.ORSN-SERVERS.NET [.] (91.143.115.242) |\___ I.ORSN-SERVERS.NET [.] (194.242.225.162) |\___ D.ORSN-SERVERS.NET [.] (2001:08a8:0021:0002::::0066) * * * |\___ D.ORSN-SERVERS.NET [.] (195.226.7.66) |\___ M.ORSN-SERVERS.NET [.] (213.145.82.34) |\___ G.ORSN-SERVERS.NET [.] (82.102.0.9) * * * |\___ C.ORSN-SERVERS.NET [.] (212.7.160.13) |\___ A.ORSN-SERVERS.NET [.] (217.146.128.77) * * * |\___ A.ORSN-SERVERS.NET [.] (2001:08d0::0003::::0100) * * * \___ L.ORSN-SERVERS.NET [.] (192.83.249.100) Everything broken? How can this be with such a redundant network? I also thought maybe I should just download a new root hints file, but evidently orsn.net is also down, even when using the root-servers.net hints. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Sixy.ch: directory of IPv6 enabled web sites
Salut, Manuel, On Wed, 28 May 2008 23:05:28 +0200, Manuel Kasper wrote: now that IPv6 is slowly gaining hype factor again, I noticed that there are few places to find content that is accessible via IPv6. In an attempt to change that, I launched http://sixy.ch, a directory of IPv6 enabled web sites. Do you really mean we should spend a few hours to add all websites? :-P Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Anyone else lost traffic around 15:10?
Salut, Silvan, On Thu, 27 Mar 2008 15:42:42 +0100, Silvan Gebhardt wrote: here is what I saw: http://82.197.169.72/cgi-bin/smokeping.cgi The inside view: https://admin.ffii.org/cgi-bin/smokeping.cgi?start=2008-03-27+14%3A45end=2008-03-27+15%3A45target=World.Switzerland.Zurich.SolnetTIX1displaymode=nGenerate%21=Generate%21 Apparently (and also conforming with Init7's publications), the Layer One gate routers smoked out due to heavy traffic load. (This matches the patterns we observed and which are also partially reflected in the graphs.) It could have been worse though; 20 minutes later, the problem was dealt with. Tonnerre signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] The truth about UCEPROTECT-Blocklists
Salut, On Thu, Jan 17, 2008 at 03:01:38AM +0100, Michael Naef wrote: *arrrghhh* [EMAIL PROTECTED]: host psa1.as8833.net[195.162.162.159] said: 550 sorry, no mailbox here by that name. (#5.7.17) (in reply to RCPT TO command) This has been a known problem for a long time already: http://www.rfc-ignorant.org/tools/detail.php?domain=gpstechnik.chsubmitted=1033063711table=abuse Sometimes I'm tempted to use rfc-ignorant.org as a blacklist. Tonnerre pgplsPQqhFQUQ.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Germany: using blacklists now illegal?
Salut, In case Az. 7 O 80/07, the District Court of Lüneburg has ruled that the use of blacklists for mail filtering is an illegal process. The court thereby confirmed the view of a known spammer that the fact that mails from his servers were deleted by the SPAM filter was an act of censorship. According to the ruling, the fact that a mail server is used to transmit soleily SPAM is not sufficient to block mails from it entirely. Blocking a single mail address would have been sufficient, according to the court. However, even this step would only have been acceptable in order to prevent an immanent danger of a virus attack. Well, pretty bad... Tonnerre pgpQwRgsxKnw7.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Referendum against Swiss DMCA
Salut, On Tue, Dec 04, 2007 at 10:09:52PM +0100, Alexandre Suter wrote: I encourage everyone to have a look at the website and pass the word around... There is not much time left ! French : http://no-dmca.ch/index.fr.html German : http://no-dmca.ch/index.de.html Italian : http://no-dmca.ch/index.it.html English : http://no-dmca.ch/index.en.html I do not mean to refuse you your right to your own opinion on this, but I want you to be aware of the fact that there is a certain risk involved with the referendum. history lesson Before that, you should know that despite people's claims, this law has not been rushed past the people or anything. There has been a public hearing on this way back in 2005, which I attended. In 2006, the relevant gremia decided on the issue, and have been lobbied by us and quite a number of other parties. I have personally made an analysis of the (at the time) legal proposal, have postulated ways to improve it, and have invited people to come and help me (which some did). All those people who claim that there has been no public notice of this law should simply be embarassed that they did not act in time despite the fact that there has been a _lot_ of public uproar about it for more than two years now, and should stop discounting our work on the issue, which has been considerable. See also http://www.ffii.ch/action/urg2006/ /history lesson Now to the problems. We have already achieved something with regard to taming this law. The original proposal had far worse provisions, and we could have ended up far worse without some of the specifications. However, if the current law is abolished through a referendum, it will have to recurr immediately, because the law was not created out of hot air but as a response to an international treaty which Switzerland ratified. However, chances are that next time, we will not be able to maintain the provisions which got into the law this time, so after a referendum, in my estimation, we will end up with a law which is way worse than it is right now. Thus, I would rather propose to use the provisions laid down in the law to force a new revision based on the facts which will undoubtedly be established in its evaluation, i.e. what happens after it has come to force. Anyway, make up your own mind. I do not want to force anyone of you here not to sign this proposal, and there is a chance of course that I am entirely mistaken. What you should be aware of though is that this is not going to be the last thing you heard from the copyright revision. Thanks for listening and sorry for the off-topic subject, I will not start into a flame war this time. ;-) Tonnerre pgpLbbtLWHqf9.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Recommendations for root server providers
Salut, On Wed, Nov 28, 2007 at 09:00:30AM +0100, Flavio Tischhauser wrote: - Your own /8 subnet (in addition to one of their IPs) Wow. I thought /8 are not handed out anymore these days. ;-) Tonnerre pgpZafGEIQhxi.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] 2nd Swiss FOSS compatible lobbyists meeting in Berne
Salut, The call to the beer event reminded me that I have actually forgotten to invite you fellow SwiNoggians to my political activists' party in Berne, taking place on Monday at 18:00 in the railway station. Here is the announcement: http://www.fsfe.org/en/events/invitation_to_the_2nd_swiss_foss_compatible_lobbyists_meeting_in_berne I am hoping to see a lot of people there from various parts of the country. Tonnerre pgp5sk1ehysj0.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Swisscom CES
Salut, On Tue, Nov 28, 2006 at 04:51:09PM +0100, Pascal Gloor wrote: Anyone willing to run MPLS over Swisscom CES service, please contact me offlist. I have some important information which will save you hours of debugging. Dare to share on the list or something? Or is it too confidential? Tonnerre pgp8ryC90Re9D.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Sunrise is down?
Salut, On Wed, Nov 15, 2006 at 10:54:39AM +0100, Nico -telmich- Schottelius wrote: - Software error: ERROR: Section 'Sunrise_colo_Bern' does not exist. For help, please send mail to the webmaster ([EMAIL PROTECTED]), giving this error message and the time and date of the error. - Yes, because, as I outlined before, Nik asked Daniel to rename the graph to something that doesn't contain the name Colobern. Unfortunately, smokeping thereby also deleted the statistics. Tonnerre pgpdJVY3PeG3f.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Sunrise is down?
Salut, On Tue, Nov 14, 2006 at 03:46:56PM +0100, Andreas Weiler - Kabelfernsehen Boedeli AG wrote: Same here. Networks connected to Sunrise are not reachable. We are not able to reach domains like www.sunrise.ch, www.drs3.ch or www.jungfrauzeitung.ch anymore. Sunrise with all its glory was down for some time, due to routing problems as rumour has it. The problem is that all customers were down, and the customer hotline was down as well, so... They're back now. For a graph of the events, have a look at http://obri.sygroup.ch/cgi-bin/smokeping.cgi?target=World.Europe.Switzerland.Sunrise_colo_Bern Tonnerre pgp6U8EkXMBap.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SwiNOG#13 Registration
Salut, On Fri, Oct 27, 2006 at 12:55:00PM +0200, Matthias Blaser wrote: On Thursday 26 October 2006 11:39, Pascal Gloor wrote: [1] http://www.spale.com/cgi-bin/swinogreg Is it fair that the first 2 could register 36 years in advance? ;o) Early Bird registration windows are common for all kinds of conferences. See also http://209.85.129.104/search?q=cache:D4vRiYdYSvsJ:www.ggu.edu/courses/section.do%3Fid%3D19635+jan+01+1970 Tonnerre pgpxazMoENf5b.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
Salut, On Sat, Sep 16, 2006 at 03:43:09PM +0200, Matthias Leisi wrote: If you are a provider yourself and you do not offer it: Are there particular reasons? Is it a conscious decision not to offer it or is it that just nobody asked yet? From a cryptographical point of view, this would be a dangerous setup. You're transmitting the same message encrypted (local MX - Client) as well as unencrypted (sending MX - local MX). This leaves you open to a known plaintext attack against your server's private key, because it gives you an opportunity to gain more and more information about the key in use, and all you have to do is send regular-looking SPAM to the user. If every mail server on the Internet encrypted its transmissions, this method would be sure, but as long as this is not the case, there is no transport security. All the user can do is to use PGP in order to keep the contents of his/her mail secret. Of course, SSL can be used nicely for authentication of mail servers though... But this would mean that communication with arbitrary peers is impossible, because one needs to pre-trust the public key of the communicating server (Otherwise the spammers would simply get themselves a key as well). Tonnerre pgpR1hJmTi8T6.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Formmailer-Scripts and Spam
Salut, On Tue, Aug 15, 2006 at 05:35:26PM +0200, Matthias Hertzog wrote: b) Web-user has to enter a unique number (generated image) in the form to prove, he's a human being. The problem here is that spam bots are apparrently exceptionally good already at reading these characters out of the picture. In fact, they are even better than the average human reader, that's at least my experience. Also note this screenshot to the topic: http://www.thedailywtf.com/images/200608/look_harder.JPG Tonnerre pgpht7RgWaJ19.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Formmailer-Scripts and Spam
Salut, On Tue, Aug 15, 2006 at 06:19:21PM +0200, Matthias Keller wrote: One thing I have been pretty successful in blocking spam is javascript... Of course one can argue not all browser support or execute JS but today when every 3rd site completely relies on JS this is no valid point anymore IMHO I use a onSubmit script which sets a variable before submitting. only if this value is received correctly in the script the form is processed... Do you really think a spammer will sit in front of his browser typing in all the spam? Those are scripts, and these scripts just send you data without ever considering to look at your JavaScript foo. Tonnerre pgpUgWzuBczlI.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] [update] *SPECIAL* SwiNOG-BE40 - BBQ/Beer Event 40 - 7th of August @ Oerlikerpark Block this subject
Salut, On Mon, Aug 07, 2006 at 08:53:06AM +0200, Glogger Steven wrote: since the weather is quite bad we will go to the Outback at Bahnhof Stadelhofen. The nice thing is that this message arrived only now. Maybe it was stuck in the Melitta for just too long? Tonnerre pgpoSwaNksaMw.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Reading list as RSS feed
Salut, On Wed, May 31, 2006 at 09:17:46AM +0200, Glogger Steven wrote: how do you answer to posts? ,-) Someone wants to create a web forum. :-P Tonnerre pgpeQTcbQTPjA.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Reading list as RSS feed
Salut, On Wed, May 31, 2006 at 11:29:30AM +0200, Glogger Steven wrote: well, i think RSS is quite a standard and there are possibilities to provide the swinog mailinglist also as RSS feed.. Frankly, ICMP is also a standard. Shall we communicate using icmpchat? ( http://icmpchat.sourceforge.net/ ) Tonnerre pgpBcucE9Q14o.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] mirror.switch.ch overloaded?
Salut, On Tue, Mar 21, 2006 at 03:51:07PM +0100, Martin Ebnoether wrote: As a Linux Guru you should know that today, Fedora Core 5 came out. Maybe it's because of this? I doubt that this has had such a big impact on that server's performance. Even more since it is swamped from last sunday until now. But hey, I have FC5 here now. Just finished burning the CDs. Most likely the solar radiation caused an increased energy load on the time flow machine, which then created a tunnel back to the last weekend, thereby transporting the current release of Fedora Core back to that day. This was noticed by some people, who consecutively started to download like hell, thinking that this was where the release came from. Maw maw, Tonnerre pgpbIXBL6EZ2h.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Cisco parts for sale..
Salut, On Thu, Mar 02, 2006 at 12:31:41PM +0100, Viktor Steinmann wrote: sorry for this kind of spam.. Let's ban this guy and get back to busines... If we can agree to ban all the autoresponder using idiots as well, and all the people who do TOFU, and all the people who ask about the latest Windows XP routing tricks, I certainly agree. Tonnerre pgp1rh8KwlxDH.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Prevent Bounces from MS-Exchange?
Salut, On Mon, Jan 30, 2006 at 07:47:09PM +0100, Folken wrote: - install second server infront of the machine - install postfix on it - added greylisting, rbls, spamassassin, razor checks - get this perl magic script to fetch all valid accounts from active directory on the exchange server. - configure the exchange server to accept mail only from trusted host (e.g. the postfix machine) - add a user with send as anybody user privlidges - configure the domains in the transport.db of postfix with destination to the exchange server. - configure smart-host toward the exchange server with the user added above. - forwarded the smtp port of the exchange to an ip address without mx record and let users send mail via smtp-auth. If you could put a short howto together with your magic perl script to some website and publish the URL (maybe here and in the chaoswiki), this may become useful to a lot of companies lateron. And as a tip for everyone using this type of setup: if the manager comes asking whether one of the two servers could be taken away, you won, because that could only be the Exchange server. Tonnerre pgpSqHQds7aIR.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Colocation of an FFII server
Salut, As many people asked pretty much the same questions, here go some answers: * The expected traffic is between 170 and 300 Gigabyte a month, according to Jeroen. * The server itself is probably going to be 1U only, but we would probably need an external drive bay. * If 2 people could get unattended 24/7 access, that would be terribly nice. * We don't need many IP addresses, we've gone pretty well with one so far. * A textual Hosting by would be ok, like the Hosted by netgate.de we have right now. * Local backups are nice, our backup server is in the Netherlands, so sending backups right through Europe is of questionable efficiency. * A firewall and other snake oil isn't required. (I hope I made it clear which points are MUST and which ones are MAY.) Our budget for this has also been asked about, but this is a question I can't answer. The idea is that our board decides on the situation after we got specific offers. Thanks for listening, Tonnerre pgpCr5bZkQ2pU.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Colocation of an FFII server
Salut, The days of genba.ffii.org are coming to an end. A dual Pentium II 500MHz just isn't up to the job anymore. Therefor, we're going to buy a replacement server, and looking for a place to locate it. One suggestion was somewhere inside Switzerland, for several reasons. We are therefor asking you for providers who would be willing to host a server for a civil society group, and for what conditions. (We know that it isn't always easy to be our provider, especially when spurious companies come rattling at your door because we destroyed their evil software patent plans.) If some of you can connect me to the people who can give us offers, I would be very glad. Thanks for listening, Tonnerre pgppQdAAS0jnh.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Autoresponder
Salut, On Fri, Nov 11, 2005 at 08:16:23AM +0100, Felix Rauch wrote: On Fri, 11 Nov 2005, Steven Glogger wrote: there's a short answer: Short solution: Add all the autoresponding addresses to the swinog-autorespond mailinglist and let them have fun there... ;-) Cheap neural networks? Tonnerre pgpmGmQ87rnxP.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Software Patents in Switzerland
Salut, On Fri, Sep 02, 2005 at 04:59:30PM +0200, Andre Oppermann wrote: Information on Software Patents in Switzerland, starting from Page 14, Chapter 2.1.1: http://www.ige.ch/D/jurinfo/documents/RiLi_Endfassung_Externe_Konsultation_Internet_d.pdf I think this is a discussion for [EMAIL PROTECTED], although I agree that it must be made. Tonnerre pgpghcov8qGTY.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog