Does the forums.debian.net server still use Lenny?

Have something to say about forums.debian.net itself?

Does the forums.debian.net server still use Lenny?

Postby Ahtiga Saraz » 2012-02-01 16:53

If so, security support will stop in a few days!

I might be misinterpreting what I saw in my cache.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Does the forums.debian.net server still use Lenny?

Postby vbrummond » 2012-02-01 17:05

If you can maintain support yourself it might be possible to continue to use it will little ill effect. For a server it is more critical to actually do so.
Always on Debian Testing
vbrummond
 
Posts: 4468
Joined: 2010-03-02 01:42

Re: Does the forums.debian.net server still use Lenny?

Postby cynwulf » 2012-02-01 17:18

It's currently using Lenny - but have no fear - there is an upgrade planned...

It will be installed at around the same time as the new spam counter measures... :lol:
cynwulf
 
Posts: 2396
Joined: 2008-09-25 08:49

Re: Does the forums.debian.net server still use Lenny?

Postby jheaton5 » 2012-02-01 20:52

cynwulf wrote:It will be installed at around the same time as the new spam counter measures... :lol:


You mean they are going to wrap the servers with tin-foil? :lol:
debian sid
User avatar
jheaton5
 
Posts: 1489
Joined: 2008-08-20 01:40
Location: Newnan, GA, USA

The rest is silence?

Postby Ahtiga Saraz » 2012-02-02 21:18

I think he means they will block me.

I asked for encrypted log-in sessions, and... we'll see what we get.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: The rest is silence?

Postby cynwulf » 2012-02-02 21:28

Ahtiga Saraz wrote:I think he means they will block me.

:?:

Ahtiga Saraz wrote:I asked for encrypted log-in sessions, and... we'll see what we get.

:?: :?:
cynwulf
 
Posts: 2396
Joined: 2008-09-25 08:49

Seeking clarification

Postby Ahtiga Saraz » 2012-02-03 21:25

Assuming I am not missing some private joke, what are these proposed anti-spam measures?

As of today, it seems that the forum is still using Lenny. Security support ends in a few days for Lenny, so I hope they hurry up.

Encrypted login sessions would go a long ways towards guarding against casual intrusion/impersonation, for example by spycos which routinely attempt to scrape the user databases of forums like this. There are other measures which I think any self-respecting Debian forum should take, such as encouraging legit users to list public keys so they can recover their accounts if an intruder attempts to hijack it. Such things have happened and owing to my encounter yesterday with what appeared to be an attempt to snag my username/password here, I am once again trying to raise this issue before my own account is hijacked.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Seeking clarification

Postby Kuze » 2012-02-03 22:10

Ahtiga Saraz wrote:Assuming I am not missing some private joke, what are these proposed anti-spam measures?

As of today, it seems that the forum is still using Lenny. Security support ends in a few days for Lenny, so I hope they hurry up.

Encrypted login sessions would go a long ways towards guarding against casual intrusion/impersonation, for example by spycos which routinely attempt to scrape the user databases of forums like this. There are other measures which I think any self-respecting Debian forum should take, such as encouraging legit users to list public keys so they can recover their accounts if an intruder attempts to hijack it. Such things have happened and owing to my encounter yesterday with what appeared to be an attempt to snag my username/password here, I am once again trying to raise this issue before my own account is hijacked.


I agree , ssl would also help safeguard tor users from rouge exit nodes.
User avatar
Kuze
 
Posts: 90
Joined: 2011-06-17 20:36

Re: Does the forums.debian.net server still use Lenny?

Postby notthatguy » 2012-02-03 22:15

oh yea I am sure every hacker team in the world is targeting not Bank of America, not the Citigroup, not JP morgan, but forums.debian.net so they can read all our secret PMs :shock:
notthatguy
 
Posts: 199
Joined: 2011-12-13 12:48

Re: Does the forums.debian.net server still use Lenny?

Postby vbrummond » 2012-02-03 22:21

notthatguy wrote:oh yea I am sure every hacker team in the world is targeting not Bank of America, not the Citigroup, not JP morgan, but forums.debian.net so they can read all our secret PMs :shock:


Amen. :lol:
Always on Debian Testing
vbrummond
 
Posts: 4468
Joined: 2010-03-02 01:42

Is DUF at risk? Possibly so. Am I? Probably so.

Postby Ahtiga Saraz » 2012-02-03 22:55

yea I am sure every hacker team in the world is targeting not Bank of America, not the Citigroup, not JP morgan, but forums.debian.net so they can read all our secret PMs

That's not what I said.

Some points which you appear to have overlooked:
  • Various organizations (especially large ones) initiate various projects at various times which have various goals. For example, BoA no doubt hires security auditors to engage in RedTeam/BlueTeam tests of their transactional protections, so contrary to what a naive person might think, banks in effect at times try to steal from themselves, as it were. And the "Team Themis" scandal (and a long-running BAE scandal, a Hewlett-Packard scandal, and many other incidents) show that at times the top officers of large corporations do order "ratfucking" or "domestic espionage" targeting specific investigative journalists or members of small nonprofit organizations which are criticising their corporate practices.
  • Government intelligence/secret police, corporate espionage cells, and well-connected private eyes the world over use essentially the same software sold by the same "Western" spycos. This software has been provided not only to "Western" governments but also to the most repressive authoritarian regimes, including Zimbabwe, Syria, Vietnam, even Iran. And many spycos are based in authoritarian countries like Russia and China where many government officials have ties to organized crime organizations, or even to "terror groups".
  • Sophisticated monitoring/ratfucking/shilling operations do require sophistication on the part of the programmers who write the software used to do such things. But once the software and the manuals are written and sold/licensed to anyone willing to pay (or able to steal them, as may have happened with Iran and Syria), they can be used to target anyone for any "reason" with minimal effort or required expertise.
  • It is hardly a state secret that there are Western spycos which specialize in snagging username/password combos (their customer base includes large corporations who want to make sure that any Walmart employee who badmouths Walmart will be fired, for example), or in monitoring social networking forums (see Wikileaks SpyFiles for a dozen marketing fliers from several of the larger ones which offer such services). A Surveillance-Industrial whitepaper recently predicted that by 2014, such monitoring will be an almost trillion dollar global industry, servicing mid to large corporations and targeting among others citizens who oppose specific corporate practices by specific corporations.
  • It is hardly a state secret that other companies which operate in even more legally murky waters regularly attempt to scrape the user base of public forums like DUF, in order to create spamlists targeting particular interest groups. Their methods can be fairly sophisticated.
Last edited by Ahtiga Saraz on 2012-02-06 20:55, edited 1 time in total.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Clarify?

Postby Ahtiga Saraz » 2012-02-06 20:53

@ cynwulf:
It's currently using Lenny - but have no fear - there is an upgrade planned...
It will be installed at around the same time as the new spam counter measures... :lol:

Please correct me if I misunderstand what I took to be sarcasm (aimed at DUF, not me):
  • I guess you are suggesting that the forum will continue to use Lenny for some time (security support ended today, but someone suggested that the forum owners are capable of patching any vuls independently of debian package management)
  • I guess you are suggesting that the forum owners have talked about anti-spam measures but have never gotten around to implementing them.

Assuming that new anti-spam measures really are coming, will these affect Tor users?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Clarify?

Postby cynwulf » 2012-02-06 22:02

Ahtiga Saraz wrote:@ cynwulf:
It's currently using Lenny - but have no fear - there is an upgrade planned...
It will be installed at around the same time as the new spam counter measures... :lol:

Please correct me if I misunderstand what I took to be sarcasm (aimed at DUF, not me):
  • I guess you are suggesting that the forum will continue to use Lenny for some time (security support ended today, but someone suggested that the forum owners are capable of patching any vuls independently of debian package management)
  • I guess you are suggesting that the forum owners have talked about anti-spam measures but have never gotten around to implementing them.

Assuming that new anti-spam measures really are coming, will these affect Tor users?

Substitute my second paragraph for something along the lines of "it should be done around the time hell freezes over" and you will get the idea...

I'm not sure if the upgrade will happen or not - I would guess that it will, but who can say except those whose job it is to carry out the upgrades...

p.s. this is FDN, not DUF, the latter is different Debian forum.
cynwulf
 
Posts: 2396
Joined: 2008-09-25 08:49


Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 3 guests

fashionable