Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Does the forums.debian.net server still use Lenny?

Code of conduct, suggestions, and information on forums.debian.net.
Post Reply
Message
Author
Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Does the forums.debian.net server still use Lenny?

#1 Post by Ahtiga Saraz »

If so, security support will stop in a few days!

I might be misinterpreting what I saw in my cache.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

vbrummond
Posts: 4432
Joined: 2010-03-02 01:42

Re: Does the forums.debian.net server still use Lenny?

#2 Post by vbrummond »

If you can maintain support yourself it might be possible to continue to use it will little ill effect. For a server it is more critical to actually do so.
Always on Debian Testing

cynwulf

Re: Does the forums.debian.net server still use Lenny?

#3 Post by cynwulf »

It's currently using Lenny - but have no fear - there is an upgrade planned...

It will be installed at around the same time as the new spam counter measures... :lol:

User avatar
jheaton5
Posts: 1488
Joined: 2008-08-20 01:40
Location: Newnan, GA, USA

Re: Does the forums.debian.net server still use Lenny?

#4 Post by jheaton5 »

cynwulf wrote:It will be installed at around the same time as the new spam counter measures... :lol:
You mean they are going to wrap the servers with tin-foil? :lol:
debian sid

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

The rest is silence?

#5 Post by Ahtiga Saraz »

I think he means they will block me.

I asked for encrypted log-in sessions, and... we'll see what we get.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

cynwulf

Re: The rest is silence?

#6 Post by cynwulf »

Ahtiga Saraz wrote:I think he means they will block me.
:?:
Ahtiga Saraz wrote:I asked for encrypted log-in sessions, and... we'll see what we get.
:?: :?:

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Seeking clarification

#7 Post by Ahtiga Saraz »

Assuming I am not missing some private joke, what are these proposed anti-spam measures?

As of today, it seems that the forum is still using Lenny. Security support ends in a few days for Lenny, so I hope they hurry up.

Encrypted login sessions would go a long ways towards guarding against casual intrusion/impersonation, for example by spycos which routinely attempt to scrape the user databases of forums like this. There are other measures which I think any self-respecting Debian forum should take, such as encouraging legit users to list public keys so they can recover their accounts if an intruder attempts to hijack it. Such things have happened and owing to my encounter yesterday with what appeared to be an attempt to snag my username/password here, I am once again trying to raise this issue before my own account is hijacked.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

User avatar
Kuze
Posts: 90
Joined: 2011-06-17 20:36

Re: Seeking clarification

#8 Post by Kuze »

Ahtiga Saraz wrote:Assuming I am not missing some private joke, what are these proposed anti-spam measures?

As of today, it seems that the forum is still using Lenny. Security support ends in a few days for Lenny, so I hope they hurry up.

Encrypted login sessions would go a long ways towards guarding against casual intrusion/impersonation, for example by spycos which routinely attempt to scrape the user databases of forums like this. There are other measures which I think any self-respecting Debian forum should take, such as encouraging legit users to list public keys so they can recover their accounts if an intruder attempts to hijack it. Such things have happened and owing to my encounter yesterday with what appeared to be an attempt to snag my username/password here, I am once again trying to raise this issue before my own account is hijacked.
I agree , ssl would also help safeguard tor users from rouge exit nodes.

notthatguy
Posts: 199
Joined: 2011-12-13 12:48

Re: Does the forums.debian.net server still use Lenny?

#9 Post by notthatguy »

oh yea I am sure every hacker team in the world is targeting not Bank of America, not the Citigroup, not JP morgan, but forums.debian.net so they can read all our secret PMs :shock:

vbrummond
Posts: 4432
Joined: 2010-03-02 01:42

Re: Does the forums.debian.net server still use Lenny?

#10 Post by vbrummond »

notthatguy wrote:oh yea I am sure every hacker team in the world is targeting not Bank of America, not the Citigroup, not JP morgan, but forums.debian.net so they can read all our secret PMs :shock:
Amen. :lol:
Always on Debian Testing

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Is DUF at risk? Possibly so. Am I? Probably so.

#11 Post by Ahtiga Saraz »

yea I am sure every hacker team in the world is targeting not Bank of America, not the Citigroup, not JP morgan, but forums.debian.net so they can read all our secret PMs
That's not what I said.

Some points which you appear to have overlooked:
  • Various organizations (especially large ones) initiate various projects at various times which have various goals. For example, BoA no doubt hires security auditors to engage in RedTeam/BlueTeam tests of their transactional protections, so contrary to what a naive person might think, banks in effect at times try to steal from themselves, as it were. And the "Team Themis" scandal (and a long-running BAE scandal, a Hewlett-Packard scandal, and many other incidents) show that at times the top officers of large corporations do order "ratfucking" or "domestic espionage" targeting specific investigative journalists or members of small nonprofit organizations which are criticising their corporate practices.
  • Government intelligence/secret police, corporate espionage cells, and well-connected private eyes the world over use essentially the same software sold by the same "Western" spycos. This software has been provided not only to "Western" governments but also to the most repressive authoritarian regimes, including Zimbabwe, Syria, Vietnam, even Iran. And many spycos are based in authoritarian countries like Russia and China where many government officials have ties to organized crime organizations, or even to "terror groups".
  • Sophisticated monitoring/ratfucking/shilling operations do require sophistication on the part of the programmers who write the software used to do such things. But once the software and the manuals are written and sold/licensed to anyone willing to pay (or able to steal them, as may have happened with Iran and Syria), they can be used to target anyone for any "reason" with minimal effort or required expertise.
  • It is hardly a state secret that there are Western spycos which specialize in snagging username/password combos (their customer base includes large corporations who want to make sure that any Walmart employee who badmouths Walmart will be fired, for example), or in monitoring social networking forums (see Wikileaks SpyFiles for a dozen marketing fliers from several of the larger ones which offer such services). A Surveillance-Industrial whitepaper recently predicted that by 2014, such monitoring will be an almost trillion dollar global industry, servicing mid to large corporations and targeting among others citizens who oppose specific corporate practices by specific corporations.
  • It is hardly a state secret that other companies which operate in even more legally murky waters regularly attempt to scrape the user base of public forums like DUF, in order to create spamlists targeting particular interest groups. Their methods can be fairly sophisticated.
Last edited by Ahtiga Saraz on 2012-02-06 20:55, edited 1 time in total.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Clarify?

#12 Post by Ahtiga Saraz »

@ cynwulf:
It's currently using Lenny - but have no fear - there is an upgrade planned...
It will be installed at around the same time as the new spam counter measures... :lol:
Please correct me if I misunderstand what I took to be sarcasm (aimed at DUF, not me):
  • I guess you are suggesting that the forum will continue to use Lenny for some time (security support ended today, but someone suggested that the forum owners are capable of patching any vuls independently of debian package management)
  • I guess you are suggesting that the forum owners have talked about anti-spam measures but have never gotten around to implementing them.
Assuming that new anti-spam measures really are coming, will these affect Tor users?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

cynwulf

Re: Clarify?

#13 Post by cynwulf »

Ahtiga Saraz wrote:@ cynwulf:
It's currently using Lenny - but have no fear - there is an upgrade planned...
It will be installed at around the same time as the new spam counter measures... :lol:
Please correct me if I misunderstand what I took to be sarcasm (aimed at DUF, not me):
  • I guess you are suggesting that the forum will continue to use Lenny for some time (security support ended today, but someone suggested that the forum owners are capable of patching any vuls independently of debian package management)
  • I guess you are suggesting that the forum owners have talked about anti-spam measures but have never gotten around to implementing them.
Assuming that new anti-spam measures really are coming, will these affect Tor users?
Substitute my second paragraph for something along the lines of "it should be done around the time hell freezes over" and you will get the idea...

I'm not sure if the upgrade will happen or not - I would guess that it will, but who can say except those whose job it is to carry out the upgrades...

p.s. this is FDN, not DUF, the latter is different Debian forum.

Post Reply