Re: [security-discuss] gnuradio project DoS attacks GNU wget users

[ng0]

On 17-03-01 17:25:19, hellekin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 03/01/2017 05:03 PM, Alfred M. Szmidt wrote:
> >    That way, I am limited, when using wget, and wrong Tor exit
> >    (hypothetically) to access the software. It is a clear limitation.
> > 
> > By the same logic, I am being refused by the GNU project and the FSF
> > to install free software on a PDP-10 since they are not providing me
> > with MLDEV access, or DECtapes.
> > 
> 
> You can't reject a real use-case with a hypothetical use-case.  Tor
> users have good reasons to be willing to protect their privacy, and this
> is not your call to make.  This has nothing to do with some hypothetical
> use-case for historical hardware.
> 
> The original poster is certainly shouting a bit too loudly about
> GNUradio "DoSing" users.  But Cloudflare has been a real problem for
> privacy and the decentralized Web.  It's only incidental that its
> platform shields somehow content-sharing sites from MPAA and other
> 'Intellectual Property' racketeers.  But generally, Cloudflare
> technology is an anti-privacy wall, and the GNU project, for
> consistency, should not condone this service.
> 
> An easy reply to our anonymous friend would be to give him access to a
> mirror site that does not use Cloudflare.  But I suppose a Tor user is

I hope with GNU Radio this is about its download and therefore
about ftp.gnu.org, if it isn't please correct me.

As far as I perceive it, ftp.gnu.org and the alpha ftp do not provide
any access to be used from tor exit nodes.

I find this annoying every time I have to check releases, update
software for Guix, etc. If mirroring would be an option I would run an
.onion mirror. As far as I know (could be wrong about this) partyvan in
sweden or finland runs an .onion mirror of the gnu.org ftp.
When there are public indexed onions, it would be good to point this out
on gnu.org for users, save them the search, have an up-to-date list of
reliable mirrors.

Debian recently (last year) added .onion for all their services and I
think their sys admins would be happy to help out in providing info on
how they made this scale. I know nothing about the debian server
architecture, I only know of the not so public documented feature of sub
domains for .onion names (foo.cacacbread.onion, bar.cacacbread.onion can
be two different services running on the same onion address).

That said, a better documented access for tor users would be highly
appreciated.

> also savvy enough to find that themselves.  The problem here is the use
> of Cloudflare--an anti-privacy service--to promote freedom.
> 
> ==
> hk
> 
> -----BEGIN PGP SIGNATURE-----
> 
> iQJ8BAEBCgBmBQJYtvXtXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0
> ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg97ucP/AxGvl+rGrr3v/6BK8/sKm9v
> 48s4oQVQvNsN7a6Q+iJEyR1Fcz+sLC2reUBzgq2m9M2yM8/gockcYxvWgXWuuZYn
> xvW0Acs4KSKn2RxnX0hcClk1wVOCvy3TNLt2M3qgwHKpuhppDdVUSpvzSsdFqRO6
> //uLj+BrlhQaDPA+jfy75tgiIr4ohVnc+/cX9jULuTrX4M0QYcg1IGcOvwpwddfm
> mSPdxV/0da4kp1Ri5FcOyaTgXQd5W9WTbzEYyzhYZYXHv/VnDHfIKbIw4khSdIaM
> ZNCDp7KhhfjnHQdo1aLlg7td3vtjIktekALqyLsFVas6qiPdPGBjiW91O1sg/4eS
> 4Q8i+FXkV5A9BTwasiefzavRNfE/BTN2Dpq64fzIGTZCwJgREnmQAmScQqYsM23K
> tdDb/5RXhvSt6JN66yYJFIVZxINzx/pEaqmj3qDDsaEXP2ynCgnlO2yqLuNc8REg
> slQ9ForVLD/X9+HEw8sV8vfHtpdYSitn+4QgCUTnXhSEgepzJW4wMjXushf5E4zV
> NrpwteoUx8MR3sTs0IEufkHKKsLhaOT55i+NycNoBQFExmOmCUPwJRASiuN8Diqd
> bueYBh36w61UbleS82WFoL86r301o+HzKfHHl5gzJRDvcNBt10TSc5mCbKvoV+cQ
> hvjaqLwnk2bxW4vhYrMh
> =4S/B
> -----END PGP SIGNATURE-----
>