[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [security-discuss] gnuradio project DoS attacks GNU wget users
From: |
ng0 |
Subject: |
Re: [security-discuss] gnuradio project DoS attacks GNU wget users |
Date: |
Thu, 2 Mar 2017 20:08:39 +0000 |
On 17-03-02 11:50:09, Richard Stallman wrote:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> > As far as I perceive it, ftp.gnu.org and the alpha ftp do not provide
> > any access to be used from tor exit nodes.
>
> This sounds like a real problem. Can someone present a specific test case
> that fails?
That's as easy as running tor with a configuration where you exclude
at least exit-nodes located in the USA. Then you will try to download
any file on one of the download locations of gnu, with a graphical
webbrowser - it does not have to be torbrowser - you pass it the
arguments to use the socks5 proxy of tor as described in the torproject
website documentation, and just trying to establish a connection to
ftp.gnu.org will fail with "Error: Bad IP connecting".
I have not checked my config in a while, but this shows that there's at
least an problem if you connect not from within the USA. I can't recall
if I ever had a good exit-node connecting to ftp.gnu.org, but I doubt it.
> > I find this annoying every time I have to check releases, update
> > software for Guix, etc. If mirroring would be an option I would run an
> > .onion mirror.
>
> Last I heard we had lots of mirrors. Making another kind of mirror
> would be useful too.
>
> --
> Dr Richard Stallman
> President, Free Software Foundation (gnu.org, fsf.org)
> Internet Hall-of-Famer (internethalloffame.org)
> Skype: No way! See stallman.org/skype.html.
>
Below I use "mirrors" when I refer to the root download architecture at
gnu.org, the exception is the provided mirror which should be clear from
context.
If this (whereby I mean providing .onion access at the root level
of software distribution, the gnu.org servers) is not or not right now
possible to be provided by the FSF/GNU[0], I strongly consider to
provide an .onion mirror with the intention to add .gnu gnunet later on.
However there are problems:
* I'm not looking really forward to administrate server(s) again, even
if the underlying system makes administration easier.
* I'm limited in resources both financially and time to invest.
* My non-commercial ISP of choice is prepared for lots of traffic, they
even have some tor exit- and non-exit relays/nodes in their network,
but if this mirror would be used it would be a centralization of
service which would be an easy target to take down, in addition to
testing out how much traffic is okay for their infrastructure. Last
time I ran an tor non-exit relay in there it was still okay with
several TB of data per month.
I know I can just mirror some (and not all) mirrors of gnu.org, reducing
the size which is needed. At the current size of all gnu.org mirrors
this results in ~125GiB. Taking in consideration the operation system to
add and that at IN-Berlin eV (the ISP) you can only buy disk space in 25
sizes (n times 25) I get less than 20 Euro / month.
Now the consideration of the choice of datacenter vs "other places" and
therefore the choice of machine in use is how much electricity is
wasted in the process.
I have to think about compromisses of use vs costs as the ideal solution
would be to also provide a service for binary substitutes similar to
what's offered from https://hydra.gnu.org at the moment.
0: I'm not sure who's responsible for the server maintenance, I know
both parties are involved depending on the level of maintenance.
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Anonymous, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Jean Louis, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Jean Louis, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Jean Louis, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, hellekin, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, ng0, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/02
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users,
ng0 <=
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, ng0, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/02
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/02
Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/02
Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/01