Mail Archives: geda-user/2021/01/11/16:38:12
| X-Authentication-Warning: | delorie.com: mail set sender to geda-user-bounces using -f
|
| X-Recipient: | geda-user AT delorie DOT com
|
| X-Original-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=
|
| messagingengine.com; h=content-type:date:from:in-reply-to
|
| :message-id:mime-version:references:reply-to:subject:to
|
| :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
|
| fm1; bh=PIHNc2ENdek5peT1ipeVXSJdpdp5M7xTyU6xnRTtQog=; b=fICay7wf
|
| 49W71aQ5ANf3nHSuFvKuxactdknk9aSo3zZsxxJc5DpfHfld4uiKUVsbbgbORowq
|
| P3iC0+XczbslmcXvL2nF/ZU9prOckXDgcan4FEcB7wvbfCZB6YFda8bOXrI4Vjq/
|
| xKjelD8vKx6Qa1TVOrvITaxST3nuMopNjdCu0uCG6R7uKCE4I5AHBgt/sDDOGs7X
|
| K8bQbtvnDvIWZTLtaKxMxcqKQExnztmgZP3/AvUz959/QiGlfxmkbwWUecpBIutx
|
| glDK4rQguKRJHcU0cNS59xlKdDyYyr6rXl/b7m26dxM2gd3JBHwCRitaOr7Uoaol
|
| 3o4v9mBvsAP/KQ==
|
| X-ME-Sender: | <xms:jsD8X3bgSPVwVYsMDGxX0lfhDxLVQ0Q_YjGRZux5kAY_OQ5ekmWIoA>
|
| <xme:jsD8X_XvdS7xGEMBlnZXIWYMTidvkx34AUaPFVS0Xxy26rDhJ9zWY8mYmN-VOTkDM
|
| 6YGTtbnWBz1RJKDAg>
|
| X-ME-Proxy-Cause: | gggruggvucftvghtrhhoucdtuddrgedujedrvdehuddgudegkecutefuodetggdotefrod
|
| ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
|
| necuuegrihhlohhuthemuceftddtnecunecujfgurheprhfuvfhfhffkffgfgggjtgesrg
|
| dtreertdefjeenucfhrhhomhepifhirhhvihhnucfjvghrrhcuoehghhgvrhhrlhesfhgr
|
| shhtmhgrihhlrdgtohhmqeenucggtffrrghtthgvrhhnpeehfefgteevteeileejueetve
|
| ekjefhjedvteevffduffegffefgeekvdefhfeuleenucffohhmrghinheplhhinhhugihj
|
| ohhurhhnrghlrdgtohhmpdhthhgvrhgvfhhorhgvrghrvggrlhhlohhffhhlihhmihhtsh
|
| drihhnpdhhthhtphhsthhoughofihnlhhorggurdgrshenucfkphepuddtkedrvdduhedr
|
| udelhedrvddtheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh
|
| hrohhmpehghhgvrhhrlhesfhgrshhtmhgrihhlrdgtohhm
|
| X-ME-Proxy: | <xmx:jsD8X1iR4r_m-ep2H1HmJf3EZWoOcqFJ9s_pvvEShv1kKNEdkrhw9A>
|
| <xmx:jsD8X9sznoaqxKzpp88_4iqNXw0mB4tAYDGqWi-fzPkP_aZuadzAMA>
|
| <xmx:jsD8X-4wmnQflijwVQWzjrNLCr_PcrCXdS5B3A7fu2BNO-4dmKO6rg>
|
| <xmx:j8D8X-wMdd3LiOPH7b0gOQxMHB1zW3Dw_glmq2A3TDgcfViDphMBCg>
|
| Subject: | Re: [geda-user] No https for pcb-rnd
|
| To: | geda-user AT delorie DOT com
|
| References: | <xnim84jsdh DOT fsf AT envy DOT delorie DOT com>
|
| From: | "Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com>
|
| Message-ID: | <197408a7-1183-7805-6f84-7794386c52dc@fastmail.com>
|
| Date: | Mon, 11 Jan 2021 13:15:37 -0800
|
| User-Agent: | Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101
|
| Thunderbird/68.12.0
|
| MIME-Version: | 1.0
|
| In-Reply-To: | <xnim84jsdh.fsf@envy.delorie.com>
|
| Reply-To: | geda-user AT delorie DOT com
|
| Errors-To: | nobody AT delorie DOT com
|
| X-Mailing-List: | geda-user AT delorie DOT com
|
| X-Unsubscribes-To: | listserv AT delorie DOT com
|
This is a multi-part message in MIME format.
--------------EF371C8E63E2E51C56270C18
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
On 1/10/21 3:15 PM, DJ Delorie wrote:
> "Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com]"
> <geda-user AT delorie DOT com> writes:
>> I don't know why you are so resistant to computer security.
> Computer security takes time and effort, and it's wasted on static data
> that has no real value. Do you really need to hide the fact that you're
> looking at EDA software? Do you worry that terrorists are going to
> modify a wiki page you're reading?
>
>> Why did I post my concern about pcb-rnd on this forum? Good question. I
>> thought about it a while and decided that since pcb-rnd was on this
>> forum in the past, and that it may be polled by the pcb-rnd devs,
> Nope, none of them are here any more. They left long ago.
>
>> Now that includes gEDA too.
> You didn't mention that at all in your original email ;-)
>
>> I hope the gEDA server maintainers create a https portal on the web
>> server(s) asap.
> The gEDA server is a very old arm-based device running a prototype
> operating system. HTTPS is not an option at this point, unless someone
> (or many someones) steps up to migrate everything to a modern server.
Greetings,
My immediate concern is the software download site. I do not want to
download corrupted software. The risk is low, but I think it is still
there. On the other end, I am concerned that the gEDA site could get
attacked with possible resultant data corruption. In that respect, I
don't think computer security is "wasted". You are correct in that since
the transactions do not involve the transmission of sensitive data, such
as logins and passwords, the risk is low and maybe not worth the effort
to upgrade, except for the program download site.
I didn't mention the gEDA sites in my original posting because I had not
yet gotten to my gEDA site bookmarks, so at the time I wrote the
original posting I did not know for sure if gEDA should be included. I
suppose in hindsight, I should have waited until I had completed my
year-end bookmarks purge before I posted my first posting on this
subject. Sorry.
I had a suspicion that the problem may be with the server. I guess the
best I can ask for is to consider upgrading to https, at least for the
software download server part, when a need to upgrade the server is
discussed.
Since we are trading URLs, here is an article, written by Mick Bauer,
that I am using to harden my desktop computer at this time:
https://www.linuxjournal.com/magazine/paranoid-penguin-brutally-practical-linux-desktop-security
Here is an applicable snippet under "Never Transmit Unencrypted
Passwords" for consideration:
Telnet, non-anonymous FTP, IMAP, POP3 and any browser-based login
involving an http:// URL rather than https://, therefore, are all
off limits. In the modern era, all these applications (remote shell,
file transfer, e-mail and most Web applications) can and should be
used in encrypted implementations, such as SSH, FTPS or SFTP, IMAPS,
POP3S and https, at least for logons and other sensitive transactions.
Operative phrase: " at least ".
Note that pcb, under sourceforge, is using https to download.
As a side note, a while back I was looking to make a donation to gEDA to
help out and partially compensate for the use I have gotten from
gEDA/gaf. However, I could not find a place to make such a donation. I
think a PayPal transaction could be made using an email address. I am
not sure how to set it up. It may require a PayPal business account.
Such donations could help purchase a new server and maybe pay the small
fee for the certificate(s).
Thanks and take care.
Girvin
--------------EF371C8E63E2E51C56270C18
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 1/10/21 3:15 PM, DJ Delorie wrote:<br>
</div>
<blockquote type="cite" cite="mid:xnim84jsdh DOT fsf AT envy DOT delorie DOT com">
<pre class="moz-quote-pre" wrap="">"Girvin Herr (<a class="moz-txt-link-abbreviated" href="mailto:gherrl AT fastmail DOT com">gherrl AT fastmail DOT com</a>) [via <a class="moz-txt-link-abbreviated" href="mailto:geda-user AT delorie DOT com">geda-user AT delorie DOT com</a>]"
<a class="moz-txt-link-rfc2396E" href="mailto:geda-user AT delorie DOT com"><geda-user AT delorie DOT com></a> writes:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">I don't know why you are so resistant to computer security.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Computer security takes time and effort, and it's wasted on static data
that has no real value. Do you really need to hide the fact that you're
looking at EDA software? Do you worry that terrorists are going to
modify a wiki page you're reading?
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Why did I post my concern about pcb-rnd on this forum? Good question. I
thought about it a while and decided that since pcb-rnd was on this
forum in the past, and that it may be polled by the pcb-rnd devs,
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Nope, none of them are here any more. They left long ago.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Now that includes gEDA too.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
You didn't mention that at all in your original email ;-)
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">I hope the gEDA server maintainers create a https portal on the web
server(s) asap.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
The gEDA server is a very old arm-based device running a prototype
operating system. HTTPS is not an option at this point, unless someone
(or many someones) steps up to migrate everything to a modern server.</pre>
</blockquote>
<br>
<p>Greetings,</p>
<p>My immediate concern is the software download site. I do not want
to download corrupted software. The risk is low, but I think it is
still there. On the other end, I am concerned that the gEDA site
could get attacked with possible resultant data corruption. In
that respect, I don't think computer security is "wasted". You are
correct in that since the transactions do not involve the
transmission of sensitive data, such as logins and passwords, the
risk is low and maybe not worth the effort to upgrade, except for
the program download site.</p>
<p>I didn't mention the gEDA sites in my original posting because I
had not yet gotten to my gEDA site bookmarks, so at the time I
wrote the original posting I did not know for sure if gEDA should
be included. I suppose in hindsight, I should have waited until I
had completed my year-end bookmarks purge before I posted my first
posting on this subject. Sorry.</p>
<p>I had a suspicion that the problem may be with the server. I
guess the best I can ask for is to consider upgrading to https, at
least for the software download server part, when a need to
upgrade the server is discussed.</p>
<p>Since we are trading URLs, here is an article, written by Mick
Bauer, that I am using to harden my desktop computer at this time:</p>
<blockquote>
<p><a class="moz-txt-link-freetext"
href="https://www.linuxjournal.com/magazine/paranoid-penguin-brutally-practical-linux-desktop-security">https://www.linuxjournal.com/magazine/paranoid-penguin-brutally-practical-linux-desktop-security</a><br>
</p>
</blockquote>
<p>Here is an applicable snippet under "Never Transmit Unencrypted
Passwords" for consideration:</p>
<blockquote>
<p> Telnet, non-anonymous FTP, IMAP, POP3 and any browser-based
login involving an http:// URL rather than https://, therefore,
are all off limits. In the modern era, all these applications
(remote shell, file transfer, e-mail and most Web applications)
can and should be used in encrypted implementations, such as
SSH, FTPS or SFTP, IMAPS, POP3S and https, at least for logons
and other sensitive transactions. </p>
</blockquote>
<p>Operative phrase: " at least ".</p>
<p>Note that pcb, under sourceforge, is using https to download.</p>
<p>As a side note, a while back I was looking to make a donation to
gEDA to help out and partially compensate for the use I have
gotten from gEDA/gaf. However, I could not find a place to make
such a donation. I think a PayPal transaction could be made using
an email address. I am not sure how to set it up. It may require a
PayPal business account. Such donations could help purchase a new
server and maybe pay the small fee for the certificate(s).</p>
<p>Thanks and take care.</p>
<p>Girvin</p>
<p><br>
</p>
</body>
</html>
--------------EF371C8E63E2E51C56270C18--
- Raw text -