Language:
switch to room list switch to menu My folders
Go to page: First ... 5 6 7 8 [9] 10 11 12 13 ... Last
[#] Mon Sep 03 2018 18:02:38 EDT from winzlo

[Reply] [ReplyQuoted] [Headers] [Print]

Well, if one is running a mail server with SSL encrypted POP/IMAP/SMTP, there shouldn't be any additional security implications, just a much busier spam filter as IG pointed out. Spammers rely on replies from mail servers to see how far they can get in terms of information gathering. An open relay could reveal a lot more than novices would be aware of, presuming that this was something that all ISp's adopted. I've worked with enough "senior technical" personnel to know that far too many either lied or conned their way into their jobs with either minimal or no actual expertise. No wonder big corporations are going bankrupt...something for another room, though. :)

[#] Thu Oct 25 2018 20:11:49 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Heh... imagine if RS-232 connectors could have a conflict between
their physical gender and what they feel their physical gender should

have been.


(Quoted from fleeb in the Home Handyman room)

I know it was a joke, but ... RS-232 connectors originally *did* have "gender roles".

RS-232 on a male DB-25 connector was supposed to behave as DTE, with transmit on pin 2, receive on pin 3, asserting DTR on pin 20, etc.

RS-232 on a female DB-25 connector was supposed to behave as DCE, receiving on pin 2, transmitting on pin 3, listening for DTR on pin 20, etc.

In practice, most manufacturers simply put female connectors on everything, shipped male-to-male cables, and expected you to work out any connection problems on your own. Ironically, one notable exception was IBM, the "evil empire" of that era, whose DTE ports on the PC were 25 pin male.
Imagine that, the manufacturer who at the time was famous for coming up with their own incompatible version of everything, was one of the few following the standard.

If everyone had followed the standard, an entire category of adapters would not have been needed.

Today, over half a century after RS-232 was introduced, most serial ports appear as the de-facto standard of the Cisco serial console pinouts on an RJ-45 connector.

[#] Fri Oct 26 2018 10:13:22 EDT from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


That would have simplified quite a few things if people followed that standard.
Hm.

[#] Mon Oct 29 2018 15:12:46 EDT from userT <>

[Reply] [ReplyQuoted] [Headers] [Print]

So I just read this:
https://www.fastmail.com/help/technical/ssltlsstarttls.html

Quite helped me to understand the differences, but one of the parts that caught my attention was this:
"At some point, it was decided that having 2 ports for every protocol was wasteful, and instead you should have 1 port that starts off as plaintext, but the client can upgrade the connection to an SSL/TLS encrypted one. This is what STARTTLS was created to do."

In my particular case, I also think it'd be better to go back having only one port for each protocol. But, from what I could overall understand, they still cannot reach a "global" agreement, old software is too conservative, etc, etc, which has the effect of keeping more than one port for each protocol for good...

And I'd like to ask, what do you think in general?
In the case you think as well only one port would be enough, which case would you prefer to stay for good? The more recent TLS implicit ports, or the old ports just with STARTTLS?

Thanks again.



[#] Thu Nov 01 2018 12:46:19 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Seriously. Anyone who worked with computers back then will remember what a nightmare it was to get different types of devices to handshake properly.
Every printer vendor had slightly different requirements. I did my share of time with the breakout box. I don't miss that.

DigiBoard (now just "Digi") is still around, by the way. They seem to do a lot of stuff with mobile routers.

[#] Thu Nov 01 2018 21:44:45 EDT from Ragnar Danneskjold

[Reply] [ReplyQuoted] [Headers] [Print]

I was really good at getting serial stuff to work.... So many people that it was magic.

[#] Fri Nov 02 2018 14:44:24 EDT from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


I also remember the different file formats for text.

Amusingly, that hasn't changed. If anything, it has only grown worse over time.

[#] Sat Nov 17 2018 12:30:04 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I was really good at getting serial stuff to work.... So many people

that it was magic.

Well yes, if you understood the protocol instead of just guessing, like a lot of people did ... it wasn't *that* hard. As long as you had the tools.

Of course, RS-232 was for pussies. Real engineers used V.35, with those gigantic 34-pin Winchester connectors. Yeah!

[#] Tue Dec 18 2018 17:59:13 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

And I'd like to ask, what do you think in general?
In the case you think as well only one port would be enough, which
case would you prefer to stay for good? The more recent TLS implicit
ports, or the old ports just with STARTTLS?

Actually, I think encryption in general is a bad idea, because it lulls people into a false sense of security.

One port or two ports is fine; instead I take issue with software that tries to enforce some sort of encryption policy and doesn't allow the user to override it. Yes, sometimes I want to send a password in the clear, and if I'm ok with that, the software shouldn't try to tell me I can't.

[#] Wed Jan 02 2019 09:40:12 EST from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Eh... but that appears to be the standard lately. Force people to use such-and-so specific encryption standard, and fuck them in the eye sockets if they won't.

[#] Wed Jan 09 2019 13:19:29 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I'd rather see SASL die. It has a million zillion ways to avoid sending a password in the clear, and they're ALL obsolete if the connection itself is encrypted.

Plain authentication over TLS for the win.

[#] Wed Jan 09 2019 13:25:29 EST from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Heh... until the day someone figures out how to defeat that.

[#] Thu Jan 10 2019 16:38:18 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I have a much dimmer view of encryption in general: any encryption that is legal, can be broken in real time by The Bad People.

"You have no privacy. Get over it." -- Scott McNealy

These days, if you really and truly need to guard access into a system, you have to use two-factor authentication. And even then, The Bad People are still watching. I like ricin my burritos.

[#] Thu Jan 10 2019 17:40:27 EST from wizard of aahz

[Reply] [ReplyQuoted] [Headers] [Print]

I was going to say have no lines going in or going out.

[#] Fri Apr 12 2019 10:53:32 EDT from simon2371

Subject: citadel redirect http (80) to https (443)

[Reply] [ReplyQuoted] [Headers] [Print]

Is there a way to force https on Citadel? Thanks.



[#] Fri Apr 12 2019 11:10:11 EDT from Freakdog

Subject: Re: citadel redirect http (80) to https (443)

[Reply] [ReplyQuoted] [Headers] [Print]

 

Fri Apr 12 2019 10:53:32 EDT from simon2371 @ Uncensored Subject: citadel redirect http (80) to https (443)

Is there a way to force https on Citadel? Thanks.

Yup...disable port 80 in webcit and only publish links to https/443.



[#] Fri Apr 12 2019 13:48:20 EDT from IGnatius T Foobar

Subject: Re: citadel redirect http (80) to https (443)

[Reply] [ReplyQuoted] [Headers] [Print]

Right. WebCit itself won't do the redirect. You can run some other web server on port 80 and do the redirect to WebCit from there.

[#] Tue Apr 16 2019 13:11:50 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Couldn't one put Citadel on pretty much any port and use something like nginx to shuttle between the exposed 443 and whatever port you've put Citadel on?

(I say 'nginx', as I think that's what it was designed for, as opposed to apache, which is more oriented to serving pages).

[#] Wed Apr 17 2019 12:36:09 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Yes. You could use nginx as a proxy in several different ways. It can do the SSL offload instead of WebCit itself if that's what you're into. It can map to a different port. Etc.

And it will get better. webcit-ng is being built from the start so that every single URI begins with the "/ctdl" prefix, so that in the future you'll be able to configure a proxy webserver to just send requests starting with that prefix to Citadel, and send other transactions elsewhere. People who operate load balancers love that stuff.

[#] Fri May 24 2019 07:27:36 EDT from macarroni

Subject: Citadel behind a switch, switch directly connected to fiber optic

[Reply] [ReplyQuoted] [Headers] [Print]

Is it possible to make citadel visible and accessible from outside the LAN if the topography is as follows

(Fiber Optic line) --- (Switch, Netgear 5 gigabit) ---[port x]---(Computer with citadel)

Something like STUN perhaps, or something else?

Thanks for the help.



Go to page: First ... 5 6 7 8 [9] 10 11 12 13 ... Last