Language:

en_US

switch to room list switch to menu My folders
Go to page: First ... 5 6 7 8 [9] 10 11 12 13 ... Last
[#] Mon Sep 03 2018 22:02:38 UTC from winzlo

[Reply] [ReplyQuoted] [Headers] [Print]

Well, if one is running a mail server with SSL encrypted POP/IMAP/SMTP, there shouldn't be any additional security implications, just a much busier spam filter as IG pointed out. Spammers rely on replies from mail servers to see how far they can get in terms of information gathering. An open relay could reveal a lot more than novices would be aware of, presuming that this was something that all ISp's adopted. I've worked with enough "senior technical" personnel to know that far too many either lied or conned their way into their jobs with either minimal or no actual expertise. No wonder big corporations are going bankrupt...something for another room, though. :)

[#] Fri Oct 26 2018 00:11:49 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Heh... imagine if RS-232 connectors could have a conflict between
their physical gender and what they feel their physical gender should

have been.


(Quoted from fleeb in the Home Handyman room)

I know it was a joke, but ... RS-232 connectors originally *did* have "gender roles".

RS-232 on a male DB-25 connector was supposed to behave as DTE, with transmit on pin 2, receive on pin 3, asserting DTR on pin 20, etc.

RS-232 on a female DB-25 connector was supposed to behave as DCE, receiving on pin 2, transmitting on pin 3, listening for DTR on pin 20, etc.

In practice, most manufacturers simply put female connectors on everything, shipped male-to-male cables, and expected you to work out any connection problems on your own. Ironically, one notable exception was IBM, the "evil empire" of that era, whose DTE ports on the PC were 25 pin male.
Imagine that, the manufacturer who at the time was famous for coming up with their own incompatible version of everything, was one of the few following the standard.

If everyone had followed the standard, an entire category of adapters would not have been needed.

Today, over half a century after RS-232 was introduced, most serial ports appear as the de-facto standard of the Cisco serial console pinouts on an RJ-45 connector.

[#] Fri Oct 26 2018 14:13:22 UTC from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


That would have simplified quite a few things if people followed that standard.
Hm.

[#] Mon Oct 29 2018 19:12:46 UTC from userT <>

[Reply] [ReplyQuoted] [Headers] [Print]

So I just read this:
https://www.fastmail.com/help/technical/ssltlsstarttls.html

Quite helped me to understand the differences, but one of the parts that caught my attention was this:
"At some point, it was decided that having 2 ports for every protocol was wasteful, and instead you should have 1 port that starts off as plaintext, but the client can upgrade the connection to an SSL/TLS encrypted one. This is what STARTTLS was created to do."

In my particular case, I also think it'd be better to go back having only one port for each protocol. But, from what I could overall understand, they still cannot reach a "global" agreement, old software is too conservative, etc, etc, which has the effect of keeping more than one port for each protocol for good...

And I'd like to ask, what do you think in general?
In the case you think as well only one port would be enough, which case would you prefer to stay for good? The more recent TLS implicit ports, or the old ports just with STARTTLS?

Thanks again.



[#] Thu Nov 01 2018 16:46:19 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Seriously. Anyone who worked with computers back then will remember what a nightmare it was to get different types of devices to handshake properly.
Every printer vendor had slightly different requirements. I did my share of time with the breakout box. I don't miss that.

DigiBoard (now just "Digi") is still around, by the way. They seem to do a lot of stuff with mobile routers.

[#] Fri Nov 02 2018 01:44:45 UTC from Ragnar Danneskjold

[Reply] [ReplyQuoted] [Headers] [Print]

I was really good at getting serial stuff to work.... So many people that it was magic.

[#] Fri Nov 02 2018 18:44:24 UTC from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


I also remember the different file formats for text.

Amusingly, that hasn't changed. If anything, it has only grown worse over time.

[#] Sat Nov 17 2018 17:30:04 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I was really good at getting serial stuff to work.... So many people

that it was magic.

Well yes, if you understood the protocol instead of just guessing, like a lot of people did ... it wasn't *that* hard. As long as you had the tools.

Of course, RS-232 was for pussies. Real engineers used V.35, with those gigantic 34-pin Winchester connectors. Yeah!

[#] Tue Dec 18 2018 22:59:13 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

And I'd like to ask, what do you think in general?
In the case you think as well only one port would be enough, which
case would you prefer to stay for good? The more recent TLS implicit
ports, or the old ports just with STARTTLS?

Actually, I think encryption in general is a bad idea, because it lulls people into a false sense of security.

One port or two ports is fine; instead I take issue with software that tries to enforce some sort of encryption policy and doesn't allow the user to override it. Yes, sometimes I want to send a password in the clear, and if I'm ok with that, the software shouldn't try to tell me I can't.

[#] Wed Jan 02 2019 14:40:12 UTC from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Eh... but that appears to be the standard lately. Force people to use such-and-so specific encryption standard, and fuck them in the eye sockets if they won't.

[#] Wed Jan 09 2019 18:19:29 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I'd rather see SASL die. It has a million zillion ways to avoid sending a password in the clear, and they're ALL obsolete if the connection itself is encrypted.

Plain authentication over TLS for the win.

[#] Wed Jan 09 2019 18:25:29 UTC from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Heh... until the day someone figures out how to defeat that.

[#] Thu Jan 10 2019 21:38:18 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I have a much dimmer view of encryption in general: any encryption that is legal, can be broken in real time by The Bad People.

"You have no privacy. Get over it." -- Scott McNealy

These days, if you really and truly need to guard access into a system, you have to use two-factor authentication. And even then, The Bad People are still watching. I like ricin my burritos.

[#] Thu Jan 10 2019 22:40:27 UTC from wizard of aahz

[Reply] [ReplyQuoted] [Headers] [Print]

I was going to say have no lines going in or going out.

[#] Fri Apr 12 2019 14:53:32 UTC from simon2371

Subject: citadel redirect http (80) to https (443)

[Reply] [ReplyQuoted] [Headers] [Print]

Is there a way to force https on Citadel? Thanks.



[#] Fri Apr 12 2019 15:10:11 UTC from Freakdog

Subject: Re: citadel redirect http (80) to https (443)

[Reply] [ReplyQuoted] [Headers] [Print]

 

Fri Apr 12 2019 10:53:32 EDT from simon2371 @ Uncensored Subject: citadel redirect http (80) to https (443)

Is there a way to force https on Citadel? Thanks.

Yup...disable port 80 in webcit and only publish links to https/443.



[#] Fri Apr 12 2019 17:48:20 UTC from IGnatius T Foobar

Subject: Re: citadel redirect http (80) to https (443)

[Reply] [ReplyQuoted] [Headers] [Print]

Right. WebCit itself won't do the redirect. You can run some other web server on port 80 and do the redirect to WebCit from there.

[#] Tue Apr 16 2019 17:11:50 UTC from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Couldn't one put Citadel on pretty much any port and use something like nginx to shuttle between the exposed 443 and whatever port you've put Citadel on?

(I say 'nginx', as I think that's what it was designed for, as opposed to apache, which is more oriented to serving pages).

[#] Wed Apr 17 2019 16:36:09 UTC from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Yes. You could use nginx as a proxy in several different ways. It can do the SSL offload instead of WebCit itself if that's what you're into. It can map to a different port. Etc.

And it will get better. webcit-ng is being built from the start so that every single URI begins with the "/ctdl" prefix, so that in the future you'll be able to configure a proxy webserver to just send requests starting with that prefix to Citadel, and send other transactions elsewhere. People who operate load balancers love that stuff.

[#] Fri May 24 2019 11:27:36 UTC from macarroni

Subject: Citadel behind a switch, switch directly connected to fiber optic

[Reply] [ReplyQuoted] [Headers] [Print]

Is it possible to make citadel visible and accessible from outside the LAN if the topography is as follows

(Fiber Optic line) --- (Switch, Netgear 5 gigabit) ---[port x]---(Computer with citadel)

Something like STUN perhaps, or something else?

Thanks for the help.



Go to page: First ... 5 6 7 8 [9] 10 11 12 13 ... Last