[Project_owners] [Sysadmin] Fw: mozdev.org -- are these files supposed to be public?

Arturo 'Buanzo' Busleiman buanzo at buanzo.com.ar
Thu Oct 6 09:56:01 PDT 2011


I am very very sorry Eric :(

Maybe an openvpn?


On 10/6/11, Eric H. Jung <eric.jung at getfoxyproxy.org> wrote:
> hi guys, i've been seeing all the support requests on these two mailing
> lists. my father died unexpectedly on Saturday, so I've been unable to
> assist. i should be able to assist again next week. can someone please
> please please grant me SSH access to the server? my ip address changes too
> frequently, so it cannot/should not be tied to my ip address. let me know
> where to send my public key.
>
> thanks,
> eric
>
>
> On Thu, Oct 6, 2011 at 12:32 PM, Arturo 'Buanzo' Busleiman <
> buanzo at buanzo.com.ar> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> We are working on that. Please stand by for a solution. Thank you for your
>> patience.
>>
>> On 10/06/2011 01:20 PM, REMOVED wrote:
>> > I understand that not indexing is not a perfect solution, but it would
>> > be
>> an acceptable solution to
>> > me. I realize that the information could still theoretically be accessed
>> (if someone knew where to
>> > look), but it wouldn't be "accessible" (easy to access, a secondary
>> meaning for the word).
>> >
>> > Also, the second method I suggested for making them non-indexable would
>> do so by preventing them
>> > from being accessed via HTTP in the first place. I don't presume that is
>> necessarily an acceptable
>> > option to the sysadmins however.
>> >
>> > Again, I appreciate everyone's time and consideration, and I will be
>> thrilled if any one of my
>> > suggestions is implemented.
>> >
>> > Nate
>> >
>> > On 10/06/2011 11:30 AM, Arturo 'Buanzo' Busleiman wrote:
>> > I was just offering an explanation. Also, not indexing does not really
>> protect you from anything, in
>> > the end: the data would still be there and accesible. Lots of crawlers /
>> search engines do not
>> > actively obey robots.txt rules.
>> >
>> > The result would be for someone to edit the mbox files, but it is not up
>> to me to make that
>> > decision. I support your right for privacy.
>> >
>> > On 10/06/2011 12:13 PM, REMOVED wrote:
>> >>>> I am not trying to assign blame to the sysadmins; I am making a
>> request. The reason I asked if the
>> >>>> files were intended to be public is because I noticed that the HTML
>> version of the archive uses the
>> >>>> "noindex" robots declaration on
>> http://mozdev.org/pipermail/blunderdelay/ ... I actually didn't
>> >>>> notice until now that the individual messages in the HTML format
>> >>>> don't
>> share in using that
>> >>>> declaration, I just presumed so since the parent page does. (It also
>> struck me as a possible
>> >>>> oversight that the files were being indexed since you have the
>> separate human-readable HTML versions
>> >>>> on the site.) The HTML version of my e-mail being indexed does not
>> concern me, since it doesn't
>> >>>> include those headers.
>> >>>>
>> >>>> I acknowledge that I made an oversight some four years ago when I
>> >>>> sent
>> that message. I don't think
>> >>>> it is necessary for me to be condemned to potential suffering of the
>> seriousness I have indicated if
>> >>>> it can be reasonably avoided.
>> >>>>
>> >>>> I recognize that the sysadmins may have reservations about making
>> certain changes, which is why I
>> >>>> have suggested multiple options. I suggested two different ways to
>> prevent the mbox files from being
>> >>>> indexed, under the presumption that there is no reason one would want
>> them to be indexed when there
>> >>>> are already processed and human-readable versions of those e-mails in
>> HTML format on the site. If
>> >>>> the sysadmins see some sort of utility in the indexing of the mbox
>> files that I have overlooked, I
>> >>>> hope they will consider my request to make a precision edit to remove
>> the content which concerns me,
>> >>>> either by editing the 3 lines which concern me or by merely deleting
>> my message in its entirety from
>> >>>> the thread.
>> >>>>
>> >>>> If none of these options is acceptable to the sysadmins, I would be
>> appreciative if you could
>> >>>> explain what concerns you have about the options I have suggested.
>> >>>>
>> >>>> Thanks,
>> >>>> Nate
>> >>>>
>> >>>> On 10/06/2011 10:24 AM, Arturo 'Buanzo' Busleiman wrote:
>> >>>> The fact the mbox file is below a pipermail seems to suggest it's a
>> public mailing-list related
>> >>>> file, ergo, indexing them IS the usual practice. You exposed
>> >>>> yourself,
>> not because of a mozdev
>> >>>> system administration problem, but because of how you used gmail and
>> public mailing lists.
>> >>>>
>> >>>> I'm not pointing fingers, just making a clarification. If you need to
>> separate your online
>> >>>> identities, do not use the same service (i.e gmail) to link them
>> together, which seems to be the
>> >>>> case (gmail allows to have different From lines, you probably used
>> that feature, but the real SENDER
>> >>>> is the gmail account used to send, even if changing the from).
>> >>>>
>> >>>> Someone else needs to make the call on editing that file.
>> >>>>
>> >>>> public.On 10/04/2011 10:20 PM, REMOVED wrote:
>> >>>>>>> Greetings, sysadmins!
>> >>>>>>>
>> >>>>>>> Could you please provide your response regarding the concerns and
>> suggestions I brought up in my
>> >>>>>>> August 28 message, copied 5 messages below? (The start is
>> highlighted with the bolded text.) Your
>> >>>>>>> response never got back to me. I appreciate your time. Thanks.
>> >>>>>>>
>> >>>>>>> Best Regards,
>> >>>>>>> REMOVED
>> >>>>>>>
>> >>>>>>> On 09/01/2011 05:24 PM, David Boswell wrote:
>> >>>>>>>> OK, will do.
>> >>>>>>>>
>> >>>>>>>>
>> ----------------------------------------------------------------------------------------------------
>> >>>>>>>>     **If messages sent to that list are not put into public mbox
>> files, I have no objection if you
>> >>>>>>>>     will forward my message.
>> >>>>>>>>
>> >>>>>>>>     Thanks,
>> >>>>>>>>     Nate
>> >>>>>>>>
>> >>>>>>>>     On 09/01/2011 05:00 PM, David Boswell wrote:
>> >>>>>>>>>     Nate,
>> >>>>>>>>>
>> >>>>>>>>>     The sysadmins list is a private mailing list.  If you're not
>> comfortable with me forwarding
>> >>>>>>>>>     that message, would you write a message to
>> sysadmin at mozdev.org <mailto:sysadmin at mozdev.org>
>> >>>>>>>>>     without the sensitive information that addresses the
>> >>>>>>>>> concerns
>> you have?
>> >>>>>>>>>
>> >>>>>>>>>     David
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> ----------------------------------------------------------------------------------------------------
>> >>>>>>>>>         **
>> >>>>>>>>>         Also,
>> >>>>>>>>>
>> >>>>>>>>>         I copied your sysadmins on my message below, but then
>> >>>>>>>>> got
>> notification that it was going
>> >>>>>>>>>         to post to another mailing list, so I used the cancel
>> link in that message. Please do not
>> >>>>>>>>>         post my e-mail to a mailing list, as it would defeat the
>> purpose of my request.
>> >>>>>>>>>
>> >>>>>>>>>         Nate
>> >>>>>>>>>
>> >>>>>>>>>         *On 08/28/2011 11:27 AM, REMOVED wrote: *
>> >>>>>>>>>>         Hello again!
>> >>>>>>>>>>
>> >>>>>>>>>>         I apologize for being a pest, but I was hoping you'd
>> >>>>>>>>>> get
>> back to me regarding my earlier
>> >>>>>>>>>>         inquiry. If you don't see the observation I've made as
>> being a problem from your
>> >>>>>>>>>>         perspective, I'm hoping you will be kind enough to
>> indulge me anyway, if it's not too
>> >>>>>>>>>>         much trouble.
>> >>>>>>>>>>
>> >>>>>>>>>>         You see, I'm actually concerned for my own sake,
>> >>>>>>>>>> because
>> the file I linked you to below
>> >>>>>>>>>>         exposes some information about me, and I have been
>> subject to some rather uncomfortable
>> >>>>>>>>>>         stalking and harassment during the past several months,
>> so would prefer that the
>> >>>>>>>>>>         information was not so accessible. I would be highly
>> appreciative if this information
>> >>>>>>>>>>         could either be removed from the file or if the files
>> containing such information were
>> >>>>>>>>>>         prevented from being index by the search engines.
>> >>>>>>>>>>
>> >>>>>>>>>>         I am familiar with the Apache Web server, but not so
>> much with the nginx server
>> >>>>>>>>>>         mozdev.org seems to be using. However, I've done a
>> small amount of research, and I
>> >>>>>>>>>>         believe either one of the following two directives
>> >>>>>>>>>> could
>> be used to prevent search
>> >>>>>>>>>>         engines from indexing the mbox files. I do not believe
>> there is any reason why you
>> >>>>>>>>>>         should want those files indexed by search engines
>> anyway, so I'm hoping you will comply
>> >>>>>>>>>>         with my request.
>> >>>>>>>>>>
>> >>>>>>>>>>             # tell search engines not to index mbox files
>> >>>>>>>>>>             location ~ \.(mbox)$ {
>> >>>>>>>>>>                 add_header X-Robots-Tag noindex;
>> >>>>>>>>>>             }
>> >>>>>>>>>>
>> >>>>>>>>>>             # disallow mbox files from being viewed directly
>> >>>>>>>>>> via
>> http
>> >>>>>>>>>>             location ~ \.(mbox)$ {
>> >>>>>>>>>>                 deny all;
>> >>>>>>>>>>                 return 403;
>> >>>>>>>>>>             }
>> >>>>>>>>>>
>> >>>>>>>>>>         Either one of these should prevent further indexing of
>> mbox files by the search engines,
>> >>>>>>>>>>         and would result in the eventual removal of mbox files
>> from their current index. You can
>> >>>>>>>>>>         see the current mbox files listed in Google here:
>> >>>>>>>>>>
>> https://encrypted.google.com/#sclient=psy&hl=en&site=&source=hp&q=filetype:mbox+site%3Amozdev.org&pbx=1&oq=filetype:mbox+site%3Amozdev.org&aq=f&aqi=&aql=&gs_sm=e&gs_upl=835l835l0l2250l1l1l0l0l0l0l148l148l0.1l1l0&bav=on.2,or.r_gc.r_pw.&fp=1d753b302b4e010e&biw=1280&bih=937
>> >>>>>>>>>>         <
>> https://encrypted.google.com/#sclient=psy&hl=en&site=&source=hp&q=filetype:mbox+site%3Amozdev.org&pbx=1&oq=filetype:mbox+site%3Amozdev.org&aq=f&aqi=&aql=&gs_sm=e&gs_upl=835l835l0l2250l1l1l0l0l0l0l148l148l0.1l1l0&bav=on.2,or.r_gc.r_pw.&fp=1d753b302b4e010e&biw=1280&bih=937
>> >
>> >>>>>>>>>>
>> >>>>>>>>>>         Alternatively, if you are not able or not willing to
>> adjust your server configuration to
>> >>>>>>>>>>         accommodate my request, I am hoping you will be willing
>> to edit the specific mbox file
>> >>>>>>>>>>         which concerns me:
>> http://www.mozdev.org/pipermail/blunderdelay.mbox/blunderdelay.mbox
>> >>>>>>>>>>
>> >>>>>>>>>>         In that file, there is an e-mail from me from February
>> of 2008 (Mon Feb 4 21:03:15
>> >>>>>>>>>>         2008). The headers in that e-mail make an unintended
>> connection between an online
>> >>>>>>>>>>         identity, "REMOVED", and my personal name and personal
>> account, "REMOVED" and
>> >>>>>>>>>>         "REMOVED at gmail.com" <mailto:REMOVED at gmail.com>
>> respectively. I would be grateful
>> >>>>>>>>>>         if you could remove that connection in either of the
>> following ways: (1) simply delete
>> >>>>>>>>>>         my e-mail message and headers from the file, or (2)
>> remove the "Sender" line and replace
>> >>>>>>>>>>         the e-mail address that shows up in the first two lines
>> of the headers with
>> >>>>>>>>>>         "REMOVED at Gmail.com" <mailto:REMOVED at Gmail.com>.
>> >>>>>>>>>>
>> >>>>>>>>>>         Thank you so much for taking the time to read my
>> message, and for considering my request.
>> >>>>>>>>>>
>> >>>>>>>>>>         Best Regards,
>> >>>>>>>>>>         REMOVED
>> >>>>>>>>>>
>> >>>>>>>>>>         On 08/04/2011 04:03 PM, David Boswell wrote:
>> >>>>>>>>>>>         Nate,
>> >>>>>>>>>>>
>> >>>>>>>>>>>         Thanks for pointing this out.  I'm forwarding this to
>> our sysadmins for their feedback.
>> >>>>>>>>>>>
>> >>>>>>>>>>>         David
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>             ----- Forwarded Message -----
>> >>>>>>>>>>>             *From:* REMOVED <REMOVED at gmail.com>
>> <mailto:REMOVED at gmail.com>
>> >>>>>>>>>>>             *To:* davidwboswell at yahoo.com <mailto:
>> davidwboswell at yahoo.com>
>> >>>>>>>>>>>             *Sent:* Wednesday, August 3, 2011 8:10 PM
>> >>>>>>>>>>>             *Subject:* mozdev.org -- are these files supposed
>> to be public?
>> >>>>>>>>>>>
>> >>>>>>>>>>>             There are mbox files publicly available and
>> >>>>>>>>>>> showing
>> up in search results, for example:
>> >>>>>>>>>>>
>> http://mozdev.org/pipermail/blunderdelay.mbox/blunderdelay.mbox
>> >>>>>>>>>>>
>> >>>>>>>>>>>             I noticed that the HTML versions have the "robots"
>> meta tag set to "noindex," so I
>> >>>>>>>>>>>             can only presume the mbox files weren't intended
>> >>>>>>>>>>> to
>> be indexed either...?
>> >>>>>>>>>>>
>> >>>>>>>>>>>             You can set the X-Robots-Tag header to noindex
>> automatically for mbox files with
>> >>>>>>>>>>>             Apache ... though I'm not sure about how this
>> >>>>>>>>>>> might
>> be accomplished with nginx.
>> >>>>>>>>>>>
>> >>>>>>>>>>>             Regards,
>> >>>>>>>>>>>             Nate
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>> _______________________________________________
>> >>>>>>> Sysadmin mailing list
>> >>>>>>> Sysadmin at mozdev.org
>> >>>>>>> https://www.mozdev.org/mailman/listinfo/sysadmin
>> >>
>>
>> - --
>> ⁂ Arturo "Buanzo" Busleiman ⁂ - http://soundcloud.com/no-carrier -
>> Independent Linux and Security Consultant - 16+y of IT exp. at your
>> service
>> .
>> OWASPer - http://www.buanzo.com.ar/pro/eng.html
>>   ..:
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEAREKAAYFAk6N2A8ACgkQAlpOsGhXcE1LiACeL0GQt4exEHLiqiaMhZfXFCde
>> 6LwAnjI89qXbRtOCq3wLPF6/7mssyxXw
>> =W+/8
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Sysadmin mailing list
>> Sysadmin at mozdev.org
>> https://www.mozdev.org/mailman/listinfo/sysadmin
>>
>


More information about the Project_owners mailing list