[Project_owners] [Sysadmin] Fw: mozdev.org -- are these files supposed to be public?

Arturo 'Buanzo' Busleiman buanzo at buanzo.com.ar
Thu Oct 6 10:12:46 PDT 2011


It's quiiiite simple actually. I run like 25 instances of it :P


On 10/6/11, Eric H. Jung <eric.jung at getfoxyproxy.org> wrote:
> i assume you mean openvpn for a static ip address? it's just a configuration
> a nightmare, as far as i know.
> thank you, everyone, for your condolences.
> eric
>
>
>
>
>
> On Thu, Oct 6, 2011 at 12:56 PM, Arturo 'Buanzo' Busleiman <
> buanzo at buanzo.com.ar> wrote:
>
>> I am very very sorry Eric :(
>>
>> Maybe an openvpn?
>>
>>
>> On 10/6/11, Eric H. Jung <eric.jung at getfoxyproxy.org> wrote:
>> > hi guys, i've been seeing all the support requests on these two mailing
>> > lists. my father died unexpectedly on Saturday, so I've been unable to
>> > assist. i should be able to assist again next week. can someone please
>> > please please grant me SSH access to the server? my ip address changes
>> too
>> > frequently, so it cannot/should not be tied to my ip address. let me
>> > know
>> > where to send my public key.
>> >
>> > thanks,
>> > eric
>> >
>> >
>> > On Thu, Oct 6, 2011 at 12:32 PM, Arturo 'Buanzo' Busleiman <
>> > buanzo at buanzo.com.ar> wrote:
>> >
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA512
>> >>
>> >> We are working on that. Please stand by for a solution. Thank you for
>> your
>> >> patience.
>> >>
>> >> On 10/06/2011 01:20 PM, REMOVED wrote:
>> >> > I understand that not indexing is not a perfect solution, but it
>> >> > would
>> >> > be
>> >> an acceptable solution to
>> >> > me. I realize that the information could still theoretically be
>> accessed
>> >> (if someone knew where to
>> >> > look), but it wouldn't be "accessible" (easy to access, a secondary
>> >> meaning for the word).
>> >> >
>> >> > Also, the second method I suggested for making them non-indexable
>> would
>> >> do so by preventing them
>> >> > from being accessed via HTTP in the first place. I don't presume that
>> is
>> >> necessarily an acceptable
>> >> > option to the sysadmins however.
>> >> >
>> >> > Again, I appreciate everyone's time and consideration, and I will be
>> >> thrilled if any one of my
>> >> > suggestions is implemented.
>> >> >
>> >> > Nate
>> >> >
>> >> > On 10/06/2011 11:30 AM, Arturo 'Buanzo' Busleiman wrote:
>> >> > I was just offering an explanation. Also, not indexing does not
>> >> > really
>> >> protect you from anything, in
>> >> > the end: the data would still be there and accesible. Lots of
>> >> > crawlers
>> /
>> >> search engines do not
>> >> > actively obey robots.txt rules.
>> >> >
>> >> > The result would be for someone to edit the mbox files, but it is not
>> up
>> >> to me to make that
>> >> > decision. I support your right for privacy.
>> >> >
>> >> > On 10/06/2011 12:13 PM, REMOVED wrote:
>> >> >>>> I am not trying to assign blame to the sysadmins; I am making a
>> >> request. The reason I asked if the
>> >> >>>> files were intended to be public is because I noticed that the
>> >> >>>> HTML
>> >> version of the archive uses the
>> >> >>>> "noindex" robots declaration on
>> >> http://mozdev.org/pipermail/blunderdelay/ ... I actually didn't
>> >> >>>> notice until now that the individual messages in the HTML format
>> >> >>>> don't
>> >> share in using that
>> >> >>>> declaration, I just presumed so since the parent page does. (It
>> also
>> >> struck me as a possible
>> >> >>>> oversight that the files were being indexed since you have the
>> >> separate human-readable HTML versions
>> >> >>>> on the site.) The HTML version of my e-mail being indexed does not
>> >> concern me, since it doesn't
>> >> >>>> include those headers.
>> >> >>>>
>> >> >>>> I acknowledge that I made an oversight some four years ago when I
>> >> >>>> sent
>> >> that message. I don't think
>> >> >>>> it is necessary for me to be condemned to potential suffering of
>> the
>> >> seriousness I have indicated if
>> >> >>>> it can be reasonably avoided.
>> >> >>>>
>> >> >>>> I recognize that the sysadmins may have reservations about making
>> >> certain changes, which is why I
>> >> >>>> have suggested multiple options. I suggested two different ways to
>> >> prevent the mbox files from being
>> >> >>>> indexed, under the presumption that there is no reason one would
>> want
>> >> them to be indexed when there
>> >> >>>> are already processed and human-readable versions of those e-mails
>> in
>> >> HTML format on the site. If
>> >> >>>> the sysadmins see some sort of utility in the indexing of the mbox
>> >> files that I have overlooked, I
>> >> >>>> hope they will consider my request to make a precision edit to
>> remove
>> >> the content which concerns me,
>> >> >>>> either by editing the 3 lines which concern me or by merely
>> deleting
>> >> my message in its entirety from
>> >> >>>> the thread.
>> >> >>>>
>> >> >>>> If none of these options is acceptable to the sysadmins, I would
>> >> >>>> be
>> >> appreciative if you could
>> >> >>>> explain what concerns you have about the options I have suggested.
>> >> >>>>
>> >> >>>> Thanks,
>> >> >>>> Nate
>> >> >>>>
>> >> >>>> On 10/06/2011 10:24 AM, Arturo 'Buanzo' Busleiman wrote:
>> >> >>>> The fact the mbox file is below a pipermail seems to suggest it's
>> >> >>>> a
>> >> public mailing-list related
>> >> >>>> file, ergo, indexing them IS the usual practice. You exposed
>> >> >>>> yourself,
>> >> not because of a mozdev
>> >> >>>> system administration problem, but because of how you used gmail
>> and
>> >> public mailing lists.
>> >> >>>>
>> >> >>>> I'm not pointing fingers, just making a clarification. If you need
>> to
>> >> separate your online
>> >> >>>> identities, do not use the same service (i.e gmail) to link them
>> >> together, which seems to be the
>> >> >>>> case (gmail allows to have different From lines, you probably used
>> >> that feature, but the real SENDER
>> >> >>>> is the gmail account used to send, even if changing the from).
>> >> >>>>
>> >> >>>> Someone else needs to make the call on editing that file.
>> >> >>>>
>> >> >>>> public.On 10/04/2011 10:20 PM, REMOVED wrote:
>> >> >>>>>>> Greetings, sysadmins!
>> >> >>>>>>>
>> >> >>>>>>> Could you please provide your response regarding the concerns
>> and
>> >> suggestions I brought up in my
>> >> >>>>>>> August 28 message, copied 5 messages below? (The start is
>> >> highlighted with the bolded text.) Your
>> >> >>>>>>> response never got back to me. I appreciate your time. Thanks.
>> >> >>>>>>>
>> >> >>>>>>> Best Regards,
>> >> >>>>>>> REMOVED
>> >> >>>>>>>
>> >> >>>>>>> On 09/01/2011 05:24 PM, David Boswell wrote:
>> >> >>>>>>>> OK, will do.
>> >> >>>>>>>>
>> >> >>>>>>>>
>> >>
>> ----------------------------------------------------------------------------------------------------
>> >> >>>>>>>>     **If messages sent to that list are not put into public
>> mbox
>> >> files, I have no objection if you
>> >> >>>>>>>>     will forward my message.
>> >> >>>>>>>>
>> >> >>>>>>>>     Thanks,
>> >> >>>>>>>>     Nate
>> >> >>>>>>>>
>> >> >>>>>>>>     On 09/01/2011 05:00 PM, David Boswell wrote:
>> >> >>>>>>>>>     Nate,
>> >> >>>>>>>>>
>> >> >>>>>>>>>     The sysadmins list is a private mailing list.  If you're
>> not
>> >> comfortable with me forwarding
>> >> >>>>>>>>>     that message, would you write a message to
>> >> sysadmin at mozdev.org <mailto:sysadmin at mozdev.org>
>> >> >>>>>>>>>     without the sensitive information that addresses the
>> >> >>>>>>>>> concerns
>> >> you have?
>> >> >>>>>>>>>
>> >> >>>>>>>>>     David
>> >> >>>>>>>>>
>> >> >>>>>>>>>
>> >> >>>>>>>>>
>> >>
>> ----------------------------------------------------------------------------------------------------
>> >> >>>>>>>>>         **
>> >> >>>>>>>>>         Also,
>> >> >>>>>>>>>
>> >> >>>>>>>>>         I copied your sysadmins on my message below, but then
>> >> >>>>>>>>> got
>> >> notification that it was going
>> >> >>>>>>>>>         to post to another mailing list, so I used the cancel
>> >> link in that message. Please do not
>> >> >>>>>>>>>         post my e-mail to a mailing list, as it would defeat
>> the
>> >> purpose of my request.
>> >> >>>>>>>>>
>> >> >>>>>>>>>         Nate
>> >> >>>>>>>>>
>> >> >>>>>>>>>         *On 08/28/2011 11:27 AM, REMOVED wrote: *
>> >> >>>>>>>>>>         Hello again!
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         I apologize for being a pest, but I was hoping you'd
>> >> >>>>>>>>>> get
>> >> back to me regarding my earlier
>> >> >>>>>>>>>>         inquiry. If you don't see the observation I've made
>> as
>> >> being a problem from your
>> >> >>>>>>>>>>         perspective, I'm hoping you will be kind enough to
>> >> indulge me anyway, if it's not too
>> >> >>>>>>>>>>         much trouble.
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         You see, I'm actually concerned for my own sake,
>> >> >>>>>>>>>> because
>> >> the file I linked you to below
>> >> >>>>>>>>>>         exposes some information about me, and I have been
>> >> subject to some rather uncomfortable
>> >> >>>>>>>>>>         stalking and harassment during the past several
>> months,
>> >> so would prefer that the
>> >> >>>>>>>>>>         information was not so accessible. I would be highly
>> >> appreciative if this information
>> >> >>>>>>>>>>         could either be removed from the file or if the
>> >> >>>>>>>>>> files
>> >> containing such information were
>> >> >>>>>>>>>>         prevented from being index by the search engines.
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         I am familiar with the Apache Web server, but not so
>> >> much with the nginx server
>> >> >>>>>>>>>>         mozdev.org seems to be using. However, I've done a
>> >> small amount of research, and I
>> >> >>>>>>>>>>         believe either one of the following two directives
>> >> >>>>>>>>>> could
>> >> be used to prevent search
>> >> >>>>>>>>>>         engines from indexing the mbox files. I do not
>> believe
>> >> there is any reason why you
>> >> >>>>>>>>>>         should want those files indexed by search engines
>> >> anyway, so I'm hoping you will comply
>> >> >>>>>>>>>>         with my request.
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>             # tell search engines not to index mbox files
>> >> >>>>>>>>>>             location ~ \.(mbox)$ {
>> >> >>>>>>>>>>                 add_header X-Robots-Tag noindex;
>> >> >>>>>>>>>>             }
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>             # disallow mbox files from being viewed directly
>> >> >>>>>>>>>> via
>> >> http
>> >> >>>>>>>>>>             location ~ \.(mbox)$ {
>> >> >>>>>>>>>>                 deny all;
>> >> >>>>>>>>>>                 return 403;
>> >> >>>>>>>>>>             }
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         Either one of these should prevent further indexing
>> of
>> >> mbox files by the search engines,
>> >> >>>>>>>>>>         and would result in the eventual removal of mbox
>> files
>> >> from their current index. You can
>> >> >>>>>>>>>>         see the current mbox files listed in Google here:
>> >> >>>>>>>>>>
>> >>
>> https://encrypted.google.com/#sclient=psy&hl=en&site=&source=hp&q=filetype:mbox+site%3Amozdev.org&pbx=1&oq=filetype:mbox+site%3Amozdev.org&aq=f&aqi=&aql=&gs_sm=e&gs_upl=835l835l0l2250l1l1l0l0l0l0l148l148l0.1l1l0&bav=on.2,or.r_gc.r_pw.&fp=1d753b302b4e010e&biw=1280&bih=937
>> >> >>>>>>>>>>         <
>> >>
>> https://encrypted.google.com/#sclient=psy&hl=en&site=&source=hp&q=filetype:mbox+site%3Amozdev.org&pbx=1&oq=filetype:mbox+site%3Amozdev.org&aq=f&aqi=&aql=&gs_sm=e&gs_upl=835l835l0l2250l1l1l0l0l0l0l148l148l0.1l1l0&bav=on.2,or.r_gc.r_pw.&fp=1d753b302b4e010e&biw=1280&bih=937
>> >> >
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         Alternatively, if you are not able or not willing to
>> >> adjust your server configuration to
>> >> >>>>>>>>>>         accommodate my request, I am hoping you will be
>> willing
>> >> to edit the specific mbox file
>> >> >>>>>>>>>>         which concerns me:
>> >> http://www.mozdev.org/pipermail/blunderdelay.mbox/blunderdelay.mbox
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         In that file, there is an e-mail from me from
>> February
>> >> of 2008 (Mon Feb 4 21:03:15
>> >> >>>>>>>>>>         2008). The headers in that e-mail make an unintended
>> >> connection between an online
>> >> >>>>>>>>>>         identity, "REMOVED", and my personal name and
>> personal
>> >> account, "REMOVED" and
>> >> >>>>>>>>>>         "REMOVED at gmail.com" <mailto:
>> REMOVED at gmail.com>
>> >> respectively. I would be grateful
>> >> >>>>>>>>>>         if you could remove that connection in either of the
>> >> following ways: (1) simply delete
>> >> >>>>>>>>>>         my e-mail message and headers from the file, or (2)
>> >> remove the "Sender" line and replace
>> >> >>>>>>>>>>         the e-mail address that shows up in the first two
>> lines
>> >> of the headers with
>> >> >>>>>>>>>>         "REMOVED at Gmail.com" <mailto:REMOVED at Gmail.com>.
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         Thank you so much for taking the time to read my
>> >> message, and for considering my request.
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         Best Regards,
>> >> >>>>>>>>>>         REMOVED
>> >> >>>>>>>>>>
>> >> >>>>>>>>>>         On 08/04/2011 04:03 PM, David Boswell wrote:
>> >> >>>>>>>>>>>         Nate,
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>         Thanks for pointing this out.  I'm forwarding this
>> to
>> >> our sysadmins for their feedback.
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>         David
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>             ----- Forwarded Message -----
>> >> >>>>>>>>>>>             *From:* REMOVED <REMOVED at gmail.com>
>> >> <mailto:REMOVED at gmail.com>
>> >> >>>>>>>>>>>             *To:* davidwboswell at yahoo.com <mailto:
>> >> davidwboswell at yahoo.com>
>> >> >>>>>>>>>>>             *Sent:* Wednesday, August 3, 2011 8:10 PM
>> >> >>>>>>>>>>>             *Subject:* mozdev.org -- are these files
>> supposed
>> >> to be public?
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>             There are mbox files publicly available and
>> >> >>>>>>>>>>> showing
>> >> up in search results, for example:
>> >> >>>>>>>>>>>
>> >> http://mozdev.org/pipermail/blunderdelay.mbox/blunderdelay.mbox
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>             I noticed that the HTML versions have the
>> "robots"
>> >> meta tag set to "noindex," so I
>> >> >>>>>>>>>>>             can only presume the mbox files weren't
>> >> >>>>>>>>>>> intended
>> >> >>>>>>>>>>> to
>> >> be indexed either...?
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>             You can set the X-Robots-Tag header to noindex
>> >> automatically for mbox files with
>> >> >>>>>>>>>>>             Apache ... though I'm not sure about how this
>> >> >>>>>>>>>>> might
>> >> be accomplished with nginx.
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>             Regards,
>> >> >>>>>>>>>>>             Nate
>> >> >>>>>>>>>>>
>> >> >>>>>>>>>>>
>> >> >>>>>>> _______________________________________________
>> >> >>>>>>> Sysadmin mailing list
>> >> >>>>>>> Sysadmin at mozdev.org
>> >> >>>>>>> https://www.mozdev.org/mailman/listinfo/sysadmin
>> >> >>
>> >>
>> >> - --
>> >> ⁂ Arturo "Buanzo" Busleiman ⁂ - http://soundcloud.com/no-carrier -
>> >> Independent Linux and Security Consultant - 16+y of IT exp. at your
>> >> service
>> >> .
>> >> OWASPer - http://www.buanzo.com.ar/pro/eng.html
>> >>   ..:
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Version: GnuPG v1.4.11 (GNU/Linux)
>> >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>> >>
>> >> iEYEAREKAAYFAk6N2A8ACgkQAlpOsGhXcE1LiACeL0GQt4exEHLiqiaMhZfXFCde
>> >> 6LwAnjI89qXbRtOCq3wLPF6/7mssyxXw
>> >> =W+/8
>> >> -----END PGP SIGNATURE-----
>> >> _______________________________________________
>> >> Sysadmin mailing list
>> >> Sysadmin at mozdev.org
>> >> https://www.mozdev.org/mailman/listinfo/sysadmin
>> >>
>> >
>> _______________________________________________
>> Sysadmin mailing list
>> Sysadmin at mozdev.org
>> https://www.mozdev.org/mailman/listinfo/sysadmin
>>
>


More information about the Project_owners mailing list