From owner-freebsd-security@freebsd.org Sun Dec 10 23:20:16 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1736EA0F79 for ; Sun, 10 Dec 2017 23:20:16 +0000 (UTC) (envelope-from michelle@sorbs.net) Received: from hades.sorbs.net (hades.sorbs.net [72.12.213.40]) by mx1.freebsd.org (Postfix) with ESMTP id 83B25680BA for ; Sun, 10 Dec 2017 23:20:16 +0000 (UTC) (envelope-from michelle@sorbs.net) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII; format=flowed Received: from typhoon.sorbs.net (203-206-128-220.perm.iinet.net.au [203.206.128.220]) by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013)) with ESMTPSA id <0P0R00402QK3RH00@hades.sorbs.net> for freebsd-security@freebsd.org; Sun, 10 Dec 2017 15:28:55 -0800 (PST) Subject: Re: http subversion URLs should be discontinued in favor of https URLs To: Yuri , Jason Hellenthal , Poul-Henning Kamp , "freebsd-security@freebsd.org" References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <2a6d123c-8ee5-8e1e-d99b-4bce02345308@rawbw.com> <1217.1512685566@critter.freebsd.dk> <83e44188-6e0d-13cc-4b80-d191ac010427@rawbw.com> <5A2A6985.3070202@sorbs.net> <20171210172127.GD5901@funkthat.com> From: Michelle Sullivan Message-id: <5A2DC0AB.3070900@sorbs.net> Date: Mon, 11 Dec 2017 10:18:03 +1100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 In-reply-to: <20171210172127.GD5901@funkthat.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 23:20:16 -0000 John-Mark Gurney wrote: > Michelle Sullivan wrote this message on Fri, Dec 08, 2017 at 21:29 +1100: >> Sorry you want to ensure a secure (trusted) connection you do it >> yourself. You go through other nodes (switches and routers of the > So you're fine w/ all the Comcast users having to switch ISPs? Because > Comcast modifies traffic. Sure, my ISP in Australia modifies some traffic (how much I don't know because I haven't looked deeply) first detection of it I setup mitigation to secure my connection from tampering... where I care about it. In my case they disabled https access so they could MITM... All my http(s) traffic now goes through a proxy, and all my network traffic now exits over a VPN connection to my network in a DC which hosts the top of my proxy server chain. > So you're now saying that if you use FreeBSD > you can't use Comcast as your ISP? No, I'm saying if you can't trust ${ISP} to give you your FreeBSD source untampered with, you should not use ${ISP} as your ISP... don't give a t*** who ${ISP} is, if you can't trust it, don't use it or mitigate your trust issues by doing like me. This argument is circular and pointless, if ${User} is downloading and compiling FreeBSD from source there is a pretty good chance they know a little more about Tor than 'I heard this app will allow me anonymity'... Seriously, you want anonymity and safety I have a device that I'll send you for free... Its lightweight and simple, it consists of two metal blades with a pivot in the middle. Michelle