From owner-freebsd-questions@freebsd.org Fri Aug 14 08:19:11 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A0A753B8DAB for ; Fri, 14 Aug 2020 08:19:11 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BSbv15TG1z4QRD for ; Fri, 14 Aug 2020 08:19:09 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id 62B2F112505 for ; Fri, 14 Aug 2020 15:19:04 +0700 (+07) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :in-reply-to:subject:subject:from:from:received:received :received; s=selector1; t=1597393143; x=1599207544; bh=B0249sxer wRUwaFlIkhDYmBrnoXtgq/0yNOypaZfF7I=; b=KVv5GyYYtBUtaQu3E5OYJtEJ+ igPi3esyV/+eQIJEcktRbBR25ceEh+341Kt5NJ+9ccFirbfAM5FUT8DgNoSUSDLL dCtbpheyX3LbtkfYFQZvoLPQ9M08iEldAootuJgY+boVdAV6phVRIUIgjcWuhmoC 59Q06DSFycbZOaWv1o= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id KBbgNaxryvYg for ; Fri, 14 Aug 2020 15:19:03 +0700 (+07) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id E7545112504 for ; Fri, 14 Aug 2020 15:19:03 +0700 (+07) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id 07E8J5kH063527; Fri, 14 Aug 2020 15:19:05 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) From: Olivier To: freebsd-questions@freebsd.org Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end In-Reply-To: (message from Aryeh Friedman on Fri, 14 Aug 2020 04:00:22 -0400) Date: Fri, 14 Aug 2020 15:19:05 +0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: 4BSbv15TG1z4QRD X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cs.ait.ac.th header.s=selector1 header.b=KVv5GyYY; dmarc=pass (policy=none) header.from=cs.ait.ac.th; spf=pass (mx1.freebsd.org: domain of Olivier.Nicole@cs.ait.ac.th designates 192.41.170.16 as permitted sender) smtp.mailfrom=Olivier.Nicole@cs.ait.ac.th X-Spamd-Result: default: False [-4.33 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.02)[-1.025]; R_DKIM_ALLOW(-0.20)[cs.ait.ac.th:s=selector1]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.03)[-1.028]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[cs.ait.ac.th:+]; RCVD_IN_DNSWL_MED(-0.20)[192.41.170.16:from]; DMARC_POLICY_ALLOW(-0.50)[cs.ait.ac.th,none]; NEURAL_HAM_SHORT(-0.58)[-0.579]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:4767, ipnet:192.41.170.0/24, country:TH] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2020 08:19:11 -0000 > Tried and their answer is if we insist on breaking the contract then they > will terminate it and ask for additional penalties under the breach > clause. Considering that the hosting company is reponsible to break things, they are he one to pay the penalties... But I take it you are not a lawyer, neither I am. > There website claims they are in full compliance with HIPAA (the relevant > regulation in the US) and use it as a marketing point. I am wondering if their idiocy with HTTPS is and if that would not be worth reporting them to the right agencies. > The client based on a) recommendations from our old hosting provider who > decided to go out of business due to the owner retiring, b) the maker of > the devices we have connectected to the system (actually the manufacturer > is another fine example of head up the ass... stuff like not even knowing > what "concurrency" was when asked a question about how the devices interact > with the vendor provided front-end/DB [which sucks and thus our ground up > rewrite of it] and when we pressed the matter where told "don't go down > that rabbit hole", this confirms something another poster said that any > software company that uses MSSQL get weird quickly -- the version of the > devices we have current use MySQL but the next generation only "support" > MSSQL since it is "better" than MySQL) and 3) by the fact that they were a > publicly traded (NY Stock Exchange) You had no saying in the choice of the hosting company, so you can report to your client that given the circunstances, you cannot help and that your client should deal with the matter. There is a limit to what we can do technically. You mentioned that piort 25 is open, you could modify some SSH client and server to start the connection like and SMTP protocol, launch STARTLS then so some SSH inside. If the 1st packed is an EHLO and everything after is encrypted, they cannot see what is inside. Olivier --