From owner-freebsd-questions@freebsd.org Fri Aug 14 08:36:05 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6C2983B95AF for ; Fri, 14 Aug 2020 08:36:05 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BScGX19Bkz4R77 for ; Fri, 14 Aug 2020 08:36:03 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: by mail-io1-xd33.google.com with SMTP id q75so10107534iod.1 for ; Fri, 14 Aug 2020 01:36:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yaTZaen+h6k6cCeLR6Vc77ZXryBKyapJWbV4Gi6WHTI=; b=uh1VOWUjudMD5KT1ab2+907YZva/kxT1tJcsri3YuwTQN+rit/BkvpDfVjFZOyw/xD 2yokuPDjyQ8hFKIwQBa6rQmZdhXiChh6cMN3zICR66QfL0d2DFV2updq/RD3DJy2eMvL zhlXNwEAeAVW4zvPfHFiKrH0U+tWBrvi06ZxCR5/q9PEajXtZS9Sw3UTPovJ6mgvxnOm c8M406KWJxinM8A0SFQXhRWVe7aF1jIM4nQVA/Dzkxp4rOECwDCCHGI39q/Fh8AGwoMJ 0RVTO4KBJf8iwrxbrDmVZ/7ATntanzEJPUNxJPVG0YTjqDxPCYd9COQbntokgq72lrrO pTsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yaTZaen+h6k6cCeLR6Vc77ZXryBKyapJWbV4Gi6WHTI=; b=F7DgnA4qQC4V2eciTM3yrmByChhzAeWogEh95S/n3gTUnPon1G7z20VxeAVEl77EI6 socd2Hbz/yJllzjI2FMhk4aAb69S9kL7Qsv6n1VCIyqE20JwmBus394NDFD2QUBTfO52 lXY8zydUYCJfxGQnSIlqImlNmKBHlUVbeKhsmM7LH2GZb8TnWOcjHcO04vnX0KeLG4zq YoC0dSZCzEGy6tysbjADanWKPUauZO350T5eFsOrnPotzX/esrYFApiVmnxBrQDkZN0P 7X5GM17Nr1E1SzBCmK2xN+u/zL/5b2gg/CQ5/3jziPes7S6CRv7okwsOjPX+Z0IiO5x4 B3Pg== X-Gm-Message-State: AOAM533/QXeV71/XvKqgSVpMArg1ixM9U0Sp934LFzJq1sxl1aC3zIHq /OcOVlasDtBbH/nHSBXyIMZ64HMquIhYFQoP4nM= X-Google-Smtp-Source: ABdhPJxznnr0l0djkaPRcDEMoycl42JJDgHTwzt+LVCqG5ZaW6t5FaAmORH5j4T1LDan5Z0e/3CdvUfIUf7zhdq8WAA= X-Received: by 2002:a02:c789:: with SMTP id n9mr1785582jao.40.1597394163043; Fri, 14 Aug 2020 01:36:03 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Aryeh Friedman Date: Fri, 14 Aug 2020 04:35:50 -0400 Message-ID: Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end To: Olivier Cc: FreeBSD Mailing List X-Rspamd-Queue-Id: 4BScGX19Bkz4R77 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=uh1VOWUj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of aryehfriedman@gmail.com designates 2607:f8b0:4864:20::d33 as permitted sender) smtp.mailfrom=aryehfriedman@gmail.com X-Spamd-Result: default: False [-3.05 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.01)[-1.006]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-1.01)[-1.006]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d33:from]; NEURAL_HAM_SHORT(-0.03)[-0.035]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2020 08:36:05 -0000 On Fri, Aug 14, 2020 at 4:19 AM Olivier wrote: > > The client based on a) recommendations from our old hosting provider who > > decided to go out of business due to the owner retiring, b) the maker of > > the devices we have connectected to the system (actually the manufacturer > > is another fine example of head up the ass... stuff like not even knowing > > what "concurrency" was when asked a question about how the devices > interact > > with the vendor provided front-end/DB [which sucks and thus our ground up > > rewrite of it] and when we pressed the matter where told "don't go down > > that rabbit hole", this confirms something another poster said that any > > software company that uses MSSQL get weird quickly -- the version of the > > devices we have current use MySQL but the next generation only "support" > > MSSQL since it is "better" than MySQL) and 3) by the fact that they were > a > > publicly traded (NY Stock Exchange) > > You had no saying in the choice of the hosting company, so you can > report to your client that given the circunstances, you cannot help and > that your client should deal with the matter. There is a limit to what > we can do technically. > Nice in theory! The reality is the marching orders we have from the client (who refuses to bend on this) is "make it work, I don't care how you do it, just make it work! ... or I will find new programmers who can make it work"... Good luck on the client doing that because the system is 100% custom (including the DB engine due to no existing DB meeting the regulatory requirements of end-to-end encryption [instead of just encrypted file system and encrypted fields.. the tables themselves need to be encrypted]) which we have wrote/maintained over the last 8 years including the occasional new feature (the new feature that is causing all this fuss is the client wants to autopop the windows MySQL DB the devices use to avoid duplicate hand copying of data between two forms and due to licensing costs we forced to do the testing on the production system thus need the hosting company to set up suitable near real time backups of the MySQL DB). > You mentioned that piort 25 is open, you could modify some SSH client > and server to start the connection like and SMTP protocol, launch > STARTLS then so some SSH inside. If the 1st packed is an EHLO and > everything after is encrypted, they cannot see what is inside. > We actually use port 25 for SMTP so this is a no-go (part of how the devices work is they send a email when they have data to upload and then have to be told remotely to upload it [this is one the scripts we have]) -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org