From owner-freebsd-questions@freebsd.org Fri Aug 14 14:32:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F079A3C12A9 for ; Fri, 14 Aug 2020 14:32:38 +0000 (UTC) (envelope-from jon@radel.com) Received: from radel.com (fly.radel.com [70.184.242.170]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.radel.com", Issuer "GoGetSSL RSA DV CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BSm9x3yKRz3XBk for ; Fri, 14 Aug 2020 14:32:37 +0000 (UTC) (envelope-from jon@radel.com) X-CGP-ClamAV-Result: CLEAN X-VirusScanner: Niversoft's CGPClamav Helper v1.19.2 (ClamAV engine v0.99.2) X-ExtFilter: Niversoft's DomainKeys Helper DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; d=radel.com; s=20170108.radel; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; b=ZekfPlsPo4U8K4Z7OxBnJ53FFFjOF6+GvcKRnkoelavZy2R6GSuUViFCOYjcqHFXnB 9JPFCBM1M51ZD9zT1kV+CuKH2KfwztZxHbWlAJkrYzRuZERDU3RsjtJQFBkQE45ztxhp Wek5lAhYb6LS9ydCrDvhNEbCSioSIop3aAbHMlj5Mj6G4s/j8/QIkDHkXMBnKXx/CAT/ VKaIBquO8qeWo74+v4uMkUkjjNBxZ9S+Xewq8tZlU2bjHen79IaYjOQi6KsncDQL3gCL uOJ28dT7cbOKj9HA2c9QnFuV1JQ+FwRgt7YfvvRzfjcw66V1k4yPIS6fsT8WQONZRHH5 P4Jw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radel.com; s=20170108.radel; t=1597415555; x=1598020355; q=dns/txt; h=Subject:To:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:Content-Type; bh=yiHSg1Xc7li R3bqj09OjP2jA48jyEw8s/zj7kvFtHFI=; b=M2l3FkkU2/oYxMTPVdD/DLi2T7h q9mSwUoADTC7ycgKkZfwgrzO+Ieer0I24uykJyIZJXNZVHxYJSND+8FqUD/iyPjZ 89zmU4cVbQuwp6y6TwoeS9ary2PQJRmhOYfNQ4TvGEkUFcqlo4Lrcul3tYHKM6tW GNYO3kjVdU7+LqSdnvJw2XLOMAE0qU8m+j+NiqAG5lLMGLLqCzbssHQYufzEV4Ik huLDHzc8+uq3kL5DJGlVPqYfiEUKmcqgv/fumbNcCxIXJrAw1vgmn9Yg7+w+U0il 8t0S/oSFXddsX0xqAAowLV+fJbE573s/lb8ujlKNY5KbDJs7Gvhowl5EliA== Received: from [2001:470:880a:4389:1815:e745:25d3:f224] (account jon@radel.com HELO haralson.local) by radel.com (CommuniGate Pro SMTP 6.1.14 _community_) with ESMTPSA id 2208007 for freebsd-questions@freebsd.org; Fri, 14 Aug 2020 14:32:35 +0000 Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end To: freebsd-questions@freebsd.org References: <40xvq0.qf0q3x.1hge1ap-qmf@smtp.boon.family> <20200814004312.bb0dd9f1.freebsd@edvax.de> <20200814065701.2b390145ac6d189161bc31b4@sohara.org> <173ed205550.27bc.0b331fcf0b21179f1640bd439e3f4a1e@tundraware.com> From: Jon Radel Message-ID: <4d320acd-a995-7a35-5c0e-c2c22e7e6f96@radel.com> Date: Fri, 14 Aug 2020 10:32:33 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms020501090001000806030708" X-Rspamd-Queue-Id: 4BSm9x3yKRz3XBk X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=radel.com header.s=20170108.radel header.b=M2l3FkkU; dmarc=pass (policy=none) header.from=radel.com; spf=pass (mx1.freebsd.org: domain of jon@radel.com designates 70.184.242.170 as permitted sender) smtp.mailfrom=jon@radel.com X-Spamd-Result: default: False [-4.24 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[radel.com:s=20170108.radel]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:70.184.242.160/28]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; HFILTER_HELO_IP_A(1.00)[radel.com]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.02)[-1.024]; NEURAL_HAM_MEDIUM(-1.06)[-1.063]; DKIM_TRACE(0.00)[radel.com:+]; DMARC_POLICY_ALLOW(-0.50)[radel.com,none]; NEURAL_HAM_SHORT(-0.05)[-0.049]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:22773, ipnet:70.184.240.0/21, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2020 14:32:39 -0000 This is a cryptographically signed message in MIME format. --------------ms020501090001000806030708 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US On 8/14/20 09:48, Aryeh Friedman wrote: > On Fri, Aug 14, 2020 at 9:20 AM Tim Daneliuk wr= ote: > >> On August 14, 2020 12:58:49 AM "Steve O'Hara-Smith" = >> wrote >> >> Again many corporate firewalls don't allow ssh out (or in directly) >>> because tunnelling bypasses the firewalls. And again it seems odd for= a >>> hosting company. >>> >> >> ssh out is typically prohibited to lower the risk of employee transfer= of >> sensitive data to external destinations - So called Data Loss Preventi= on. >> This, along with email scanning and man in the middle cert management = is >> pretty common. >> > Unless it is 100% air gapped with no ability to plug in portable media > and/or record the screen then nothing is 100% immune from such loss and= > thus not allowing it makes very little sense. If on the other hand th= e > idea is to limit the damage that malware/spyware can do then it makes s= ense > (even if someone does in [accidentally] install malware/spyware it can = not > send the results of its dirty work anywhere). > Untrue.=C2=A0 As the CISO at my latest employer said to me (paraphrasing some, as it's been a while): You and I know how to circumvent the restrictions, but the vast majority of the staff hasn't a clue.=C2=A0 This cuts down the noise I have to wade= through. ----- And back to the main topic of this thread:=C2=A0 What does your lawyer sa= y about your client that is huffing and puffing threats over your inability to perform magic to paper over their unwise contracting actions in regard to a different vendor?=C2=A0 Seems to me that you left = the land of technology a ways back on this one. Actually, better yet, you probably don't want to discuss that on a public list...... Good luck. --=20 --Jon Radel jon@radel.com --------------ms020501090001000806030708 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC C9owggXmMIIDzqADAgECAhBqm+E4O/8ra58B1dm4p1JWMA0GCSqGSIb3DQEBDAUAMIGFMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMzAxMTAwMDAwMDBaFw0yODAxMDkyMzU5NTla MIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQH EwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RP IFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6znlesKHZ1QBbHOAOY08YYdiFQ8yV5C0y1oNF9 Olg+nKcxLqf2NHbZhGra0D00SOTq9bus3/mxgUsg/Wh/eXQ0pnp8tZ8XZWAnlyKMpjL+qUBy RjXCA6RQyDMqVaVUkbIr5SU0RDX/kSsKwer3H1pT/HUrBN0X8sKtPTdGX8XAWt/VdMLBrZBl gvnkCos+KQWWCo63OTTqRvaq8aWccm+KOMjTcE6s2mj6RkalweyDI7X+7U5lNo6jzC8RTXtV V4/Vwdax720YpMPJQaDaElmOupyTf1Qib+cpukNJnQmwygjD8m046DQkLnpXNCAGjuJy1F5N ATksUsbfJAr7FLUCAwEAAaOCATwwggE4MB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZ MjLUMB0GA1UdDgQWBBSCr2yM+MX+lmF86B89K3FIXsSLwDAOBgNVHQ8BAf8EBAMCAYYwEgYD VR0TAQH/BAgwBgEB/wIBADARBgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+gPYY7 aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0 eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2Nh LmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au Y29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQB4XLKBKDRPPO5fVs6fl1bsj6JrF/bz 9kkIBtTYLzXN30D+03Hj6OxCDBEaIeNmsBhrJmuubvyE7HtoSmR809AgcYboW+rcTNZ/8u/H v+GTrNI/AhqX2/kiQNxmgUPt/eJPs92Qclj0HnVyy9TnSvGkSDU7I5Px+TbO+88G4zipA2ps ZaWeEykgzClZlPz1FjTCkk77ZXp5cQYYexE6zeeN4/0OqqoAloFrjAF4o50YJafX8mnahjp3 I2Y2mkjhk0xQfhNqbzlLWPoT3m7j7U26u7zg6swjOq8hITYc3/np5tM5aVyu6t99p17bTbY7 +1RTWBviN9YJzK8HxzObXYWBf/L+VGOYNsQDTxAk0Hbvb1j6KjUhg7fO294F29QIhhmiNOr8 4JHoy+fNLpfvYc/Q9EtFOI5ISYgOxLk3nD/whbUe9rmEQXLp8MB933Ij474gwwCPUpwv9mj2 PMnXoc7mbrS22XUSeTwxCTP9bcmUdp4jmIoWfhQm7X9w/Zgddg+JZ/YnIHOwsGsaTUgj7fIv xqith7DoJC91WJ8Lce3CVJqb1XWeKIJ84F7YLXZN0oa7TktYgDdmQVxYkZo1c5noaDKH9Oq9 cbm/vOYRUM1cWcef20Wkyk5S/GFyyPJwG0fR1nRas3DqAf4cXxMiEKcff7PNa4M3RGTqH0pW R8p6EjCCBewwggTUoAMCAQICEHQDryTAYaEsgncP8aGW6o4wDQYJKoZIhvcNAQELBQAwgZcx CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1Nh bGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNB IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE4MDMwNDAw MDAwMFoXDTIxMDMwMzIzNTk1OVowgfoxCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwUyMjE1MDEL MAkGA1UECBMCVkExFDASBgNVBAcTC1NwcmluZ2ZpZWxkMRowGAYDVQQJExE2OTE3IFJpZGdl d2F5IERyLjEVMBMGA1UEChMMSm9uIFQuIFJhZGVsMTIwMAYDVQQLEylJc3N1ZWQgdGhyb3Vn aCBKb24gVC4gUmFkZWwgRS1QS0kgTWFuYWdlcjEfMB0GA1UECxMWQ29ycG9yYXRlIFNlY3Vy ZSBFbWFpbDESMBAGA1UEAxMJSm9uIFJhZGVsMRwwGgYJKoZIhvcNAQkBFg1qb25AcmFkZWwu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK/dFQxMTnVPcP1TI09m30v8 rSG/VWSFWfFvu/2jzPkNL+ivx6A4LNUbqw4CS73GIKcbp8IrpNQz2oQV6mTv+KVJzJMf8GjA y8EzZjhc2tAXL+Q57omCTuAc6cw2KDYFL0aNWX4CEe/LqfoBDKpJF7HCrwwus55+tTEkAY8j tRkQRMHf47YQVJjD/4pdC/h+7jjI0oSgh1npT7Q3K47g6IkVzjhiH8LCsCSVYaLzRZfgcl3s 0GLE858PV/84l5d/hUVD0u9J2EdKpf+hnFqZnA3qw9R0xFQIE6yOkUvhALw1zxXaiGj0047a gBE2Bhv2UIlj6Q0zPa5kRYDy9vBI6QIDAQABo4IBzTCCAckwHwYDVR0jBBgwFoAUgq9sjPjF /pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFHS/Ewun4pYC9Lla5kkmj4zo7tKcMA4GA1UdDwEB /wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjBG BgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3Vy ZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2Nh LmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3Js MIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29t L0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYI KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAYBgNVHREEETAPgQ1qb25AcmFk ZWwuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBUNLBptNFZRBkOUPOCI9TPM6QauLK6jojtbxZO XWvZfKvq8ukWUZTPtaDS5UjsMhlxLf/Crv8HkiVXSzC36cVQyjNjl1u+u/Sbl/6q/TfQk+aK 5jzDd4onQVzlfE33ymtZJgh+4dMPWKuXjRS0OyMLzv3mYCvFO83l1G9rBiaCEfFJHKgVGY1z 3ZU/gsPCQ2a0xf3908lwl5H3SPB3ZzLWDf41o5zV70HXfsgP862KzxU9t46XBGZ8TRl/5fl+ Xj2KQdpyWlNZUS00/UHznxeFO5+bkNaOg24BjwfBOWi0D47CE+6BRWvtrmgciWxefUuYeeIy Qr58KK8DlBCkVF06MYIENTCCBDECAQEwgawwgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD QSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBh bmQgU2VjdXJlIEVtYWlsIENBAhB0A68kwGGhLIJ3D/GhluqOMA0GCWCGSAFlAwQCAQUAoIIC WTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDA4MTQxNDMy MzNaMC8GCSqGSIb3DQEJBDEiBCDq4T2662mRqTexyeVoaPEEVClxrETrYwMeQl1zi7Zj2zBs BgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo MIG9BgkrBgEEAYI3EAQxga8wgawwgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1p dGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2Vj dXJlIEVtYWlsIENBAhB0A68kwGGhLIJ3D/GhluqOMIG/BgsqhkiG9w0BCRACCzGBr6CBrDCB lzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMH U2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBS U0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEHQDryTAYaEs gncP8aGW6o4wDQYJKoZIhvcNAQEBBQAEggEAbYthRW3ZC0tHQypnfH4CkdCXGNVvJJEp8eYS no2S5xEhj5pG4/5pJP0cbaWKL2p3pPWG+xSnK/npu8MiIY5Um+4x2IgnLmALT7S7H85OS4gz SXg2dV7F/aBaOiL8v8YYYgljcPAffxrHoEOFWm0ad13mXlY2mj9968I0GEtu276kF5gjhbJ2 UBt2a9xLkfZNLF+rNG0yREfRbaYYenRWMt4zzhbh8kkDUw91Iy+DUAWXM7kbyPvBKfD5LAII wAaQJkOHbX1DRbM8DDCjt00untP1SggeOQfdA+R8C0WHniJzmBpMDB7nzU5Wq64Fw8ddQfyT 86I+w6D4IYUm7dGXdAAAAAAAAA== --------------ms020501090001000806030708--