GNU.org is down

GNU.org is down

[Markus Weimer]

Hi,

apperently, gnu.org is down. Is anyone aware of a mirror?

Thanks in advance,

Markus Weimer

Re: GNU.org is down

[David Steuber]

Markus Weimer <newsgroup@markus-weimer.com> writes:

> apperently, gnu.org is down. Is anyone aware of a mirror?

I guess that's why I can't hit CVS on subversions.gnu.org.  Anyone
know what the deal is?

-- 
   One Emacs to rule them all.  One Emacs to find them,
   One Emacs to take commands and to the keystrokes bind them,

All other programming languages wish they were Lisp.

Re: GNU.org is down

[Pascal Bourguignon]

David Steuber <david.steuber@verizon.net> writes:

> Markus Weimer <newsgroup@markus-weimer.com> writes:
> 
> > apperently, gnu.org is down. Is anyone aware of a mirror?
> 
> I guess that's why I can't hit CVS on subversions.gnu.org.  Anyone
> know what the deal is?

Check http://savannah.gnu.org/statement.html

-- 
__Pascal_Bourguignon__                              .  *   * . * .* .
http://www.informatimago.com/                        .   *   .   .*
There is no worse tyranny than to force             * .  . /\  ()  . *
a man to pay for what he does not                    . .  / .\   . * .
want merely because you think it                    .*.  / *  \  . .
would be good for him. -- Robert Heinlein             . /*   o \     .
http://www.theadvocates.org/                        *   '''||'''   .
SCO Spam-magnet: postmaster@sco.com                 ******************

Re: GNU.org is down

[David Steuber]

Pascal Bourguignon <spam@thalassa.informatimago.com> writes:

> David Steuber <david.steuber@verizon.net> writes:
> 
> > Markus Weimer <newsgroup@markus-weimer.com> writes:
> > 
> > > apperently, gnu.org is down. Is anyone aware of a mirror?
> > 
> > I guess that's why I can't hit CVS on subversions.gnu.org.  Anyone
> > know what the deal is?
> 
> Check http://savannah.gnu.org/statement.html

Well this sucks big time I must say.

There seems to be no ETA on the CVS repository being fully restored.
I guess those things are hard to guage in a situation like this.

When CVS is fully restored, will I have to use SSH in the future?
I've been doing the following:

cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs

I'm pretty sure I have not been using SSH as I only do checkouts and
don't have an account.  I've never done CVS via SSH so far as I know.

-- 
   One Emacs to rule them all.  One Emacs to find them,
   One Emacs to take commands and to the keystrokes bind them,

All other programming languages wish they were Lisp.

Re: GNU.org is down

[David Kastrup]

David Steuber <david.steuber@verizon.net> writes:

> Pascal Bourguignon <spam@thalassa.informatimago.com> writes:
> 
> > David Steuber <david.steuber@verizon.net> writes:
> > 
> > > Markus Weimer <newsgroup@markus-weimer.com> writes:
> > > 
> > > > apperently, gnu.org is down. Is anyone aware of a mirror?
> > > 
> > > I guess that's why I can't hit CVS on subversions.gnu.org.  Anyone
> > > know what the deal is?
> > 
> > Check http://savannah.gnu.org/statement.html
> 
> Well this sucks big time I must say.

Complain to the involved criminals.  It is sad that scum like that
does not even refrain from destroying infrastructure for the common
good.  The FSF has to cope with the equivalent of finding that someone
has gone to considerable criminal effort in order to achieve the
equivalent of wiring explosives into a Red Cross building or poisoning
the food in soup kitchens: it was a rather obscure vulnerability that
the perpetrators used for that attack.

So there is not much one can do except boost the security to levels
one should normally only consider necessary for military or
intelligence instead of charity operations.

Maintaining a consistent high level of security causes a severe drain
of usability and accessibility (as you have noticed), and it also
requires considerable human resources permanently.

What kind of people gleefully cause a considerable permanent damage to
a charity instead of elsewhere "just" for the hope of monetary gains?
I hope that they are found and dealt with in proportion to their
crime and the impact it will have.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

Re: GNU.org is down

[Eli Zaretskii]

> Newsgroups: gnu.emacs.help
> From: David Steuber <david.steuber@verizon.net>
> Date: Wed, 10 Dec 2003 16:05:23 GMT
> 
> Well this sucks big time I must say.
> 
> There seems to be no ETA on the CVS repository being fully restored.
> I guess those things are hard to guage in a situation like this.
> 
> When CVS is fully restored, will I have to use SSH in the future?

You misunderstood, I think: first, anon CVS will continue to be
available; and second, it is _already_ available.  (That is, people
can check-out files, but the maintainers still cannot check-in new
code.)  Perhaps the Savannah staff didn't update their Web pages to
that effect yet.

> I've been doing the following:
> 
> cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs
> 
> I'm pretty sure I have not been using SSH as I only do checkouts and
> don't have an account.  I've never done CVS via SSH so far as I know.

You won't need to.  Anon CVS is limited to read-only access to the CVS
tree, and as such, its security requirements are much lower than for
people who want write access.

Re: GNU.org is down

[Tim McNamara]

David Kastrup <dak@gnu.org> writes:

> David Steuber <david.steuber@verizon.net> writes:
>
>> Well this sucks big time I must say.
>
> Complain to the involved criminals.  It is sad that scum like that
> does not even refrain from destroying infrastructure for the common
> good.  The FSF has to cope with the equivalent of finding that
> someone has gone to considerable criminal effort in order to achieve
> the equivalent of wiring explosives into a Red Cross building or
> poisoning the food in soup kitchens: it was a rather obscure
> vulnerability that the perpetrators used for that attack.

Except that it is unlikely that anyone will die or be maimed for life
by this.  Let's maintain a little perspective.  This is a bad
situation, but it is not a fatal one.

> So there is not much one can do except boost the security to levels
> one should normally only consider necessary for military or
> intelligence instead of charity operations.

Unfortunately any computer connected to the Internet must be treated
this way, even dialup connections are potentially dangerous.

> Maintaining a consistent high level of security causes a severe
> drain of usability and accessibility (as you have noticed), and it
> also requires considerable human resources permanently.

As has been noted by people smarter than I, the cost of freedom is
vigilance.  The FSF is doing a wonderful thing by making it possible
for people to have a complete operational information management and
data analysis system for free (software costs, that is).  IMHO the
people who write the code that I am using every day are everyday
heroes, who are rarely thanked and receive no compensation for their
efforts other than satisfaction.

> What kind of people gleefully cause a considerable permanent damage
> to a charity instead of elsewhere "just" for the hope of monetary
> gains?  I hope that they are found and dealt with in proportion to
> their crime and the impact it will have.

Unfortunately, the laws dealing with this kind of vandalism and
destructiveness are rather lax, and difficult to enforce given the
global locations of the perpetrators.  As for what kind of people they
may be, one presumes they are people lacking a good moral compass, who
are angry and have inadequate regard for others.  Punishment will not
be enough, they must also learn how to live properly.

Re: GNU.org is down

[V. L. Simpson]

David Steuber <david.steuber@verizon.net> writes:

> When CVS is fully restored, will I have to use SSH in the future?
> I've been doing the following:
> 
> cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs

I just did a quick check w/o CVS_RSH set and received a hung
connection.  With CVS_RSH=ssh everything worked fine.  So yes it
appears ssh is now required for anonymous downloads.

Note--You only need the client installed, a running sshd is not necessary.

HTH,
vls

Re: GNU.org is down

[Bob Nelson]

David Kastrup <dak@gnu.org> wrote:

> Maintaining a consistent high level of security causes a severe drain
> of usability and accessibility (as you have noticed), and it also
> requires considerable human resources permanently.

> What kind of people gleefully cause a considerable permanent damage to
> a charity instead of elsewhere "just" for the hope of monetary gains?
> I hope that they are found and dealt with in proportion to their
> crime and the impact it will have.

``Dealing'' with the ``crime'' implies punishment, unless I misread your
intent, David. But that only addresses the symptom.

- Instead the objective should be to find out what may have motivated
  such a course of action from the individual(s) involved. Perhaps there
  are cultural or ethical differences that need to be taken into account,
  appreciated and understood.

Re: GNU.org is down

[me]

David, you are right of course.  But all coins have 2 sides.  The tail
in this case is increased knowledge and experience in IT security.

Lux
-- 
If you receive this by error, please delete it and inform the sender.
http://www.consult-meyers.com recommends email encryption using GnuPG.

Re: GNU.org is down

[David Steuber]

David Kastrup <dak@gnu.org> writes:

> What kind of people gleefully cause a considerable permanent damage to
> a charity instead of elsewhere "just" for the hope of monetary gains?
> I hope that they are found and dealt with in proportion to their
> crime and the impact it will have.

The kind of people who deserve a disproportionately harsh punishment.

I really can't fathom their motives.  The paranoid in me would blame
SCO or Microsoft.  With luck, whoever did it left behind IP addresses
in the logs that point back to them.

-- 
   One Emacs to rule them all.  One Emacs to find them,
   One Emacs to take commands and to the keystrokes bind them,

All other programming languages wish they were Lisp.

Re: GNU.org is down

[David Steuber]

vls@m-net.arbornet.org (V. L. Simpson) writes:

> David Steuber <david.steuber@verizon.net> writes:
> 
> > When CVS is fully restored, will I have to use SSH in the future?
> > I've been doing the following:
> > 
> > cvs -z3 -d:pserver:anoncvs@subversions.gnu.org:/cvsroot/emacs co emacs
> 
> I just did a quick check w/o CVS_RSH set and received a hung
> connection.  With CVS_RSH=ssh everything worked fine.  So yes it
> appears ssh is now required for anonymous downloads.
> 
> Note--You only need the client installed, a running sshd is not necessary.

I must be missing something.  I have ssh.  I set CVS_RSH=ssh.  But
the above cvs command still doesn't work for me.  I must need to
change something else.

-- 
   One Emacs to rule them all.  One Emacs to find them,
   One Emacs to take commands and to the keystrokes bind them,

All other programming languages wish they were Lisp.

Re: GNU.org is down

[Bob Nelson]

David Steuber <david.steuber@verizon.net> wrote:
> David Kastrup <dak@gnu.org> writes:

>> What kind of people gleefully cause a considerable permanent damage to
>> a charity instead of elsewhere "just" for the hope of monetary gains?
>> I hope that they are found and dealt with in proportion to their
>> crime and the impact it will have.

> The kind of people who deserve a disproportionately harsh punishment.

That type of attitude does not imply one of tolerance and understanding.
It conveys an absolutist view of ``good'' and ``evil'' and ``right'' and
``wrong''.

Rather than seek ``harsh punishment'' for those involved, it's more
constructive to become aware of the motivation that led to the deed.
Perhaps GNU needs to better covey its ideals.

- Remember, by less-enlightened individuals, punishment of ``taggers''
  was called for. Now, we have come to realize that graffiti is a form
  of populist art.

Re: GNU.org is down

[Kevin Rodgers]

Bob Nelson wrote:

> - Remember, by less-enlightened individuals, punishment of ``taggers''
>   was called for. Now, we have come to realize that graffiti is a form
>   of populist art.

Unless it's on my building, in which case it is vandalism.


-- 
Kevin Rodgers

Re: GNU.org is down

[David Steuber]

Bob Nelson <bnelson@nelsonbe.com> writes:

> David Steuber <david.steuber@verizon.net> wrote:
> > David Kastrup <dak@gnu.org> writes:
> 
> >> What kind of people gleefully cause a considerable permanent damage to
> >> a charity instead of elsewhere "just" for the hope of monetary gains?
> >> I hope that they are found and dealt with in proportion to their
> >> crime and the impact it will have.
> 
> > The kind of people who deserve a disproportionately harsh punishment.
> 
> That type of attitude does not imply one of tolerance and understanding.
> It conveys an absolutist view of ``good'' and ``evil'' and ``right'' and
> ``wrong''.

OK, so I'm intolerant.  Suppose instead of breaking into a server and
doing who knows how much damage that people then have to spend
valuable time fixing, the miscreant instead took a sledgehammer to the
windshield of your car.  Would you not want at least compensation for
the damages and time to repair them?

> Rather than seek ``harsh punishment'' for those involved, it's more
> constructive to become aware of the motivation that led to the deed.
> Perhaps GNU needs to better covey its ideals.

I'm not sure I see this as constructive.  Suppose, hypothetically,
that the GNU and Debian servers were broken into by people
politically opposed to the GPL and Free software.  Understanding
their motives will not prevent them from doing so again.

For certain types of people retribution is the better course of
action.  Not everyone out there will listen to reason and admit that
what they did was not acceptable social behavior and undertake never
to do that sort of thing again.

Some people only understand force.

Also, it is possible that there are absolutes like 'good', 'evil',
'right', and 'wrong'.  Laws are often based on those concepts.  If
the general case of destruction of another person's property is not
wrong, then what is?

This is all off topic at this point, so I won't say anything further
here.

-- 
   One Emacs to rule them all.  One Emacs to find them,
   One Emacs to take commands and to the keystrokes bind them,

All other programming languages wish they were Lisp.

Re: GNU.org is down

[Tim McNamara]

David Steuber <david.steuber@verizon.net> writes:

> Bob Nelson <bnelson@nelsonbe.com> writes:
>
>> David Steuber <david.steuber@verizon.net> wrote:
>> > David Kastrup <dak@gnu.org> writes:
>> 
>> >> What kind of people gleefully cause a considerable permanent
>> >> damage to a charity instead of elsewhere "just" for the hope of
>> >> monetary gains?  I hope that they are found and dealt with in
>> >> proportion to their crime and the impact it will have.
>> 
>> > The kind of people who deserve a disproportionately harsh
>> > punishment.
>> 
>> That type of attitude does not imply one of tolerance and
>> understanding.  It conveys an absolutist view of ``good'' and
>> ``evil'' and ``right'' and ``wrong''.
>
> OK, so I'm intolerant.  Suppose instead of breaking into a server
> and doing who knows how much damage that people then have to spend
> valuable time fixing, the miscreant instead took a sledgehammer to
> the windshield of your car.  Would you not want at least
> compensation for the damages and time to repair them?

Herein lies a rub.  Your windshield is not available for free, given
away and freely modifiable by others.  It's therefore easy to assign
a value for compensation in the case of material damage.  In the case
of damage to FSF sources and such, since it is given away freely to
anyone who wants it, there is difficulty in assigning a value for
compensatory or punitive purposes.

>> Rather than seek ``harsh punishment'' for those involved, it's more
>> constructive to become aware of the motivation that led to the
>> deed.  Perhaps GNU needs to better covey its ideals.
>
> I'm not sure I see this as constructive.  Suppose, hypothetically,
> that the GNU and Debian servers were broken into by people
> politically opposed to the GPL and Free software.  Understanding
> their motives will not prevent them from doing so again.

Understanding their motives could have some value and benefit none the
less.  However, simply becoming aware of the motives of criminals does
not in and of itself reduce the risk of recidivism- the usual claims
of the liberals notwithstanding.  While I'm a liberal to be sure, such
twaddle is one of the worst failings of many liberal philosophies.  On
the other hand, the "hang 'em high" mentality of many social
conservatives has also proven to be a failure- punishment does little
or nothing to correct behavior (this has been demonstrated in
behavioral research time and time again).

> For certain types of people retribution is the better course of
> action.  Not everyone out there will listen to reason and admit that
> what they did was not acceptable social behavior and undertake never
> to do that sort of thing again.
>
> Some people only understand force.

So, what- you're going to cut off the fingers of the miscreants so
that they can't type and therefore can't do it again?  It's a truism
that if you kill someone they will never commit a crime again.  How
do you determine which types of people are the right ones for
retribution as the appropriate response?  Or is it only the people
who have fucked up something *you* value who should be so punished?

> Also, it is possible that there are absolutes like 'good', 'evil',
> 'right', and 'wrong'.  Laws are often based on those concepts.  If
> the general case of destruction of another person's property is not
> wrong, then what is?

Concepts cannot be absolutes.  Values are always relative to the
society in which those values are expressed.

Anything we build is at risk for someone destroying it- even if that
destruction is purported to be well-meaning.  The Christians destroyed
hundreds of cultures and religions, killed hundreds of thousands of
people, brought disease and suffering to millions in the name of
saving them.  Muslims have done the same.  Other religions and
cultures ditto, although not on the massive scale of these two.  And
yet most Christians and Mulsims still think that their destruction of
indigenous faiths and cultures was beneficial.

Now, this was certainly not well-meant.  It was destruction,
senseless vandalism done simply because they could.  It made them
feel powerful, I suppose, for a little while. IMHO that's to be
pitied, while taking security steps to close up the holes they
exploited.  If they can be identified, they should be prosecuted
under whatever applicable laws are available.  But acting out
retributively just because you're angry won't help- as was said by
someone smarter than me, "an eye for an eye makes the whole world
blind."

Re: GNU.org is down

[David Kastrup]

Tim McNamara <timmcn@bitstream.net> writes:

> David Steuber <david.steuber@verizon.net> writes:
> 
> > Bob Nelson <bnelson@nelsonbe.com> writes:
> >
> >> David Steuber <david.steuber@verizon.net> wrote:
> >> > David Kastrup <dak@gnu.org> writes:
> >> 
> >> >> What kind of people gleefully cause a considerable permanent
> >> >> damage to a charity instead of elsewhere "just" for the hope of
> >> >> monetary gains?  I hope that they are found and dealt with in
> >> >> proportion to their crime and the impact it will have.
> >> 
> >> > The kind of people who deserve a disproportionately harsh
> >> > punishment.
> >> 
> >> That type of attitude does not imply one of tolerance and
> >> understanding.  It conveys an absolutist view of ``good'' and
> >> ``evil'' and ``right'' and ``wrong''.
> >
> > OK, so I'm intolerant.  Suppose instead of breaking into a server
> > and doing who knows how much damage that people then have to spend
> > valuable time fixing, the miscreant instead took a sledgehammer to
> > the windshield of your car.  Would you not want at least
> > compensation for the damages and time to repair them?
> 
> Herein lies a rub.  Your windshield is not available for free, given
> away and freely modifiable by others.  It's therefore easy to assign
> a value for compensation in the case of material damage.  In the case
> of damage to FSF sources and such, since it is given away freely to
> anyone who wants it, there is difficulty in assigning a value for
> compensatory or punitive purposes.

Savannah is the central server for the GNU project.  GNU is the most
important central component of almost every Linux-based operating
system.  Since Savannah is staffed mostly by volunteers, the downtime
will be larger than usual in commercial settings.  There is no
reliable possibility to salvage security problems by hiring outsiders
here.  So the slow remedy can't be helped much.  Development crucial
to Linux is slowed to a crawl for probably a month, and will pick up
much braked afterwards because of the necessity of developers to deal
with digital signatures and so on.  Considering the Linux revenues
that depend on such infrastructure, we are talking about a permanent
damage in the order of billions of dollars.

> Understanding their motives could have some value and benefit none
> the less.  However, simply becoming aware of the motives of
> criminals does not in and of itself reduce the risk of recidivism-
> the usual claims of the liberals notwithstanding.  While I'm a
> liberal to be sure, such twaddle is one of the worst failings of
> many liberal philosophies.  On the other hand, the "hang 'em high"
> mentality of many social conservatives has also proven to be a
> failure- punishment does little or nothing to correct behavior (this
> has been demonstrated in behavioral research time and time again).

Good, then let them just pay the damages.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

Re: GNU.org is down

[Tim McNamara]

David Kastrup <dak@gnu.org> writes:

> Tim McNamara <timmcn@bitstream.net> writes:
>
>> David Steuber <david.steuber@verizon.net> writes:
>>
>> > OK, so I'm intolerant.  Suppose instead of breaking into a server
>> > and doing who knows how much damage that people then have to
>> > spend valuable time fixing, the miscreant instead took a
>> > sledgehammer to the windshield of your car.  Would you not want
>> > at least compensation for the damages and time to repair them?
>> 
>> Herein lies a rub.  Your windshield is not available for free,
>> given away and freely modifiable by others.  It's therefore easy to
>> assign a value for compensation in the case of material damage.  In
>> the case of damage to FSF sources and such, since it is given away
>> freely to anyone who wants it, there is difficulty in assigning a
>> value for compensatory or punitive purposes.
>
> Savannah is the central server for the GNU project.  GNU is the most
> important central component of almost every Linux-based operating
> system.  Since Savannah is staffed mostly by volunteers, the
> downtime will be larger than usual in commercial settings.  There is
> no reliable possibility to salvage security problems by hiring
> outsiders here.  So the slow remedy can't be helped much.
> Development crucial to Linux is slowed to a crawl for probably a
> month, and will pick up much braked afterwards because of the
> necessity of developers to deal with digital signatures and so on.
> Considering the Linux revenues that depend on such infrastructure,
> we are talking about a permanent damage in the order of billions of
> dollars.

Well, unfortunately those are indirect losses as far as the crime
itself is concerned, and the courts would be unlikely to award
punitive damages.  For example, if I use my personal car for work
purposes (say, as a traveling salesman) and my car is stolen, the
courts will award compensation commensurate with the direct loss but
not the indirect loss.  I can be compensated for the value of my
vehicle, but my employer will not be compensated for the loss of
revenue if I can't do my job because my car was stolen.

Ditto in this instance.  And frankly I think your estimate of
"billions of dollars" is highly overinflated.  Linux developers aren't
going to lose a lot of money because they don't have the newest
version of libtool in their distribution.  The only ones that would
have trouble are those whose distrubtions are already broken and were
awaiting fixes from GNU/FSF rather than fixing it themselves (it *is*
open source, after all).  I don't have a lot of sympathy for such
laziness.