On Thu, Sep 26, 2013 at 03:48:45PM +0200, Sampsa Laine wrote:
The problem is that if you want to be paranoid, then you should not be connected to HECnet at all.
I'm not THAT paranoid, I actually do give out accounts on CHIMPY (after vetting) and HILANT, but the Deathrow Cluster guys included some pretty dubious "security researchers" that I'd rather keep off my LAN.
Think of the Deathrow guys as the NSA. If they want access to your LAN,
they already have it. :)
I don't really care about the DECNET side of it, more the fact that they'd be inside my IP firewall - and putting my DECNET stuff in a separate VLAN is just way too much hassle.
I have things on a separate VLAN but currently it's not firewalled. I
should probably set that up.
Of course if I had actual machines running it would be worth doing. :)
-brian
On 2013-09-26 16:14, Brian Schenkenberger, VAXman- wrote:
Johnny Billquist <bqt at softjar.se> writes:
On 2013-09-26 14:16, Sampsa Laine wrote:
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't want on my LAN (trust me, I used to be a penetration tester :) )
The problem is that if you want to be paranoid, then you should not be
connected to HECnet at all.
DECnet is a very bad protocol when it comes to network security.
It's not any worse than TCP/IP.
You might right about that. The issue is possibly more about the applications that runs on top of it. It's at the same level as telnet and ftp, which are pretty much frowned upon nowadays. (I like those protocols, but I can see the issues with passwords in clear text, for example.)
But I wonder about a bunch of things like the equivalent of SYN attacks in DECnet for example... But actually, that is not so much about the protocols as the implementations.
Johnny
Johnny Billquist <bqt at softjar.se> writes:
On 2013-09-26 14:16, Sampsa Laine wrote:
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't want on my LAN (trust me, I used to be a penetration tester :) )
The problem is that if you want to be paranoid, then you should not be
connected to HECnet at all.
DECnet is a very bad protocol when it comes to network security.
It's not any worse than TCP/IP.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
The single fact that there are lots of active users on EISNER is not something that I see as either positive or negative from a HECnet point of view. Numbers by themself means very little.
True but it in my opinion the EISNER userbase would make a cool addition to HECnet and maybe raise HECnet's profile a bit in the DEC hobbyist community.
The thing about EISNER is that you'd get quantity AND quality and I think both sides could benefit from the setup.
Again, this is just my opinion, I like to see HECnet grow, both in terms of nodes and active users - maybe that's just me :)
The more (experienced) users there are on HECnet, the more creative ideas people might have and maybe develop new DECNET based apps etc.
sampsa
sampsa <sampsa at mac.com>
mobile +358 40 7208932
On 26 Sep 2013, at 15:46, Johnny Billquist <bqt at softjar.se> wrote:
On 2013-09-26 14:16, Sampsa Laine wrote:
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't want on my LAN (trust me, I used to be a penetration tester :) )
The problem is that if you want to be paranoid, then you should not be connected to HECnet at all.
I'm not THAT paranoid, I actually do give out accounts on CHIMPY (after vetting) and HILANT, but the Deathrow Cluster guys included some pretty dubious "security researchers" that I'd rather keep off my LAN.
I don't really care about the DECNET side of it, more the fact that they'd be inside my IP firewall - and putting my DECNET stuff in a separate VLAN is just way too much hassle.
sampsa
On 2013-09-26 14:16, Sampsa Laine wrote:
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't want on my LAN (trust me, I used to be a penetration tester :) )
The problem is that if you want to be paranoid, then you should not be connected to HECnet at all.
DECnet is a very bad protocol when it comes to network security.
EISNER (the DECUServe machine named after the late Dan Eisner) has many
users who have been long time DECUS members -- some more than 30 years
members. The NOTES conferences there maintain a wealth of information
going back in excess of 25 years.
Which is exactly why it'd be so awesome to have them be part of HECnet. It's a great system, very active, lots of smart users.
Like I said before. I certainly don't mind if EISNER were to be connected to HECnet, but I really can't say that it would actually benefit HECnet (or EISNER) much in the general sense. Most people on EISNER would probably not care at all about the fact that there was DECnet connectivity to a bunch of other machines which they know nothing about, and would do even less with.
And most of the time, the people on HECnet wouldn't really be all over EISNER either.
So it's not that it would make either side super more good in any sense. But for the odd person, it could be a nice and useful addition.
The notes conferences on EISNER is a really good resource. But you do not have to be on HECnet to access that, and in most cases it probably makes more sense to not use HECnet for that.
When HECnet is really useful (in my mind) is when you want to copy files around, test or get access to different machines running DECnet, potentially with different OSes, and just the general contact with other people running these kind of things. I don't expect most users on EISNER to care much about any of these things, and the people on HECnet already an access notes on EISNER, even though they need to use TCP/IP and (maybe) a web browser.
The single fact that there are lots of active users on EISNER is not something that I see as either positive or negative from a HECnet point of view. Numbers by themself means very little.
Johnny
Anybody want to see if we can get two Linux boxes to talk X.25 over TCP with each other?
I believe that Cisco routers and DECNet-Plus supports this as well, could be funny to run our own virtual PSDN :)
sampsa <sampsa at mac.com>
mobile +358 40 7208932
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
The encourage security research, it attracts a certain type of person that I don't want on my LAN (trust me, I used to be a penetration tester :) )
EISNER (the DECUServe machine named after the late Dan Eisner) has many
users who have been long time DECUS members -- some more than 30 years
members. The NOTES conferences there maintain a wealth of information
going back in excess of 25 years.
Which is exactly why it'd be so awesome to have them be part of HECnet. It's a great system, very active, lots of smart users.
Sampsa Laine <sampsa at mac.com> writes:
=20
I'm not sure it would make a great addition or not. Not even sure what =
would constitute a great addition.
I'm mostly thinking that it's always nice to connect more systems =
together, and perhaps make some more people happy, and possibly provide =
some additional value to all involved.
=20
I think a few hundred DEC enthusiasts connected to HECnet via EISNER =
would be pretty cool. The more the merrier (as long as they're the right =
type of user, not necessarily the Deathrow Cluster crowd)..
While I did have an account on Deathrow, I was not all that familiar with
the users thereof.
EISNER (the DECUServe machine named after the late Dan Eisner) has many
users who have been long time DECUS members -- some more than 30 years
members. The NOTES conferences there maintain a wealth of information
going back in excess of 25 years.
https://groups.google.com/forum/#!topic/comp.os.vms/sAZtNgkHUKI
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
I'm not sure it would make a great addition or not. Not even sure what would constitute a great addition.
I'm mostly thinking that it's always nice to connect more systems together, and perhaps make some more people happy, and possibly provide some additional value to all involved.
I think a few hundred DEC enthusiasts connected to HECnet via EISNER would be pretty cool. The more the merrier (as long as they're the right type of user, not necessarily the Deathrow Cluster crowd)..
sampsa