You may be right; I would agree with a policy like that if GitHub was a shareware site where users would downloads executables, like tucows for instance. I might be wrong, but in my experience GitHub is mainly a source and information repository, not something that users would install on their computers before compiling first.
Anyway, I'm glad I don't have to comply with such policies :) Leo -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Bigendian Smalls Sent: Friday, March 04, 2016 12:00 PM To: [email protected] Subject: Re: gist.github.com unreachable [was: RE: rexx and tso alllocate] On Mar 4, 2016, at 10:46 AM, Leonardo Vaz <[email protected]> wrote: > > You could be right, it might just be unintentional blocking. > > I would certainly prefer this version vs intentional blocking since > the later is pretty much security by obscurity (as long as you don't > know the code you can't do harm...) > > Leo Respectfully, this is not security by obscurity. Companies who block, say GitHub, intentionally as a site which contains untrusted downloads, are not pretending github - or the code therein -doesn't exist. They're throwing up a roadblock, which is likely backed by a policy. It's almost always possible to circumvent these things for a determined employee - but that isn't the point. It's meant to remind the employees (and stop the ones who aren't determined to violate the policy) that downloading or installing software (or potentially uploading company intellectual property) is a no-no. The security part comes by taking away rights in Windows, for example, that allow users to install new software. None of the above is foolproof, but that doesn't mean they shouldn't layer it on as another security control - if that's what the company has decided fits their risk appetite. Chad > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] > On Behalf Of John McKown > Sent: Friday, March 04, 2016 11:23 AM > To: [email protected] > Subject: Re: gist.github.com unreachable [was: RE: rexx and tso > alllocate] > >> On Fri, Mar 4, 2016 at 10:16 AM, Leonardo Vaz <[email protected]> wrote: >> >> That's not a private IP address on his LAN, it is the gist.github.com >> IP address. > > Correct. But if the LAN authorities think, as he did, that > 192.0.0.0/8 is all private, instead of just 192.168.0.0/16, then their > routing tables may be set up to not forward 192.30.252.141 to the > outside world, but route the entire 192.0.0.0/8 to the inside only. > Which would time out. As it did. > > > >> >> -----Original Message----- >> From: IBM Mainframe Discussion List [mailto:[email protected]] >> On Behalf Of John McKown >> Sent: Friday, March 04, 2016 11:13 AM >> To: [email protected] >> Subject: Re: gist.github.com unreachable [was: RE: rexx and tso >> alllocate] >> >> On Fri, Mar 4, 2016 at 9:50 AM, Farley, Peter x23353 < >> [email protected]> wrote: >> >>> You aren't the only one Steve. From my employer's network I can't >>> reach gist.github.com at all, even just the main site never mind >>> John's >> area. >>> Trying a tracert to gist.github.com only gets timeouts: >>> >>> Tracing route to gist.github.com [192.30.252.141] over a maximum of >>> 30 >>> hops: >>> >>> 1 * * * Request timed out. >>> Etc. >>> >>> That DNS address (192.30.252.141) looks odd to me. I thought >>> 192.*.*.* was reserved for private local networks, or is that only >> 192.168.*.*? >> >> the private IPv4 address ranges are: 10.0.0.0/8, 172.16.0.0/12, and >> 192.168.0.0/16 ref: https://en.wikipedia.org/wiki/Private_network >> >> I'll almost bet your LAN people are laboring under the same delusion. >> >> >>> >>> I can reach gist from home though, maybe you can as well. >>> >>> Peter >> >> >> -- >> A fail-safe circuit will destroy others. -- Klipstein >> >> Maranatha! <>< >> John McKown >> >> --------------------------------------------------------------------- >> - For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO >> IBM-MAIN >> >> --------------------------------------------------------------------- >> - For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO >> IBM-MAIN > > > > -- > A fail-safe circuit will destroy others. -- Klipstein > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
