:) indeed! > On Mar 4, 2016, at 11:34 AM, Leonardo Vaz <[email protected]> wrote: > > You may be right; I would agree with a policy like that if GitHub was a > shareware site where users would downloads executables, like tucows for > instance. I might be wrong, but in my experience GitHub is mainly a source > and information repository, not something that users would install on their > computers before compiling first. > > Anyway, I'm glad I don't have to comply with such policies :) > > Leo > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Bigendian Smalls > Sent: Friday, March 04, 2016 12:00 PM > To: [email protected] > Subject: Re: gist.github.com unreachable [was: RE: rexx and tso alllocate] > >> On Mar 4, 2016, at 10:46 AM, Leonardo Vaz <[email protected]> wrote: >> >> You could be right, it might just be unintentional blocking. >> >> I would certainly prefer this version vs intentional blocking since >> the later is pretty much security by obscurity (as long as you don't >> know the code you can't do harm...) >> >> Leo > Respectfully, this is not security by obscurity. Companies who block, say > GitHub, intentionally as a site which contains untrusted downloads, are not > pretending github - or the code therein -doesn't exist. > > They're throwing up a roadblock, which is likely backed by a policy. It's > almost always possible to circumvent these things for a determined employee - > but that isn't the point. It's meant to remind the employees (and stop the > ones who aren't determined to violate the policy) that downloading or > installing software (or potentially uploading company intellectual property) > is a no-no. > > The security part comes by taking away rights in Windows, for example, that > allow users to install new software. None of the above is foolproof, but > that doesn't mean they shouldn't layer it on as another security control - if > that's what the company has decided fits their risk appetite. > > Chad > >> -----Original Message----- >> From: IBM Mainframe Discussion List [mailto:[email protected]] >> On Behalf Of John McKown >> Sent: Friday, March 04, 2016 11:23 AM >> To: [email protected] >> Subject: Re: gist.github.com unreachable [was: RE: rexx and tso >> alllocate] >> >>> On Fri, Mar 4, 2016 at 10:16 AM, Leonardo Vaz <[email protected]> wrote: >>> >>> That's not a private IP address on his LAN, it is the gist.github.com >>> IP address. >> >> Correct. But if the LAN authorities think, as he did, that >> 192.0.0.0/8 is all private, instead of just 192.168.0.0/16, then their >> routing tables may be set up to not forward 192.30.252.141 to the >> outside world, but route the entire 192.0.0.0/8 to the inside only. >> Which would time out. As it did. >> >> >> >>> >>> -----Original Message----- >>> From: IBM Mainframe Discussion List [mailto:[email protected]] >>> On Behalf Of John McKown >>> Sent: Friday, March 04, 2016 11:13 AM >>> To: [email protected] >>> Subject: Re: gist.github.com unreachable [was: RE: rexx and tso >>> alllocate] >>> >>> On Fri, Mar 4, 2016 at 9:50 AM, Farley, Peter x23353 < >>> [email protected]> wrote: >>> >>>> You aren't the only one Steve. From my employer's network I can't >>>> reach gist.github.com at all, even just the main site never mind >>>> John's >>> area. >>>> Trying a tracert to gist.github.com only gets timeouts: >>>> >>>> Tracing route to gist.github.com [192.30.252.141] over a maximum of >>>> 30 >>>> hops: >>>> >>>> 1 * * * Request timed out. >>>> Etc. >>>> >>>> That DNS address (192.30.252.141) looks odd to me. I thought >>>> 192.*.*.* was reserved for private local networks, or is that only >>> 192.168.*.*? >>> >>> the private IPv4 address ranges are: 10.0.0.0/8, 172.16.0.0/12, and >>> 192.168.0.0/16 ref: https://en.wikipedia.org/wiki/Private_network >>> >>> I'll almost bet your LAN people are laboring under the same delusion. >>> >>> >>>> >>>> I can reach gist from home though, maybe you can as well. >>>> >>>> Peter >>> >>> >>> -- >>> A fail-safe circuit will destroy others. -- Klipstein >>> >>> Maranatha! <>< >>> John McKown >>> >>> --------------------------------------------------------------------- >>> - For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO >>> IBM-MAIN >>> >>> --------------------------------------------------------------------- >>> - For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO >>> IBM-MAIN >> >> >> >> -- >> A fail-safe circuit will destroy others. -- Klipstein >> >> Maranatha! <>< >> John McKown >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, send >> email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, send >> email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
