Re: shadowy, sort of fly by night debian mirrors? ...
lbrt...@gmail.com wrote: > > Also, I take pride at being from very prejudiced to cautiously racist >towards those not only "un-Amerikan", but, even "communist" Chinese >before they spread the Corona Virus and about the fact that Vladimir This kind of stuff has *no* place at all on Debian mailing lists, nor anywhere else in our community. Please keep this kind of garbage to yourself in future, or you will be blocked from posting to Debian lists. Steve, for the Community Team. -- Steve McIntyre 93...@debian.org Debian Community Team commun...@debian.org
Re: shadowy, sort of fly by night debian mirrors? ...
Hi. On Wed, Feb 24, 2021 at 11:27:31AM -0500, Albretch Mueller wrote: > sorry, bad wording typing fast. what I meant is that I use the wget > setting "--server-response" and keep my logs, but all I could see in > the logs was: > > WARNING: certificate common name `ftp.acc.umu.se' doesn't match > requested host name `chuangtzu.ftp.acc.umu.se'. And "openssl x509" helpfully shows that chuangtzu.ftp.acc.umu.se uses the certificate issued to "CN = ftp.acc.umu.se" by LetsEncrypt, and has chuangtzu.ftp.acc.umu.se in the "X509v3 Subject Alternative Name" section. I.e. the certificate is as valid as you consider LetsEncrypt to be. Debian's wget uses GnuTLS for https, and GnuTLS can be quirky in this regard. > I had never seen anything like that in my logs before, let alone from > debian mirrors. Why would they not protocol their server responses as > every server does? Because less is more. As seen above, all you get is a false positive. The less garbage fill your logs - the clearer the cause of the problem is. > Yes, I have plenty of reasons to believe "they are watching 'me' (and > 'you' and every one and their pets)". ... Dear Albretch, you're in a in-between position here. Either try to approach to the problem as an engineer. For instance, judging a host by host name is not racist, it's highly inaccurate at best (I'll refrain from stronger terms). According to RIPE, umu.se is a perfectly valid Swedish domain, registered back in '87. Or, try to approach a problem as complete lunatic. In this case, your rant clearly lacks mentioning of nano-chips that are included in each and every COVID vaccine shot, an ability to control said nano-chips via 5G, and last, but not least - the secret cabal which benefits from it. To be serious, first approach is welcome here. Please try second approach elsewhere. Reco
Re: shadowy, sort of fly by night debian mirrors? ...
Albrecht, On Wed, Feb 24, 2021 at 11:27:31AM -0500, Albretch Mueller wrote: > I take pride at being from very prejudiced to cautiously racist > towards those not only "un-Amerikan", but, even "communist" > Chinese before they spread the Corona Virus… Your racist conspiracy theories are not only abhorrent but also a violation of Debian's Code of Conduct. Please do not post this kind of thing to any part of Debian's infrastructure again (or preferably, anywhere, ever, but it is specifically not tolerated at Debian). https://lists.debian.org/debian-user/2021/02/msg00010.html https://www.debian.org/MailingLists/#codeofconduct https://www.debian.org/code_of_conduct Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: shadowy, sort of fly by night debian mirrors? ...
sorry, bad wording typing fast. what I meant is that I use the wget setting "--server-response" and keep my logs, but all I could see in the logs was: WARNING: certificate common name `ftp.acc.umu.se' doesn't match requested host name `chuangtzu.ftp.acc.umu.se'. 2021-02-17 11:14:47 URL:https://chuangtzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-2.iso [4697370624/4697370624] -> "debian-10.8.0-amd64-DVD-2.iso" [1] WARNING: certificate common name `ftp.acc.umu.se' doesn't match requested host name `laotzu.ftp.acc.umu.se'. 2021-02-17 11:46:46 URL:https://laotzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-3.iso [4679073792/4679073792] -> "debian-10.8.0-amd64-DVD-3.iso" [1] I had never seen anything like that in my logs before, let alone from debian mirrors. Why would they not protocol their server responses as every server does? Yes, I have plenty of reasons to believe "they are watching 'me' (and 'you' and every one and their pets)". That is why I effing never connect my main work computer to the Internet and the greatest part of my paranoia is that at the end of the day anyone can take that data and check it (of course, offline), provided you are able to get a hold of an uncorrupted data set somehow. It is as simple as that! Also, I take pride at being from very prejudiced to cautiously racist towards those not only "un-Amerikan", but, even "communist" Chinese before they spread the Corona Virus and about the fact that Vladimir Putin hasn't been able to take away my girlfriend, yet. I would have been a bit less racist towards them (just a bit) if they had infected Trump and his wife earlier to make him shut the eff up. I heard they had been cooking some other virus to make people stop thumbing their cell phones as teen agers touch their genitals. As John Lennon sang, "Imagine!" what would have been of Trump without tweeting! If those Chinese lowlifes would had managed that I would have stopped being racist towards them for a weekend. lbrtchx
Re: shadowy, sort of fly by night debian mirrors? ...
Hi Albrecht, On Mon, Feb 22, 2021 at 03:50:01AM -0500, Albretch Mueller wrote: > Andy Smith wrote: > > Those SHA1 hashes do appear here on another mirror: > > > > http://mirrorservice.org/sites/cdimage.debian.org/debian-cd/10.8.0/amd64/iso-dvd/SHA1SUMS […] > I would expect for that string to appear on a few mirrors at least. I just showed you exactly where the hashes for the ISO files are on one mirror, I assume they are in the same place on every other mirror. You have not yet explained how come you show hashes with mismatched file names - whether that was a simple error on your side while composing the email or something you actually downloaded from the Debian mirror. > Also, hy ere their servers not producing any server side logs? I am unable to parse the question as my understanding of what "server side logs" means can't possibly line up with yours. Please elaborate. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: shadowy, sort of fly by night debian mirrors? ...
On Lu, 22 feb 21, 03:50:01, Albretch Mueller wrote: > >> 7) the md5 and sha1 hashes that I computed could not be found online > >> > >> 0296cfbeaf3823055901d7ad2077a077 > >> 0b742d83d23207db9a24553100d4155eb8c701bf debian > >> 10.8.0-amd64-DVD-2.iso > >> 37baf26293b8132fe95b4bd19262ca6b > >> 122a2612ed63ff89db56eec0765e87268bf72318 debian > >> 10.8.0-amd64-DVD-3.iso > > > > Those SHA1 hashes do appear here on another mirror: > > > > > > http://mirrorservice.org/sites/cdimage.debian.org/debian-cd/10.8.0/amd64/iso-dvd/SHA1SUMS > > Maybe, as you say that is happening to me because I am an allien. > That explains it all: Yet, in my searches google as telling me such > strings couldn't be found: > > https://www.google.com/search?=2612ed63ff89db56eec0765e87268bf72318 > > Your search - 2612ed63ff89db56eec0765e87268bf72318 - did not match > any documents. > > I would expect for that string to appear on a few mirrors at least. Why do you expect that string to show in search engines? > Also, hy ere their servers not producing any server side logs? Why should any server side logs be accessible to the public? Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: shadowy, sort of fly by night debian mirrors? ...
>> 7) the md5 and sha1 hashes that I computed could not be found online >> >> 0296cfbeaf3823055901d7ad2077a077 >> 0b742d83d23207db9a24553100d4155eb8c701bf debian >> 10.8.0-amd64-DVD-2.iso >> 37baf26293b8132fe95b4bd19262ca6b >> 122a2612ed63ff89db56eec0765e87268bf72318 debian >> 10.8.0-amd64-DVD-3.iso > > Those SHA1 hashes do appear here on another mirror: > > > http://mirrorservice.org/sites/cdimage.debian.org/debian-cd/10.8.0/amd64/iso-dvd/SHA1SUMS Maybe, as you say that is happening to me because I am an allien. That explains it all: Yet, in my searches google as telling me such strings couldn't be found: https://www.google.com/search?=2612ed63ff89db56eec0765e87268bf72318 Your search - 2612ed63ff89db56eec0765e87268bf72318 - did not match any documents. I would expect for that string to appear on a few mirrors at least. Also, hy ere their servers not producing any server side logs? lbrtchx
Re: shadowy, sort of fly by night debian mirrors? ...
On 22-02-2021 07:09, Stefan Monnier wrote: >> 5) the mirror debian site (ftp.acc.umu.se) had smelly prefixes as >> subdomains (apparently Chinese transliterations) {chuangtzu, laotzu} > > FWIW, when naming machines in a subdomain (e.g. for .acc.umu.se) it's > quite common to first decide on a "theme" and then pick names from that > theme. E.g. a computer lab's nodes may all have names of dinosaurs, or > names of alcoholic drinks, etc... > > Searching for chuangtzu and laotzu suggests these are names of great > figures of Taoism, so it seems very kosher to me. The only mirror that has ever pulled anything hinky with me, over about 20 years, was the Australian one: mirror.aarnet.edu.au. I got dropped any number of times, then advised `server unobtainable', persistently. These days, under current circumstances of insanity, I should feel much more comfortable working of a Chinese server than any number of others. But then, I'm not a bankrupt national context grasping at straws on the way down. Cheers! Harry. -- `The World is not dangerous because of those who do harm but because of those who look on without doing anything'. -- Albert Einstein
Re: shadowy, sort of fly by night debian mirrors? ...
> 5) the mirror debian site (ftp.acc.umu.se) had smelly prefixes as > subdomains (apparently Chinese transliterations) {chuangtzu, laotzu} FWIW, when naming machines in a subdomain (e.g. for .acc.umu.se) it's quite common to first decide on a "theme" and then pick names from that theme. E.g. a computer lab's nodes may all have names of dinosaurs, or names of alcoholic drinks, etc... Searching for chuangtzu and laotzu suggests these are names of great figures of Taoism, so it seems very kosher to me. Stefan
Re: shadowy, sort of fly by night debian mirrors? ...
On Sun, Feb 21, 2021 at 08:45:08AM -0500, Albretch Mueller wrote: > as I tried to download debian, I noticed that the download was being > redirected real time (which in itself doesn't necessarily have to mean > bad), what I found a worrying was that: > > 1) as I used a known public hotspot connection, there was a new > hotspot advertising itself as "Wifi4EU" (of course, I didn't bite that > bait) > > 2) getting a connection through (apparently) the right hotspot took > way more time than expected > > 3) downloads were being redirected real time > > 4) the usual server side responses were not being produced, just: > > WARNING: certificate common name `ftp.acc.umu.se' doesn't match > requested host name `chuangtzu.ftp.acc.umu.se'. > 2021-02-17 11:14:47 > URL:https://chuangtzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-2.iso > [4697370624/4697370624] -> "debian-10.8.0-amd64-DVD-2.iso" [1] > > WARNING: certificate common name `ftp.acc.umu.se' doesn't match > requested host name `laotzu.ftp.acc.umu.se'. > 2021-02-17 11:46:46 > URL:https://laotzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-3.iso > [4679073792/4679073792] -> "debian-10.8.0-amd64-DVD-3.iso" [1] > > 5) the mirror debian site (ftp.acc.umu.se) had smelly prefixes as > subdomains (apparently Chinese transliterations) {chuangtzu, laotzu} > No idea what is happening with WiFi hotspots. Are you trying to download the files for DVD via http or https? Debian cd images are normally available to download via http - it's quite difficult to get https to work for all the world's mirrors. cdimage.debian.org itself is housed at the university of Umeea in Sweden. There are other mirrors which may be closer. If you already have a Debian machine running - and from previous responses to the list I don't think you do - you could use jigdo-file and download the images by building them in pieces from a nearby mirror - which is often faster. The download process also is able to be restarted in the event of any interruption. Checksums are automatically calculated and GPG keys are also checked. [For the members of the Debian media team, this is the preferred way to transfer images around internally between machines for verification.] > 6) whois registry for umu.se > > $ whois um.se > # Copyright (c) 1997- The Swedish Internet Foundation. > # All rights reserved. > # The information obtained through searches, or otherwise, is protected > # by the Swedish Copyright Act (1960:729) and international conventions. > # It is also subject to database protection according to the Swedish > # Copyright Act. > # Any use of this material to target advertising or > # similar activities is forbidden and will be prosecuted. > # If any of the information below is transferred to a third > # party, it must be done in its entirety. This server must > # not be used as a backend for a search engine. > # Result of search for registered domain names under > # the .se top level domain. > # > This whois printout is printed with UTF-8 encoding. > # > state:active > domain: um.se > holder: (not shown) > admin-c: - > tech-c: - > billing-c:- > created: 2014-12-02 > modified: 2020-11-16 > expires: 2021-12-02 > transferred: 2017-08-24 > nserver: ns1.nameisp.info > nserver: ns2.nameisp.info > dnssec: unsigned delegation > registry-lock:unlocked > status: ok > registrar:www.NameSRS.com > $ > Typo - ftp.umu.se > 7) the md5 and sha1 hashes that I computed could not be found online > > 0296cfbeaf3823055901d7ad2077a077 > 0b742d83d23207db9a24553100d4155eb8c701bf debian > 10.8.0-amd64-DVD-2.iso > 37baf26293b8132fe95b4bd19262ca6b > 122a2612ed63ff89db56eec0765e87268bf72318 debian > 10.8.0-amd64-DVD-3.iso > > I have kept those files in hard drives/computers I never connect to > the Internet (that, to me, is the only way to do something with some > "privacy"/security). I later downloaded what seem to be the right > files, anyway. They would make for some easy and nice forensic > analysis (just extracting the content of those iso files, using find > and diff) whenever I find the time to do so. > > lbrtchx > All best, as ever, Hope the above is helpful. Andy C.
Re: shadowy, sort of fly by night debian mirrors? ...
Hello, On Sun, Feb 21, 2021 at 08:45:08AM -0500, Albretch Mueller wrote: > 1) as I used a known public hotspot connection, there was a new > hotspot advertising itself as "Wifi4EU" (of course, I didn't bite that > bait) Does not really seem relevant to a remote Debian mirror, unless you are suggesting that someone has set up a rogue wifi hotspot in that particular location and used it to distribute compromised Debian images, which seems rather far-fetched. > 2) getting a connection through (apparently) the right hotspot took > way more time than expected I'm not saying it's aliens but it's aliens. > 3) downloads were being redirected real time OK? Web servers are allowed to issue redirects, and you're being redirected to another hostname at the same org, so doesn't seem very suspicious. > 4) the usual server side responses were not being produced, just: > > WARNING: certificate common name `ftp.acc.umu.se' doesn't match > requested host name `chuangtzu.ftp.acc.umu.se'. > 2021-02-17 11:14:47 > URL:https://chuangtzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-2.iso > [4697370624/4697370624] -> "debian-10.8.0-amd64-DVD-2.iso" [1] Right, so it's just saying you requested something at ftp.acc.umu.se but it's HTTP redirecting you to chuangtzu.ftp.acc.umu.se which doesn't have a TLS certificate with the name "ftp.acc.umu.se". Many Debian mirrors don't support HTTPS enough to have a TLS cert in the correct name and/or a debian.org name. I think you can use host deb.debian.org in your sources.list to hit a Fastly CDN node that is network-wise reasonably close to you and will work with TLS without complaint, though you don't know what transports it uses between itself and the origin servers in the background. > 5) the mirror debian site (ftp.acc.umu.se) had smelly prefixes as > subdomains (apparently Chinese transliterations) {chuangtzu, laotzu} Why do Chinese names seem "smelly" to you? > 6) whois registry for umu.se Unclear why the domain registry info for a Swedish university is of any bearing… > 7) the md5 and sha1 hashes that I computed could not be found online > > 0296cfbeaf3823055901d7ad2077a077 > 0b742d83d23207db9a24553100d4155eb8c701bf debian > 10.8.0-amd64-DVD-2.iso > 37baf26293b8132fe95b4bd19262ca6b > 122a2612ed63ff89db56eec0765e87268bf72318 debian > 10.8.0-amd64-DVD-3.iso Those SHA1 hashes do appear here on another mirror: http://mirrorservice.org/sites/cdimage.debian.org/debian-cd/10.8.0/amd64/iso-dvd/SHA1SUMS though they seem to be associated with different files in the sequence: 122a2612ed63ff89db56eec0765e87268bf72318 debian-10.8.0-amd64-DVD-2.iso 0b742d83d23207db9a24553100d4155eb8c701bf debian-10.8.0-amd64-DVD-3.iso Was it a copy/paste error on your side that switched these around or is that really what you downloaded? > I later downloaded what seem to be the right files, anyway. They > would make for some easy and nice forensic analysis (just > extracting the content of those iso files, using find and diff) > whenever I find the time to do so. Knock yourself out but I don't see any indication that anything nefarious has happened nor that you have downloaded tampered files, so it just sounds like a huge waste of time. If that's not the case and you did manage to download something that claims to be a Debian ISO but isn't, please do tell us more. I mean, worst case, they've somehow got the names of some genuine files mixed up - because the SHA1 hashes match real Debian files but with different names. That's assuming no mix up on your side. Unless you are experiencing a SHA1 collision as well on top of everything else. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting