Re: Suggestion for a webmail application with good Hebrew Support
On Tuesday 18 August 2009 13:51:02 Danny Lieberman wrote: 3. Have a single 24x7 point of service contact You have a contact at google? Do tell! We've been paying google for years, and yet haven't been able to get any human answer (or any answer for that matter that is not a link to the useless knowledgebase). This tends to be frustrating when they have bugs which they don't like to tell anyone about and then fix silently, and your only indication is other people sharing the same symptoms. But it seems you have struck oil in the form of a 24x7 point of service contact. Please share that wonderful information with rest of the list if you don't mind. - Aviram ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Pardon - the only thing we don't use is Docs. Prefer OO. On Wed, Aug 19, 2009 at 5:49 AM, Amos Shapira amos.shap...@gmail.comwrote: 2009/8/19 Danny Lieberman dan...@software.co.il I don't sell Google Apps but I suggest reading their story at http://www.google.com/apps/intl/en/business/details.html To ask my question again - if you say that you use Google Apps but not Google Docs or GMail or Calendar - so what's left in Google Apps besides it? --Amos -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Guys, can anyone just offer an opinion on my original request? Is roundcube really better than IMP or Squirrelmail? Is OpenMail even better? Hebrew support? - yba On Wed, 19 Aug 2009, Danny Lieberman wrote: Date: Wed, 19 Aug 2009 11:00:14 +0300 From: Danny Lieberman dan...@software.co.il To: Amos Shapira amos.shap...@gmail.com Cc: Shachar Shemesh shac...@shemesh.biz, ILUG linux-il@cs.huji.ac.il, geoffrey mendelson geoffreymendel...@gmail.com Subject: Re: Suggestion for a webmail application with good Hebrew Support Pardon - the only thing we don't use is Docs. Prefer OO. On Wed, Aug 19, 2009 at 5:49 AM, Amos Shapira amos.shap...@gmail.comwrote: 2009/8/19 Danny Lieberman dan...@software.co.il I don't sell Google Apps but I suggest reading their story at http://www.google.com/apps/intl/en/business/details.html To ask my question again - if you say that you use Google Apps but not Google Docs or GMail or Calendar - so what's left in Google Apps besides it? --Amos -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Aviram Yeah yeah. Well - then you already know then that the phone number is for Premier customers to use when the service is unusable. Which has only happened a couple times the past year. The other issues use email which is ok. Personally I only had to use it once when they cunningly removed some features without telling anyone. From a support perspective - imho slicehost and rackspace are hands down winners. fwiw - I had no idea the big G would get such an emotional response in the list. At any rate - I think I've finished here. d http://www.dannylieberman.info On Wed, Aug 19, 2009 at 9:26 AM, Aviram Jenik avi...@jenik.com wrote: On Tuesday 18 August 2009 13:51:02 Danny Lieberman wrote: 3. Have a single 24x7 point of service contact You have a contact at google? Do tell! We've been paying google for years, and yet haven't been able to get any human answer (or any answer for that matter that is not a link to the useless knowledgebase). This tends to be frustrating when they have bugs which they don't like to tell anyone about and then fix silently, and your only indication is other people sharing the same symptoms. But it seems you have struck oil in the form of a 24x7 point of service contact. Please share that wonderful information with rest of the list if you don't mind. - Aviram -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
On Tuesday 18 August 2009, Dave Stav wrote: Dear list members, We are looking for a webmail application that has good support in Hebrew messages (encoding and ltr/rtl). So far, it seems to me that roundcube-webmail is the best candidate, but also considering: Open WebMail IMP SquirrelMail roundcube Any suggestions? Thanks, Dave I'm curious to see what experience do other people in the list has. roundcube is indeed very nice, and close to zero configuration, but it is a bit buggy, and know for vulnerabilities. I am now trying IMP (+DIMP/MIMP), it looks good too, but much more difficult to configure, and much less shiny. There are no problems with encoding (I found some in IMP, but I think they are configuration, not bugs), and none has good RTL support like I have on my kmail-3.5. -- yuval signature.asc Description: This is a digitally signed message part. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Yuval Hager wrote: On Tuesday 18 August 2009, Dave Stav wrote: Dear list members, We are looking for a webmail application that has good support in Hebrew messages (encoding and ltr/rtl). So far, it seems to me that roundcube-webmail is the best candidate, but also considering: Open WebMail IMP SquirrelMail roundcube Any suggestions? Thanks, Dave I'm curious to see what experience do other people in the list has. roundcube is indeed very nice, and close to zero configuration, but it is a bit buggy, and know for vulnerabilities. I am now trying IMP (+DIMP/MIMP), it looks good too, but much more difficult to configure, and much less shiny. There are no problems with encoding (I found some in IMP, but I think they are configuration, not bugs), and none has good RTL support like I have on my kmail-3.5. Squirrelmail, as you all probably already know, looks somewhat "old-fashioned". The interface is fully translated but uses windows-1255 encoding instead of unicode. And Yonatan was looking for some automatic filtering of incoming messages. I don't see that feature in Squirrelmail or any plugins. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il This mail was received via Mail-SeCure System. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Roundcubemail is using TinyMCE editor which supports Hebrew oob and has a GREAT translation ( me :) ) It's indeed new but with avid contributors. The next version will have an improved support for plugins, which are accumulating quickly. Some people from the community are offering it to their customers' base so I assume it's not that bad :) I mamnaged to import all my contacts from a spreadsheet and many from the community are using ldap. It's very easy to install and use, so try it. I'm using also Squirrlemail which is extremely rubust and with many plugins but Hebrew support is weak ( you can use an editor through an unfriendly plugin ) and it's UI is stale at best. Bottom line: If you need a quick and dirty tool that just works - squirrlemail. If you are looking for a modern tool with potential and good Hebrew support - Roundcubemail. If you are looking for Gmail replacement - go elsewhere. PS I'm not aware of any vulnerability. -- Moish ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Hi Dave, Some features that would be nice to have are FCC for both incomming and outgoing messages, like al/pine has, and the ability to compose plain text messages without using HTML. Regards, - yba On Tue, 18 Aug 2009, Dave Stav wrote: Date: Tue, 18 Aug 2009 09:08:30 +0300 From: Dave Stav d...@tkos.co.il To: linux-il@cs.huji.ac.il Subject: Suggestion for a webmail application with good Hebrew Support Dear list members, We are looking for a webmail application that has good support in Hebrew messages (encoding and ltr/rtl). So far, it seems to me that roundcube-webmail is the best candidate, but also considering: Open WebMail IMP SquirrelMail roundcube Any suggestions? Thanks, Dave -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Google Applications. It's free and it's great Don't even think about hosting your own Webmail - On Tue, Aug 18, 2009 at 9:08 AM, Dave Stav d...@tkos.co.il wrote: Dear list members, We are looking for a webmail application that has good support in Hebrew messages (encoding and ltr/rtl). So far, it seems to me that roundcube-webmail is the best candidate, but also considering: Open WebMail IMP SquirrelMail roundcube Any suggestions? Thanks, Dave -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}---ooO--U--Ooo-{= - d...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
On Tue, 18 Aug 2009, Danny Lieberman wrote: Date: Tue, 18 Aug 2009 11:09:21 +0300 From: Danny Lieberman dan...@software.co.il To: Dave Stav d...@tkos.co.il Cc: linux-il@cs.huji.ac.il Subject: Re: Suggestion for a webmail application with good Hebrew Support Google Applications. It's free and it's great Don't even think about hosting your own Webmail - We need to host our own in this case for security and privacy reasons. - yba On Tue, Aug 18, 2009 at 9:08 AM, Dave Stav d...@tkos.co.il wrote: Dear list members, We are looking for a webmail application that has good support in Hebrew messages (encoding and ltr/rtl). So far, it seems to me that roundcube-webmail is the best candidate, but also considering: Open WebMail IMP SquirrelMail roundcube Any suggestions? Thanks, Dave -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}---ooO--U--Ooo-{= - d...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Yonatan what you're saying is that you are capable of managing security better than google. that is highly arguable. Our own experience is that we ran qmail/squirrel qmail/clamAV/Spam Assassin for 5 years thru 2007. In 2007 - the amount of administration and image spam made the entire exercise non cost-effective and a huge mail dos attack on a customer's setup changed my mind permanently. I migrated 4 email domains to Google Apps and I have not looked back since. From a system security perspective - I don't have to worry about patching, ddos attacks and web defacing attacks. from a data security/privacy perspective - Google is better at managing personal data than you are, hands down. -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 2009/8/18 Jonathan Ben Avraham y...@tkos.co.il On Tue, 18 Aug 2009, Danny Lieberman wrote: Date: Tue, 18 Aug 2009 11:09:21 +0300 From: Danny Lieberman dan...@software.co.il To: Dave Stav d...@tkos.co.il Cc: linux-il@cs.huji.ac.il Subject: Re: Suggestion for a webmail application with good Hebrew Support Google Applications. It's free and it's great Don't even think about hosting your own Webmail - We need to host our own in this case for security and privacy reasons. - yba On Tue, Aug 18, 2009 at 9:08 AM, Dave Stav d...@tkos.co.il wrote: Dear list members, We are looking for a webmail application that has good support in Hebrew messages (encoding and ltr/rtl). So far, it seems to me that roundcube-webmail is the best candidate, but also considering: Open WebMail IMP SquirrelMail roundcube Any suggestions? Thanks, Dave -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}---ooO--U--Ooo-{= - d...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
On Tue, 18 Aug 2009, Danny Lieberman wrote: Date: Tue, 18 Aug 2009 11:41:38 +0300 From: Danny Lieberman dan...@software.co.il To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: Suggestion for a webmail application with good Hebrew Support Yonatan what you're saying is that you are capable of managing security better than google. that is highly arguable. No, there's no argument here. With Google you have no way of knowing or insuring the security of your content. For this application we can't rely on third-party storage. (period) We have been managing a number of servers for clients for many years, in a cost-effective manner, with minimal spam. Most are based on PostFix with our own spam filter that is somewhat more effective than Spam Assassin. - yba Our own experience is that we ran qmail/squirrel qmail/clamAV/Spam Assassin for 5 years thru 2007. In 2007 - the amount of administration and image spam made the entire exercise non cost-effective and a huge mail dos attack on a customer's setup changed my mind permanently. I migrated 4 email domains to Google Apps and I have not looked back since. From a system security perspective - I don't have to worry about patching, ddos attacks and web defacing attacks. from a data security/privacy perspective - Google is better at managing personal data than you are, hands down. -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
good for you. I disagree with the Google security statement and since my cost is zero for spam free content and always up mail services for 4 business units I would say that zero is always more cost-effective than your own time. I can't argue the security point with you because there are always two facets of security - feeling secure and being secure (as Bruce Schneier pointed out a while back) You feel more secure DIY (and are probably factually less secure) I feel more secure with Google Apps (and are probably factually more secure) d On Tue, Aug 18, 2009 at 11:51 AM, Jonathan Ben Avraham y...@tkos.co.ilwrote: On Tue, 18 Aug 2009, Danny Lieberman wrote: Date: Tue, 18 Aug 2009 11:41:38 +0300 From: Danny Lieberman dan...@software.co.il To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: Suggestion for a webmail application with good Hebrew Support Yonatan what you're saying is that you are capable of managing security better than google. that is highly arguable. No, there's no argument here. With Google you have no way of knowing or insuring the security of your content. For this application we can't rely on third-party storage. (period) We have been managing a number of servers for clients for many years, in a cost-effective manner, with minimal spam. Most are based on PostFix with our own spam filter that is somewhat more effective than Spam Assassin. - yba Our own experience is that we ran qmail/squirrel qmail/clamAV/Spam Assassin for 5 years thru 2007. In 2007 - the amount of administration and image spam made the entire exercise non cost-effective and a huge mail dos attack on a customer's setup changed my mind permanently. I migrated 4 email domains to Google Apps and I have not looked back since. From a system security perspective - I don't have to worry about patching, ddos attacks and web defacing attacks. from a data security/privacy perspective - Google is better at managing personal data than you are, hands down. -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
On Tuesday 18 August 2009, Danny Lieberman wrote: Google Applications. It's free and it's great Don't even think about hosting your own Webmail - Don't forget that Google is a public company and will do whatever is in the best interest of its stock holders, regardless of your interest as their user. Relying on a commercial company giving you free service with your business/personal critical data is your decision. Just make sure you understand what you are giving up (freedom) by using this service. Yes, I am hosting my own webmail service. No, I do not know how secure is a Google web app, as I don't know how secure is any other closed source application. Anything you assume about their security is based on your assumption only. --y On Tue, Aug 18, 2009 at 9:08 AM, Dave Stav d...@tkos.co.il wrote: Dear list members, We are looking for a webmail application that has good support in Hebrew messages (encoding and ltr/rtl). So far, it seems to me that roundcube-webmail is the best candidate, but also considering: Open WebMail IMP SquirrelMail roundcube Any suggestions? Thanks, Dave -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}---ooO--U--Ooo--- --{= - d...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- Yuval Hager [T] +972-77-341-4255 == Notice new number [...@] yu...@avramzon.net signature.asc Description: This is a digitally signed message part. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Danny Lieberman wrote: You feel more secure DIY (and are probably factually less secure) I feel more secure with Google Apps (and are probably factually more secure) I like the way you give your opinion, and then back it up by your opinion of how things are. People don't leave space for the possibility of being wrong. More to the point, security is a multi-facet problem. You worry about your server being broken into and third parties listening in on your email, and therefor decide that Google will likely do it better. It's a legitimate choice, but it is very far from being the only consideration, or even the only conclusion. Myself, I worry more about third parties having access to my data, and that includes Google themselves. Your claimed price of zero disregards certain costs. For example, you do not count the cost in loss of privacy and the cost of having your emails available for parties to summon from Google using the court system without your knowledge. Obviously, these may not be concerns for you, and as such, may not be something you count as cost. That is fine, so long as you do not have the hubris to claim that this applies to everyone. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
On Aug 18, 2009, at 2:47 PM, Shachar Shemesh wrote: Your claimed price of zero disregards certain costs. For example, you do not count the cost in loss of privacy and the cost of having your emails available for parties to summon from Google using the court system without your knowledge. Obviously, these may not be concerns for you, and as such, may not be something you count as cost. That is fine, so long as you do not have the hubris to claim that this applies to everyone. Good point. I just want to point out that since Google is in the State of California, not the State of Israel, if your company is not incorporated in the US, or registered with the State of California as a foreign (out of state) corportation it's a court system in which you have no legal standing. IAMNAL, but a similar condition exists for the Federal court system too. Geoff. -- geoffrey mendelson N3OWJ/4X1GM Jerusalem Israel geoffreymendel...@gmail.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Danny Lieberman wrote: Shachar, Geoff b) the threat probability of one of our operations getting a US court injunction is so low that I don't even bother with security countermeasures. OTOH - the threat of dos/web defacing/site downtime/poor response time is high enough that we considered and eventually deployed outsourced services for messaging and hosting. We use slicehost, rackspace.com http://rackspace.com and Google Apps. Dev servers are inhouse. Your threat level rises significantly when you use free services. If you are going to be using Google's services for your business, my recommendation is that you find a route in which you pay them for it. The logic is that by paying them, you are creating accountability of them to you. Many of the privacy concerns diminish significantly as a result. I'll add that, specifically with Google, the amount of concentrated cross-referencable personal info is what bothers me the most. Apropos - My personal estimate is that the probability of a privacy breach is higher in the Israeli Ministry of Defense than in GooglePlex. Not when my own servers are involved. At least not without my knowledge. d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. So you are, essentially, saying that you agree with me to a degree, but don't go quite as far. 3) we physically destroy hard disks (it's fun...) That I'm curios about. What do you specifically do to destroy the hard disk? The way I see it, either you believe that recover seven generations is not possible (like some do), in which case just do dd if=/dev/urandom of=/dev/sdb followed by dd if=/dev/zero of=/dev/sdb (or just settle for the later), or you believe that it is possible, in which case the only solution I know of is melting the drive's plates. Personally, I don't have any way to do the later, so I just do the former and hope that my attackers don't have the $100K+ it allegedly requires to recover the data. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Shachar You see - that as soon as we start talking about money, the risk assessment discussion gets more serious. 1. Google Apps Premium is $50/user/year ( higher volume/more demanding service levels). Google Apps Standard is free - we use it for our community involvement sites like www.jpbigband.org The Google security and privacy policy is same in both cases. 2. Ask Gaby Askenazi about privacy in the MOD You're a pro. Most of our clients don't have the foggiest idea what's happening inside their network. 3. Use a 10kg hammer. We have clients that insist on physical destruction of the data disk after a network surveillance. d On Tue, Aug 18, 2009 at 4:21 PM, Shachar Shemesh shac...@shemesh.bizwrote: Danny Lieberman wrote: Shachar, Geoff b) the threat probability of one of our operations getting a US court injunction is so low that I don't even bother with security countermeasures. OTOH - the threat of dos/web defacing/site downtime/poor response time is high enough that we considered and eventually deployed outsourced services for messaging and hosting. We use slicehost, rackspace.com and Google Apps. Dev servers are inhouse. Your threat level rises significantly when you use free services. If you are going to be using Google's services for your business, my recommendation is that you find a route in which you pay them for it. The logic is that by paying them, you are creating accountability of them to you. Many of the privacy concerns diminish significantly as a result. I'll add that, specifically with Google, the amount of concentrated cross-referencable personal info is what bothers me the most. Apropos - My personal estimate is that the probability of a privacy breach is higher in the Israeli Ministry of Defense than in GooglePlex. Not when my own servers are involved. At least not without my knowledge. d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. So you are, essentially, saying that you agree with me to a degree, but don't go quite as far. 3) we physically destroy hard disks (it's fun...) That I'm curios about. What do you specifically do to destroy the hard disk? The way I see it, either you believe that recover seven generations is not possible (like some do), in which case just do dd if=/dev/urandom of=/dev/sdb followed by dd if=/dev/zero of=/dev/sdb (or just settle for the later), or you believe that it is possible, in which case the only solution I know of is melting the drive's plates. Personally, I don't have any way to do the later, so I just do the former and hope that my attackers don't have the $100K+ it allegedly requires to recover the data. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd.http://www.lingnu.com -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Danny Lieberman wrote: 3. Use a 10kg hammer. We have clients that insist on physical destruction of the data disk after a network surveillance. Do you, at least, FIRST run the dd? I'm sure you realize that recovering data from a disk that got only the 10KG hammer is much easier (and cheaper) than recovering data from one that got only the dd treatment. As an added bonus, you just marked that disk as interesting by physically destroying it :-) Personally, I think the best solution for anyone who cannot afford to physically melt the disk platters is to dd the entire disk, and THEN GO ON USING IT for another project. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
yes - dd + hammer. true story - we did a security audit for a h-tech client who conveniently put all their decommissioned disks in a barrel in the yard of the factory. :-) On Tue, Aug 18, 2009 at 4:50 PM, Shachar Shemesh shac...@shemesh.bizwrote: Danny Lieberman wrote: 3. Use a 10kg hammer. We have clients that insist on physical destruction of the data disk after a network surveillance. Do you, at least, FIRST run the dd? I'm sure you realize that recovering data from a disk that got only the 10KG hammer is much easier (and cheaper) than recovering data from one that got only the dd treatment. As an added bonus, you just marked that disk as interesting by physically destroying it :-) Personally, I think the best solution for anyone who cannot afford to physically melt the disk platters is to dd the entire disk, and THEN GO ON USING IT for another project. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd.http://www.lingnu.com -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
RE: Suggestion for a webmail application with good Hebrew Support
Note that if you're going to dd, at least use if=/dev/urandom. Running dd several (10) times is best (or using shred(1), which does the same). Rony _ From: linux-il-boun...@cs.huji.ac.il [mailto:linux-il-boun...@cs.huji.ac.il] On Behalf Of Shachar Shemesh Sent: Tuesday, August 18, 2009 4:51 PM To: Danny Lieberman Cc: ILUG; geoffrey mendelson Subject: Re: Suggestion for a webmail application with good Hebrew Support Danny Lieberman wrote: 3. Use a 10kg hammer. We have clients that insist on physical destruction of the data disk after a network surveillance. Do you, at least, FIRST run the dd? I'm sure you realize that recovering data from a disk that got only the 10KG hammer is much easier (and cheaper) than recovering data from one that got only the dd treatment. As an added bonus, you just marked that disk as interesting by physically destroying it :-) Personally, I think the best solution for anyone who cannot afford to physically melt the disk platters is to dd the entire disk, and THEN GO ON USING IT for another project. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
ronys wrote: Note that if you're going to dd, at least use if=/dev/urandom. Running dd several (10) times is best (or using shred(1), which does the same). Rony I am familiar with the urban legend. From what I read about the technique by which you reconstruct older generation data, I'm not sure it would make that much of a difference. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
rony good point.shred with strings of zeroes is probably even better than erasing. d 2009/8/18 ronys ro...@gmx.net Note that if you're going to dd, at least use if=/dev/urandom. Running dd several (10) times is best (or using shred(1), which does the same). Rony -- *From:* linux-il-boun...@cs.huji.ac.il [mailto: linux-il-boun...@cs.huji.ac.il] *On Behalf Of *Shachar Shemesh *Sent:* Tuesday, August 18, 2009 4:51 PM *To:* Danny Lieberman *Cc:* ILUG; geoffrey mendelson *Subject:* Re: Suggestion for a webmail application with good Hebrew Support Danny Lieberman wrote: 3. Use a 10kg hammer. We have clients that insist on physical destruction of the data disk after a network surveillance. Do you, at least, FIRST run the dd? I'm sure you realize that recovering data from a disk that got only the 10KG hammer is much easier (and cheaper) than recovering data from one that got only the dd treatment. As an added bonus, you just marked that disk as interesting by physically destroying it :-) Personally, I think the best solution for anyone who cannot afford to physically melt the disk platters is to dd the entire disk, and THEN GO ON USING IT for another project. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd.http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
2009/8/18 Danny Lieberman dan...@software.co.il: d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. 1) None of our really sensitive assets are on Google Apps and that includes Calendar and Mail So what's left from your use of Google? BTW - do you (the plural you to the entire list) consider mail hosting by other companies besides Google as more secure? The BHP's at my workplace (the sales/CEO office in the US) insisted on Exhange server, so we opted for a hosted exchange instead of the white-box-you-shouldn't-breath-near-its-power-cord in-house exchange server I inherited on the other side of the Pacific from California. --Amos ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
RE: Suggestion for a webmail application with good Hebrew Support
Hi Shachar, 'urban legend' may be a bit strong. The reference I had in mind was http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html which is a bit dated (circa 1996, plus a couple of undated epilogues), but still an interesting read. Of course, if you're going to keep sensitive data on magentic media, it's *much* easier to use an encrypted partition (e.g., dm-crypt http://www.saout.de/misc/dm-crypt/ http://www.saout.de/misc/dm-crypt/ or TrueCrypt http://www.truecrypt.org/) and securely destroy the keys. Rony _ From: linux-il-boun...@cs.huji.ac.il [mailto:linux-il-boun...@cs.huji.ac.il] On Behalf Of Shachar Shemesh Sent: Tuesday, August 18, 2009 5:17 PM To: ro...@acm.org Cc: 'ILUG' Subject: Re: Suggestion for a webmail application with good Hebrew Support ronys wrote: Note that if you're going to dd, at least use if=/dev/urandom. Running dd several (10) times is best (or using shred(1), which does the same). Rony I am familiar with the urban legend. From what I read about the technique by which you reconstruct older generation data, I'm not sure it would make that much of a difference. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Amos Shapira wrote: 2009/8/18 Danny Lieberman dan...@software.co.il: d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. 1) None of our really sensitive assets are on Google Apps and that includes Calendar and Mail So what's left from your use of Google? BTW - do you (the plural you to the entire list) consider mail hosting by other companies besides Google as more secure? In most aspects, yes. First, another provider will likely be a smaller target (security by anonymity). Second, another provider are not cross linking your emails with other things they know about you. Granted, that's mostly because they don't have that other info, but whatever the reason - it works. As for traditional security - Google's extra size is a mixed blessing. I wouldn't work with someone small using a tailor made solution, but someone using a standard solution is likely, in the long run, to provide comparable security level to those Google provide (theoretical more chance of being vulnerable is offset by less chance of being exploited). Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Shachar On the Internet - size is not an indication of threat surface. Ability to provision and maintain is more important. You have to engineer your solution to your needs. For us - the combination of Google Apps, slicehost (for smaller projects) / rackspace (for big projects) rocks. Google Apps Mail and Calendar are amazing applications especially if you have colleagues in 5 or 6 time zones and people with iphones and blackberries like we do I can't believe that there are people on Linux-IL who seriously consider Squirrel Mail a competitor. d On Tue, Aug 18, 2009 at 5:44 PM, Shachar Shemesh shac...@shemesh.bizwrote: Amos Shapira wrote: 2009/8/18 Danny Lieberman dan...@software.co.il dan...@software.co.il: d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. 1) None of our really sensitive assets are on Google Apps and that includes Calendar and Mail So what's left from your use of Google? BTW - do you (the plural you to the entire list) consider mail hosting by other companies besides Google as more secure? In most aspects, yes. First, another provider will likely be a smaller target (security by anonymity). Second, another provider are not cross linking your emails with other things they know about you. Granted, that's mostly because they don't have that other info, but whatever the reason - it works. As for traditional security - Google's extra size is a mixed blessing. I wouldn't work with someone small using a tailor made solution, but someone using a standard solution is likely, in the long run, to provide comparable security level to those Google provide (theoretical more chance of being vulnerable is offset by less chance of being exploited). Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd.http://www.lingnu.com -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
ronys wrote: Hi Shachar, 'urban legend' may be a bit strong. The reference I had in mind was http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html http://www.cs.auckland.ac.nz/%7Epgut001/pubs/secure_del.html which is a bit dated (circa 1996, plus a couple of undated epilogues), but still an interesting read. Of course, if you're going to keep sensitive data on magentic media, it's *much* easier to use an encrypted partition (e.g., dm-crypt http://www.saout.de/misc/dm-crypt/ or TrueCrypt http://www.truecrypt.org/) and securely destroy the keys. Rony Thanks. That seems like an excellent resource (with reasoning, unlike what I'm used to :-). I haven't delved into it, yet, but its description of how the drive actually writes data to the disk differs dramatically from what I remember described the last time I saw a description of the recovery process (it claims the 1 and 0 are merely encoded as magnetic polarity, while I remember them being modulated on a sine wave). Which it actually is, I'm not sure, but the reasoning your article states for using random data (create as low a frequency as possible given the disk's RLE) is negated if the data is actually modulated. Unfortunately, I have lost track of my previous source, but pending further analysis, I'm willing to retract my definitive claim that needing to use random data is an urban myth. Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
2009/8/18 Danny Lieberman dan...@software.co.il Shachar On the Internet - size is not an indication of threat surface. Ability to provision and maintain is more important. You have to engineer your solution to your needs. For us - the combination of Google Apps, slicehost (for smaller projects) / rackspace (for big projects) rocks. Google Apps Mail and Calendar are amazing applications especially if you have colleagues in 5 or 6 time zones and people with iphones and blackberries like we do I can't believe that there are people on Linux-IL who seriously consider Squirrel Mail a competitor. There you go again with the Don't even think about hosting your own Webmail Danny - There are companies out there which consider internal mail as classified - Hosting the emails on third-party servers, even encrypted versions of the emails, is simply a security threat. It's called keeping your data close to home, and it's quite important, especially when your content might be problematic in other jurisdictions. And anyway - no one outside of my company network/VPN should have IMAP/POP3 access to the mail server. With Google Apps you carefully craft your office firewall rules, then move mailbox access to *outside* of the network??!! -mike d On Tue, Aug 18, 2009 at 5:44 PM, Shachar Shemesh shac...@shemesh.bizwrote: Amos Shapira wrote: 2009/8/18 Danny Lieberman dan...@software.co.il dan...@software.co.il: d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. 1) None of our really sensitive assets are on Google Apps and that includes Calendar and Mail So what's left from your use of Google? BTW - do you (the plural you to the entire list) consider mail hosting by other companies besides Google as more secure? In most aspects, yes. First, another provider will likely be a smaller target (security by anonymity). Second, another provider are not cross linking your emails with other things they know about you. Granted, that's mostly because they don't have that other info, but whatever the reason - it works. As for traditional security - Google's extra size is a mixed blessing. I wouldn't work with someone small using a tailor made solution, but someone using a standard solution is likely, in the long run, to provide comparable security level to those Google provide (theoretical more chance of being vulnerable is offset by less chance of being exploited). Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd.http://www.lingnu.com -- Danny Lieberman - Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
Mike Allow me to give you a cold dose of reality A. Internal email is never 'confidential'. 1. As long as you have Web access, mobile devices and USB sticks - you may assume that everything an employee has access to in the company can and will be sent to people outside the company. This is not a fantasy - this is what happens at every account we work with. 2. People with VPN access to mail inside your company can and will take mail and other data into their own domain (home, business partner office, outsourcing partner, contractor). You have no control over the data flow just because you have a VPN - as a matter of fact - because you have a VPN - you are lulled into false sense of security. 3. You can try DRM / IRM and / or shutdown attachments in your enterprise email. Your employees will take the data home on a USB stick and email it from home or ftp it or IM it or tunnel it or proxy it. We had a case data was leaked by users with IM tunneled over telnet tunneled over HTTP. 4. Internal mail systems have a back door from home/business partners/contractors into the the office on the OWA/Squirrelmail/PoP/IMAP over VPN - It's a common way to inject malicious content into the network, usually unwittingly B. There are no free lunches 1. It is discouraging to consider the number of companies that are doing a poor job managing their messaging infrastructure - i.e. frequent downtime, capacity issues, inbound/outbound content abuse and data theft. 2. The cost of ownership for internal mail is high. The companies that manage their own mail infrastructure invest a lot of money and head count to get it right. The alternative most companies take is to outsource - and expose their data to a person who works at your company in the morning and at a competitor in the afternoon. 3. Inbound content security takes a fair chunk of IT/IT security management attention and change. More than is reasonable it a company with over 1000 employees. To set the record straight - my comment about preferring Google Apps mail/calendar related to a fairly innocent question by Yonatan regarding the allternatives to Squirell Mail etc for Hebrew support. From a usability perspective, - OWA and Gmail have it way over the OSS products. From a TCO perspective - For a SME - Google Apps Mail/Calendar is probably a better fit for a business than outsourcing to Matrix or doing it yourself. From a security perspective - there is no single silver bullet, but I'd like you to consider the following security countermeasures for protecting information: 1. Implemement a chokepoint and control inbound/outbound data flow at the chokepoint 2. Have a professionally managed service from a trusted vendor (if you trust dreamhost more than Google - go for it) 3. Have a single 24x7 point of service contact I don't sell Google Apps but I suggest reading their story at http://www.google.com/apps/intl/en/business/details.html I am glad there has been such a lively discussion. Danny http://www.dannylieberman.info On Tue, Aug 18, 2009 at 10:39 PM, Michael Tewner tew...@gmail.com wrote: 2009/8/18 Danny Lieberman dan...@software.co.il Shachar On the Internet - size is not an indication of threat surface. Ability to provision and maintain is more important. You have to engineer your solution to your needs. For us - the combination of Google Apps, slicehost (for smaller projects) / rackspace (for big projects) rocks. Google Apps Mail and Calendar are amazing applications especially if you have colleagues in 5 or 6 time zones and people with iphones and blackberries like we do I can't believe that there are people on Linux-IL who seriously consider Squirrel Mail a competitor. There you go again with the Don't even think about hosting your own Webmail Danny - There are companies out there which consider internal mail as classified - Hosting the emails on third-party servers, even encrypted versions of the emails, is simply a security threat. It's called keeping your data close to home, and it's quite important, especially when your content might be problematic in other jurisdictions. And anyway - no one outside of my company network/VPN should have IMAP/POP3 access to the mail server. With Google Apps you carefully craft your office firewall rules, then move mailbox access to *outside* of the network??!! -mike d On Tue, Aug 18, 2009 at 5:44 PM, Shachar Shemesh shac...@shemesh.bizwrote: Amos Shapira wrote: 2009/8/18 Danny Lieberman dan...@software.co.il dan...@software.co.il: d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. 1) None of our really sensitive assets are on Google Apps and that includes Calendar and Mail So what's left from your use of Google? BTW - do you (the plural you to the entire list) consider mail hosting by other companies besides Google as more secure? In most aspects, yes. First, another provider will likely be
Re: Suggestion for a webmail application with good Hebrew Support
Danny Lieberman wrote: Mike To set the record straight - my comment about preferring Google Apps mail/calendar related to a fairly innocent question by Yonatan regarding the allternatives to Squirell Mail etc for Hebrew support. Then lets, do, return to the original question. Does gmail know how to send email where paragraphs are marked as RTL? In fact, can it send any HTML mail at all? Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
2009/8/19 Shachar Shemesh shac...@shemesh.biz Danny Lieberman wrote: Mike To set the record straight - my comment about preferring Google Apps mail/calendar related to a fairly innocent question by Yonatan regarding the allternatives to Squirell Mail etc for Hebrew support. Then lets, do, return to the original question. Does gmail know how to send email where paragraphs are marked as RTL? In fact, can it send any HTML mail at all? Apparently it can't separate hebrew/english paragraph direction. This message is written in GMail using the rich text format, which as far as I'm aware is just HTML. --Amos ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Suggestion for a webmail application with good Hebrew Support
2009/8/19 Danny Lieberman dan...@software.co.il I don't sell Google Apps but I suggest reading their story at http://www.google.com/apps/intl/en/business/details.html To ask my question again - if you say that you use Google Apps but not Google Docs or GMail or Calendar - so what's left in Google Apps besides it? --Amos ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il