Am I missing something about how this story went missing from the front page? There is at least one story with less points posted 12 hours earlier that is still visisble there.
I'm the author of this post. What people who are unaware of the layout of the congress center don't realize is that the video starts when we were leaving. The door "inside" is actually to get "outside". I was told to leave in 5 minutes, I stayed where I was maybe 2 minutes and started walking (I'm not leaving anything out, it was just more of the first audio recording), and then was prevented from leaving the event by masked thugs who pretend to be real security guards on paper.
People assume I did something to deserve this, and I can live with that. But in reality it was nothing more than the list of domain names I own. I did my best to describe that here.
And this is one situation where you can easily distinguish mature, liberal people from hateful radical anarchists. I know which side I am on, I detest political violence and those who condone it.
You may have read me arguing the CCC side in other posts in this thread, but I'd also like to reach out to you and make clear that I very much give you the benefit of the doubt, particularly I'm not gonna assume you _intentionally_ did something.
What's driving my opinion is that an eviction at CCC doesn't just happen because a single person is offended by something you did. There's a whole bunch of people involved in the eviction, and presumably they agreed to some extent that something you did was inacceptable. Maybe there was something you didn't know, maybe drugs were involved, or maybe just something stupid happened. But somehow there was agreement that an eviction needs to happen.
Unfortunately, the CCC has a responsibility for what happens at a CCC event. The event is a representation of them, and so is what happens at the event and what they allow by their social rules. I hope you can retrospectively look at this with a clear head and find out what went wrong.
I don't want to judge who is right and who is wrong in this. Probably everyone involved could have prevented the final outcome of this.
But I think you are wrong with your assumption about the eviction and some other stuff.
Listening to the Audio before the whole incident it is basically said that VC needs to leave the venue immediately, and that they do not want to argue this any further with VC and he can call whoever he wants after he leaves the venue if he thinks he is treated unfair. Even if he had a valid reason to enter or a ticket at that point you have to follow the orders of the people tasked with security or official functions at the venue.
You can sue them afterwards for your ticket price or make a giant fuzz on social media, but if you get asked to leave by someone with authority in the venue, you leave. It's a very simple principle. In the end a guy in the recording even tells someone else to call the police in German. Everyone seems to be calm but fed up with VC, still there was no reason for violence at this point in any form or shape.
So something happened between the recording and the video.
And from the blog entry and the following video it's believeable that VC wanted to leave the venue. Knowing the venue from exhibitions and conferences, it is as he describes, he tried to get out and not back in when he was grabbed by multiple people who he claimed were staff / security. He was heading straight for the door not screaming or throwing punches or anything.
Now this is where it gets a bit complicated.
If you refuse to leave a venue, a professional security company will always try to isolate you and then tell you that the police is on it's way and because you are trespassing now you can't leave any longer. We make it clear to you that you are no longer able to leave because you broke the law and we are pressing charges as soon as the police arrives and that gives us the right to keep you in place and hand you over to the police.
If you do not cooperate we can use the least amount of force that is necessary to keep you in place until the police arrives. You can still phone, film or record as much as you like and nobody will touch you as long as you don't try to run or do anything stupid like grab a knife from your pocket or anything that could harm us. It's also not up to staff to steal your phone or prevent the recording.
So the question is if VC was told that police is on the way and then tried to leave the venue. Which would justify the use of force to keep him there, but not in the way it was applied which was very excessive and unprofessional.
That said, here are just two other pointers that this was not a professional security company or most likely not even people with proper certification.
- Proper security doesn't pull up hoodies and put on gloves to team on someone when they are aware that someone is filming. This looks more like Dodgers Antifa friends. Look at the video in the blog post and then at https://b3b76917eedfeb0c4dd3-af59c7b3e9e42ed4215be8c7a95ca95... and you'll see what I mean. Security doesn't dress this way, especially at any professional event. Who wants to look like a bunch of thugs representing a proper business?
- Proper security doesn't try to snatch an eyewitness phone and then tells them he can do shit "because you can't find me on the internet" after showing her crew sweater and face into camera. What a dumb bitch (personal opinion).
No matter how you look at it. VC has the right to stay unharmed and treated properly even if he broke the law and they are pressing charges. Germany is not an open PVP Zone like Texas. And it's CCCs responsibility to guarantee that people under their protection stay unharmed. Especially by their own staff or external service providers.
this individual shouldn't be allowed in the congress and banned for life. please consider reporting him to twitter too for all the racist garbage he spews https://news.ycombinator.com/item?id=21914674
I run an E-mail server with over 250,000 users. I started by following some generic "dovecot+postfix+mysql" tutorial on howtoforge and I'm still using mostly the same setup over 4 years later.
>Then your email doesn't work and you could be missing out on important communications
Pretty much every E-mail server will retry sending your E-mail for a long time (like 2 days is default on postfix). Once your mail server comes back up all of your E-mail you missed during the downtime will come in slowly as messages are retried
>you're scrambling to figure out how the spammers managed to exploit your setup this time
Any tutorial should point you in the right direction restricting open relay on your mail server, just basically requiring authentication to send E-mail outside of your server.
>I started writing an SMTP protocol handler in Haskell
Do you have any link to your progress? Postfix's configuration definitely shows age, but all of the options do important things that you could actually want to change. It seems other MTAs either have just as complicated configuration (to do the same things), or have stunted functionality.
>being secure and resistant to attacks by default
I agree about sensible and more secure defaults in configuration. But the application security of postfix and dovecot are both pretty robust[0][1]. Considering they are 19 and 15 years old, both applications have seen several developer-lifetimes of effort.
>we need more guides like this for us poor souls who do go down this route
I agree, though mediocre howtoforge tutorials seem to have worked fine for this poor soul.
Would you be able to share some stats, like how much disk space these accounts take up and such?
For larger scale e-mail sending I built my own MTA (https://github.com/zone-eu/zone-mta), our main instance sends about 750k emails a day (mostly normal ISP traffic, maybe 25% marketing emails) and its most valuable feature is juggling with IP addresses and blacklist detection, so if some mailbox gets hacked, starts sending out spam and the IP ends up in Spamhaus et al then this IP is removed from the list for other users automatically. Has saved us a ton of time.
Sure, the mail storage currently takes up 1.01TB, using dovecot's mdbox. This mail store started in January 2016, after the service got raided twice by german authorities[0] (at request of u.s. gov), otherwise it would be larger.
I'm not going to run like per-user stats but I know historically there's been about 11kb per E-mail on average, so that's about 90 million mails stored. The MTA itself sends and receives a bit over 20 million E-mails annually, so the extra from that is probably from the mailing list I run on the same server (where each message only counts as 1 for statistical purposes)
How I prevent outgoing abuse is a black box, but I do it well enough that mail from my server almost never ends up in spam. But given that it's a free service I definitely don't have the budget to warm up and dynamically scatter mail across IP space to maximize deliverability. Cool technique, though!
Oh, btw, the easiest way to test ZoneMTA would probably be to install the WildDuck mail server to some empty VPS. The install script, amongst other things, installs and configures ZoneMTA https://github.com/nodemailer/wildduck/tree/master/setup
What bugs me about the direction Keybase is going is that they still have not implemented a way of disabling the ability for users to send me encrypted messages.
I do not want Keybase to hoard encrypted messages I will never be able to read because I do not want to install their application on my computer. My Github issue for this has gone largely ignored:
I am thinking I am long overdue to placeholder my account until this is solved. I already have 10 encrypted messages I will never be able to read. I joined Keybase as a public key repository with external verification support, not for them to store private conversations -- encrypted or not.
> I joined Keybase as a public key repository with external verification support, not for them to store private conversations -- encrypted or not.
While I agree with your comments on feature-creep, in order for you to worry about someone having a copy of your encrypted communications you must assume that the encryption scheme is completely broken. This raises the question: why are you using PGP at all if you think the cryptography is broken?
Keybase has created an inbox in your name which in turn creates a social contract on your behalf to check it. Existing users signed up for something different, so no wonder some of them want to disable that feature.
Again, I agree with the feature-creep point. What I was asking about is why is the connotation about private messages seem to imply that they don't think encryption is sufficient for a third party to hold a copy of a message they will never read.
Not really. PFS is about protecting a long-term key from being broken and then historical communications being uncovered. If you receive a one-off message then it's not materially different to being PFS with just a single message.
I use PGP every day. Who messages me, how often, and at what times, is still private information and I should have a say in where and how that happens. My PGP-encrypted conversations tend to be much more sensitive than any other medium I use.
The cryptography is almost certainly not broken. That does not mean it won't be broken in the future. I would have the same concern if my TLS-encrypted traffic was being saved. If my ISP was saving TLS traffic or my XMPP provider (the one that I don't host, anyway) was saving OTR conversations, I would be equally concerned.
Even worse, actually. TLS (usually, nowadays) and OTR both employ forward secrecy. PGP does not, at least traditionally.
People could just post these encrypted messages on pastebin, Dropbox, whatever. It's someone else's choice to send you the message and paste it somewhere. You can choose to ignore it, but it's not really your right to tell someone else not to do it.
You're assuming they actually read the threads. It would be easier, and yield the same results, to merely read the headline, and write based on that. In fact, I'm sure a simple script could cover the majority of cases, leaving them to only need to write for the odd one their script can't cover.
I'm talking about image-based v2. I have better luck with them if I allow Javascript. I don't recall seeing the code pasting ones until recently. I often found v1 impossible. And buggy, in the sense that they kept repeating even when I clearly got them right.
Résumé/CV: https://vc.gg/ (autoplay video), real resume by request
Email: vc@cock.li
I'm an experienced linux system administrator currently employed for a U.S. company. In my spare time I run a public E-mail provider with 132,000 users, and a VPS provider with >$1K MRR. I'm interested in positions in the security or sysadmin space, with bonus points for companies providing services that respect users' privacy, or provide a tangibly beneficial product or service as part of their business model. I'm also open to development work but only as an aside. Sysadmin first, programmer second. A sense of humor is required as my side projects aren't exactly politically correct, though I keep work and my personal ventures completely separate.
Due to my work providing privacy-oriented services, I recently had $2,000 worth of electronics seized at the U.S. border because I refused to decrypt my electronic devices. Because of this, relocating to the U.S. is not an option.
https://archive.is/dtRg2 https://archive.is/8HK5y https://archive.is/yk5uU
Is there any transparency that could tell us why this change was made?