11 Oct
2012
11 Oct
'12
3:22 p.m.
As far as I can check it, the systems in Cray-Cyber.org are down *all
the time* (with the exception of the 'login' front-end).
Somebody know what happens with this initiative ?
Regards
SPc.
12 Oct
12 Oct
11:16 a.m.
On 10/11/2012 03:22 PM, SPC wrote:
As far as I can check it, the systems in
Cray-Cyber.org are down *all
the time* (with the exception of the 'login' front-end).
Somebody know what happens with this initiative ?
Do you actually get a response from a telnet to 93.104.238.74? I
don't--it times out. Likewise, a ping fails.
--Chuck
12:06 p.m.
Yes, SSH is up... but no one of the systems (once identified) is up.
At least in my last connections.
Regards.
Sergio
2012/10/12 Dennis Boone <drb at msu.edu>:
Do you
actually get a response from a telnet to 93.104.238.74? I
don't--it times out. Likewise, a ping fails.
Ping fails everywhere these days. For some reason people think it
increases security to block it.
Telnet appears to be down, but SSH is up.
De 
1:22 p.m.
On 10/12/2012 02:43 PM, Dennis Boone wrote:
The world seems to have no shortage of clueless and incompetent
network admins. I enjoy cleaning up their messes (or more properly,
getting paid to) but it does make my neck sore from all the head-shaking.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
Do you
actually get a response from a telnet to 93.104.238.74? I
don't--it times out. Likewise, a ping fails.
Ping fails everywhere these days. For some reason people think it
increases security to block it. 
3:11 p.m.
On Fri, 12 Oct 2012, Dennis Boone wrote:
Correction -- people block /all/ ICMP traffic thinking that it somehow
increases security and then don't understand why basic stuff like TCP
doesn't work quite right.
Do you
actually get a response from a telnet to 93.104.238.74? I
don't--it times out. Likewise, a ping fails.
Ping fails everywhere these days. For some reason people think it
increases security to block it. 
4:40 p.m.
New subject: Firewalling ICMPs [Re: Cray-Cyber... down ?]
[...] people block /all/ ICMP traffic thinking that it
somehow
increases security
Well, to be fair, it does. It's just that the additional increment in
security it provides is so small compared to the price it exacts that
it's rarely an appropriate tradeoff to make.
But even understanding that there _is_ a tradeoff, much less actually
making it appropriately, is something far too few people do.
and then don't understand why basic stuff like TCP
doesn't work quite
right.
Yes. The price. :)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
5:16 p.m.
New subject: Firewalling ICMPs [Re: Cray-Cyber... down ?]
On Fri, 12 Oct 2012, Mouse wrote:
In such a case then block ICMP type 8 (echo) inbound but don't block ICMP
type 3 (destination unreachable), 11 (time exceeded), and heck even type 4
(source quench), /both/ inbound and outbound... I can't count the number
of times I've seen someone do this.
The ICMP protocol is essential for normal TCP function and contrary to
what these "Must block all ICMPs!" fools think is used for a whole lot of
stuff. http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
To be fair however, the people who tend to do this are the same people who
try to block all UDP traffic and/or who block tcp/53 and then wonder why
their DNS requests randomly fail...
[...] people
block /all/ ICMP traffic thinking that it somehow
increases security
Well, to be fair, it does. It's just that the additional increment in
security it provides is so small compared to the price it exacts that
it's rarely an appropriate tradeoff to make.
But even understanding that there _is_ a tradeoff, much less actually
making it appropriately, is something far too few people do.
and then don't understand why basic stuff
like TCP doesn't work quite
right.
Yes. The price. :) 
5:25 p.m.
New subject: Firewalling ICMPs [Re: Cray-Cyber... down ?]
On Fri, Oct 12, 2012 at 07:16:51PM -0500, Tothwolf wrote:
On Fri, 12 Oct 2012, Mouse wrote:
In such a case then block ICMP type 8 (echo) inbound but don't block ICMP
type 3 (destination unreachable), 11 (time exceeded), and heck even type 4
(source quench), /both/ inbound and outbound... I can't count the number
of times I've seen someone do this.
The ICMP protocol is essential for normal TCP function and contrary to
what these "Must block all ICMPs!" fools think is used for a whole lot of
stuff. http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
To be fair however, the people who tend to do this are the same people who
try to block all UDP traffic and/or who block tcp/53 and then wonder why
their DNS requests randomly fail...
bah. who needs PMTU discovery anyway.
--
- db at FreeBSD.org db at db.net http://www.db.net/~db
Nowadays tar can compress using yesterdays latest technologies!
[...]
people block /all/ ICMP traffic thinking that it somehow
increases security
Well, to be fair, it does. It's just that the additional increment in
security it provides is so small compared to the price it exacts that
it's rarely an appropriate tradeoff to make.
But even understanding that there _is_ a tradeoff, much less actually
making it appropriately, is something far too few people do.
and then don't understand why basic stuff
like TCP doesn't work quite
right.
Yes. The price. :)
5:32 p.m.
New subject: Firewalling ICMPs [Re: Cray-Cyber... down ?]
Well, going in using SSH shows all systems down for me too. But telnet
access goes into the bit bucket. That thing must be pretty full
now--where do they empty it out?
--Chuck
23 Oct
23 Oct
3:29 a.m.
On Fri, Oct 12, 2012 at 02:43:50PM -0400, Dennis Boone wrote:
Some (clueless) people believe that. But there are still people around who
actually understand networking. For instance, the Google public DNS servers
respond to ping just fine (which is why "ping 8.8.8.8" is one of my simpler
"is external connectivity working" tests).
Kind regards,
Alex.
--
"Opportunity is missed by most people because it is dressed in overalls and
looks like work." -- Thomas A. Edison
Do you
actually get a response from a telnet to 93.104.238.74? I
don't--it times out. Likewise, a ping fails.
Ping fails everywhere these days. For some reason people think it
increases security to block it. 
4:05 a.m.
Alexander Schreiber <als at thangorodrim.de> wrote:
On Fri, Oct 12, 2012 at 02:43:50PM -0400, Dennis Boone
wrote:
Some (clueless) people believe that. But there are still people around who
actually understand networking. For instance, the Google public DNS servers
respond to ping just fine (which is why "ping 8.8.8.8" is one of my simpler
"is external connectivity working" tests).
And back on-topic (which I've missed apparently), ssh seems to work just fine.
I guess they've cancelled the telnet service.
re,
Sander
Do you
actually get a response from a telnet to 93.104.238.74? I
don't--it times out. Likewise, a ping fails.
Ping fails everywhere these days. For some reason people think it
increases security to block it.
5:01 a.m.
SPC <spedraja at ono.com> wrote:
I connect using SSH. The problem is the lack of started systems once
you pass through the door.
Did not know that. Hadn't heard of the site till that last message :) And
that
seemed to be about not being able to telnet to the login server.
There's nothing running anymore? Was just about to sign up, tbh.
re,
Sander
12 Oct
12 Oct
1:03 p.m.
On 12.10.2012 00:22, SPC wrote:
As far as I can check it, the systems in
Cray-Cyber.org are down *all
the time* (with the exception of the 'login' front-end).
Somebody know what happens with this initiative ?
The hall where they keep the systems is closed because of maintenance
work on the roof and can't be accessed for security reasons. Wolfgang
Stief gave a talk on the project at VCFE 13.0 in Munich and showed some
pictures of the current state of the hall.
Regards, Anke
1:45 p.m.
Danke/Thanks, Anke.
Did W.Stief gave some notice about a moment in the future where the
systems would be available again ?
Regards
Sergio
2012/10/12 Anke Stueber <stueberahoo at yahoo.de>:
On 12.10.2012 00:22, SPC wrote:
As far as I can check it, the systems in
Cray-Cyber.org are down *all
the time* (with the exception of the 'login' front-end).
Somebody know what happens with this initiative ?
The hall where they keep the systems is closed because of maintenance
work on the roof and can't be accessed for security reasons. Wolfgang
Stief gave a talk on the project at VCFE 13.0 in Munich and showed some
pictures of the current state of the hall.
Regards, Anke
4448
days inactive
4460
days old
16 comments
11 participants
participants (11)
-
als@thangorodrim.de -
cclist@sydex.com -
db@db.net -
drb@msu.edu -
mcguire@neurotica.com -
mouse@Rodents-Montreal.ORG -
reiche@ls-al.eu -
spedraja@gmail.com -
spedraja@ono.com -
stueberahoo@yahoo.de -
tothwolf@concentric.net