newsflash! cypherpunks mailing list is behind cloudflare-NSA

Greg Newby gbnewby at pglaf.org
Sat Jul 13 07:21:30 PDT 2019 

Thanks for the discussion and input on the DNS hosting. I appreciate the knowledge and speculation of the group.

Another newsflash! I turned off CDN in Cloudflare. All traffic (web, email, and any other IP traffic) will go straight to the (only) server at 65.50.255.19, 2604:3200:0:3:21e:67ff:fe86:ff9c/64.

For the curious, this is a server that is owned by the Project Gutenberg Literary Archive Foundation (a 501(c)3 charity that operates Project Gutenberg). I'm the long-time director & CEO. The server is a real physical server, not a VM or cloud-hosted. It hosts a few other domains, including companies of my wife & mother-in-law. Also our hobby site for dog mushing, https://www.stinkypup.net .. 

The server lives in a Castle Access facility in San Diego, but my hosting provider is johncompanies.com (it's their rack, and they provide excellent front-line support. Recommended).

The upstream connection is provided by Cogentco. All of the above could be discovered with a little sleuthing, and I thought the list subscribers might be interested.

Concerning Cloudflare: If there are recommendations for other free or cheap DNS providers, I'd like to hear them. I had used editdns and Zonedit for years, then the first was bought by DynDNS then by Oracle, and the second ceased operations. I prefer to have my domain WHOIS on one provider, my DNS with another provider, and then to run the server myself.

I still have other domains with Oracle's DNS service, which used to be DynDNS. They grandfathered "Lifetime" free service, and that lifetime is now ending: Oracle announced end-of-life for their free service as of May 2020. So, I need to move those other domains somewhere. Cloudflare offers a lot of capability at their free level, so that's what I tried with lists.cpunks.org 

Also, one other administrativia: The www.cpunks.org is on a different server, different IP, and different nameserver. It just redirects to lists.cpunks.org right now, but Riad and I like having some division of services.

More on archives etc.:

On Fri, Jul 12, 2019 at 06:34:07PM -0400, grarpamp wrote:
> On 7/12/19, Greg Newby <gbnewby at pglaf.org> wrote:
> > Newsflash! This happened in April, and was announced here:
> >   https://lists.cpunks.org/pipermail/cypherpunks/2019-April/045250.html
> > We have been on Cloudflare's DNS since then for the email lists.
> 
> Use of CF or any other CDN was not mentioned in the announcement,
> whether for DNS, or HTTPS. The entire internet is NSA anyway.

My bad for not mentioning it. There are tons of features in Cloudflare, even at the free service level, and this one was on by default. I spent a little time twiddling it, and then left it on. This should have been disclosed to the list.

Anyway, it's now off, and I intend to leave it off. Other related features, like Javascript-based captchas, are options on top of the CDN, so none of that stuff will happen to our list.

The only reason I might consider turning it on temporarily in the future is if there is a DDoS against the server. Cloudflare has some great capabilities for intercepting attack traffic.

And:

> If CDN for HTTPS, consider multihoming on I2P or Tor
> so users can still access when CDN javascript captcha
> or otherwise arbitrarily blocks them or goes down.

Yeah, I will try to look into this. I haven't set it up before, but instructions are out there. I agree this is a perfectly reasonable thing to do for the list.

> As to caching bandwidth and archives...
> 
> You really should fork that 335MiB mbox file off now
> or no later than year end, and compress it, and
> then once yearly thereafter, and sign them all.
> People will eventually seed them into IPFS, etc.

Yes. I am overdue for doing this, and don't mind being periodically reminded.

If someone else wants to work on this type of thing, I can provide easy access to everything. Basically, we have a complete archive from 2013-present, and nearly complete from before that back to the earliest days. Though the older stuff is in mbox files that don't parse quite correctly, and have tons of spam.
  - Greg

> Try using a modern unix compression tool like zstd,
> they are faster, smaller, available for all systems...
> 
> https://github.com/facebook/zstd
> https://facebook.github.io/zstd/
> https://code.fb.com/core-data/zstandard/
> https://en.wikipedia.org/wiki/Zstandard

More information about the cypherpunks mailing list