cannot connect to releases.mozilla.org using FTP

[Lu Wei]

Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
IP address is blocked in FTP connection. My address is 115.206.195.84
now. The address of releases.mozills.org is changing, but none of them
seems work for FTP.

--
Regards,
Lu Wei
PGP key ID: 0x92CCE1EA

[Mike Easter]

Lu Wei wrote:
> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
> IP address is blocked in FTP connection. My address is 115.206.195.84
> now. The address of releases.mozills.org is changing, but none of them
> seems work for FTP.

I can connect over port 21 to releases.mozilla.org.

All of the 'stuff' is in pub/mozilla.org there and if you get shuffled
off to a mirror, sometimes there is also a pub/mozilla-releases
directory with the same stuff.


--
Mike Easter

[Jay Garcia]

On 06.02.2012 03:16, Lu Wei wrote:

--- Original Message ---

> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
> IP address is blocked in FTP connection. My address is 115.206.195.84
> now. The address of releases.mozills.org is changing, but none of them
> seems work for FTP.
>

Works here in FF 10

ftp://releases.mozilla.org/

--
Jay Garcia - www.ufaq.org - Netscape - Firefox - SeaMonkey - Thunderbird
Mozilla Contribute Coordinator Team - www.mozilla.org/contribute/
Mozilla Mozillian Member - www.mozillians.org
Mozilla Contributor Member - www.mozilla.org/credits/

[Lu Wei]

On 2012-2-6 21:51, Jay Garcia wrote:
> On 06.02.2012 03:16, Lu Wei wrote:
>
> --- Original Message ---
>
>> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
>> IP address is blocked in FTP connection. My address is 115.206.195.84
>> now. The address of releases.mozills.org is changing, but none of them
>> seems work for FTP.
>>
>
> Works here in FF 10
>
> ftp://releases.mozilla.org/
>

I got "The connection was reset" error in FF10. Filezilla client also
fails.

[Jay Garcia]

On 06.02.2012 08:04, Lu Wei wrote:

--- Original Message ---

> On 2012-2-6 21:51, Jay Garcia wrote:
>> On 06.02.2012 03:16, Lu Wei wrote:
>>
>> --- Original Message ---
>>
>>> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
>>> IP address is blocked in FTP connection. My address is 115.206.195.84
>>> now. The address of releases.mozills.org is changing, but none of them
>>> seems work for FTP.
>>>
>>
>> Works here in FF 10
>>
>> ftp://releases.mozilla.org/
>>
> I got "The connection was reset" error in FF10. Filezilla client also
> fails.
>

Clear cache and see if that works.

[Chris Ilias]

On 12-02-06 4:16 AM, _Lu Wei_ spoke thusly:

> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
> IP address is blocked in FTP connection. My address is 115.206.195.84
> now. The address of releases.mozills.org is changing, but none of them
> seems work for FTP.

Does downloading via <http://www.mozilla.org/thunderbird/> work?

--
Chris Ilias <http://ilias.ca>
Mailing list/Newsgroup moderator

[David E. Ross]

On 2/6/12 1:16 AM, Lu Wei wrote:
> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
> IP address is blocked in FTP connection. My address is 115.206.195.84
> now. The address of releases.mozills.org is changing, but none of them
> seems work for FTP.
>

Is this bug #720886? See
<https://bugzilla.mozilla.org/show_bug.cgi?id=720886>.

--

David E. Ross
<http://www.rossde.com/>.

Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation.
© 1997 by David E. Ross

[David E. Ross]

On 2/6/12 4:32 PM, David E. Ross wrote:
> On 2/6/12 1:16 AM, Lu Wei wrote:
>> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
>> IP address is blocked in FTP connection. My address is 115.206.195.84
>> now. The address of releases.mozills.org is changing, but none of them
>> seems work for FTP.
>>
>
> Is this bug #720886? See
> <https://bugzilla.mozilla.org/show_bug.cgi?id=720886>.
>

Oops!! Wrong bug report.

Is this bug #575376? See
<https://bugzilla.mozilla.org/show_bug.cgi?id=575376>.

See also bug #708959 at
<https://bugzilla.mozilla.org/show_bug.cgi?id=708959>, which addresses a
broader issue.

[Lu Wei]

On 2012-2-7 6:31, Chris Ilias wrote:
> On 12-02-06 4:16 AM, _Lu Wei_ spoke thusly:
>> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
>> IP address is blocked in FTP connection. My address is 115.206.195.84
>> now. The address of releases.mozills.org is changing, but none of them
>> seems work for FTP.
>
> Does downloading via <http://www.mozilla.org/thunderbird/> work?
>

Yes.

[Lu Wei]

On 2012-2-6 22:23, Jay Garcia wrote:

> Clear cache and see if that works.
>

No. It has been a long time issue. It used to work, maybe one year ago.

[Lu Wei]

On 2012-2-7 8:36, David E. Ross wrote:
> On 2/6/12 4:32 PM, David E. Ross wrote:
>> On 2/6/12 1:16 AM, Lu Wei wrote:
>>> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
>>> IP address is blocked in FTP connection. My address is 115.206.195.84
>>> now. The address of releases.mozills.org is changing, but none of them
>>> seems work for FTP.
>>>
>>
>> Is this bug #720886? See
>> <https://bugzilla.mozilla.org/show_bug.cgi?id=720886>.
>>
>
> Oops!! Wrong bug report.
>
> Is this bug #575376? See
> <https://bugzilla.mozilla.org/show_bug.cgi?id=575376>.
>
> See also bug #708959 at
> <https://bugzilla.mozilla.org/show_bug.cgi?id=708959>, which addresses a
> broader issue.
>

No, none of them applies. The issue does not relate to TB, it relates to
the connection between server releases.mozilla.org:21 and me. I cannot
connect to releases.mozilla.org:21 using any FTP clients.

[David E. Ross]

Oh! Since you posted in the Thunderbird support newsgroup, I thought
you were having a Thunderbird problem.

By the way, I cannot connect to releases.mozilla.org:21 either. The
"Public Website Health Status for Mozilla" page at
<http://status.mozilla.com/> does not list releases.mozilla.org. It
shows all listed services as up and running, including ftp.mozilla.org.

[David E. Ross]

On 2/6/12 9:14 PM, Lu Wei wrote:
> On 2012-2-6 22:23, Jay Garcia wrote:
>
>> Clear cache and see if that works.
>>
> No. It has been a long time issue. It used to work, maybe one year ago.
>

It worked for me last week. I downloaded installer files for SeaMonkey
2.7 and Thunderbird 10.0.

[Lu Wei]

On 2012-2-7 14:12, David E. Ross wrote:
>
> Oh! Since you posted in the Thunderbird support newsgroup, I thought
> you were having a Thunderbird problem.
>
> By the way, I cannot connect to releases.mozilla.org:21 either. The
> "Public Website Health Status for Mozilla" page at
> <http://status.mozilla.com/> does not list releases.mozilla.org. It
> shows all listed services as up and running, including ftp.mozilla.org.
>

Finally a confirmation. It's strange that someone can connect while
someone can't. Ftp.mozilla.org seems not to allow downloading of release
versions.

[Chris Ilias]

On 12-02-07 12:12 AM, _Lu Wei_ spoke thusly:

> On 2012-2-7 6:31, Chris Ilias wrote:
>
>> Does downloading via<http://www.mozilla.org/thunderbird/> work?
>
> Yes.

Why were you trying to access releases.mozilla.org if downloading via
the website works?

[Lu Wei]

On 2012-2-7 15:52, Chris Ilias wrote:
> On 12-02-07 12:12 AM, _Lu Wei_ spoke thusly:
>> On 2012-2-7 6:31, Chris Ilias wrote:
>>
>>> Does downloading via<http://www.mozilla.org/thunderbird/> work?
>>
>> Yes.
>
> Why were you trying to access releases.mozilla.org if downloading via
> the website works?
>

Just curious :) This is a trivial "bug" anyway.

[»Q«]

releases.mozilla.org's dns setup looks a bit complicated.

$ host releases.mozilla.org
releases.mozilla.org is an alias for releases.geo.mozilla.com.
releases.geo.mozilla.com has address 128.61.111.9
releases.geo.mozilla.com has address 129.101.198.59
releases.geo.mozilla.com has address 131.188.12.212
releases.geo.mozilla.com has address 155.98.64.83
releases.geo.mozilla.com has address 156.56.247.196
releases.geo.mozilla.com has address 202.177.202.154
releases.geo.mozilla.com has address 204.152.184.113
releases.geo.mozilla.com has address 204.152.184.196
releases.geo.mozilla.com has address 204.246.0.136
releases.geo.mozilla.com has address 216.165.129.141
releases.geo.mozilla.com has address 64.50.236.214
releases.geo.mozilla.com has IPv6 address 2001:6b0:e:2018::1337

My guess is that some of those IPs work, and at least one of them
doesn't (at least for some people). For me, it resolves to
216.165.129.141, and I can connect ok.

[David E. Ross]

It's working this morning (7 Feb, Pacific time).

[g]

On 02/06/2012 09:16 AM, Lu Wei wrote:
> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
> IP address is blocked in FTP connection. My address is 115.206.195.84
> now. The address of releases.mozills.org is changing, but none of them
> seems work for FTP.

-=-

i am using;

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.26)
Gecko/20120201 Red Hat/3.6-1.el5_7 Firefox/3.6.26

and i have no problem connection to;

ftp://releases.mozilla.org/

where there are 2 directories, 'pub' and 'rsynclogs'.

entering 'pub' shows 'mozilla.org'.

try this link to see what you get;

ftp://releases.mozilla.org/pub/mozilla.org/


--

peace out.

tc.hago,

g
.

*please reply "plain text" only. "html text" are deleted*

****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
The installation instructions stated to install Windows 2000 or better.
So I installed Linux.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****

[g]

On 02/07/2012 07:13 AM, Lu Wei wrote:
<>

> Finally a confirmation. It's strange that someone can connect while
> someone can't. Ftp.mozilla.org seems not to allow downloading of release
> versions.

-=-

correct. read the 'README' file.

[Jay Garcia]

On 07.02.2012 11:26, g wrote:

--- Original Message ---

>

> On 02/06/2012 09:16 AM, Lu Wei wrote:
>> Connect to releases.mozilla.org using HTTP is OK. I wonder whether some
>> IP address is blocked in FTP connection. My address is 115.206.195.84
>> now. The address of releases.mozills.org is changing, but none of them
>> seems work for FTP.
> -=-
>
> i am using;
>
> Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.26)
> Gecko/20120201 Red Hat/3.6-1.el5_7 Firefox/3.6.26
>
> and i have no problem connection to;
>
> ftp://releases.mozilla.org/
>
> where there are 2 directories, 'pub' and 'rsynclogs'.
>
> entering 'pub' shows 'mozilla.org'.
>
> try this link to see what you get;
>
> ftp://releases.mozilla.org/pub/mozilla.org/
>
>

releases.mozilla.org is actually many IP addresses:

IP Address: 202.177.202.154
IP Address: 204.152.184.113
IP Address: 204.152.184.196
IP Address: 204.246.0.136
IP Address: 216.165.129.141
IP Address: 64.50.236.214
IP Address: 128.61.111.9
IP Address: 129.101.198.59
IP Address: 131.188.12.212
IP Address: 155.98.64.83
IP Address: 156.56.247.196
Alias: releases.mozilla.org

I know that the first and third IP are not accessible, didn't test the
rest except the 216 IP is the one that comes up here. Depending on the
user's location and IP requested at the time, it "may" be one of the
inaccessbile ones. Sometimes clearing cache and cookies will be successful.

[Lu Wei]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-2-8 1:26, g wrote:

>
> try this link to see what you get;
>
> ftp://releases.mozilla.org/pub/mozilla.org/
>

Can't connect. By the way, releases.mozilla.org resolves to
59.57.12.141 at time now (which is not listed in others' replies.)


- --

Regards,
Lu Wei
PGP key ID: 0x92CCE1EA

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8yiXgACgkQoS/vdZLM4epOHQCeLDoWvMnyGTUXhrIFoFG3kGVZ
v2YAn0e/1XhrKrfm4EflmxWEdbMx/drt
=op4/
-----END PGP SIGNATURE-----

[Dave Pyles]

Lu Wei wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2012-2-8 1:26, g wrote:
>
>>
>> try this link to see what you get;
>>
>> ftp://releases.mozilla.org/pub/mozilla.org/
>>
> Can't connect. By the way, releases.mozilla.org resolves to
> 59.57.12.141 at time now (which is not listed in others' replies.)
>
>

I think it depends which mirror you are being redirected to. Here is
what IPChecking.com returns for me:

The hostname releases.mozilla.org resolves to the following IP addresses:
IPv4 address:
64.50.236.214
Reverse DNS:
mirror2.mirrors.tds.net
RIR:
ARIN
Country:
United States
City:
Madison, WI
RBL Status:
Clear
IPv4 address:
131.188.12.212
Reverse DNS:
ftp.rrze.uni-erlangen.de
RIR:
ARIN
Country:
Netherlands
City:
Amsterdam
RBL Status:
Clear
IPv4 address:
216.165.129.141
Reverse DNS:
mirror3-eth0.mirrors.tds.net
RIR:
ARIN
Country:
United States
City:
Madison, WI
RBL Status:
Clear
IPv4 address:
204.152.184.196
Reverse DNS:
204.152.184.196
RIR:
ARIN
Country:
United States
City:
Redwood City, CA
RBL Status:
Clear
IPv4 address:
202.177.202.154
Reverse DNS:
pj-mirror01.mozilla.org
RIR:
APNIC
Country:
Singapore
RBL Status:
Clear
IPv4 address:
129.101.198.59
Reverse DNS:
mirror2.its.uidaho.edu
RIR:
ARIN
Country:
United States
City:
Moscow, ID
RBL Status:
Clear
IPv4 address:
204.246.0.136
Reverse DNS:
mozilla.mirrors.tds.net
RIR:
ARIN
Country:
United States
City:
Madison, WI
RBL Status:
Clear
IPv4 address:
155.98.64.83
Reverse DNS:
mozilla.cs.utah.edu
RIR:
ARIN
Country:
United States
City:
Salt Lake City, UT
RBL Status:
Clear
IPv4 address:
156.56.247.196
Reverse DNS:
mozilla.ussg.indiana.edu
RIR:
ARIN
Country:
United States
City:
Bloomington, IN
RBL Status:
Clear
IPv4 address:
204.152.184.113
Reverse DNS:
mozilla.isc.org
RIR:
ARIN
Country:
United States
City:
Redwood City, CA
RBL Status:
Clear
IPv4 address:
128.61.111.9
RIR:
Country:
unknown
RBL Status:
Clear

IPv6 address:
2001:6b0:e:2018::1337

Reverse DNS:
ftp-ipv6.acc.umu.se
RIR:
RIPENCC
Country:
Sweden
RBL Status:
Clear

Dave Pyles

[Jay Garcia]

On 08.02.2012 08:40, Lu Wei wrote:

--- Original Message ---

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2012-2-8 1:26, g wrote:
>
>>
>> try this link to see what you get;
>>
>> ftp://releases.mozilla.org/pub/mozilla.org/
>>
> Can't connect. By the way, releases.mozilla.org resolves to
> 59.57.12.141 at time now (which is not listed in others' replies.)
>
>
> - --
> Regards,
> Lu Wei

Definitely a problem on your end. That IP Lookup:

General IP Information
IP: 59.57.12.141
Decimal: 993594509
Hostname: 59.57.12.141
ISP: chinanet fujian province network
Organization: chinanet fujian province network
Services: None detected
Type: Broadband
Assignment: Dynamic IP

Geolocation Information
Country: China cn flag
State/Region: Fujian
City: Quanzhou
Latitude: 24.9139
Longitude: 118.5858

[David E. Ross]

For releases.mozilla.org, I get:

IP Address: 204.152.184.196
IP Address: 204.246.0.136
IP Address: 216.165.129.141
IP Address: 64.50.236.214
IP Address: 128.61.111.9
IP Address: 129.101.198.59
IP Address: 131.188.12.212
IP Address: 155.98.64.83
IP Address: 156.56.247.196
IP Address: 202.177.202.154
IP Address: 204.152.184.113

I also get that releases.mozilla.org is an alias for
releases.geo.mozilla.com.

[Jay Garcia]

What I was trying to point out is that his lookup of
releases.mozilla.org resolved to 59.57.12.141. As per the lookup I
posted above, it doesn't. It appears that his service is somehow being
blocked by who knows what/why.

[Lu Wei]

On 2012-2-9 8:05, Jay Garcia wrote:
>
> Definitely a problem on your end. That IP Lookup:
>
> General IP Information
> IP: 59.57.12.141
> Decimal: 993594509
> Hostname: 59.57.12.141
> ISP: chinanet fujian province network
> Organization: chinanet fujian province network
> Services: None detected
> Type: Broadband
> Assignment: Dynamic IP
>
> Geolocation Information
> Country: China cn flag
> State/Region: Fujian
> City: Quanzhou
> Latitude: 24.9139
> Longitude: 118.5858
>

You have found the very answer. I should have thought of this --
releases.mozilla.org is blocked by the great firewall of china (GFW)
through DNS poisoning. What prevented me from getting this, is that I
can connect to it using HTTP, so I think it might be a port blocking
scheme. But now I checked again, this time it resolved to
113.107.107.176, still FTP fails and HTTP works, but whois said it's a
address from CHINANET Guangdong.

THIS IS A SERIOUS ISSUE. All mozilla products downloaded in china are
actually delivered by a middle-man transparently -- They have not
developed FTP cache so they just block it -- You can imagine what he can
do. Maybe somebody have been attacked. Normally I check sigs, and I have
not find any fake files (as long as the Mozilla key I have is correct:
699C 617E A779 238B 92C7 744D 16E8 A0CF F6C2 42EC), but I hope Mozilla
could resolve this issue, at least let people know the risk, seriously.

Should I report to bugzilla?

[Jay Garcia]

On 09.02.2012 08:46, Lu Wei wrote:

--- Original Message ---

I think that this is too large a political issue for Mozilla to be
involved with. So your best option is to continue to download Mozilla
products by HTTP.

[»Q«]

On Thu, 09 Feb 2012 22:46:50 +0800
Lu Wei <luwe...@address.invalid> wrote:

> THIS IS A SERIOUS ISSUE. All mozilla products downloaded in china are
> actually delivered by a middle-man transparently -- They have not
> developed FTP cache so they just block it -- You can imagine what he
> can do. Maybe somebody have been attacked. Normally I check sigs, and
> I have not find any fake files (as long as the Mozilla key I have is
> correct: 699C 617E A779 238B 92C7 744D 16E8 A0CF F6C2 42EC), but I
> hope Mozilla could resolve this issue, at least let people know the
> risk, seriously.
>
> Should I report to bugzilla?

I have a different key, from the keyserver keys.gnupg.net :

$ gpg --fingerprint "Mozilla Software Releases"
pub 1024D/1EBCAB3A 2011-07-22 [expires: 2013-07-21]
Key fingerprint = 9D03 193D 6BDC 541B D796 C4E4 7F4D 6645 1EBC AB3A
uid Mozilla Software Releases <rele...@mozilla.org>
sub 1024D/C52175E2 2011-07-22 [expires: 2013-07-21]
sub 2048g/D8A758E6 2011-07-22 [expires: 2013-07-21]

I don't know what Mozilla could do about the problem of the
great firewall. Any notifications about the problem Mozilla
could try to get to Chinese users could be blocked or altered
just as easily, couldn't they?

You might bring it up in mozilla.dev.mozilla-org, the group
for server operations. Or mozilla.governance, to see if
the Mozilla organization has (or wants to have) a policy about
this stuff.

[Mike Easter]

Lu Wei wrote:
> Jay Garcia wrote:
>>
>> Definitely a problem on your end.

> releases.mozilla.org is blocked by the great firewall of china (GFW)
> through DNS poisoning.

DNS 'poisoning' is a little different than what the GFW (usually) does.

What can you do about configuring your name service? Can you use a proxy?

Wiki (if you can reach it from your IP) has an article on the GFW and
bypassing strategies
http://en.wikipedia.org/wiki/Great_Firewall_of_China#Bypassing

Also - first, how they do it
http://en.wikipedia.org/wiki/Internet_censorship_in_the_People%27s_Republic_of_China#Current_methods

4 Technical implementation
4.1 Current methods

briefly, how to circumvent
http://en.wikipedia.org/wiki/Internet_censorship_in_the_People%27s_Republic_of_China#Evasion
Internet censorship in China is circumvented by determined parties by
using proxy servers outside the firewall.

more here http://en.wikipedia.org/wiki/Internet_censorship_circumvention
There are risks to using circumvention software or other methods to
bypass Internet censorship. In some countries individuals that gain
access to otherwise restricted content may be violating the law and if
caught can be expelled, fired, jailed, or subject to other punishments
and loss of access.


--
Mike Easter

[David E. Ross]

This has been a very serious issue relative to the review of new SSL
root certificates. It appears that a certificate issued by the Chinese
certification authority (CA) CNNIC was inserted into Mozilla's NSS
database after a review in which no Chinese users were able to
participate. Some believe CNNIC is controlled by the Chinese government
in a way that allows government snoops to see supposedly encrypted
Internet communications by its citizens. In my own setup, I have
disabled the CNNIC root certificate.

[Jay Garcia]

On 09.02.2012 11:55, »Q« wrote:

--- Original Message ---

> You might bring it up in mozilla.dev.mozilla-org, the group
> for server operations. Or mozilla.governance, to see if
> the Mozilla organization has (or wants to have) a policy about
> this stuff.

I've already brought it up to SUMO management, we'll see what turns up.
Unfortunately, Mozilla doesn't have an evanglism team to speak of but
we're thinking about creating one.

[Lu Wei]

On 2012-2-10 2:23, Mike Easter wrote:
> Lu Wei wrote:
>> Jay Garcia wrote:
>>>
>>> Definitely a problem on your end.
>
>> releases.mozilla.org is blocked by the great firewall of china (GFW)
>> through DNS poisoning.
>
> DNS 'poisoning' is a little different than what the GFW (usually) does.
>

I don't know exactly what the difference between hijacking and poisoning, but it's normal that GFW do DNS tricks. What has been known to us is that GFW reports a wrong IP address and connection fails. The innovation now is that you still can connect to that fake address and download files as if nothing happens. It's getting more dangerous and aggressive. And I really get curious and furious that mozilla has been chosen a victim, since mozilla has no political relation to ccp -- maybe "An open web" just annoyed them?

I caught a log today. The fake IP address is 218.6.25.199:

GET /pub/mozilla.org/thunderbird/releases/10.0-real/win32/en-US/Thunderbird%20Setup%2010.0.exe HTTP/1.1
Host: releases.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en
Accept-Encoding: gzip, deflate
Referer: http://releases.mozilla.org/pub/mozilla.org/thunderbird/releases/10.0-real/win32/en-US/
Cookie: WT_FPC=id=2bb0cb0e84cc108c6511274053975974:lv=1328562797045:ss=1328562796719; dloadday=65.49.68.155.1325471858384717; wtspl=219427DNT: 1
Connection: keep-alive

HTTP/1.1 200 OK
X-Backend-Server: cn-web01
Last-Modified: Mon, 30 Jan 2012 01:43:57 GMT
Accept-Ranges: bytes
Content-Length: 16811832
Content-Type: application/octet-stream
Date: Fri, 10 Feb 2012 05:11:29 GMT
Server: Apache
Powered-By-ChinaCache: MISS from CHN-WZ-V-3CA
Powered-By-ChinaCache: HIT from CHN-PT-2-336
Connection: close

MZ......................@...............................................!..L.!This program cannot be run in DOS mode.
$........H...)u..)u..)u...~..)u.75{..)u......)u...q..)u..)t. )u.w&(..)u...~..)u.s/s..)u.Rich.)u.........PE..L...fJ.D.....
...

> What can you do about configuring your name service? Can you use a proxy?

Yes, we can use encrypted proxies. Thanks for the circumvent info. It's normally safe to browse only.

[Lu Wei]

On 2012-2-10 2:55, David E. Ross wrote:
>
> This has been a very serious issue relative to the review of new SSL
> root certificates. It appears that a certificate issued by the Chinese
> certification authority (CA) CNNIC was inserted into Mozilla's NSS
> database after a review in which no Chinese users were able to
> participate. Some believe CNNIC is controlled by the Chinese government
> in a way that allows government snoops to see supposedly encrypted
> Internet communications by its citizens. In my own setup, I have
> disabled the CNNIC root certificate.

I have disabled it too. I think Mozilla should remove that CNNIC CA from
its products, and enable HTTPS by default to chinese users.>

[Lu Wei]

On 2012-2-10 1:55, »Q« wrote:
> On Thu, 09 Feb 2012 22:46:50 +0800
> Lu Wei <luwe...@address.invalid> wrote:
>
>> THIS IS A SERIOUS ISSUE. All mozilla products downloaded in china are
>> actually delivered by a middle-man transparently -- They have not
>> developed FTP cache so they just block it -- You can imagine what he
>> can do. Maybe somebody have been attacked. Normally I check sigs, and
>> I have not find any fake files (as long as the Mozilla key I have is
>> correct: 699C 617E A779 238B 92C7 744D 16E8 A0CF F6C2 42EC), but I
>> hope Mozilla could resolve this issue, at least let people know the
>> risk, seriously.
>>
>> Should I report to bugzilla?
>
> I have a different key, from the keyserver keys.gnupg.net :
>
> $ gpg --fingerprint "Mozilla Software Releases"
> pub 1024D/1EBCAB3A 2011-07-22 [expires: 2013-07-21]
> Key fingerprint = 9D03 193D 6BDC 541B D796 C4E4 7F4D 6645 1EBC AB3A
> uid Mozilla Software Releases <rele...@mozilla.org>
> sub 1024D/C52175E2 2011-07-22 [expires: 2013-07-21]
> sub 2048g/D8A758E6 2011-07-22 [expires: 2013-07-21]
>

I have this key too, which signs Firefox. Since one version TB is signed
by key:
pub 2048R/F6C242EC 2011-01-17
uid Mozilla Messaging Inc. (Code Signing)
<bu...@mozillamessaging.com>
sub 2048R/F93BCD41 2011-01-17
sub 2048R/7440D658 2011-01-17

> I don't know what Mozilla could do about the problem of the
> great firewall. Any notifications about the problem Mozilla
> could try to get to Chinese users could be blocked or altered
> just as easily, couldn't they?

In principle yes, but it's less stealthy.

[»Q«]

On Fri, 10 Feb 2012 21:18:51 +0800
Lu Wei <luwe...@address.invalid> wrote:

> On 2012-2-10 1:55, »Q« wrote:

> > I have a different key, from the keyserver keys.gnupg.net :
> >
> > $ gpg --fingerprint "Mozilla Software Releases"
> > pub 1024D/1EBCAB3A 2011-07-22 [expires: 2013-07-21]
> > Key fingerprint = 9D03 193D 6BDC 541B D796 C4E4 7F4D 6645
> > 1EBC AB3A uid Mozilla Software Releases
> > <rele...@mozilla.org> sub 1024D/C52175E2 2011-07-22 [expires:
> > 2013-07-21] sub 2048g/D8A758E6 2011-07-22 [expires: 2013-07-21]
> >
> I have this key too, which signs Firefox. Since one version TB is
> signed by key:
> pub 2048R/F6C242EC 2011-01-17
> uid Mozilla Messaging Inc. (Code Signing)
> <bu...@mozillamessaging.com>
> sub 2048R/F93BCD41 2011-01-17
> sub 2048R/7440D658 2011-01-17

Ah, sorry. I forgot Mozilla Messaging would be signing with another
key. (I use Windows builds of Firefox, but not Thunderbird, so I only
check Firefox signatures.)

[Lu Wei]

On 2012-2-10 6:36, Jay Garcia wrote:
> On 09.02.2012 11:55, »Q« wrote:
>
> --- Original Message ---
>
>> You might bring it up in mozilla.dev.mozilla-org, the group
>> for server operations. Or mozilla.governance, to see if
>> the Mozilla organization has (or wants to have) a policy about
>> this stuff.
>
> I've already brought it up to SUMO management, we'll see what turns up.
> Unfortunately, Mozilla doesn't have an evanglism team to speak of but
> we're thinking about creating one.
>

I submitted to Bugzilla also. It seems a formal process to raise
problems, then... wait to forget :)
https://bugzilla.mozilla.org/show_bug.cgi?id=726247

[Jay Garcia]

On 10.02.2012 21:21, Lu Wei wrote:

--- Original Message ---

> On 2012-2-10 6:36, Jay Garcia wrote:
>> On 09.02.2012 11:55, »Q« wrote:
>>
>> --- Original Message ---
>>
>>> You might bring it up in mozilla.dev.mozilla-org, the group
>>> for server operations. Or mozilla.governance, to see if
>>> the Mozilla organization has (or wants to have) a policy about
>>> this stuff.
>>
>> I've already brought it up to SUMO management, we'll see what turns up.
>> Unfortunately, Mozilla doesn't have an evanglism team to speak of but
>> we're thinking about creating one.
>>
> I submitted to Bugzilla also. It seems a formal process to raise
> problems, then... wait to forget :)
> https://bugzilla.mozilla.org/show_bug.cgi?id=726247

The bug you submitted is only viewable by those with security clearance
to access it.

[David E. Ross]

On 2/10/12 8:38 PM, Jay Garcia wrote:
> On 10.02.2012 21:21, Lu Wei wrote:
>
> --- Original Message ---
>
>> On 2012-2-10 6:36, Jay Garcia wrote:
>>> On 09.02.2012 11:55, »Q« wrote:
>>>
>>> --- Original Message ---
>>>
>>>> You might bring it up in mozilla.dev.mozilla-org, the group
>>>> for server operations. Or mozilla.governance, to see if
>>>> the Mozilla organization has (or wants to have) a policy about
>>>> this stuff.
>>>
>>> I've already brought it up to SUMO management, we'll see what turns up.
>>> Unfortunately, Mozilla doesn't have an evanglism team to speak of but
>>> we're thinking about creating one.
>>>
>> I submitted to Bugzilla also. It seems a formal process to raise
>> problems, then... wait to forget :)
>> https://bugzilla.mozilla.org/show_bug.cgi?id=726247
>
> The bug you submitted is only viewable by those with security clearance
> to access it.
>

No so. I viewed it more than an hour before you posted the above.

[Lu Wei]

On 2012-2-11 14:08, David E. Ross wrote:
> On 2/10/12 8:38 PM, Jay Garcia wrote:
>> On 10.02.2012 21:21, Lu Wei wrote:
>>
>> --- Original Message ---
>>
>>> On 2012-2-10 6:36, Jay Garcia wrote:
>>>> On 09.02.2012 11:55, »Q« wrote:
>>>>
>>>> --- Original Message ---
>>>>
>>>>> You might bring it up in mozilla.dev.mozilla-org, the group
>>>>> for server operations. Or mozilla.governance, to see if
>>>>> the Mozilla organization has (or wants to have) a policy about
>>>>> this stuff.
>>>>
>>>> I've already brought it up to SUMO management, we'll see what turns up.
>>>> Unfortunately, Mozilla doesn't have an evanglism team to speak of but
>>>> we're thinking about creating one.
>>>>
>>> I submitted to Bugzilla also. It seems a formal process to raise
>>> problems, then... wait to forget :)
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=726247
>>
>> The bug you submitted is only viewable by those with security clearance
>> to access it.
>>
>
> No so. I viewed it more than an hour before you posted the above.
>

Good news is, the "fake" IP addresses seems deliberately deployed as
load balance of mozilla. This is the quickest resolved bug I have ever
seen. :)
Although GFW still can do, will do and is doing evil things, this issue
regarding mozilla is over. Maybe mozilla can extend "load balance" to
FTP protocol too.

[Jay Garcia]

On 11.02.2012 06:00, Lu Wei wrote:

--- Original Message ---

>> No so. I viewed it more than an hour before you posted the above

That's because you are the author and after I reported it, the
permissions were changed.

[David E. Ross]

On 2/11/12 6:09 AM, Jay Garcia wrote:
> On 11.02.2012 06:00, Lu Wei wrote: [WRONG!!]

>
> --- Original Message ---
>
>>> No so. I viewed it more than an hour before you posted the above
>
> That's because you are the author and after I reported it, the
> permissions were changed.
>

NO!!

First of all, Lu Wei did NOT write the reply about reading the bug
report. I wrote it.

Second, Lu Wei wrote the bug report. I did not. Yet I still read the
report BEFORE you reported it and even commented in it.

[Jay Garcia]

On 11.02.2012 10:19, David E. Ross wrote:

--- Original Message ---

> On 2/11/12 6:09 AM, Jay Garcia wrote:
>> On 11.02.2012 06:00, Lu Wei wrote: [WRONG!!]
>>
>> --- Original Message ---
>>
>>>> No so. I viewed it more than an hour before you posted the above
>>
>> That's because you are the author and after I reported it, the
>> permissions were changed.
>>
>
> NO!!
>
> First of all, Lu Wei did NOT write the reply about reading the bug
> report. I wrote it.
>
> Second, Lu Wei wrote the bug report. I did not. Yet I still read the
> report BEFORE you reported it and even commented in it.
>

The permissions on the bug were originally marked as "security", it was
changed BEFORE I reported it here and I was unaware that it was changed
so quickly.

[Lu Wei]

On 2012-2-12 1:05, Jay Garcia wrote:
>
> The permissions on the bug were originally marked as "security", it was
> changed BEFORE I reported it here and I was unaware that it was changed
> so quickly.
>

I did not set "security" property; maybe someone else did it, but
quickly changed it back, which made the confusion.