You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Alexander Shorin <kx...@gmail.com> on 2016/06/23 13:49:42 UTC
Re: 154 million voter records
Finally we are sure that CouchDB is used for really big data in the wild (:
--
,,,^..^,,,
On Thu, Jun 23, 2016 at 4:34 PM, Jan Lehnardt <ja...@apache.org> wrote:
> Link here: http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml
>
> All the more reason to get 2.0 out which has admin-party off by default, and to switch to private-by-default databases soon after.
>
> Best
> Jan
> --
>
>> On 23 Jun 2016, at 15:31, Paul Hammant <pa...@hammant.org> wrote:
>>
>> It's in the news today. Multiple news sites incl. slashdot.
>>
>> Someone deployed couchdb on its default port - 5984 or w/o a strong ssl & auth design. Maybe.
>>
>> Sent from my iPhone
>
> --
> Professional Support for Apache CouchDB:
> https://neighbourhood.ie/couchdb-support/
>
Re: 154 million voter records
Posted by Garren Smith <ga...@apache.org>.
Would anyone be interested in writing a blog post on how to secure your
CouchDB instance as well as how some of the new CouchDB 2.0 features will
help with this issue?
On Fri, Jun 24, 2016 at 8:53 AM, Javier Candeira <ja...@candeira.com>
wrote:
> We should publish it, maybe not in the CouchDB in the wild, but certainly
> in
> the weekly blog post, as a cautionary tale.
>
> It's not only a measure of honesty but, as Andy says, a service to present
> and potential CouchDB users.
>
> If the story serves to have one CouchDB admin check whether their install
> is
> insecure and fix any problems, it will have helped.
>
> My 2 cents,
>
> JC
>
> On 24/06/16 16:44, Andy Wenk wrote:
> > That brings me to the point, that we do not have a CouchDB in the wild
> section here:
> >
> > https://cwiki.apache.org/confluence/display/COUCHDB/Planet+CouchDB
> >
> > @Alex - can you remember, where we wanted to put articles like that to?
> >
> > Answering the question if we should add the article at all: yes we
> should. Even though it is really unfortunate what happened,
> > it is a fact, that this is possible. But to take the good things out of
> this, we will help users avoid such disasters with 2.0
> > by setting admin party off by default. That’s the story we should tell
> ...
> >
> > All the best
> >
> > Andy
> >
> > --
> > Andy Wenk
> > RockIt!
> >
> > Hamburg / Germany
> >
> > GPG public key:
> https://pgp.mit.edu/pks/lookup?op=get&search=0x4F1D0C59BC90917D
> >
> >> On 23 Jun 2016, at 15:55, Reddy B. <re...@live.fr> wrote:
> >>
> >> Yea that's the only positive... Now the nasty thing would be to add
> them to the CouchDb in the Wild Page. Even though it's literally in the
> wild here
> >>
> >>> From: kxepal@gmail.com
> >>> Date: Thu, 23 Jun 2016 16:49:42 +0300
> >>> Subject: Re: 154 million voter records
> >>> To: dev@couchdb.apache.org
> >>>
> >>> Finally we are sure that CouchDB is used for really big data in the
> wild (:
> >>> --
> >>> ,,,^..^,,,
> >>>
> >>>
> >>> On Thu, Jun 23, 2016 at 4:34 PM, Jan Lehnardt <ja...@apache.org> wrote:
> >>>> Link here:
> http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml
> >>>>
> >>>> All the more reason to get 2.0 out which has admin-party off by
> default, and to switch to private-by-default databases soon after.
> >>>>
> >>>> Best
> >>>> Jan
> >>>> --
> >>>>
> >>>>> On 23 Jun 2016, at 15:31, Paul Hammant <pa...@hammant.org> wrote:
> >>>>>
> >>>>> It's in the news today. Multiple news sites incl. slashdot.
> >>>>>
> >>>>> Someone deployed couchdb on its default port - 5984 or w/o a strong
> ssl & auth design. Maybe.
> >>>>>
> >>>>> Sent from my iPhone
> >>>>
> >>>> --
> >>>> Professional Support for Apache CouchDB:
> >>>> https://neighbourhood.ie/couchdb-support/
> >>>>
> >>
> >
>
Re: 154 million voter records
Posted by Javier Candeira <ja...@candeira.com>.
We should publish it, maybe not in the CouchDB in the wild, but certainly in
the weekly blog post, as a cautionary tale.
It's not only a measure of honesty but, as Andy says, a service to present
and potential CouchDB users.
If the story serves to have one CouchDB admin check whether their install is
insecure and fix any problems, it will have helped.
My 2 cents,
JC
On 24/06/16 16:44, Andy Wenk wrote:
> That brings me to the point, that we do not have a CouchDB in the wild section here:
>
> https://cwiki.apache.org/confluence/display/COUCHDB/Planet+CouchDB
>
> @Alex - can you remember, where we wanted to put articles like that to?
>
> Answering the question if we should add the article at all: yes we should. Even though it is really unfortunate what happened,
> it is a fact, that this is possible. But to take the good things out of this, we will help users avoid such disasters with 2.0
> by setting admin party off by default. That\u2019s the story we should tell ...
>
> All the best
>
> Andy
>
> --
> Andy Wenk
> RockIt!
>
> Hamburg / Germany
>
> GPG public key: https://pgp.mit.edu/pks/lookup?op=get&search=0x4F1D0C59BC90917D
>
>> On 23 Jun 2016, at 15:55, Reddy B. <re...@live.fr> wrote:
>>
>> Yea that's the only positive... Now the nasty thing would be to add them to the CouchDb in the Wild Page. Even though it's literally in the wild here
>>
>>> From: kxepal@gmail.com
>>> Date: Thu, 23 Jun 2016 16:49:42 +0300
>>> Subject: Re: 154 million voter records
>>> To: dev@couchdb.apache.org
>>>
>>> Finally we are sure that CouchDB is used for really big data in the wild (:
>>> --
>>> ,,,^..^,,,
>>>
>>>
>>> On Thu, Jun 23, 2016 at 4:34 PM, Jan Lehnardt <ja...@apache.org> wrote:
>>>> Link here: http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml
>>>>
>>>> All the more reason to get 2.0 out which has admin-party off by default, and to switch to private-by-default databases soon after.
>>>>
>>>> Best
>>>> Jan
>>>> --
>>>>
>>>>> On 23 Jun 2016, at 15:31, Paul Hammant <pa...@hammant.org> wrote:
>>>>>
>>>>> It's in the news today. Multiple news sites incl. slashdot.
>>>>>
>>>>> Someone deployed couchdb on its default port - 5984 or w/o a strong ssl & auth design. Maybe.
>>>>>
>>>>> Sent from my iPhone
>>>>
>>>> --
>>>> Professional Support for Apache CouchDB:
>>>> https://neighbourhood.ie/couchdb-support/
>>>>
>>
>
Re: 154 million voter records
Posted by Andy Wenk <an...@apache.org>.
That brings me to the point, that we do not have a CouchDB in the wild section here:
https://cwiki.apache.org/confluence/display/COUCHDB/Planet+CouchDB
@Alex - can you remember, where we wanted to put articles like that to?
Answering the question if we should add the article at all: yes we should. Even though it is really unfortunate what happened,
it is a fact, that this is possible. But to take the good things out of this, we will help users avoid such disasters with 2.0
by setting admin party off by default. That’s the story we should tell ...
All the best
Andy
--
Andy Wenk
RockIt!
Hamburg / Germany
GPG public key: https://pgp.mit.edu/pks/lookup?op=get&search=0x4F1D0C59BC90917D
> On 23 Jun 2016, at 15:55, Reddy B. <re...@live.fr> wrote:
>
> Yea that's the only positive... Now the nasty thing would be to add them to the CouchDb in the Wild Page. Even though it's literally in the wild here
>
>> From: kxepal@gmail.com
>> Date: Thu, 23 Jun 2016 16:49:42 +0300
>> Subject: Re: 154 million voter records
>> To: dev@couchdb.apache.org
>>
>> Finally we are sure that CouchDB is used for really big data in the wild (:
>> --
>> ,,,^..^,,,
>>
>>
>> On Thu, Jun 23, 2016 at 4:34 PM, Jan Lehnardt <ja...@apache.org> wrote:
>>> Link here: http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml
>>>
>>> All the more reason to get 2.0 out which has admin-party off by default, and to switch to private-by-default databases soon after.
>>>
>>> Best
>>> Jan
>>> --
>>>
>>>> On 23 Jun 2016, at 15:31, Paul Hammant <pa...@hammant.org> wrote:
>>>>
>>>> It's in the news today. Multiple news sites incl. slashdot.
>>>>
>>>> Someone deployed couchdb on its default port - 5984 or w/o a strong ssl & auth design. Maybe.
>>>>
>>>> Sent from my iPhone
>>>
>>> --
>>> Professional Support for Apache CouchDB:
>>> https://neighbourhood.ie/couchdb-support/
>>>
>
RE: 154 million voter records
Posted by "Reddy B." <re...@live.fr>.
Yea that's the only positive... Now the nasty thing would be to add them to the CouchDb in the Wild Page. Even though it's literally in the wild here
> From: kxepal@gmail.com
> Date: Thu, 23 Jun 2016 16:49:42 +0300
> Subject: Re: 154 million voter records
> To: dev@couchdb.apache.org
>
> Finally we are sure that CouchDB is used for really big data in the wild (:
> --
> ,,,^..^,,,
>
>
> On Thu, Jun 23, 2016 at 4:34 PM, Jan Lehnardt <ja...@apache.org> wrote:
> > Link here: http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml
> >
> > All the more reason to get 2.0 out which has admin-party off by default, and to switch to private-by-default databases soon after.
> >
> > Best
> > Jan
> > --
> >
> >> On 23 Jun 2016, at 15:31, Paul Hammant <pa...@hammant.org> wrote:
> >>
> >> It's in the news today. Multiple news sites incl. slashdot.
> >>
> >> Someone deployed couchdb on its default port - 5984 or w/o a strong ssl & auth design. Maybe.
> >>
> >> Sent from my iPhone
> >
> > --
> > Professional Support for Apache CouchDB:
> > https://neighbourhood.ie/couchdb-support/
> >