Icecast - Feb 2020 - Why I responded publicly [WAS: admin console]

> On Thu, 2020-02-13 at 14:59 +0000, user wrote:
> > Philipp Schafft, who allow you to publish my private message?
> 
> I could also ask who allowed you to send me unwanted private messages?
At this point any message from Philipp Schafft to me becomes absolutely
unwanted.
> In fact I did not notice it was sent privately until after my reply. It
Notice can be found on third string of the quoted header. There is no other
recipients, only Philipp Schafft, who trying to talk about security, but
does not respect privacy as we see now.

 Date: Tue, 11 Feb 2020
 From: user <5f787a at ...>
 To: Philipp Schafft <lion at lion.leol...>
 Subject: Re: [Icecast] admin console
 
 > Good evening,
 > 
 > On Thu, 2020-02-06 at 19:20 +0000, user wrote:
 > > 2020-01-08 09:59, Marvin Scholz wrote:
 > > > >> On Mon, 2020-01-06 at 10:24 +0000, user wrote:
 > > > >
 > > > > I'm consider to put icecast behind reverse proxy. It is
not so easy
 > > > > as I think before. Does anyone have experience with it?
 > > > 
 > > > In general putting Icecast behind a reverse proxy is not the
best idea
 > > > as some webservers are not really made out of the box to easily
deal
 > > > with the kind of usage Icecast will usually produce (long
running
 > > > connections serving a continuous stream). Additionally Icecast
is not
 > > > really capable currently do deal with being reverse-proxied
properly
 > > > so some things will break when doing that.
 > > > 
 > > > So unless you want to shoot yourself in the foot and run into
various
 > > > issues I would not recommend to do it.
 > > 
 > > Expectation on malicious activity force me to put icecast behind
reverse
 > > proxy. It was not easy, but works very well.
 > 
 > So, what kind of "malicious activity" exactly? And what exact
HTTP level
 > software is more robust against those activities than Icecast?
 > 
 > I'm fully in support that active components on lower levels can be
helpful
 > in some situations. But I would love to hear about any analysis indicating
 > specific request patterns that would be better handled by external
 > software. If you would share your information rather than keeping us in
 > the dark about specifics it would enable us to improve Icecast for all
 > users including you. :)
 > 
 > With best regards,
 
 1. First of all I would like to deny access to everything except
...

On 14 Feb 2020, at 9:40, user wrote:
>> On Thu, 2020-02-13 at 14:59 +0000, user wrote:
>>> Philipp Schafft, who allow you to publish my private message?
>>
>> I could also ask who allowed you to send me unwanted private 
>> messages?
>
> At this point any message from Philipp Schafft to me becomes 
> absolutely
> unwanted.
>
>> In fact I did not notice it was sent privately until after my reply. 
>> It
>
> Notice can be found on third string of the quoted header. There is no 
> other
> recipients, only Philipp Schafft, who trying to talk about security, 
> but
> does not respect privacy as we see now.
>
>  Date: Tue, 11 Feb 2020
>  From: user <5f787a at ...>
>  To: Philipp Schafft <lion at lion.leol...>
>  Subject: Re: [Icecast] admin console
>
Sorry but did you only came to this ML to troll? If so, please do that 
somewhere
else.

Claiming you reverse proxy Icecast for „security reasons“ you fail 
to further detail
and then when asked about your reverse proxy setup refuse to give any 
information
whatsoever and just replied „No“ is just quite a troll behavior.

If you are not interested in helping improving things, discuss things 
publicly
and help others out, I don’t really see why you even write to this 
list at all.
>> Good evening,
>>
>> On Thu, 2020-02-06 at 19:20 +0000, user wrote:
>>> 2020-01-08 09:59, Marvin Scholz wrote:
>>>>>> On Mon, 2020-01-06 at 10:24 +0000, user wrote:
>>>>>
>>>>> I'm consider to put icecast behind reverse proxy. It is
not so
>>>>> easy
>>>>> as I think before. Does anyone have experience with it?
>>>>
>>>> In general putting Icecast behind a reverse proxy is not the
best
>>>> idea
>>>> as some webservers are not really made out of the box to easily
>>>> deal
>>>> with the kind of usage Icecast will usually produce (long
running
>>>> connections serving a continuous stream). Additionally Icecast
is
>>>> not
>>>> really capable currently do deal with being reverse-proxied 
>>>> properly
>>>> so some things will break when doing that.
>>>>
>>>> So unless you want to shoot yourself in the foot and run into 
>>>> various
>>>> issues I would not recommend to do it.
>>>
>>> Expectation on malicious activity force me to put icecast behind 
>>> reverse
>>> proxy. It was not easy, but works very well.
>>
>> So, what kind of "malicious activity" exactly? And what exact
HTTP
>> level
>> software is more robust against those activities than Icecast?
>>
>> I'm fully in support that active components on lower levels can be 
>> helpful
>> in some situations. But I would love to hear about any analysis 
>> indicating
>> specific request patterns that would be better handled by external
>> software. If you would share your information rather than keeping us 
>> in
>> the dark about specifics it would enable us to improve Icecast for 
>> all
>> users including you. :)
>>
>> With best regards,
>
>  1. First of all I would like to deny access to everything except
> ...