Re: Would OpenBSD and Squid be considered a Proxy Firewall?

[Bryan Irvine]

having also not read the book, my guess would be that a transparent
proxy + firewall would increase security because people don't have the
the option to run SSH tunnels via the HTTP port.  A good example would
be years ago I ran a sock4 proxy on port 80 on my home firewall to
allow me to download MP3s off of napster from my work computer.

Had a squid proxy been in place I would have been forced to run it on 53  ;-p

-Bryan



On 3/22/08, Denise H. G. [EMAIL PROTECTED] wrote:
 Ed Flecko [EMAIL PROTECTED] writes:

  Hi folks,
  I'm reading a book on network security and it mentions proxy
  firewalls, so I'm wondering if an OpenBSD box with Squid installed
  would fit this description? Or, are there other proxy firewalls the
  author is referring to?
 
  The book mentions that although proxy firewalls tend to slow traffic
  down, they are much more secure than a typical, statefull packet
  filtering firewall. He says they will ignore the typical network
  discovery methods, i.e. nmap, etc., etc.
 
  As a matter of curiosity, has anyone ran an nmap scan against an
  OpenBSD box with Squid? What did the scan results indicate?

 I have an ancient box, which is an AMD K6 266MHz with 64M RAM, running
 OBSD 4.2 + pf + squid. I use it as a home router + firewall + WWW cache.
 Since it is running smooth, quiet and well, it just sits in one corner
 without my further investigations. But I don't know how `proxy' plus
 `firewall' would enhance security issues. Would you elaborate on it?



 
  Thank you,
  Ed

 --
 Denise H. G. darcsis AT gmail DOT com

Re: IPsec with a Linux road-warrior

[Andreas Vögele]

[EMAIL PROTECTED] (Andreas Vvgele) writes:

 Tom Menari writes:

 Can anyone reccomend a client configuration for IPsec from a roaming
 Linux machine that works with OpenBSD's ipsecctl?
 
 I have tried Openswan and racoon and both have thier problems.
 Currently using X509 certificates but if anyone has public keys
 working that would be good too.

 I've got an OpenBSD road warrior that connects to a Debian server
 running racoon.  So far I haven't connected a Linux road warrior to an
 OpenBSD machine but the following setup might work. [...]

I've just tried to use the setup that I described and it doesn't work.

You ought to add nat_traversal on to the remote section of the
racoon configuration.

I also forget to mention that you have to specify policies on the
Linux side.  On Debian the policies may be set statically in
/etc/ipsec-tools.conf but in a road warrior setup you probably have to
run setkey from a dhclient script.

But now isakmpd outputs the error message ike_phase_1_recv_ID:
received remote ID other than expected foo.example.org although
my_identifier fqdn is used on the Linux side.  Unfortunately,
isakmpd doesn't tell me what type of remote ID it got.  The debug
output on the Linux side is even more useless.

I'm giving up.  If I were you I'd use OpenVPN, which can be set up in
a few minutes without getting a headache.

Re: Would OpenBSD and Squid be considered a Proxy Firewall?

[Ryan McBride]

On Mon, Mar 24, 2008 at 12:15:55AM -0700, Bryan Irvine wrote:
 having also not read the book, my guess would be that a transparent
 proxy + firewall would increase security because people don't have the
 the option to run SSH tunnels via the HTTP port.  A good example would
 be years ago I ran a sock4 proxy on port 80 on my home firewall to
 allow me to download MP3s off of napster from my work computer.

 Had a squid proxy been in place I would have been forced to run it on
 53  ;-p

I've yet to find a proxy that I can't get an ssh tunnel through.

Look at the -x and -X options in nc(1) and ProxyCommand in ssh_config(5)
Having your ssh server listen on ports 80, 443, and 53 (at least) will
help as well.

There are other options in ports, just search for 'tunnel' - I've used
net/gotthard quite sucessfully in the past.

Should state rules on enc0 default to if-bound?

[Matthew Dempsky]

The enc(4) man page states ``all rules on the enc interface should
explicitly set `keep state (if-bound)'.''  Defaulting stateful rules
to if-bound on the enc0 interface seems like a good candidate for
OpenBSD's reasonable defaults policy.

Looking at pfctl/parse.y, the main issue in implementing this seems to
be that expand_rule() cannot tell whether ``floating'' was set
explicitly or not, so it cannot override the default on a
per-interface basis.  (The obvious hackish solution is to add another
bit for PFRULE_FLOATING, but that's gross.)

Re: soekris/pcenginges and RO mounting

[Lars Noodén]

Richard Daemon wrote:
 I do pretty much the same as this, for years now on WRAP, Soekris and
 now ALIX too (with BIOS 0.99b) but my fstab is a little different.
 I install them via PXEbooting OpenBSD and they all run 4.2-stable
 built on another, fast system, make via release(8) basically.

I'll have to look at release.

 ... Never had a problem with any of these systems or the CF cards.

Mine problem with CF is that they are sloow to access and worse for
writing.

However regarding the limited read/write cycles, CF are apparently
becoming much more durable than earlier.  One thing I note is that the
ones I have all have 5 year warranties and where I am using them it
would troublesome, but not catastrophic, for the CF to be sent back
while under warranty.

 ...
 Some contents on my CF card (config files, etc.) are remotely backed
 up via rsync over SSH and/or tar over SSH to a remote system (and a
 local backup too).

I have both, too, but am considering rolling a second bsd.rd with
non-standard options like SSHd.  though I can't quite think of how that
would be useful, since I usually have to have console access anyway if I
mess things up so badly as to require a restoration.  Experiments with
/dev usually caused that.

regards,
-Lars

Re: PC Camera?

[Pau Amaro-Seoane]

who cares about web cams? What's so important in looking at a pixeled,
almost-static face?

I have still not understood what they are good for.

I do understand what pf good for is.

I do understand what a public, anonymous CVS server good for is

I do understand what security and code auditing good for are

I do understand how important it is for me that things do not break

Do not distract the developers.

If you want webcam support, or skype or things like that run windows
or linux (almost synonims nowadays, unfortunately).

Or write the applications by yourself.

23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]:
 There is a USB standard for USB Cameras among other video devices... It's 
 called USB Video Device Class.



  The specific is available to download... if anyone feels brave enough to 
 write a driver for UVC class devices... ;)



  @Sunnz, Unsupported USB devices always attach to ugen, read the manual 
 page then you'll realize how silly you are.. ;)



  http://en.wikipedia.org/wiki/USB_video_device_class



  This seems to be a driver for:

  OpenSolaris: 
 http://www.opensolaris.org/os/community/device_drivers/projects/usb/uvc/

  Linux: http://linux-uvc.berlios.de/

  Mac OSX..

  Microsoft's Vista - Which seems to require all vendors implement the 
 standard..

  ...And Sony's Playstation 3.



  So who's working on OpenBSD's implementation? get busy!! :D :D :D







  -Nix Fan.

Re: IPsec with a Linux road-warrior

[Tom Menari]

I finally got this working with Openswan and X.509 certificates.

On the OpenBSD side:
ipsec.conf:
ike passive esp from 86.134.74.32 to any

Linux/Openswan side:
ipsec.conf:
version 2
include /etc/ipsec.d/examples/no_oe.conf
config work
auto=add
left=%defaultroute
leftcert=roadwarrior.crt
leftrsasigkey=%cert
[EMAIL PROTECTED]
right=SERVER_IP
rightcert=server.crt
rightrsasigkey=%cert
[EMAIL PROTECTED]
forceencaps=yes
ike=aes128-sha1-modp1024
esp=aes128-sha1

This is working between 2 peers fine, haven't tried multiple peers yet.

As for certificates, both hosts need the public keys and CA cert as
well as thier own private key.

I am tempted to get this working with CAcert.org eventually.

Tom

Re: mediawiki setup

[Stuart Henderson]

On 2008-03-24, David Newman [EMAIL PROTECTED] wrote:
 1. On a 4.2 i386 box, installing mediawiki from ports died during tk 
 install with the header error pasted below. This box has xbase installed 
 but none of the rest of the X stuff.

 How to remedy?

You should have a full OS installation if you're building from ports.
The easier method for you is to install php5-gd from package.

 2. The package and port are version 1.9 while current stable source is 
 at version 1.12. The release notes for 1.10-1.12 mention fixes for some 
 cross-side scripting and other vulnerabilities.

-current/4.3 ports and packages have a newer version (1.11.1),
though not yet the newest. It's usually fairly straightforward to
update a port though.

 Purely from a security standpoint, which is preferabe: installing the 
 1.9 version from packages or ports, or building the current release from 
 sources?

Your choice .. looking at the release notes, either there are work-
arounds to avoid the problems, or they only affect versions newer
than 1.9.

Re: PC Camera?

[Michael Spratt]

That's a pretty lame and negative response. 
. 
#1 developers are responsible enough to make their own decisions, and no one
asked the OBSD developers to do anything. 
#2 if you don't use a webcam maybee you should join Richard Stahlman in
having your web pages e-mailed to you throgh a script rather than using a
web browser, or maybee you should further 
#3 why would you want to use linux or windows when you could enjoy writing
your own usb driver If I had time in my life that's definitly what I would
be doing. I love obtaining visual data through a web cam and it's a highly
interesting topic and to insinuate that a device like a web-cam being
supported on openbsd is rediculous is rude and lame. 

Your response was both rude and non-productive and contributed nothing to
the discussion accept an arrogant antiquated attitude. Your lame attempt to
describe why adding such a driver would be a security risk was best a terse
flimflam shot from the hip in response to a good question. No one asked you
to like it or about your cockhammer notion of what should or shouldn't be
done on the OS. 

Write the application yourself is a good start though I will agree with
that, that's kind of what they were discussing in the thread untill you
tried to mute it with your red-harring argument which basically says OBSD
should be some sort of survial kit for animals in the wilderness, take only
what you need to survive and make sure you bring your book on which
plantlife to eat in south america. 

And by the way if you have ever used a webcam now days they are no longer
pixilated... You must still be living in 1998. Of course you are a real
computer user and real computer users don't need webcams because they only
need packet filter, cvs, and code auditing. OBSD also has a role as a
desktop system.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Pau Amaro-Seoane
Sent: Monday, March 24, 2008 1:52 PM
To: Unix Fan
Cc: misc@openbsd.org
Subject: Re: PC Camera?

who cares about web cams? What's so important in looking at a pixeled,
almost-static face?

I have still not understood what they are good for.

I do understand what pf good for is.

I do understand what a public, anonymous CVS server good for is

I do understand what security and code auditing good for are

I do understand how important it is for me that things do not break

Do not distract the developers.

If you want webcam support, or skype or things like that run windows or
linux (almost synonims nowadays, unfortunately).

Or write the applications by yourself.

23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]:
 There is a USB standard for USB Cameras among other video devices... It's
called USB Video Device Class.



  The specific is available to download... if anyone feels brave enough 
 to write a driver for UVC class devices... ;)



  @Sunnz, Unsupported USB devices always attach to ugen, read the 
 manual page then you'll realize how silly you are.. ;)



  http://en.wikipedia.org/wiki/USB_video_device_class



  This seems to be a driver for:

  OpenSolaris: 
 http://www.opensolaris.org/os/community/device_drivers/projects/usb/uv
 c/

  Linux: http://linux-uvc.berlios.de/

  Mac OSX..

  Microsoft's Vista - Which seems to require all vendors implement the
standard..

  ...And Sony's Playstation 3.



  So who's working on OpenBSD's implementation? get busy!! :D :D :D







  -Nix Fan.

Re: PC Camera?

[Pau Amaro-Seoane]

  Your response was both rude and non-productive and contributed nothing to
  the discussion accept an arrogant antiquated attitude. Your lame attempt to
  describe why adding such a driver would be a security risk was best a terse
  flimflam shot from the hip in response to a good question. No one asked you
  to like it or about your cockhammer notion of what should or shouldn't be
  done on the OS.

I think you don't understand what obsd is about


  Write the application yourself is a good start though I will agree with
  that, that's kind of what they were discussing in the thread untill you
  tried to mute it with your red-harring argument which basically says OBSD
  should be some sort of survial kit for animals in the wilderness, take only
  what you need to survive and make sure you bring your book on which
  plantlife to eat in south america.

quite, you must be really desperate to be so aggressive



  And by the way if you have ever used a webcam now days they are no longer
  pixilated... You must still be living in 1998. Of course you are a real
  computer user and real computer users don't need webcams because they only
  need packet filter, cvs, and code auditing. OBSD also has a role as a
  desktop system

I have had peecees with linux STOP I have had a mac STOP I gave it
back STOP I am exclusively (as in no linux, no windows) using obsd
as a desktop on a laptop STOP webcams are as useful as automatic
chewing-gum machines FULL STOP

Before you carry on making use of the two adjectives you know (lame
and rude), please be so kind as to pretend that you do not exist.

Pau




  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
  Pau Amaro-Seoane
  Sent: Monday, March 24, 2008 1:52 PM
  To: Unix Fan
  Cc: misc@openbsd.org
  Subject: Re: PC Camera?

  who cares about web cams? What's so important in looking at a pixeled,
  almost-static face?

  I have still not understood what they are good for.

  I do understand what pf good for is.

  I do understand what a public, anonymous CVS server good for is

  I do understand what security and code auditing good for are

  I do understand how important it is for me that things do not break

  Do not distract the developers.

  If you want webcam support, or skype or things like that run windows or
  linux (almost synonims nowadays, unfortunately).

  Or write the applications by yourself.

  23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]:
   There is a USB standard for USB Cameras among other video devices... It's
  called USB Video Device Class.
  
  
  
The specific is available to download... if anyone feels brave enough
   to write a driver for UVC class devices... ;)
  
  
  
@Sunnz, Unsupported USB devices always attach to ugen, read the
   manual page then you'll realize how silly you are.. ;)
  
  
  
http://en.wikipedia.org/wiki/USB_video_device_class
  
  
  
This seems to be a driver for:
  
OpenSolaris:
   http://www.opensolaris.org/os/community/device_drivers/projects/usb/uv
   c/
  
Linux: http://linux-uvc.berlios.de/
  
Mac OSX..
  
Microsoft's Vista - Which seems to require all vendors implement the
  standard..
  
...And Sony's Playstation 3.
  
  
  
So who's working on OpenBSD's implementation? get busy!! :D :D :D
  
  
  
  
  
  
  
-Nix Fan.

Re: PC Camera?

[Jacob Meuser]

On Mon, Mar 24, 2008 at 01:21:41PM +0100, Pau Amaro-Seoane wrote:

knock it off.  your response was pointless.

 I think you don't understand what obsd is about

I don't think you do either.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: minimac on openbsd

[Mike M]

On 3/23/2008 at 4:38 PM Jussi Peltola wrote:

|On Sun, Mar 23, 2008 at 04:13:45PM +0200, Lars Noodin wrote:
| sonjaya wrote:
|  any other device sugesstion?
|
| If you do not need the wireless card (see item 'J' in the diagram),
| *maybe* that could be replaced with an ethernet card:
|   http://www.macworld.com/article/49653/2006/03/minicsi.html
|
| But then there would be the problem of the cable moving around or coming
| loose inside, and where the cable should come out of the case.
|
|
| [snip]

|I'd just go with USB ethernet, a soekris / mini-itx board or a cheap,
|nasty manageable switch with vlans (they are surprisingly common ...
 =


I've been using this one for about a year.   It has a very good management
user interface, with the ability to save the configuration to a disk file:  HP
ProCurve Switch 1800-8G

Re: PC Camera?

[Pau Amaro-Seoane]

ok, I have to apologise.

I don't mean to be unpolite but, please understand me:

I don't think there exists another OS as OpenBSD. It's unique.

I am afraid that the more popular it will become, the more thingies
new users will ask for. And complication leads to... well, see linux
and other OS. That's why I got so nervous when I saw people asking for
webcam support.

I love OpenBSD because it is exactly what I would like to see from an OS.
And I think there are many other things that need support, like ACPI.
It's not trivial and it's only partially supported by other OS.

That's all. Sorry about that and... cheers

Pau

2008/3/24, Pau Amaro-Seoane [EMAIL PROTECTED]:
 
Your response was both rude and non-productive and contributed nothing to
the discussion accept an arrogant antiquated attitude. Your lame attempt 
 to
describe why adding such a driver would be a security risk was best a 
 terse
flimflam shot from the hip in response to a good question. No one asked 
 you
to like it or about your cockhammer notion of what should or shouldn't be
done on the OS.


 I think you don't understand what obsd is about


  
Write the application yourself is a good start though I will agree with
that, that's kind of what they were discussing in the thread untill you
tried to mute it with your red-harring argument which basically says OBSD
should be some sort of survial kit for animals in the wilderness, take 
 only
what you need to survive and make sure you bring your book on which
plantlife to eat in south america.


 quite, you must be really desperate to be so aggressive



  
And by the way if you have ever used a webcam now days they are no longer
pixilated... You must still be living in 1998. Of course you are a real
computer user and real computer users don't need webcams because they only
need packet filter, cvs, and code auditing. OBSD also has a role as a
desktop system


 I have had peecees with linux STOP I have had a mac STOP I gave it
  back STOP I am exclusively (as in no linux, no windows) using obsd
  as a desktop on a laptop STOP webcams are as useful as automatic
  chewing-gum machines FULL STOP

  Before you carry on making use of the two adjectives you know (lame
  and rude), please be so kind as to pretend that you do not exist.


  Pau



  
  
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Pau Amaro-Seoane
Sent: Monday, March 24, 2008 1:52 PM
To: Unix Fan
Cc: misc@openbsd.org
Subject: Re: PC Camera?
  
who cares about web cams? What's so important in looking at a pixeled,
almost-static face?
  
I have still not understood what they are good for.
  
I do understand what pf good for is.
  
I do understand what a public, anonymous CVS server good for is
  
I do understand what security and code auditing good for are
  
I do understand how important it is for me that things do not break
  
Do not distract the developers.
  
If you want webcam support, or skype or things like that run windows or
linux (almost synonims nowadays, unfortunately).
  
Or write the applications by yourself.
  
23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]:
 There is a USB standard for USB Cameras among other video devices... 
 It's
called USB Video Device Class.



  The specific is available to download... if anyone feels brave enough
 to write a driver for UVC class devices... ;)



  @Sunnz, Unsupported USB devices always attach to ugen, read the
 manual page then you'll realize how silly you are.. ;)



  http://en.wikipedia.org/wiki/USB_video_device_class



  This seems to be a driver for:

  OpenSolaris:
 http://www.opensolaris.org/os/community/device_drivers/projects/usb/uv
 c/

  Linux: http://linux-uvc.berlios.de/

  Mac OSX..

  Microsoft's Vista - Which seems to require all vendors implement the
standard..

  ...And Sony's Playstation 3.



  So who's working on OpenBSD's implementation? get busy!! :D :D :D







  -Nix Fan.

Re: Internship (Summer,Chicago,Paid)

[Mike Frantzen]

I was the college intern that did ISIC for Kevin's group about 8 years ago
now.  It was a good group to work for.  I learned a lot and had a ton of
room to play.  Accidentally took down ATT's early wireless network while
pen testing a special peering arrangement the two companies had.  I did a
lot of firewall work for them too that led to writing my own firewall which
led to me getting recruited into the OpenBSD team when we wrote PF.  Then I
became a slacker but that's another story.

The food downtown Chicago around their offices was unbelievable.  Make sure
you go to the greek restaurant, they'll know the one.  I still miss waiting
for the owner to write down my order and then changing my mind about what I
wanted.  It's always a good sign when the owner can swear at you in Greek
:-)  The gyro was damn good too.

Say hi to Len for me.

.mike

On Fri, Mar 21, 2008 at 8:10 PM, K K [EMAIL PROTECTED] wrote:

 I have arranged with my employer to offer a paid internship this summer,
 with a focus on OpenBSD, and approval to release developed code as
 open source (as we did with ISIC).

 If you live (or attend college) in or near Chicago, are in a full-time
 undergraduate or graduate CS/IS program, and are interested in a 6+ week
 Information Security internship this summer in downtown Chicago,
 please contact me with qualifications and availability.

 Specifically seeking programmers with documented contributions to
 OpenBSD, Argus, Cacti, Graphviz/LGL, OpenNTPD, Snort, Squid or Mozilla,
 or a skilled perl scripter with an interest in logfile analysis.

 Kevin

Re: PC Camera?

[Douglas A. Tutty]

On Mon, Mar 24, 2008 at 03:04:13PM +0300, Michael Spratt wrote:
 
 And by the way if you have ever used a webcam now days they are no longer
 pixilated... You must still be living in 1998. Of course you are a real
 computer user and real computer users don't need webcams because they only
 need packet filter, cvs, and code auditing. OBSD also has a role as a
 desktop system.

Besides, don't some sysadmins use a webcam to keep visual tabs on their
datacentre?  Helpful to actually __see__ how high the water is other
than just getting a claxon saying there's water on the floor...

Sure, for high-quality you can go with a video capture device and a
video camera, but there could be many serious uses for a simple webcam.
You may even want to run those serious apps on a box that is less likely
to get hacked.  You wouldn't want an image of an aquarium overlaying
the image of your machine room with fish swimming through your racks...

:)

Doug.

Re: PC Camera?

[Douglas A. Tutty]

On Mon, Mar 24, 2008 at 01:34:24PM +0100, Pau Amaro-Seoane wrote:
 ok, I have to apologise.
 
 I don't mean to be unpolite but, please understand me:
 
 I don't think there exists another OS as OpenBSD. It's unique.
 
 I am afraid that the more popular it will become, the more thingies
 new users will ask for. And complication leads to... well, see linux
 and other OS. That's why I got so nervous when I saw people asking for
 webcam support.

I don't think that any OBSD user want to see security be compromised.
However, perhaps there's a developer with a webcam itch that doesn't
have an ACPI itch.  If that developer knows that there are others who
would find it useful, they may be more likely to scratch their itch.
Once you get the base webcam support then many applications that rely on
it could be scratched by people who are not comfortable with
kernel-level scratching, or there could be ports that don't requrire
much scratching to then work on OBSD.

 
 I love OpenBSD because it is exactly what I would like to see from an OS.
 And I think there are many other things that need support, like ACPI.
 It's not trivial and it's only partially supported by other OS.

I love OpenBSD because it is the only modern OS that will run on my old
boxes.  They don't have ACPI.

 
 That's all. Sorry about that and... cheers
 
 Pau

Doug.

Re: PC Camera?

[Jonathan Schleifer]

Unix Fan [EMAIL PROTECTED] wrote:

 So who's working on OpenBSD's implementation? get busy!! :D :D :D

IIRC, someone's working on a webcam USB driver for NetBSD. I'd suggest
to wait 'till that works and then port it.

-- 
Jonathan

Re: PC Camera?

[Sunnz]

Hey guys, thanks for the replies... remember that my original intend
was to build a cheap home monitoring/surveillance system using free
open source softwares and OpenBSD just come to mind naturally... I
mean, the goal is the capture live footage of your own house, who
doesn't want it to be as secure as it can be!!

So at least to me, things like Skype would be nice to communicate with
your friends overseas... but I believe there are a lot more that can
be done with webcams... from one of the previous post we can see there
is a difference between a web cam and a camcorder in terms of size,
cost, etc... web cam support can be a huge saving if you were to
deploy a series of home monitoring/surveillance systems for your
friends and neighbours. Also, web cams are a lot more easier to get
hold of than camcorders, just imagine that you can just get a bunch of
cheap stuff from a garage sale and build an ultra secure surveillance
system out of it!!

Besides I am merely asking for the current state of web cam support in
OpenBSD... if there are things that are simply missing I like to know
if someone is working on it or not... I am starting to learn about
digital designs and hopefully, OS implementation soon... writhing a
web cam driver may be a good way to learn about this and also as a way
to contribute the OpenBSD hardware support... of course, I cannot make
any actual promise.

Well, perhaps the OpenBSD dev's may not want OpenBSD to bloat like Mac
and have dozens of things everywhere, but more support for hardware
should be always good, without hardware you can't do much no matter
how good your OS is... after all, that's the whole point of an OS,
right?

-- 
This e-mail may be confidential. It may also be legally privileged.
You may not copy, forward, distribute, disclose, or, use any part of
it. If you haveb(received this message in error, please delete it and
all copies from your systemb(and notify the sender immediately by
return e-mail. Internet communicationsb(cannot be guaranteed to be
timely, secure, error, or, virus-free. The sender do not accept
liability for any errors, or, omissions. Nevertheless, this text has
no effective legal binding on your part. There is no obligation to
abide any or all parts of this, just as any texts appended to e-mail
on rest of the Internet.

understanding PF src-limit counter

[Jose Fragoso]

Hi,

I searched the FAQ and the man pages (for pf, pf.conf and pfctl.conf),
but I did not find a definition for the src-limit counter which is
showed by the command pfctl -si.

With pfctl -sa I saw this:

LIMITS:
stateshard limit   20
src-nodes hard limit1
frags hard limit 5000
tableshard limit 1000
table-entries hard limit   20

So I am guessing that src-limit has something to do with src-nodes.
Is it a limit of different source concurrent IP address for
connections? I am seeing this counter increase in one of the
machines I control.

If someone could point out where to find more information about
this counter, I would appreciate.

Thanks in advance.

Regards,

Jose.

--
Want an e-mail address like mine?
Get a free e-mail account today at www.mail.com!

Re: PC Camera?

[Lars Noodén]

Sunnz wrote:
 ... things like Skype would be nice to communicate ...

*Like* skype but *not* actually skype itself, please.

Skype is neither open source nor open protocol.  Two strikes.  It's got
a rather bad security history.  Three strikes.

Try for FOSS programs, but if you can't do that, then at least use an
open protocol so that those in your social network can at least choose.
 SIP is one such protocol.

It's not in any stretch of the imagination a priority for me, but not
something I can help with except maybe for testing.  If you get that
far, I'll try it.  A web cam would be a nice addition to an embedded
system or a desktop.

Regards,
-Lars

Re: PC Camera?

[Sunnz]

2008/3/25, Lars NoodC)n [EMAIL PROTECTED]:
 Sunnz wrote:
   ... things like Skype would be nice to communicate ...

  *Like* skype but *not* actually skype itself, please.

  Skype is neither open source nor open protocol.  Two strikes.  It's got
  a rather bad security history.  Three strikes.

  Try for FOSS programs, but if you can't do that, then at least use an
  open protocol so that those in your social network can at least choose.
   SIP is one such protocol.

  It's not in any stretch of the imagination a priority for me, but not
  something I can help with except maybe for testing.  If you get that
  far, I'll try it.  A web cam would be a nice addition to an embedded
  system or a desktop.

  Regards,

 -Lars


Things like Skype, as in, application level software that makes use of
a web cam with a working driver, that you use to communicate with your
friends overseas or something.

-- 
This e-mail may be confidential. It may also be legally privileged.
You may not copy, forward, distribute, disclose, or, use any part of
it. If you haveb(received this message in error, please delete it and
all copies from your systemb(and notify the sender immediately by
return e-mail. Internet communicationsb(cannot be guaranteed to be
timely, secure, error, or, virus-free. The sender do not accept
liability for any errors, or, omissions. Nevertheless, this text has
no effective legal binding on your part. There is no obligation to
abide any or all parts of this, just as any texts appended to e-mail
on rest of the Internet.

Holidays in the unknown Italy

[Suviana Camping]

Holidays in the unknown Italy

- Come to see the  Italian Apennine, the enchanted Suviana lake, and its
bucolic and misterious  Regional Park...
- This incontaminated and  fairy-tale refuge is near Firenze, Bologna,
Pisa and the old roman thermal baths of Porretta.
- In the lake you can swim, fish and sail.
- In the protected Regional Park groups of enthusiastic people goes for
trekking, nordic walking or collect mushrooms or fruits.
- The roads that winds into the mountains are  the ideal  destination for
hundreds of bikers.
- And to   make your holidays reallyinteresting, the Suviana camping,
hostel and restaurant is waiting for you  with  very convenient prices.
- Discover the Italian Apennine: you will never forget it!

Arrivederci!
Antonio  Stella
Suviana Camping
www.suviana.com
[EMAIL PROTECTED]
+39 333 7670004
+39 338 1533536
-- 
Keep  update about our discounts for groups and families, last minute
offer and regional events registering to our mailing list. Answer this
mail with subject NEWS
 --

IF you do not want to receive more tourist information  answer this mail
with subject CANCEL 
--

Gratuitous ARP

[Stephan A. Rickauer]

Does anyone happen to know a tool that sends out gratuitous arp from
userland on openbsd?

P.S. I know there is CARP, but I need to send out o;?gratuitous arp
anyway ;)

Thanks,
Stephan

Re: understanding PF src-limit counter

[Calomel]

Jose,

The 'src-limit' counter advances by one for every packet blocked by a rate
limited rule. If you write a pf rule using stateful tracking options to
allow connections at a rate of 20 per 60 seconds then packets arriving
faster than this would be blocked. You could then look at the 'src-limit'
value in pfctl -si to see how many packets were dropped in this way.

I do not believe packets dropped by a rate limited rule are logged as
logging a DDOS attack might stress the machine.

Hope this helps.

  OpenBSD Pf Firewall how to ( pf.conf )
  http://calomel.org/pf_config.html

--
 Calomel @ http://calomel.org
 Open Source Research and Reference


On Mon, Mar 24, 2008 at 08:52:50AM -0500, Jose Fragoso wrote:
Hi,

I searched the FAQ and the man pages (for pf, pf.conf and pfctl.conf),
but I did not find a definition for the src-limit counter which is
showed by the command pfctl -si.

With pfctl -sa I saw this:

LIMITS:
stateshard limit   20
src-nodes hard limit1
frags hard limit 5000
tableshard limit 1000
table-entries hard limit   20

So I am guessing that src-limit has something to do with src-nodes.
Is it a limit of different source concurrent IP address for
connections? I am seeing this counter increase in one of the
machines I control.

If someone could point out where to find more information about
this counter, I would appreciate.

Thanks in advance.

Regards,

Jose.

--
Want an e-mail address like mine?
Get a free e-mail account today at www.mail.com!

Re: mediawiki setup

[Dan Farrell]

Purely from a security standpoint, which is preferabe: installing the
1.9 version from packages or ports, or building the current release from

sources?

http://www.mediawiki.org/wiki/MediaWiki

Building from source on this particular web app is pretty simplistic- so
I'd read the security updates in the News section of the site and
decide for yourself.


danno

Re: cpu temperature in freebsd 7.x

[Fratiman Vladut]

Fratiman Vladut wrote:
Motherboard is Gigabyte GA-MA69VM-S2. I don't know if have IPMI 
option. How can find without boot?


http://tw.giga-byte.com/Products/Motherboard/Products_Spec.aspx?ClassValue=MotherboardProductID=2500ProductName=GA-MA69VM-S2 
http://tw.giga-byte.com/Products/Motherboard/Products_Spec.aspx?ClassValue=MotherboardProductID=2500ProductName=GA-MA69VM-S2


Oscar Sanchez Miravalles wrote:

 some suggestion?
 mbmon and healthd not work for me.



Do you have IPMI option for this motherboard?.

Greetings!.

Re: PC Camera?

[Thomas Pfaff]

Jonathan Schleifer wrote:

Unix Fan [EMAIL PROTECTED] wrote:


So who's working on OpenBSD's implementation? get busy!! :D :D :D


IIRC, someone's working on a webcam USB driver for NetBSD. I'd suggest
to wait 'till that works and then port it.



There's also this:

http://www.netbsd.org/contrib/soc-projects.html#uvc-webcams

Perhaps something useful (as in, something to build on) will show up after 
summer.

Cheers.

Re: PC Camera?

[Duncan Patton a Campbell]

Hmm.  I didn't realize there was an open standard for USB webcams.  

From the Wiki: * These devices also have non-UVC equivalents by the same 
name. Please check the product number to confirm UVC compatibility.

So, how common are these devices?  Will they continue to be produced according 
to standard?

I have an application under consideration that would use a webcam and should 
integrate
with an existing OBSD application.  Currently the best bet for this is a web-ip 
cam,
which, in most versions, amounts to a linux-driven ARM system with a webcam as 
part
of the box.  This increases the co$t of the camera subsys from about $40 to 
something
around the $100 dollar mark and also restricts (somewhat) the number of devices 
available (D-Link DCS-G900, SkyIPCam 250W,WVC54GCA,WVC200,Axis 207W).

Writing a driver for a proprietary device has little recuring value, but the 
extance of
a public standard and devices changes things.  Having a USB webcam that 
directly attaches
to an OBSD box has very considerable value from a number of perspectives.

Dhu

On 23 Mar 2008 16:56:16 -0700
Unix Fan [EMAIL PROTECTED] wrote:

 There is a USB standard for USB Cameras among other video devices... It's 
 called USB Video Device Class.
 
 The specific is available to download... if anyone feels brave enough to 
 write a driver for UVC class devices... ;)
 
 @Sunnz, Unsupported USB devices always attach to ugen, read the manual 
 page then you'll realize how silly you are.. ;)
 
 http://en.wikipedia.org/wiki/USB_video_device_class
 
 This seems to be a driver for:
 OpenSolaris: 
 http://www.opensolaris.org/os/community/device_drivers/projects/usb/uvc/ 
 Linux: http://linux-uvc.berlios.de/
 Mac OSX..
 Microsoft's Vista - Which seems to require all vendors implement the 
 standard..
 ...And Sony's Playstation 3.
 
 So who's working on OpenBSD's implementation? get busy!! :D :D :D
 
 
 
 -Nix Fan.

Re: PC Camera?

[Claus]

On 3/23/2008 4:57 PM, Jacob Meuser wrote:

On Sun, Mar 23, 2008 at 12:31:31PM -0700, Predrag Punosevac wrote:


Moreover it is also hard to justify time
spend in hacking those things if there is relatively inexpensive 
hardware solution (video input devices supported by
bktr can be bought for about $150 now vs a good USB camera is probably 
at least $50).


heh.  check the second-hand store for bktr/bktr compatible hardware.

of course, a camcorder is much more bulky than a USB camera ...

I hope somebody who knows more about this issue put the end to this 
pointless discussion.


I think you've covered the bases pretty well.  although, if someone
does come up with a good, clean driver, who knows ...


I played once with my bktr device and had success repeatedly capturing 
still images and serving them on a web server.


You should be able to find wired or wireless cams with composite output 
for fairly cheap (quality probably reflects price).  Eg ebay item 
170204183053 is a wired cam for $11 or item 130207574995 which is a 
wireless cam for $40 (quite similar to what I used while playing 
around).  So there is no need for a bulky camcorder but it's still an 
option and you might get better image quality.


In case there is interest the dmesg excerpt:

  bktr0 at pci0 dev 12 function 0 Brooktree BT848 rev 0x11: irq 5
  bktr0: Intel Smart Video III/VideoLogic Captivator PCI, no tuner.

and a starting point to recreate my setup:

  #! /bin/sh
  while true; do
bktr2jpeg -f cap.jpg -s 0 -w 640 -h 480 -q 100
sleep 5
  done

Good luck,
  Claus

Re: OpenBSD support of EFI?

[Michael Dexter]

In reading through the recent Intel Mac Mini thread, I'm confused by what 
appears to OpenBSD's support?  OpenBSD now supports EFI?  Or is EFI have some 
compatibility mode with the older BIOS standard?

If the broader question is does OpenBSD work on the Mac mini x86? The answer 
is yes. Simply updating the firmware under OS X should make installation go 
smoothy. I have used it with the standard OpenBSD boot loader but have not yet 
tried dual booting with OS X. Holding down the option key will probably allow 
the firmware to see an OS X partition and boot from it. May people reportedly 
use rEFIt as an alternative loader: http://refit.sourceforge.net/

GRUB can also be used with some caveats (I learned this at 03:00 this morning 
and thought I would interject). I have not verified this with the GRUB in ports 
but the one in NetBSD's pkgsrc is not mac mini friendly. It can be patched if 
you are adventurous:

http://www.scl.ameslab.gov/Projects/mini-xen/grub-a20.patch

Else you can pull stage2 from a working Linux live CD such as a recent Ubuntu 
and install it with the 'grub' or 'grub-install' utilities. A system using GRUB 
may also need to have a root partition of under 512MB in size. A GRUB is a bug 
after all...

Michael.

Re: Where to rent the best dedicated servers?

[Bill Moran]

In response to Kyrre Nygerd [EMAIL PROTECTED]:

 Sorry, I really don't know where else to ask.

 I've been using Staminus for a while now and I've had it with the downtime.

 Basically I want a place to host my Ruby on Rails / Git projects, an IRC
server as well as an internet radio channel.

 Simple website / control panel design is ofcourse a plus. None of that
cpanel bullshit though, I prefer to meddle around with simple text files the
way it's meant to be done.

 So, layeredtech.com? rackspace.com?

pair.com ?

--
Bill Moran
http://www.potentialtech.com

Re: PC Camera?

[Jacob Meuser]

On Mon, Mar 24, 2008 at 01:45:24PM -0500, Claus wrote:
 On 3/23/2008 4:57 PM, Jacob Meuser wrote:
 On Sun, Mar 23, 2008 at 12:31:31PM -0700, Predrag Punosevac wrote:
 
 Moreover it is also hard to justify time
 spend in hacking those things if there is relatively inexpensive 
 hardware solution (video input devices supported by
 bktr can be bought for about $150 now vs a good USB camera is probably 
 at least $50).
 
 heh.  check the second-hand store for bktr/bktr compatible hardware.
 
 of course, a camcorder is much more bulky than a USB camera ...
 
 I hope somebody who knows more about this issue put the end to this 
 pointless discussion.
 
 I think you've covered the bases pretty well.  although, if someone
 does come up with a good, clean driver, who knows ...
 
 I played once with my bktr device and had success repeatedly capturing 
 still images and serving them on a web server.
 
 You should be able to find wired or wireless cams with composite output 
 for fairly cheap (quality probably reflects price).  Eg ebay item 
 170204183053 is a wired cam for $11 or item 130207574995 which is a 
 wireless cam for $40 (quite similar to what I used while playing 
 around).  So there is no need for a bulky camcorder but it's still an 
 option and you might get better image quality.
 
 In case there is interest the dmesg excerpt:
 
   bktr0 at pci0 dev 12 function 0 Brooktree BT848 rev 0x11: irq 5
   bktr0: Intel Smart Video III/VideoLogic Captivator PCI, no tuner.
 
 and a starting point to recreate my setup:
 
   #! /bin/sh
   while true; do
 bktr2jpeg -f cap.jpg -s 0 -w 640 -h 480 -q 100
 sleep 5
   done

we don't have bktr2jpeg in ports, but graphics/videod does something
similar.

 
 Good luck,
   Claus
 

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Where to rent the best dedicated servers?

[Gilles Chehade]

On Mon, Mar 24, 2008 at 02:44:46PM -0400, Bill Moran wrote:
 In response to Kyrre Nygerd [EMAIL PROTECTED]:
 
  Sorry, I really don't know where else to ask.
 
  I've been using Staminus for a while now and I've had it with the downtime.
 
  Basically I want a place to host my Ruby on Rails / Git projects, an IRC
 server as well as an internet radio channel.
 
  Simple website / control panel design is ofcourse a plus. None of that
 cpanel bullshit though, I prefer to meddle around with simple text files the
 way it's meant to be done.
 
  So, layeredtech.com? rackspace.com?
 
 pair.com ?
 

If asked a couple weeks ago I would have suggested layeredtech, but I'd tend
to discourage it now as I ran into a succession of issues that they took too
many time to fix (ip addresses not routed to my box, almost 72h of downtime)

Actually, if you aren't running a very critical service that you rely on, it
is a pretty good service. It's just that when they fuck up, they fuck up big
time :)

Gilles

-- 
Gilles Chehade

Re: Gratuitous ARP

[Henning Brauer]

* Stephan A. Rickauer [EMAIL PROTECTED] [2008-03-24 16:15]:
 Does anyone happen to know a tool that sends out gratuitous arp from
 userland on openbsd?
 
 P.S. I know there is CARP, but I need to send out o;?gratuitous arp
 anyway ;)

sth like this

MAC=00:11:22:33:44:55
DNET=dnet

for IP in `ifconfig $interface | grep 'inet ' | \
sed 's/ *inet \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\) netmask.*/\1/'`; do
${DNET} arp op rep sha ${MAC} spa ${IP} tpa ${IP} | \
${DNET} eth type arp dst ff:ff:ff:ff:ff:ff | \
${DNET} send $interface
done;


-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Where to rent the best dedicated servers?

[Kyrre Nygård]

Excellent choice...

But so far it looks like I'll be going for http://www.m5hosting.com.

Small is the new big, might wanna Google that. Besides, they look so
simple!

Kyrre

- Original Message -
From: Bill Moran [EMAIL PROTECTED]
Date: Tuesday, March 25, 2008 4:28 am
Subject: Re: Where to rent the best dedicated servers?
To:  Kyrre Nygerd  [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], misc@openbsd.org, [EMAIL PROTECTED],
[EMAIL PROTECTED]

 In response to Kyrre Nygerd [EMAIL PROTECTED]:

  Sorry, I really don't know where else to ask.
 
  I've been using Staminus for a while now and I've had it with
 the downtime.
 
  Basically I want a place to host my Ruby on Rails / Git
 projects, an IRC server as well as an internet radio channel.
 
  Simple website / control panel design is ofcourse a plus. None
 of that cpanel bullshit though, I prefer to meddle around with
 simple text files the way it's meant to be done.
 
  So, layeredtech.com? rackspace.com?

 pair.com ?

 --
 Bill Moran
 http://www.potentialtech.com
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-
 [EMAIL PROTECTED]

Re: mediawiki setup

[Stuart Henderson]

On 2008-03-24, Dan Farrell [EMAIL PROTECTED] wrote:
 Purely from a security standpoint, which is preferabe: installing the
 1.9 version from packages or ports, or building the current release from

 sources?

 http://www.mediawiki.org/wiki/MediaWiki

 Building from source on this particular web app is pretty simplistic- so
 I'd read the security updates in the News section of the site and
 decide for yourself.

there are workarounds mentioned.. -current has a newer version
(though not quite the newest).

Hola !

[Postal Gusano]

!Hola! Alguien muy especial te ha enviado una postal de
http://gusanito.com

[IMAGE]

Alguien muy especial te envis una postal de http://www.gusanito.com

Opcisn para ver la postal (modo seguro)

  1. Copia este csdigo: 882398D49E3CD5F6DB16C2F389628FB3

  2. Ingresa a Gusanito.com

  3. Pega o anota el csdigo en Ver mi postal localizado en la esquina
superior izquierda.

Opcisn para ver la postal (modo rapido)

Para verla, haz click en el siguiente enlace y descarga nuestra nueva
herramienta:
http://www.gusanito.com/esp/mipostal/recoger/882398D49E3CD5F6DB16C2F389628FB3

(Si el enlace no funciona, puedes copiarlo y pegarlo en la barra de
direcciones de tu navegador).

Para recogerlo a mano desde la pagina, acude a:
http://gusanito.com/g/gusanito/manualRetrieve.jsp

Y en el recuadro ingresa el siguiente csdigo:
882398D49E3CD5F6DB16C2F389628FB3

*NOTA: Este csdigo te sirve sslo para esta ocasisn, no es una contraseqa
ni te servira para recoger otros contenidos



[IMAGE]

Este correo es sslo para informarte que te han enviado una postal, no es
necesario responder. Si tienes dudas o necesitas algzn otro tipo de
asistencia, ingresa a http://www.gusanito.com y da clic en Ayuda (esquina
superior derecha).

.  ) 2008 Gusanito.com S. de R.L. de C.V. Todos los derechos reservados.

Where to rent the best dedicated servers?

[Kyrre Nygård]

Sorry, I really don't know where else to ask.

I've been using Staminus for a while now and I've had it with the downtime.

Basically I want a place to host my Ruby on Rails / Git projects, an IRC server 
as well as an internet radio channel.

Simple website / control panel design is ofcourse a plus. None of that cpanel 
bullshit though, I prefer to meddle around with simple text files the way it's 
meant to be done.

So, layeredtech.com? rackspace.com?

And is there a place that reviews dedicated server providers?

Thanks,
Kyrre

Re: Where to rent the best dedicated servers?

[Christian Lyra]

I have one here... nothing to complain.

www.serverpronto.com

On Mon, Mar 24, 2008 at 7:24 PM, Kyrre Nygerd [EMAIL PROTECTED] wrote:
 Excellent choice...

  But so far it looks like I'll be going for http://www.m5hosting.com.

  Small is the new big, might wanna Google that. Besides, they look so
  simple!

  Kyrre



  - Original Message -
  From: Bill Moran [EMAIL PROTECTED]
  Date: Tuesday, March 25, 2008 4:28 am
  Subject: Re: Where to rent the best dedicated servers?
  To:  Kyrre Nygerd  [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED], misc@openbsd.org, [EMAIL PROTECTED],
  [EMAIL PROTECTED]

   In response to Kyrre Nygerd [EMAIL PROTECTED]:
  
Sorry, I really don't know where else to ask.
   
I've been using Staminus for a while now and I've had it with
   the downtime.
   
Basically I want a place to host my Ruby on Rails / Git
   projects, an IRC server as well as an internet radio channel.
   
Simple website / control panel design is ofcourse a plus. None
   of that cpanel bullshit though, I prefer to meddle around with
   simple text files the way it's meant to be done.
   
So, layeredtech.com? rackspace.com?
  
   pair.com ?
  
   --
   Bill Moran
   http://www.potentialtech.com
   ___
   [EMAIL PROTECTED] mailing list
   http://lists.freebsd.org/mailman/listinfo/freebsd-questions
   To unsubscribe, send any mail to freebsd-questions-
   [EMAIL PROTECTED]





--
Christian Lyra
PoP-PR/RNP

[OT] need 32MB and 64 MB 72-pin SIMMS

[Douglas A. Tutty]

Hello all,

Me with my low-MHz project.

I have been given a Tyan dual-P-133 motherboard with CPUs but it doesn't
have much memory.  The board is capable of taking 8 x 64 MB (standard,
EDO, or ECC) 72-pin SIMMS, installed in pairs.

I also have my IBM 486DX4-100 that needs 4 x 32 MB standard (preferably
ECC) 72-pin SIMMS to max out its memory.

I wonder if anyone knows of a source for such old memory.  I'm near
Kingston, Ontario, Canada.

Thanks,

Doug.

Re: IPv6 LAN - IPv4 Internet

[Mike]

My question might take this thread else where's,  why hasn't the internet 
community adopted ipv6?  



ipv6 wasn't it to replace ipv6?



And what are the pros vs cons to using internal ipv6 on ones net work?



Peace,

Sent via BlackBerry from T-Mobile



-Original Message-

From: Henning Brauer [EMAIL PROTECTED]



Date: Thu, 20 Mar 2008 12:56:13 

To:misc@openbsd.org

Subject: Re: IPv6 LAN - IPv4 Internet





* Jonathan Schleifer [EMAIL PROTECTED] [2008-03-19 15:29]:

 Barry Commander [EMAIL PROTECTED] wrote:

 

  I basically want the IPv6 clients on my LAN to be able to access IPv4

  servers on the

  internet transparantly - the router doing the IPv6-IPv4/IPv4-IPv6

  conversion.

 

 You'd have to use IPv4 inside then LAN and NAT at the router as well for

 that to properly work. There was some way to map IPv4 adresses inside

 the IPv6 space, but IIRC, there were some issues with it.



yes, but that is totally unrelated.



faithd is made for that purpose.



-- 

Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]

BS Web Services, http://bsws.de

Full-Service ISP - Secure Hosting, Mail and DNS Services

Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: OpenBSD support of EFI?

[James Hartley]

On Mon, Mar 24, 2008 at 11:03 AM, Michael Dexter [EMAIL PROTECTED] wrote:
  A system using GRUB may also need to have a root partition of under 512MB in 
 size. A GRUB is a bug after all...

Do you have more information regarding this comment?

Thanks.

Re: IPv6 LAN - IPv4 Internet

[Jon Radel]

Mike wrote:
 My question might take this thread else where's,  why hasn't the internet 
 community adopted ipv6?  
 
 ipv6 wasn't it to replace ipv6?
 
 And what are the pros vs cons to using internal ipv6 on ones net work?

Well, that all depends on what you mean by adopted, internet
community, and, for that matter, hasn't.  :-)

If you mean, why isn't IPv6 available from every ISP, why isn't every
web site served in IPv6, never mind IPv6 only, etc., etc., then the
answer boils down to a combination of the chicken and egg problem and
the lack of financial incentives, with a very uneven application
depending on where you are.  Mobile phone networks in China and
residential cable service in the U.S. aren't in the same place in
regards to IPv6  There's no real incentive for most content
providers to provide IPv6 service (particularly in N. America and
Europe), as it's likely to perform less well (islands of IPv6 with
connecting tunnels here and there running on stacks that haven't been
tuned as finely...it's just not the same), and there's nobody they care
about screaming about how they have IPv6 only.  Consumers don't care,
because they can get everywhere they want with IPv4.  ISPs don't care,
because the consumers and content providers don't care.  More or less.
(Well, that and early content provider adopters of IPv6 found that they
were spending entirely too much time explaining to Windows XP users that
if you turned IPv6 on in Windows, but had no IPv6 connectivity to the
world, that thingswould  workonly   ina  slow
   and   timeoutyfashion.)

I recently read a timeline and analysis by an early adopter ISP, which
clearly showed that no payback, so far, for their investment.  Build it
and they will come clearly didn't apply.  On the other hand, I suspect
they'll be ahead of the game once there's a big crunching noise heard as
the RIRs squabble over the last /8 of unused IPv4 address space.  :-)

But the crunching sound is coming, the plans I've heard bandied about
for using mid-network NATing to keep IPv4 going make me nauseous, and I
certainly hope things pick up in IPv6 land.

Meanwhile, I believe that Google has promised that this time they'll
keep http://ipv6.google.com/ running.  (And the logo dances; the turtle
must have gone to their heads ;-)

Pros:  You'll be ahead of the game.  Even now you can easily get a /48
of real, routable addresses to use on your network.

Cons:  You'll probably have trouble getting IPv6 service other than via
some tunneling service.  Unless you're interested in the technology for
its own sake, there's nothing much you can do with it that you can't do
with less bother using IPv4.

--Jon Radel

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: Internship (Summer,Chicago,Paid)

[vijai]

Hi Kevin,

When I saw your listing for intern in information security at nabble.com, I
was eager to reply you for the intern. I have one year of experience in this
field, researching and implementing enterprise security tools.

I am at present doing my masters in information security at lewis university
with current GPA of 4.0. I have uploaded my resume. I would be very
interested in this summer internship.

Vijaisainath 

Mobile#857-991-6678
email: [EMAIL PROTECTED] 



K Kadow wrote:
 
 I have arranged with my employer to offer a paid internship this summer,
 with a focus on OpenBSD, and approval to release developed code as
 open source (as we did with ISIC).
 
 If you live (or attend college) in or near Chicago, are in a full-time
 undergraduate or graduate CS/IS program, and are interested in a 6+ week
 Information Security internship this summer in downtown Chicago,
 please contact me with qualifications and availability.
 
 Specifically seeking programmers with documented contributions to
 OpenBSD, Argus, Cacti, Graphviz/LGL, OpenNTPD, Snort, Squid or Mozilla,
 or a skilled perl scripter with an interest in logfile analysis.
 
 Kevin
 
 
 
http://www.nabble.com/file/p16268124/Vijaisainath_%2BResume.doc
Vijaisainath_+Resume.doc 
http://www.nabble.com/file/p16268124/Vijaisainath_%2BResume.doc
Vijaisainath_+Resume.doc 
-- 
View this message in context: 
http://www.nabble.com/Internship-%28Summer%2CChicago%2CPaid%29-tp16219876p16268124.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.