Re: Is this a case of paranoia?
Not surprising at all. I have had to get special dispensation to access undeadly.org, download nmap source, and several other sites with tools that I use. The classifications are made by teams of people who have very little understanding of what the sites actually contain. A lot of breast cancer advocacy sites get misclassified top, fwiw. On Apr 24, 2010 4:37 AM, Danny dannydeb...@gmail.com wrote: Hi guys, Here is a screenshot of what the IT guys at my work thinks of OpenBSD. Before I took this screenshot I could access www.openbsd.org for about an hour. After that I started getting the message you see on the included pic. Is this a bad case of paranoia? :-) Thank You Danny [demime 1.01d removed an attachment of type image/x-ms-bmp]
Re: OpenBSD culture?
I work with a lot of systems integrator types - they deliver finished platforms to run apps we develop on. A lot of familiarity with Solaris and Centos. One day, a couple of load balancers died and one of them needed a quick solution so I tossed them my 4.6 cd and sent them a link to man for relayd. About 20 minutes later, he had his first OpenBSD server. 3 hours after that, load-balancers. The guy said it was the easiest learning curve he'd ever seen - everything just worked, the man pages were accurate, and there were no gotchas. Linux's popularity as a platform for services has nothing at all to do with ease of use. On Apr 14, 2010 4:18 PM, Jacob Meuser jake...@sdf.lonestar.org wrote: On Wed, Apr 14, 2010 at 07:33:20PM -0300, VICTOR TARABOLA CORTIANO wrote: The difference is that ... depends how you define advanced. when people say OpenBSD is for developers, that does't mean you have to be as knowledgable as a kernel hacker to use OpenBSD effectively. it means you'll get the most out of OpenBSD when you approach it like a developer. developers *enjoy* figuring things out on their own. of course, people who enjoy learning about a subject do eventually become advanced at that subject, but that comes with time. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: OpenBSD culture?
On Thu, Apr 15, 2010 at 10:49 AM, Chris Dukes pak...@pr.neotoma.org wrote: On Thu, Apr 15, 2010 at 09:15:39AM -0700, Henry Sieff wrote: [SNIP] Unfortunately, for many of us the end goal is to get a pile of crap, as dictated by management, working well enough that we get another paycheck. Unfortunately, for many of us what management dictates is something they have heard of, has a sales dweeb that provided a good meal or golf game, and has a support contract so the blame can be passed on to those servicing the support contract. Oh, absolutely - hence the proliferation of Linux and Solaris in our solutions - the customer insists on oracle for the back-end db, they get oracle. And as you say, that can be driven by the arbitrary demands of the customer without basis in choosing the right tool for the job. And it has its place I guess. But a lot of it is a question of mindshare - in the situation I was in, OpenBSD was the absolute best tool to do the job in the timeframe we needed it done by, but had I not been around to provide that install cd and links to the man page (plus the assurance that if he needed it, I could help - he didn't need it) then they would have flailed around, used something less ideal, or spent a ton of money to have a couple of turnkey load balancers rushed over from another site. There is a critical mass of usage where adoption of a technology speeds up because the number of users is high enough to make it a more comfortable choice. I am not at all saying I care about that or want to see that happen with OpenBSD - its just another way that decisions on which tool to use get driven by non-rational forces. There have been periods of time where getting Linux installed and working on the newest cheaptastic hardware has been the easiest. Fortunately, for the first such period I had screwball hardware and had to go with one of the BSDs of the early 90s :-). Yeah - I guess I missed that phase :-) Ever since I have had need of open-platform OS's, OpenBSD's has always been the easiest to get, say, a DNS server AND NOTHING ELSE running on whatever hardware I had lying around.
Re: OpenBSD insecure OS?
On Wed, Feb 24, 2010 at 11:02 AM, carlos albino garcia grijalba genesi...@hotmail.com wrote: I foud this: http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/ so ? translation trolling trolling trolling:: http://trolling.trolling.troll/troll/troll/troll/trolling-trolls-of-trollovia/ troll? /translation hth gfy
Re: Looking for Secure Architectures with OpenBSD pdf.
On Thu, Dec 10, 2009 at 11:44 AM, FRLinux frli...@gmail.com wrote: On Thu, Dec 10, 2009 at 2:03 PM, Tomas Bodzar tomas.bod...@gmail.com wrote: http://www.openbsd.org/books.html#book3 Thanks for that, was unaware of that book. Just ordered my copy now :) Not sure about the other authors, but I remember Nazario from the FW-WIZ list and he knows his stuff very well. Its probably a pretty good book, aside from being 5 years old and so not being as current as the documentation and all that.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen donaldcal...@gmail.com wrote: [SNIP] I realize that I'm preaching to the choir -- you know all this. But I think it's a mistake for (especially) the OpenBSD community to speak of OpenBSD as just about security, when it's so much more than that. I think I would rephrase that - OpenBSD is just about security, and security implies far more than simply patching holes. Stability, administrative transparency, and thorough documentation are all critical and overly neglected aspects of security. If you don't know the proper way to configure feature X, you cannot be sure it is configured securely. OpenBSD simply looks at security in a holistic fashion, while every other OS I have to suffer through views security as a 'feature'.
Re: OT: Juniper SSL-VPN?
On Mon, Sep 14, 2009 at 6:53 PM, patrick keshishian pkesh...@gmail.com wrote: On Mon, Sep 14, 2009 at 5:44 PM, Johan Beisser j...@caustic.org wrote: On Mon, Sep 14, 2009 at 5:39 PM, patrick keshishian pkesh...@gmail.com wrote: I didn't want to hijack the other VPN thread for this purpose, so here is a new thread. Anyone know much about how Juniper SSL-VPN networks work? It's a java based client that's run on the client-side and forwards specified packets through a tunnel interface. It's not that different from OpenVPN. ahhh... Do you know if there are any open-source clients that are able to connect through their service? I'm unable to google any specifics on what protocol they use, or rather what their java app does after it is launched. Is it safe to assume it is a closed and proprietary solution? I am hoping some clever person has figured out how to roll her own equivalent of their java app using openssl/s_client or similar. The company i work for uses it. Its not that different from mature ipsec vpn's - ssl is simply how the encryption is handled. The client is configured by the central admin to enforce whatever policy is requested (ours checks to make sure you run an acceptable host based AV and firewall, blocks any post-connect changes to routing table, allows split tunnelling only to the local subnet, etc). There is no rolling your own client with ours, but it would be possible if the admin of the VPN was very lenient (you can lock it down to only allow certain versions of the client software etc or leave it wide open and if it were wide open you could probably write something to fool it. HOwever, no administrator should allow users to access a vpn (no matter what flavor) using anything besides approved software since that is the only way they have of being sure their policies are being followed.
Re: pppoe(4) outage on Swisscom DSL lines since yesterday
On Tue, Jul 14, 2009 at 12:37 AM, michael hamerskilists.at.blurb...@gmail.com wrote: Hi, I have several systems (4.2) running over bridged modems which can no longer connect to the service provider's PPPOE servers since last night. What kind of dsl modems?
Re: OpenBSD ESXi VMware image on Soekris Net5501
On Thu, May 21, 2009 at 11:06 AM, Diana Eichert deich...@wrench.com wrote: SNIP . Virtualization is really cool, you could own the virtual hardware and the O/S would never know. It takes the issue related to binary blobs to a whole new level. Entire machine as binary blob - never thought of it that way, but its sort of true.
Re: differencing subnet's hosts in gateway based on hosts' gateway address
Use pf: http://www.openbsd.org/faq/pf/pools.html#outgoing is sort of what you want to do. On Wed, May 20, 2009 at 1:38 PM, Imre Oolberg i...@auul.pri.ee wrote: Hi! I guess that maybe i need to solve my problem using different means i.e. administrative means but i would be thankful if somebody could comment if there is feasible technical solution for this situation. I have gateway between one subnet and two connections to the internet. I would like the subnet's side of the gateway to have two ip addresses (from the same subnet, maybe as aliases or two physical/vlan interfaces) and based on what address host uses as its default gw to route its traffic thru one or the other link towards the internet. Below is meant to be a descriptive ascii illustration one linkohter link to the internet | | \ ___ / | | |___| | 10.0.1.253, 10.0.1.254 | | ---||-|- | | | | host 1 host 2 gw: 10.0.1.253 gw: 10.0.1.254 Best regards, Imre
Re: Shared IRQ
http://www.openbsd.org/faq/faq12.html 12.7.3 2009/5/14 Joco Salvatti salva...@gmail.com: Hi, I would like to know if a different hardware can shared the same IRQ with another? Eg: inteldrm0 at vga1: apic 1 int 16 (irq 11) ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 1 int 16 (irq 11) uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 1 int 16 (irq 11) Thanks in advance. -- Joco Salvatti Graduated in Computer Science Federal University of Para - UFPA - Brazil E-Mail: salva...@gmail.com
Re: Shared IRQ
On Thu, May 14, 2009 at 8:27 AM, Peter Kay - Syllopsium syllops...@syllopsium.com wrote: From: Henry Sieff henry.si...@gmail.com To: Joco Salvatti salva...@gmail.com http://www.openbsd.org/faq/faq12.html 12.7.3 2009/5/14 Joco Salvatti salva...@gmail.com: Hi, I would like to know if a different hardware can shared the same IRQ with another? 12.7.3 is accurate, however there is a difference between 'can it' 'should it' and 'will it' 'should it?' - yes, it should 'can it?' - yes, it can 'will it?' - that's the tricky one. Some devices just don't share interrupts well. Perhaps it's shit hardware, a shit APIC, crappy BIOS, naff driver - whatever. PCI devices can theoretically share interrupts, but that doesn't necessarily mean they will. I have only ever had an issue with off-brand NIC's, personally. But you are of course correct - PCI devices are supposed to be able to share IRQ's, but that doesn't mean all manufacturers do interop testing to make sure that works.
Re: Shared IRQ
[cleaned up formatting, since I accidentally top-posed to begin with] On Thu, May 14, 2009 at 9:24 AM, Marco Peereboom sl...@peereboom.us wrote: I worte: I have only ever had an issue with off-brand NIC's, personally. But you are of course correct - PCI devices are supposed to be able to share IRQ's, but that doesn't mean all manufacturers do interop testing to make sure that works. This makes no sense at all. ? I have had occasional issues with PCI NIC's inexplicably refusing to send traffic if they shared an IRQ - this was not an OpenBSD issue, since in those cases the problem was not corrected by using a different OS. NIC functioned fine when IRQ was no longer shared. Now, I had always assumed it was because of a problem with the NIC itself. Apparently, I am about to find out I was wrong :-).
Re: sendmail vs. other MTAs
On Tue, May 12, 2009 at 11:07 AM, L. V. Lammert l...@omnitec.net wrote: On Tue, 12 May 2009, Felipe Alfaro Solana wrote: On Tue, May 12, 2009 at 7:26 PM, bofh goodb...@gmail.com wrote: I'm also looking for a very simple MTA that I can use at home and have it configured to relay e-mail without having to write 75 directives in 3 configuration files (and then use m4 or generate the hash-map files, then reload and cross my fingers). If you want simple, install Webmin. Runs fine with sendmail, default install! Yeah, because if you can't see the complexity, it doesn't exist.
Re: sendmail vs. other MTAs
On Tue, May 12, 2009 at 2:28 PM, L. V. Lammert l...@omnitec.net wrote: At 02:22 PM 5/12/2009 -0700, Henry Sieff wrote: On Tue, May 12, 2009 at 11:07 AM, L. V. Lammert l...@omnitec.net wrote: If you want simple, install Webmin. Runs fine with sendmail, default install! Yeah, because if you can't see the complexity, it doesn't exist. What does complexity have to do with a user interface? Looks like someone else should go download their favorite Linux. Uh, no. Just saying that if what you want is a simple mail relay, webmin + sendmail is not any simpler than sendmail itself. The fact that the webmin is editing your mc file and running m4 on it doesn't change the fact that something has to deal with it. Sendmail is great if you need it features. And webmin is great if you need to delegate management of boxes to people who are scared of vim (and you take care to secure it). If you don't need it, its just overkill. And I for one am psyched at the idea of having a nice simple mailer built with the obsd philosophy. WRT me downloading my favorite linux - them's fighting words. You could get slapped for saying that in my workplace.
Re: sendmail vs. other MTAs
On Tue, May 12, 2009 at 2:49 PM, Daniel Ouellet dan...@presscom.net wrote: L. V. Lammert wrote: At 02:22 PM 5/12/2009 -0700, Henry Sieff wrote: On Tue, May 12, 2009 at 11:07 AM, L. V. Lammert l...@omnitec.net wrote: If you want simple, install Webmin. Runs fine with sendmail, default install! Yeah, because if you can't see the complexity, it doesn't exist. What does complexity have to do with a user interface? Looks like someone else should go download their favorite Linux. Or as in this case may be use @gmail.com email as they can't obviously setup their own mail server looks like. Or can make it secure, or set it up with spam filter properly so they use @gmail.com. Guess again. Not everyone that have @gmail.com can't do their mail server by all mean, I don't make it a general rule, but may be in this specific case here it might well be the case! (; Nope. May be we should asked if Theo would create a linux@ list and let all these guys subscribe to it and beat each other up all day long, convincing each others of their ways and God thinking and leave misc@ alone for good stuff. Not sure where you got the impression I use linux. All I'm saying is that sendmail is very complex, and using webmin doesn't make it less complex. I am excited about the new smtpd. Now, you could continue to be an utter douchebag, if you want. Can we? OK, I need to stop feeding the trolls! If I _were_ a troll, you in particular and this list in general couldn't stop feeding it to save its effin life. Let us not forget the whole obsd in europe thread, or the brutally easy target you are for anyone who actually is a linux advocate. Me, I'm just an openbsd user who thinks telling people to use webmin to manage sendmail when they don't need sendmail is, well, kinda lame. But hey, that's just me. I manage several sendmail servers professionally, because we need them. For my personal use, I have no use for anything that sophisticated, and if I need to learn something I use my lab. So, whatever - bored now. /dev/nulling this, chump.
Re: European orders
On Wed, Apr 1, 2009 at 5:20 AM, ropers rop...@gmail.com wrote: [SNIP] And no offence to you or anyone, but why don't we all just STFU unless we happen to be able to announce substantial new information? DELURK IJWTS that this is like the 20th variation on 'we should all be quiet now' that I've seen posted here. What it really means is: 'everyone should be quiet EXCEPT FOR ME, WHO HAS VERY IMPORTANT THINGS TO SAY SUCH AS BE QUIET'. I'm not saying, I'm just saying. LURK
Re: European orders
On Mon, Mar 30, 2009 at 10:45 AM, Dag Richards dagricha...@speakeasy.net wrote: As a rule I generally don't post in response to community discussions as I am essentially nobody here. This time however I just have to ask ...Theo? Why on Earth do you keep doing this? How the hell do you put up with all of this ... crap? Jesus, don't put ideas into his head. I am sure there are still companies that would pay you handsomely for your copyrights. I sure hope you don't do it, but were I in your position I would seriously think about it. SH Who are you? Why are you trying to make the baby Puffy cry?
Re: arp MiTM
On Mon, Mar 9, 2009 at 9:15 AM, Eric Furman ericfur...@fastmail.net wrote: On Mon, 9 Mar 2009 16:54:27 +0100, Felipe Alfaro Solana felipe.alf...@gmail.com said: On Mon, Mar 9, 2009 at 1:11 PM, irix i...@ukr.net wrote: Hello Misc, How to protect your server from such attacks without the use of static arp entries? By freebsd 5.0 patch was written arp_antidote ( http://freecap.ru/if_ether.c.patch), somebody could port it on openbsd? Also, in freebsd it is possible to specify a flag through the ifconfig on the interface staticarp, while If the Address Resolution Protocol is enabled, the host will only reply to requests for its addresses, and will never send anyrequests. May you made this flag in openbsd ? ARP is insecure, no matter how many patches you apply or how many hacks you try. If you want something more secure, use 802.1X, use security on the switch, use IPv6+IPSec/SeND, etc. ARP was designed by Nazis. So, die now thread. DIE DIE delurk I believe that this qualifies as 'Quirk's exception'. lurk
Re: Singularity OS
DELURK The OS is coded in an extension of C# - rather than more simple C or C++ - to avoid the flaws of today's operating systems, such as their susceptibility to buffer overruns from worms or viruses. Hahahahahahahahahaha! I needed that laugh. LURK On Thu, Mar 6, 2008 at 10:25 AM, Adrian Fisher [EMAIL PROTECTED] wrote: Hello chaps :) I just saw this on the net about a new OS from M$ called Singularity. What do you think of it thus far? http://www.pcpro.co.uk/news/174267/microsoft-releases-robust-new-operating-system.html
Re: OpenBSD on VMware
Delurk If the guest computer (your OpenBSD machine) is running in the context of the user who starts it on the host, then when that user logs off the vmware host the guest computer will shutoff. In order for it to be available at all times, it should be running in the local system context OR a specially created user. Then it runs regardless of the login status of the person who clicks the start button on the vmware console. Lurk Henry On Nov 25, 2007 10:56 PM, Xavier Mertens [EMAIL PROTECTED] wrote: Hi *, I'm running a 4.1-GENERIC on a VMware server (the VMare host runs a Microsoft Windows OS). I've no access to the VMware server. At random time, the server is just powered off (that's the feedback I always received from the VMware server administrator). There is nothing in logs and as the server is off, the console is not available anymore. :( Does somebody already experienced such issue? Any tips to run OBSD as VMware guest? Regards, Xavier PS: I'm using pcn as network driver. Maybe vmnet could increase performance and/or stability?
Re: My hard-to-kill OpenBSD
On 4/13/07, stuart van Zee [EMAIL PROTECTED] wrote: [SNIP] The way MS has worked to make things easier and easier with all the wizzards etc (crap) it's getting so that fine grained control is all but gone and if the wizz can't do it, it can't be done. That's the real problem with GUI config as I see it. /LURK Microsoft is finally starting to see the light (a little bit). Powershell will finally expose all gui functionality to the command-line, and Exchange 2007 will actually ship without a gui management console - its management is done via powershell. FWIW. YMMV. DBMIOWH. LURK