Re: httpd: need root privileges

2019-03-20 Thread worik 
On 20/03/19 3:01 AM, Ingo Schwarze wrote:
> Hi Alfred,
>
> Alfred Morgan wrote on Tue, Mar 19, 2019 at 08:05:33AM -0500:
>
>> I tried starting a temporary httpd server on port 8080
>> as a user to serve some files and I found this error:
>> httpd: need root privileges
>>
>> I would think there would be value in letting httpd be run
>> by standard users.
> For security reasons, you absolutely do *not* want that.
>
> You do not want to run a network daemon as your normal login user.
> If the network daemon contained a bug, remote attackers might
> read or modify the private files of your local user.
>
> You really want the network daemon to run as a *dedicated* user
> which doesn't have access to resources it doesn't need.  On OpenBSD,
> that low-privileged user is called "www":
>
>$ ps -Ao user,command | grep [h]ttpd
>   www  httpd: server (httpd)
>   root /usr/sbin/httpd
>   www  httpd: server (httpd)
>   www  httpd: logger (httpd)
>   www  httpd: server (httpd)
>
> This is *privilege separation*.  In particular, you want the "logger"
> process and the "server" processes chroot(2)ed and setresuid(2)ed to
> www, see proc.c, proc_run(), all of which requires root privileges
> to set up.
>
> Starting up a network daemon without root privileges would be
> inherently insecure.


Yes.

But is the error message:

httpd: need root privileges

Accurate?

-- 
If not me then who?  If not now then when?  If not here then where?
  So, here I stand, I can do no other
r...@worik.org 021-1680650, (03) 4821804 Aotearoa (New Zealand)

puri.sm What is the quality of this work?

2018-04-14 Thread worik 
https://puri.sm/learn/freedom-roadmap/

I stumbled on this today.

I am interested in the criticisms of it.  They seem quite pleased with
themselves.

I have seen https://marc.info/?l=openbsd-misc=142242615002878=2 from
three years ago. 

Purism claim is that they are still having problems removing FSP.  But
is this comment (from the linked email from Theo) still applicable:
"Don't waste your money on a false ideal by someone who misunderstands
modern hardware and the market forces."  Of course, but does that
description fit these folks?

Worik

-- 
  If not me then who?  If not now then when?  If not here then where?
So, here I stand, I can do no other
  r...@worik.org 021-1680650, (03) 4821804 Aotearoa (New Zealand)

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread worik 
On 12/01/18 11:09, Jan Stary wrote:
> On Jan 11 14:45:21, andreasthu...@gmail.com wrote:
>> Hi!
>>
>> Again, an ignorant question (as usual):
>>
>> How might I do something similar to
>>
>> # dd if=/dev/one of=/dev/sd0 bs=1M
>>
>> as a complement to the usual and well-described
>>
>> # dd if=/dev/zero of=/dev/sd0 bs=1M
>>
>> followed by
>>
>> # dd if=/dev/urandom of=/dev/sd0 bs=1M
>>
>> in order to achieve paranoid disk-wiping?
> Ones are not nearly as secure as zeros.
>
Why not?  Is it not arbitrary?

Worik

-- 
  If not me then who?  If not now then when?  If not here then where?
So, here I stand, I can do no other
  r...@worik.org 021-1680650, (03) 4821804 Aotearoa (New Zealand)

Re: A branded USB stick as an alternative to the CD set?

2015-11-30 Thread worik 
On 01/12/15 10:40, Petr Ročkai wrote:
> Theo de Raadt  writes:
>> I don't know, but I'll think about it later, because I am busy.
>> I am spending my day making a non-writeable USB stick for the OP.
> That's nice. Although a simple 'no' would have sufficed of course. I
> have been told that buying CD sets is useful for the project, but I have
> no use for CDs. That's all. Maybe I could get a poster instead...
>

Wasting breath. 

Last time I tried the CD shop took money for not sending a CD.

CDs are a  waste of time for me too.  Not quite useless, but close.

But expressing other ideas here is a waste of breath. 

W

-- 
Why is the legal status of chardonnay different to that of cannabis? 
  r...@worik.org 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: httpd and Server Side Includes

2015-10-04 Thread worik 
I have been digging a bit to find the correct software to use for a
little website that makes some light use of SSI and I came upon this.  I
have some questions about it

On 07/03/15 08:42, Florian Obser wrote:
> On Fri, Mar 06, 2015 at 07:13:13PM +, Peter Fraser wrote:
>> The web sites that are involved make heavy use of Server Side Includes
>> which the new httpd does not yet have any support. 
> 
> I wouldn't hold my breath. I'm fairly certain that we won't implement
> it.

Why is that?

[snip]

> 
> Seems reasonable. httpd(8) does not try to be the all singing all
> dancing http daemon. Use the right tool for the job. For some jobs
> that might be nginx, for others that might be httpd(8).

What are the sorts of jobs that httpd is the right tool for?  Is it only
serving static HTML?

I have seen some reference to "slow CGI" but my needs and research have
not gone there.  Does httpd support CGI?

cheers
Worik

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

-- 
Why is the legal status of chardonnay different to that of cannabis?
  r...@worik.org 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Fund raising

2015-03-25 Thread worik 
I got a lot of shit on this list for suggesting that the OpenBSD project
sell documentation collections (that are freely available elsewhere) as
a method of raising funds for the project as CD rom sales dry up.

A lot of shit on list and especially off list (one clown made up a gmail
address especially to tell me to fuck off.  Way too much time some
people have)

Today I spent $US5 on an ebook containing tutorials for software  I am
considering using.  By exercising my mouse I could have got it for free.

I did not.

So I am bringing this up again.  I do not want CDROMs.  I have been to
the trouble of paying for one and insisting they do not post it, but it
was a lot of bother.

I would pay for a collection of release notes for each new release.

I support this project and I would like to support Theo directly - as CD
sales do.

So once again (at the risk of infuriating idle clowns) I respectfully
suggest that the project consider such a release beside and as well as
CDROMs.

I do realise that I am proposing a good idea for some one else to do.
 I cannot lead such a task as I am a OpenBSD newbie.

W

PS For those who might care I bought Backbone Tutorials by Thomas
Davis.  https://leanpub.com/backbonetutorials

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: I found a sort bug! - How to sort big files?

2015-03-16 Thread worik 
On 16/03/15 06:43, Steve Litt wrote:
 But IMHO, sorting 60megalines isn't something I would expect a
 generic sort command to easily and timely do out of the box.

I would.  These days such files are getting more and more common.

But there is a warning in the man page for sort under BUGS:

 To sort files larger than 60MB, use sort -H; files larger than
704MB must be sorted in smaller pieces, then merged.

So it seams there is a bug in... files larger than 60MB, use sort -H
since that did not work for the OP.

Worik
-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: lynx is gone?

2015-03-06 Thread worik 
On 07/03/15 11:59, worik wrote:
 On 06/03/15 22:29, Raf Czlonka wrote:
 By the way, is there a list a common risk-prone idioms ?
 +1
 
 https://duckduckgo.com/?q=%22common+risk-prone+idioms%22t=canonical
 
 common risk-prone idioms appears only here.
 
 Interesting concept, and would be illuminating to expand on

Sigh!  If I had read *all* the thread before replying I would have seen
some illumination.  Nice

W


-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: lynx is gone?

2015-03-06 Thread worik 
On 06/03/15 22:29, Raf Czlonka wrote:
 By the way, is there a list a common risk-prone idioms ?
 +1

https://duckduckgo.com/?q=%22common+risk-prone+idioms%22t=canonical

common risk-prone idioms appears only here.

Interesting concept, and would be illuminating to expand on

W

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: Raspberry Pi 2 Model B

2015-02-02 Thread worik 
On 03/02/15 03:20, Janne Johansson wrote:
 But it still requires a blob to actually run, does it not?
 
 The fact that there is docs for the blob isn't as important as being forced
 to have someone elses code running alongside your kernel in order to even
 boot it, let alone produce graphics on it.

Very interesting discussion.  Is there a list of supported and
unsupported hardware maintained any place?

I have searched and cannot find one, which may be a reflection on me!
There is a lot of discussion on this list about the performance of such
and such hardware...

For people interested in Raspberry PI (that includes me, I own two) the
beaglebone black is an interesting device and I did find
http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black

I am especially interested in the discussion about blobs in the kernel.
 This is a discussion you almost never hear in Linux circles.

cheers
Worik

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: Raspberry Pi 2 Model B

2015-02-02 Thread worik 
On 03/02/15 12:49, Mihai Popescu wrote:
 So, I can't resist to ask, Raspberry Pi is the answer to what question?

It is a toy.  Cheap.  Can do simple computing tasks cheaper than
anything else.

Worik

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

awstats

2015-01-25 Thread worik 
I am looking for some simple analytic software like awstats.

Is there a guide to setting it up on OpenBSD/nginx?

Or is there a better/alternative package?

Worik
-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

nginx question...

2015-01-19 Thread worik 
Summary:

The files under /var/www/htdocs are by default it seems all owned by
root:wheel.  What are the issues with changing that to be a normal user?

The long version

My work flow involves building a directory structure on another machine
and using 'rsync' when I am ready to transfer it to the OpenBSD machine
to be served by the public facing webserver.

Having the files owned by a user other than the one I log in as for a
rsync session is causing all sorts of headaches and warnings from rsync.

So I have changed the ownership of all the files and directories to be
foo:foo where 'foo' is the user/group name I login as.  This makes my
life much simpler.  But I have a nagging doubt that I am doing some
thing I will regret.

Perhaps I need to use rsync differently or modify my workflow

Worik
-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: Xmas

2014-12-23 Thread worik 
On 24/12/14 12:46, Jason Adams wrote:
 On 12/23/2014 03:23 PM, David Higgs wrote:
 Beer things?
 By Jove, I believe you are on to something.  It is fast approaching beer 
 o'clock.
 

Of course it is beer o'clock!  That was 1992!  Been beering since

W

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: DigitalOcean's BSD debut is FreeBSD only

2014-12-18 Thread worik 
On 19/12/14 08:21, Adam Thompson wrote:
 The last time I filed a bugreport on OpenBSD in a virtualized 
 environment, I got flamed for not running it on real hardware.
 Haven't bothered since.

Ummm...  Harden up.  Flames are common around here.  But I feel your pain.

I use VPS to run OpenBSD in two places.  I have been following this
thread with interest.

Some cheap VPS providers allow you to use a custom ISO which is a
straight forward process, but looking at this thread I am wondering if I
have the whole picture.

Is this a suggestion for a new chapter in the FAQ?

Worik

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: DigitalOcean's BSD debut is FreeBSD only

2014-12-16 Thread worik 
On 17/12/14 05:25, jungle Boogie wrote:
 I have not personally tested openBSD on https://www.vultr.com/ but I
 have read (tweets, probably) that it will work.

I am doing so, twice.  Working well.  You can use a custom ISO, they do
not specifically enable OpenBSD.

I have a digital Ocean instance too, but they do not (last time I
checked) allow custom ISOs.

Worik

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Generic Question: Floating point, MMU

2014-12-03 Thread worik 
On the thread: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS
Chromebox)

ch...@nmedia.net commented:

 For ones that lack MMU or floating-point, Linux is it.
 
 Other ones that have MMU and FP can run OpenBSD, although significant
 porting effort is required. And they have 8MB to 16MB flash, which means
 you are running a ramdisk kernel and that's about it.

Why is OpenBSD the choice only if you have a floating point?

And I would have thought Linux would not do well without a MMU.  I know
people have ported Linux to all sorts of things, but no MMU?

cheers
Worik
-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: making firefox less insecure

2014-11-16 Thread Worik Stanton 
On 17/11/14 10:55, Jorge Gabriel Lopez Paramount wrote:
[snip]
 I restart every week that server as read-write to patch it and that's
 all,

[snip]

 I have been using that VM more than half a year and invested like 4
 hours setting it up. Is it not worth 4 hours a software that you use
 every day for things as important as banking?

So you do not have bookmarks?

For banking that is a risk.  If you miss-type your URL you may end up on
a phishing page.

I always load my banking URL from a bookmark.

Worik


--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Question about FAQ section 10.3

2014-10-23 Thread worik 
Processes local and package scripts in /etc/rc.d is listed as the last
thing rc does after boot.

What does Processes mean in this context?

Naively I would think this means that the scripts are all executed.  But
that seems odd in this context as most of (all of?) the scripts take an
argument that they pass to rc_cmd from rc.subr, and rc is not passing
start to all those scripts.

Looking at https://en.wikipedia.org/wiki/Init it seems my naive
assumption is correct, but why run all those scripts?

I am puzzled.

Worik

-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)

Re: Question about FAQ section 10.3

2014-10-23 Thread Worik Stanton 
On 24/10/14 14:53, Nick Holland wrote:
 On 10/23/14 21:36, worik wrote:
 Processes local and package scripts in /etc/rc.d is listed as the last
 thing rc does after boot.

 What does Processes mean in this context?

 like processing food -- do whatever needs to be done.
 (not my best analogy, I'll admit)


[snip]

 Look at the /etc/rc script...yes it does execute each of the rc.d
 scripts, and yes it DOES pass start to them:

[snip]

 now look how start_daemon is invoked...

Interesting.  In /etc/rc start_daemon is called for specific named
scripts.  Except that (at line 520) it runs it for all scripts in
$pkg_scripts

My shell scripting is really bad (I am going to have to up my game there
if I am going to stick around here) but it seems it is set to an empty
string in rc.conf

(Mis)reading the FAQ I thought it meant *all* scripts in /etc/rc.d were
Processed. .  It actually says ...local and packaged scripts  So
if a package wants to be sure it is run at startup does it write that
into the rc.conf where mine says...

# rc.d(8) packages scripts
# started in the specified order and stopped in reverse order


pkg_scripts=

I installed postgresql (with pkg_add) and it did not change this, I had
to change /etc/rc.local by hand.  Is there some reason why postgresql
should not be started after a reboot?  Have I completely got the wrong
end of the stick?


Worik


 Looking at https://en.wikipedia.org/wiki/Init it seems my naive
 assumption is correct, but why run all those scripts?

 um. because that's how we do it?

 Before 4.9 or so...we hard-coded the startup process for each daemon in
 /etc/rc, we decided to switch to the rc.d process for some additional
 flexibility.

 I'll admit I was dubious when it was first done, fearing we might be
 heading down the idiotic everything.d directories that many Linux
 distros are now doing, but it turns out I rather like it.

 Nick.




--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Why .cshrc and .profile in / ?

2014-10-19 Thread worik 
In a fresh(ish) OpenBSD installation I note .cshrc and .profile in /.

Why?

Worik
-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

Re: Why .cshrc and .profile in / ?

2014-10-19 Thread Worik Stanton 
On 20/10/14 11:50, Daniel Dickman wrote:
 On Sun, Oct 19, 2014 at 6:32 PM, worik worik.stan...@gmail.com wrote:
 In a fresh(ish) OpenBSD installation I note .cshrc and .profile in /.

 Why?


 Not sure there's an answer but it was discussed at least one time before:
 http://marc.info/?t=11910307971r=1w=2


There are some theories there, but no facts.

Puzzlement

Worik

--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Shadow TCP stacks

2014-10-19 Thread Worik Stanton 
On 20/10/14 12:01, Ian Grant wrote:
  Believe me, this would only scream on their filters. Hell,
  even someone capturing this with tcpdump and analyzing it later
  would see something it's not right.
 You think someone can analyse all the HTTP traffic in a country? So
 what if they could? By the time they've analysed the dumps the service
 won't be on that host anymore.


Jumping in...

Yes all traffic of a country can be analysed, fairly close to real time.
 With some basic statistics, smart sampling and a dedicated team
crafting cleaver algorithms...  That is what those big budgets are for!

Worik

--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)
 I voted for love

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Can I turn off sndio?

2014-08-18 Thread Worik Stanton 
On 18/08/14 19:58, Alexandre Ratchov wrote:

[snip]

 What is the proper way to turn it off?


 set sndiod_flags=NO in /etc/rc.conf.local (create one if it doesn't
 exist). This is explained here:

 http://www.openbsd.org/faq/faq10.html#rc

Thank you that is helpful.  My bad, I had read that part of the FAQ but
it did not sink in.

I assume that I can just kill sndio in the meantime rather than rebooting.

In the general case when editing /etc/rc (via changes
in/etc/rc.conf.local) what is the way to set the state of the system
daemons without having to reboot?  Is it just a matter of killing and
starting the daemons by hand or is there a general way to accomplish
this without rebooting or entering single user mode?

 On Sat, Aug 16, 2014 at 09:31:03AM +1200, worik wrote:
 I do not use sound on my machine.  I am new to OpenBSD and in examining
 the running system I see sndio is running.


 When unused, sndiod is very small (eg. smaller than getty) and
 disabling it won't save much memory. Think of it as a kernel
 service we moved in user-space. It's like all these features that
 you don't use but that consume a tiny amount of memory (drivers for
 file systems you don't have, softraid, drivers for hardware you
 don't have etc).

Yes.  But I am running OpenBSD for a reason, and it is not as a sound
server, it will do no sound serving.  So one less programme running is
one less complication.  Maybe a very small bit less, but still finitely
less.

cheers
Worik

--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Can I turn off sndio?

2014-08-15 Thread worik 
I do not use sound on my machine.  I am new to OpenBSD and in examining
the running system I see sndio is running.

I see it is started in /etc/rc, but the FAQ suggests that this file
should not be edited.

What is the proper way to turn it off?

Worik
-- 
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)

Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request

2014-08-13 Thread Worik Stanton 
On 13/08/14 22:13, Eric Furman wrote:
[snip]
 The most absolutely best way any one can contribute to OBSD
 is to BUY CD'S. Buy some cd's and then buy some more.
 Buy them for the stickers. Buy them because they fund OBSD.
 Without cd sales OBSD would cease to exist.
 It is as simple as that. So, BUY CD'S!
 That is worth repeating;
 Without CD sales OpenBSD will cease to exist. PERIOD.
 Contrary to what a lot of you assholes think

I would rather have a 5.5 T'shirt.

I am new and when I am ready I will be back here asking questions but
for now, I do not want a CD (totally useless to me) but a T'shirt would
be cool.  It would cover my nakedness.

Looking on http://www.openbsd.org/tshirts.html I can see no 5.5 T'shirt.

Actually given that today I am at home because of snow on the  Lieth
Saddle a 5.5 merino hoodie would be best. It would cover my nakedness
and keep me warm(er)

 NOTHING IS FOR FREE.

yea
Worik

--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Donations to OpenBSD

2014-08-13 Thread Worik Stanton 
I changed the subject line

On 14/08/14 10:52, Eric Furman wrote:
 Fine, buy a T-shirt, but realize that only a small fraction of the cost
 actually goes to OpenBSD. When you buy a CD the vast majority
 of the cost goes to OpenBSD. Who cares whether you need the
 CD or not. Buy if for the cool stickers. Throw the CD in the trash
 for all I and the OpenBSD developers care.

Respectfully I find that a bit offensive.  Ask me for a donation if you
want.  But do not expect me to by an object to be manufactured, shipped
1/3 of the way around the globe and then I'll through it in the trash.
Not cool at all.

OpenBSD is, it seems, very cool and worth supporting.  I am
investigating using the mechanism detailed in
http://www.openbsd.org/bank-donation.html...

Looking at https://https.openbsd.org/cgi-bin/order there seems to be no
difference in CDs and T'Shirts in so far as where the money goes.  I do
understand from conversations I have had that there is a difference.

Lastly: IMO It is time to change.  CDs are no longer useful.  I have
OpenBSD on a VPS so stickers are a waste of time too.  I would like to
donate some money, but it is not easy.  I would like to know for sure
that the money goes to the project.  For expenses or to developers, who
spend so much time on this, to spend on whatever they want (beer, fish,
little rubber balls...) But I will not buy things I cannot use.

Worik



--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Donations to OpenBSD

2014-08-13 Thread Worik Stanton 
On 14/08/14 11:45, patrick keshishian wrote:
 You can do what I do. I purchase the CDs but request
 the vendor not to send me the actual, physical CDs. That's
 my preferred donation method.

Cool.  Where does the money all go in that case?  Definitely the most
simple option so far.

How does it compare for using the SWIFT method outlined on the website?

Worik
--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Donations to OpenBSD

2014-08-13 Thread Worik Stanton 
On 14/08/14 11:55, Theo de Raadt wrote:
 Well OBVIOUSLY CDs accumulate more revenue than T-shirts, so recently
 we've not made any T-shirts because it isn't worth it, the setup costs
 and overheads are higher than the number sold.  If you guys don't buy
 enough of them, then we don't do the setup.

 Other than that, there is no difference to you, expect that I would guess
 you don't buy any, and you don't fund the Project or the Foundation,
 and all of this is idle chatter.

Nope.

I have a Blow Fish T'shirt from years gone by.  I bought a CD back then
too.  It was useful then.

I fully get the set-up costs of T'shirts.  That is a shame but if it is
too much work I can go naked.

Definitely not idle chatter.  I am interested in getting beer into your
fridge or biscuits into your dog or whatever.

Absolutely not idle chatter!

Suggestion:  Package the release notes, FAQ and some other documentation
into a PDF and sell that at the same price as the CD, from the same
place.  I'd buy that.  It would be better quality than the (often) crap
O'Reilly sell, and I buy that.

Not idle chatter.  Finding efficient ways to get you money given the date.

W

--
Why is the legal status of chardonnay different to that of cannabis?
   worik.stan...@gmail.com 021-1680650, (03) 4821804
  Aotearoa (New Zealand)

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]