Sorry,
I hope you can find it in your heart to forgive me, I acted like a child, and I offer you my sincere apologies, Feel free to say whatever, I mean it this time btw, I really acted like an angry rageful child. I will leave you be past this if you want, have a good one!
Re: I am sorry
On Mon, Feb 04, 2019 at 05:44:57PM +0200, Leonid Bobrov wrote: > Hi, dear OpenBSD community. > > Please forgive me for drama I made earlier at mailing list and > IRC channel. I am not a troll, I promise, I want to contribute to > OpenBSD in any way I can, please give me a chance. > > All this time I had a depression and recently I've visited a doctor > and now I am taking tranquilizer and antidepressant pills and feel > myself much better, tomorrow I am going to visit a doctor once more. Fuck them all! All what you need: one night, one litre of vodka and one your best friend. And cozy small room of course. As an alternative you can probably take LSD. But I didn't try it personaly. > > I am sorry for all offending words I told you, I am sorry for yelling > at you, I admit I was wrong. I was very desperate and anxious. >
Re: I am sorry
On Mon, 4 Feb 2019 12:52:48 -0800, Chris Cappuccio wrote: > Leonid Bobrov [mazoc...@disroot.org] wrote: > > Hi, dear OpenBSD community. > > > > Please forgive me for drama I made earlier at mailing list and > > IRC channel. I am not a troll, I promise, I want to contribute to > > OpenBSD in any way I can, please give me a chance. > > > > This is the internet. Nobody remembers or cares. Maybe you don't, but some of us do. I was glad to see Leonid's email (assuming it's genuine). > > All this time I had a depression and recently I've visited a doctor > > and now I am taking tranquilizer and antidepressant pills and feel > > myself much better, tomorrow I am going to visit a doctor once more. > > > > Throw 'em away. Wear your flag proud. Really? :|
Re: I am sorry
On Mon, Feb 04, 2019 at 12:52:48PM -0800, Chris Cappuccio wrote: > Leonid Bobrov [mazoc...@disroot.org] wrote: > > Hi, dear OpenBSD community. > > > > Please forgive me for drama I made earlier at mailing list and > > IRC channel. I am not a troll, I promise, I want to contribute to > > OpenBSD in any way I can, please give me a chance. > > > > This is the internet. Nobody remembers or cares. > > > All this time I had a depression and recently I've visited a doctor > > and now I am taking tranquilizer and antidepressant pills and feel > > myself much better, tomorrow I am going to visit a doctor once more. > > > > Throw 'em away. Wear your flag proud. > > > I am sorry for all offending words I told you, I am sorry for yelling > > at you, I admit I was wrong. I was very desperate and anxious. > > Recant your apology! Double down!! > That sounds rather negative. In case it's true I'm happy he gets some treatment for a serious condition. Let's hope it lets him live a happy life.
Re: I am sorry
Leonid Bobrov [mazoc...@disroot.org] wrote: > Hi, dear OpenBSD community. > > Please forgive me for drama I made earlier at mailing list and > IRC channel. I am not a troll, I promise, I want to contribute to > OpenBSD in any way I can, please give me a chance. > This is the internet. Nobody remembers or cares. > All this time I had a depression and recently I've visited a doctor > and now I am taking tranquilizer and antidepressant pills and feel > myself much better, tomorrow I am going to visit a doctor once more. > Throw 'em away. Wear your flag proud. > I am sorry for all offending words I told you, I am sorry for yelling > at you, I admit I was wrong. I was very desperate and anxious. Recant your apology! Double down!!
I am sorry
Hi, dear OpenBSD community. Please forgive me for drama I made earlier at mailing list and IRC channel. I am not a troll, I promise, I want to contribute to OpenBSD in any way I can, please give me a chance. All this time I had a depression and recently I've visited a doctor and now I am taking tranquilizer and antidepressant pills and feel myself much better, tomorrow I am going to visit a doctor once more. I am sorry for all offending words I told you, I am sorry for yelling at you, I admit I was wrong. I was very desperate and anxious.
ssh -w in macosx (sorry I know it's a deep offtopic)
Hello, need to get ssh tunnel quickly. the other side is linux. running this: ssh -i /home/MAC_A_120614/.ssh/id_rsa -vvv -o PermitLocalCommand=yes -o LocalCommand="ifconfig tun1 192.168.100.4 pointtopoint 192.168.100.3 netmask 255.255.255.255" -o ServerAliveInterval=60 -w 1:1 somehost.com "ifconfig tun1 192.168.100.3 pointopoint 192.168.100.4 netmask 255.255.255.255" got this: debug1: sys_tun_open: /dev/tun1 open failed: No such file or directory Tunnel device open failed. no man pages, no /dev/MAKEDEV, not that i could find something on the net. we've really got very spoiled with OpenBSD :-)
Re: [sorry] How to force prompt when boot>0
yes i have read man as well before - i find OpenBSD man pages fantastic, but Control key do not work in my setup (USB to DB9F serial cable + mac keyboard) on APU2, and pressing any other key did not break boot, but spacebar did the job. thanks, ‐‐‐ Original Message ‐‐‐ On Sunday, 21 October 2018 02:26, Jacqueline Jolicoeur wrote: > > ok that was embarrassing - i just solved it by holding space > > Also in boot(8) ... > > boot.conf processing can be skipped, and the automatic boot > cancelled, by holding down either Control key as boot starts.
Re: [sorry] How to force prompt when boot>0
> ok that was embarrassing - i just solved it by holding space Also in boot(8) ... boot.conf processing can be skipped, and the automatic boot cancelled, by holding down either Control key as boot starts.
Re: [sorry] How to force prompt when boot>0
ok that was embarrassing - i just solved it by holding space ‐‐‐ Original Message ‐‐‐ On Saturday, 20 October 2018 15:29, kolargol wrote: > [sorry for previous mail that accidentally was signed with gpg] > > Hi all. > > OpenBSD6.3 i have this rather simple(?) problem with console. I am connected > to APU2 via USB console and apparently boot timeout is set to 0 and i am > unable to enter any commands to boot as it immediately start boot. > > Let me mention I use whole disk encryption with keydisk (on USB). > > How can i force prompt (or get rid of this timeout). I already set: > > set timeout 10 in /etc/boot.conf, > > here is log: > > Booting from Hard Disk... > Using drive 0, partition 3. > Loading.. > probing: pc0 com0 com1 com2 com3 mem[639K 3325M 752M a20=on] > disk: hd0+ hd1+ hd2 sr0* >>> OpenBSD/amd64 BOOT 3.34 > switching console to com>> OpenBSD/amd64 BOOT 3.34 > boot> 0 > > any help is welcome. > > Thanks, > Zbyszek
[sorry] How to force prompt when boot>0
[sorry for previous mail that accidentally was signed with gpg] Hi all. OpenBSD6.3 i have this rather simple(?) problem with console. I am connected to APU2 via USB console and apparently boot timeout is set to 0 and i am unable to enter any commands to boot as it immediately start boot. Let me mention I use whole disk encryption with keydisk (on USB). How can i force prompt (or get rid of this timeout). I already set: set timeout 10 in /etc/boot.conf, here is log: Booting from Hard Disk... Using drive 0, partition 3. Loading.. probing: pc0 com0 com1 com2 com3 mem[639K 3325M 752M a20=on] disk: hd0+ hd1+ hd2 sr0* >> OpenBSD/amd64 BOOT 3.34 switching console to com>> OpenBSD/amd64 BOOT 3.34 boot> 0 any help is welcome. Thanks, Zbyszek
Re: Sorry for the n00b question but I could use some education on relayd
On Thu, November 2, 2017 2:17 pm, Bryan C. Everly wrote: > Hi misc@, > > I have a use case where I'm using OpenBSD 6.2 as my router/firewall > and there are several websites that sit behind it on separate servers > (let's call them http://one.com, http://two.com and http://three.com > > I'd like to be able to have just a single IP address exposed through > DNS for all three of them (it's a home cablemodem and I only have one > public IP address) and then use something on OpenBSD (pf? relayd?) to > route the traffic to the appropriate private IP address on the LAN > side of the network. > > In looking at the manpage for relayd and relayd.conf, I'm wondering if > I could set up a relay using something like this: > > table { 192.168.1.2 } > table { 192.168.1.3 } > table { 192.168.1.4 } > > redirect "one" { > listen on one.com port 80 > forward to > } > > redirect "two" { > listen on two.com port 80 > forward to > } > > redirect "three" { > listen on three.com port 80 > forward to > } > > I've tried this and even after re-reading the manpage and seeing that > I needed to add the "anchor" bit to my pf.conf I'm still not getting > what I'm looking for. Perhaps I'm using the wrong tool for the job? > > Thanks in advance for any suggestions or knocks on the head! > > Thanks, > Bryan > You can't have multiple redirects on the same IP and port. DNS isn't known at that layer. If you have only one external IP, you have to use a relay and pass...forward to the host based on HOST header value. Somethin like this: ext_addr="xxx.xxx.xxx.xxx" # # Global Options # interval 20 timeout 2000 prefork 5 # # Each table will be mapped to a pf table. # table { 192.168.1.10 } table { 192.168.1.11 } table { 192.168.1.12 } table { 127.0.0.1 } # # Relay and protocol for HTTP layer 7 loadbalancing and SSL/TLS acceleration # http protocol http { match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match request header set "Connection" value "close" match request header log "Host" pass request quick header "Host" value "web1.com" forward to pass request quick header "Host" value "web2.com" forward to pass request quick header "Host" value "web3.com" forward to pass quick forward to return error style "body {background: white; color black; }" # Various TCP performance options tcp { nodelay, sack, splice, socket buffer 65536, backlog 128 } } relay www { listen on $ext_addr port 80 protocol http forward to port http check http "/index.html" code 200 forward to port http check http "/index.html" code 200 forward to port http check http "/index.html" code 200 forward to port 8080 check http "/index.html" code 200 }
Re: Sorry for the n00b question but I could use some education on relayd
listen on port -- that means listening on localhost or its NIC, in your case all three listen will use probably your router external LAN NIC IP address. So yes, you will need to use different port numbers -- if you are not going to use one/two/three as load balancing hosts for the same app. In this case you will have one table with three hosts IPs and just one redirect. IMHO! Also relayd beginner like you. On Thu, Nov 2, 2017 at 7:17 PM, Bryan C. Everlywrote: > Hi misc@, > > I have a use case where I'm using OpenBSD 6.2 as my router/firewall > and there are several websites that sit behind it on separate servers > (let's call them http://one.com, http://two.com and http://three.com > > I'd like to be able to have just a single IP address exposed through > DNS for all three of them (it's a home cablemodem and I only have one > public IP address) and then use something on OpenBSD (pf? relayd?) to > route the traffic to the appropriate private IP address on the LAN > side of the network. > > In looking at the manpage for relayd and relayd.conf, I'm wondering if > I could set up a relay using something like this: > > table { 192.168.1.2 } > table { 192.168.1.3 } > table { 192.168.1.4 } > > redirect "one" { > listen on one.com port 80 > forward to > } > > redirect "two" { > listen on two.com port 80 > forward to > } > > redirect "three" { > listen on three.com port 80 > forward to > } > > I've tried this and even after re-reading the manpage and seeing that > I needed to add the "anchor" bit to my pf.conf I'm still not getting > what I'm looking for. Perhaps I'm using the wrong tool for the job? > > Thanks in advance for any suggestions or knocks on the head! > > Thanks, > Bryan >
Sorry for the n00b question but I could use some education on relayd
Hi misc@, I have a use case where I'm using OpenBSD 6.2 as my router/firewall and there are several websites that sit behind it on separate servers (let's call them http://one.com, http://two.com and http://three.com I'd like to be able to have just a single IP address exposed through DNS for all three of them (it's a home cablemodem and I only have one public IP address) and then use something on OpenBSD (pf? relayd?) to route the traffic to the appropriate private IP address on the LAN side of the network. In looking at the manpage for relayd and relayd.conf, I'm wondering if I could set up a relay using something like this: table { 192.168.1.2 } table { 192.168.1.3 } table { 192.168.1.4 } redirect "one" { listen on one.com port 80 forward to } redirect "two" { listen on two.com port 80 forward to } redirect "three" { listen on three.com port 80 forward to } I've tried this and even after re-reading the manpage and seeing that I needed to add the "anchor" bit to my pf.conf I'm still not getting what I'm looking for. Perhaps I'm using the wrong tool for the job? Thanks in advance for any suggestions or knocks on the head! Thanks, Bryan
Sent here by mistake (instead to bugs@) Sorry!
In article <a67500574d104...@server.roquesor.com> Walter Alejandro Iglesias <w...@roquesor.com> wrote: > Hi Ruben, > > In article > <caenp9cg+b-5b+8r3w9eaebodaxeybrdhg7jhfgq2ascrbfg...@mail.gmail.com> Ruben > Miller <rubenmil...@gmail.com> wrote: > > In article > > <CAEnp9CEpPEJxkWkxLu1qmP8qTA4Ti4+6hCFrGqYy1+WZ0dBy=a...@gmail.com> > > Ruben Miller <rubenmil...@gmail.com> wrote: > > >The speed is not a problem, since the bug is triggered because cwm raise > > > two windows in every cycle. > > > Just start the cycle with seamonkey selected, so it's always the previous > > > window. > > > > Just in case, the idea is cycling without releasing ALT, so the client with > > WM_TAKE_FOCUS is always behind the new one. > > First of all, I'm not a developer but since I made that diff I'm trying > to help. > > No idea in which way it's related but I could easily reproduce the issue > you describe after setting back SNA acceleration in my xorg.conf (since > my graphic card has some issue with the default acceleration I have to > use UXA.) > > Wait to Okan Demirmen (cwm maintainer) to get a good answer. :-) > > I sent this here by mistake. Sorry!
Can read-only mmap() and fwrite() be combined.. via msync or something? In OpenBSD now. (repetition of Q sorry)
Hi! This question was answered as part of another conversation 1-2 years ago however I totally forgot and due to its relative complexity I simply wish to ask it again as to have it set in stone: In OpenBSD's current absence of a Unified Buffer Cache, is there any trick that I can apply to use a read-only mmap() for quickly reading data, but fwrite() to do the writing, and this way get mmap's speed benefits for the reading but still not be under any risk of breaking my data by unintended writes? I guess if it would be possible, then it would be done through that I would ensure that the reading (via memory access) and writing (fwrite()) activities would be *temporally separated*, and between each such block, I would need to put some kind of code that would do some kind of flush/reset as to force the mmap to get updated with the latest writes. Possible, if so how? Thanks! Tinker
Re: Sorry: Facebook again
On Tue, 22 Oct 2013 01:13:04 + Martin Brandenburg mar...@martinbrandenburg.com wrote: [ ... ] The loopback IP 127.0.0.1 is your computer, so of course the ping response is faster than google.com. Unless you have some proxy web [ ... ] - Martin Hi Martin! My YES - of course. Obviously my thinking was blindfolded by my expectations. To you and the others who gave me the same 'wakup-call': THANK YOU! All the best, STEFAN
Re: Sorry: Facebook again
Gesendet: Dienstag, 22. Oktober 2013 um 04:08 Uhr Von: Chris Cappuccio ch...@nmedia.net An: Stefan Wollny stefan.wol...@web.de Cc: misc@openbsd.org Betreff: Re: Sorry: Facebook again I wrote up a guide for all you fascists to exercise your power with relayd. Here's the early, unedited version: http://www.nmedia.net/chris/url.blacklist.txt Hi Chris, now this is _really_ impressive: Elegant and powerfull solution and very well written! With my previous question in mind (pf or squid) this seems to be the definitive answer. THANK YOU very much for sharing! Have a nice day, STEFAN
Sorry: Facebook again
Hi there! In the last days I had an interesting and educational thread here on misc@ on how to block facebook.com. Knowing that many of the OpenBSD-pros on this list are way more educated on network-related issues than I am, I hope none feels offended with another question related to Facebook: Today I am once more off-site from home, but with access to an iMac running OpenBSD-amd64/current; PF runs out-of-the-box unchanged. I noticed that ping responses for 'facebook.com' are exceptionally faster than e.g. those for 'google.com'. This is what I did to track down on the issue: $ cat /etc/resolv.conf # Generated by nfe0 dhclient nameserver 192.168.1.1 lookup file bind $ cat /etc/hosts | grep facebook 127.0.0.1 facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 facebook.de 127.0.0.1 www.facebook.de 127.0.0.1 de-de.facebook.com 127.0.0.1 ads.ak.facebook.com 127.0.0.1 creative.ak.facebook.com 127.0.0.1 facebookinc.122.2o7.net $ sudo traceroute google.com 1 netgear (192.168.1.1) 0.301 ms 0.232 ms 0.228 ms 2 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 9.933 ms 7.890 ms 11.456 ms 3 ve-cmts.mes-muc-02.de.infra.cablesurf.de (aaa.bbb.ccc.ddd) 9.556 ms 12.199 ms 9.277 ms 4 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.649 ms 22.526 ms 17.204 ms 5 google.bcix.de (aaa.bbb.ccc.ddd) 22.794 ms 23.894 ms 26.117 ms 6 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.263 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.457 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 21.597 ms 7 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 26.983 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 25.247 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 35.177 ms 8 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.533 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.67 ms 21.929 ms 9 * * * 10 bk-in-f100.1e100.net (aaa.bbb.ccc.ddd) 21.421 ms 23.498 ms 21.952 ms $ sudo traceroute facebook.com 1 localhost (127.0.0.1) 0.57 ms 0.23 ms 0.19 ms $ pkg_info | grep proxy libproxy-0.4.11p3 library handling all the details of proxy configuration libproxy-mozilla-0.4.11p2 pacrunner libproxy plugin for mozilla-based (gecko) browsers $ man libproxy man: no entry for libproxy in the manual. $ apropos libproxy libproxy: nothing appropriate I'd like to mention that I am in the outskirts of Munich and that the system was freshly started into a console (no X, no browser). The netgear-router at 192.168.1.1 also serves a colleague who uses facebook. MY QUESTION: What might have happened that 'facebook.com' is found on localhost at 127.0.0.1 on my machine? Actually 'google.com' is called regularly thus I'd expeced it to be as fast/show as 'facebook.com'. I have no clue and I don't have the slightest idea on how to get rid of this address - can anyone provide some more insight? Other information you need to provide advice? Thank you! Kind regards STEFAN $ dmesg OpenBSD 5.4-current (GENERIC.MP) #73: Tue Oct 15 00:08:48 MDT 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error f7clock_battery,ROM_cksum,config_unit,memory_size,invalid_time real mem = 8279707648 (7896MB) avail mem = 8051179520 (7678MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (43 entries) bios0: vendor Apple Inc. version IM91.88Z.008D.B08.0904271717 date 04/27/09 bios0: Apple Inc. iMac9,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices EC__(S3) OHC1(S3) EHC1(S3) OHC2(S3) EHC2(S3) GIGE(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2500 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.23 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF cpu0: 6MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 265MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF cpu1: 6MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpimcfg0 at acpi0 addr 0xf000, bus 0-255 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (IXVE) acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB cpu0: Enhanced SpeedStep 1592 MHz: speeds: 2660, 2394, 2128,
Re: Sorry: Facebook again
On Tue, Oct 22, 2013 at 02:19:00AM +0200, Stefan Wollny wrote: Hi there! In the last days I had an interesting and educational thread here on misc@ on how to block facebook.com. Knowing that many of the OpenBSD-pros on this list are way more educated on network-related issues than I am, I hope none feels offended with another question related to Facebook: Today I am once more off-site from home, but with access to an iMac running OpenBSD-amd64/current; PF runs out-of-the-box unchanged. I noticed that ping responses for 'facebook.com' are exceptionally faster than e.g. those for 'google.com'. This is what I did to track down on the issue: $ cat /etc/resolv.conf # Generated by nfe0 dhclient nameserver 192.168.1.1 lookup file bind $ cat /etc/hosts | grep facebook 127.0.0.1 facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 facebook.de 127.0.0.1 www.facebook.de 127.0.0.1 de-de.facebook.com 127.0.0.1 ads.ak.facebook.com 127.0.0.1 creative.ak.facebook.com 127.0.0.1 facebookinc.122.2o7.net $ sudo traceroute google.com 1 netgear (192.168.1.1) 0.301 ms 0.232 ms 0.228 ms 2 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 9.933 ms 7.890 ms 11.456 ms 3 ve-cmts.mes-muc-02.de.infra.cablesurf.de (aaa.bbb.ccc.ddd) 9.556 ms 12.199 ms 9.277 ms 4 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.649 ms 22.526 ms 17.204 ms 5 google.bcix.de (aaa.bbb.ccc.ddd) 22.794 ms 23.894 ms 26.117 ms 6 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.263 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.457 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 21.597 ms 7 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 26.983 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 25.247 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 35.177 ms 8 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.533 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.67 ms 21.929 ms 9 * * * 10 bk-in-f100.1e100.net (aaa.bbb.ccc.ddd) 21.421 ms 23.498 ms 21.952 ms $ sudo traceroute facebook.com 1 localhost (127.0.0.1) 0.57 ms 0.23 ms 0.19 ms $ pkg_info | grep proxy libproxy-0.4.11p3 library handling all the details of proxy configuration libproxy-mozilla-0.4.11p2 pacrunner libproxy plugin for mozilla-based (gecko) browsers $ man libproxy man: no entry for libproxy in the manual. $ apropos libproxy libproxy: nothing appropriate I'd like to mention that I am in the outskirts of Munich and that the system was freshly started into a console (no X, no browser). The netgear-router at 192.168.1.1 also serves a colleague who uses facebook. MY QUESTION: What might have happened that 'facebook.com' is found on localhost at 127.0.0.1 on my machine? Actually 'google.com' is called regularly thus I'd expeced it to be as fast/show as 'facebook.com'. I have no clue and I don't have the slightest idea on how to get rid of this address - can anyone provide some more insight? Other information you need to provide advice? Thank you! Kind regards STEFAN The loopback IP 127.0.0.1 is your computer, so of course the ping response is faster than google.com. Unless you have some proxy web server running on your computer, you shouldn't be able to access facebook.com. Of course, if your web browser uses a different DNS resolver or the system resolver is configured to ignore /etc/hosts, it may ignore /etc/hosts and you could navigate to the facebook.com webpage. Can you view the page? The netgear router and your colleague are irrelevant if these settings are on your local computer. As to your question, facebook.com is found on localhost because your set it so in /etc/hosts. If you can still navigate to the webpage, watch your outgoing traffic with tcpdump, and I'm sure you will see connections to their web servers. The frequency with which you access a service and the speed at which you can access it are of course completely unrelated. I'm not sure what you're asking there. - Martin
Re: Sorry: Facebook again
I wrote up a guide for all you fascists to exercise your power with relayd. Here's the early, unedited version: http://www.nmedia.net/chris/url.blacklist.txt Stefan Wollny [stefan.wol...@web.de] wrote: Hi there! In the last days I had an interesting and educational thread here on misc@ on how to block facebook.com. Knowing that many of the OpenBSD-pros on this list are way more educated on network-related issues than I am, I hope none feels offended with another question related to Facebook: Today I am once more off-site from home, but with access to an iMac running OpenBSD-amd64/current; PF runs out-of-the-box unchanged. I noticed that ping responses for 'facebook.com' are exceptionally faster than e.g. those for 'google.com'. This is what I did to track down on the issue: $ cat /etc/resolv.conf # Generated by nfe0 dhclient nameserver 192.168.1.1 lookup file bind $ cat /etc/hosts | grep facebook 127.0.0.1 facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 facebook.de 127.0.0.1 www.facebook.de 127.0.0.1 de-de.facebook.com 127.0.0.1 ads.ak.facebook.com 127.0.0.1 creative.ak.facebook.com 127.0.0.1 facebookinc.122.2o7.net $ sudo traceroute google.com 1 netgear (192.168.1.1) 0.301 ms 0.232 ms 0.228 ms 2 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 9.933 ms 7.890 ms 11.456 ms 3 ve-cmts.mes-muc-02.de.infra.cablesurf.de (aaa.bbb.ccc.ddd) 9.556 ms 12.199 ms 9.277 ms 4 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.649 ms 22.526 ms 17.204 ms 5 google.bcix.de (aaa.bbb.ccc.ddd) 22.794 ms 23.894 ms 26.117 ms 6 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.263 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.457 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 21.597 ms 7 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 26.983 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 25.247 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 35.177 ms 8 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.533 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.67 ms 21.929 ms 9 * * * 10 bk-in-f100.1e100.net (aaa.bbb.ccc.ddd) 21.421 ms 23.498 ms 21.952 ms $ sudo traceroute facebook.com 1 localhost (127.0.0.1) 0.57 ms 0.23 ms 0.19 ms $ pkg_info | grep proxy libproxy-0.4.11p3 library handling all the details of proxy configuration libproxy-mozilla-0.4.11p2 pacrunner libproxy plugin for mozilla-based (gecko) browsers $ man libproxy man: no entry for libproxy in the manual. $ apropos libproxy libproxy: nothing appropriate I'd like to mention that I am in the outskirts of Munich and that the system was freshly started into a console (no X, no browser). The netgear-router at 192.168.1.1 also serves a colleague who uses facebook. MY QUESTION: What might have happened that 'facebook.com' is found on localhost at 127.0.0.1 on my machine? Actually 'google.com' is called regularly thus I'd expeced it to be as fast/show as 'facebook.com'. I have no clue and I don't have the slightest idea on how to get rid of this address - can anyone provide some more insight? Other information you need to provide advice? Thank you! Kind regards STEFAN $ dmesg OpenBSD 5.4-current (GENERIC.MP) #73: Tue Oct 15 00:08:48 MDT 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error f7clock_battery,ROM_cksum,config_unit,memory_size,invalid_time real mem = 8279707648 (7896MB) avail mem = 8051179520 (7678MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (43 entries) bios0: vendor Apple Inc. version IM91.88Z.008D.B08.0904271717 date 04/27/09 bios0: Apple Inc. iMac9,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices EC__(S3) OHC1(S3) EHC1(S3) OHC2(S3) EHC2(S3) GIGE(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2500 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.23 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF cpu0: 6MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 265MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF cpu1: 6MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1
Re: Sorry: Facebook again
On 10/21/2013 9:08 PM, Chris Cappuccio wrote: I wrote up a guide for all you fascists to exercise your power with relayd. Here's the early, unedited version: http://www.nmedia.net/chris/url.blacklist.txt FYI: 403 forbidden -- James Shupe
Re: Sorry: Facebook again
Thanks, very usefull =) Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/10/21 Chris Cappuccio ch...@nmedia.net I wrote up a guide for all you fascists to exercise your power with relayd. Here's the early, unedited version: http://www.nmedia.net/chris/url.blacklist.txt Stefan Wollny [stefan.wol...@web.de] wrote: Hi there! In the last days I had an interesting and educational thread here on misc@ on how to block facebook.com. Knowing that many of the OpenBSD-pros on this list are way more educated on network-related issues than I am, I hope none feels offended with another question related to Facebook: Today I am once more off-site from home, but with access to an iMac running OpenBSD-amd64/current; PF runs out-of-the-box unchanged. I noticed that ping responses for 'facebook.com' are exceptionally faster than e.g. those for 'google.com'. This is what I did to track down on the issue: $ cat /etc/resolv.conf # Generated by nfe0 dhclient nameserver 192.168.1.1 lookup file bind $ cat /etc/hosts | grep facebook 127.0.0.1 facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 facebook.de 127.0.0.1 www.facebook.de 127.0.0.1 de-de.facebook.com 127.0.0.1 ads.ak.facebook.com 127.0.0.1 creative.ak.facebook.com 127.0.0.1 facebookinc.122.2o7.net $ sudo traceroute google.com 1 netgear (192.168.1.1) 0.301 ms 0.232 ms 0.228 ms 2 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 9.933 ms 7.890 ms 11.456 ms 3 ve-cmts.mes-muc-02.de.infra.cablesurf.de (aaa.bbb.ccc.ddd) 9.556 ms 12.199 ms 9.277 ms 4 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.649 ms 22.526 ms 17.204 ms 5 google.bcix.de (aaa.bbb.ccc.ddd) 22.794 ms 23.894 ms 26.117 ms 6 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.263 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.457 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 21.597 ms 7 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 26.983 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 25.247 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 35.177 ms 8 aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 20.533 ms aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd) 22.67 ms 21.929 ms 9 * * * 10 bk-in-f100.1e100.net (aaa.bbb.ccc.ddd) 21.421 ms 23.498 ms 21.952 ms $ sudo traceroute facebook.com 1 localhost (127.0.0.1) 0.57 ms 0.23 ms 0.19 ms $ pkg_info | grep proxy libproxy-0.4.11p3 library handling all the details of proxy configuration libproxy-mozilla-0.4.11p2 pacrunner libproxy plugin for mozilla-based (gecko) browsers $ man libproxy man: no entry for libproxy in the manual. $ apropos libproxy libproxy: nothing appropriate I'd like to mention that I am in the outskirts of Munich and that the system was freshly started into a console (no X, no browser). The netgear-router at 192.168.1.1 also serves a colleague who uses facebook. MY QUESTION: What might have happened that 'facebook.com' is found on localhost at 127.0.0.1 on my machine? Actually 'google.com' is called regularly thus I'd expeced it to be as fast/show as 'facebook.com'. I have no clue and I don't have the slightest idea on how to get rid of this address - can anyone provide some more insight? Other information you need to provide advice? Thank you! Kind regards STEFAN $ dmesg OpenBSD 5.4-current (GENERIC.MP) #73: Tue Oct 15 00:08:48 MDT 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error f7clock_battery,ROM_cksum,config_unit,memory_size,invalid_time real mem = 8279707648 (7896MB) avail mem = 8051179520 (7678MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (43 entries) bios0: vendor Apple Inc. version IM91.88Z.008D.B08.0904271717 date 04/27/09 bios0: Apple Inc. iMac9,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices EC__(S3) OHC1(S3) EHC1(S3) OHC2(S3) EHC2(S3) GIGE(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2500 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.23 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM 2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF cpu0: 6MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 265MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E8135 @ 2.66GHz, 1592.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
Re: Sorry: Facebook again
James Shupe [jsh...@hermetek.com] wrote: On 10/21/2013 9:08 PM, Chris Cappuccio wrote: I wrote up a guide for all you fascists to exercise your power with relayd. Here's the early, unedited version: http://www.nmedia.net/chris/url.blacklist.txt FYI: 403 forbidden Yeah I had to do a chmod +r. Damn, you guys are quick. Anyways this also triggers a bug in the URL filtering mode of relayd. The symptom is long HTTP sessions hanging (Youtube, file downloads, ...) It may be fixed in -current. If you are using 5.3 or 5.4, you'll want to grab the current relayd source and install it.
Re: Sorry: Facebook again
Chris Cappuccio [ch...@nmedia.net] wrote: Anyways this also triggers a bug in the URL filtering mode of relayd. The symptom is long HTTP sessions hanging (Youtube, file downloads, ...) It may be fixed in -current. If you are using 5.3 or 5.4, you'll want to grab the current relayd source and install it. Oh also, you may want to use 5.4-current if you are using this in a high traffic environment, as the socket splicing code has been improved. I'm not even sure if the improvements are relevant to this use case. But -current is rather stable, nothing to shy away from IMO.
Re: Sorry: Facebook again
On Oct 22 02:19:00, stefan.wol...@web.de wrote: $ cat /etc/resolv.conf # Generated by nfe0 dhclient nameserver 192.168.1.1 lookup file bind $ cat /etc/hosts | grep facebook 127.0.0.1 facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 facebook.de 127.0.0.1 www.facebook.de 127.0.0.1 de-de.facebook.com 127.0.0.1 ads.ak.facebook.com 127.0.0.1 creative.ak.facebook.com 127.0.0.1 facebookinc.122.2o7.net $ sudo traceroute facebook.com 1 localhost (127.0.0.1) 0.57 ms 0.23 ms 0.19 ms MY QUESTION: What might have happened that 'facebook.com' is found on localhost at 127.0.0.1 on my machine? You put it there.
Re: Sorry OpenBSD people, been a bit busy
Op Wed, 09 Oct 2013 00:01:13 +0200 schreef Scott McEachern sc...@blackstaff.ca: On 10/08/13 16:41, Kevin Chadwick wrote: Back in the pre-WW2 days, Belgium (or was it the Netherlands? I forget.) kept detailed census and medical data on their citizens, including their religious affiliation. It was useful data for a friendly government, never to be abused. I don't know about Belgium, but certainly in the Netherlands local authorities were required to keep resident registration, except at that time not medical data. Then WW2 happened, and Hitler's Nazis invaded. They found that data, especially the religion part, quite useful, and we all know how that turned out. The problem was not that the data existed, the problem was that there wasn't a general preparedness to hide, evacuate or destroy it when justified. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Sorry OpenBSD people, been a bit busy
Yes, the US government has a long history of abusing its Constitutional powers. That's why we must all hide all of our personal data from them as much as possible. Of course Google, Bing, Facebook and all those selfies we take are excepted. BWAAHHAHAHAHAHAHAHAHAHAHAH morons! On Wed, Oct 16, 2013, at 06:19 AM, Boudewijn Dijkstra wrote: Op Wed, 09 Oct 2013 00:01:13 +0200 schreef Scott McEachern sc...@blackstaff.ca: On 10/08/13 16:41, Kevin Chadwick wrote: Back in the pre-WW2 days, Belgium (or was it the Netherlands? I forget.) kept detailed census and medical data on their citizens, including their religious affiliation. It was useful data for a friendly government, never to be abused. I don't know about Belgium, but certainly in the Netherlands local authorities were required to keep resident registration, except at that time not medical data. Then WW2 happened, and Hitler's Nazis invaded. They found that data, especially the religion part, quite useful, and we all know how that turned out. The problem was not that the data existed, the problem was that there wasn't a general preparedness to hide, evacuate or destroy it when justified. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Sorry OpenBSD people, been a bit busy
Please stop.
Re: Sorry OpenBSD people, been a bit busy
On Oct 9, 2013, at 12:15 AM, Scott McEachern sc...@blackstaff.ca wrote: On 10/08/13 17:38, Richard Thornton wrote: I am not flippant enough to say that the NSA revelations do not matter, but what are we supposed to do? The Middle Eastern terrorism threat is real and we need to be able to stop them anyway necessary. All it takes is one of them to hit every Walmart in the neighborhood, buy every pay-as-you-go phone they have, then pass them out to their friends in every Mosque. Now you have a new terrorism threat. So, welcome to the real world my friend, and wake up. [...] And for the record, both you and Ze Loff should stick to facts and rational discussion. Bigots and morons are best defeated with those, and they'll show their true colours, debasing their own opinions. There's no need for insults and ad hominem attacks. First of all I owe an apology to the list and, albeit partially, to Richard. I now realise I overreacted a bit. I don't think hate (in the broadest sense of the word) belongs in this list and the comments the kind of which Richard made really get on my nerves. Ironically enough, I ended up spreading the hate myself. Again, my apologies. That being said, Richard, if you still stand behind your comment and your gross generalisation about muslims, I must still call you a bigot. And just for the sake of clarity I have the utmost respect for the victims of 9/11, as I have for those in Boston, Fallujah, Gaza, Auschwitz, Sbrenica, Sudan, Rwanda, Chechnya or in that theatre in Moscow a few years ago. In short for every one who was harmed by some idiot/state who thinks his beliefs (religious or not) is better than the rest of them. The all muslims are terrorists generalisation is as dumb and shortsighted as saying all blond girls are stupid, all americans are fat gun fanatics, all germans are nazis, all jews are... I'm sure you get the point. Just to bring this slightly back on-topic, please realise that terrorism (as real as it is) has been used as an pretext. Intercepting communications on the UN has nothing to do with it, nor does planting bugs on the European Parliament, nor does spying on Brasil's President or its state oil company. And Scott, thanks for setting me straight and for the rest of your message. Again sorry for the noise and kudos on the YYCIX, Theo. Zé
Re: Sorry OpenBSD people, been a bit busy
On Oct 9, 2013, at 3:44 AM, Benjamin Heath benjamin.joel.he...@gmail.com wrote: But, people have given up this information. They weren't even paid or coerced. Why so naive? (Quite) a few years ago, the Dutch government wanted to make sure everyone had a proper burial, according to each one's beliefs and rituals. So they asked people to state their religious beliefs. This is a good idea right? Everyone's wishes get respected even if you had no family or if your whole family died in an accident or fire or whatever. Besides, I've got nothing to hide, being insert your religion here is nothing to be ashamed of and I'm proud of my heritage. So the government made a nice list. And then a few years later Germany invaded the Netherlands. Point being, it's not naiveté. It's this whole I've got nothing to hide anyway, let them look / I am not that important mentality. People fail to realise that this is not about you having something to hide or not. It's about your right to hide something /if and when you want to/.
Re: Sorry OpenBSD people, been a bit busy
On 10/09/13 05:08, Zé Loff wrote: (Quite) a few years ago, the Dutch government wanted to make sure everyone had a proper burial, according to each one's beliefs and rituals. So they asked people to state their religious beliefs. This is a good idea right? Everyone's wishes get respected even if you had no family or if your whole family died in an accident or fire or whatever. Besides, I've got nothing to hide, being insert your religion here is nothing to be ashamed of and I'm proud of my heritage. So the government made a nice list. And then a few years later Germany invaded the Netherlands. Point being, it's not naiveté. It's this whole I've got nothing to hide anyway, let them look / I am not that important mentality. People fail to realise that this is not about you having something to hide or not. It's about your right to hide something /if and when you want to/. Both of your last two posts, well said. Thanks for pointing out that it was the Netherlands that kept that data, and why. When I mentioned it earlier, I wasn't sure earlier if it was the Belgians or the Dutch, or why. Good to know, and remember. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
I am not stupid midwestern enough to believe that all Muslims are a terrorist threat. My son is half jewish and I am not even reflexively pro-israel. I find that when I enter a church or a temple, its a bit of mental torture; over the weekend I was at a bat mitzvah and believe me, it was torture. I am about as far from the beliefs of david horowitz as you can get. I live near Princeton, and personally I think that NJ is a police state; they actually monitor people's license plates and I was harrassed 5 years ago in a park near princeton, because I was caught there after dark in my car with a partially used bottle of wine. They harrassed me for over 15 minutes making me dance around out of my car, then they let me go; later I was in the starbucks in princeton, about midnite, and these two saw me and started laughing. Its all a joke to these guys - law order. Anyway, according to bin laden, he just wanted us out of arab lands. That was his main gripe. Boy, if thats all it takes, I would go in a heart beat, why fight these guys? But somehow I think they also want us out of portugal, spain, turkey, north africa, and ultimately israel. Last year I saw David Broza at 92nd St Y; he personally sponsored 4 young musicians from Nazareth, 3 of whom were palestinian. I have to tell you, at least 85% of the audience, standing room only was jewish, and all loved this guy and the concert. Obviously there are people on the other side, including myself, looking for an olive branch and a way out of this global mess, buts whats with all these draconian blasphemy laws in places like pakistand, iran, and saudi arabia? Why cant a britsh citizen like Rushdie write a book iranians dont like and be in hiding for literally years? They even targeted publishers in NYC over his book. What about the Van Gogh murder? It is a concern of mine that what is happening in France with Algerians, and others, and what is in England with Pakistanis will spill into NJ. We shouldnt unfairly target muslims, but they should likewise leave me alone; I may be the great satan, but I have never advocated military action in any of their lands, except to get bin laden in 2002. On Wed, 9 Oct 2013, Zé Loff wrote: On Oct 9, 2013, at 12:15 AM, Scott McEachern sc...@blackstaff.ca wrote: On 10/08/13 17:38, Richard Thornton wrote: I am not flippant enough to say that the NSA revelations do not matter, but what are we supposed to do? The Middle Eastern terrorism threat is real and we need to be able to stop them anyway necessary. All it takes is one of them to hit every Walmart in the neighborhood, buy every pay-as-you-go phone they have, then pass them out to their friends in every Mosque. Now you have a new terrorism threat. So, welcome to the real world my friend, and wake up. [...] And for the record, both you and Ze Loff should stick to facts and rational discussion. Bigots and morons are best defeated with those, and they'll show their true colours, debasing their own opinions. There's no need for insults and ad hominem attacks. First of all I owe an apology to the list and, albeit partially, to Richard. I now realise I overreacted a bit. I don't think hate (in the broadest sense of the word) belongs in this list and the comments the kind of which Richard made really get on my nerves. Ironically enough, I ended up spreading the hate myself. Again, my apologies. That being said, Richard, if you still stand behind your comment and your gross generalisation about muslims, I must still call you a bigot. And just for the sake of clarity I have the utmost respect for the victims of 9/11, as I have for those in Boston, Fallujah, Gaza, Auschwitz, Sbrenica, Sudan, Rwanda, Chechnya or in that theatre in Moscow a few years ago. In short for every one who was harmed by some idiot/state who thinks his beliefs (religious or not) is better than the rest of them. The all muslims are terrorists generalisation is as dumb and shortsighted as saying all blond girls are stupid, all americans are fat gun fanatics, all germans are nazis, all jews are... I'm sure you get the point. Just to bring this slightly back on-topic, please realise that terrorism (as real as it is) has been used as an pretext. Intercepting communications on the UN has nothing to do with it, nor does planting bugs on the European Parliament, nor does spying on Brasil's President or its state oil company. And Scott, thanks for setting me straight and for the rest of your message. Again sorry for the noise and kudos on the YYCIX, Theo. Zé
Re: Sorry OpenBSD people, been a bit busy
This has gotten massively off topic. Can we please let the thread end here?
Re: Sorry OpenBSD people, been a bit busy
It might come as a shock for you all. But we don't give a flying fuck for what you guys think about X where X is not related to OpenBSD. Try #ihavetheurgetoexpressmyfeeelings in irc.disney.com
Re: Sorry OpenBSD people, been a bit busy
You're right! I am outa here! Bye! On Wed, Oct 9, 2013 at 7:18 AM, Peter Hessler phess...@theapt.org wrote: This has gotten massively off topic. Can we please let the thread end here?
Re: Sorry OpenBSD people, been a bit busy
Am I being monitored for receiving these emails? On 10/09/13 12:18, Peter Hessler wrote: This has gotten massively off topic. Can we please let the thread end here?
Re: Sorry OpenBSD people, been a bit busy
On Wed, Oct 09, 2013 at 12:41:07PM +0100, sbienddr...@googlemail.com wrote: Am I being monitored for receiving these emails? No, you're being monitored for using google, stupid. Did anybody consider the possibility Theo didn't start this thread? The email headers looked ok at a quick glance but that didn't sound very much like him.
Re: Sorry OpenBSD people, been a bit busy
John Long codeb...@inbox.lv writes: On Wed, Oct 09, 2013 at 12:41:07PM +0100, sbienddr...@googlemail.com wrote: Am I being monitored for receiving these emails? No, you're being monitored for using google, stupid. Please follow Peter's advice: On 10/09/13 12:18, Peter Hessler wrote: This has gotten massively off topic. Can we please let the thread end here? Did anybody consider the possibility Theo didn't start this thread? The email headers looked ok at a quick glance but that didn't sound very much like him. He did. -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: Sorry OpenBSD people, been a bit busy
Please stop -- There are people so addicted to exaggeration that they can't tell the truth without lying. -- Josh Billings
Re: Sorry OpenBSD people, been a bit busy
On Mon, 7 Oct 2013, James Griffin wrote: [...] But when people don't listen, or continuosly repeat themselves unnecessarily, the discussion digresses and becomes irrelevent and/or annoying for those of us subscribed to the list. That's the point I tried to make. Anyway, this is digressing too. No. This was obviously not the reason. The offenses did not come from people that complained about the amount of Emails. And I was not in the discussion alone: mainly I answered; if I repeated, then because people did not understand me. Perhaps was the thema a little off-topic, but in my oppinion not irrelevant, it deserves to be discussed, and an objective discussion here was impossible. On the other side, I understand that such discussions can be disturbing in a mailing list. This is one of the reasons because I was for the existence of the old OpenBSD Usenet Groups. In my opinion, the reason of the insults and diffamations is something very primitive. For many people the operating system they use is part of their identity (as for others their car or their mobile telephone). Without their Operating System they feel to be no one. Belonging to a community they feel as part of an elite. Insulting and diffamating people outside make these feelings stronger, people insulting and diffamiting one individual feel to be more together, they need it colectively from time to time. Not to be part of it is a question of conscience, also of education, from the ones that do it you cannot expect a much better behaviour. BTW. The insults came together with the demand that I leave the list, not that I stop posting about the thema: I was the enemy outside the community. Rodrigo.
Re: Sorry OpenBSD people, been a bit busy
Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. So has your internet access (ISP) improved too since a while back or just locally and what resistance did you encounter - pro surveillance? The UK broadband speeds have shot up and become more of an asset but they are also becoming far more of a liability too. I am not too bothered about well secured?? monitoring systems for the good of us all by authorites that perhaps put as much importance on the security of the monitoring systems as anyone else? if not more? but I am extremely concerned about the government now even pushing ISPs to put in layer 7 filters such as TalkTalks homesafe on the cheapest and crappiest hardware (of the same make as those with backdoors in audio switches, thankfully firewalled) and possibly providing a cover for the previously rejected advertising data harvesting systems of the future under the compelling and so reason scuppering highly questionable method of stopping kiddy porn. If only more ISP engineers understood why OpenBSD is so secure or atleast as much as they traditionally did with the mantra of ISP's transport packets and that's all for safety reasons. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 07:20, Kevin Chadwick wrote: So has your internet access (ISP) improved too since a while back or just locally and what resistance did you encounter - pro surveillance? The UK broadband speeds have shot up and become more of an asset but they are also becoming far more of a liability too. I am not too bothered about well secured?? monitoring systems for the good of us all by authorites that perhaps put as much importance on the security of the monitoring systems as anyone else? if not more? but I am extremely concerned about the government now even pushing ISPs to put in layer 7 filters such as TalkTalks homesafe on the cheapest and crappiest hardware (of the same make as those with backdoors in audio switches, thankfully firewalled) and possibly providing a cover for the previously rejected advertising data harvesting systems of the future under the compelling and so reason scuppering highly questionable method of stopping kiddy porn. If only more ISP engineers understood why OpenBSD is so secure or atleast as much as they traditionally did with the mantra of ISP's transport packets and that's all for safety reasons. I didn't want to bring this up before, but it might be an interesting discussion, even though off-topic. Feel free to ignore this part of the thread. After reading Theo's post, I wondered what effect an IX had on what we now know about NSA surveillance. I don't know anything about it, but I suspect it won't make any difference. Some of Snowden's leaked documents detail how the NSA has the private keys for various US corporations, and they set up various computers on the backbone links. Basically, the NSA can imperceptibly vacuum up all data. Scary shit, really. A few people have suggested they are vacuuming /everything/, not just foreigners, while others counter that there's just too much data, and it's infeasible for them to store it. I propose that not only is it possible, but quite likely. When google mysteriously went offline for about 5 minutes a while back, it was said that Internet traffic dropped by 40%. A shitload of that is going to be YouTube, which the NSA can easily ignore. I've also heard that something like 40% of Internet traffic is porn, so they can ignore that, too. Another big chunk goes to people downloading movies/TV by NetFlix, torrent or from the cable-type companies themselves. Again, the actual content can be ignored, but the metadata can be kept. Duplicate data can be ignored as well. There's no need for the NSA to keep 10,000 copies of the same shit Fox or CNN spews to 10,000 daily visitors. Just keep the metadata. No need to keep advertisements, cool graphics/CSS stuff, or HTML. That can all be stripped away. Whether those 40% numbers are accurate or not -- and I doubt they are -- isn't the point. The point is that a metric shitload of content can be safely ignored. It wouldn't surprise me in the least if it were to be revealed that all the NSA actually traps is maybe 5% of total Internet traffic. Not because of a lack of capacity, but a lack of interest in crap. Now go look at the two big data centres under construction. Everyone knows about the Utah data centre, but there's another, slightly smaller one, under construction on the East coast. (Sorry, I can't remember exactly where.) But that's not the scariest thing. The scariest thing is when a friend of mine talked about how cool his smartphone is. I replied with the standard stuff: You're being watched and recorded (etc). He said he doesn't care. He just doesn't care if the government watched the sex vids he shared with some ladies online, or read his emails. Paraphrasing him, he asked, When was the last time someone I knew had a government official knock on their door? Never! And you'll never see it happen in your lifetime, either! I did reply with a few thought-provoking ideas, but I know damn well he won't think about it, because he just doesn't care, and no matter what I say, he never will. (I did ask him, when /will/ it be too much for you, and will it be too late? He didn't reply.) I would suggest that most of the general population shares his apathy. Sure, a few people get riled up for a few minutes, but that goes away when Miley does something stupid with her ass, a dancing show comes on, or Michael Bay blows up a lot of stuff on the big screen. Now we're finding out that the FBI and NSA own a whole lot of Tor nodes. Some suspect half of them are government controlled, especially the exit nodes. More scary? The likes of Bruce Schneier and Glenn Greenwald, both privy to the compendium of Snowden's documents, are saying things like We haven't seen the half of it... It gets worse. I can't wait.. A question for Theo and those in the know: Do these IXs in any way deter or foil the NSA? Or do they just make for better connectivity? Just curious. @Kevin Chadwick: About your comment
Re: Sorry OpenBSD people, been a bit busy
On Tue, Oct 08, 2013 at 08:20:32AM -0400, Scott McEachern wrote: I didn't want to bring this up before, but it might be an interesting discussion, even though off-topic. Feel free to ignore this part of the thread. After reading Theo's post, I wondered what effect an IX had on what we now know about NSA surveillance. I don't know anything about it, but I suspect it won't make any difference. I have a colocated server in the same data center that the IX is being installed in. I live in Calgary and also have a home internet connection with a major ISP here, Shaw Cable. Traceroutes from my home to the data centre are pretty normal, enmax envision is a local commercial fibre carrier: traceroute to getaddrinfo.net (216.171.227.98), 64 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 6.809 ms 2.461 ms 14.730 ms 2 * * * 3 64.59.132.169 (64.59.132.169) 14.543 ms 10.710 ms 13.220 ms 4 66.163.71.102 (66.163.71.102) 13.731 ms ra2so-tge2-1.cg.shawcable.net (66.163.71.98) 14.216 ms 13.916 ms 5 rx0so-enmax.cg.bigpipeinc.com (66.244.207.158) 13.478 ms 10.950 ms 14.982 ms 6 a72-29-245-70.enmaxenvison.net (72.29.245.70) 12.979 ms 33.446 ms 9.483 ms 7 a72-29-245-66.enmaxenvison.net (72.29.245.66) 14.227 ms 13.917 ms 16.484 ms 8 216-171-224-253.datahive.ca (216.171.224.253) 9.981 ms 14.946 ms 25.484 ms 9 216-171-224-5.datahive.ca (216.171.224.5) 46.234 ms 29.974 ms 35.703 ms 10 216-171-227-98.datahive.ca (216.171.227.98) 36.741 ms 40.197 ms 41.490 ms Now here is where things get interesting, from the data centre to my home: traceroute to krwm.net (184.64.152.209), 64 hops max, 40 byte packets 1 216-171-227-97.datahive.ca (216.171.227.97) 0.636 ms 0.622 ms 0.411 ms 2 216-171-224-246.datahive.ca (216.171.224.246) 0.409 ms 0.505 ms 0.561 ms 3 gige-g2-7.core1.yyc1.he.net (72.52.101.149) 6.267 ms 0.823 ms 0.557 ms 4 10gigabitethernet3-2.core1.yvr1.he.net (184.105.223.218) 17.967 ms 11.860 ms 16.505 ms 5 10gigabitethernet12-3.core1.sea1.he.net (184.105.222.1) 35.960 ms 14.592 ms 20.456 ms 6 rc1wt-ge4-1.wa.shawcable.net (206.81.80.54) 27.318 ms 23.863 ms 23.819 ms 7 66.163.70.209 (66.163.70.209) 19.439 ms 20.140 ms 19.439 ms 8 dx6no-g1.cg.shawcable.net (64.59.132.170) 24.978 ms 20.165 ms 19.573 ms 9 krwm.net (184.64.152.209) 139.806 ms 33.179 ms 27.907 ms Take a look at the 5th and 6th hops, they are in the US. The data goes from Calgary to Vancouver down into the US to Seattle and then all the way back to Calgary. So long winded answer to your question: Canadian internet traffic will stay in Canada and won't make these ridiculous loops. I guess if the NSA has coerced with CSIS or whatever the Canadian equivalent is then there might be cause for worry there (quite likely as we parrot almost everything the US does). Some of Snowden's leaked documents detail how the NSA has the private keys for various US corporations, and they set up various computers on the backbone links. Basically, the NSA can imperceptibly vacuum up all data. Scary shit, really. A few people have suggested they are vacuuming /everything/, not just foreigners, while others counter that there's just too much data, and it's infeasible for them to store it. I propose that not only is it possible, but quite likely. When google mysteriously went offline for about 5 minutes a while back, it was said that Internet traffic dropped by 40%. A shitload of that is going to be YouTube, which the NSA can easily ignore. I've also heard that something like 40% of Internet traffic is porn, so they can ignore that, too. Another big chunk goes to people downloading movies/TV by NetFlix, torrent or from the cable-type companies themselves. Again, the actual content can be ignored, but the metadata can be kept. Duplicate data can be ignored as well. There's no need for the NSA to keep 10,000 copies of the same shit Fox or CNN spews to 10,000 daily visitors. Just keep the metadata. No need to keep advertisements, cool graphics/CSS stuff, or HTML. That can all be stripped away. Whether those 40% numbers are accurate or not -- and I doubt they are -- isn't the point. The point is that a metric shitload of content can be safely ignored. It wouldn't surprise me in the least if it were to be revealed that all the NSA actually traps is maybe 5% of total Internet traffic. Not because of a lack of capacity, but a lack of interest in crap. Now go look at the two big data centres under construction. Everyone knows about the Utah data centre, but there's another, slightly smaller one, under construction on the East coast. (Sorry, I can't remember exactly where.) But that's not the scariest thing. The scariest thing is when a friend of mine talked about how cool his smartphone is. I replied with the standard stuff: You're being watched and recorded (etc). He said he doesn't care. He just doesn't care
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 10:33, Kyle R W Milz wrote: Now here is where things get interesting, from the data centre to my home: [...] Take a look at the 5th and 6th hops, they are in the US. The data goes from Calgary to Vancouver down into the US to Seattle and then all the way back to Calgary. So long winded answer to your question: Canadian internet traffic will stay in Canada and won't make these ridiculous loops. I guess if the NSA has coerced with CSIS or whatever the Canadian equivalent is then there might be cause for worry there (quite likely as we parrot almost everything the US does). I've seen similar paths when tracerouting from my location (NE of Toronto) to west coast sites. Depending on the site, the packets take a little detour to NYC, Chicago, Seattle, etc., before coming back into Canada. Please forgive my little ramble here: 20 years ago, my girlfriend and I drove from Whitby, Ontario (just east of Toronto) to Banff, Alberta. We drove through Calgary, BTW. On our way out there, we decided to take a short cut through some northern states: Michigan, Wisconsin, Minnesota and finally North Dakota, before heading north to Winnipeg, and continuing west. It was considerably shorter than driving through northern Ontario, above Lake Superior. Stupid me, I completely forgot I had a bag containing something the border authorities would very seriously frown upon. They gave a cursory check to the trunk, and I paid a $2 duty on the (obvious) case of beer that I bought in Canada. The guys in the car ahead of us got the full shakedown. We slept in the car until the border opened. It wasn't until we pitched our tents for the first time, the next night, and broke out the bag, that I realized my (our) mistake. Needless to say, we didn't cross the border again and took the long way home. My point is that staying in Canada and not crossing the border might be a good idea by car, (and that was pre-9/11), but I don't think in this day and age that it really matters if your packets cross the border or not. Remember, Canada is one of the Five Eyes (along with the US, UK, Australia and New Zealand) whose intelligence agencies happily share information. How much, we don't know, but it gets around legal loopholes about not being able to spy on your own citizens. (Which the NSA disregards entirely.) The Canadian equivalent to the NSA isn't CSIS, it's CSEC. https://en.wikipedia.org/wiki/Communications_Security_Establishment_Canada The ECHELON section on that page explains the Five Eyes setup, about sharing information, and it's been going on since 1948. And don't forget, since we are foreign, it is within the NSA's mandate to monitor us. So you bet your ass they are watching us, because they can. While I have no proof of this, it is strictly my unfounded theory, I would also think that the NSA pays particular interest to OpenBSD. It's right there on the OpenBSD site's pages that they're located in Canada to /specifically/ avoid US interference. If you were the NSA, wouldn't you find an organization that: 1) blatantly says they're in Canada to avoid US government problems, 2) is arguably the most secure OS on the market, 3) (I think..) was the first to use integrated heavy crypto, including IPSec, 4) has a subtle (and sometimes not so subtle) anti-government/anti-establishment tone on the mailing lists, 5) is completely open source with all commits publicly viewable, 6) is probably run by a bunch of commie hippies (in their eyes), wouldn't /you/ (as the NSA) keep an eye on those liberal bastards? My friend replied to me, from his gmail account, to my email server located in my own home, using my own Canadian-registered domain, And if a government really wanted to track you, well, lets face the facts. You and I just aren't that important. haha I had to point out to him that, let's face facts, you are exactly one degree of separation from someone, who (albeit tangentially) is involved with not just any FOSS organization, but OpenBSD, who is /probably/ watched. I'm in the list archives, and listed on the donations page. You are one degree of separation from someone who runs their own servers, has publicly said uses full disk encryption on Internet-related servers (and knows how to pull a power cord), and runs a members-only site that requires HTTPS. All of that is considered suspicious. If the NSA is looking around, they've probably noticed me, and looked at me. Too paranoid? I failed to mention (here), that one of my oldest friends is in the Canadian Forces. He works in SIGINT. I don't know what he does, and I don't know his exact clearance, just that at the least it's secret level. I know he can't talk about anything work-related (and doesn't). Before he got his clearance, how far did they look into my friend's friends, like me? I have no idea. So, I said to my other friend: that You and I just aren't that important. haha may
Re: Sorry OpenBSD people, been a bit busy
2013/10/8 Kyle R W Milz k...@getaddrinfo.net: I guess if the NSA has coerced with CSIS or whatever the Canadian equivalent is then there might be cause for worry there (quite likely as we parrot almost everything the US does). YYCIX is subject to canadian laws. It likely must have a lawful interception interface for the canadian police/whatever. Canada is a member of Five Eyes. Best Martin
Re: Sorry OpenBSD people, been a bit busy
Food for thought for everyone, but like I said, he doesn't care and won't think about it. As I say I am far more concerned about 'modern' incompetent ISP's. Uncaring ISPs or ISP's that can only care about profit (and so advertising) or they are out of business and tasking them (perhaps to their delight) with layer 7 filtering which requires great care and expertise and arguably only securable passively which I am sure they will not be doing. This should certainly be stopped as it may give people with mostly evil intentions similar access as the NSA or just reduce reliability perhaps at a time when the net is needed most. Sounds like it was quite a bit of work though or was that mostly the resistance? Global government surveilance is not going to be stopped or the backbone avoided and atleast likely comes from mostly good intentions even if it is bound to be abused or infiltrated at times. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 16:36, Martin Schröder wrote: YYCIX is subject to canadian laws. It likely must have a lawful interception interface for the canadian police/whatever. Americans are subject to the highest law of the land: The US Constitution. You know, that document the President and damned near every government employee has sworn an oath to obey and protect. The NSA has broken that oath. Not long after the Snowden leaks started, the Director of National Intelligence, James Clapper, spoke before congress and explained what the NSA is up to, in an attempt to play down Snowden's revelations. Then more Snowden documents came out, proving that the DNI just /lied/ to congress. Curiously, he's not in jail, and is still in office. Lying to congress is an indictable offense, er, a felony offence in US legal-speak. Now here's another fun bit of trivia for you: The constitution outranks *all* other laws, like state, regional, municipal, etc. All except one: Foreign treaties. They hold equal rank to the constitution. Think about that, vis a vis foreign treaties with other intelligence agencies. The same applies in Canada with our Constitution and Bill of Rights. Lawful interception, you say? Subject to Canadian laws? Privacy laws? There are no privacy laws in either the US or Canadian constitutions; look it up. But we /do/ have treaties. Canada is a member of Five Eyes. Thank-you for proving my point. Nice treaties with the other members since 1948. Treaties that have equivalent legal weight to the constitutions of the respective countries. If you think our (Canadian) morally superior privacy laws, and our national/provincial privacy commissioners have any say in the matter, you're fooling yourself. A couple of weeks ago, John Tory, a very well-respected radio commentator (and former lawyer, former CEO of Rogers, former politician, etc.) on a respected AM talk radio station, interviewed a fellow who works deep inside the telecom industry. Sorry, I can't remember the chap's name. Tory asked the guy, So what ISPs are giving customer data to the government? The guy deadpanned, All of them. All of them are doing it. Of course, there's no actual proof of this at the moment, but given what Snowden has released so far, and what those documents indicate (eg. PRISM) I think this theory has moved from pure speculation to most likely status. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
I am not flippant enough to say that the NSA revelations do not matter, but what are we supposed to do? The Middle Eastern terrorism threat is real and we need to be able to stop them anyway necessary. All it takes is one of them to hit every Walmart in the neighborhood, buy every pay-as-you-go phone they have, then pass them out to their friends in every Mosque. Now you have a new terrorism threat. So, welcome to the real world my friend, and wake up. On Tue, 8 Oct 2013, Scott McEachern wrote: On 10/08/13 16:36, Martin Schröder wrote: YYCIX is subject to canadian laws. It likely must have a lawful interception interface for the canadian police/whatever. Americans are subject to the highest law of the land: The US Constitution. You know, that document the President and damned near every government employee has sworn an oath to obey and protect. The NSA has broken that oath. Not long after the Snowden leaks started, the Director of National Intelligence, James Clapper, spoke before congress and explained what the NSA is up to, in an attempt to play down Snowden's revelations. Then more Snowden documents came out, proving that the DNI just /lied/ to congress. Curiously, he's not in jail, and is still in office. Lying to congress is an indictable offense, er, a felony offence in US legal-speak. Now here's another fun bit of trivia for you: The constitution outranks *all* other laws, like state, regional, municipal, etc. All except one: Foreign treaties. They hold equal rank to the constitution. Think about that, vis a vis foreign treaties with other intelligence agencies. The same applies in Canada with our Constitution and Bill of Rights. Lawful interception, you say? Subject to Canadian laws? Privacy laws? There are no privacy laws in either the US or Canadian constitutions; look it up. But we /do/ have treaties. Canada is a member of Five Eyes. Thank-you for proving my point. Nice treaties with the other members since 1948. Treaties that have equivalent legal weight to the constitutions of the respective countries. If you think our (Canadian) morally superior privacy laws, and our national/provincial privacy commissioners have any say in the matter, you're fooling yourself. A couple of weeks ago, John Tory, a very well-respected radio commentator (and former lawyer, former CEO of Rogers, former politician, etc.) on a respected AM talk radio station, interviewed a fellow who works deep inside the telecom industry. Sorry, I can't remember the chap's name. Tory asked the guy, So what ISPs are giving customer data to the government? The guy deadpanned, All of them. All of them are doing it. Of course, there's no actual proof of this at the moment, but given what Snowden has released so far, and what those documents indicate (eg. PRISM) I think this theory has moved from pure speculation to most likely status. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 16:41, Kevin Chadwick wrote: As I say I am far more concerned about 'modern' incompetent ISP's. Uncaring ISPs or ISP's that can only care about profit (and so advertising) or they are out of business and tasking them (perhaps to their delight) with layer 7 filtering which requires great care and expertise and arguably only securable passively which I am sure they will not be doing. This should certainly be stopped as it may give people with mostly evil intentions similar access as the NSA or just reduce reliability perhaps at a time when the net is needed most. Sounds like it was quite a bit of work though or was that mostly the resistance? Global government surveilance is not going to be stopped or the backbone avoided and atleast likely comes from mostly good intentions even if it is bound to be abused or infiltrated at times. History has demonstrated time and time over that it is the nature of government to keep and expand power at all costs. Surveillance states don't go away until a major upheaval takes place. Look at East Germany's Stasi, or the former USSR's KGB. Oh wait, that came back again with a new name, the GRU I believe. As I said in a previous post, it's most likely that the NSA is vacuuming up /all/ Internet data. Even if they aren't grabbing 100% of it, they're definitely getting the interesting bits. And that data is going to be stored forever. Even if your data is safely encrypted today, that data will be stored somewhere for pretty much eternity. In 20 years when supercomputers, or quantum computers, can make mincemeat of today's strong crypto, that data will be analyzed to predict the future by learning from the past. Even if you can pretend the US government of today, or any other government for that matter, is truly innocuous with the best intentions (ha!), that doesn't take into account the nature of future governments. Back in the pre-WW2 days, Belgium (or was it the Netherlands? I forget.) kept detailed census and medical data on their citizens, including their religious affiliation. It was useful data for a friendly government, never to be abused. Then WW2 happened, and Hitler's Nazis invaded. They found that data, especially the religion part, quite useful, and we all know how that turned out. The NSA has been playing this game not for years, but *decades*. The breadth of PRISM and other programs with names always written in caps is astounding. They, and other intelligence agencies, are /everywhere/. Routers and switches with backdoors from the US (like Cisco), China (Huawei), Russia and others. Splitters on backbone fiber, like Room 641A. Superfast computers that intercept HTTPS/SSL data using acquired private keys from friendly or coerced companies. Moxie Marlinspike demonstrated these techniques at a black hat conference in 2009, google for it. Sounds far fetched? Look at the revelation that LavaBit did indeed shut down because the FBI insisted on having their private keys, and installing a device on their network to intercept and decrypt the data. They originally were (allegedly) targeting just Snowden's account, but when the head of LavaBit declined, the FBI wanted the data for /all/ users. So he shut it down. Then Silent Circle shut down, and the list continues to grow. More food for thought? Go read Naomi Wolf's book The End of America. (https://en.wikipedia.org/wiki/Naomi_Wolf for a quick outline.) Don't have time to read it? Watch her youtube video (~48mins) of a speech given at the U of Washington in 2007. (https://www.youtube.com/watch?v=y8u-5gsZdgc, amongst others) Hopefully, it will make you think about the direction the US is heading. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
I used to work at empire blue cross. I had many friends who worked in the Trade Towers.I lived for a time in Battery Park nearby.So go to hell asshole, the USA will neverLet another 9/11 happen again, And Snowden is quite the jerk. These guys were recently planning attacks on Toronto as a matter of fact and were discovered in time, maybe thanks to the NSA. So sit in your tea house pouring over your netbook,Fuckin around, and hide. And go to hell. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Zé LoffSent: Tuesday, October 8, 2013 6:08 PMTo: Richard ThorntonCc: Scott McEachern; misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been a bit busy The Middle Eastern terrorism threat is real and we need to be able to stop them anyway necessary. All it takes is one of them to hit every Walmart in the neighborhood, buy every pay-as-you-go phone they have, then pass them out to their friends in every Mosque. Well fuck you and your fucking stereotypes, you fucking bigot. And thank you for validating the quote on Scott's signature, btw.
Re: Sorry OpenBSD people, been a bit busy
The Middle Eastern terrorism threat is real and we need to be able to stop them anyway necessary. All it takes is one of them to hit every Walmart in the neighborhood, buy every pay-as-you-go phone they have, then pass them out to their friends in every Mosque. Well fuck you and your fucking stereotypes, you fucking bigot. And thank you for validating the quote on Scott's signature, btw.
Re: Sorry OpenBSD people, been a bit busy
Martin Schr?der [mar...@oneiros.de] wrote: 2013/10/8 Kyle R W Milz k...@getaddrinfo.net: I guess if the NSA has coerced with CSIS or whatever the Canadian equivalent is then there might be cause for worry there (quite likely as we parrot almost everything the US does). YYCIX is subject to canadian laws. It likely must have a lawful interception interface for the canadian police/whatever. Canada is a member of Five Eyes. This is the duty of the ISP that serves the (snooped) end-user, not the IX. The ISP is the only entity in a position to capture all traffic for an end- user unless they are multi-homed. Then the authority has to ask multiple ISPs to tap for them.
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 17:38, Richard Thornton wrote: I am not flippant enough to say that the NSA revelations do not matter, but what are we supposed to do? The Middle Eastern terrorism threat is real and we need to be able to stop them anyway necessary. All it takes is one of them to hit every Walmart in the neighborhood, buy every pay-as-you-go phone they have, then pass them out to their friends in every Mosque. Now you have a new terrorism threat. So, welcome to the real world my friend, and wake up. Seriously, after everything I've said so far (I see you just replied privately to my most recent post), you're suggesting that *I* wake up to the real world? I suggest you take that message to the ignorant, complacent, apathetic masses. Please. Take a look at the prime-time TV lineup on the major US networks, and the cable stations like Showcase, HBO, etc. What are their plots mostly focussed on? Terrorism. Top-rated shows like NCIS, NCIS: LA, and the like: Terrorism. My point is that the media is feeding the viewers a non-stop diet of potential terrorist plots. It's ridiculously pervasive, and the fear is taking over peoples' minds. Why do you think Bruce Schneier calls the TSA's actions security theatre? They're reactive, not proactive. Maybe the NSA/CIA/FBI are trying to be proactive, but what's their track record? The intelligence agencies each had a piece of the 9/11 puzzle. Due to infighting and protecting their respective turf, they didn't share information, and 9/11 happened. Hindsight is 20/20, but it was revealed that if they had only cooperated, 9/11 could have been prevented. Look at the Boston bombings. The FBI received intel from the Russians, of all people, beforehand that the two brothers were up to something. How did that work out for them? The Times Square bomber was stopped by a curious NYPD cop, not an three-letter agency. How about those US soldiers that converted to Islam, raising red flags with their unusual behaviour and behavioural changes, going on shooting rampages? How did the FBI do there? Maybe they have foiled attacks, but you'd think they'd be shouting that from the rooftops saying, Look! We're doing good! Our Billion dollar budgets are justified! People know about PRISM now, but even if they wanted to keep the source of their intel under wraps, I'm sure they could find a way to parallel construct a plausible explanation without revealing too much. Like you said in a fresh post, maybe the NSA was helpful in stopping the potential attacks on Toronto and various rail lines. Who knows. Read my previous paragraph again. And for the record, both you and Ze Loff should stick to facts and rational discussion. Bigots and morons are best defeated with those, and they'll show their true colours, debasing their own opinions. There's no need for insults and ad hominem attacks. You feel that Snowden is quite the jerk? You're entitled to that opinion, but there are a great many people, myself included, that think he is a hero for exposing blantant lies and violations of the law and constitution. Snowden, and some other previous NSA employees, saw the insanity of this, and the future of it. They were appalled, and went public. They are heroes. Privately, you casually dismissed Wolf as another blow hard, the liberal version of Ann Coulter. Maybe so, but attacking her personally does not negate the validity of her points. Watch the video, and think about it with an open mind, if you can. You asked, What are we supposed to do? There are no easy answers here. I fully realize that there are shades of grey involved. But you aren't looking at the thin end of the wedge; we've long passed that point, and you are ceding your rights to allow it to not only continue, but to expand. Remeber what Ben Franklin said: Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. His point in that quote speaks directly to the nature of government. It hasn't changed since then. Government will take a mile when you give them an inch. You've probably heard the glib comments that more people in the US have died from choking on fishbones/car accidents/etc. in the last 12 years than have died from terrorism. But at what price, both financially (military spending) and in terms of rights in a growing surveillance state? Where does it end, and what is the logical conclusion? I just don't have the answers, but I can repeat the suggestions of Bruce Schneier: Trust the math. Trust the crypto. Be careful with the implementation. The NSA isn't so much working on breaking the crypto (for now), as they are attacking the end points. That's why they hacked the Tor Bundle. That's why they control so many Tor exit nodes. Stick to known trusted OSes, like OpenBSD. Avoid proprietary software, especially software developed in the US. Avoid this cloud
Re: Sorry OpenBSD people, been a bit busy
On 10/06/13 20:48, dera...@cvs.openbsd.org wrote: Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? [...] Layers of hurt being thrown around. Why? I don't know, but I can guess. Probably the same reason that a year or two ago some crap came out trying to discredit OpenBSD's IPSec implementation: To discredit you, and OpenBSD as a whole. Like I said, I have absolutely no doubt the NSA has been keeping tabs on OpenBSD as a whole. Anything more than that is pure speculation on my part. You, and the project, are financially reliant on donations, so if you are discredited, those donations lessen, and the project falters. I'd bet money that the NSA would love to see OpenBSD go away. What other real options would someone, like the NSA but not necessarily them, or just them, have? Hack the OpenBSD servers? Good luck with that. OpenBSD is the gold standard in the hacker underground. I've heard hackers say that when they are looking for targets, they skip the OpenBSD boxes they find; a waste of time. (I don't know how true that is, so take it with a grain of salt.) Inject code? (Like was alleged in the IPSec situation.) Good luck. Commits are public, reviewed, audited, etc. Corrupt the project leaders, usually financially. Theo is an idealist. (I mean that in a good way, don't get me wrong.) If he wanted to make serious money, he could easily do so with his reputation, experience, and skill set. I wish anyone luck with corrupting Theo, or those he trusts, with money. I deeply believe that unlike psychopathic CxO-types, he's not in it for the money, or power. Blackmail the leaders into doing your bidding. Last I checked, Theo isn't married, so he doesn't have to worry about a leak of him with his mistress. I suspect that Theo wouldn't cave if someone were to reveal he used the services of ladies of the night. (For the record, I'm just making up scenarios here, I have no idea what he does in his private time, other than cycling.) The other thing to consider is that I don't think many people in the OpenBSD community would give a shit if Theo did questionable things in his private life. I'm not interested, and I doubt any serious person would be. I simply look at the work he does. The dedication and quality. *Everyone* has secrets, period. Nobody wants cameras in their bedrooms or bathrooms. (Canada had a Prime Minister in the 70s by the name of Pierre Trudeau, that said quite clearly that the state has no business in the bedrooms of the nation. He made plenty of mistakes, but he got that one dead right.) What would Theo's (fictional!) indiscretions, or any other dev's indiscretions, have to do with OpenBSD development? Nothing. However, not everyone thinks that way, so I think one of the simpler ways to attack OpenBSD is to discredit the project (IPSec), and discredit the project leader (fake twitter bullshit). This demoralizes the funding base. It scares people away, whether they are existing users or potential users. Some say there's no such thing as bad publicity. I beg to differ. Theo needs to continuously refute the bullshit with truth and honesty, standing on his body of years of dedication and work. Given his status, I'm sure that would be a full-time task in itself. Perhaps a PR firm using OpenBSD could donate some work in that area, to give back. (I realize that's wishful thinking, but you never know..) I'm sure Sun Tzu could read more into this, but he's dead. One of his principal tenets was know your enemy, and thanks to Snowden et al., we have seen the enemy, they are legion, and include the NSA. Now we know much more about them, their tactics and methods. Again, he is a hero. I'd laugh if his future leaks were titled To: NSA; Subject: From Russia with Love. :) -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the
Re: Sorry OpenBSD people, been a bit busy
I love OpenBSD, seriously, and developers of it are clearly geniuses. And any chance I get I promote it. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Scott McEachernSent: Tuesday, October 8, 2013 7:17 PMTo: misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been a bit busy On 10/08/13 17:38, Richard Thornton wrote: I am not flippant enough to say that the NSA revelations do not matter, but what are we supposed to do? The Middle Eastern terrorism threat is real and we need to be able to stop them anyway necessary. All it takes is one of them to hit every Walmart in the neighborhood, buy every pay-as-you-go phone they have, then pass them out to their friends in every Mosque. Now you have a new terrorism threat. So, welcome to the real world my friend, and wake up. Seriously, after everything I've said so far (I see you just replied privately to my most recent post), you're suggesting that *I* wake up to the real world? I suggest you take that message to the ignorant, complacent, apathetic masses. Please. Take a look at the prime-time TV lineup on the major US networks, and the cable stations like Showcase, HBO, etc. What are their plots mostly focussed on? Terrorism. Top-rated shows like NCIS, NCIS: LA, and the like: Terrorism. My point is that the media is feeding the viewers a non-stop diet of potential terrorist plots. It's ridiculously pervasive, and the fear is taking over peoples' minds. Why do you think Bruce Schneier calls the TSA's actions security theatre? They're reactive, not proactive. Maybe the NSA/CIA/FBI are trying to be proactive, but what's their track record? The intelligence agencies each had a piece of the 9/11 puzzle. Due to infighting and protecting their respective turf, they didn't share information, and 9/11 happened. Hindsight is 20/20, but it was revealed that if they had only cooperated, 9/11 could have been prevented. Look at the Boston bombings. The FBI received intel from the Russians, of all people, beforehand that the two brothers were up to something. How did that work out for them? The Times Square bomber was stopped by a curious NYPD cop, not an three-letter agency. How about those US soldiers that converted to Islam, raising red flags with their unusual behaviour and behavioural changes, going on shooting rampages? How did the FBI do there? Maybe they have foiled attacks, but you'd think they'd be shouting that from the rooftops saying, Look! We're doing good! Our Billion dollar budgets are justified! People know about PRISM now, but even if they wanted to keep the source of their intel under wraps, I'm sure they could find a way to parallel construct a plausible explanation without revealing too much. Like you said in a fresh post, maybe the NSA was helpful in stopping the potential attacks on Toronto and various rail lines. Who knows. Read my previous paragraph again. And for the record, both you and Ze Loff should stick to facts and rational discussion. Bigots and morons are best defeated with those, and they'll show their true colours, debasing their own opinions. There's no need for insults and ad hominem attacks. You feel that Snowden is quite the jerk? You're entitled to that opinion, but there are a great many people, myself included, that think he is a hero for exposing blantant lies and violations of the law and constitution. Snowden, and some other previous NSA employees, saw the insanity of this, and the future of it. They were appalled, and went public. They are heroes. Privately, you casually dismissed Wolf as another blow hard, the liberal version of Ann Coulter. Maybe so, but attacking her personally does not negate the validity of her points. Watch the video, and think about it with an open mind, if you can. You asked, What are we supposed to do? There are no easy answers here. I fully realize that there are shades of grey involved. But you aren't looking at the thin end of the wedge; we've long passed that point, and you are ceding your rights to allow it to not only continue, but to expand. Remeber what Ben Franklin said: Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. His point in that quote speaks directly to the nature of government. It hasn't changed since then. Government will take a mile when you give them an inch. You've probably heard the glib comments that more people in the US have died from choking on fishbones/car accidents/etc. in the last 12 years than have died from terrorism. But at what price, both financially (military spending) and in terms of rights in a growing surveillance state? Where does it end, and what is the logical conclusion? I just don't have the answers, but I can repeat the suggestions of Bruce Schneier: Trust the math. Trust the crypto. Be careful with the implementation. The NSA isn't so much working on breaking the crypto (for now), as they are attacking the end points. That's why
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 20:42, thornton.rich...@gmail.com wrote: I love OpenBSD, seriously, and developers of it are clearly geniuses. And any chance I get I promote it. Excellent, and I applaud you for that. You should take a look at the papers/presentations the devs have given. The stuff Theo wrote on W^X was mind boggling. Over my head, but I got the gist. I'm not going to find the ones I'm thinking of (it's been a while since I read them), I'll leave that as an exercise for the reader. You'll find plenty of mind-blowing stuff. (Ok, I can't resist. I'll link to one particular page that's really easy to understand: http://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp3.html. Maybe another, this is from 2005, and I nearly lost my mind: http://www.openbsd.org/papers/ven05-deraadt/index.html) I don't mean to single out Theo, but he started this thread, so he remains the focus. You should read the stuff the other devs have written, it's all excellent stuff. The genius shines through. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. All I can say is, I hope you don't do anything private with your device. You have two /proven/ weak points in your hand. Anything HTTPS/TLS/SSL on your handheld is probably moot, but I'd still use crypto anyway. :) Convenience comes with a price. And Richard, thanks for sharing your thoughts. It adds to the balance. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On Wed, Oct 9, 2013 at 6:42 AM, Scott McEachern sc...@blackstaff.ca wrote: On 10/08/13 20:42, thornton.rich...@gmail.com wrote: I love OpenBSD, seriously, and developers of it are clearly geniuses. And any chance I get I promote it. Excellent, and I applaud you for that. My favourite O/S is also OpenBSD. Theo and his guys protect the world. so they are naturally protected. Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
Re: Sorry OpenBSD people, been a bit busy
The NSA is just a backdrop against the real corruption, which guys like Sen. Ted Cruz, who intentionally manipulate the markets by threatening to default on USA debt. Only an idiot would not assume these Senators are selling their stocks before this stupid debate, drive the markets down, buy on the cheap, then bam! Come up with a deal, and make a huge windfall profit. meanwhile they keep everyone focused on other issues such as NSA while they literally rape the country. On Tue, 8 Oct 2013, Scott McEachern wrote: On 10/08/13 16:36, Martin Schröder wrote: YYCIX is subject to canadian laws. It likely must have a lawful interception interface for the canadian police/whatever. Americans are subject to the highest law of the land: The US Constitution. You know, that document the President and damned near every government employee has sworn an oath to obey and protect. The NSA has broken that oath. Not long after the Snowden leaks started, the Director of National Intelligence, James Clapper, spoke before congress and explained what the NSA is up to, in an attempt to play down Snowden's revelations. Then more Snowden documents came out, proving that the DNI just /lied/ to congress. Curiously, he's not in jail, and is still in office. Lying to congress is an indictable offense, er, a felony offence in US legal-speak. Now here's another fun bit of trivia for you: The constitution outranks *all* other laws, like state, regional, municipal, etc. All except one: Foreign treaties. They hold equal rank to the constitution. Think about that, vis a vis foreign treaties with other intelligence agencies. The same applies in Canada with our Constitution and Bill of Rights. Lawful interception, you say? Subject to Canadian laws? Privacy laws? There are no privacy laws in either the US or Canadian constitutions; look it up. But we /do/ have treaties. Canada is a member of Five Eyes. Thank-you for proving my point. Nice treaties with the other members since 1948. Treaties that have equivalent legal weight to the constitutions of the respective countries. If you think our (Canadian) morally superior privacy laws, and our national/provincial privacy commissioners have any say in the matter, you're fooling yourself. A couple of weeks ago, John Tory, a very well-respected radio commentator (and former lawyer, former CEO of Rogers, former politician, etc.) on a respected AM talk radio station, interviewed a fellow who works deep inside the telecom industry. Sorry, I can't remember the chap's name. Tory asked the guy, So what ISPs are giving customer data to the government? The guy deadpanned, All of them. All of them are doing it. Of course, there's no actual proof of this at the moment, but given what Snowden has released so far, and what those documents indicate (eg. PRISM) I think this theory has moved from pure speculation to most likely status. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 22:35, Indunil Jayasooriya wrote: My favourite O/S is also OpenBSD. Theo and his guys protect the world. so they are naturally protected. Almost, but not quite. Theo actually has a devoted core of followers around the globe, highly trained in gung-fu, krav maga, and ninjitsu. They fight to kill. Meetings take place on a secret, members-only OpenBSD-powered web server. One word, and a problem can be solved, anywhere, any time. Or so I hear... So yes, he and his fellow devs are protected, while they protect the world. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
Adding to your previous thoughts, it became clear to me some years ago that the best way to gather information on someone is to find information which they've volunteered. Facebook and other social networks have a space to select your religion, sexual identity, location, school, work, and contact information. Much of this information can be selected from existing lists. Supplying this information hands it into the realm of Facebook apps with permission to access that information, too. But, people have given up this information. They weren't even paid or coerced. Why so naive? But that's just it, isn't it? People are naive. They go to public schools where they are taught to accept what is popular and reject all else, and that's where much of it starts. Computers must run Windows. If you want to be different, buy a Mac. Programs must be big and graphical with plenty of room for error. Why have it any other way? I have also noticed that the news is saying what is and isn't common sense now. They use this term as a backhanded directive, as if to say, Of course it is so, this is common sense. In fact, common sense is a little more inquisitive than that, and common sense would actually have it that you don't trust everything you hear. On topic and as a response to Theo, Twitter is a vehicle of passive aggression and ad hominem attacks among other things. I blame Twitter for the direction much of the Internet has taken. It is quick, it is short, and that's how people are with other people. They are quick, and they are short. And it seems a pretty weak attempt at disparaging your character. Thank you, and please, please keep it up. On Oct 8, 2013 6:14 PM, Scott McEachern sc...@blackstaff.ca wrote: On 10/08/13 20:42, thornton.rich...@gmail.com wrote: I love OpenBSD, seriously, and developers of it are clearly geniuses. And any chance I get I promote it. Excellent, and I applaud you for that. You should take a look at the papers/presentations the devs have given. The stuff Theo wrote on W^X was mind boggling. Over my head, but I got the gist. I'm not going to find the ones I'm thinking of (it's been a while since I read them), I'll leave that as an exercise for the reader. You'll find plenty of mind-blowing stuff. (Ok, I can't resist. I'll link to one particular page that's really easy to understand: http://www.openbsd.org/papers/**eurobsdcon_2013_time_t/** mgp3.htmlhttp://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp3.html. Maybe another, this is from 2005, and I nearly lost my mind: http://www.openbsd.org/papers/**ven05-deraadt/index.htmlhttp://www.openbsd.org/papers/ven05-deraadt/index.html ) I don't mean to single out Theo, but he started this thread, so he remains the focus. You should read the stuff the other devs have written, it's all excellent stuff. The genius shines through. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. All I can say is, I hope you don't do anything private with your device. You have two /proven/ weak points in your hand. Anything HTTPS/TLS/SSL on your handheld is probably moot, but I'd still use crypto anyway. :) Convenience comes with a price. And Richard, thanks for sharing your thoughts. It adds to the balance. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 22:44, Benjamin Heath wrote: Adding to your previous thoughts, it became clear to me some years ago that the best way to gather information on someone is to find information which they've volunteered. The US Army, namely D/arpa and the Navy, invented the Internet and onion routing. I can't believe they didn't invent such a clever way to extract information before MySpace/Facebook did. Facebook and other social networks have a space to select your religion, sexual identity, location, school, work, and contact information. Much of this information can be selected from existing lists. Supplying this information hands it into the realm of Facebook apps with permission to access that information, too. But, people have given up this information. They weren't even paid or coerced. Why so naive? I think P.T. Barnum said something about that. People like free stuff. They think they are using a product for free. They don't realize *they* are the product. I don't have a Facebook account. I have a G+ account (by way of having a gmail account for mailing lists) with a picture of my cat, and no information about myself except links to my website. But that's just it, isn't it? People are naive. They go to public schools where they are taught to accept what is popular and reject all else, and that's where much of it starts. Computers must run Windows. If you want to be different, buy a Mac. Programs must be big and graphical with plenty of room for error. Why have it any other way? So far as I understand it, kids often aren't being taught the course material. They're being taught the test. That is, the standardized evaluation tests for each subject. It inflates test scores to acceptable limits. The ability to think, critically, isn't being taught at all. You have kids walking out of school thinking crap like Intelligent Design is plausible, and that the earth really is only 6000 years old. Darwin's ideas are just theories, but fail to realize gravity is just a theory too. Stand on a 10th floor balcony, and test out that just a theory. Why would kids do such silly things as read books, when they have summarized versions online that they can skim over while they're waiting for their tweet/facebook update to be replied to. After all, it is the most profound 130 character message ever written. I have also noticed that the news is saying what is and isn't common sense now. They use this term as a backhanded directive, as if to say, Of course it is so, this is common sense. In fact, common sense is a little more inquisitive than that, and common sense would actually have it that you don't trust everything you hear. I read it on the Internet, therefore it must be true. 99% of the news people digest daily is spoon fed to them by five megacorps that are more than happy to frame the narrative for you. People worship celebrities that are only famous because of their surnames or relatives, and spend their leisure time on the couch watching (un)reality TV shows. TV crime shows, like CSI, get DNA results in minutes. They can pinpoint the bad guy, right down to the floor he's on, within seconds just from his IP address. Strong encryption is broken within seconds on a laptop computer. Firewalls are routinely hacked within minutes. Cases are always solved with conclusive proof. Ask any prosecutor how her life in the courtroom has changed since CSI-type shows hit the air. Everyone on the jury is an armchair expert criminalist, and they get confused when cases aren't cut and dried, black and white. The founding fathers of the US understood that an educated public, active in the political process, is a good thing. Modern politicians understand that an uneducated, apathetic public is a better thing. On topic and as a response to Theo, Twitter is a vehicle of passive aggression and ad hominem attacks among other things. I blame Twitter for the direction much of the Internet has taken. It is quick, it is short, and that's how people are with other people. They are quick, and they are short. And it seems a pretty weak attempt at disparaging your character. I suppose twitter has its good uses, like during the Arab Spring, but by and large it's a time sink to read fluff. I wrote to someone earlier sharing my one and only tweet from three years ago. (I plagiarized Marco Peereboom.) crap *Scott McEachern* @*scott_mceachern* https://twitter.com/scott_mceachern 24 Nov 10 https://twitter.com/scott_mceachern/status/7477254057631744 Twitter is the stupidest fucking thing to happen on the Internet. /crap Like I said, you read it on the Internet, so it must be true. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On Oct 8, 2013 8:21 PM, Scott McEachern sc...@blackstaff.ca wrote: On 10/08/13 22:44, Benjamin Heath wrote: But that's just it, isn't it? People are naive. They go to public schools where they are taught to accept what is popular and reject all else, and that's where much of it starts. Computers must run Windows. If you want to be different, buy a Mac. Programs must be big and graphical with plenty of room for error. Why have it any other way? So far as I understand it, kids often aren't being taught the course material. They're being taught the test. That is, the standardized evaluation tests for each subject. It inflates test scores to acceptable limits. The ability to think, critically, isn't being taught at all. You have kids walking out of school thinking crap like Intelligent Design is plausible, and that the earth really is only 6000 years old. Darwin's ideas are just theories, but fail to realize gravity is just a theory too. Stand on a 10th floor balcony, and test out that just a theory. Why would kids do such silly things as read books, when they have summarized versions online that they can skim over while they're waiting for their tweet/facebook update to be replied to. After all, it is the most profound 130 character message ever written. It isn't only the course material or the testing material, but I'd argue that public school itself is a critical time in which a young human being learns to desire what's popular, and to desire to be popular. (Look, I'm a geek, and things like The Big Bang Theory on CBS make me cringe.) But the lack of critical thinking in this issue leads to a lot of confused kids who then graduate and are soon called legal adults if they aren't already. And then what? Inattention, apathy, acceptance, mediocrity, and that's how the toad boils. It's also quite interesting that there are more books and other documents on this planet than ever before, more people know the basics of how to read and write than ever before, and yet the interest is shot down by lack of attention, for whichever reason.
Re: Sorry OpenBSD people, been a bit busy
Because people, are idiots, and like to attack others who do useful things. Keep your head up. RG On 10/07/2013 02:48 AM, dera...@cvs.openbsd.org wrote: Hi, yeah, it is really me. I find it strange posting to misc, starting an email thread. Normally I finish the threads here. Most OpenBSD developers have known for a while, but I think it is important to tell the greater community that I've been a bit busy for about the last year. I have not been paying as much attention to OpenBSD development as I'm expected to. Luckily, other developers have done a great job keeping it on track. Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. http://yycix.ca https://en.wikipedia.org/wiki/YYCIX_Internet_Exchange_Community_Ltd Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? I will not mention names. I don't need to; many can dig a little and figure out who those actors are. As a hint, search a little bit higher. Finally, one thing that particularily bothers me in the old postings is the mention of my old friend Itojun, a very dedicated developer of IPv6. As many of you know, he and John Postel are the only two internet architects currently honoured on an annual basis by the Internet Society in the form of an award. http://www.internetsociety.org/what-we-do/grants-and-awards/awards/itojun-service-award Layers of hurt being thrown around. Why? Mit freundlichen Grüßen Robert Garrett Senior System Engineer Technical Projects Solutions -- InterNetX GmbH Maximilianstr. 6 93047 Regensburg Germany Tel. +49 941 59559-480 Fax +49 941 59559-245 www.internetx.com www.facebook.com/InterNetX www.twitter.com/InterNetX Geschäftsführer/CEO: Thomas Mörz Amtsgericht Regensburg, HRB 7142
Re: Sorry OpenBSD people, been a bit busy
Then again, I would find that rather offensive, given what he is saying on the header: citation Since the OBSD people are basically fucking dumber than a single sack of hammers THIS IS A PARODY ACCOUNT. /citation On 10/07/2013 03:48 AM, dera...@cvs.openbsd.org wrote: Hi, yeah, it is really me. I find it strange posting to misc, starting an email thread. Normally I finish the threads here. Most OpenBSD developers have known for a while, but I think it is important to tell the greater community that I've been a bit busy for about the last year. I have not been paying as much attention to OpenBSD development as I'm expected to. Luckily, other developers have done a great job keeping it on track. Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. http://yycix.ca https://en.wikipedia.org/wiki/YYCIX_Internet_Exchange_Community_Ltd Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? I will not mention names. I don't need to; many can dig a little and figure out who those actors are. As a hint, search a little bit higher. Finally, one thing that particularily bothers me in the old postings is the mention of my old friend Itojun, a very dedicated developer of IPv6. As many of you know, he and John Postel are the only two internet architects currently honoured on an annual basis by the Internet Society in the form of an award. http://www.internetsociety.org/what-we-do/grants-and-awards/awards/itojun-service-award Layers of hurt being thrown around. Why? -- With best regards, Gregory Edigarov
Re: Sorry OpenBSD people, been a bit busy
dera...@cvs.openbsd.org wrote: Layers of hurt being thrown around. Why? This is a legitim question. Since I am here, I think I received twice an Email from you: I remember you as a polite person. But I did read a little of what people write about you arround. Some weeks ago a question of me here produced unfortunately too much traffic. I was critical to the optimism in Tridgelll doctoral thesis, about the rsync algorithm, about new programming technics that seem to allow the use of hash values as a unique key. If the question was a little off-topic, then it was not anymore as some people here felt attacked by my critic. I was continously exposed to insult and defamation. I continously tried to keep the discussion objective, without much success. I asked me the very same question you ask, I ask me it till now. And of course I tried to find an answer. And the answer of Robert Garrett throw new questions: Because people are idiots? Then we all are idiots and cannot compain. Or only people that do usefull things can complain and other do not deserve respect? Rodrigo.
Re: Sorry OpenBSD people, been a bit busy
* hru...@gmail.com hru...@gmail.com [2013-10-07 08:36:04 +]: dera...@cvs.openbsd.org wrote: Layers of hurt being thrown around. Why? This is a legitim question. Since I am here, I think I received twice an Email from you: I remember you as a polite person. But I did read a little of what people write about you arround. Some weeks ago a question of me here produced unfortunately too much traffic. I was critical to the optimism in Tridgelll doctoral thesis, about the rsync algorithm, about new programming technics that seem to allow the use of hash values as a unique key. If the question was a little off-topic, then it was not anymore as some people here felt attacked by my critic. I was continously exposed to insult and defamation. I continously tried to keep the discussion objective, without much success. I asked me the very same question you ask, I ask me it till now. And of course I tried to find an answer. And the answer of Robert Garrett throw new questions: Because people are idiots? Then we all are idiots and cannot compain. Or only people that do usefull things can complain and other do not deserve respect? Rodrigo. In fairness, you were repeating yourself a great deal and filling up our inboxes with the same statements. It went on for days and became tiresome. That was the main complaint, not the mathematical arguments you were put to the list.
Re: Sorry OpenBSD people, been a bit busy
People who attack each, other with nothing but the defamation of the other individual, at heart are idiots. Sometimes, in the course of normal discussions.. things get out of hand, I really dont care about this. I prefer people to attack ideas, not each other. RG On 10/07/2013 10:43 AM, James Griffin wrote: * hru...@gmail.com hru...@gmail.com [2013-10-07 08:36:04 +]: dera...@cvs.openbsd.org wrote: Layers of hurt being thrown around. Why? This is a legitim question. Since I am here, I think I received twice an Email from you: I remember you as a polite person. But I did read a little of what people write about you arround. Some weeks ago a question of me here produced unfortunately too much traffic. I was critical to the optimism in Tridgelll doctoral thesis, about the rsync algorithm, about new programming technics that seem to allow the use of hash values as a unique key. If the question was a little off-topic, then it was not anymore as some people here felt attacked by my critic. I was continously exposed to insult and defamation. I continously tried to keep the discussion objective, without much success. I asked me the very same question you ask, I ask me it till now. And of course I tried to find an answer. And the answer of Robert Garrett throw new questions: Because people are idiots? Then we all are idiots and cannot compain. Or only people that do usefull things can complain and other do not deserve respect? Rodrigo. In fairness, you were repeating yourself a great deal and filling up our inboxes with the same statements. It went on for days and became tiresome. That was the main complaint, not the mathematical arguments you were put to the list. Mit freundlichen Grüßen Robert Garrett Senior System Engineer Technical Projects Solutions -- InterNetX GmbH Maximilianstr. 6 93047 Regensburg Germany Tel. +49 941 59559-480 Fax +49 941 59559-245 www.internetx.com www.facebook.com/InterNetX www.twitter.com/InterNetX Geschäftsführer/CEO: Thomas Mörz Amtsgericht Regensburg, HRB 7142
Re: Sorry OpenBSD people, been a bit busy
I'd turn this to police and tried to make Twitter to shut down this account. On 7 okt 2013, at 02:48, dera...@cvs.openbsd.org wrote: Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt
Re: Sorry OpenBSD people, been a bit busy
* InterNetX - Robert Garrett robert.garr...@internetx.com [2013-10-07 11:04:56 +0200]: People who attack each, other with nothing but the defamation of the other individual, at heart are idiots. Sometimes, in the course of normal discussions.. things get out of hand, I really dont care about this. I prefer people to attack ideas, not each other. RG I agree. That's why I don't attack individuals. But when people don't listen, or continuosly repeat themselves unnecessarily, the discussion digresses and becomes irrelevent and/or annoying for those of us subscribed to the list. That's the point I tried to make. Anyway, this is digressing too.
Re: Sorry OpenBSD people, been a bit busy
On Mon, Oct 07, 2013 at 11:10:36AM +0200, mxb wrote: I'd turn this to police [...] That might however generate a Streisand effect, where the slanderous statements are spread even more. and tried to make Twitter to shut down this account. Since it's marked as a parody account, I don't think that would be successful. Maybe laying out the account history, with it being marked as parody only a few days ago, might do something. Theo: Regardless of the public opinion or annoying people on twitter, I want to reiterate the point Rodrigo made a few messages up. In the few mails we exchanged a while back, I've experienced you as a very polite and to the point engineer, contrary to what the opinion of some people might be. And then, it's awesome to hear about YYCIX. -- Gregor Best --
Re: Sorry OpenBSD people, been a bit busy
I am glad to know that it is a parody account; You can easily go to court, in order to force Twitter to give up the names contact info of those responsible for the parody account if you would like to sue, but then any off-color public remarks you have actually made could be turned against you. The best approach is to sue Twitter directly. It would be fun to see that stupid service shutdown. On Mon, 7 Oct 2013, InterNetX - Robert Garrett wrote: Because people, are idiots, and like to attack others who do useful things. Keep your head up. RG On 10/07/2013 02:48 AM, dera...@cvs.openbsd.org wrote: Hi, yeah, it is really me. I find it strange posting to misc, starting an email thread. Normally I finish the threads here. Most OpenBSD developers have known for a while, but I think it is important to tell the greater community that I've been a bit busy for about the last year. I have not been paying as much attention to OpenBSD development as I'm expected to. Luckily, other developers have done a great job keeping it on track. Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. http://yycix.ca https://en.wikipedia.org/wiki/YYCIX_Internet_Exchange_Community_Ltd Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? I will not mention names. I don't need to; many can dig a little and figure out who those actors are. As a hint, search a little bit higher. Finally, one thing that particularily bothers me in the old postings is the mention of my old friend Itojun, a very dedicated developer of IPv6. As many of you know, he and John Postel are the only two internet architects currently honoured on an annual basis by the Internet Society in the form of an award. http://www.internetsociety.org/what-we-do/grants-and-awards/awards/itojun-ser vice-award Layers of hurt being thrown around. Why? Mit freundlichen Grüßen Robert Garrett Senior System Engineer Technical Projects Solutions -- InterNetX GmbH Maximilianstr. 6 93047 Regensburg Germany Tel. +49 941 59559-480 Fax +49 941 59559-245 www.internetx.com www.facebook.com/InterNetX www.twitter.com/InterNetX Geschäftsführer/CEO: Thomas Mörz Amtsgericht Regensburg, HRB 7142
Re: Sorry OpenBSD people, been a bit busy
I don't see a reason why Twitter is given that much attention. It surely gets a lot of hype from all around, but I did not excpect it will get more from OpenBSD mailing lists. -- Marko Cupać
Re: Sorry OpenBSD people, been a bit busy
Le 2013-10-07 12:30, Marko CupaÄ a écrit : I don't see a reason why Twitter is given that much attention. It surely gets a lot of hype from all around, but I did not excpect it will get more from OpenBSD mailing lists. Yes, let the people spend their time and energy for nothing. It's absolutely not interesting to spend yours on this, It's a kid game. I appraciate much more the work you do all on awsome project like OpenBSD and YYCIX :) Gilles Cafedjian.
Re: Sorry OpenBSD people, been a bit busy
well, Twitter does have its useful purposes. There is plenty of information on there of a technical nature. The major problem is just filtering out all the noise. Unfortunately, the idiots know about twitter and try to use it to their advantage. SOmetimes that works, and other times it backfires with very amusing results. -eric On Oct 7, 2013, at 6:32 AM, Gilles Cafedjian wrote: Le 2013-10-07 12:30, Marko Cupać a écrit : I don't see a reason why Twitter is given that much attention. It surely gets a lot of hype from all around, but I did not excpect it will get more from OpenBSD mailing lists. Yes, let the people spend their time and energy for nothing. It's absolutely not interesting to spend yours on this, It's a kid game. I appraciate much more the work you do all on awsome project like OpenBSD and YYCIX :) Gilles Cafedjian.
Re: Sorry OpenBSD people, been a bit busy
Slander aside, pretty cool news. I do have one stupid question though, what does the 'yy' in yycix stand for? On 10/6/13, dera...@cvs.openbsd.org dera...@cvs.openbsd.org wrote: Hi, yeah, it is really me. I find it strange posting to misc, starting an email thread. Normally I finish the threads here. Most OpenBSD developers have known for a while, but I think it is important to tell the greater community that I've been a bit busy for about the last year. I have not been paying as much attention to OpenBSD development as I'm expected to. Luckily, other developers have done a great job keeping it on track. Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. http://yycix.ca https://en.wikipedia.org/wiki/YYCIX_Internet_Exchange_Community_Ltd Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? I will not mention names. I don't need to; many can dig a little and figure out who those actors are. As a hint, search a little bit higher. Finally, one thing that particularily bothers me in the old postings is the mention of my old friend Itojun, a very dedicated developer of IPv6. As many of you know, he and John Postel are the only two internet architects currently honoured on an annual basis by the Internet Society in the form of an award. http://www.internetsociety.org/what-we-do/grants-and-awards/awards/itojun-service-award Layers of hurt being thrown around. Why?
Re: Sorry OpenBSD people, been a bit busy
On 07/10/13 9:57 PM, noah pugsley wrote: Slander aside, pretty cool news. I do have one stupid question though, what does the 'yy' in yycix stand for? It is not YY it is YYC. It is an airport code. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Sorry OpenBSD people, been a bit busy
On 10/07/13 21:57, noah pugsley wrote: Slander aside, pretty cool news. I do have one stupid question though, what does the 'yy' in yycix stand for? YYC is the International Air Transport Association airport code for the Calgary International Airport. Eg. YYZ is Toronto's Pearson airport, London's Heathrow is LHR, etc. I'd imagine they chose YYC to clearly indicate the IX location. https://en.wikipedia.org/wiki/International_Air_Transport_Association_airport_code -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On Mon, Oct 7, 2013 at 6:57 PM, noah pugsley noah.pugs...@gmail.com wrote: Slander aside, pretty cool news. I do have one stupid question though, what does the 'yy' in yycix stand for? On 10/6/13, dera...@cvs.openbsd.org dera...@cvs.openbsd.org wrote: Hi, yeah, it is really me. I find it strange posting to misc, starting an email thread. Normally I finish the threads here. Most OpenBSD developers have known for a while, but I think it is important to tell the greater community that I've been a bit busy for about the last year. I have not been paying as much attention to OpenBSD development as I'm expected to. Luckily, other developers have done a great job keeping it on track. Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. http://yycix.ca https://en.wikipedia.org/wiki/YYCIX_Internet_Exchange_Community_Ltd Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? I will not mention names. I don't need to; many can dig a little and figure out who those actors are. As a hint, search a little bit higher. Finally, one thing that particularily bothers me in the old postings is the mention of my old friend Itojun, a very dedicated developer of IPv6. As many of you know, he and John Postel are the only two internet architects currently honoured on an annual basis by the Internet Society in the form of an award. http://www.internetsociety.org/what-we-do/grants-and-awards/awards/itojun-service-award Layers of hurt being thrown around. Why? YYC is the IATA code for Calgary airport. Taru
Re: Sorry OpenBSD people, been a bit busy
Thank you both for answering my question. On 10/7/13, Scott McEachern sc...@blackstaff.ca wrote: On 10/07/13 21:57, noah pugsley wrote: Slander aside, pretty cool news. I do have one stupid question though, what does the 'yy' in yycix stand for? YYC is the International Air Transport Association airport code for the Calgary International Airport. Eg. YYZ is Toronto's Pearson airport, London's Heathrow is LHR, etc. I'd imagine they chose YYC to clearly indicate the IX location. https://en.wikipedia.org/wiki/International_Air_Transport_Association_airport_code -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On Sun, Oct 6, 2013 at 8:48 PM, dera...@cvs.openbsd.org wrote: Hi, yeah, it is really me. I find it strange posting to misc, starting an email thread. Normally I finish the threads here. Most OpenBSD developers have known for a while, but I think it is important to tell the greater community that I've been a bit busy for about the last year. I have not been paying as much attention to OpenBSD development as I'm expected to. Luckily, other developers have done a great job keeping it on track. Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. http://yycix.ca https://en.wikipedia.org/wiki/YYCIX_Internet_Exchange_Community_Ltd Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? I will not mention names. I don't need to; many can dig a little and figure out who those actors are. As a hint, search a little bit higher. Finally, one thing that particularily bothers me in the old postings is the mention of my old friend Itojun, a very dedicated developer of IPv6. As many of you know, he and John Postel are the only two internet architects currently honoured on an annual basis by the Internet Society in the form of an award. http://www.internetsociety.org/what-we-do/grants-and-awards/awards/itojun-service-award Layers of hurt being thrown around. Why? People are people, that's why. Keep up the good philanthropic work and don't let the long faces get you down.
Re: Sorry OpenBSD people, been a bit busy
Yes, let the people spend their time and energy for nothing. It's absolutely not interesting to spend yours on this, It's a kid game. I appraciate much more the work you do all on awsome project like OpenBSD and YYCIX :) I also agree with you. This is a useless topic. Let's discard it. -- Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
Sorry OpenBSD people, been a bit busy
Hi, yeah, it is really me. I find it strange posting to misc, starting an email thread. Normally I finish the threads here. Most OpenBSD developers have known for a while, but I think it is important to tell the greater community that I've been a bit busy for about the last year. I have not been paying as much attention to OpenBSD development as I'm expected to. Luckily, other developers have done a great job keeping it on track. Why? With a group of others, I started setting up an Internet Exchange in Calgary, and this has taken much time because it is highly politicized and has encountered some resistance. http://yycix.ca https://en.wikipedia.org/wiki/YYCIX_Internet_Exchange_Community_Ltd Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? I will not mention names. I don't need to; many can dig a little and figure out who those actors are. As a hint, search a little bit higher. Finally, one thing that particularily bothers me in the old postings is the mention of my old friend Itojun, a very dedicated developer of IPv6. As many of you know, he and John Postel are the only two internet architects currently honoured on an annual basis by the Internet Society in the form of an award. http://www.internetsociety.org/what-we-do/grants-and-awards/awards/itojun-service-award Layers of hurt being thrown around. Why?
Sorry for that noise
Anonymous Remailer (austria) mixmas...@remailer.privacy.at Scheint mir diese armselige Fritz WChler KrC6te zu sein. Schade, das sein Account **nicht** im September expired ist ... (The Fritz WChler account actually expired in september. It really had to create a new one!) Hast es immer noch nC6tig, was! (You poor boy need it pretty urgent, huh?) Deine Springerstiefel sehnen sich nach ZC$rtlichkeit. (Your combat boots are longing for tenderness. [Actually a cite from a song of the german Softpunk-band 'Die Crzte' (The Doctors)].) Wirklich eine Schande, so einem verschissenen Kameradschaft-SCd Heini im Internet zu begegnen. (It's a fucking pain in the ass to meet one of those dumb Nazis in the Internet.) DEUTSCH. (Deutsch!) Was sonst??? (What else.) Kein Wunder, das wir so beliebt sind ... (Good machine. [Seriously?]) Luftwaffe und Kindergarten. ZUM KOTZEN!! (McDonalds.) Oder 88, wir ihr Eierlosen brCllt, wenn ihr in einer Horde auftretet. (Actually 'Heil Hitler!' is forbidden in germany, which is why these kids can't tattoo it on their neck. So they do tattoo '88!', for 'HH!', i.e. the eigth character in the alphabet. You know - it's a thing with those balls.) (Sorry for this shit, but Fritz WChler may continue forever if you say words like 'Wash your mouth'. It has already drunk some beer this morning, as you can see.) --steffen
(Sorry for the newbie question)Re: hier command not found: ksh: hier: not found
--- On Tue, 3/24/09, SJP Lists sjp.li...@flashbsd.net wrote: From: SJP Lists sjp.li...@flashbsd.net Subject: Re: hier command not found: ksh: hier: not found To: misc@openbsd.org Date: Tuesday, March 24, 2009, 7:00 AM 2009/3/24 my mail am...@yahoo.com: How to use hier? The hier manual page nicely describes the filesystem hierarchy. Not all manual pages describe a tool. thanks for your explanation. sory if my question to stupid because i don't know hier is a tool or not. thx
Re: (Sorry for the newbie question)Re: hier command not found: ksh: hier: not found
On Tue, Mar 24, 2009 at 12:31:49AM -0700, my mail wrote: --- On Tue, 3/24/09, SJP Lists sjp.li...@flashbsd.net wrote: From: SJP Lists sjp.li...@flashbsd.net Subject: Re: hier command not found: ksh: hier: not found To: misc@openbsd.org Date: Tuesday, March 24, 2009, 7:00 AM 2009/3/24 my mail am...@yahoo.com: How to use hier? The hier manual page nicely describes the filesystem hierarchy. Not all manual pages describe a tool. thanks for your explanation. sory if my question to stupid because i don't know hier is a tool or not. thx You can learn from the section the hier man page is in. In this case 7. $ man 7 intro same for other sections. -Otto
Re: keyboard encoding [not worth reading sorry]
On Mon, Jul 28, 2008 at 05:24:10PM +0200, Tony Berth wrote: I have to say that I'm via ssh/xterm to the box. I don't know if this makes a difference? hehe. (-:
Re: keyboard encoding [not worth reading sorry]
John Wright escreveu: On Mon, Jul 28, 2008 at 05:24:10PM +0200, Tony Berth wrote: I have to say that I'm via ssh/xterm to the box. I don't know if this makes a difference? hehe. (-: hahahahahahah... Tony, when you are sshing to a machine, the keyboard encoding that is used NEVER is the one that's in use in the ssh server. The machine you are using to access the OpenBSD machine is the one you must be changing the keyboard layout. My regards, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Heron 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
One more try (sorry) - please ignore...
Testing: still problems... -- pozdrawiam / regards Zbigniew Baniewski
environment variables: simple question, sorry!
Dear folks, i am trying to get the following line in my /etc/rc.local file: csh -cf '$ASDROOT/thr/svscanboot ' And in my /etc/rc.conf.local i added: ASDROOT=/asd During the system boot, all i get is the ASDROOT variable is undefined. How could it be accomplished? thanks in advance. best regards.
Re: environment variables: simple question, sorry!
On Jul 12, 2006, at 2:33 PM, Gustavo Rios wrote: Dear folks, i am trying to get the following line in my /etc/rc.local file: csh -cf '$ASDROOT/thr/svscanboot ' And in my /etc/rc.conf.local i added: ASDROOT=/asd During the system boot, all i get is the ASDROOT variable is undefined. Yes, because it isn't exported and you've surrounded it with single quotes, so it's passed to CSH for interp, and CSH doesn't have it in its env. --- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: ichiic0: errors on MP (Sorry about the no subject post!)
As anyone seen this? No matter what I do I cant stop this from happing. I am at the point of being forced to use another OS that I DONT want to use. Any help would be very much appreciated. As a workaround you could disable ichiic in the kernel config. Use man config for hints on how to accomplish this. Presuming you want to have this fixed properly, can you try compiling a GENERIC.MP kernel with option MPVERBOSE in the kernel configuration file and post the full dmesg? Mark
ichiic0: errors on MP (Sorry about the no subject post!)
As anyone seen this? No matter what I do I cant stop this from happing. I am at the point of being forced to use another OS that I DONT want to use. Any help would be very much appreciated. This only happens when running the MP kernel. The GENERIC kernel runs just fine. This sticks out to me, but I cant not find any reference in the archives about it other that netbsd stuff that doesnt track with the errors I am seeing. pci_intr_map: no MP mapping found Thanks Bill ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE This is a dual Xeon machine. OpenBSD 3.9 (GENERIC.MP) #598: Thu Mar 2 02:37:06 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,C NXT-ID real mem = 2146791424 (2096476K) avail mem = 1952743424 (1906976K) using 4278 buffers containing 107442176 bytes (104924K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 03/29/05, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf51d0/336 (19 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.1) (INTELLINDENHURST ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 200 MHz cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(TM) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,C NXT-ID mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type ISA ioapic0 at mainbus0: apid 7 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 8 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7320 MCH rev 0x0c ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0c pci1 at ppb0 bus 1 ppb1 at pci0 dev 3 function 0 Intel MCH PCIE rev 0x0c pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci3 at ppb2 bus 3 em0 at pci3 dev 3 function 0 Intel PRO/1000MT (82541GI) rev 0x00: apic 8 int 2 (irq 5), address 00:30:48:56:fb:20 em1 at pci3 dev 4 function 0 Intel PRO/1000MT (82541GI) rev 0x00: apic 8 int 3 (irq 5), address 00:30:48:56:fb:21 ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a pci4 at ppb3 bus 4 vga1 at pci4 dev 5 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 6300ESB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to co mpatibility wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00JJC0 wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 6300ESB SMBus rev 0x02pci_intr_map: bus 0 dev 31 func 3 pin 2; line 11 pci_intr_map: no MP mapping found : irq 11 iic0 at ichiic0 lm1 at iic0 addr 0x2c: W83627HF lm2 at iic0 addr 0x2f: W83782D rev D isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lm0 at isa0 port 0x290/8: W83627HF lm1 detached npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 0 netmask 0 ttymask 0 pctr: user-level cycle counter enabled apm0: disconnected dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x42INTR,INUSE ichiic0: timeout, status 0x0 ichiic0:
sorry to reask ... keyboard mapping not working in current Xorg 6.9 on a hp nc6000 laptop
Hello, Regarding my previous post: x11 problem in current: The XKEYBOARD keymap compiler (xkbcomp) reports... (the dmesg and Xorg.0.log can be found in the 2 posts) Sorry to reask, but I searched via google etc and I did not find any solution. Loading the keyboard layout via setxkbmap does not work either. ~ $ setxkbmap fr_CH Error loading new keyboard description (==) Using config file: /etc/X11/xorg.conf The XKEYBOARD keymap compiler (xkbcomp) reports: Error:Can't find file pc/fr_CH for symbols include Exiting Abandoning symbols file default Errors from xkbcomp are not fatal to the X server I am running current on other boxes and XkbLayout fr_CH does work?! Here is my latest not working current InputDevice Section (I tried many different possible solutions/options here, without success) Section InputDevice Identifier Keyboard0 Driver kbd Option CoreKeyboard Option XkbRules xorg Option XkbModel microsoft Option XkbVariantnodeadkeys Option XkbLayout fr_CH EndSection Is this related to the keyboard driver that is not supported on the laptop (hp - nc6000)? Many many thanks for helping!!!
Re: remote su root: SORRY
On Wed, 23 Nov 2005, Paul Yiu wrote: Hi Otto, I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. login pyiu passwd WhatEverWasHere uid 1002 groups users wheel change NEVER class gecos Paul Yiu dir /home/pyiu shell /usr/local/bin/bash expire NEVER pyiu do not assign to any class as shown above. -bash-3.00# getcap -f /etc/login.conf default default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin: :umask=022: :datasize-max=256M: :datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: :openfiles-cur=64: :stacksize-cur=4M: :localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: :auth-ftp=passwd: Also, we need to see the exact command line used and errors reported. Not just some vague description. I use ssh.com client 3.2.9 to login as pyiu and type su to su as root and what has been capture in /var/log/authlog is Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 I can provide more details if necessery. Sigh. Exact details please. Does su print Sorry? Or anything else? Some things you can do to isolate the problem: 1. Login on console as pyiu and try to su. 2. When logged in, ssh to localhost as pyiu and then try to su Please give exact reports on what is printed on screen and written to authlog in these cases. If that does not give a clue, I might need to add some debug code to su to see what is going on. -Otto
Re: remote su root: SORRY
On Nov 20, 2005, at 10:02 PM, Paul Yiu wrote: Hi Guys, Hope you guys can help on this ssh issue has been posted in 2004. Thank you in advance. I hit the same ssh problem with openbsd 3.7. I got serial console set up, I got a user which assigned in a wheel group, when I log in using ssh as a user and try to su. System said sorry and I check /var/log/authlog it said BAD SU pyiu to root on /dev/ttyp0. I can ssh in as root, but not su as root. $ su Password: Sorry $ sudo su - Password: Results in the following entry in /var/log/authlog Nov 23 08:09:54 sabus su: BAD SU chad to root on /dev/ttyp0 I don't think the problem is with the serial console or ssh. I suspect the problem is user error. Assuming you've adjusted sudo to allow people in the wheel group, great. Then they must use sudo to run the commands. Look at my example above. The first time I simply tried using 'su' and obviously did not enter the root password. While in the next example I entered 'sudo su -' and then entered my password when prompted which then granted me a root prompt. -Chad
Re: remote su root: SORRY
Hi Chad, Yes, with sudo su - worked ok, great thanks. I really want su instead of sudo su - due to other admin in my company I want to keep this consistant. Any idea what causes the su failed? I got many openbsd server running and they are with same config but able to su without this problem. -- Regards, Paul Yiu Senior Systems Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Chad M Stewart wrote: On Nov 20, 2005, at 10:02 PM, Paul Yiu wrote: Hi Guys, Hope you guys can help on this ssh issue has been posted in 2004. Thank you in advance. I hit the same ssh problem with openbsd 3.7. I got serial console set up, I got a user which assigned in a wheel group, when I log in using ssh as a user and try to su. System said sorry and I check /var/log/authlog it said BAD SU pyiu to root on /dev/ttyp0. I can ssh in as root, but not su as root. $ su Password: Sorry $ sudo su - Password: Results in the following entry in /var/log/authlog Nov 23 08:09:54 sabus su: BAD SU chad to root on /dev/ttyp0 I don't think the problem is with the serial console or ssh. I suspect the problem is user error. Assuming you've adjusted sudo to allow people in the wheel group, great. Then they must use sudo to run the commands. Look at my example above. The first time I simply tried using 'su' and obviously did not enter the root password. While in the next example I entered 'sudo su -' and then entered my password when prompted which then granted me a root prompt. -Chad
Re: remote su root: SORRY
Sigh. Exact details please. Does su print Sorry? Or anything else? Some things you can do to isolate the problem: 1. Login on console as pyiu and try to su. Yes that worked ok inserial console. $ su Password: # 2. When logged in, ssh to localhost as pyiu and then try to su It failed to su. -bash-3.00$ ssh [EMAIL PROTECTED] -bash-3.00$ su Password: Sorry Please give exact reports on what is printed on screen and written to authlog in these cases. This is authlog when successed to login from SSH to localhost login as pyiu and su. Nov 24 10:00:00 unix1 su: pyiu to root on /dev/ttys0 This is authlog when failed to login from SSH to localhost login as pyiu and su. Nov 24 10:00:46 unix1 su: BAD SU pyiu to root on /dev/ttyp0 If that does not give a clue, I might need to add some debug code to su to see what is going on. -Otto -- Regards, Paul Yiu Senior Systems Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Otto Moerbeek wrote: On Wed, 23 Nov 2005, Paul Yiu wrote: Hi Otto, I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. login pyiu passwd WhatEverWasHere uid 1002 groups users wheel change NEVER class gecos Paul Yiu dir /home/pyiu shell /usr/local/bin/bash expire NEVER pyiu do not assign to any class as shown above. -bash-3.00# getcap -f /etc/login.conf default default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin: :umask=022: :datasize-max=256M: :datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: :openfiles-cur=64: :stacksize-cur=4M: :localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: :auth-ftp=passwd: Also, we need to see the exact command line used and errors reported. Not just some vague description. I use ssh.com client 3.2.9 to login as pyiu and type su to su as root and what has been capture in /var/log/authlog is Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 I can provide more details if necessery. Sigh. Exact details please. Does su print Sorry? Or anything else? Some things you can do to isolate the problem: 1. Login on console as pyiu and try to su. 2. When logged in, ssh to localhost as pyiu and then try to su Please give exact reports on what is printed on screen and written to authlog in these cases. If that does not give a clue, I might need to add some debug code to su to see what is going on. -Otto
Re: remote su root: SORRY
Hi Otto, I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. login pyiu passwd WhatEverWasHere uid 1002 groups users wheel change NEVER class gecos Paul Yiu dir /home/pyiu shell /usr/local/bin/bash expire NEVER pyiu do not assign to any class as shown above. -bash-3.00# getcap -f /etc/login.conf default default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin: :umask=022: :datasize-max=256M: :datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: :openfiles-cur=64: :stacksize-cur=4M: :localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: :auth-ftp=passwd: Also, we need to see the exact command line used and errors reported. Not just some vague description. I use ssh.com client 3.2.9 to login as pyiu and type su to su as root and what has been capture in /var/log/authlog is Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 I can provide more details if necessery. -- Regards, Paul Yiu Senior Systems Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Otto Moerbeek wrote: On Mon, 21 Nov 2005, Lars Hansson wrote: On Mon, 21 Nov 2005 14:02:17 +1100 Paul Yiu [EMAIL PROTECTED] wrote: /etc/passwd pyiu:*:1002:10:P Yiu:/home/pyiu:/usr/local/bin/bash /etc/group wheel:*:0:root,pyiu 10 != 0 Indeed, but what does that have to do with the problem? You do not have to have wheel as primary group to be able to use su(1). I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. Also, we need to see the exact command line used and errors reported. Not just some vague description. -Otto
Re: remote su root: SORRY
On Mon, 21 Nov 2005, Lars Hansson wrote: On Mon, 21 Nov 2005 14:02:17 +1100 Paul Yiu [EMAIL PROTECTED] wrote: /etc/passwd pyiu:*:1002:10:P Yiu:/home/pyiu:/usr/local/bin/bash /etc/group wheel:*:0:root,pyiu 10 != 0 Indeed, but what does that have to do with the problem? You do not have to have wheel as primary group to be able to use su(1). I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. Also, we need to see the exact command line used and errors reported. Not just some vague description. -Otto