Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
previously on this list Theo de Raadt contributed: source tree, Whose fingerprints are available on the website, many of which for years and are probably in googles cache available over ssl and many other corners of the web. on twitter or google, or anywhere else you like. Ask questions if you see once which disagree. Then follow the procedure described in EXAMPLES. This is more than a checksum. In any case, please do buy the CDs as an out of band mechanism as well. If not enough of them sell, maybe we should consider disabling the signify mechanism to encourage CD sales It has occurred to me that you have been very good in terms of not tying the keys in any way to the buying of cds for each release/snapshot. I donate what I can rather than buy cd's as it is more efficient but I guess the money goes to a different place. I do hope there hasn't been a drop/sharp drop in cd sales? I guess any switch to donations may be masked by other fundraising? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, Aug 13, 2014, at 04:47 AM, Kevin Chadwick wrote: It has occurred to me that you have been very good in terms of not tying the keys in any way to the buying of cds for each release/snapshot. I donate what I can rather than buy cd's as it is more efficient but I guess the money goes to a different place. I do hope there hasn't been a drop/sharp drop in cd sales? I guess any switch to donations may be masked by other fundraising? The most absolutely best way any one can contribute to OBSD is to BUY CD'S. Buy some cd's and then buy some more. Buy them for the stickers. Buy them because they fund OBSD. Without cd sales OBSD would cease to exist. It is as simple as that. So, BUY CD'S! That is worth repeating; Without CD sales OpenBSD will cease to exist. PERIOD. Contrary to what a lot of you assholes think NOTHING IS FOR FREE. ELECTRICITY COSTS MONEY. FOOD COSTS MONEY BEER COSTS MONEY. BUY CD'S thank you for your attention.
Re: VPLS and PWE3 status in Openbsd
Hi, we are interested in this too. Great work :) Cheers, Andy. On 08/08/14 18:24, noah pugsley wrote: On Fri, Aug 8, 2014 at 1:19 AM, Alucard aluc...@phangos.fr wrote: Le jeudi 7 août 2014 23:28:37, Renato Westphal a écrit : 2014-08-05 9:17 GMT-03:00 Rafael Zalamena rzalam...@gmail.com: On Tue, Aug 05, 2014 at 12:53:43PM +0200, Alucard wrote: Hi, What is the status of VPLS/PWE3 support on Openbsd right now ? I have been researching a bit but cannot find a definitive answer. There is several mentions of work on this on the web and in the mailing lists but nothing really clear. Back in 2011 Claudio Jeker about Openbsd 4.9/5.0 state that these features are expected in near future. http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf There is a couple of guys speaking about work on this on the mailing list in 2012 and 2013 http://comments.gmane.org/gmane.os.openbsd.tech/29882 http://openbsd.7691.n7.nabble.com/RFC-Patches-for-the-LDP-daemon-td228828.html But I didn't find mentions of this in the ldpd manpage (or am I missing something ?) Thank you Hi Alucard, I stopped coding VPLS/PWE3 support at the end of 2012 because it was getting messy and I didn't have time to properly write it (also I wasn't experienced enough). So after I finished my final paper which was the main reason why I was coding it I simply left it as it was. The wire(4) driver is missing MAC learning and to make it work for my presentation I had to manually add them. The VPLS implementation in LDPd was just too messy and it took me a lot of time to understand LDPd code. Now that I understand most of the ldpd code I'm ashamed of what I did at that time. So: (1) to finish wire(4) there is still a small integration with bridge(4) MAC learning code left to be done and (2) about the VPLS code in LDPd you might have a better luck talking with renato@. Hi Alucard, There is an ongoing effort to implement these features on OpenBSD. The control plane for ldpd(8) is already done, I just need some time to polish the patches and send them for review. If you want to help with testing please let me know. As for the data plane, I'm now in touch with Rafael to support him with his implementation. He will need to change a few things in order to support both the VPWS and VPLS solutions. For example, claudio@ suggested using one virtual interface per pseudo wire and use our bridge(4) for the VPLS stuff (mac learning, flooding, ageing, etc). We hope to finish things up soon. []s Hi Renato This is good news. I would be happy to help testing Louis I am also very very interested in this. And I have access to a lot of gear for any cross platform testing... Thank you guy's so much, I thought this was in a coma... -Noah
Missing ijs.0.0 library in current
Dear misc@ readers, Just updated from 5.5-STABLE to -current (snapshot 08 Aug). I'm not able to install the GIMP: just22@poseidon:[~] pkga gimp Password: Update candidates: quirks-2.9 - quirks-2.9 (ok) quirks-2.9 signed on 2014-07-31T22:37:55Z gimp-2.8.10:aalib-1.4p5: ok gimp-2.8.10:babl-0.1.10p0: ok gimp-2.8.10:gegl-0.2.0p2: ok Can't install gimp-2.8.10 because of libraries |library ijs.0.0 not found | not found anywhere Direct dependencies for gimp-2.8.10 resolve to aalib-1.4p5 gettext-0.19.1p0 gegl-0.2.0p2 gtk-update-icon-cache-2.24.24 python-2.7.8 libwmf-0.2.8.4p0 gtk+2-2.24.24 desktop-file-utils-0.22 libiconv-1.14p1 ghostscript-9.07-a4 dbus-glib-0.102v0 libexif-0.6.21 poppler-0.26.1 tiff-4.0.3p2 py-gtk2-2.24.0p2 curl-7.37.0 libmng-1.0.10p2 openjpeg-1.5.1 Full dependency tree is libffi-3.0.13 libxml-2.9.1p1 tiff-4.0.3p2 atk-2.12.0 poppler-0.26.1 ghostscript-fonts-8.11p2 libexif-0.6.21 librsvg-2.40.2 hicolor-icon-theme-0.13 cairo-1.12.16 lcms-1.18a libcroco-0.6.8p0 gdbm-1.11 glib2-2.40.0p7 py-setuptools-3.4.4p1v0 gtk-update-icon-cache-2.24.24 gegl-0.2.0p2 py-numpy-1.6.0p4 lcms2-2.6p0 graphite2-1.2.4 libglade2-2.6.4p10v0 pcre-8.35 libidn-1.28p0 py-gobject-2.28.6p5v0 ghostscript-9.07-a4 jasper-1.900.1p2 lzo2-2.08 libelf-0.8.13p1 cups-libs-1.7.4 babl-0.1.10p0 lapack-3.1.1p4 poppler-data-0.4.6p0 gnome-icon-theme-symbolic-3.12.0p1 dbus-glib-0.102v0 libexecinfo-0.2p4v0 png-1.6.12 libdaemon-0.14p0 blas-1.0p6 dbus-1.8.6v0 openjpeg-1.5.1 libmng-1.0.10p2 curl-7.37.0 jpeg-9a bzip2-1.0.6p1 py-gtk2-2.24.0p2 harfbuzz-0.9.29 gnome-icon-theme-3.12.0 gdk-pixbuf-2.30.8 shared-mime-info-1.3 avahi-0.6.31p13 py-cairo-1.10.0p1 pango-1.36.5 gettext-0.19.1p0 aalib-1.4p5 libiconv-1.14p1 gtk+2-2.24.24 desktop-file-utils-0.22 libwmf-0.2.8.4p0 jbig2dec-0! .11 libf2c-3.3.6p4 python-2.7.8 Extracted 5371872 from 5373420 pkg_check flags the problem, but do not solve it: just22@poseidon:[~] sudo pkg_check Packing-list sanity: ok Direct dependencies: ok --- cups-filters-1.0.54p2 --- dependency lang/gcc/4.8,-estdc:libstdc++-=4.8,4.9:libstdc++-4.8.3 does not match any installed package dependency print/foomatic-db-engine:foomatic-db-engine-*:foomatic-db-engine-4.0.11 does not match any installed package dependency print/ijs:ijs-*:ijs-0.35p1 does not match any installed package dependency print/poppler,-utils:poppler-utils-*:poppler-utils-0.26.1 does not match any installed package dependency print/qpdf:qpdf-*:qpdf-5.1.2 does not match any installed package estdc++.16.0 not found ijs.0.0 not found qpdf.2.1 not found --- ghostscript-9.07-a4 --- dependency print/ijs:ijs-*:ijs-0.35p1 does not match any installed package ijs.0.0 not found Reverse dependencies: ok Files from packages: ok Any hints? -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: CARP cluster: howto keep pf.conf in sync?
Hi all, thanks for all your input to my small question about how to keep the pf.conf in sync! I have to care for exactly one firewall cluster, so I would like to avoid complex tools for this task. I will probably use rdist. Have fun! Regards Christoph Private Universit?t Witten/Herdecke gGmbH Alfred-Herrhausen-Stra?e 50 D - 58448 Witten Homepage: http://www.uni-wh.de Twitter: http://twitter.com/UniWH Facebook: http://www.facebook.com/UniWH Gesch?ftsf?hrung: Prof. Dr. Martin Butzlaff (Pr?sident), Dipl. oec. Jan Peter Nonnenkamp (Kanzler) Sitz der Gesellschaft: Witten Handelsregister des Amtsgerichts Bochum Nr. HRB 8671
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, 13 Aug 2014, at 11:38 AM, Theo de Raadt wrote: One suggestion/request, to make it even harder for the man-in-the-middle attack to be successfully employed, could the current checksums be posted in the announcement of the new version? http://www.openbsd.org/55.html signify(1) pubkeys for this release: base: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h fw: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO pkg: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 For the upcoming 5.6 release (few months yet), the keys are already included in your 5.5 install, or you can find them in your /etc/signify directory. Or, check http://www.openbsd.org/56.html (warning: incomplete) signify(1) pubkeys for this release: base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb In fact the snapshots available since about a month ago already include the public keys for the 5.7 release next May Now checkout the keys in /src/etc/signify/ from cvs over ssh, check that the fingerprint of the cvs server matches what is on the website (and/or in the various caches), and compare the keys match what was posted. And as mailing list posts are mirrored on many archive sites, compare that the various archives agree with what keys were posted. And once you have a 5.5 that you're confident is legitimate, every subsequent release can be verified using the keys from it, and you will have a chain of trust.
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, 13 Aug 2014, at 11:38 AM, Theo de Raadt wrote: One suggestion/request, to make it even harder for the man-in-the-middle attack to be successfully employed, could the current checksums be posted in the announcement of the new version? http://www.openbsd.org/55.html signify(1) pubkeys for this release: base: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h fw: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO pkg: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 For the upcoming 5.6 release (few months yet), the keys are already included in your 5.5 install, or you can find them in your /etc/signify directory. Or, check http://www.openbsd.org/56.html (warning: incomplete) signify(1) pubkeys for this release: base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb In fact the snapshots available since about a month ago already include the public keys for the 5.7 release next May Are there plans to get openbsd.org serving over SSL? That would help a bit in trusting the keys posted to the website.
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On 13-08-2014 09:04, Carlin Bingham wrote: Are there plans to get openbsd.org serving over SSL? That would help a bit in trusting the keys posted to the website. No, it wouldn't. If we go down that path, DNSSEC, with all it's problems is better than SSL for this. You can get free ssl certificates these days, so the cost isn't the issue here. I do many things that the OP said, such as downloading the sig's from different mirrors, using different internet connections at different times. And even now that there are the pub keys for the next release on the install, I'll keep doing this, just to be sure. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Thu, 14 Aug 2014, at 12:38 AM, Giancarlo Razzolini wrote: On 13-08-2014 09:04, Carlin Bingham wrote: Are there plans to get openbsd.org serving over SSL? That would help a bit in trusting the keys posted to the website. No, it wouldn't. If we go down that path, DNSSEC, with all it's problems is better than SSL for this. You can get free ssl certificates these days, so the cost isn't the issue here. I do many things that the OP said, such as downloading the sig's from different mirrors, using different internet connections at different times. And even now that there are the pub keys for the next release on the install, I'll keep doing this, just to be sure. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC Of course, but doing all that in addition to getting the keys over SSL is better than doing all that and not getting the keys over SSL.
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On 13-08-2014 09:54, Carlin Bingham wrote: Of course, but doing all that in addition to getting the keys over SSL is better than doing all that and not getting the keys over SSL. I did sent this same e-mail you sent almost a year ago. We have signify now. Things have changed. There is always, and always will be the problem of trust. Or, in this case, the initial trust. I don't see OpenBSD adding SSL nor DNSSEC. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On August 13, 2014 2:04:14 PM CEST, Carlin Bingham c...@viennan.net wrote: On Wed, 13 Aug 2014, at 11:38 AM, Theo de Raadt wrote: One suggestion/request, to make it even harder for the man-in-the-middle attack to be successfully employed, could the current checksums be posted in the announcement of the new version? http://www.openbsd.org/55.html signify(1) pubkeys for this release: base: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h fw: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO pkg: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 For the upcoming 5.6 release (few months yet), the keys are already included in your 5.5 install, or you can find them in your /etc/signify directory. Or, check http://www.openbsd.org/56.html (warning: incomplete) signify(1) pubkeys for this release: base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb In fact the snapshots available since about a month ago already include the public keys for the 5.7 release next May Are there plans to get openbsd.org serving over SSL? That would help a bit in trusting the keys posted to the website. How did you download your browser? Can you trust all certs it uses? Etc etc...:-p So many chickens and eggs here.
Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
previously on this list Giancarlo Razzolini contributed: Are there plans to get openbsd.org serving over SSL? That would help a bit in trusting the keys posted to the website. No, it wouldn't. If we go down that path, DNSSEC, with all it's problems is better than SSL for this. You can get free ssl certificates these days, so the cost isn't the issue here. I do many things that the OP said, such as downloading the sig's from different mirrors, using different internet connections at different times. And even now that there are the pub keys for the next release on the install, I'll keep doing this, just to be sure. Perhaps we should ask debian or arch to ask gnupg.orgs keyserver to use a CA signed cert but of course they wouldn't and offer a self-signed I guess for political reasons or not to trip up those who don't understand the issues and perhaps that is true for OpenBSD and whilst it could be an extra check on the ssh fingerprints, might it make people lazy and actually less secure. OpenBSD is actually now probably the most secure open source project in this regard even initially now with so many sources for initial verification (even ip whois records of ssh servers) and re-verification and especially considering The CD's are managed by Theo himself! To top it all off past threads have shown that Arches build system and debians packages that can include binary uploads are alarmingly questionable even when signed with a known valid key. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On 13-08-2014 11:36, Alexander Hall wrote: How did you download your browser? Can you trust all certs it uses? Etc etc...:-p It can't. Just see the Turktrust/Google case. So many chickens and eggs here. Since we are at this, how can you trust your operating system? Your hardware? Everyone need to trust somebody else at some point, otherwise we wouldn't be here. On the other hand, a little bit of paranoia, never hurt. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On 13-08-2014 10:55, Kevin Chadwick wrote: Perhaps we should ask debian or arch to ask gnupg.orgs keyserver to use a CA signed cert but of course they wouldn't and offer a self-signed I guess for political reasons or not to trip up those who don't understand the issues and perhaps that is true for OpenBSD and whilst it could be an extra check on the ssh fingerprints, might it make people lazy and actually less secure. Today there is never a need for self-signed certs. You can get them for free, there's no excuse. For ssh fingerprints there are SSHFP records. With DNSSEC, they can be better checked. But I agree with you that it might make people lazy. OpenBSD is actually now probably the most secure open source project in this regard even initially now with so many sources for initial verification (even ip whois records of ssh servers) and re-verification and especially considering With signify, OpenBSD managed to give the same level of trust, specially on the packages, as the linux distros with their gpged apt. But better. Signify is way simpler. On the verification side, OpenBSD have lots of mirrors, but if your dns is compromised you can't trust your whois. The CD's are managed by Theo himself! This is great. But if you're being targeted, your CD might be intercepted. This is why you should use them plus the internet for checking things. To top it all off past threads have shown that Arches build system and debians packages that can include binary uploads are alarmingly questionable even when signed with a known valid key. Their security track record isn't that great. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: [Bulk] Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, 13 Aug 2014 12:19:40 -0300 Giancarlo Razzolini wrote: Today there is never a need for self-signed certs. You can get them for free, there's no excuse. Tell that to gnupg.org, as I say political... but useful going forward but there are only a few keyservers. Also if you have a secure method to share the fingerprint then self-signed are more secure. Personally I would like someone, perhaps a major browser to create a service where we can login and submit our fingerprint and get a password which they match to a password installed at the root of your website in a file like .sslcheck over ssl and so matching the password and fingerprint. If a rogue has write ability you can't trust the ssl anyway and this keeps it to the basic elements rather than introducing other potential insecurities like DNSSEC would. I am assuming an attacker would find it very hard to create a key to match a fingerprint but could be wrong? I also find myself debating with using a CA signed cert with STARTTLS as it can too easily offer a false sense of security due to downgrade attacks.
Re: [Bulk] Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, 13 Aug 2014 12:19:40 -0300 Giancarlo Razzolini wrote: Today there is never a need for self-signed certs. You can get them for free, there's no excuse. Tell that to gnupg.org, as I say political... but useful going forward but there are only a few keyservers. Also if you have a secure method to share the fingerprint then self-signed are more secure. Personally I would like someone, perhaps a major browser to create a service where we can login and submit our fingerprint and oh, I suppose because everything is much safer better when you add half a million lines of browser code to the mix. Insane.
Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On 13.08.2014 17:11, Giancarlo Razzolini wrote: On 13-08-2014 11:36, Alexander Hall wrote: How did you download your browser? Can you trust all certs it uses? Etc etc...:-p It can't. Just see the Turktrust/Google case. So many chickens and eggs here. Since we are at this, how can you trust your operating system? Your hardware? Everyone need to trust somebody else at some point, otherwise we wouldn't be here. On the other hand, a little bit of paranoia, never hurt. To be honest, I find those discussions rather bizarr and yet they seem to pop up more often. With signify OpenBSD developers have created a tool that can give you a reasonable amount of certainty that the software you are using is the one that has been written and released by the OpenBSD team. Most Linux distros or other projects are not providing more ways to have that kind of reassurance and yet people start questioning every single bit that is coming from OpenBSD and demand proove. Next thing is that they want Theo to carve the bits into his HDD-platters because they don't trust the controller software. *Please*. I am all for paranoia and usually I am also seeing the bad things first - but sometimes what is asked for is far beyond reasonable and doable. If people would really think their demands through to the end and understand what they are asking for - they would shutdown their computers, trash them for good and start a woodworking business or growing plants instead. Please get back to the ground and be reasonable. What we now have is better from what we had last year. So progress is being made and I want to thank the team for that. If there is something to improve on, I am certain they will implement it if there is a real benefit. I, for my part have decided to trust at least this team. As you said, at some point we have to trust somebody, because nobody needs so many woodworkers. Thanks Lars
Re: [Bulk] Re: [Bulk] Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, 13 Aug 2014 11:12:21 -0600 Theo de Raadt wrote: Also if you have a secure method to share the fingerprint then self-signed are more secure. Personally I would like someone, perhaps a major browser to create a service where we can login and submit our fingerprint and oh, I suppose because everything is much safer better when you add half a million lines of browser code to the mix. Insane. I meant for improving the web by avoiding CA's though not for OpenBSD but yeah, wrong list, sorry.
Re: [Bulk] Re: [Bulk] Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
Also if you have a secure method to share the fingerprint then self-signed are more secure. Personally I would like someone, perhaps a major browser to create a service where we can login and submit our fingerprint and oh, I suppose because everything is much safer better when you add half a million lines of browser code to the mix. Insane. I meant for improving the web by avoiding CA's though not for OpenBSD but yeah, wrong list, sorry. Yeah, and world peace.
Messed-up package dependencies?
Dear misc@ readers, bear with me... Noob at work! So, it seems that upgrading from 5.5-STABLE to -current completely messed-up package dependencies. 2/3 of previously installed packages were not upgradable; I tried to delete them all and re-add, but that of course didn't solve anything. Just as an example: just22@poseidon:[~] pkga gtk+2 Update candidates: quirks-2.9 - quirks-2.9 (ok) quirks-2.9 signed on 2014-07-31T22:37:55Z Can't install gtk+2-2.24.24 because of libraries |library atk-1.0.21209.1 not found | /usr/local/lib/libatk-1.0.so.21009.1 (atk-2.10.0p0): bad major |library ffi.1.0 not found | /usr/local/lib/libffi.so.0.0 (libffi-3.0.9p6): bad major |library gio-2.0.4000.0 not found | /usr/local/lib/libgio-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library glib-2.0.4000.0 not found | /usr/local/lib/libglib-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library gmodule-2.0.4000.0 not found | /usr/local/lib/libgmodule-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library gobject-2.0.4000.0 not found | /usr/local/lib/libgobject-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library gthread-2.0.4000.0 not found | /usr/local/lib/libgthread-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library harfbuzz.4.4 not found | /usr/local/lib/libharfbuzz.so.4.2 (harfbuzz-0.9.25): minor is too small |library png.17.2 not found | /usr/local/lib/libpng.so.17.1 (png-1.6.8): minor is too small Direct dependencies for gtk+2-2.24.24 resolve to gtk-update-icon-cache-2.24.22p1 python-2.7.6p0 gettext-0.18.2p4 cups-libs-1.7.4 hicolor-icon-theme-0.12p2 gdk-pixbuf-2.30.4 atk-2.10.0p0 pango-1.36.2 gnome-icon-theme-symbolic-3.10.1 libiconv-1.14p1 Full dependency tree is glib2-2.38.2p6 libdaemon-0.14p0 pcre-8.33 lzo2-2.06p0 bzip2-1.0.6p0 python-2.7.6p0 gdbm-1.10p0 libcroco-0.6.8p0 tiff-4.0.3p2 librsvg-2.40.1 avahi-0.6.31p13 gettext-0.18.2p4 gnome-icon-theme-3.10.0p2 pango-1.36.2 jpeg-9p0 jasper-1.900.1p2 libxml-2.9.1 png-1.6.8 gtk-update-icon-cache-2.24.22p1 libelf-0.8.13p1 shared-mime-info-1.2 cairo-1.12.16 graphite2-1.2.4 hicolor-icon-theme-0.12p2 gnome-icon-theme-symbolic-3.10.1 dbus-1.8.0v0 cups-libs-1.7.4 harfbuzz-0.9.25 gdk-pixbuf-2.30.4 atk-2.10.0p0 libffi-3.0.9p6 libiconv-1.14p1 So it's complaining that the library atk is not found, but... wait... the atk version in the package tree is 2.12.0, not 1.0.21209.1 I certainly make something terribly wrong... but what? And is there any way to recover the situation? Where should I start the debugging? Please help. Thanks in advance -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: Messed-up package dependencies?
So, it seems that upgrading from 5.5-STABLE to -current completely messed-up package dependencies. http://www.openbsd.org/faq/current.html You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported. I certainly make something terribly wrong... but what? And is there any way to recover the situation? Where should I start the debugging? Backup your data. Install a Snapshot. Try again. http://www.openbsd.org/faq/faq5.html#Flavors P.S. Why do you want to run current?
Re: Messed-up package dependencies?
Well, I didn't update the PKG_PATH var. So obvious... I should sleep a bit more... Sorry for the noise. All the best On Wed 13/08 21:14, Alessandro DE LAURENZIS wrote: Dear misc@ readers, bear with me... Noob at work! So, it seems that upgrading from 5.5-STABLE to -current completely messed-up package dependencies. 2/3 of previously installed packages were not upgradable; I tried to delete them all and re-add, but that of course didn't solve anything. Just as an example: just22@poseidon:[~] pkga gtk+2 Update candidates: quirks-2.9 - quirks-2.9 (ok) quirks-2.9 signed on 2014-07-31T22:37:55Z Can't install gtk+2-2.24.24 because of libraries |library atk-1.0.21209.1 not found | /usr/local/lib/libatk-1.0.so.21009.1 (atk-2.10.0p0): bad major |library ffi.1.0 not found | /usr/local/lib/libffi.so.0.0 (libffi-3.0.9p6): bad major |library gio-2.0.4000.0 not found | /usr/local/lib/libgio-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library glib-2.0.4000.0 not found | /usr/local/lib/libglib-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library gmodule-2.0.4000.0 not found | /usr/local/lib/libgmodule-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library gobject-2.0.4000.0 not found | /usr/local/lib/libgobject-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library gthread-2.0.4000.0 not found | /usr/local/lib/libgthread-2.0.so.3800.0 (glib2-2.38.2p6): bad major |library harfbuzz.4.4 not found | /usr/local/lib/libharfbuzz.so.4.2 (harfbuzz-0.9.25): minor is too small |library png.17.2 not found | /usr/local/lib/libpng.so.17.1 (png-1.6.8): minor is too small Direct dependencies for gtk+2-2.24.24 resolve to gtk-update-icon-cache-2.24.22p1 python-2.7.6p0 gettext-0.18.2p4 cups-libs-1.7.4 hicolor-icon-theme-0.12p2 gdk-pixbuf-2.30.4 atk-2.10.0p0 pango-1.36.2 gnome-icon-theme-symbolic-3.10.1 libiconv-1.14p1 Full dependency tree is glib2-2.38.2p6 libdaemon-0.14p0 pcre-8.33 lzo2-2.06p0 bzip2-1.0.6p0 python-2.7.6p0 gdbm-1.10p0 libcroco-0.6.8p0 tiff-4.0.3p2 librsvg-2.40.1 avahi-0.6.31p13 gettext-0.18.2p4 gnome-icon-theme-3.10.0p2 pango-1.36.2 jpeg-9p0 jasper-1.900.1p2 libxml-2.9.1 png-1.6.8 gtk-update-icon-cache-2.24.22p1 libelf-0.8.13p1 shared-mime-info-1.2 cairo-1.12.16 graphite2-1.2.4 hicolor-icon-theme-0.12p2 gnome-icon-theme-symbolic-3.10.1 dbus-1.8.0v0 cups-libs-1.7.4 harfbuzz-0.9.25 gdk-pixbuf-2.30.4 atk-2.10.0p0 libffi-3.0.9p6 libiconv-1.14p1 So it's complaining that the library atk is not found, but... wait... the atk version in the package tree is 2.12.0, not 1.0.21209.1 I certainly make something terribly wrong... but what? And is there any way to recover the situation? Where should I start the debugging? Please help. Thanks in advance -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
tcpdump and circular logfile buffer
[ -C file_size ] [ -W filecount ] tcpdump.orgs tcpdump has the above options so that you can constantly log and yet open a file of a certain time quickly with wireshark. I am trying to come up with some magic for doing similar with the more secure and in base tcpdump without porting the c so if anyone already does this then please let me know? Thanks, Kc -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: [Bulk] Messed-up package dependencies?
previously on this list Alessandro DE LAURENZIS contributed: bear with me... Noob at work! So, it seems that upgrading from 5.5-STABLE to -current completely messed-up package dependencies. 2/3 of previously installed packages were not upgradable; I tried to delete them all and re-add, but that of course didn't solve anything. Did you set the PKG_PATH to the snapshot package directory on the mirror? You can use the following which sthen posted previously /usr/sbin/pkg_info -aq PKG_LIST_FULL or /usr/sbin/pkg_info -mg PKG_LIST_MANUAL To get a list of installed packages and something like /usr/bin/env PKG_PATH=http://???snapshot/packages/amd64; /usr/sbin/pkg_add -zl PKG_LIST_MANUAL to install the same set built for current Don't forget to check out www.openbsd.org/faq/current.html and plus.html and the faq on upgrading to current -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On 13/08/14 22:13, Eric Furman wrote: [snip] The most absolutely best way any one can contribute to OBSD is to BUY CD'S. Buy some cd's and then buy some more. Buy them for the stickers. Buy them because they fund OBSD. Without cd sales OBSD would cease to exist. It is as simple as that. So, BUY CD'S! That is worth repeating; Without CD sales OpenBSD will cease to exist. PERIOD. Contrary to what a lot of you assholes think I would rather have a 5.5 T'shirt. I am new and when I am ready I will be back here asking questions but for now, I do not want a CD (totally useless to me) but a T'shirt would be cool. It would cover my nakedness. Looking on http://www.openbsd.org/tshirts.html I can see no 5.5 T'shirt. Actually given that today I am at home because of snow on the Lieth Saddle a 5.5 merino hoodie would be best. It would cover my nakedness and keep me warm(er) NOTHING IS FOR FREE. yea Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: tcpdump and circular logfile buffer
previously on this list Kevin Chadwick contributed: [ -C file_size ] [ -W filecount ] tcpdump.orgs tcpdump has the above options so that you can constantly log and yet open a file of a certain time quickly with wireshark. I am trying to come up with some magic for doing similar with the more secure and in base tcpdump without porting the c so if anyone already does this then please let me know? Thanks, Kc I think split should work. I love Unix #!/bin/sh until /bin/dd if=/dev/zero | split -b 1k do /bin/dd if=/dev/zero | split -b 1k done -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, Aug 13, 2014, at 05:36 PM, Worik Stanton wrote: On 13/08/14 22:13, Eric Furman wrote: [snip] The most absolutely best way any one can contribute to OBSD is to BUY CD'S. Buy some cd's and then buy some more. Buy them for the stickers. Buy them because they fund OBSD. Without cd sales OBSD would cease to exist. It is as simple as that. So, BUY CD'S! That is worth repeating; Without CD sales OpenBSD will cease to exist. PERIOD. Contrary to what a lot of you assholes think I would rather have a 5.5 T'shirt. I am new and when I am ready I will be back here asking questions but for now, I do not want a CD (totally useless to me) but a T'shirt would be cool. It would cover my nakedness. Looking on http://www.openbsd.org/tshirts.html I can see no 5.5 T'shirt. Actually given that today I am at home because of snow on the Lieth Saddle a 5.5 merino hoodie would be best. It would cover my nakedness and keep me warm(er) Fine, buy a T-shirt, but realize that only a small fraction of the cost actually goes to OpenBSD. When you buy a CD the vast majority of the cost goes to OpenBSD. Who cares whether you need the CD or not. Buy if for the cool stickers. Throw the CD in the trash for all I and the OpenBSD developers care.
Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request
On Wed, Aug 13, 2014 at 3:52 PM, Eric Furman ericfur...@fastmail.net wrote: On Wed, Aug 13, 2014, at 05:36 PM, Worik Stanton wrote: On 13/08/14 22:13, Eric Furman wrote: [snip] The most absolutely best way any one can contribute to OBSD is to BUY CD'S. Buy some cd's and then buy some more. Buy them for the stickers. Buy them because they fund OBSD. Without cd sales OBSD would cease to exist. It is as simple as that. So, BUY CD'S! That is worth repeating; Without CD sales OpenBSD will cease to exist. PERIOD. Contrary to what a lot of you assholes think I would rather have a 5.5 T'shirt. I am new and when I am ready I will be back here asking questions but for now, I do not want a CD (totally useless to me) but a T'shirt would be cool. It would cover my nakedness. Looking on http://www.openbsd.org/tshirts.html I can see no 5.5 T'shirt. Actually given that today I am at home because of snow on the Lieth Saddle a 5.5 merino hoodie would be best. It would cover my nakedness and keep me warm(er) Fine, buy a T-shirt, but realize that only a small fraction of the cost actually goes to OpenBSD. When you buy a CD the vast majority of the cost goes to OpenBSD. Who cares whether you need the CD or not. Buy if for the cool stickers. Throw the CD in the trash for all I and the OpenBSD developers care. For people earning decent money, $100 a year really isn't much. I've always failed to see why this is such a big deal. I'd prefer not to flame, but if you're a dev and a sysadmin earning decent money, or just someone who uses OpenBSD (like me) and earns OK money, if you refuse to kick in $50 every six months, you probably shouldn't be posting to this list. My OpenBSD knowledge is weak, but I've always had good luck here. I like the OS; it's simple. For me the continued development of the OS and this list are more than worth the $50 every six months. My 2 cents. Puff on!
i config'ed the ethernet card, do I have to do vlan0 now? just need some help here...
When setting up 5.5, I get my ethernet card saying active and everything looks right, but pings to known outside addresses fail, eg., I'm still not on the air. Also, I've heard that running X weakens security, I'm going to OpenBSD because my FreBSD based Mac is, apparently, where hackers go to relax. Can I strengthen the X component? Oh, I don't have access to any wires, my environment is strictly wireless. Incredibly fast but not based on patch cords. Still, I assume I could use a patch code from my Mac to get my OpenBSD machine up.
Donations to OpenBSD
I changed the subject line On 14/08/14 10:52, Eric Furman wrote: Fine, buy a T-shirt, but realize that only a small fraction of the cost actually goes to OpenBSD. When you buy a CD the vast majority of the cost goes to OpenBSD. Who cares whether you need the CD or not. Buy if for the cool stickers. Throw the CD in the trash for all I and the OpenBSD developers care. Respectfully I find that a bit offensive. Ask me for a donation if you want. But do not expect me to by an object to be manufactured, shipped 1/3 of the way around the globe and then I'll through it in the trash. Not cool at all. OpenBSD is, it seems, very cool and worth supporting. I am investigating using the mechanism detailed in http://www.openbsd.org/bank-donation.html... Looking at https://https.openbsd.org/cgi-bin/order there seems to be no difference in CDs and T'Shirts in so far as where the money goes. I do understand from conversations I have had that there is a difference. Lastly: IMO It is time to change. CDs are no longer useful. I have OpenBSD on a VPS so stickers are a waste of time too. I would like to donate some money, but it is not easy. I would like to know for sure that the money goes to the project. For expenses or to developers, who spend so much time on this, to spend on whatever they want (beer, fish, little rubber balls...) But I will not buy things I cannot use. Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Donations to OpenBSD
On 8/13/14, Worik Stanton worik.stan...@gmail.com wrote: I changed the subject line On 14/08/14 10:52, Eric Furman wrote: Fine, buy a T-shirt, but realize that only a small fraction of the cost actually goes to OpenBSD. When you buy a CD the vast majority of the cost goes to OpenBSD. Who cares whether you need the CD or not. Buy if for the cool stickers. Throw the CD in the trash for all I and the OpenBSD developers care. Respectfully I find that a bit offensive. Ask me for a donation if you want. But do not expect me to by an object to be manufactured, shipped 1/3 of the way around the globe and then I'll through it in the trash. Not cool at all. You can do what I do. I purchase the CDs but request the vendor not to send me the actual, physical CDs. That's my preferred donation method. Cheers, --patrick OpenBSD is, it seems, very cool and worth supporting. I am investigating using the mechanism detailed in http://www.openbsd.org/bank-donation.html... Looking at https://https.openbsd.org/cgi-bin/order there seems to be no difference in CDs and T'Shirts in so far as where the money goes. I do understand from conversations I have had that there is a difference. Lastly: IMO It is time to change. CDs are no longer useful. I have OpenBSD on a VPS so stickers are a waste of time too. I would like to donate some money, but it is not easy. I would like to know for sure that the money goes to the project. For expenses or to developers, who spend so much time on this, to spend on whatever they want (beer, fish, little rubber balls...) But I will not buy things I cannot use. Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Donations to OpenBSD
Respectfully I find that a bit offensive. Ask me for a donation if you want. But do not expect me to by an object to be manufactured, shipped 1/3 of the way around the globe and then I'll through it in the trash. Not cool at all. Then find another way to ensure that OpenBSD persists in the future. Come on, the web pages regarding donations are more than clear about how things work. Refer to http://www.openbsd.org/donations.html. There is a Foundation following government imposed rules. There is a Project, which is not a corporation, so that the Foundation can help it. There is a clear separation. Then there is a guy in Calgary who has no other job because herding roughly 100 people into making a high-quality release every 6 month (on the clock) doesn't allow time for another job. It sounds like you can put sentences together to form paragraphs, so I bet you and others can figure this out. If you want this almost 20 year old thing to be sustained further, find a way of your own that you think will sustain it. Otherwise it sounds like you are digging for excuses. The Foundation is doing a great job these days covering most of the costs of the project (see their web pages for a list of what they have funded over the last 3 years). But the Foundation does not cover my time. And I will not spend my time begging. Nor would most of you. OpenBSD is, it seems, very cool and worth supporting. I am investigating using the mechanism detailed in http://www.openbsd.org/bank-donation.html... That is a mechanism that funds the Project directly. I dig into this to cover expenses for the Project that the Foundation does not cover, in particular when they occur in Europe (obviously). Does anyone find fault with this? Looking at https://https.openbsd.org/cgi-bin/order there seems to be no difference in CDs and T'Shirts in so far as where the money goes. I do understand from conversations I have had that there is a difference. Well OBVIOUSLY CDs accumulate more revenue than T-shirts, so recently we've not made any T-shirts because it isn't worth it, the setup costs and overheads are higher than the number sold. If you guys don't buy enough of them, then we don't do the setup. Other than that, there is no difference to you, expect that I would guess you don't buy any, and you don't fund the Project or the Foundation, and all of this is idle chatter. Lastly: IMO It is time to change. CDs are no longer useful. I have OpenBSD on a VPS so stickers are a waste of time too. Thanks for the advice. Does your advice change anything? NO! It changes NOTHING. That is the kind of advice that comes off close to telling us to give up and die. I would like to donate some money, but it is not easy. Not easy? That statement is totally false. You found the web page. And the Foundation takes paypal, even off a credit card. Not easy? I would like to know for sure that the money goes to the project. For expenses or to developers, who spend so much time on this, to spend on whatever they want (beer, fish, little rubber balls...) But I will not buy things I cannot use. You use software we've produced for almost 20 years, without cost, then you think you can saunter in here and demand greater transparancy? Why don't you show your bank accounts...
Re: Donations to OpenBSD
On 14/08/14 11:45, patrick keshishian wrote: You can do what I do. I purchase the CDs but request the vendor not to send me the actual, physical CDs. That's my preferred donation method. Cool. Where does the money all go in that case? Definitely the most simple option so far. How does it compare for using the SWIFT method outlined on the website? Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Donations to OpenBSD
On 14/08/14 11:45, patrick keshishian wrote: You can do what I do. I purchase the CDs but request the vendor not to send me the actual, physical CDs. That's my preferred donation method. Cool. Where does the money all go in that case? Definitely the most simple option so far. A good portion of the CD sales pays me a salary, as I do the release engineering throughout the year. Obviously there are overheads in doing a production sales shipping operation, so the word portion is correct. As to what the salary pays, well basically it means 4.5 months of making sure the development process doesn't take too many risks and go off the rails, and 1.5 months of producing the release. A release which is ready for the internet, but also ready to go onto the CDs -- which even today act as a significant control to make sure we don't do bat shit crazy stuff like bloat the code. Then, repeat; 36 or so times in a row so far. Anyone want to volunteer to take over the release process? During that entire process, I coordinate and participate in the security ideas our project is famous for. How does it compare for using the SWIFT method outlined on the website? The SWIFT donations go to the Project. That is spent on things which the Foundation doesn't pay for.
Re: Donations to OpenBSD
On 14/08/14 11:55, Theo de Raadt wrote: Well OBVIOUSLY CDs accumulate more revenue than T-shirts, so recently we've not made any T-shirts because it isn't worth it, the setup costs and overheads are higher than the number sold. If you guys don't buy enough of them, then we don't do the setup. Other than that, there is no difference to you, expect that I would guess you don't buy any, and you don't fund the Project or the Foundation, and all of this is idle chatter. Nope. I have a Blow Fish T'shirt from years gone by. I bought a CD back then too. It was useful then. I fully get the set-up costs of T'shirts. That is a shame but if it is too much work I can go naked. Definitely not idle chatter. I am interested in getting beer into your fridge or biscuits into your dog or whatever. Absolutely not idle chatter! Suggestion: Package the release notes, FAQ and some other documentation into a PDF and sell that at the same price as the CD, from the same place. I'd buy that. It would be better quality than the (often) crap O'Reilly sell, and I buy that. Not idle chatter. Finding efficient ways to get you money given the date. W -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Donations to OpenBSD
Suggestion: Package the release notes, FAQ and some other documentation into a PDF and sell that at the same price as the CD, from the same place. I'd buy that. It would be better quality than the (often) crap O'Reilly sell, and I buy that. We should do more... Then you'll give us more
Re: Donations to OpenBSD
On 8/13/14, Worik Stanton worik.stan...@gmail.com wrote: On 14/08/14 11:45, patrick keshishian wrote: You can do what I do. I purchase the CDs but request the vendor not to send me the actual, physical CDs. That's my preferred donation method. Cool. Where does the money all go in that case? Definitely the most simple option so far. I believe it goes to the project, no different than if I had received the CDs. How does it compare for using the SWIFT method outlined on the website? I'm not familiar that method, therefore, I can't comment. Best, --patrick Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand)
Re: Donations to OpenBSD
I just donated money to pay for the developer's time in responding to this useless thread. =P Theo de Raadt: Suggestion: Package the release notes, FAQ and some other documentation into a PDF and sell that at the same price as the CD, from the same place. I'd buy that. It would be better quality than the (often) crap O'Reilly sell, and I buy that. We should do more... Then you'll give us more
modem onda msa190up
          Dear Sirs          Failure connection using modem onda msa190up...why if it's detected at boot time? I'm using OpenBSD-5.5 32 bit and I don't known what to do else -- Best Regards Franxones
Re: Donations to OpenBSD
Then buy the damn CD and have it shipped to Theo. On Wed, Aug 13, 2014 at 7:36 PM, Worik Stanton worik.stan...@gmail.com wrote: I changed the subject line On 14/08/14 10:52, Eric Furman wrote: Fine, buy a T-shirt, but realize that only a small fraction of the cost actually goes to OpenBSD. When you buy a CD the vast majority of the cost goes to OpenBSD. Who cares whether you need the CD or not. Buy if for the cool stickers. Throw the CD in the trash for all I and the OpenBSD developers care. Respectfully I find that a bit offensive. Ask me for a donation if you want. But do not expect me to by an object to be manufactured, shipped 1/3 of the way around the globe and then I'll through it in the trash. Not cool at all. OpenBSD is, it seems, very cool and worth supporting. I am investigating using the mechanism detailed in http://www.openbsd.org/bank-donation.html... Looking at https://https.openbsd.org/cgi-bin/order there seems to be no difference in CDs and T'Shirts in so far as where the money goes. I do understand from conversations I have had that there is a difference. Lastly: IMO It is time to change. CDs are no longer useful. I have OpenBSD on a VPS so stickers are a waste of time too. I would like to donate some money, but it is not easy. I would like to know for sure that the money goes to the project. For expenses or to developers, who spend so much time on this, to spend on whatever they want (beer, fish, little rubber balls...) But I will not buy things I cannot use. Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Donations to OpenBSD
Seems pretty easy to make donations. Send money. Don't want a CD? OK, Send money. The documentation is already provided, the FAQ is an excellent codicil to the man pages. No need for a PDF really. There is a clear need for money. Demonstrate your willingness and interest to contribute by ... contributing. The free suggestions are not as useful as money. Send some money, then sit back enjoy the software and be generally quiet. Every now and again we get to watch Theo go off on someone, its fun even though I kinda worry about him bursting a vein at us. Theo de Raadt wrote: Suggestion: Package the release notes, FAQ and some other documentation into a PDF and sell that at the same price as the CD, from the same place. I'd buy that. It would be better quality than the (often) crap O'Reilly sell, and I buy that. We should do more... Then you'll give us more
Re: i config'ed the ethernet card, do I have to do vlan0 now? just need some help here...
On 08/13/14 19:18, Jules Gilbert wrote: When setting up 5.5, I get my ethernet card saying active and everything looks right, but pings to known outside addresses fail, eg., I'm still not on the air. Also, I've heard that running X weakens security, I'm going to OpenBSD because my FreBSD based Mac is, apparently, where hackers go to relax. Can I strengthen the X component? Oh, I don't have access to any wires, my environment is strictly wireless. Incredibly fast but not based on patch cords. Still, I assume I could use a patch code from my Mac to get my OpenBSD machine up. you have provided almost no information (and a few contradictions in the few facts you provided). IF you are doing a wireless network and it's a simple wireless network, you aren't doing vlans. Not your issue. You need to config your wireless card properly. This can be a trick without a wire, as many wireless cards require a firmware that can not be included with the base system, so much be installed. Answer there is to download the needed firmware on another machine and copy it to your target system. You mention a patch code, which I am guessing means an Ethernet cable (CORD), but if you are strictly wireless, I'm at a loss as to what you are plugging your Ethernet card into. As for the issue of X security, again, it depends on details you avoided giving us. But I suspect your security issue is related to something far simpler than X exploits -- like maybe the application(s) you are running or administrative errors. Is X a security problem? yes. Absolutely. Something that needs to be fixed. But not a common in-the-wild untargeted attack. If that's really how people are moving into your system, I know people who'd love to see it, but your note pretty well convinces me this is NOT the vector used. Nick.