Re: OT: Building a DNS blackhole server
On 20 October 2011 04:21, carlopmart carlopm...@gmail.com wrote: https://secure.wikimedia.org/wikipedia/en/wiki/Comparison_of_DNS_blacklists B But, what is your opinion about this table?? What are the most reliable suppliers??? Which of these lists is sure to be deployed in a production environment? I do not want to generate more false positives than necessary. Is your intent to cut SPAM on your servers (the intent of the majority of those) or are you looking to stop domain-based malware, like Zeus and its kin, from being able to phone home? If the latter, I'd start by looking for malware and botnet domains, and with the understanding that it's only a small part of defence-in-depth. kmw
Re: DNS lookups for hostnames in PF tables
On Thu, Sep 8, 2011 at 01:13, Theo de Raadt dera...@cvs.openbsd.org wrote: For example, is it possible to block a well-known social networking site which resolves to multiple IP addresses, using a PF table socialnet with just the hostname of the website? No. B What you want is to expand to all of the addresses. B Since address keep being added for such hostnames on the fly, it won't work. Blocking those hosts by IP is highly impractical given the reasons you noted, and I'll add that it's usually a *really* bad idea to block the CDNs by IP unless Gerard also wants to block his users from Microsoft's update service, support.dell.com and a few other big names. Been there, done that, suffered the resulting black eye. Gerard - if this is to meet some policy that you can't influence then use Squid with wildcards on the domains, play tricks in DNS if you need to, then hope your users aren't proxying connections via outside connections - all they need is one arbitrary port open to one arbitrary host and you can be completely blind to what they're doing. If you *can* influence the policy, consider a default deny with whitelisting for necessary destinations/ports. kmw
Re: PF and States
On 19 December 2010 07:16, Henning Brauer lists-open...@bsws.de wrote: * Ryan McBride mcbr...@openbsd.org [2010-12-03 09:52]: More than 100,000. I havn't tested lately (planning to do so soo), but I would expect somewhere closer to 500,000. you're way off ;) I had 2 million during a DDoS. things got a bit slow but everything worked. Henning - out of curiosity, what were the specs on that hardware? My understanding was that pf won't use more than 1GB of RAM, which I thought to equal about 1 million states, but I never verified that information and now it's been so long I can't recall the source. Obviously, my incorrectness probably exists on several levels here... kmw
Re: Linux or OpenBSD
On 22 September 2010 15:29, Rikky Taylor rikkytay...@hotmail.co.uk wrote: I was after some general advice. I need to setup a routing firewall with 3 interfaces, moderate traffic and a fair amount of NAT'ing in the rules. Define a fair amount of NAT'ing. Twenty machines in one class C, multiple class B networks filled to capacity...? Also, I would define moderate traffic. To some here, multiple gigabit links is moderate, to others moderate may be ten workstations as general web/email clients. Given identical modern server hardware would I expect a performance difference between an OpenBSD/PF setup and a Linux/IPTables one? Again, it depends on the number of clients, the hardware being used, type of traffic, Linux distribution (Debian or Gentoo will typically yield better performance out-of-the-box than RHEL, Ubuntu, CentOS, etc) and various other factors. Basically, more information is needed for an informed decision but the answer will almost certainly be yes, you'll see a performance difference and it will be in favour of OpenBSD + pf. kmw
Re: os that rather uses the gpu?
On 13 July 2010 16:54, Jiri B. ji...@live.com wrote: On Tue, 13 Jul 2010 22:46:13 +0200 Jozsi Avadkan jozsi.avad...@gmail.com wrote: Does someone know a distribution/operating system, that rather uses the GPU for working, not the CPU? [by default] Why are you asking on OpenBSD mailing list? OMG. Probably for the same reason he asked on freebsd-questions earlier today. Looks like he's casting a wide net to increase the likelihood of a catch. kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: OT, .. but has anyone seen a crontab editor
On 19 February 2010 11:21, L. V. Lammert l...@omnitec.net wrote: On Fri, 19 Feb 2010, Lars Nooden wrote: L. V. Lammert wrote: ... no way I'd saddle some of these guys with vi, much less setting the cron time parameters correctly. Then you are far, far better off not letting them anywhere near the server room if they are that unqualified. No, that isn't going to work. This isn't some elitist club - if we can't provide a simple, sane, safe way for a [priviledged] user to push a backup image out to a DR server, than *we* have failed as technologists. If *you* are letting underqualified users have privileged access to an Unix machine then the failure here is *you*. If *you* can't spend five minutes teaching your sys admins how to use 'crontab -e' then the failure here is *you*. If *you* are deploying an operating system that you don't have a qualified admin to handle then the failure here is *you*. It sounds to me like you don't have basic sys admin types, you have a bunch of Microsoft folks that don't actually know anything about system administration, they just know how to click okay. Teach them how to use Unix, they'll be better off for it. This isn't an OpenBSD or software issue (because the tools exist to easily and safely edit cron, and to easily and safely backup your system), this is a personnel issue - and if you can't be buggered to teach your admins how to use the tools provided, you should probably use a different system, just don't use Unix because the tools are pretty standard. kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: OT, .. but has anyone seen a crontab editor
On 19 February 2010 14:37, L. V. Lammert l...@omnitec.net wrote: On Fri, 19 Feb 2010, Kevin Wilcox wrote: If *you* are letting underqualified users have privileged access to an Unix machine then the failure here is *you*. Didn't say they had access to the **MACHINE** THAT'S THE WHOLE POINT FOR THE NCURSES QUESTION, if you had bothered to read the OP instead of bitching about what you THOUGHT it meant. Lee - if they don't have access to the machine then **why are you looking for alternatives to crontab**? If they don't have access to the machine then how in blazes are their changes going to useful other than as a text file on some random machine that isn't the one they need to be active on? Which is to say - I've read the entire thread so far and this is the first time you've said they won't have access to the machine. Instead of asking what is an alternative to foo, you should come out and say exactly what problem you need to solve, because as of this post it has become a moving target. kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: OT, .. but has anyone seen a crontab editor
On 19 February 2010 14:32, L. V. Lammert l...@omnitec.net wrote: On Fri, 19 Feb 2010, Johan Beisser wrote: What the hell is so hard about: If you have to ask what's so hard, it's too hard. The OP was about making the process **SIMPLE**, .. not complicated. Man pages are used to learn about a command, .. not a way to perform a specific command such as change the replicatio0 schedule to start at 8PM instead of 6PM. Man pages typically have examples. 'man 5 crontab' gives me a full breakdown of the field and allowed values, and further down gives a couple of examples of entries with a full description of what the examples do. It's called learning and you are intentionally being difficult. B While lines in a user crontab have five fixed fields plus a command in the form: B B B B B B minute hour day-of-month month day-of-week command B [...] Yeah right. That isn't SIMPLE by any definition. As I said, you're intentionally being difficult. That is really simple. 0 5 * * * /usr/local/bin/backup.sh Every day at 0500 run /usr/local/bin/backup.sh. How is that difficult once you see the format? Being a UNIX Systems Admin means knowing your tools, and most importantly your toolkits. Cron is a tool, making it simpler for a new admin is doing you both a disservice in the long run. The question was about a way to provide a way to change a crontab entry for ***NON SYS ADMINS***. No, the question was about an alternative to editing cron entries for basic sys admin types, that's a far cry from non sys admins. kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: OT, .. but has anyone seen a crontab editor
On 19 February 2010 16:14, L. V. Lammert l...@omnitec.net wrote: On Fri, 19 Feb 2010, Kevin Wilcox wrote: On 19 February 2010 14:37, L. V. Lammert l...@omnitec.net wrote: Didn't say they had access to the **MACHINE** THAT'S THE WHOLE POINT FOR THE NCURSES QUESTION, if you had bothered to read the OP instead of bitching about what you THOUGHT it meant. if they don't have access to the machine then **why are you looking for alternatives to crontab**? Changes to the actual machines will be pushed via ssh, .. but that's way too much detail for the level of the question I was asking. This is the *exact* level of detail that's needed. You don't need an alternative method of editing crontab, you need to be able to write cron-compatible files and have those pulled into cron. That's a *significant* difference. Rather than reply to your next email via a separate one, I'll include the responses below: No, you are not bothering to comprehend the question - these are *NOT* sysadmin types, .. and the procedure must be SIMPLE - open this nCurses application, check a different box, save and exit. The question was about editing a crontab entry. The question you originally asked was insufficient (and apparently the initial data you supplied was incorrect). What it should have been was I have a machine that I'm going to let some folks look after and I want to let some non sys-admin, non Unix folks change scheduled times for things to run in cron but they won't have any access to the machine other than via scp, is there a GUI that can write cron compatible output that I can then push to that remote machine? For that matter, I find edit this text file, change the 2 to a 5, save it to be simpler and more fool-proof, but difficult versus simple is relative; recompiling my FreeBSD kernel for PAE support is simple to me, telling someone how to clear their browser history and cache in Internet Explorer would be a much more difficult, more time consuming process. Remember, .. KISS rules. Cron *is* simple. You give it a time, you give it a command, it does its job. What you are trying to accomplish is completely separate from what you asked about. Now that you have provided some *necessary* information (the users *don't* have access to the machine, their inability to edit cron is not a skill issue but an access issue, et cetera), you might get a meaningful answer from anyone you haven't already pissed off by being difficult, being obstinate, being obdurate, failing to give the full parameters of what you are trying to accomplish and trying to back-track on what you said over the course of your own half-dozen or so emails on the subject. kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: VMware and OpenBSD
2009/11/17 Steve Shockley steve.shock...@shockley.net: Under VMware ESX, which NIC works better with OpenBSD, E1000, pcn or vic? In my experience, e1000 has been the way to go. kmw -- Beware the leader who bangs the drums of war in order to whip the citizenry into a patriotic fervor, for patriotism is indeed a double-edged sword. It both emboldens the blood, just as it narrows the mind. And when the drums of war have reached a fever pitch and the blood boils with hate and the mind has closed, the leader will have no need in seizing the rights of the citizenry. Rather, the citizenry, infused with fear and blinded by patriotism, will offer up all of their rights unto the leader and gladly so - Unattributed, post 9/11
Re: Snort on OpenBSD
2009/10/8 Joachim Schipper joac...@joachimschipper.nl: What, specifically, fails to work? OpenBSD has a snort package, I assume that will install without issues. Don't you get a working IDS just by installing the port (and updating the rules, if so desired)? What, specifically, are the issues? Not only what fails to work but what version information can you provide? kmw -- Whenever there is in any country, uncultivated lands and unemployed poor, it is clear that the laws of property have been so far extended as to violate natural right. The earth is given as a common stock for man to labour and live on. -- Thomas Jefferson, 1785
Re: OpenSSH exploit... or not?
2009/7/20 Leonardo Rodrigues leonardov...@gmail.com: For information... http://seclists.org/fulldisclosure/2009/Jul/0279.html I wondered how long it would take for someone to ask about that either in misc@ or po...@. I'll believe there is something to release when something gets released or the OpenSSH devs say oh, wait, there's a problem... Until then I'm treating anything from that poster (anti-sec) as FUD and SPAM. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
Re: OpenBSD HA
2009/6/11 Joachim Schipper joac...@joachimschipper.nl: If you decide not to go with OpenBSD, you may wish to consider OpenSolaris instead of FreeBSD, which will allow you to use ZFS and DTrace, both of which may be useful in a PostgreSQL deployment. There are good reasons not to use (Open)Solaris (you may consider it not truly free, Oracle may kill it, you may have trouble finding people with experience, the userland utilities lack polish, etc), but at least it does offer some useful things in exchange for the headache of running two different OSes. I'll offer a flipside to this. I have physical and virtual (ESX) FreeBSD machines doing all manner of apache/php/postgresql/named/snmp work. FreeBSD *does* have ZFS support but it's not nearly as mature as the support in OpenSolaris. That said, I have virtual machines with 100+ GB data stores acting as sources for ZFS pools under FreeBSD 7.2-RELEASE with PostGreSQL 8.3.7 and I love it. This is a low I/O setup and I only do about 9 million inserts/updates per day but it suits my needs just fine. OT, I know, but there are my $0.02. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK
2009/5/26 Sam Fourman Jr. sfour...@gmail.com: Sam Fourman Jr. sfour...@gmail.com rlz686 Now that's funny. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
OFF TOPIC: Re: OpenBSD ESXi VMware image on Soekris Net5501
David - it looks like my mobile device did a horrendous job of displaying your email so I apologise for coming off a bit half-cocked in the last email (and despite it being so much more OT conversation on the list, I still wanted to do it publicly). 2009/5/20 David Talkington dt...@flyingjoke.org: Kevin Wilcox wrote: that practically necessitates IBM, Sun, HP or Dell hardware. No it doesn't. That was based on my last review of the .pdf we received from our VMWare rep that was, admittedly, some time ago. I just checked the ESXi HCL and I'm glad to see that support has grown *substantially*, particularly with them offering ESXi. So, my apologies for outdated information. Skip the virtualisation cruft and install natively. That isn't a helpful or enlightened answer (not that one should expect help with this topic here). Agreed. A better reply (though perhaps less relevant) would be, O.P. - I do not have experience with OBSD on VMWare ESXi on a Soekris. I do have quite a bit of experience with OpenBSD on VMWare ESX on officially supported hardware and the results vary depending on load and how much tweaking you may or may not have to do with your configuration. For certain storage backends we have to do some minor voodoo to the disk configuration before the VM is made aware of the disk - this has caused several of our OpenBSD VMs to panic, an issue that in no way, shape, form or fashion am I blaming on OpenBSD - that problem lies with VMWare. On the other hand, I have virtualised OpenBSD firewalls on plain configurations sitting in front of virtualised servers (yes, it works for our needs) that never hiccup. The latest I am using is 4.4 as I've been unable to take any of those machines down for upgrade since receiving the 4.5 cds. Because of the quirks that are introduced with running on top of VMWare, if you have the hardware and this is a single use machine, I can't stress highly enough that, if at all possible, you should skip the virtualisation cruft and install natively. Performance *will* be better, as will reliability and the chance of finding some form of community assistance. O.P., you should start here for detailed ESXi hardware support info: http://www.vm-help.com/ And the official VMWare HCL here should you ever decide to move to supported hardware: http://www.vmware.com/resources/compatibility/search.php?action=basedeviceCa tegory=server kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
Re: OpenBSD ESXi VMware image on Soekris Net5501
2009/5/21 obiozorok...@yahoo.com: I'll have to re-think this but I honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image running on ESXi as my strong firewall I would be ok. B Basically its just a virtualization of my physical environment but all on one box with 3 VM images. So my idea was to have second OpenBSD image (not the firewall OpenBSD image) running with Samba as my Domain Controller and File server, and Email server and then the third Windows VM running just the custom app. B I figured that as long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered and controlled by pf, spam greylisting, brute force checked, etc I would be ok? B No? There are some strategic issues with virtualising a firewall. What should be the simplest, most rock solid member of your network is now on the same hardware as foo virtual machines. If one of the application servers is compromised then it's *possible* that the VMWare server itself could be compromised, rendering the firewall VM under the control of The Bad Guys. If one of the VMs screws the pooch and takes down the server then you've not only lost the ability to communicate with those servers, you've lost the ability to communicate with your firewall. If one of the application VMs isn't configured with proper resource limits then performance on the firewall will drop under periods of heavy traffic. For that matter, you've already introduced overhead on throughput of the firewall by forcing traffic to be received by the VM OS before it's received by OpenBSD. If the VM server is compromised then the things that can be done to traffic without ever actually disrupting the firewall are almost certainly fun fun fun (in all fairness, I haven't tried mucking with traffic on ESX/i, this is based entirely in speculation). I'm sure there are obvious things that I'm missing but these are the ones that blast the loudest through my brain when I think about virtualising a firewall. As I stated before, I have done it and there are a few that I maintain - and they do their job well - but that doesn't mean I condone the practice in general and it surely doesn't suggest that I think it's something that should be done on a whim or with a light attitude. It is dangerous and unsupported and you need to understand there is significant risk in doing so. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
Re: OpenBSD ESXi VMware image on Soekris Net5501
This is doomed to failure, mostly because I am *almost* certain that you'll never get ESXi to install on a Soekris. My understanding is that it has a strict HCL, very similar if not identical to the HCL for ESX, that practically necessitates IBM, Sun, HP or Dell hardware. Skip the virtualisation cruft and install natively. kmw On 20/05/2009, Obiozor Okeke obiozorok...@yahoo.com wrote: Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501 appliance and I was wondering if anyone has already tried successfully running ESXi on the Soekris Net5501 before I order the hardware? Any advice or comments is appreciated. Thanks in advance -- Sent from my mobile device To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
Re: OpenBSD ESXi VMware image on Soekris Net5501
David, I'm currently mobile and unable to track down the HCL for ESX/i myself - thus my mentioning them to the original poster with what I could remember off the top of my head about supported machines. If that was an insufficient response then the OP is more than welcome to ignore it. On the other hand, the OP could always say, oh, ESXi HCL, I wonder... and google 'vmware esxi hardware compatibility'. kmw On 20/05/2009, David Talkington dt...@flyingjoke.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is way OT for this list, but: Kevin Wilcox wrote: My understanding is that it has a strict HCL, Yes it does. that practically necessitates IBM, Sun, HP or Dell hardware. No it doesn't. Skip the virtualisation cruft and install natively. That isn't a helpful or enlightened answer (not that one should expect help with this topic here). O.P., you should start here for detailed ESXi hardware support info: http://www.vm-help.com/ Cheers -d - -- David Talkington dt...@flyingjoke.org - -- PGP key: http://www.flyingjoke.org/keys/801E3976.asc (What's this? http://en.wikipedia.org/wiki/Digital_signature) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (GNU/Linux) iQEcBAEBAgAGBQJKFKpkAAoJEO7jL1CAHjl2+YgH/jwqmzLTgAGD1wDkxBPbJGZC qOQkT2lYoyy0obJ66777wfh/BRcZt88jIpnBVxPfprfnE3h4HUVw/0pP4xtriWcK nOQp+dWQeuhGYmV9QycWXAWvhRIrSwgmB3LagKPPYUQ4eR0aVz8NJ/LzkJpzwRb1 4kdxc4KXYxDG+HdaQ/mhQ4yGeY2AiTs41zs0oEjBQraeBb/FUwdXzKfFmK9brFxd kOEuKYUW9QAFnpzAmkKcFHM7QOQ8zIhLNIs7K/jTmLPVYycU14eutUUR+Q+SoI9W YriQmxcZ2PTxHIXA2hjvORM9FZiy0NwyDU8H9NHl2gA34rq1vheuVUnsHRJVH4U= =eE8z -END PGP SIGNATURE- -- Sent from my mobile device To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
Re: Migration from IPTABLES to PF
2009/5/4 Ricardo Augusto de Souza ricardo.so...@cmtsp.com.br: #___ # Protecao do KERNEL #___ #Enable forwarding in kernel echo 1 /proc/sys/net/ipv4/ip_forward man sysctl #Block source routing echo 1 /proc/sys/net/ipv4/conf/all/accept_source_route man sysctl #Enable SYN Cookies #echo 1 /proc/sys/net/ipv4/tcp_syncookies man sysctl #Kill redirects echo 1 /proc/sys/net/ipv4/conf/all/accept_redirects man sysctl #Reduce DoS'ing ability by reducing timeouts echo 30 /proc/sys/net/ipv4/tcp_fin_timeout echo 2400 /proc/sys/net/ipv4/tcp_keepalive_time echo 0 /proc/sys/net/ipv4/tcp_window_scaling echo 0 /proc/sys/net/ipv4/tcp_sack man sysctl Your problem isn't necessarily your understanding of pf, it's of *nix in general. Don't feel bad, a lot of Linux admins grow too reliant on using /proc directly instead of using the more appropriate method of setting values, sysctl. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, bthe guarantee to every one of a free exercise of his industry, the fruits acquired by it.'
Re: Memory and Swap Info
2009/4/30 socknoggle todd.sarg...@hostedsolutions.com: Sorry,all. B I didn't state what I needed very well. B What I'm really looking for is hardware data related to memory, swap, cpu, pci and scsi devices. This would be similar to the data on Linux in /proc/meminfo, /proc/cpuinfo, lspci -v and /proc/scsi/scsi respectively. Thanks for all responses so far! man sysctl kmw
Re: OpenSSH release CDS
2009/3/11 patric conant mirage.comput...@gmail.com: I've repeatedly been in a position where we weren't making direct use of OpenBSD, but were using OpenSSH, and if there were a recurring cost associated with it (like purchasing a semi-annual CD) it would have been relatively painless to get a rubber stamp approval of such a cost, whereas purchasing an OS we weren't using would've been a much more difficult sell. Since there is already regular ssh art, (that could be used for the next several releases), how much further effort/money would it take to release OpenSSH on CD? Also of the people on misc@ how many would think they'd have an easier time convincing bosses/clients/others to buy a single CD for say $25 then they would getting an OS purchased. Just a thought, for these trying economic times and whatnot. I can't speak for the devs, Theo, @misc or anyone except myself and my personal experiences with having a custom CD created but I'd bet my experiences aren't too different from what Theo and the core team have to deal with. When we looked into it for something else, we had to order a set number before anyone would even agree to print/press/package. All of that gets paid out of pocket with the hopes that you can move the product. If it doesn't sell in a reasonable time then it has suddenly become outdated and an unnecessary waste if your sales do not cover at least the physical costs and the man-hours of effort put into it. Colour me skeptical or pessimistic but I'd wager it's Just Not Worth It to package/print/sell OpenSSH discs. You can always donate to the project, though. Methods of payment are available at http://www.openssh.org/donations.html http://openbsd.org/donations.html kmw -- Far better is it to dare mighty things, to win glorious triumphs, even if chequered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the grey twilight that knows not victory or defeat.
Re: I am not a geek ;)
2008/11/3 Jeff1981 [EMAIL PROTECTED]: I actually am starting the use of OpenBSD thanks to production team. Please can you help me to pass this error message when I try to connect my NAS an external drive (a network drive). This works on my other computer but not from the one on BSD, I have an access error message however the ping to the NAS server works and so does the FTP via internal IP, so does the SSH connection. Only the network drive cannot be connected. Any suggest ? Hi Jeff. For anyone to be able to help you they need, at the minimum, the version of OpenBSD, how you're attempting to 'connect the network drive' and the error message you're getting. I'm sure if anyone needs additional information they'll ask for it. kmw -- Far better is it to dare mighty things, to win glorious triumphs, even if checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory or defeat.
Re: J.C. Roberts [EMAIL PROTECTED] saiz OpenBSD. --We won't miss you.
2008/10/28 Owain Ainsworth [EMAIL PROTECTED]: On Tue, Oct 28, 2008 at 05:37:24AM -0700, Neko wrote: git a life [EMAIL PROTECTED]:~$git clone a://life Initialized empty Git repository in /home/oga/life/.git/ fatal: I don't handle protocol 'a' Didn't anyone ever tell you not to run arbitrary commands you read on a mailing list? grin kmw -- Far better is it to dare mighty things, to win glorious triumphs, even if checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory or defeat.
Re: This is what Linus Torvalds calls openBSD crowd
2008/7/16 Nuno MagalhC#es [EMAIL PROTECTED]: Eheh he's right :-) If you guys get your heads out of your asses and actually read his words with the use of some common sense you might get what he means. It's a balanced opinion. It's not that it isn't a balanced opinion or that he may be right or wrong - it's that the guy was asking why they weren't following their disclosure policy and no one has provided a sufficient answer as to why they don't a) follow the policy or b) change the document. From what i've seen so far in this list, the BSD-crowd *is* a bunch of masturbating monkeys anyway, i get much more decent reasonable answers to my problems in any Debian list, along with constructive criticism. Here it's rtfm and chest-thumping. Coming from the GNU/Linux community I felt the same way for a while. Then I started really looking at what my expectations were versus what they should be. In the Linux world I had grown used to expecting something in particular. Despite no SLA or any other type of agreement, I expected the community to support the distribution. When I made the change to FreeBSD and OpenBSD, I brought those expectations with me. Then I realised that was both selfish and foolish. Now my expectations have changed. I expect to get an install CD and whatever swag I pay for. Beyond that, I *hope* that if I have troubles that I can approach the *BSD community and get some assistance but I realise that that should never be an expectation and that I'm equally as likely to get a sorry, I value my time as I am to get you should look at the -foo flag - and that either response is ok. Actually, allow me to correct the above. At the end of the day there is one other expectation I have, and that is to be totally thrashed for bringing something totally off-topic or meaningless or just plain wrong to [EMAIL PROTECTED] Marco commented: *yawn* linus' opinion is as interesting as his relevance. I say: +1 kmw
Re: timezone anomalies
2008/5/22 frantisek holop [EMAIL PROTECTED]: bios: UTC os: timezone This is how I setup all of my *strictly* *nix machines, be they GNU/Linux or *BSD. bios: localtime os: localtime and pretend i am in a timezone? (ntpd gets crazy this way) This is what I do for machines that dual boot MS Windows + *nix. If the machine were mine, dual booting GNU/Linux and OpenBSD, I'd go for the former. Of course, I'm no expert and YMMV. kmw
Re: Use of 'Puffy' Logo *and* weatherproof stickers?
Hannah Schroeter wrote: I read there (http://www.openbsd.org/art1.html): but do not make profit from them since our own T-shirt sales provide funding so that OpenBSD can continue to operate. Recently it was said on a mailing list, that T-shirt sales do *not* provide net funding, only donations and *CD* sales do. Which is true? I was a bit curious about that, too, but just figured it was a page left that still needed editing. I also have a question of my own related to Puffy and, rather than start a new thread, I'll go ahead and ask in this one since it's kind of on-topic. Before I have some weatherproof OpenBSD/Puffy stickers made up for my own personal use, does anyone know *off the top of your head* if there are already some out there, available for purchase, where proceeds find their way back to the project? I'd rather buy some knowing that some of the $$ is going to make its way back to OpenBSD than to spend the same amount and it all go to a corporate interest. By weatherproof, I plan to stick it on my motorcycle luggage where it will be exposed to sun, rain, snow, ice and 120km/h+ winds. Thanks! kmw
Re: [Fwd: Open-Hardware]
bofh wrote: On Jan 9, 2008 1:52 PM, Jacob Meuser [EMAIL PROTECTED] wrote: On Wed, Jan 09, 2008 at 10:07:50AM -0500, Kevin Wilcox wrote: Daniel then brought up the idea of CD sales. Something you can buy and put an exact digital replica of online. are sure about that? and what about the sticker(s) that come with the CDs? and the artwork on the insert? and the preprinted installation instructions? This is beyond silly. FSF/GNU used to sell tapes of GPLed stuff too. I'm sure it came with pre-printed instructions as well. No idea about artwork or stickers however. But splitting hairs is not useful. No, he makes a very valid point. The stickers/artwork/installation instructions are all copyrighted material and the purchaser of the CD set is not licensed to redistribute that material. So, if you are making digital replicas and selling them, that's a big no-no and not what I was talking about. My quoted statement was about the content of the CD itself. I had forgotten why I had originally made my own OpenBSD CDs - the *layout* of the master set is copyrighted as well. You can't legally rip and redistribute the purchased CD set (well, unless you're Theo or he licenses it to you in such a way that you are allowed to do so). While it doesn't affect the broader scope of my argument (you can make money selling software that is already freely available), it does affect that particular statement. kmw
Re: ssh controlling question
James Mackinnon wrote: Hi All Just a little question on something I'm working on I have say 50 accounts on a box. 40 of which I want the users to connect from ANY IP address 10 of which I want the users to only be allowed to connect from a specific IP address that is assigned to them. Is there a feature to control SSH account from a specific ip address In sshd_config: == AllowUsers [EMAIL PROTECTED] == kmw
Re: [Fwd: Open-Hardware]
Tony Abernethy wrote: [EMAIL PROTECTED] wrote: I'm not out to convince anyone that anyone has any more rights than anyone else. HOWEVER, the original author DOES have more rights than anyone else. In particular, the original author says who has what rights. You have no say in the matter. Your opinion does not count. Hi Tony. I'm not going to argue against that. The author, as creator of the piece of work and originator of the copyright, does have more rights. It's true. I'm just not out to *convince* anyone of it. kmw
Re: [Fwd: Open-Hardware]
Tony Abernethy wrote: [EMAIL PROTECTED] wrote: I was pointing out that you could release the alpha/beta/testing software under whatever license you choose that will keep it from being re-distributed Huh??? What kind of release is not re-distributed? By redistribute I do not mean the author distributes it again, I mean the recipient then acts as a distributor. Just because I have an alpha release of some software doesn't mean I have the right to redistribute that software. Those rights are determined by my license agreement. kmw
Re: [Fwd: Open-Hardware]
Marco Peereboom wrote: On Thu, Jan 10, 2008 at 12:11:46AM -0500, [EMAIL PROTECTED] wrote: I'm not out to convince anyone that anyone has any more rights than anyone else. What I *was* doing was bringing that particular portion of the conversation back to more than just baseless bashing of a particular license. It isn't baseless you are simply blind to it because you are convinced that the GPL is the best thing evah! What have you been smoking and can a brotha get a hit? I am not a particularly large fan of the GPL. It's not my first choice of license but I can see where it has its uses. It also has its fair share of issues and those issues are fair reasons for attack. Bash it for its legitimate flaws, though, and not by making sensationalist claims that aren't true. The GPL essentially strips the author of his/her rights. So here you are slaving away writing some code that you give away and then on top of that you have to forfeit your labor in favor of users. I hate to tell you this but that is the wrong way around. I'm not making any statements to the contrary. If you choose to give your code away then that's your own mistake. Why would you hate to have to tell me that? That is not how I see this. One side came to slander (not the first time either) and the other side kept correcting the slanderer. There might have been some strong words going back and forth but only one side was wrong. Lets call it self-defense. Yes, RMS slandered. Tell him he's wrong, that the comment was incorrect and that his argument is bollocks. Rally the troops for self-defense. That's the right thing to do. Attack the GPL for its flaws. That's the right thing to do. I'm not denouncing either of these acts. What I *am* denouncing are some of the sensationalist claims that were incorrect. They're not my teachings or teachings to which I particularly subscribe. I would maintain that most of the more popular licenses have their pros - ultimately it depends on who or what you want to protect. Popular does not mean good. VHS anyone? That's why I intentionally said more popular. Lots of things are popular but complete rubbish. Somewhere along the line each of the more popular licenses scratched an itch for some developer or organization and others felt that *something* about the license was useful to them - the license had it's pros. Let me quote my man Franklin: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. Where the GPL is temporary safety in trade of Essential Liberty. That's quite a broad stretch to make and I both agree and disagree. I think it boils down to what it is you're trying to protect. Nice use of Ben. Don't paint me with the RMS/GNU brush because I refused to stand by and watch *blatantly* false accusations be made. There is a big difference between correcting those accusations and *supporting* the recipient of the accusations. Then don't stand by them by not replying to this. By adding to this thread you picked a side like it or not. Let's use your own quotation from Franklin. By not replying I am foregoing my own Liberty in exchange for a bit of temporary safety in not being painted with that brush. I choose, instead, to exercise the ability to reply and say that this is not an us or them situation and that I refuse to allow myself to be painted that colour. I've chosen no side. If that means I get cut down by yours because you want to make it a with us or against us argument, fine. If that means I get cut down by RMS/GNU/FSF because they want to make it a with us or against us argument, fine. *I don't care*. I choose to remain a neutral third party that can see the benefits (and detriments) of the different licenses. You can't lump someone as your enemy simply because they aren't full of fervour for your cause. kmw -- Quis custodiet ipsos custodes
Re: [Fwd: Open-Hardware]
Eric Furman wrote: On 08 Jan 2008 20:21:08 -0500, Daniel Hagerty [EMAIL PROTECTED] said: Eric Furman [EMAIL PROTECTED] writes: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? Good question. Theo de Raadt [EMAIL PROTECTED] writes: Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. Maybe this guy can explain it to you. OK, *that* was the most retarded thing I have ever read. You're comparing apples and oranges. No, he's not. Stallman said I'm not against buying software from developers (as long as it is free software). That is the baseline for your This is one of the most retarded things I've ever read comment. You make a valid point, what is to keep someone from taking the source that they'd bought and putting an exact digital replica online. This implies that you can't make money selling the source to software that could potentially be had sans gratis on the 'net. Daniel then brought up the idea of CD sales. Something you can buy and put an exact digital replica of online. By your implication that you can't make money selling the source to potentially sans gratis, it's also implied that you shouldn't be able to make money with CD sales of *definite* sans gratis software because someone could either buy the CD and make a .iso version available online or you could just get the software sans gratis anyway. Since you're missing the analogy I'd say you probably didn't intend to imply that. For those of us that read the implication there, though, the analogy makes perfect sense. kmw -- Quis custodiet ipsos custodes
Re: [Fwd: Open-Hardware]
Eric Furman wrote: *BULLSHIT*. You have so completely missed the point it is to laugh. Apples and Oranges. Remember OBSD isn't GPL'ed There's no need to continue this on the list because you don't get the analogy so I'm replying directly. I didn't say that OBSD is GPL'ed, did I? I said that selling software that's available at no cost (GPL software someone has bought and re-released to the public) is no different than selling software that's available at no cost (an OpenBSD CD versus the .iso format available to the public). In both cases you are taking software that is freely (cost) available and selling it via some physical medium. I even stated that it was just something that I had picked up as an implication and that for those of us that interpreted your statement in that fashion, the analogy made sense. How is that bs? I've no qualms being someone's laughing stock because they fail to understand something so feel free to laugh away. My regret is that I failed to sufficiently explain the analogy, and why at least a few of us felt it was appropriate, in a manner you could understand the first time. If you still do not understand the analogy, and why I agree with Daniel that it was an appropriate one, please feel free to email me directly and we can discuss it. There's no point in continuing to butt heads on the list. kmw
Re: [Fwd: Open-Hardware]
chefren wrote: On 1/9/08 12:54 AM, Eric Furman wrote: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? You got the point, Richard doesn't respect creators. He wants every programmer to go through life as beggar like he does himself. Giving in that that's impossible, that you cannot raise children that way doesn't matter to him. Following Richard Stallman's theories everyone may make money with his creation/work except a programmer. Richard Stallman /says/ a programmer may earn money 1 time and than the code should be free after that. Why he says so is clueless, he clearly cannot explain how a programmer should make money if it's about a lot of work that is just a little feature for a lot of people, such a programmer should go around and ask a milion users a cent before he lets them test the code. Because the moment he let other people test it, the code should be for grabs too. Richard want's such a programmer to spam the world about a little feature to get money for it. This man has no respect for programmers, clearly doesn't understand why money was invented and how a market can be a very reasonable way to let people earn money. I don't think either of you have a firm grasp of what's being said with regards to selling free software. Or of the GPL in general. The use of the word free has nothing to do with price, it is that the recipient of a piece of software has the freedom to modify the software as they see necessary so that it does what they want it to do. To accomplish this, they should receive the source to said software. That's what the GPLv2 is all about - providing the recipient of a piece of software with the source code to that software and the freedom to modify it as they desire. It is only once they decide to *further distribute* the software that they are restricted. At that point the only restrictions placed on them is that they provide the source - thereby giving the recipient the same rights bestowed upon them by *their* provider. No one has said that you can't charge whatever you like for your software *or* that you have to give the code away to the world - they are saying that if you provide a binary then you should provide the recipients of that binary with the corresponding source and the right to change it and distribute it as they see fit. While that *can* present a situation where you sell software to PERSON_A and PERSON_A distributes the code to whomever they choose, it's a perfectly reasonable assumption that that is not likely to occur in a high-end software field because no corporation or organization will want to give away something for which they had to pay top dollar. Testing the software has nothing to do (as far as licensing goes) with a final, released GPL product. You can release the alpha and beta releases under whatever license you want to. Just license the final product under the GPL. In no way is anyone saying you can't make a comfortable living writing code and that you have to go through life as a beggar. Disclaimer: In no way am I suggesting that anyone should use the GPL over another license. When I talk about releasing code under the GPL in previous paragraphs I am speaking for hypothetical situations. I have only been involved with GPL software for a limited time, 4-5 years, so my understanding of GPL/v2 may be incorrect. kmw -- Quis custodiet ipsos custodes