Re: who is using obsd
a) you're wrong b) you don't know what problem he is trying to solve. On Tue, May 14, 2013 at 5:28 AM, Salim Shaw salims...@vfemail.net wrote: OpenBSD is a server/router/network service OS, it's not designed for desktops. OpenBSD is the pre-eminent platform for Firewalling, IPsec, IPv6. Trying to shove OpenBSD onto the desktop is the ultimate case of square peg/round hole. On 05/13/2013 05:12 PM, Pau wrote: on his/her laptop as *only* OS and uses it daily for scientific work? please contact me off list. Thanks -- Salim A. Shaw System Administrator OpenBSD CentOS / Free Software Advocate Need stability and security -- Try OpenBSD. BSD,ISC license all the way: Sell services, don't lease secrets
Re: renaming name of interfaces
On Thu, Mar 14, 2013 at 10:22 PM, Jiri B ji...@devio.us wrote: I'm aware of both. So what is this renaming of ifaces good for? On Windows it has it's advantages because by default you get stupid and unhelpful names like Local Area Connection X. It's pretty nice to be able to rename it to something useful like Internal NIC. Lars
Re: Shell for PF
On Sat, Feb 16, 2013 at 10:41 AM, Fil DiNoto fdin...@gmail.com wrote: with something vaguely familiar to what they would encounter in the other equipment like cisco or juniper they would be far less likely to make a mistake that would result in an outage or security problem. So as superficial as this might seem to you in practice I think it would have a large impact God no, please. Turning pf into the stupidity that is ios would be a nightmare. One of the many good things about PF (and OpenBSD) is that, as opposed to ios/junos, it's actually managed in a way that isn't reminiscent of 1985. --- Lars
Re: Why does time/ident/daytime/comsat run after an OpenBSD 5.2 install?
ntpd and sshd are only running if you enabled them when installing. For the rest, just turn off inetd. Why are they enabled by default? Search the mailing lists, it has been asked and answered before. Lars
Re: dhcpd not starting
In-tree dhcp most certainly support options because I am using them:
option autoproxy-script http://1.2.3.4/wpad.dat;;
Cheers,
Lars
On Mon, Dec 31, 2012 at 11:19 PM, Chris Smith obsd_m...@chrissmith.orgwrote:
Maybe it's a problem due to Unbound being a package and not part of
the core system, but a normal configuration such as:
host hostname.example.com {
hardware ethernet 00:1a:80:f4:75:ad;
fixed-address hostname.example.com;
}
has to be rewritten as:
host hostname.example.com {
hardware ethernet 00:1a:30:64:75:bc;
fixed-address 172.38.202.17;
}
thereby duplicating efforts or dhcpd will not start on reboot since
pkg scripts start after everything else and Unbound has not yet been
started.
Also as nice as it is to have the core dhcpd create pf tables it has
otherwise very limited functionality, such as lack of support for
option space, which can be used to request a system release it's
lease on shutdown thereby keeping the created *_ip_tables more
up-to-date. Option space is also good for preventing some of the WPAD
nonsense and assisting in NetBIOS configurations.
Using the packaged dhcpd would most likely eliminate the startup issue
and provide the missing dhcpd functionality but one would also lose
the tight pf integration.
Re: dhcpd not starting
Oh, you mean the space thing. Well, it probably doesn't but I Have never
needed that.
---
Lars
On Wed, Jan 2, 2013 at 6:50 PM, Lars Hansson romaby...@gmail.com wrote:
In-tree dhcp most certainly support options because I am using them:
option autoproxy-script http://1.2.3.4/wpad.dat;;
Cheers,
Lars
On Mon, Dec 31, 2012 at 11:19 PM, Chris Smith obsd_m...@chrissmith.orgwrote:
Maybe it's a problem due to Unbound being a package and not part of
the core system, but a normal configuration such as:
host hostname.example.com {
hardware ethernet 00:1a:80:f4:75:ad;
fixed-address hostname.example.com;
}
has to be rewritten as:
host hostname.example.com {
hardware ethernet 00:1a:30:64:75:bc;
fixed-address 172.38.202.17;
}
thereby duplicating efforts or dhcpd will not start on reboot since
pkg scripts start after everything else and Unbound has not yet been
started.
Also as nice as it is to have the core dhcpd create pf tables it has
otherwise very limited functionality, such as lack of support for
option space, which can be used to request a system release it's
lease on shutdown thereby keeping the created *_ip_tables more
up-to-date. Option space is also good for preventing some of the WPAD
nonsense and assisting in NetBIOS configurations.
Using the packaged dhcpd would most likely eliminate the startup issue
and provide the missing dhcpd functionality but one would also lose
the tight pf integration.
Re: kvm and Openbsd 5.1
On Sat, Jul 21, 2012 at 1:29 AM, Alessandro Baggi alessandro.ba...@gmail.com wrote: Disabling mpbios see only one core and not smp. I think that's the expected behavior if you disable mpbios. OpenBSD runs great on a single core in KVM anyway so why bother with SMP? Cheers, Lars
Re: OpenBSD's webpage desing
On Fri, Jun 29, 2012 at 7:20 PM, Eric Furman ericfur...@fastmail.net wrote: I beg all true @misc followers Search the archives for this shit eating moron's posts. Funny, the only ones showing up when I search for useless posts are yours. Cheers, Lars
Re: OpenBSD's webpage desing
On Thu, Jun 28, 2012 at 6:40 AM, Nick Holland n...@holland-consulting.net wrote: Other than boring, no one has actually STATED a problem of the OpenBSD website. That's because there is no problem with it. Sure, it doesn't look like the latest whizz-bang sites (I have nothing against such sites, btw) but neither does it look like an amateur hackjob. In other words, it looks pleasant enough and it is functional. Folks, as Ted has stated repeatedly, if you want to help with site there's plenty of actual content to improve. Cheers, Lars
Re: OpenBSD is just an OS, not a firewall...
Hmm..I get This post could not be found. Cheers, Lars On Sat, Jun 9, 2012 at 1:55 AM, Chris Smith obsd_m...@chrissmith.org wrote: ... if you really want a firewall you need pfSense. Also if you walk into any security experts convention and claim that raw OpenBSD is a firewall, you will get laughed out of the room for lack of clue. Guess I've been wrong all these years: see the comments to https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe
Re: OT: SSH not secure?
On Thu, May 10, 2012 at 12:32 AM, Weldon Goree wel...@b.rontosaur.us wrote: Right... because AutoSFTP and AutoSSH do not allow an administrator to tamper with *them* at all? I guess it's because they have Anti-Trojan capabilities so presumably the binaries will detect if they have been tampered with. Of course, you need to trust that the closed source blob that is AutoSSH/AutoSFTP a) actually works like that and b) isn't in itself malicious. Some might say that's a bit of a conundrum Cheers, Lars
Re: undeadly
On Thu, Apr 26, 2012 at 8:43 PM, Mihai Popescu mih...@gmail.com wrote: This is interesting too (first paragraph), from the Ion author: http://tuomov.iki.fi/software Guess why Ion3 isn't in ports anymore. --- Lars
Re: undeadly
On Thu, Apr 26, 2012 at 8:50 PM, Lars Hansson romaby...@gmail.com wrote: On Thu, Apr 26, 2012 at 8:43 PM, Mihai Popescu mih...@gmail.com wrote: This is interesting too (first paragraph), from the Ion author: http://tuomov.iki.fi/software Guess why Ion3 isn't in ports anymore. Or more correctly, guess why it's a stone-age version. --- Lars
Re: install questions
On Mon, Mar 19, 2012 at 5:50 AM, Stuart Henderson s...@spacehopper.org wrote: No idea how well OpenBSD does in xen. Last time I tried OpenBSd in Xen ~2 years it worked like crap. Couldn't get networking to work at all and it was slow as a dog. Cheers, Lars
Re: responding to buttonpress ACPI event sent by KVM/Qemu
Disable mpbios. Cheers, Lars
Re: Snappy Answers to Stupid Questions - WTF?
On Fri, Mar 9, 2012 at 3:28 PM, Fredrik Staxeng fst...@update.uu.se wrote: Do you want users at all? Or was Linus right? Yes. I dunno, I usually ignore his fire-brand rants. --- Lars
Re: My OpenBSD 5.0 installation experience (long rant)
On Fri, Mar 9, 2012 at 8:33 PM, Dmitrij D. Czarkoff czark...@gmail.com wrote: So you state that the fact that if one chooses to use the whole disk, the whole disk is used needs further documentation? Well, since this is the one of the few (only?) destructive actions the installer takes I can certainly see why being really clear could be considered an improvement. That said, I have never had this problem myself but maybe that's because I only very rarely install on multi-boot systems. I don't need this particular feature but it won't bother me if it is implemented either. Hell no! There is no improvement in making 100% clear statement twice as long just because of one user who failed to read that statement. More precisely, it is clear direct damage, as it makes the text/information ratio twice as high with no increase in the information part. I can remember when people said similar things about the installer in the early 2000's. Funny how it has been improved since then with all kinds of stuff, like not having to manually calculate the slice sizes and deal with LBA/CHS etc. Cheers, Lars
Re: Trusting the Installation
On Wed, Feb 29, 2012 at 10:44 AM, Nathan Stiles stiles.nat...@gmail.com wrote: Also I've noticed that HTTPS isn't implemented on openbsd.org. Why would it be? There is no user login or accout information exchanged with openbsd.org. Are you worrying that someone would, almost magically, insert malicious code in the ISO while you download it? There's good paranoia and bad paranoia... Cheers, Lars
Re: locate weirdness
On Sun, Jan 22, 2012 at 3:35 AM, Anonymous cri...@ecn.org wrote: I asked this before but I guess you didn't see it. So if you contribute much more code to OpenBSD than someone else do you automatically get license to insult people and post 100% noise as some kind of reward? Since you're such an incredibly brave man and used an anonymous email I don't know who the hell you are. Fritz? Lars, you ass-licking dog, what I am saying to you and prima donnas like you is you can be a good human being and that is more important than all the patches and code in the world. If you can contribute patches and new code so much the better, but if all you do is contribute to OpenBSD and you behave like a fucking asshole you wipe out all the benefit. Cause the world does need good human beings but it doesn't need prima donnas just because they contribute to OpenBSD. I'm pretty sure the project would still be doing fine even if acclaimed contributors and their ass-licking dog fanboys like you didn't spend entire threads bashing people when a simple answer would be enough. They know everything already right? so it should be easy to answer. Fuck you and your boyfriend. All that talk about what matters and then you try to insult me by insinuating that I am gay. The true hallmark of a good human being, right? Good work on making the world a better place. Cheers, Lars
Re: locate weirdness
I notice you spend much more time scolding people than actually saying anything worthwhile. You should work on yourself and find out why that is. Perhaps you could benefit from some anger management training? I notice that Henning is contributing much more code to OpenBSD than you ever have and has also produces much more informative and useful replies than you ever have. You should stop trolling and get a life. Cheers, Lars
Re: OpenBSD in a dual stack anycast DNS resolving setup
- how would you compare with facts and not flamewars OpenOSPFd against Quagga or BIRD implementations? This is not technical but...the openbsd ospfd tools does not pretend to be Cisco and does not mimic the god-awful IOS cli and config format. Personally that is something I really, really like. OpenBSD's ospf v3 may not be up to your requirements but I havent followed that so it might be usable now. - what is your opinion about using a latest version of BIND from ISC instead of the BIND distribution coming with OpenBSD? I use the OpenBSD nsd from base along with unbound so I can't say. - would you consider Java support on OpenBSD production quality? Seems irrelevant but we might utilize some Java tools for measurement/statistics Not using Java for this purpose, or any purpose, so I can't say. We use SNMP and collectd to get performance metrics. Cheers, Lars
syslogd memory buffers problem
I run a number of 4.9 i386 boxes that functions as routers and are logging to memory buffers. Today I noticed that if I sighup the syslogd process the memory buffers are no longer being logged to. Below is the output from syslogd -d and I'm guessing the problem has something to do with the Membuf no match thing. $ sudo syslogd -d off running init [priv]: msg PRIV_CONFIG_MODIFIED received [priv]: msg PRIV_OPEN_CONFIG received cfline(*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none :256:messages, f, *) cfline(kern.debug;syslog,user.info :256:messages2, f, *) cfline(auth.info :256:authlog, f, *) cfline(authpriv.debug :256:secure, f, *) cfline(cron.info :256:cron, f, *) cfline(daemon.info :256:daemon, f, *) cfline(ftp.info :256:xferlog, f, *) cfline(lpr.debug :256:lpd-errs, f, *) cfline(mail.info :256:mail, f, *) cfline(*.emerg *, f, *) cfline(*.* @loghost, f, *) [priv]: msg PRIV_GETHOSTSERV received Initialize membuf messages at 0x7f859000 Membuf no match Initialize membuf messages2 at 0x7f859800 Membuf no match Initialize membuf authlog at 0x816fb000 Membuf no match Initialize membuf secure at 0x816fb800 Membuf no match Initialize membuf cron at 0x816fa800 Membuf no match Initialize membuf daemon at 0x816fa000 Membuf no match Initialize membuf xferlog at 0x7f858000 Membuf no match Initialize membuf lpd at 0x7f858800 Membuf no match Initialize membuf mail at 0x7f857000 Membuf no match X X X 5 X 5 X 5 5 X X X 5 5 5 5 5 5 5 5 5 5 5 5 X MEMBUF: messages 7 6 X X X 6 X X X X X X X X X X X X X X X X X X X MEMBUF: messages2 X X X X 6 X X X X X X X X X X X X X X X X X X X X MEMBUF: authlog X X X X X X X X X X 7 X X X X X X X X X X X X X X MEMBUF: secure X X X X X X X X X 6 X X X X X X X X X X X X X X X MEMBUF: cron X X X 6 X X X X X X X X X X X X X X X X X X X X X MEMBUF: daemon X X X X X X X X X X X 6 X X X X X X X X X X X X X MEMBUF: xferlog X X X X X X 7 X X X X X X X X X X X X X X X X X X MEMBUF: lpd X X 6 X X X X X X X X X X X X X X X X X X X X X X MEMBUF: mail 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FORW: loghost [priv]: msg PRIV_DONE_CONFIG_PARSE received logmsg: pri 056, flags 0x4, from mizar, msg syslogd: start Logging to MEMBUF Logging to FORW loghost syslogd: started ^Csyslogd: exiting on signal 2 syslogd: exiting on signal 2 logmsg: pri 053, flags 0x4, from mizar, msg syslogd: exiting on signal 2 Logging to MEMBUF Logging to MEMBUF Logging to FORW loghost [unpriv] syslogd child about to exit dmesg: OpenBSD 4.9 (GENERIC.MP) #794: Wed Mar 2 07:19:02 MST 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz (GenuineIntel 686-class) 2.94 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE real mem = 2111008768 (2013MB) avail mem = 2066317312 (1970MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/24/10, SMBIOS rev. 2.5 @ 0xfc330 (62 entries) bios0: vendor American Megatrends Inc. version V1.10 date 08/24/2010 bios0: MSI MS-7592 acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT acpi0: wakeup devices P0P2(S4) P0P3(S4) P0P1(S4) PS2K(S1) PS2M(S1) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz (GenuineIntel 686-class) 2.94 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus 2 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus -1 (P0P7) acpiprt6 at acpi0: bus -1 (P0P8) acpiprt7 at acpi0: bus -1 (P0P9) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0xc600! 0xcc800/0x1000 cpu0: Enhanced SpeedStep 2934 MHz: speeds: 2936, 2670, 2403, 2136, 1870, 1603 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel G41 Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel G41 Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at
Re: syslogd memory buffers problem
Uhm...ok, never mind. I'm an idiot. it does work. Sorry for that unneeded noise. Cheers, Lars
Re: DNS Google ?
On Wed, Nov 23, 2011 at 3:14 AM, patrick keshishian pkesh...@gmail.com wrote: Unless I'm misreading you, what you say doesn't make much sense. It makes perfect sense and is in fact also the recommended way to run BIND. The setup you suggest is more involved. Two servers: one resolving, and the other dealing w/the authoritative responses. They don't have to be two different servers, just two different processes on the same server. --- Lars
Re: Packages issues
On Sat, Nov 12, 2011 at 4:57 AM, Amit Kulkarni amitk...@gmail.com wrote: Antoine, does this mean that we have to search for a way to disable automatic indexing of files which KDE does? that's a daemon/service started by KDE by default. Nepomuk is started by KDE itself on log in and is not a system daemon. By default it only indexes the user's $HOME. At least I have not seen any system KDE indexing daemons on any Linux distro I have used. Cheers, Lars
Why you don't have any credibility
http://www.trollaxor.com/2010/06/why-i-left-openbsd.html http://www.trollaxor.com/2010/06/why-i-almost-gave-openbsd-10-didnt.html http://www.trollaxor.com/2011/10/why-i-uninstalled-openbsd.html So pray tell, when DID you leave, really? Cheers, Lars Hansosn
Re: Why I uninstalled OpenBSD???
Yeah, my bad too. Shouldn't have replied. --- Lars
Re: Problem with installing OpenBSD
Since you didn't specify exactly what problem you have it's a bit difficult to help. Still, it seems it's a KVM virtual server and OpenBSD works just fine with KVM. The only thing I can think of that would cause a problem is if you didn't disable mpbios. Cheers, Lars
Re: What should I do with a remote AIX machine if I accidentally chmod /usr/bin/ksh?
and openbsd-misc isn't free tech support. --- Lars Hansson On Wed, Aug 31, 2011 at 2:59 AM, Anonymous Remailer (austria) mixmas...@remailer.privacy.at wrote: Call IBM support. You will have 10 technicians onsite in a week. And 10 invoices in tomorrow's mail.
Re: check status of mpbios
Use config: [nembus]$ config -e -f /bsd OpenBSD 4.9 (GENERIC) #671: Wed Mar 2 07:09:00 MST 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC Enter 'help' for information ukc find mpbios 352 mpbios0 at bios0 disable flags 0x0 ukc Cheers, Lars Hansson
Re: check status of mpbios
If you're running under KVM then ACPI shutdown will not work unless you disable mpbios. I always disable it with KVM since I don't allocate more than one CPU to a VM anyway. I haven't noticed any performance problems or other issues with it disabled. Cheers, Lars Hansson
Re: Expected throughput in an OpenBSD virtual server
If you want a comparison, I have run a small OpenBSD router under KVM and it easily sustained 80Mbps. It was connected to a FastEthernet switch so it couldnt actually go much higher. This was using the emulated e1000 KVM device and OpenBSD 4.9 release with mpbios iic disabled (disabling iic removes some annoying boot messages). The KVM server was a modest 3Ghz Core2 Duo with 4Gb RAM and a lot of other VM's running. Cheers, Lars
dhcpd and mitel options
Hey, I have some problems with using OpenBSD 4.4's dhcpd together with Mitel VoIP phones that I'd hope someone could shed some light on. Mitel VoIP phones requires custom options to load firmware, set VLAN etc and i cant quite get it to work with OpenBSD's dhcpd. it works fine one a Linux box running isc-dhcp 3.0.6 although curiously not enough on isc-dhcp on OpenBSd 4.4. ISC-DHCP: # MITEL specific options option space mitel; option mitel.tftp code 128 = ip-address; option mitel.icp code 129 = ip-address; option mitel.id code 130 = text; option mitel.vlan code 132 = signed integer 32; option mitel.l2p code 133 = signed integer 32; option mitel.dscp code 134 = unsigned integer 8; option mitel.tftp 172.30.179.7; option mitel.icp10.107.10.17; option mitel.id MITEL IP PHONE; option mitel.vlan 11; option mitel.l2p6; option mitel.dscp 46; I know OpenBSd's dhcp does not support options the same way but I thought the below would work: option option-128 172.30.179.7; option option-129 10.107.10.17; option option-130 MITEL IP PHONE; option mitel.vlan 02; option mitel.l2p06; option mitel.dscp 46; The Mitel phones complain that option 128 is missing (I take this to mean that it have the wrong format or type since it's obviously there) and goes no further. I'm hoping it's just a matter of figuring out how to use the options and format them correctly. Cheers, Lars Hansson
Re: Cold Boot Attacks on Encryption Keys
On Fri, Feb 22, 2008 at 9:22 AM, [EMAIL PROTECTED] wrote: So seriously: if you've any productive or critical comment feel free to post it just stop bitching 'course it does not help/solve anything except of wasting YOUR bandwith.. right? Right... :) I guess he's just too busy actually writing code. You know, contributing to the project in a constructive and meaningful way. --- Lars Hansson
Re: Cold Boot Attacks on Encryption Keys
On Fri, Feb 22, 2008 at 9:33 AM, [EMAIL PROTECTED] wrote: Not at all! RAM keeps the information partly for MINUTES! It not a real race condition or so... it's about physics and electricity. Wow! For minutes! While the research is interesting the chances of actually being a victim to this is pretty damn slim in practice. Think about bigger netroks! You do know ANY devices wich has NO ram? Even a simple client-PC wich boots via network has ram. And in universities or so with about 129k users you just can't ensure that NOBODY turns off the PC, gets the RAM, reads ya SSH key and turns the PC on again (just in case you might used it before this brave student..)... You could do this in like 10minutes (max!). 10 minutes is a lot longer than seconds or even minutes. --- Lars Hansson
Re: Authenticate squid in Active Directory
On Feb 6, 2008 4:45 PM, Lars Noodin [EMAIL PROTECTED] wrote: You've provided that data point yourself: MS Windows. Since when is misc@ a Linux-esque anti-MS list? --- Lars Hansson
Re: Real men don't attack straw men
On Jan 7, 2008 9:19 PM, Craig Skinner [EMAIL PROTECTED] wrote: Oh come on now THRUSH! You really are an irritating cunt. Can't you read? The use of a search engine even by an imbecilic moron, such as yourself, would have shown this page: http://www.openbsd.org/lyrics.html#39 OpenBSD remains blob-free You sack of lazy commie scum. Do you work for google? Name-calling was awesome...when I was 10 years old. Seriously, can we PLEASE let this fucking thread die? Having the last word on a mailing list flamewar is meaningless. You're not going to change RMS opinions on anything and he's not going to change the opinion of anyone here. It doesn't matter what I or anyone else here think of his ideas or how hypocritical they may be or even if he was wrong or right. We're WAY past the point where that mattered. For everyones sanity just leave it alone. --- Lars Hansson
Re: Open Source Article Spawns Interesting Ethical Question
When someone asked him how to make a living of IT without using or promoting non-free software, his answer was that you don't have to work in the IT field to contribute to free software, and he'd prefer see a kernel contributor being a taxi driver than administrating Windows workstations (It may not be the very same words, but the intent is the same). Luckily for Linux RMS doesn't have a say in who works on the kernel. If he had I guess Linux would now have been what GNU HURD is: unknown and irrelevant. --- Lars Hansson
Re: Open Source Article Spawns Interesting Ethical Question
On Jan 4, 2008 9:48 AM, Ioan Nemes [EMAIL PROTECTED] wrote: You confusing the issue! The software market - where you sell your product (i.e., software) is unethical, distorted and manipulated, and not by the ethical software crafters! Why is the software market unethical? Because there are some bad apples? Gee, that makes pretty much every single business sector unethical. Unless you're trying to say that selling software in itself is unethical but that's bullshit. Who are the ethical software crafters? Does simply not charging money for your software make you ethical? Most OSS, for example, can be, and is, used by governments to oppress the people. Does that make working on OSS unethical? --- Lars Hansson
Re: Play Nice - Real men don't attack straw men (Theo)
On 12/17/07, David H. Lynch Jr. [EMAIL PROTECTED] wrote: Yet you are seeking to deny the same freedom to Richard and everyone else that disagrees. No-one is trying to deny RMS the freedom to say and think whatever the hell he wants, no matter how wacky. --- Lars Hansson
Re: Real men don't attack straw men
On Dec 14, 2007 9:23 AM, David H. Lynch Jr. [EMAIL PROTECTED] wrote: Securing the RSM seal of approval may or may not appeal to you. OpenBSD does not, pardon the french, give a shit about RMS' seal of approval. But that still begs the question of OpenBSD's stance on non-free software. As opposed to RMS and FSF, OpenBSD is not on a crusade against non-free software and it's not a goal of the project to abolish such software. Criticizing others is easy. It sure seems to be so for RMS... Establish what your principles and policies are or are going to be. OpenBSD's policies were established a long time ago. If you are unwilling to adopt policies consistent with his, accept that you are not getting his endorsement and shut this thread down. OpenBSD does not seek his endorsement. That doesn't mean individuals involved with OpenBSD can't be critical of him and his criteria. This whole RSM is a hypocritical asshole because he will not make an exception for OpenBSD thread is absurd. OpenBSD does not want him to make an exception. Richard has offered you the oportunity to aquire his endorsement. Are we supposed to feel special? If that does not matter then shut this thread down, because it is pointless. It was pointless from the start. --- Lars Hansson
Re: About non-free software in OpenBSD
Can we please stop this thread now because it is really not interesting at all. --- Lars Hansson
Re: Code signing in OpenBSD
On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. It's not really OpenBSD's problem that some companies implement pointless security policies. --- Lars Hansson
Re: Code signing in OpenBSD
On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote: I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process described someplace? No. OpenBSD doesn't sign code. --- Lars Hansson
Re: Bernstein puts qmail in public domain
On Nov 30, 2007 6:16 PM, Pieter Verberne [EMAIL PROTECTED] wrote: Just before it was in public domain: Did someone asked the author if it was accepted to put a BSD-like license on it? He allowed us to share and modify the software but had no official document about is (a license). I think he just might accept us to licence it. Yes, the discussion is in the archives and no he didnt. qmail had a weird license. --- Lars Hansson
Re: securing OpenBSD wireless network
On Nov 19, 2007 1:51 PM, Clint Pachl [EMAIL PROTECTED] wrote: Does it even matter? If you want to connect to networks that are using WEP, yes. --- Lars Hansson
Re: securing OpenBSD wireless network
On Nov 17, 2007 8:35 AM, David Higgs [EMAIL PROTECTED] wrote: I combined authpf with OpenVPN, using some big hints from some easily google-able places. Even though WEP and WPA aren't supported by OpenBSD, OpenBSD supports WEP. --- Lars Hansson
Re: What happens with mismatched filesets?
On 11/5/07, Karel Kulhavy [EMAIL PROTECTED] wrote: Will it leave old versions of files and make the system inconsistent? Yes. Or will the old set be removed from the system? No. I guess if I select a set that wasn't previously installed then it will be just installed without any problems. Yes. --- Lars Hansson
Re: hotplugd for CD's?
On 11/2/07, Edd Barrett [EMAIL PROTECTED] wrote: Hi, As it stands hotplugd does not respond to the insertion of CD's (obviously, as the cd device is not attached as such), I too think it would be neat if hotplugd could notice cd insertion. On another note, it would also be useful to allow users to mount directories not owned by them. As it stands if you want to allow a user to mount a cdrom drive, they each need thier own mount directory. Right, so just mount them somewhere under your home directory. I dont hink this is a problem in most cases. --- Lars Hansson
Re: Odd FFS behavior
On 10/25/07, Edd Barrett [EMAIL PROTECTED] wrote: The workaround is to do something like this, with a shorter filename or make sure you have a long filename in the root directory of the partition or mount with -l. --- Lars Hansson
Re: About Xen: maybe a reiterative question but ..
On 10/25/07, L. V. Lammert [EMAIL PROTECTED] wrote: The 'obvious' security benefits were in two or three other posts, . but, to summarize: Separate UID/PWs for each domain/VM Uh, how else would it work? How is this specific to virtualization? Separate admin configurations tools See above. Separate authentication configurations (UID/PW, LDAP, ...) See above. Separate configs for network services (apache, samba) See above. Separate machine configurations (Ruby, Tomcat, or HTML) See above. Isolation of each OS guest (this has been a major discussion point, the consensus being that with the possiblility of DOMU - DOM0 exploits, running 'insecure' VMs post a higher risk to DOM0 and the entire machine); Separation of guest OS's is a feature of VM's. It does'nt even apply to non-VM situations since it solves a problem that only exists in virtualization. As pointed out previously, the discussion was originally about the benefits of separate application domains within an enterprise. I'm sure there are benefits for certain situations. --- Lars Hansson
Re: About Xen: maybe a reiterative question but ..
On 10/24/07, L. V. Lammert [EMAIL PROTECTED] wrote: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls. The security comes about in that each DOMU is totally isolated from the the others, while the core DOM0 is isolated from any attacks. And this increases the security for the hosted (DomU) OS's exactly how? You know, the BIOS is safe from attack too, at least as much as Dom0 is, and each machine on my network is, amazingly enough, also totally isolated from each other. Nobpdy has to write any code to understand that - the secuity benefits are ovbious to everyone from the PHBs to the admins. Actually they aren't. What are the obvious security benefits? I'm not saying there aren't benefits, just that I can't see any obvious security benefits. --- Lars Hansson
Re: About Xen: maybe a reiterative question but ..
On 10/23/07, Per-Erik Persson [EMAIL PROTECTED] wrote: I might be flamed for this statement but not being able to run inside a virtualized environment is not an option in the future. The future is not now, no-one is saying openBSD will never run in a virtualized environment. Most servers you can buy today are to powerful for only taking care of one task. You know that one machine can performs more than one task even without virtualization, right? If OpenBSD doesn't adopt to the virtualization trend it will used only as an obscure firewall box. Or perhaps future (bette) virtualizations won't require special OS support. Xen is not a be-all-end-all. --- Lars Hansson
Re: Help! I'm having Linux foisted on me! (PF queuing woes)
On 10/19/07, Richard Wilson [EMAIL PROTECTED] wrote:
altq on $ext_if cbq bandwidth 9.1Mb queue { adsl_up, sdsl_up }
altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn, sdsl_dn }
You probably don't want to use cbq for clients, use hfsc instead.
Unless you enjoy complaints from clients who aren't getting the
bandwidth they expect.
#ADSL Clients
pass in on $client_if from $adsl_client1_net to any queue adsl_client1_up
pass out on $client_if from any to $adsl_client1_net queue adsl_client1_dn
pass in on $client_if from $adsl_client2_net to any queue adsl_client2_up
pass in on $client_if from any to $adsl_client2_net queue adsl_client2_dn
Since you keep state (the default) you want to assign on the external
interface too, otherwise connections initiated from the outside
won't be assigned the correct queue.
---
Lars Hansson
Re: digitally signed distribution (was: OBSD's perspective on SELinux)
On 9/24/07, Martin Schrvder [EMAIL PROTECTED] wrote: 2007/9/24, Joachim Schipper [EMAIL PROTECTED]: Sure it does, just pull from CVS over SSH and compile your own. Only Where do I get the ssh fingerprints of the CVS servers? Where do you get the public keys for the digitally signed distributions? --- Lars Hansson
Re: spamd shows up as an open relay
On 9/26/07, Rob [EMAIL PROTECTED] wrote: Yeah, I agree. It's the wrong way for them to check for an open relay, but it is still causing a bit of a problem. Well if it is actually caused by spamd you have 2 options: a) not run spamd. b) ask them to get their shit together and hope they actually do. It's amazing that in 2007 there are still so many mail operators and relay-check sites that doesn't have a clue. --- Lars Hansson
Re: Microsoft gets the Most Secure Operating Systems award
On 9/20/07, The One [EMAIL PROTECTED] wrote: Sorry but I am just disagreed with Theo saying that OS X is buggy and insecure. Who gives a shit? This tread is more then FIVE months old and didnt even belong here in the first place. Just stop. --- Lars Hansson
Re: Shutdown script (derived from Simple startup daemon's on boot question?)
On 9/19/07, Tomas [EMAIL PROTECTED] wrote: Is it necessary to shutdown certain services when machine goes down? Very few, I'd wager. The only ones I bother with doing it for are postgresql and mysql since it can take them a while to shut down correctly and it can get messy if they're not. --- Lars Hansson
Re: Shutdown script (derived from Simple startup daemon's on boot question?)
On 9/19/07, Lars Noodin [EMAIL PROTECTED] wrote: By what method is shutdown then forced to wait until said processes have cleaned up? None. rc.shutdown is for those processes with slow/important shutdown that needs waiting for. --- Lars Hansson
Re: Simple startup daemon's on boot question?
On 9/18/07, Jake Conk [EMAIL PROTECTED] wrote: Are we supposed to write our own startup scripts and place them in /etc/rc.local to be executed when the system boots? Yes. Does OpenBSD not use rc scripts that start/stop/restart/ and status applications? No but you can install something like freedt or runit from ports to get those features. --- Lars Hansson
Re: Microsoft gets the Most Secure Operating Systems award
Welcome to a really long time ago. --- Lars Hansson
Re: OT Strange Punishment
On 8/28/07, Die Gestalt [EMAIL PROTECTED] wrote: Why doesn't he run the monitoring software in a virtual machine? Because it would violate his parole? Who cares anyway? If you can't do the time don't do the crime. --- Lars Hansson
Re: Scaling DNS with CARP + pf (+ hoststated ?)
On 8/27/07, reje [EMAIL PROTECTED] wrote: I'm wondering is there a way to scale DNS service using OpenBSD's CARP and loadbalancing/pool features of pf ? How about hoststated(8) ? (as I know hoststated(8) doesn't support UDP right now) You can do it with a pf table and with a small program that polls your dns caches and remove/add entries to the table. Agreed, it would be very nice if hoststated supported DNS but currently it doesn't. It does supported scripted checks though so that may also be an option. --- Lars Hansson
Re: OT Strange Punishment
But, as I understand the issue, this is _not_ part of his specified punishment -- it's just a side-effect of the manner in which the government wants to impose a portion of his punishment. If he don't like it he could always take the alternative; going to jail. All things considered, being forced to run Windows for a few months isn't all that big a sacrifice when the alternative is sharing cell with Bubba. You appear to be arguing that someone convicted of a crime should lose rights under the law beyond those which the law specifies as being taken away. Is this a correct inference? I don't think think running Linux is a basic human right. --- Lars Hansson
Re: howto set global environment variable (e.g. PATH, JAVA_HOME)
On 8/10/07, Edd Barrett [EMAIL PROTECTED] wrote: Is there a global Xdefaults file which can be made to source every users .profile and /etc/profile for xdm logins? Yes and no. There's a global defaults for X but they deal with X resources, not enviroment variables. You can set xterm to always use a login shell, for example, but that does not affect your DE/WM, only xterm. It's not hard to create, say, /etc/xprofile and just source that from Xsession though. --- Lars Hansson
Re: howto set global environment variable (e.g. PATH, JAVA_HOME)
On 8/9/07, Clint Pachl [EMAIL PROTECTED] wrote: Or you could programatically change each user's .profile. Uhm, why? Markus is correct that both /etc/profile and $HOME/.profile are sourced when you log in so to set up global variables you set them in /etc/profile. If you're using xdm things are different though. The Xsession script does not source any global files so you'll have to modify it to source /etc/profile. --- Lars Hansson
Re: howto set global environment variable (e.g. PATH, JAVA_HOME)
On 8/9/07, Darren Spruell [EMAIL PROTECTED] wrote: ~/.profile overrides /etc/profile. Yes and both are processed. $ echo 'var1=a' /etc/profile $ echo 'var1=b' ~/.profile $ /bin/ksh -l $ echo $var1 b Of course, because .profile is processed after /etc/profile. Variables set in /etc/profile can be overridden by the user in .profile so setting the global defaults in /etc/profile works fine. --- Lars Hansson
Re: spamd - 250 return text
On 8/4/07, Tom Bombadil [EMAIL PROTECTED] wrote: We've had a pretty hard time from a client saying how rude this default message is. Even though their tech people didn't care, the people higher up got really offended... Quite understandably I'd say, since these greetings aren't really what we can call friendly... hehe This is seriously one of the most retarded things I've ever heard. Why are the upper people looking at the SMTP conversation anyway? The only way this could possible happen is if the sender bounces on it in which case it's pretty rude to be so completely in violation of standards and best practices. Lars Hansson
Re: how to clear dmesg outpout
Jose H. wrote: I think it is a pretty valid question(request?), you have to relay on external mechanisms, like syslog, or to compare differences from previous outputs of dmesg. Or just look at /var/run/dmesg.boot. Really, what's the point of clearing the buffer? I think it is a feature that can help a lot. Help a lot with what? --- Lars Hansson
Re: Access Control Mechanism (DAC x MAC)
Joco Salvatti wrote: MAC is much more sophiscitated that DAC. Thus I would like to know from you why OpenBSD does not implement this type of mechanism. More sophisticated != better. The longer answer is in the archives. --- Lars Hansson
netstart not using rtsol when invoked with interfaces
I ran into something a bit odd today. If I put rtsol in my /etc/hostname.ural0 file I get the expected IPv6 autoconf: ural0 during boot BUT if I do sh /etc/netstart ural0 rtsol is not run. Is this the intended behaviour? I'm running current. --- Lars Hansson
Re: netstart not using rtsol when invoked with interfaces
Here's a patch to fix it:
--- /etc/netstart.orig Tue Jun 19 11:12:42 2007
+++ /etc/netstart Tue Jun 19 11:49:36 2007
@@ -195,6 +195,23 @@
done /etc/bridgename.$1
}
+ip6start() {
+ if [ $ip6kernel = YES -a x$rtsolif != x ]; then
+ fw=`sysctl -n net.inet6.ip6.forwarding`
+ ra=`sysctl -n net.inet6.ip6.accept_rtadv`
+ if [ x$fw = x0 -a x$ra = x1 ]; then
+ echo IPv6 autoconf:$rtsolif
+ rtsol $rtsolif
+ else
+ echo WARNING: inconsistent config - check
/etc/sysctl.conf for IPv6 autoconf
+ fi
+ fi
+ if [ $ip6kernel = YES ]; then
+ # this is to make sure DAD is completed before going
further.
+ sleep `sysctl -n net.inet6.ip6.dad_count`
+ fi
+}
+
# Re-read /etc/rc.conf
. /etc/rc.conf
@@ -204,6 +221,9 @@
shift
fi
if [ $# -gt 0 ]; then
+ if ifconfig lo0 | grep -q ::1 ; then
+ ip6kernel=YES
+ fi
while [ $# -gt 0 ]; do
if [ -f /etc/bridgename.$1 ]; then
bridgestart $1
@@ -212,6 +232,7 @@
fi
shift
done
+ ip6start
return
fi
@@ -290,22 +311,7 @@
# do not start interfaces which must be delayed.
# Refer to hostname.if(5) and bridgename.if(5)
ifmstart trunk vlan carp gif gre pfsync pppoe
-
-if [ $ip6kernel = YES -a x$rtsolif != x ]; then
- fw=`sysctl -n net.inet6.ip6.forwarding`
- ra=`sysctl -n net.inet6.ip6.accept_rtadv`
- if [ x$fw = x0 -a x$ra = x1 ]; then
- echo IPv6 autoconf:$rtsolif
- rtsol $rtsolif
- else
- echo WARNING: inconsistent config -
check /etc/sysctl.conf for IPv6 autoconf
- fi
-fi
-if [ $ip6kernel = YES ]; then
- # this is to make sure DAD is completed before going further.
- sleep `sysctl -n net.inet6.ip6.dad_count`
-fi
-
+ip6start
# The trunk interfaces need to come up first in this list.
# The vlan interfaces need to come up after trunk.
# The pfsync interfaces need to come up before carp.
Re: Spamd variation
Praveen wrote: From the man page it appears that spamd relies on static information about spam originators. greylisting is pretty dynamic. --- Lars Hansson
Re: libexpat confusion
Jaap Versteegh wrote: For one: this dependency was never neccessary in the past. Because in the past there was an expat port. Shouldn't expat not just go into /usr/lib ? It's part of Xorg and therefore it belong in /usr/X11R6/lib/. And you are right about the fact that other ports depend on X being present. Like databases/odbc == gtk+-1.2.10p6 uses X11, but /usr/X11R6 not found. A database connectivity driver that depends on a GUI toolkit.. sounds fishy to me. Complain to the odbc people for depending on gtk. This has nothing to do with expat or OpenBSD. I hope OpenBSD doesn't slowly go GNU/Linux in the spaghetti sense. This is exactly what is avoided by not also having a standalone port of expat. --- Lars Hansson
Re: Load balancing with DSR
Linden Varley wrote: Anyone know of any load balancing software for OpenBSD that can do direct-server return? (our load balancers (openbsd boxes) are co-located and we pay for all data bandwidth). hoststated? --- Lars Hansson
Re: About BSD Certification
Diana Eichert wrote: Uggg, certs, I give little credence to any vendor cert. So many people use bootcamps for tests and walk away with little more than paper. I know, I work with them. Indeed. The problem isn't with certification in itself but the way it currently works in the IT industry. The majority of the people with certification got it by going to a boot camp or buying one of them examcram books thus end up with a certificate yet knowing nothing of value. --- Lars Hansson
Re: OpenBSD and Kerberos Client
[EMAIL PROTECTED] wrote: I don't have the audacity to do anything. The email signature is defined through company policy and tacked on by the M$ Exchange Server on the way out. I have no say and only see it when I get replies to my email. If your company insists on such stupid policies you should just get/use a free email account that you can control. But, I'm glad that you appreciate what the lawyers and IS have come up with. Perhaps if they had actually used their brains they wouldn't have implemented it in the first place. Lars Hansson
Re: No text cursor on OpenBSD/i386 4.1
Chris S wrote: It might really be Ubuntu's modified version that is to blame... for instance, the standard menu.lst features a quiet command that is listed nowhere in the official GRUB documentation, AFAIR. I use Ubuntu's GRUB and I dont have this problem. --- Lars Hansson
Re: help needed with routed problem
[EMAIL PROTECTED] wrote: Would the the zebra package be a relatively safe alternative? Zebra should work but you'd be better off just following Claudio's advice and use routed. Of course, when your campus network is using RIPv1 in 2007 (seriously, wtf? Did the admin fall asleep 20 years ago?) you have way more pain coming your way then making routed work. --- Lars Hansson
Re: OpenBSD 4.1 Torrents
Open Phugu wrote: From a project that has always placed security before everything, I do not understand the motivation behind not using a secure algorithm such as SHA-256 or SHA-512. Maybe they just understand the security implications better than you do. --- Lars Hansson
Re: NFS mount by non-root
Benoit Myard wrote: By the way, is anyone aware of the reason why this option is not present in OpenBSD's mount [2] (technical, security) ? man sysctl, man mount. Look for usermount. No idea if that works for NFS though. --- Lars Hansson
Re: 4.1 packages on the ftp sites
frantisek holop wrote: i simply did not make the connection that i am not supposed to use my cds before may 1. put a big sticker bits inside valid only from may 1 on the case or something :P Why? It's pretty obvious that the official release date is May 1 and you cant expect to download anything before then. and all you others: so is it not a punishment that you have the cds and still can't use them? hypocrites, all of you! Yeah, getting the CD's ahead of the official release date sure is a heavy punishment. Seriously, how hard is this to understand? --- Lars Hansson
Re: pf - drop or return - is stealth mode overrated?
Kian Mohageri wrote: I could argue either way, but my preference is 'block drop' most of the time. Hopefully most of the time does not include ICMP. --- Lars Hansson
Re: Openbsd ipsec with cisco vpn client
Claer wrote: 2. Cisco Systems hereby grants you the right to install and use the Software on an unlimited number of computers, provided that each of those computers must use the Software only to connect to Cisco Systems products, and subject to export restrictions in Paragraph 4 hereof. It's questionable if that is a legal limitation. It's like Ford would sell you a car but you could only drive to places Ford had approved of. Just because it's in a license doesn't mean it's legally valid. --- Lars Hansson
Re: using spamd to block outbound spam
Paolo Supino wrote: I appriciate your straight and forward replies :-) but the world isn't black and white and sometime you have to create work arounds to overcome other people's crap (well most of the time). No, in this case it is black and white. There is NO WAY to reliably fix this problem other than fixing the broken app or implementing the measures Bob Beck suggested. --- Lars Hanssn
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
chefren wrote: Clearly not to death and people here are seriously interested in pro and contra arguments. People are interested in discussing a lot things but that doesn't mean those discussions belong on [EMAIL PROTECTED] --- Lars Hansson
Re: bcw(4) is gone
darren kirby wrote: This is not so much a response to you Steven, as to the entire OpenBSD community. Wide-sweeping incorrect generalizations are awesome. Can I make one too? All GPL developers are morons. See? That was fun, wasn't it? Who cares if it's correct, two wrongs make a right, doesn't it? Don't bother responding, I'm gone. Have fun with your Broadcom chips No thanks, I don't buy from moronic companies. --- Lars Hansson
Re: bcw(4) is gone
Tobias Weisserth wrote: Who the hell do you think you are that you can impose a definition of free on me? I dunno, who does RMS think he is imposing his definition of free on me? --- Lars Hansson
Re: [OT] Re: Long WEP key
Joachim Schipper wrote: All in all, I might choose OpenVPN if it involved end users (lots of NAT, Windows, and other crappy stuff), OpenVPN isn't exactly awesome on Windows. --- Lars Hansson
Re: Long WEP key
mail-lists wrote: This would be great. However, I've yet to find an IPsec client that's 'easy' to set up.. ie. an end user can do it. Perhaps you know of a good way to solve this issue? I'd love to hear it! TheGreenbow. --- Lars Hansson
Re: Long WEP key
Sunnz wrote: So VPN is the way to go if you really want to secure your wireless network? VPN only secures traffic to and from the gateway, not *among* machines connected to the AP. If your AP is OpenBSD then VPN would work but most off-the-shelf AP's cant act as VPN endpoints and for those WEP and WPA are the only ways to secure your all your wireless traffic. --- Lars Hansson
Re: Long WEP key
Jeremy Huiskamp wrote: I'd like to hear an actual developer position on that statement. Check the archives for Reyk's comments on WPA. It will be in OpenBSD one day because, secure or not, it is gaining traction and is/will be required by many AP's (especially enterprise AP's). --- Lars Hansson
Re: Long WEP key
Maxime DERCHE wrote: There is a thing that I can't understand : why install and configure a secure by default OS if you use a WEP-based encryption on your Wi-Fi network, that anyone can crack in less than an hour ? Because it adds a minimum level of security that unencrypted doesn't? Sure, it's not much but it does keep the average joe out. If you are aware of WEP's weaknesses there's nothing wrong with using it. --- Lars Hansson
Re: Long WEP key
Darren Spruell wrote: Right. As long as we understand that it sucks, it's OK to use? Care to explain how not using WEP and allowing average joe easy access to your AP and network is better than running WEP and preventing him? Maybe it's OK to run telnetd so long as it's on port 10023 too? While comparing Apples and Oranges is fun it's not accurate. --- Lars Hansson
Re: Long WEP key
Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP-based encryption... WAP-based encryption? Do you mean WPA? --- Lars Hansson
Re: OpenBGPD MIB
Sylwester S. Biernacki wrote: Any chances to add that to the wishlist for next releases? You'll have to extend net-snmp in some way for this. The easiest may be to just write a shell script that parses bgpctl output into a MIB. The more complicated way would be to write a proper extension/plugin (or whatever the heck net-snmp call it). --- Lars Hansson
Re: adding routing obsd 3.9 running ospfd
[EMAIL PROTECTED] wrote: Hai All, I have two OpenBSD 3.9 box, both running OSPFD default on OBSD 3.9. I add static route on OBSD1 and found that the whole ospf rib disappear. Any clue? I had a somewhat similar problem with 3.9-RELEASE but for me it only happened with /32 routes. There was a patch for stable so you should try 3.9-stable or better yet, 4.0. --- Lars Hansson
Re: No Blob without Puffy
Pawel Jakub Dawidek wrote: So isn't it rather hypocritical to claim GPL license is bad and BSD license is good and ship operating system with GPLed code? No. How do you feel about having pro-GPL operating system? I don't know, I run OpenBSD. --- Lars Hansson
Re: Have a OpenBSD store in Asia? Is it possible?
Wim Vandeputte wrote: Did you contact http://www.genesis.com.hk/ in Hong Kong? Or should we remove them from the list of resellers? Probably, I don't think they've been alive for a good many years. I seem to recall this being the case even back in 3.x days. --- Lars Hansson
Re: Have a OpenBSD store in Asia? Is it possible?
Rafael Almeida wrote: OpenBSD site says there is one in Hong Kong: http://www.openbsd.org/orders.html#asia http://www.genesis.com.hk/ Uh, doesn't look like they're selling OpenBSD reallly... --- Lars Hansson
