On Mon, Dec 03, 2007 at 01:37:53PM -0700, Bob Beck wrote:
* Marco Peereboom [EMAIL PROTECTED] [2007-12-03 06:19]:
No harm done just stupidity perpetuated. Kind of like fox news.
Dunno about no harm done there marco - Saying fox news doesn't do
any harm is like saying Joesph Goebels
Joseph C. Bender wrote:
Scott Learmonth wrote:
And Khalid - sorry to hijack your thread. Most of my road warriors are
going to be on macs and too cheap to purchase VPN Tracker. Any
successes I gave I'll certainly share.
There's always OpenVPN. GUI via Tunnelblick
On Dec 4, 2007, at 12:14 AM, visc wrote:
So, my question is this - what are the current best practices for
setting up a hub and spoke topology using OpenBSD, allowing for
traffic to securely flow from Branch to Branch on occasion without
using a full mesh topology. If it's at all
* Tom Bombadil [EMAIL PROTECTED] [2007-12-04 03:00]:
exim is an insecure piece of shit that makes old sendmail look good.
besides, it is not free.
Curiosity here since we are exim users... what makes it insecure?
rotten design and bad implementation, to begin with?
Should we be really
On Dec 3, 2007 10:53 PM, Damien Miller [EMAIL PROTECTED] wrote:
Secondly, I don't think anyone in OpenBSD would display as much hubris
as this claim on the Hiawatha home page: Hiawatha's source code is
free of security-bugs.
Heh, OK.
Hallo!
I am observing seemingly perplexing problem on OpenBSD 4.1 firewall.
Some dns queries work from behind firewall towards internet and others
doesnt. For example doesnt work query which has a big response of TXT data.
Firewall has internal interface em1 attached to subnet 10.0.1 (actual
Hi there,
I was speaking to someone at OpenCON about the fundamental systrace
flaw regarding processes forking in order to bypass the checks. The
general impression I was given was that systrace is to be removed at
some point.
If this is the case, will there be a similar tool available?
I ask
On Mon, Dec 03, 2007 at 01:00:37PM -0800, Tom Bombadil wrote:
Greetings...
We are trying to use a couple routers with carp and uplinks with 2
different providers. One router as master and another one slave. The
slave getting all the routes from the master using IBGP.
The problem is that
On Mon, 3 Dec 2007, xSAPPYx wrote:
On Dec 3, 2007 5:04 AM, ropers [EMAIL PROTECTED] wrote:
On 03/12/2007, L [EMAIL PROTECTED] wrote:
I can't find the 'reply only to group' feature my mail client yet.. but
I just started using this email client recently. It is Mozilla Thunderbird.
Reply to
hmm, on Mon, Dec 03, 2007 at 02:24:05PM -0500, MikeM said that
toggle between symbols and numbers (e.g., -n for netstat or tcpdump) it
may be helpful as well. That's the main reason why I originally though
+1
one man's worthless feature is other man's best friend.
please put it in...
-f
--
On Tue, 4 Dec 2007, Markus Hennecke wrote:
But since it replaced pine the UTF-8 support is broken for me, and the arrow
UTF-8 works fine here.
--
Antoine
On 12/4/07, John Rodenbiker [EMAIL PROTECTED] wrote:
On Dec 4, 2007, at 12:14 AM, visc wrote:
So, my question is this - what are the current best practices for
setting up a hub and spoke topology using OpenBSD, allowing for
traffic to securely flow from Branch to Branch on occasion without
On Tue, 4 Dec 2007, Edd Barrett wrote:
I ask because I find USE_SYSTRACE (/etc/mk.conf) essential for the
TeXLive port. It writes all over the place during the build.
Better fix the port then.
--
Antoine
Hi,
On 04/12/2007, Antoine Jacoutot [EMAIL PROTECTED] wrote:
Better fix the port then.
I think you misunderstood. The port is fixed, but only because
systrace allowed me to cut the build short when the build offended.
--
Best Regards
Edd
---
On Tue, 4 Dec 2007, Edd Barrett wrote:
On 04/12/2007, Antoine Jacoutot [EMAIL PROTECTED] wrote:
Better fix the port then.
I think you misunderstood. The port is fixed, but only because
systrace allowed me to cut the build short when the build offended.
Ah ok yes, I did misunderstand. Well
On 12/4/07, Tony Sarendal [EMAIL PROTECTED] wrote:
On 12/4/07, John Rodenbiker [EMAIL PROTECTED] wrote:
On Dec 4, 2007, at 12:14 AM, visc wrote:
So, my question is this - what are the current best practices for
setting up a hub and spoke topology using OpenBSD, allowing for
I have a multiple ISP router/firewall running 4.2. To make FTP work
properly over both gateways, I found and applied the following patch to
ftp-proxy **see link below** and it's working great (apparently pftpx is
very similar to ftp-proxy). Without this fix, my second ftp-proxy process
(for
Hi.
Marc Balmer gave me info about adding gpio support
for the new alix boards produced by pcengines.
I hope someone is interested in ... I'll sum it up ...
1. add to GENERIC config
gpio* at gscpcib?
glxpcib* at pci? # AMD CS5536 PCI-ISA bridge
gpio* at glxpcib?
2. booting the new
On Tue, Dec 04, 2007 at 10:04:54AM +0100, Henning Brauer wrote:
* Tom Bombadil [EMAIL PROTECTED] [2007-12-04 03:00]:
exim is an insecure piece of shit that makes old sendmail look good.
besides, it is not free.
Curiosity here since we are exim users... what makes it insecure?
On Tue, Dec 04, 2007 at 10:16:27AM -0500, Douglas A. Tutty wrote:
Could you be slightly more specific?
perhaps checking vulnerabilities reported compared
to other products. see also how frequent the fixes are,
since some bug fixes can also improve security
(some bugs can be used as security
I'm noticing that the messages log seems to be world readable in 4.2
e.g.
-rw-r--r-- 1 root wheel 1801 Dec 4 17:51 messages
What's up with that? Shouldn't it be set to 640? If not what is the
rationale for 644?
-Lars
Imre Oolberg wrote:
Hallo!
I am observing seemingly perplexing problem on OpenBSD 4.1 firewall.
Some dns queries work from behind firewall towards internet and others
doesnt. For example doesnt work query which has a big response of TXT data.
If someone could explain to me where to look to
Bryan S. Leaman wrote:
I have a multiple ISP router/firewall running 4.2. To make FTP work
properly over both gateways, I found and applied the following patch to
ftp-proxy **see link below** and it's working great (apparently pftpx is
very similar to ftp-proxy). Without this fix, my second
On 14:45:41 Dec 04, frantisek holop wrote:
+1
one man's worthless feature is other man's best friend.
please put it in...
No use shouting yourself hoarse over this.
If it is a no , it is a no. I later realized that nobody can satisfy
everyone's needs and it is impossible to ever get total
hmm, on Tue, Dec 04, 2007 at 09:47:17PM +0530, Girish Venkatachalam said that
On 14:45:41 Dec 04, frantisek holop wrote:
+1
one man's worthless feature is other man's best friend.
please put it in...
No use shouting yourself hoarse over this.
shouting? are you serious?
If it is
On Sat, Dec 01, 2007 at 08:41:48AM -0500, Frank Bax wrote:
Jonathan Gray wrote:
On Fri, Nov 30, 2007 at 11:42:53PM -0500, Frank Bax wrote:
TP-LINK 802.11g/b pci cards (model TL-WN353G) are on sale; so I got one.
Chipset is marked RTL8185L.
I found a reference to RTL8185 in CVS, but I'm not
* frantisek holop [EMAIL PROTECTED] [2007-12-04 18:15]:
If it is a no , it is a no. I later realized that nobody can satisfy
everyone's needs and it is impossible to ever get total buy in in
anything. We have to respect the developer's decisions.
Henning has not used the word no, yet.
he
while that is entirely true, I really don't see much of a point here.
actually, if I were to implement these parts now I'd make it print port
numbers only and not names - we don't print hostnames either.
but - it has been that way for more than 6 years. I don't see a good
reason to change
Hello,
From reading the documentation, I couldn't quite tell where the antispoofing
rule should fall in a pf ruleset.
Is this syntax correct? I thought I'd be able to access another LAN machine
freely via ssh (I've already tested that ssh does work without a firewall), but
I
On 04/12/2007, Lars Noodin [EMAIL PROTECTED] wrote:
I'm noticing that the messages log seems to be world readable in 4.2
e.g.
-rw-r--r-- 1 root wheel 1801 Dec 4 17:51 messages
What's up with that? Shouldn't it be set to 640? If not what is the
rationale for 644?
It
On 04/12/2007, Constantine A. Murenin [EMAIL PROTECTED] wrote:
On 04/12/2007, Lars Noodin [EMAIL PROTECTED] wrote:
I'm noticing that the messages log seems to be world readable in 4.2
e.g.
-rw-r--r-- 1 root wheel 1801 Dec 4 17:51 messages
What's up with that?
Hi misc,
I noticed way back with 3.8 that netstat would sometimes hang on me
for a very long time (over two minutes) before spitting out the Active
Internet Connections list; once it shows that though, it shows the
rest of the lists in an instant. I thought it was just a fluke so I
ignored it.
Hi,
I am planning (I do not know when) to use a PKI to manage the key of a VPN
router.
I follow a little the last discussion: IpSec may be use without (too much)
trouble on recent Windows and MacOS client (in addition of OpenBSD
client).
No (strong) need for pptp or L2TP.
The key are manage by
On 1 Dec 2007, at 05:37, visc wrote:
On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote:
Hi,
I'd like to make a VPN Concentrator using openbsd. I want users to be
able to authenticate using usernames and passwords and to either nat
the users or give them an ip from our main dhcp server via a
So how can i get an encrypted vpn service with username and password
auth instead of certificates? We kind of skimmed over those bits.
On 1 Dec 2007, at 06:44, Scott Learmonth wrote:
On 30-Nov-07, at 9:57 PM, Jason Dixon wrote:
On Dec 1, 2007, at 12:37 AM, visc wrote:
On 30-Nov-07, at
On Tue, Dec 04, 2007 at 03:05:31PM -0500, Nick Guenther wrote:
Hi misc,
I noticed way back with 3.8 that netstat would sometimes hang on me
for a very long time (over two minutes) before spitting out the Active
Internet Connections list; once it shows that though, it shows the
rest of the
On 2007/12/04 21:17, Khalid Schofield wrote:
So how can i get an encrypted vpn service with username and password auth
instead of certificates? We kind of skimmed over those bits.
is authpf any good for you?
On 2007/12/04 21:48, Jean-Girard Pailloncy wrote:
The key are manage by isakmp, and I would like to use a PKI to manage the
keys. Then to migrate the keys to the VPN servers (file or LDAP ?).
I think you're missing part of the puzzle.
For the client OS you're talking about, I think you're
try using the -n switch, if that works, something is not resolving properly.
Hi,
I'm using freetds from my OpenBSD machine to connect to a MS SQL Server
and works like a charm. Now I need to access to a Oracle server but it
seems that the TDS protocol is not supported by Oracle databases, they use
their own protocol named TNS and there is no freetns available.
I
On 12/4/07, Claudio Jeker [EMAIL PROTECTED] wrote:
On Tue, Dec 04, 2007 at 03:05:31PM -0500, Nick Guenther wrote:
Hi misc,
I noticed way back with 3.8 that netstat would sometimes hang on me
for a very long time (over two minutes) before spitting out the Active
Internet Connections
What would be the rationale for 640? ;)
Well according to cvs log:
it can be easily changed if you like it another way. millert,
So I guess one rationale might be as simple as because ;)
-B
On 18:08:13 Dec 04, frantisek holop wrote:
shouting? are you serious?
I am rarely if ever serious. ;)
-Girish
On 12/4/07, Joaquin Herrero [EMAIL PROTECTED] wrote:
Hi,
I'm using freetds from my OpenBSD machine to connect to a MS SQL Server
and works like a charm. Now I need to access to a Oracle server but it
seems that the TDS protocol is not supported by Oracle databases, they use
their own
On 11:06:09 Dec 04, Bob Beck wrote:
Personally, I think if I were starting from square one, I'd
do port numbers, not service names, but that's not the way it's
been for many years and even though my preference would be numbers
my loathing for yet another option far outweighs this
*seriously* unsupported:
$ perl -pi -e s,etc/services,etc/sXrvices, /sbin/pfctl
~/bin/pfctl-no-service-names
your foot is
:
:
:
V
this way bang
Quoting Stuart Henderson [EMAIL PROTECTED]:
*seriously* unsupported:
$ perl -pi -e s,etc/services,etc/sXrvices, /sbin/pfctl
~/bin/pfctl-no-service-names
your foot is
:
:
:
V
this way bang
A longer winded version (same idea - Perl ... and no prizes for my code)
use
On 23:44:31 Dec 04, Stuart Henderson wrote:
*seriously* unsupported:
$ perl -pi -e s,etc/services,etc/sXrvices, /sbin/pfctl
~/bin/pfctl-no-service-names
your foot is
:
:
:
V
this way bang
Wow ;)
I never imagined one cud get so devious with programming. Ha ha
Human
On 13:22:23 Dec 05, [EMAIL PROTECTED] wrote:
A longer winded version (same idea - Perl ... and no prizes for my code)
use warnings;
use strict;
# Get the rules
my $pfctl_rules=`pfctl -s rules`;
# Get the known services
open(SERVICES,/etc/services);
my (@services)=SERVICES;
# Pull
Pedro de Oliveira wrote:
Hello,
Someone on IRC just posted this link http://www.delilinux.de/oksh/ , seems
like someone ported OpenBSD ksh to Linux and licensed it under GPLv3.
Isn't
this a license violation?
The ksh in OpenBSD is the pdksh (Public Domain). Slap a license on it if
you
On Tue, 4 Dec 2007 16:59:51 -0500
Nick Guenther [EMAIL PROTECTED] wrote:
On 12/4/07, Claudio Jeker [EMAIL PROTECTED] wrote:
On Tue, Dec 04, 2007 at 03:05:31PM -0500, Nick Guenther wrote:
Hi misc,
I noticed way back with 3.8 that netstat would sometimes hang on me
for a very long
On 06:12:09 Dec 05, Girish Venkatachalam wrote:
If there is enough coffee for me in the list, I would do it. ;)
This diff should satisfy everyone.
-Girish
Index: pfctl_parser.c
===
RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v
375, 410, 468:
Are these build numbers?
Yes.
So, the current stable kernel is 0?
OpenBSD amdthunder.home.local 4.2 GENERIC#0 i386
OpenBSD black.cirt.vt.edu 4.2 GENERIC#0 i386
--
View this message in context:
http://www.nabble.com/OpenBSD-version---build-question-tf4923181.html#a14163491
* Joaquin Herrero [EMAIL PROTECTED] [071204 17:27]:
Hi,
I'm using freetds from my OpenBSD machine to connect to a MS SQL Server
and works like a charm. Now I need to access to a Oracle server but it
seems that the TDS protocol is not supported by Oracle databases, they use
their own
On Dec 4, 2007 5:41 PM, new_guy [EMAIL PROTECTED] wrote:
375, 410, 468:
Are these build numbers?
Yes.
So, the current stable kernel is 0?
Just on your system. The -release kernel as compiled by
[EMAIL PROTECTED] is his build #375.
Once you start compiling your own kernels you may build
I've searched OpenBSD.org and google for source code signing practices in
OpenBSD, nothing obvious stands out. I've probably overlooked it. Just
curious about this... is the process described someplace?
--
View this message in context:
Hello,
I just plugged in some USB devices into my old 133Mhz laptop with
OpenBSD on it and they magically work. These devices would not work
and/or had problems on Winblows with the laptop.. yet on the desktop
they USB devices worked fine. So as I say.. compliments, and thanks.
Question
Hola muy buenos dias, le escribo nuevamente para comentarle que se han
liberado algunos espacios en Cancun para esta navidad puede ver mas
detalles en http://www.yuppieviajes.com/cancun tambien puede marcarme al
01 800 123 3153 o al 01 800 555 0505 o si prefiere que le marque puede
indicarme
On Dec 4, 2007 9:34 PM, Camiel Dobbelaar [EMAIL PROTECTED] wrote:
I think I helped create part of that route-to diff, but I don't think it
belongs in base ftp-proxy. A userland daemon should not control routing
like that.
Maybe the new 'tag' option can be used for this? (or else the tag
I noticed way back with 3.8 that netstat would sometimes hang on me
for a very long time (over two minutes) before spitting out the Active
Internet Connections list; once it shows that though, it shows the
rest of the lists in an instant. I thought it was just a fluke so I
ignored it. But now
While trying to install fileinfo
# pecl install fileinfo
I get the following error.
downloading Fileinfo-1.0.4.tgz ...
Starting to download Fileinfo-1.0.4.tgz (5,835 bytes)
.done: 5,835 bytes
3 source files, building
running: phpize
Configuring for:
PHP Api Version: 20041225
Zend
On 4-Dec-07, at 10:24 PM, L wrote:
Hello,
I just plugged in some USB devices into my old 133Mhz laptop with
OpenBSD on it and they magically work. These devices would not work
and/or had problems on Winblows with the laptop.. yet on the
desktop they USB devices worked fine. So as I say..
Question about buttons and knobs..
What exactly is a knob?
At least here is Australia, knob is slang for:
1. Penis
2. an idiot or a person who does stupid things.
That guy is a knob
That thing on the door is a handle. A knob would let you adjust how
far the door opens, how much it resists being opened, whether or not
it shuts itself (and how quickly) and how far you have to turn the
handle to get it to start opening. Clearly most doors work just fine
without knobs.
On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote:
I've searched OpenBSD.org and google for source code signing practices in
OpenBSD, nothing obvious stands out. I've probably overlooked it. Just
curious about this... is the process described someplace?
No. OpenBSD doesn't sign code.
On 5/12/2007, at 4:24 PM, L wrote:
Question about buttons and knobs..
What exactly is a knob?
[cut]
it simpler. For example the CP command is just a knob for copy..
My understanding of knob is an option or a switch. I guess the
meaning is like a music console - all those knobs you can
On 5/12/2007, at 7:09 PM, Richard Toohey wrote:
On 5/12/2007, at 4:24 PM, L wrote:
Question about buttons and knobs..
What exactly is a knob?
[cut]
it simpler. For example the CP command is just a knob for copy..
My understanding of knob is an option or a switch. I guess the
meaning
On Tue, Dec 04, 2007 at 05:41:28PM -0800, new_guy wrote:
375, 410, 468:
Are these build numbers?
Yes.
So, the current stable kernel is 0?
OpenBSD amdthunder.home.local 4.2 GENERIC#0 i386
OpenBSD black.cirt.vt.edu 4.2 GENERIC#0 i386
When you build a kernel, a new vers.c file is
68 matches
Mail list logo