With HTTPS, can you be sure that the server isn't comprimised? With or
without HTTPS, it's always a good idea to check wether the address is
correct (a foundation has to be registered and at other places).
On Wed, 2018-02-07 at 14:40 +0100, Jonathan Thornburg wrote:
> From http://www.openbsdfound
As far as I am concerned, HTTPS by itself doesn't do miracles. It
involved more tech. Unless you can hack the global web infra, it's only
possible to change this on a local network. Wouldn't there be more
interesting targets in such situations?
Don't get me wrong, I am not trying to downplay the l
Hi,
OpenBSD has a clear and proactive stance when it comes to security,
while Arch does not. If you want to stay atop of new developments, feel
free to try -current. If you need a very stable environment, go with
-stable. Don't expect to find that latter one in Arch, as it works with
a rolling rel
There is a bit of information that I am missing. You mentioned that the
throughput on your Amilo, with OpenBSD, is 240KB/s whereas "other OS"
(SiC) is able to get a throughput of 1.4MB/s.
What application are you using to measure the performance? And this is
not meant as an insult, but could it be
Thanks, Kevin. Exactly this. Even though I think OpenBSD is awesome, it
isn't fit for every situation/use case. Thus, I hardly meant that it is
viable for anything and everything.
To give some examples: OpenBSD doesn't support ZFS (nor should it, lots
of kernel changes required for that, some are
Copperhead's linux-hardened can be a suitable replacement for grsec in
due time. However, AFAIK that is not the intent. Fot those unfamiliar
with Copperhead, they did (and do) an awesome job on hardening Android.
They have forked AOSP, hardened it. The fork is called CopperheadOS.
This is also the
Hi,
Did you upgrade your packages after upgrading to -current? Can you
share your /etc/pfstat.conf?
-J.
On Wed, 2018-02-14 at 11:58 +0800, Glenn Faustino wrote:
> Hi,
>
> I noticed that my system stop generating graphs for pfstat after upgrading
> to -current. When I run the command manually it
Hi,
Strange. With the default pfstat.conf it works fine, though when I try
it with your config (though edited to my setup), I get exactly the same
error as you did. Also on -current.
Are you able to rebuilt your config, piece by piece and see where it
fails? That might help to narrow it down trem
Hi,
I've yet to stumble upon the first provider which actually uses OpenBSD
as the hypervisor, instead of VMware, Xen, KVM, etc. That, in fact,
would be an awesome development. I have been thinkering with this
thought back and forth, but the IT company I work for isn't big enough
to facilitate thi
to be licensed under
Apache 2.0.
If my assumptions are correct, and since NSD is in base, the dependency
on the Apache 2.0 licensed code is therefore better removed or,
alternatively, relicensed under a BSD-compatible license, right?
Thanks in advance.
Cheers,
Jeroen
Hi Stuart,
On Mon, 2022-11-07 at 23:20 +, Stuart Henderson wrote:
> Hi Jeroen,
>
> On 2022-11-07, Jeroen Koekkoek wrote:
> > Hi All,
> >
> > I'm working on some patches/features for NSD. One of the new
> > features
> > uses some Apache 2.0 li
. But as mentioned above you can do it on
hostnames.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Simon Vallet wrote:
> On Sat, 06 Dec 2008 21:17:39 +0100
> Jeroen Massar <[EMAIL PROTECTED]> wrote:
>
>> Simon Vallet wrote:
>> [..]
>>> Would I be missing something?
>> The fact that generally people use NAMES and not IP addresses?
>>
>&
onnectivity he doesn't need a tunnel broker.
I guess he confused a 'tunnel broker' with an entity that can convert
IPv6->IPv4.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Matthew Dempsky wrote:
> On Wed, Dec 17, 2008 at 12:43 AM, Jeroen Massar wrote:
>> I guess there is a practical use here, that is, if your tools all
>> understand IPv6, because then you only have an IPv6 "NAT" to IPv4 and
>> you skip the IPv4 NAT to IPv4 in case yo
Stephan A. Rickauer wrote:
> On Wed, 2008-12-17 at 11:11 +0100, Jeroen Massar wrote:
>> You are trying to solve the wrong problem with the wrong hammer.
>
> "I need to go the bus station. Do you know the way?"
> "If I were you, I wouldn't start from here.&qu
ss you want to use other
protocols, but those are hard to "NAT" anyway. You could of course
always set up a SOCKS proxy as those things also properly do IPv4->IPv6
IPv6->IPv4 IPv4->IPv4 IPv6->IPv6 etc etc etc.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
o-41
doesn't have support for dynamic endpoints (unless you manually script
it, then again, heartbeat is not that far away from that in some cases ;)
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
gbit-internet-router-pc-build/
https://michael.stapelberg.ch/posts/2021-05-16-home-network-fiber-10-gbits-upgrade/
Yep, again Linux focussed, but OpenBSD should not be much too off on similar
hardware.
Greets,
Jeroen
regardless of packet rate and size, at interface speeds up to 40Gbps.
>8
And I know for a fact that IBM ISS has a DPI thing which can do
40Gbps++, that is including upto Level 7 analysis... it just depends on
what kind of hardware one throws at it ;)
Greets,
Jeroen
(long live IPSEC :)
[dem
it
> in the work he did for his thesis. If you are
> interested it is available here,
>
https://ritdml.rit.edu/dspace/bitstream/1850/4769/1/JDonaldsonThesis05-2007.p
df
*print*, looks like a good read for the train coming up next ;)
Greets,
Jeroen
[demime 1.01d removed an attachme
t or it will not work
> at (eval 29) line 1
chmod +s `which fping`? :)
(that is, if fping is in your path, and if that is the right fping, also
note that there is fping and fping6)
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
an also turn it off using net.ipv6.bindv6only = 1
On *BSD you will have to code properly, using separate IPv4 + IPv6
sockets and thus listen for both.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
c but then gets whining people on his neck complaining about
licensing issues, as it is not their license and thus is not good
enough. Blergh.
Greets,
Jeroen
(who just sticks BSD licenses on 'code I give away' and everything
else is nice and commercial and closed source: pay for it first)
[de
e as it
was not requested.
Btw watch out with scripts, if they fail to execute properly, dhclient
will nicely loop and keep on requesting new addresses, most likely
causing the pool on the server side to run empty (at least that happened
to me that last time ;)
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Wim Vandeputte wrote:
> Hi,
>
> In the spirit of Xmas or should I say vapor of spirits,
Those spirits are actually quite liquid ;) Enjoy your whiskey guys!
Oh and of course the large number of great talks they are giving, they
managed to get a great lineup again!
Greets,
Jeroen
[dem
T to get a public
address and using that for everything.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
ou can
telnet into it.
Also note that Apache (you only mentioned httpd) might be in a chroot or
running as a different user than what you expect it to be.
and of course check firewall rules etc.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
) and then do that
project. That will catch their attention and will earn you cash...
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
#x27; actually means that a company is
really paying somebody to do the work and then open source it, it is
really about the service isn't it?)
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
uite a bit better for those cases. Clearly quite a number of
vendors can't care less about licensing as long as they can earn loads
of cash... With BSD though one has to hope that the company using your
cool tools returns something back or at least acknowledges what you did.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
owadays support it, most Windows boxes use it etc,
thus most homes have it and it enables the opening of ports on the NAT
box so that they get forwarded to the internal box that requests it
See amongst others:
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&mes
sage.id
With the help of OpenBSDbs Linux
emulation, and a kernel module, it is possible to run VMWare on OpenBSD.
----->8
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
then. Use DNS. Simple.
12.6 indeed, every John Joe does their own network. They also have a
clear understanding of IPv4 netmasks, broadcast, network address, CIDR,
etc etc I assume ;)
12.7 again read RFC3041 or just configure it statically or randomly
whatever. There are a lot more ways to track
Marc Espie wrote:
> On Sun, Jan 28, 2007 at 03:17:14PM +0000, Jeroen Massar wrote:
>> Also note that FT serves the whole country of France, you might not like
>> them, but they also have a right to use the Internet ;) Most ISP's get
>> only a /32 and there are millions
Claudio Jeker wrote:
> On Sun, Jan 28, 2007 at 03:17:14PM +0000, Jeroen Massar wrote:
>> Brian Candler wrote:
>>> On Sun, Jan 28, 2007 at 12:36:38AM -0800, Joe wrote:
>>>> whats sad is how many people will never let go of NAT after they migrate
>>>> to
[changed subject to something more related ;) ]
Brian Candler wrote:
> On Sun, Jan 28, 2007 at 03:17:14PM +0000, Jeroen Massar wrote:
>>> And if you need to change ISP, and
>>> therefore get a new address allocation, many people would rather just put
in
>>> some N
chained header. Some NetFlow
implementations also do this, and thus will report "HOP BY HOP" as the
protocol, while it actually is TCP or UDP in the end :)
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
as it is already
amazingly secure as has been very well been demonstrated: kuddo's
to all the developers who made that possible!
Greets,
Jeroen
--
if (it.hascode()) it.hasabug();
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
tpd
http://sourceforge.net/projects/rp-l2tp
which are also in the google results...
Google is your boyfriend ;)
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
of variables.
In case you have bash, just add a 'set -x' at the top, saves quite some
hard labor :) Prolly also available for other shells, use the tool you like.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
re and share alike"). The GNU Ada
> compiler is commerical software, which also happens to be released under
> the GPL.
That is simply dual-licensing, something different altogether ;)
See above for a nasty trick there though.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
[set the topic to make it nice and clear, this has nothing to do with
bcw(4) for a long time now, actually the whole thread avoided it]
Rui Miguel Silva Seabra wrote:
> Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu:
>> GPL is good though if you want to force people to give back
Rui Miguel Silva Seabra wrote:
> [correct the subject] ;)
>
> Qua, 2007-04-11 C s 14:26 +0100, Jeroen Massar escreveu:
>> [set the topic to make it nice and clear, this has nothing to do with
>> bcw(4) for a long time now, actually the whole thread avoided it]
>>
>&
e writes this in CIDR style, thus for your example:
block out quick on $external from any to 123.123.100.0/24
block out quick on $external from any to 123.123.200.0/24
A /23 would be 100 - 254, see 'sipcalc' or other such tools for
calculations. Also see Wikipedia's CIDR entry for mor
we don't have to run through the crazy password change scramble.
And then the evil user simply drops a backdoor binary on one of the
machines.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
7; (dig +trace is very useful)
> I don't have enough
> installations to test this hypothesis. Other than troubleshooting
> help, what are other people using for dns caching?
Well, pdns_recursor or bind one of the two actually. If I where you I
would first diagnose your network a bit more and s
y? what cards have good
> performance?
4 NE2000's will do fine in any machine. Kidding ;)
What link speeds do you want to handle with the setup, and more
importantly, what is the expected traffic mix? Are you going to expect
a high pps rate, do you require low latency? Also, what is your budget?
r box? -> check your BIOS that it is on.
> cpu0 at mainbus0: (uniprocessor)
It only sees one CPU, most likely due to missing ACPI.
[..]
> WARNING: NVRAM century is 32 but RTC year is 2007
Clearly something is wrong with the config of the BIOS. try resetting it
or turning some knobs.
t probably it was me.
Or it could have been Paul de Weerd who also runs around those areas.
If the person was quite tall and looked like:
http://www.weirdnet.nl/images/paul.jpg then it was him.
It wasn't me as I am not on the continent, back there in October though.
Greets,
Jeroen
[demime 1.
her of going where you think you are going.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Lars NoodC)n wrote:
> Jeroen Massar wrote:
>> Stop exactly there.
>> Upgrade to either Apache 2.x or patch your Apache 1.3 with IPv6 patches.
>
> Is there a conveniently chrooted version (port or package) of
> Apache2.x? Or is chrooting the new version entirely up
Christian Weisgerber wrote:
> Jeroen Massar <[EMAIL PROTECTED]> wrote:
>
>> And as mentioned, you can always apply the 1.3 patches if you don't like
>> going that route. (I still actually don't understand why those patches
>> are not integrated yet in the
ody use it and then
let people pay for what they've done in returns for "support costs"
these people use GPL viral licenses.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
eir freedom, which is not the intent of the original copyright holder
and also something you fortunately can't be doing.
If you don't like the licensing, then don't use the code at all, don't
even look at it.
Greets,
Jeroen
[demime 1.01d removed an attachment of type applica
he other one:
> On Sun, Sep 02, 2007 at 10:32:05AM +0100, Jeroen Massar wrote:
>> Because of the choice between licenses you can either choose to adhere
>> to the GPL (thus forcing you to open up your changes)
>^^^
>
> Tha
thread from last week orso, but it should not be too
long for those items to be resolved.
Enjoy!
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
ntain freedom for all users. If one user
> looses freedom, the spirit is broken. So YOU stick with the spirit, OK?
And by removing the BSD license you are thus removing freedom.
Did you notice that? That is what has been repeated to you already a
number of times.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
;t you just love the Bern convention :)
Though any courtcase where it is not specified might easily be stapled
as 'the copyright was not there so we can't know who owns it'. Thus
wherever possible always tag ones files with a (c) this
is also handy for determining prior art etc.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
things clear. Please stop.
>
> You seem uneducated about how powerless someone is without the freedom to
> change a program because he has no access to the source code.
That is only because you are uneducated in the art of assembly and more
importantly there in the art of disassembly. That you ar
net/tools/aiccu/brokers/ for a
large list of them which should encompass all. Unfortunately there have
not been any offers from that area yet to get one up and running.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Do NOT CC me - I am subscribed to the list.
> Replies to the sender address will fail except from the list-server.
If you want that set the Reply-To header to whatever you want, that is
why it exists.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Teredo
allocation.
> Quote RFC 2373, page 12:
> --
>Site-Local addresses have the following format:
Site-locals are deprecated. See the above IANA URL.
As for getting real/internet-usable address space, see
http://en.wikipedia.org/wiki/Tunnel_Broker
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
ven
Windows.
There is another excellent OS book(*), but I am a Dinosaur-Junky thus
only recommend this one ;)
Greets,
Jeroen
--
* = Operating Systems Design and Implementation by Andrew Tanenbaum et
al.
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
db8:f33d:: -prefixlen 48 2001:db8:f00d::3
BTW: Don't forget to route the prefix to lo at the last hop so that any
unassigned subnets don't cause the packet to be bounced back up to the
default route.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Sevan / Venture37 wrote:
> ipv6.undeadly.org doesn't resolve, is the site not offered via IPv6
anymore??
www.undeadly.org2001:4978:129::1
216.194.67.89
Works like a charm.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-s
bsd.org/amd64.html
Which is named so just like Debian, because amd64 was first and then
Intel made EMT64. Some distro's renamed their amd64 branch to x86_64 for
this reason because that is a better name for the instruction set.
Note that AMD64/EMT64 is not equal to IA-64 which is Itanium.
Gr
can
take a look at the code and that you have a possibility to enhance and
maybe contribute to it, but for businesses that is useless.
Greets,
Jeroen
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Damian Wiest wrote:
[..]
> I'm hoping I won't get scolded for mentioning this: http://bsd.ee/~olev/
If you spend 770+ hours on that, I don't think anybody will even try to
make an argument with you ;) Looks really cool!
Greets,
Jeroen
[demime 1.01d removed an attachment of ty
69 matches
Mail list logo