Re: OpenBSD Foundation on HTTPS

With HTTPS, can you be sure that the server isn't comprimised? With or without HTTPS, it's always a good idea to check wether the address is correct (a foundation has to be registered and at other places). On Wed, 2018-02-07 at 14:40 +0100, Jonathan Thornburg wrote: > From http://www.openbsdfound

Re: OpenBSD Foundation on HTTPS

As far as I am concerned, HTTPS by itself doesn't do miracles. It involved more tech. Unless you can hack the global web infra, it's only possible to change this on a local network. Wouldn't there be more interesting targets in such situations? Don't get me wrong, I am not trying to downplay the l

Re: considering a move to OpenBSD

Hi, OpenBSD has a clear and proactive stance when it comes to security, while Arch does not. If you want to stay atop of new developments, feel free to try -current. If you need a very stable environment, go with -stable. Don't expect to find that latter one in Arch, as it works with a rolling rel

Re: Why is so slow the download speed in OpenBSD?

There is a bit of information that I am missing. You mentioned that the throughput on your Amilo, with OpenBSD, is 240KB/s whereas "other OS" (SiC) is able to get a throughput of 1.4MB/s. What application are you using to measure the performance? And this is not meant as an insult, but could it be

Re: considering a move to OpenBSD

Thanks, Kevin. Exactly this. Even though I think OpenBSD is awesome, it isn't fit for every situation/use case. Thus, I hardly meant that it is viable for anything and everything. To give some examples: OpenBSD doesn't support ZFS (nor should it, lots of kernel changes required for that, some are

Re: considering a move to OpenBSD

Copperhead's linux-hardened can be a suitable replacement for grsec in due time. However, AFAIK that is not the intent. Fot those unfamiliar with Copperhead, they did (and do) an awesome job on hardening Android. They have forked AOSP, hardened it. The fork is called CopperheadOS. This is also the

Re: pfstat not generating graphs after upgrading to -current

Hi, Did you upgrade your packages after upgrading to -current? Can you share your /etc/pfstat.conf? -J. On Wed, 2018-02-14 at 11:58 +0800, Glenn Faustino wrote: > Hi, > > I noticed that my system stop generating graphs for pfstat after upgrading > to -current. When I run the command manually it

Re: pfstat not generating graphs after upgrading to -current

Hi, Strange. With the default pfstat.conf it works fine, though when I try it with your config (though edited to my setup), I get exactly the same error as you did. Also on -current. Are you able to rebuilt your config, piece by piece and see where it fails? That might help to narrow it down trem

Re: Cloud Services and kernel mitigations and OpenBSD cli support

Hi, I've yet to stumble upon the first provider which actually uses OpenBSD as the hypervisor, instead of VMware, Xen, KVM, etc. That, in fact, would be an awesome development. I have been thinkering with this thought back and forth, but the IT company I work for isn't big enough to facilitate thi

Question regarding Apache 2.0 license

to be licensed under Apache 2.0. If my assumptions are correct, and since NSD is in base, the dependency on the Apache 2.0 licensed code is therefore better removed or, alternatively, relicensed under a BSD-compatible license, right? Thanks in advance. Cheers, Jeroen

Re: Question regarding Apache 2.0 license

Hi Stuart, On Mon, 2022-11-07 at 23:20 +, Stuart Henderson wrote: > Hi Jeroen, > > On 2022-11-07, Jeroen Koekkoek wrote: > > Hi All, > > > > I'm working on some patches/features for NSD. One of the new > > features > > uses some Apache 2.0 li

Re: IPv6 virtual hosts

. But as mentioned above you can do it on hostnames. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: IPv6 virtual hosts

Simon Vallet wrote: > On Sat, 06 Dec 2008 21:17:39 +0100 > Jeroen Massar <[EMAIL PROTECTED]> wrote: > >> Simon Vallet wrote: >> [..] >>> Would I be missing something? >> The fact that generally people use NAMES and not IP addresses? >> >&

Re: ipv6/pf/relayd/totd

onnectivity he doesn't need a tunnel broker. I guess he confused a 'tunnel broker' with an entity that can convert IPv6->IPv4. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: ipv6/pf/relayd/totd

Matthew Dempsky wrote: > On Wed, Dec 17, 2008 at 12:43 AM, Jeroen Massar wrote: >> I guess there is a practical use here, that is, if your tools all >> understand IPv6, because then you only have an IPv6 "NAT" to IPv4 and >> you skip the IPv4 NAT to IPv4 in case yo

Re: ipv6/pf/relayd/totd

Stephan A. Rickauer wrote: > On Wed, 2008-12-17 at 11:11 +0100, Jeroen Massar wrote: >> You are trying to solve the wrong problem with the wrong hammer. > > "I need to go the bus station. Do you know the way?" > "If I were you, I wouldn't start from here.&qu

Re: ipv6/pf/relayd/totd

ss you want to use other protocols, but those are hard to "NAT" anyway. You could of course always set up a SOCKS proxy as those things also properly do IPv4->IPv6 IPv6->IPv4 IPv4->IPv4 IPv6->IPv6 etc etc etc. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: git0 tunnel with any remote endpoint

o-41 doesn't have support for dynamic endpoints (unless you manually script it, then again, heartbeat is not that far away from that in some cases ;) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: Hardware rec, 10 gigabit home firewall

gbit-internet-router-pc-build/ https://michael.stapelberg.ch/posts/2021-05-16-home-network-fiber-10-gbits-upgrade/ Yep, again Linux focussed, but OpenBSD should not be much too off on similar hardware. Greets, Jeroen

Re: OT: 10GbE Physical Network Taps

regardless of packet rate and size, at interface speeds up to 40Gbps. >8 And I know for a fact that IBM ISS has a DPI thing which can do 40Gbps++, that is including upto Level 7 analysis... it just depends on what kind of hardware one throws at it ;) Greets, Jeroen (long live IPSEC :) [dem

Re: OT: 10GbE Physical Network Taps

it > in the work he did for his thesis. If you are > interested it is available here, > https://ritdml.rit.edu/dspace/bitstream/1850/4769/1/JDonaldsonThesis05-2007.p df *print*, looks like a good read for the train coming up next ;) Greets, Jeroen [demime 1.01d removed an attachme

Re: Fping & smokeping 2.0 problem in obsd 4.5

t or it will not work > at (eval 29) line 1 chmod +s `which fping`? :) (that is, if fping is in your path, and if that is the right fping, also note that there is fping and fping6) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: httpdv6

an also turn it off using net.ipv6.bindv6only = 1 On *BSD you will have to code properly, using separate IPv4 + IPv6 sockets and thus listen for both. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: Real men don't attack straw men

c but then gets whining people on his neck complaining about licensing issues, as it is not their license and thus is not good enough. Blergh. Greets, Jeroen (who just sticks BSD licenses on 'code I give away' and everything else is nice and commercial and closed source: pay for it first) [de

Re: dhclient clobbers default route, even though configured not to

e as it was not requested. Btw watch out with scripts, if they fail to execute properly, dhclient will nicely loop and keep on requesting new addresses, most likely causing the pool on the server side to run empty (at least that happened to me that last time ;) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: 23C3 Chaos Communication Congress in Berlin, December 27 - 30, 2006, Berlin, Germany.

Wim Vandeputte wrote: > Hi, > > In the spirit of Xmas or should I say vapor of spirits, Those spirits are actually quite liquid ;) Enjoy your whiskey guys! Oh and of course the large number of great talks they are giving, they managed to get a great lineup again! Greets, Jeroen [dem

Re: VOIP NAT

T to get a public address and using that for everything. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: mysql + phpmyadmin

ou can telnet into it. Also note that Apache (you only mentioned httpd) might be in a chroot or running as a different user than what you expect it to be. and of course check firewall rules etc. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: Idea for additionnal funding

) and then do that project. That will catch their attention and will earn you cash... Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

OT: Getting a premade box or doing it yourself (was "OT:")

#x27; actually means that a company is really paying somebody to do the work and then open source it, it is really about the service isn't it?) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: OT: Getting a premade box or doing it yourself (was "OT:")

uite a bit better for those cases. Clearly quite a number of vendors can't care less about licensing as long as they can earn loads of cash... With BSD though one has to hope that the company using your cool tools returns something back or at least acknowledges what you did. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: PlayStation 3

owadays support it, most Windows boxes use it etc, thus most homes have it and it enables the opening of ports on the NAT box so that they get forwarded to the internal box that requests it See amongst others: http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&mes sage.id

Re: Virtualisation on OpenBSD?

With the help of OpenBSDbs Linux emulation, and a kernel module, it is possible to run VMWare on OpenBSD. ----->8 Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: Is Theo still hiking ????

then. Use DNS. Simple. 12.6 indeed, every John Joe does their own network. They also have a clear understanding of IPv4 netmasks, broadcast, network address, CIDR, etc etc I assume ;) 12.7 again read RFC3041 or just configure it statically or randomly whatever. There are a lot more ways to track

IPv6 allocations (Was: Is Theo still hiking ????)

Marc Espie wrote: > On Sun, Jan 28, 2007 at 03:17:14PM +0000, Jeroen Massar wrote: >> Also note that FT serves the whole country of France, you might not like >> them, but they also have a right to use the Internet ;) Most ISP's get >> only a /32 and there are millions

FUDv6 (Re: Is Theo still hiking ????)

Claudio Jeker wrote: > On Sun, Jan 28, 2007 at 03:17:14PM +0000, Jeroen Massar wrote: >> Brian Candler wrote: >>> On Sun, Jan 28, 2007 at 12:36:38AM -0800, Joe wrote: >>>> whats sad is how many people will never let go of NAT after they migrate >>>> to

New routing ideas for OpenBSD ;) (Was: Is Theo still hiking ????)

[changed subject to something more related ;) ] Brian Candler wrote: > On Sun, Jan 28, 2007 at 03:17:14PM +0000, Jeroen Massar wrote: >>> And if you need to change ISP, and >>> therefore get a new address allocation, many people would rather just put in >>> some N

Re: Is Theo still hiking ????

chained header. Some NetFlow implementations also do this, and thus will report "HOP BY HOP" as the protocol, while it actually is TCP or UDP in the end :) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: Exploit mitigation techniques and kernel code

as it is already amazingly secure as has been very well been demonstrated: kuddo's to all the developers who made that possible! Greets, Jeroen -- if (it.hascode()) it.hasabug(); [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: l2tp solution wanted

tpd http://sourceforge.net/projects/rp-l2tp which are also in the google results... Google is your boyfriend ;) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: Long WEP key

of variables. In case you have bash, just add a 'set -x' at the top, saves quite some hard labor :) Prolly also available for other shells, use the tool you like. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: bcw(4) is gone

re and share alike"). The GNU Ada > compiler is commerical software, which also happens to be released under > the GPL. That is simply dual-licensing, something different altogether ;) See above for a nasty trick there though. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

GPL is free for forcing people to free code, not free as in free to do what you want, which is actually what free as in BSD and real freedom is (Was: bcw(4) is gone)

[set the topic to make it nice and clear, this has nothing to do with bcw(4) for a long time now, actually the whole thread avoided it] Rui Miguel Silva Seabra wrote: > Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu: >> GPL is good though if you want to force people to give back

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

Rui Miguel Silva Seabra wrote: > [correct the subject] ;) > > Qua, 2007-04-11 C s 14:26 +0100, Jeroen Massar escreveu: >> [set the topic to make it nice and clear, this has nothing to do with >> bcw(4) for a long time now, actually the whole thread avoided it] >> >&

Re: pf block IP range

e writes this in CIDR style, thus for your example: block out quick on $external from any to 123.123.100.0/24 block out quick on $external from any to 123.123.200.0/24 A /23 would be 100 - 254, see 'sipcalc' or other such tools for calculations. Also see Wikipedia's CIDR entry for mor

Re: Building a Centralized Authentication Server

we don't have to run through the crazy password change scramble. And then the evil user simply drops a backdoor binary on one of the machines. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: dns caching server (not bind)

7; (dig +trace is very useful) > I don't have enough > installations to test this hypothesis. Other than troubleshooting > help, what are other people using for dns caching? Well, pdns_recursor or bind one of the two actually. If I where you I would first diagnose your network a bit more and s

Re: Quad ethernet card

y? what cards have good > performance? 4 NE2000's will do fine in any machine. Kidding ;) What link speeds do you want to handle with the setup, and more importantly, what is the expected traffic mix? Are you going to expect a high pps rate, do you require low latency? Also, what is your budget?

Re: Only one core of an amd X2 4600 is in use

r box? -> check your BIOS that it is on. > cpu0 at mainbus0: (uniprocessor) It only sees one CPU, most likely due to missing ACPI. [..] > WARNING: NVRAM century is 32 but RTC year is 2007 Clearly something is wrong with the config of the BIOS. try resetting it or turning some knobs.

Re: Zurich OpenBSD

t probably it was me. Or it could have been Paul de Weerd who also runs around those areas. If the person was quite tall and looked like: http://www.weirdnet.nl/images/paul.jpg then it was him. It wasn't me as I am not on the continent, back there in October though. Greets, Jeroen [demime 1.

Re: nat ipv6 -> ipv4 using pf

her of going where you think you are going. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: nat ipv6 -> ipv4 using pf

Lars NoodC)n wrote: > Jeroen Massar wrote: >> Stop exactly there. >> Upgrade to either Apache 2.x or patch your Apache 1.3 with IPv6 patches. > > Is there a conveniently chrooted version (port or package) of > Apache2.x? Or is chrooting the new version entirely up

Re: nat ipv6 -> ipv4 using pf

Christian Weisgerber wrote: > Jeroen Massar <[EMAIL PROTECTED]> wrote: > >> And as mentioned, you can always apply the 1.3 patches if you don't like >> going that route. (I still actually don't understand why those patches >> are not integrated yet in the

Re: That whole "Linux stealing our code" thing

ody use it and then let people pay for what they've done in returns for "support costs" these people use GPL viral licenses. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: That whole "Linux stealing our code" thing

eir freedom, which is not the intent of the original copyright holder and also something you fortunately can't be doing. If you don't like the licensing, then don't use the code at all, don't even look at it. Greets, Jeroen [demime 1.01d removed an attachment of type applica

Re: That whole "Linux stealing our code" thing

he other one: > On Sun, Sep 02, 2007 at 10:32:05AM +0100, Jeroen Massar wrote: >> Because of the choice between licenses you can either choose to adhere >> to the GPL (thus forcing you to open up your changes) >^^^ > > Tha

Re: Ultraportable Laptop

thread from last week orso, but it should not be too long for those items to be resolved. Enjoy! Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: The Atheros story in much fewer words

ntain freedom for all users. If one user > looses freedom, the spirit is broken. So YOU stick with the spirit, OK? And by removing the BSD license you are thus removing freedom. Did you notice that? That is what has been repeated to you already a number of times. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: The Atheros story in much fewer words

;t you just love the Bern convention :) Though any courtcase where it is not specified might easily be stapled as 'the copyright was not there so we can't know who owns it'. Thus wherever possible always tag ones files with a (c) this is also handy for determining prior art etc. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: The Atheros story in much fewer words

things clear. Please stop. > > You seem uneducated about how powerless someone is without the freedom to > change a program because he has no access to the source code. That is only because you are uneducated in the art of assembly and more importantly there in the art of disassembly. That you ar

Re: ipv6 in openbsd 3.9

net/tools/aiccu/brokers/ for a large list of them which should encompass all. Unfortunately there have not been any offers from that area yet to get one up and running. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: IPv6 kindergarten

Do NOT CC me - I am subscribed to the list. > Replies to the sender address will fail except from the list-server. If you want that set the Reply-To header to whatever you want, that is why it exists. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: IPv6 kindergarten

Teredo allocation. > Quote RFC 2373, page 12: > -- >Site-Local addresses have the following format: Site-locals are deprecated. See the above IANA URL. As for getting real/internet-usable address space, see http://en.wikipedia.org/wiki/Tunnel_Broker Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: BSD kernel going to be included in University

ven Windows. There is another excellent OS book(*), but I am a Dinosaur-Junky thus only recommend this one ;) Greets, Jeroen -- * = Operating Systems Design and Implementation by Andrew Tanenbaum et al. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: IPv6 routing

db8:f33d:: -prefixlen 48 2001:db8:f00d::3 BTW: Don't forget to route the prefix to lo at the last hop so that any unassigned subnets don't cause the packet to be bounced back up to the default route. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: ipv6.undeadly.org

Sevan / Venture37 wrote: > ipv6.undeadly.org doesn't resolve, is the site not offered via IPv6 anymore?? www.undeadly.org2001:4978:129::1 216.194.67.89 Works like a charm. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-s

Re: Intel Xeon 64 Bit

bsd.org/amd64.html Which is named so just like Debian, because amd64 was first and then Intel made EMT64. Some distro's renamed their amd64 branch to x86_64 for this reason because that is a better name for the instruction set. Note that AMD64/EMT64 is not equal to IA-64 which is Itanium. Gr

Re: Letter to OLPC

can take a look at the code and that you have a possibility to enhance and maybe contribute to it, but for businesses that is useless. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: OpenBSD hoodies

Damian Wiest wrote: [..] > I'm hoping I won't get scolded for mentioning this: http://bsd.ee/~olev/ If you spend 770+ hours on that, I don't think anybody will even try to make an argument with you ;) Looks really cool! Greets, Jeroen [demime 1.01d removed an attachment of ty