Hi all,
I appeal to you to see if you can give me some advice. I need to
secure communications between my front-end and back-end servers.
First, my infrastructure:
Internet --- Public OpenBSD Carp'ed fws --- FreeBSD front-end web
servers (https) --- Internal OpenBSD Carp'ed fws --- CentOS
Gesendet: Donnerstag, 02. Oktober 2014 um 17:58 Uhr
Von: Ville Valkonen weezeld...@gmail.com
An: Stefan Wollny stefan.wol...@web.de
Cc: misc@openbsd.org
Betreff: Re: xombrero crashes with 'Bus error'
Hello Stefan,
just shooting in the dark, do you have a dbus daemon running?
Regards,
Ville
Hi
I'd like to use the same pkg_add command across multiple OpenBSD versions
however installing ruby brings up an interactive choice between 1.8, 1.9, 2.0,
2.1.
I've tried the fuzzy match -z ruby-1.9 however it doesn't appear to match
version.
This works, but it's not desirable if it can be done
Gesendet: Donnerstag, 02. Oktober 2014 um 18:17 Uhr
Von: Stuart Henderson s...@spacehopper.org
An: misc@openbsd.org
Betreff: Re: cvs checkout: Corrupt MAC on input
On 2014-10-02, Stefan Wollny stefan.wol...@web.de wrote:
Hi there!
This morning I have had to reinstall my squid-server running
On Mon, Oct 6, 2014 at 2:00 AM, C. L. Martinez carlopm...@gmail.com wrote:
Is my approach correct? Any other better solution? Is it stupid this
approach?
You did not really state what your goal was. Or what the problem is.
Securing communications between front and back end via SSH/SSL is
On Mon, Oct 6, 2014 at 2:27 PM, Alan McKay alan.mc...@gmail.com wrote:
On Mon, Oct 6, 2014 at 2:00 AM, C. L. Martinez carlopm...@gmail.com wrote:
Is my approach correct? Any other better solution? Is it stupid this
approach?
You did not really state what your goal was. Or what the problem
On Wed, 1 Oct 2014, Otto Moerbeek wrote:
On Tue, Sep 30, 2014 at 07:31:20PM +0200, Otto Moerbeek wrote:
On Tue, Sep 30, 2014 at 11:20:23AM -0500, Boris Goldberg wrote:
Hello Otto,
Wednesday, September 24, 2014, 2:36:58 PM, you wrote:
OM Try to come up with a reproducable
Yeah. Have something similar in my tree. If -Wall is happy, so am I.
Does it explain 5.4 problems though.
I did not manage to reproduce those so far.
-Otto
Op 6 okt. 2014 om 17:38 heeft Philip Guenther guent...@gmail.com het
volgende geschreven:
On Wed, 1 Oct 2014, Otto Moerbeek wrote:
Except it doesn't, server side code is more universal.
I strongly disagree.
In server side there is vast amount of different software stacks build
top of C library and they are incompatible. Running PHP code top of
Java stack just doesn't work.
In client side, there has ongoing for several
On Mon, 6 Oct 2014, Matti Karnaattu wrote:
Disabling Javascript is like disabling ability to run modern application
software. It is same if I just turn off computer. It is then secured.
Sorry, that is totally bogus! The **FIRST** thing one should do when
sitting down at a new browser is
Yes, my goal is to secure the
infrastructure as much as possible.
I don't know details but it sounds overly complex. And complexity
may cause other issues, without any benefit for security.
Example, you don't have to encrypt your whole hard disk if the hard
disk is located in guarded bunker. But
On 06-10-2014 14:20, Matti Karnaattu wrote:
I strongly disagree.
In server side there is vast amount of different software stacks build
top of C library and they are incompatible. Running PHP code top of
Java stack just doesn't work.
But none of them *require* javascript to function.
In
however it *is* realistic and reasonable to *limit*
the cross-site JS code that is only there for the use of other third
parties.
I agree. I filter too crap away. Javascript itself is not problem.
Very true, filling your subterranean data server with angry hornets
certainly seems like a good idea but it's really not, most AC
maintenance contractors will charge you extra (usually per sting!).
Chester T. Field
And remember when I left all the meat out because I saw Mr. David Lynch “I’m on
On 06-10-2014 16:36, Matti Karnaattu wrote:
I don't know details but it sounds overly complex. And complexity
may cause other issues, without any benefit for security.
Example, you don't have to encrypt your whole hard disk if the hard
disk is located in guarded bunker. But if you do that, it
On Mon, Oct 6, 2014 at 4:17 PM, Giancarlo Razzolini
grazzol...@gmail.com wrote:
Traffic in the clear, even on a switch controlled by you, doesn't mean
that anyone with physical access couldn't tap into your switch and see
the traffic.
Which is why you need to lock down the switch as well.
But none of them require javascript to function.
Node.js
What is not a good thing is to have just one standard. That's never
good.
And this is current status. Apple, Canonical, Google and Microsoft
pushing their own competing front end ecosystems. And there is still
HTML/JS which is portable.
Hi,
Dumb question: I'm running 'sudo ntpd -s' as part of a remote command to an
OpenBSD guest[*]; unless I add a 'pkill sshd' to the end of the remote
command, e.g.
ssh guesthost 'sudo pkill -9 ntpd sudo ntpd -s date pkill sshd'
the ssh connection won't disconnect. Why is this ('sudo ntpd
Hi Ville,
What I read on the Internet so far about states [1]: The memory counter
shows how often pf tries to insert a state but failed. The reason could be
a hard limit of state entries.
I watched at the memory counter this afternoon and it doesn't increased,
still at 8764.
pfctl -s
The most basic consideration in computer security has nothing to
do with technology and computers. Do the people you need to keep
out of the know need to know enough to come and break legs?
If so, don't bother encrypting. They may not just break legs.
Dhu
On Mon, 06 Oct 2014 13:48:33 -0600
I have a pf configuration which corectly fowards external conections to
port 5432 on a machine on the inside. Iam trying to set up a machine on the
outside to use ssh port fowarding to send ackets to port 5432 on the
machine runing pf (firewall). Here is my ssh command line:
ssh -v -v -v -g -f -L
On 06-10-2014 17:48, Matti Karnaattu wrote:
Node.js
I've used it, and there is too much hype about it. It has it's uses, but
can be replaced with other non javascript technologies, at least from
the server side.
And this is current status. Apple, Canonical, Google and Microsoft
pushing their
On 06-10-2014 18:09, Tor Houghton wrote:
Hi,
Dumb question: I'm running 'sudo ntpd -s' as part of a remote command to an
OpenBSD guest[*]; unless I add a 'pkill sshd' to the end of the remote
command, e.g.
ssh guesthost 'sudo pkill -9 ntpd sudo ntpd -s date pkill sshd'
the ssh
BTW here is the error mesage from auth.log
authlog:Oct 6 13:40:45 phfw1 sshd[13604]: error: connect to phfw1 port
5432 failed: Connection refused
On Mon, Oct 06, 2014 at 07:59:10PM -0400, stan wrote:
I have a pf configuration which corectly fowards external conections to
port 5432 on a
On 06-10-2014 20:59, stan wrote:
I have a pf configuration which corectly fowards external conections to
port 5432 on a machine on the inside. Iam trying to set up a machine on the
outside to use ssh port fowarding to send ackets to port 5432 on the
machine runing pf (firewall). Here is my ssh
On Mon, Oct 6, 2014 at 2:09 PM, Tor Houghton t...@bogus.net wrote:
Hi,
Dumb question: I'm running 'sudo ntpd -s' as part of a remote command to an
OpenBSD guest[*]; unless I add a 'pkill sshd' to the end of the remote
command, e.g.
ssh guesthost 'sudo pkill -9 ntpd sudo ntpd -s date
Great conversation...
Somehow you guys spend all your time whining about complicated deep
technologies like Java / Javascript -- condemning them for their nasty
complexity -- but at the same time using the conversation to hurt people
trying to build something simpler.
Who do you work for?
You mean, there is _legislation_ on how to write software?
Some industries, yes. But this is not related to JS.
Practically whole IT-industry supports JS. If you like to do portable
application programming, you have to write JS or compile your
code to JS if you want to get that working
I think Matti is a goverment plant, or quite high in industry.
Please people, ignore him.
I think Matti is a goverment plant, or quite high in industry.
Please people, ignore him.
Let me explain Matti to you:
1. first I break your chmod.
2. Oh you won't fall for that. bummer
3. next I convince you that JS is good.
4. While there, convince everyone Theo is the reason JS is
On 06-10-2014 22:09, Theo de Raadt wrote:
He got a fake finnish name, but I bet he lives in the US or UK!
From the e-mail headers, US. Don't worry Theo, I won't be feeding the
troll any further. Just don't like stupid people spreading
misinformation. Others might believe it.
[demime 1.01d
On 06/10/14 9:01 PM, Matti Karnaattu wrote:
Browsers are getting slower all the time.
Bullshit. Try this: http://peacekeeper.futuremark.com
Actually it isn't bullshit. It is the truth. You just fail to understand
what he means.
Newer browsers run software faster. Ancient browsers may even
On 06-10-2014 22:09, Theo de Raadt wrote:
He got a fake finnish name, but I bet he lives in the US or UK!
From the e-mail headers, US. Don't worry Theo, I won't be feeding the
troll any further. Just don't like stupid people spreading
misinformation. Others might believe it.
And you are UK
If any of these end up being better than JS,
I don't see any reason not to use them.
I think everyone of these are better if you don't care about portability.
I prefer to use a desktop application for those instead
of running them from my browser. Just saying.
There isn't much new desktop
On 06-10-2014 22:23, Theo de Raadt wrote:
And you are UK or US as well. Nice Italian name, but you are likely
part of the same parcel. Thanks for replying so fast!
Hahahahha. Brazilian Theo. Italian descendent. You can check my headers
and you'll see. Don't be so paranoid. And I'm not feeding
On 06-10-2014 22:23, Theo de Raadt wrote:
And you are UK or US as well. Nice Italian name, but you are likely
part of the same parcel. Thanks for replying so fast!
Hahahahha. Brazilian Theo. Italian descendent. You can check my headers
and you'll see. Don't be so paranoid. And I'm not
On 06-10-2014 22:23, Theo de Raadt wrote:
And you are UK or US as well. Nice Italian name, but you are likely
part of the same parcel. Thanks for replying so fast!
Hahahahha. Brazilian Theo. Italian descendent. You can check my headers=20
and you'll see. Don't be so paranoid. And I'm not
On 06-10-2014 22:31, Theo de Raadt wrote:
You are the troll; he is the plant.
All right. Will end the discussion now. Just rest assured I'm not
working it any goverment agency, IT big enterprise and do not have any
hidden agenda.
Bye
[demime 1.01d removed an attachment of type
Hi,
I know a few months back the information for the retirement of Austin
was sent and as such many things are not available anymore.
But sometime money do not always come at the right time and life get you
busy making old habit on hold for a while.
So, I wonder if it is possible somehow or
On 06-10-2014 22:37, Theo de Raadt wrote:
I love this conversation.
Hey don't trust OpenBSD, because the new (outsourced) store uses
Javascript.
Never, in any moment in the thread I said that the store shouldn't be
trusted.
But trust Matti and Giancarlo's email headers.
While we are at it, why
Actually 4.8 to 5.4 included are missing.
Just getting to old and tired to think straight.
My Son got me the 5.5, good boy! (: He learn well...
Anyway still the same question.
On 10/6/14 9:39 PM, Daniel Ouellet wrote:
Hi,
I know a few months back the information for the retirement of
but at the same time using the conversation to hurt people trying to
build something simpler.
It is not meant to hurt anyone.
Optimal complexity is when there is nothing you like to add and nothing
you like to remove.
It is just that sometimes happens event called disruptive innovation.
When
but at the same time using the conversation to hurt people trying to
build something simpler.
It is not meant to hurt anyone.
I didn't mean to kill that guy when I was doing 250km
It is just that sometimes happens event called disruptive innovation.
You tried to break chmod. Please
next I convince you that JS is good.
I said that it crappy, but it happens that crap gets adopted standard.
It just happens, it has happened before and when the shit works and
solve compatibility issues by having adopted standard, it is useful.
What can I do for that?!
It is problem in
Matti Karnaattu wrote
snip
How I can have you to be more relaxed? With beer?
Just what I need. Life support on drunk programs writ by drunk programmers.
Please. You are a threat to my continued existence.
On 04-10-2014 11:06, Peter N. M. Hansteen wrote:
The parentheses denote potentially dynamic addresses, and IIRC the
main difference is that with parentheses the list will be expanded
IIRC at rule evaluation time, while without the parentheses, the list
of addresses is expanded at ruleset load
On Mon, Oct 06, 2014 at 09:51:03PM -0400, Daniel Ouellet wrote:
Actually 4.8 to 5.4 included are missing.
Trace your steps back to the announcement:
http://undeadly.org/cgi?action=articlesid=20140805141742
which links to the old ordering system. I hope you're able to complete
your collection.
You are on the wrong list.
Ok. I will unscribe myself for.. eternity. Because
I obviously have hurt feelings. Especially yours, Theo.
I did not intentionally do that. And I have _never_ bashed
you. And I actually never got what makes you so upset.
I'm enthusiast to tech without religion.
On Mon, Oct 06, 2014 at 05:34:34PM -0700, Philip Guenther wrote:
By itself, one of the ntpd daemons will keep open the stdin/out/err it
was started with, which in this case will be the pipe or tty created
by of the ssh server.
Aha. Thank you very much for the explanation.
The easiest
49 matches
Mail list logo