Re: why icmp timestamping is enabled by default ?
> >> actually, I'm not going to block icmp at all, I was curious why > >> net.inet.icmp.tstamprepl=1 by default. > > > > So you can run timed, of course. > > timed was removed from OpenBSD recently > > > As others have said, the time is not a secret. > > it is famous "your mother if fat" openbsd community style. I was not > asking whether it is secret or not. I was curious about common use > scenarios, where icmp timestamping is involved. In your first mail, you simply asked why OpenBSD made that policy decision. In answer, a bunch of people (many developers) supplied clear answers. Without insulting you. All the answers politely articulated the reasons behind the decision. We were not talking about your mother; you brought that up yourself. You, sir, are the one bringing unrelated junk discussion to the table to pick a fight. And in doing so, you are attacking those people. Being too clear in answers and explanations for the policy decision is now an insult? I see no insults in any of the replies. Insult is only implied in your mails.
Re: dump(8) and permissions
On 2013-10-12 Sat 11:47 AM |, Rodolfo Gouveia wrote: > > When /var is a real partition, there is a device node that corresponds to it > and the > group operator has read permissions on it. > Where possible, unmount partitions before dumping & dump the RAW character device: $ ls -l /dev/sd5f brw-r- 1 root operator4, 85 Aug 29 16:41 /dev/sd5f $ ls -l /dev/rsd5f crw-r- 1 root operator 13, 85 Aug 29 16:41 /dev/rsd5f Note that operator's home is /operator (not /home/operator) so /home can be unmounted for dumping. 19.12.7 Which Backup Program Is Best? dump(8) Period. Elizabeth D. Zwicky torture tested all the backup programs discussed here. The clear choice for preserving all your data and all the peculiarities of UNIX file systems is dump. Elizabeth created file systems containing a large variety of unusual conditions (and some not so unusual ones) and tested each program by doing a backup and restore of those file systems. The peculiarities included: files with holes, files with holes and a block of nulls, files with funny characters in their names, unreadable and unwritable files, devices, files that change size during the backup, files that are created/deleted during the backup and more. She presented the results at LISA V in Oct. 1991. 5.0 Conclusions (Zwicky): These results are in most cases stunningly appalling. dump comes out ahead, which is no great surprise. Tools tested were: tar, gnutar, bar, cpio, pax, afio, fbackup, and bru. Almost all backup utilities are based on these tools underneath. Others use rsync, which is also not as reliable as dump as like the other tools, it does not work with the raw binary data of an (unmounted) disk. References: http://www.freebsd.org/doc/en/books/handbook/backup-basics.html http://www.coredumps.de/doc/dump/zwicky/testdump.doc.html Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: OpenBSD site SSL
On Fri, Oct 11, 2013 at 10:42:33PM -0400, John Darrah wrote: > SSL certificates are free from Startcom and cheap from other vendors. > It would be really nice to have, even if it's not the default. The problem (one of them, anyway) is that TLS can improve network traffic security, but at the expense of server security. Depending on the situation, a person can actually have more security by not running OpenSSL code. That's a huge problem, but it's not related to OpenBSD. Relevant PSA: OpenSSL and OpenBSD are totally unrelated projects. Different people, different objectives, different formations. Their only connection is that the English word "open" is in both names. Nicolai
Re: OpenBSD site SSL
On 2013-10-11 Fri 22:42 PM |, John Darrah wrote: > Hi. Would it be possible to get SSL on the OpenBSD website(s)? Please don't. That would slow it down & eliminate cachability - increasing network load & costs. There's no personal data & no point. Anyway, THIS email is being sent in clear text from Scotland to Canada. It will also be archived and published on several public websites. Regards, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: why icmp timestamping is enabled by default ?
2013/10/11 Christian Weisgerber : > wrote: > >> actually, I'm not going to block icmp at all, I was curious why >> net.inet.icmp.tstamprepl=1 by default. > > So you can run timed, of course. timed was removed from OpenBSD recently > As others have said, the time is not a secret. it is famous "your mother if fat" openbsd community style. I was not asking whether it is secret or not. I was curious about common use scenarios, where icmp timestamping is involved. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de
Re: Looking for good, small, canadian version laptop suggestions
On 10/12/2013 11:27 AM, James Griffin wrote: / Adam Thompson wrote on Fri 11.Oct'13 at 11:10:46 -0500 / Hi guys, I am looking for some suggestions for a good, small quite laptop. I was looking at futureshop.ca and bestbuy.ca. I currently have an HP dv3 For OpenBSD, I would never buy something at FutureShop or BestBuy; those are all consumer-oriented "Designed For Windows 8" laptops. I either buy Lenovo ThinkPads from an authorized reseller (e.g. the x201t sitting in front of me, and many of the OpenBSD developers use various models of Thinkpad), or I buy off-lease (trailing-edge) Dell Latitude/Precision laptops directly from Dell - see www.dfsdirect.ca for their off-lease selection. The Latitude E4000 series are all quite small and light, are readily available, and AFAIK are fully supported. Right now I'm running 5.3-RELEASE on a Latitude D630 with no issues at all, and IIRC the E4500 should be fully supported as well. Many people cringe at the thought of a used laptop, but note that DFS will offer a 1-year warranty, which is exactly what you get buying consumer-grade laptops from a retail big-box store anyway. My favourite part of the Latitude E series (and most Precision models, too) is that if you get the optional docking base, you can then run dual-DVI off the laptop! -- -Adam Thompson athom...@athompso.net I agree, all my OpenBSD and UNIX machine are bought as refurbished machines. I have found they have much better support in terms of drivers/hardware and they cost a fraction of the price in some cases. Interesting. I always feel that I am getting ripped off when buying something refurbished but then again I find my stuff which I bought many years ago still works and is easier to install stuff on (things I care about anyway) and now when looking around I find the new stuff has some major improvements which might come in handy (graphics, CPU, faster RAM) if I settle for the off the shelf stuff (Win* or OS X) but since I don't I have to poke around more to find what I like. I guess I should look as well on refurbished stuff and they come with a warranty, isn't it usually shorter? Replacing a hard drive and adding some more ram plus the right OS may make it into a livable solution. At the end one uses the software. My old Sony is kind of like that lots of things will never work, read webcam, but overall it has proven to be a well made laptop. I also got a more recent Dell, XPS I think, for my significant other and that one is also quite good it has sustained mass impact from some kid handling and is still running. Thanks for offering your experience.
Re: dump(8) and permissions
On Fri, Oct 11, 2013 at 05:48:24PM -0400, Jiri B wrote: > So is it related to permissions on partition device? If so wow, > I didn't know how it works... When /var is a real partition, there is a device node that corresponds to it and the group operator has read permissions on it. cheers, --rodolfo
Re: Looking for good, small, canadian version laptop suggestions
/ Adam Thompson wrote on Fri 11.Oct'13 at 11:10:46 -0500 / > >>>Hi guys, > >>> > >>>I am looking for some suggestions for a good, small quite laptop. I was > >>>looking at futureshop.ca and bestbuy.ca. I currently have an HP dv3 > > For OpenBSD, I would never buy something at FutureShop or BestBuy; > those are all consumer-oriented "Designed For Windows 8" laptops. > > I either buy Lenovo ThinkPads from an authorized reseller (e.g. the > x201t sitting in front of me, and many of the OpenBSD developers use > various models of Thinkpad), or I buy off-lease (trailing-edge) Dell > Latitude/Precision laptops directly from Dell - see www.dfsdirect.ca > for their off-lease selection. > > The Latitude E4000 series are all quite small and light, are readily > available, and AFAIK are fully supported. Right now I'm running > 5.3-RELEASE on a Latitude D630 with no issues at all, and IIRC the > E4500 should be fully supported as well. > > Many people cringe at the thought of a used laptop, but note that > DFS will offer a 1-year warranty, which is exactly what you get > buying consumer-grade laptops from a retail big-box store anyway. My > favourite part of the Latitude E series (and most Precision models, > too) is that if you get the optional docking base, you can then run > dual-DVI off the laptop! > > -- > -Adam Thompson > athom...@athompso.net > I agree, all my OpenBSD and UNIX machine are bought as refurbished machines. I have found they have much better support in terms of drivers/hardware and they cost a fraction of the price in some cases.
Re: OpenBSD site SSL
On Sat, Oct 12, 2013 at 4:42 AM, John Darrah wrote: > Hi. Would it be possible to get SSL on the OpenBSD website(s)? > It would be just a couple lines to change in nginx.conf/httpd.conf. > SSL certificates are free from Startcom and cheap from other vendors. > It would be really nice to have, even if it's not the default. I feel naked > viewing the site over plain http. Thanks. > > C'mon there's better stuff to think of on Saturday morning! Go shopping, love your woman!
Re: OpenBSD site SSL
On 2013/10/11 22:42, John Darrah wrote: > Hi. Would it be possible to get SSL on the OpenBSD website(s)? > It would be just a couple lines to change in nginx.conf/httpd.conf. > SSL certificates are free from Startcom and cheap from other vendors. > It would be really nice to have, even if it's not the default. > I feel naked viewing the site over plain http. Thanks. We can see you naked. Bwahahahahah ! Come on, seriously ?
Re: OpenBSD site SSL
On 2013/10/11 22:42, John Darrah wrote: > Hi. Would it be possible to get SSL on the OpenBSD website(s)? > It would be just a couple lines to change in nginx.conf/httpd.conf. > SSL certificates are free from Startcom and cheap from other vendors. > It would be really nice to have, even if it's not the default. If doing this at all, running it from a private CA would imho make a lot more sense than agreeing to the contractual requirements of a commercial CA. > I feel naked viewing the site over plain http. Thanks. really?
Re: Best OpenBSD cloud hosting?
On Thu, Oct 10, 2013 at 12:55 AM, wrote: > On 10. oktober 2013 at 7:15 AM, "InterNetX - Robert Garrett" > wrote: >> >>I just want to know what a cloud is. > > Not really satisfied with the definition at > http://en.wikipedia.org/wiki/Cloud_computing, here's my own attempt at one: > > A cloud is a bunch of machines connected into a distributed network, acting > like a single virtual machine but with unlimited speed, memory and bandwidth, > with the possibility of downtime completely eliminated, and where one only > has to pay for the speed, memory and bandwidth one uses. > > Please correct me if I'm wrong. Virtue: knowing when to put the pitcher of kool-aid down. How many times have I heard the brazen promises of cloud, only to see it not deliver. There's been a few delivers, but it's just technology and is therefore capable of not living up to marketing hype and to being implemented poorly by adopters. I see lots of both. Trends and hype haven't really been as strong in OpenBSD as other OSes, so for cloud I'd probably not be looking at OpenBSD. DS