Re: Security sssues with Ubuntu bind9 11.9.3 ?

[Noel Butler]

ISC can not control what ubuntu provides, you are best taking this up
with ubuntu on their mailing lists. 

On 24/02/2020 02:28, Brett Delmage wrote:

> But 1:9.11.3+dfsg-1ubuntu1.1 is the version that Ubuntu 18.04 LTS supports, 
> and will continue to for 2 more years.
> 
> Clearly, it is earlier than 9.11.4
> 
> Has Ubuntu properly patched it for relevant security updates? Is it safe to 
> run? Of course it will be missing the latest features and software defects 
> (which I am exploring on a test server sing a version I compiled myself).

-- 
Kind Regards, 

Noel Butler 

This Email, including attachments, may contain legally 
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate any part of
this message without the authors express written authority to do so. If
you are not the intended recipient, please notify the sender then delete
all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: General Discussion about GPLness

[Stephan von Krawczynski]

Hm, really it is quite hard to stay calm reading your constant insults on
people that have quite sure done a lot more for free software than you have.
I do understand why you cannot enter a discussion with your real name, as most
of your input is of zero quality - and below.
Unfortunately you did not even try to understand what the true issue is all
about. It is one story to modify running code that probably was never ment to
be patched that way (which would involve re-engineering it). But our story is
about kernel modules, something everybody is free to write and publish, with a
defined and open interface for interaction. No kernel code is modified in that
sense. But you fail to understand that.
Hopefully others here do. I do not expect them to stand up and jump into a
discussion where you are a part of. But I hope people start to think about it
and realise - like I did - that this train is on the wrong track.
After all I do believe that constructive interaction of software is still
better than destructive building of hurdles and walls.
Because in the end people are only suffering from this approach and nothing is
protected.
--
Regards,
Stephan





On Sun, 23 Feb 2020 16:24:28 +
whywontyou...@waifu.club wrote:

> I gave you an example of a court immediately finding that modifying a 
> running program is not allowed without permission. Creators of Non-gpl'd 
> programs don't have permission to interact with a GPL'd work by 
> modifying or extending it. If the principal stands for RealPlayer, it 
> stands for Linux.
> 
> The GPL is a copyright license; law is the domain this is in.
> 
> In the domain of programming: you can do whatever you want. No technical 
> measure is stopping you.
> 
> In the domain of what is "right and wrong" but excluding law, since you 
> mentioned it and thus opened the door. Well... YHWH allows men to have 
> female children as brides:
>  The Torah explicitly allows men to marry female children, including 
>  in cases of the rape (tahphas) of the girl child: Devarim chapter 
>  22, verse 28. Key words: Na'ar (child (hebrew masoretic text)), 
>  Padia (child: padia+philos = paedophillia (greek septuagint)) Puella 
>  (young girl (latin vulgate))
>  Nachmanides points out that a child may be called na'ar from the 
>  moment he is born.  
> White idiots (such as the Linux programmers like Linus Trovalds) do not: 
> White idiots worship white women. This is a problem for Free Software 
> because White idiots (like Linus Trovalds) will do /anything/ to make 
> money for "Muh whoite wuhman". That includes cowering in the face of 
> being "blackballed" from the industry if they DARE enforce their 
> copyrights.
> 
> In the domain of willpower: the linux copyright holders, atleast the 
> programmers who are copyright holders, are NOT going to sue you for 
> violating the copyright license permissions. They are pieces of shit who 
> don't believe in "Copyleft". They believe in the BSD license, and have 
> effectivly made Linux a BSD-type work since they never enforce the GPL.
> 
> OpenSourceSecurity (GRSecurity) is blatantly violating section 4 and 
> section 6 of the linux copyright license and the Linux copyright-owning 
> programmers would rather punish anyone who brings it up than sue the 
> violators.
> 
> They are weak feckless people: more concerned about making money for 
> "Muh wuhman" than anything else. Pay them no mind. They are scumbag 
> idiots who won't know what they had until it's gone (it is).
> 
> I think that covers all the topics, right?
> 
> So, by law may you do what you suggested: No: it is a copyright 
> violation in the US.
> Is anyTHING going to stop you: no.
> Is anyONE going to try to punish you for it: no.
> 
> Remember: linux copyright holders are either stupid white nerds (if they 
> were smart they would have listened to their parents and become doctors 
> and lawyers, and have tech as a fun hobby. Instead they are wageslaving 
> for "MUUH WHOITE WUUHHMAN": same as any white idiot worker)
> OR corporations who like the BSD license better.
> 
> You don't really have much to worry about. Because linux programmers are 
> what they are. Sheep that thought themselves lions after RMS' win vs 
> Cisco (that put the fear of the violating the copyright license (GPL in 
> that case) for awhile).
> 
> On 2020-02-23 14:39, Stephan von Krawczynski wrote:
> > Hello again,
> > 
> > at least you are beginning to sound a bit more like being able to 
> > discuss
> > something ;-)
> > The thing about a lawyer (I learned you are) is that they judge the 
> > world
> > according to lawsuits. You can learn from the history of my home 
> > country that
> > laws and courts are no measure for moral and right behaviour.
> > So my whole purpose of the thread is not to find out how the laws in 
> > the US
> > are judging something. It is all about how _we_ (we meaning all the 
> > people
> > contributing) are judging the issue. Do we really think that 

Re: Advice on balancing web traffic using geoip ACls

[Scott A. Wozny]

My apologies.  I now realize how important that "extended support" P2 is after 
the version number which I should have specified in my original email.  I 
assume that since OpenVAS credentialed scanning doesn't complain about it that 
the really important patches have been backported to it which is why RHEL / 
CentOS offer it in their package stores.  When I upgrade OS in the environment 
I'm sure my BIND version will advance with it.

Thanks,

Scott



From: bind-users  on behalf of Victoria Risk 

Sent: February 23, 2020 2:35 PM
To: @lbutlr 
Cc: bind-users 
Subject: Re: Advice on balancing web traffic using geoip ACls


On Feb 23, 2020, at 6:57 AM, @lbutlr 
mailto:krem...@kreme.com>> wrote:

On 22 Feb 2020, at 18:25, Scott A. Wozny 
mailto:sawo...@hotmail.com>> wrote:
I’m setting up hot-hot webserver clusters hosted on the west and east coasts of 
the US and would like to use Bind 9.11.4

I’d consider changing that version. While Bind 9.11 *is* still supported, it is 
EOL at the end of this year. If you really really want to run 9.11, at least 
run the latest patch level (9.11.6 should be coming really soon).

We will continue with security patches for 9.11 through the end of 2021, so 
9.11 is not a bad choice for someone who doesn’t want to migrate for a long 
time.


9.14.10 is the current stable release and 9.11.15 is the current extended 
support release. Unless you know something is broken in 9.14.10 (unlikely) that 
would be the version to look at.

9.14 has just been replaced by 9.16, released just this past week. We will 
continue offering security releases for 9.14 for a 3-month period to support 
migration to 9.16. Someone doing a migration today should look at 9.16 rather 
than 9.14.


You absolutely should not be running a bind version several years old, as 
9.11.4 is.

agreed


Victoria Risk
Product Manager
Internet Systems Consortium
vi...@isc.org





___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[Scott A. Wozny]

Thanks for your reply.  I'm starting to really examine my motivations behind 
traffic splitting by geography.  While I definitely want to run traffic to all 
web servers at all times (outside maintenance time and down time) the user 
performance delta of geographical load balancing may not be worth the hassle 
and, more importantly, with large central caches being so popular, may not 
ACTUALLY be routing users to their closest data center, anyway.

CDN and anycast are intriguing options in the trade-off of cost for development 
effort.  Not sure if they're going to work for my situation, but I appreciate 
the suggestion.

Thanks,

Scott



From: bind-users  on behalf of Timothe Litt 

Sent: February 23, 2020 10:44 AM
To: bind-users@lists.isc.org 
Subject: Re: Advice on balancing web traffic using geoip ACls


"Splitting traffic evenly" may not be in the interest of your clients - suppose 
their locations are skewed?


In any case, this seems like a lot of work - including committing to ongoing 
maintenance - for not much gain.


Consider setting up an anycast address - let the network do the work.  This 
will route to the server closest to the client.  You can do this with two DNS 
servers - pair each with a webserver, have the zone file select the 
corresponding webserver.  And/Or the webservers - works well for static 
content; there's a distributed DB challenge.


(It might be nice if someone with experience could write an end-to-end tutorial 
on how to do this - from obtaining a suitable address - at a reasonable cost - 
to setting up the BGP routing to the servers...)


Of course the simplest way out is to use a CDN - as this is a previously solved 
problem.  It trades money for effort, which may be worthwhile if it allows you 
to concentrate on your unique value proposition.


Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.


On 22-Feb-20 20:25, Scott A. Wozny wrote:
Greetings BIND gurus,

I’m setting up hot-hot webserver clusters hosted on the west and east coasts of 
the US and would like to use Bind 9.11.4 with the Maxmind GeoIP database to 
split the traffic about evenly between those clusters.  Most of the traffic 
will be from the US so what I would like most to do is set up my ACLs to use 
the longitude parameter in the city DB and send traffic less than X (let's say 
-85) to a zone file that prioritizes the west coast servers and those greater 
than X to the east coast servers.  However, when I look through the 9.11.4 ARM 
it doesn’t include the longitude field in the geoip available field list in 
section 7.1.  Has anyone tried this and it actually works as an undocumented 
feature or, because it’s not an “exact match” type operation, this is a 
non-starter?

If this isn’t an option at all, does anyone have any suggestions on how to get 
a reasonably close split with ACLs using the geoIP database?  My first thought 
is to do continent based assignments to west and east coast zone files for all 
the non North American IPs with country based assignments of the non-US North 
American countries and then region (which, in the US, I believe translates to 
states) based assignments within the US.   I would need to do some balancing, 
but it seems fairly straightforward.  The downside is that the list would be 
fairly long and ACLs in most software can be kind of a performance hit.

The other alternative I was considering was doing splits by time zone, but 
there are a little over 400 TZs in the MaxMind GeoLite DB last time I checked 
and that also seems like it would be a performance hit UNLESS I could use 
wildcards in the ACL to group overseas time zones.  While I’ve not seen a 
wildcard in a geoip ACL, that doesn’t necessarily mean it can’t be done so I 
was wondering if anyone was able to make that work.

Finally, I could try a hybrid of continent matches outside North America and 
then the North American timezones which seems like a reasonable compromise, but 
only if my preferred options of longitude < > isn’t available nor is 
wildcarding tz matches.  OR am I overthinking all of this and there is a simple 
answer for splitting my load that I haven’t thought of?  The documentation and 
examples available online are fairly limited so I thought I’d check with the 
people most likely to have actually done this.

Any thoughts or suggestions would be appreciated.

Thanks,

Scott
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Security sssues with Ubuntu bind9 11.9.3 ?

[Alistair Bayley]

> Please check /usr/share/doc/bind9/changelog.Debian.gz for the fixes
> and changes it has on top of upstream's 9.11.3.

You can also see it here:
http://changelogs.ubuntu.com/changelogs/pool/main/b/bind9/bind9_9.11.3+dfsg-1ubuntu1.11/changelog

Most recent security patch was on 2019-11-18.

This email and attachments: are confidential; may be protected by privilege and 
copyright; if received in error may not be used, copied, or kept; are not 
guaranteed to be virus-free; may not express the views of Kordia(R); do not 
designate an information system; and do not give rise to any liability for 
Kordia(R).
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[Victoria Risk]

> On Feb 23, 2020, at 6:57 AM, @lbutlr  wrote:
> 
> On 22 Feb 2020, at 18:25, Scott A. Wozny  wrote:
>> I’m setting up hot-hot webserver clusters hosted on the west and east coasts 
>> of the US and would like to use Bind 9.11.4
> 
> I’d consider changing that version. While Bind 9.11 *is* still supported, it 
> is EOL at the end of this year. If you really really want to run 9.11, at 
> least run the latest patch level (9.11.6 should be coming really soon).

We will continue with security patches for 9.11 through the end of 2021, so 
9.11 is not a bad choice for someone who doesn’t want to migrate for a long 
time. 

> 
> 9.14.10 is the current stable release and 9.11.15 is the current extended 
> support release. Unless you know something is broken in 9.14.10 (unlikely) 
> that would be the version to look at.

9.14 has just been replaced by 9.16, released just this past week. We will 
continue offering security releases for 9.14 for a 3-month period to support 
migration to 9.16. Someone doing a migration today should look at 9.16 rather 
than 9.14.


> You absolutely should not be running a bind version several years old, as 
> 9.11.4 is.
> 

agreed


Victoria Risk
Product Manager
Internet Systems Consortium
vi...@isc.org





___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[Scott A. Wozny]

Thanks for the feedback.  I'm trying to avoid building from source so I'm using 
the version offered up by my distro which is presently 9.11.4-9.P2 on CentOS 
7.6.  I may end up having to change that position based upon external factors, 
but if it works, it's supported and it's in my distro's package store, I'm 
probably going to stick with it unless one of those criteria for use changes.

Thanks,

Scott


From: bind-users  on behalf of @lbutlr 

Sent: February 23, 2020 9:57 AM
To: bind-users 
Subject: Re: Advice on balancing web traffic using geoip ACls

On 22 Feb 2020, at 18:25, Scott A. Wozny  wrote:
> I’m setting up hot-hot webserver clusters hosted on the west and east coasts 
> of the US and would like to use Bind 9.11.4

I’d consider changing that version. While Bind 9.11 *is* still supported, it is 
EOL at the end of this year. If you really really want to run 9.11, at least 
run the latest patch level (9.11.6 should be coming really soon).

9.14.10 is the current stable release and 9.11.15 is the current extended 
support release. Unless you know something is broken in 9.14.10 (unlikely) that 
would be the version to look at.


You absolutely should not be running a bind version several years old, as 
9.11.4 is.




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[Scott A. Wozny]

Thanks for your reply.  Regarding versioning, while I would like to be on the 
most current version, I don't want to build from source and that leaves me 
relying on my distro (CentOS 7.6 is where I put my stake in the ground, at 
present) package manager's version which is presently 9.11.4-9.P2.  I assume 
someone is backporting critical patches as I'm not getting complaints from a 
credentialed OpenVAS scan, but I appreciate your caution about the version I'm 
using and MaxMind GeoIP.

You also make a good point about the delta between round-robin and geoIP being 
rapidly eaten up with hassle credits, particularly considering the abstraction 
layer introduced by DNS caches decoupling user location from DNS server 
location.  I feel that the really large public DNS caches would only exacerbate 
this problem to the point that all my effort will be wasted and my time better 
spent making my site as responsive as it can be, regardless of source.  Lots to 
think about...

Much obliged,

Scott


From: bind-users  on behalf of G.W. Haywood 
via bind-users 
Sent: February 23, 2020 7:59 AM
To: bind-users@lists.isc.org 
Subject: Re: Advice on balancing web traffic using geoip ACls

Hi there,

On Sun, 23 Feb 2020, Scott A. Wozny wrote:

> Greetings BIND gurus,

Sorry, I can't make any claim to be a BIND guru.

> ... webserver clusters hosted on the west and east coasts of the US
> and would like to use Bind 9.11.4

Hmmm.  You might want to look e.g. at all the fixes since 9.11.4 in

https://downloads.isc.org/isc/bind9/9.11.16/RELEASE-NOTES-bind-9.11.16.html

> with the Maxmind GeoIP database to split the traffic about evenly ...

especially the release notes for 9.11.15 if you're sure about MaxMind.
(After the changes in their APIs a while back cost me many weeks of
effort, and some temporary loss in functionality, I'd be very cautious
about relying on them again.  It was a completely different scenario.)

Of course even if you do look at the location of your DNS clients, it
doesn't tell you much about where _their_ clients are, nor much about
the routing of any packets that their clients might exchange with your
webservers.  In England I frequently see email from the neighbouring
town that's been routed via Austria, Finland, Japan...

Wouldn't even random routing or round-robin (basically do nothing) be
easier to implement, faster, more reliable, more (perhaps strangely)
predictable, and ... ?

https://en.wikipedia.org/wiki/Round-robin_DNS

For your use case I guess you'd really need to instrument something to
know for sure, and by then you've gone and done it anyway. :)

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Security sssues with Ubuntu bind9 11.9.3 ?

[Andreas Hasenack]

Hello

On Sun, Feb 23, 2020 at 1:28 PM Brett Delmage  wrote:
> But 1:9.11.3+dfsg-1ubuntu1.1 is the version that Ubuntu 18.04 LTS supports, 
> and
> will continue to for 2 more years.

Bionic has 1:9.11.3+dfsg-1ubuntu1.11 in the bionic-security pocket.
Please check /usr/share/doc/bind9/changelog.Debian.gz for the fixes
and changes it has on top of upstream's 9.11.3.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Security sssues with Ubuntu bind9 11.9.3 ?

[Brett Delmage]

9.14.10 is the current stable release and 9.11.15 is the current extended 
support release. Unless you know something is broken in 9.14.10 (unlikely) 
that would be the version to $



You absolutely should not be running a bind version several years old, as 
9.11.4 is.


But 1:9.11.3+dfsg-1ubuntu1.1 is the version that Ubuntu 18.04 LTS supports, and 
will continue to for 2 more years.


Clearly, it is earlier than 9.11.4

Has Ubuntu properly patched it for relevant security updates? Is it safe to 
run? Of course it will be missing the latest features and software defects 
(which I am exploring on a test server sing a version I compiled myself).


Brett
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[Timothe Litt]

"Splitting traffic evenly" may not be in the interest of your clients -
suppose their locations are skewed?


In any case, this seems like a lot of work - including committing to
ongoing maintenance - for not much gain.


Consider setting up an anycast address - let the network do the work. 
This will route to the server closest to the client.  You can do this
with two DNS servers - pair each with a webserver, have the zone file
select the corresponding webserver.  And/Or the webservers - works well
for static content; there's a distributed DB challenge.


(It might be nice if someone with experience could write an end-to-end
tutorial on how to do this - from obtaining a suitable address - at a
reasonable cost - to setting up the BGP routing to the servers...)


Of course the simplest way out is to use a CDN - as this is a previously
solved problem.  It trades money for effort, which may be worthwhile if
it allows you to concentrate on your unique value proposition.


Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

On 22-Feb-20 20:25, Scott A. Wozny wrote:
> Greetings BIND gurus,
>
> I’m setting up hot-hot webserver clusters hosted on the west and east
> coasts of the US and would like to use Bind 9.11.4 with the Maxmind
> GeoIP database to split the traffic about evenly between those
> clusters.  Most of the traffic will be from the US so what I would
> like most to do is set up my ACLs to use the longitude parameter in
> the city DB and send traffic less than X (let's say -85) to a zone
> file that prioritizes the west coast servers and those greater than X
> to the east coast servers.  However, when I look through the 9.11.4
> ARM it doesn’t include the longitude field in the geoip available
> field list in section 7.1.  Has anyone tried this and it actually
> works as an undocumented feature or, because it’s not an “exact match”
> type operation, this is a non-starter?
>
> If this isn’t an option at all, does anyone have any suggestions on
> how to get a reasonably close split with ACLs using the geoIP
> database?  My first thought is to do continent based assignments to
> west and east coast zone files for all the non North American IPs with
> country based assignments of the non-US North American countries and
> then region (which, in the US, I believe translates to states) based
> assignments within the US.   I would need to do some balancing, but it
> seems fairly straightforward.  The downside is that the list would be
> fairly long and ACLs in most software can be kind of a performance hit.  
>
> The other alternative I was considering was doing splits by time zone,
> but there are a little over 400 TZs in the MaxMind GeoLite DB last
> time I checked and that also seems like it would be a performance hit
> UNLESS I could use wildcards in the ACL to group overseas time zones.
>  While I’ve not seen a wildcard in a geoip ACL, that doesn’t
> necessarily mean it can’t be done so I was wondering if anyone was
> able to make that work.
>
> Finally, I could try a hybrid of continent matches outside North
> America and then the North American timezones which seems like a
> reasonable compromise, but only if my preferred options of longitude <
> > isn’t available nor is wildcarding tz matches.  OR am I overthinking
> all of this and there is a simple answer for splitting my load that I
> haven’t thought of?  The documentation and examples available online
> are fairly limited so I thought I’d check with the people most likely
> to have actually done this.
>
> Any thoughts or suggestions would be appreciated.
>
> Thanks,
>
> Scott


signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[@lbutlr via bind-users]

On 23 Feb 2020, at 07:57, @lbutlr  wrote:
> (9.11.6 should be coming really soon)

9.11.16, and I appear to be behind a touch, it is already released.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[@lbutlr]

On 22 Feb 2020, at 18:25, Scott A. Wozny  wrote:
> I’m setting up hot-hot webserver clusters hosted on the west and east coasts 
> of the US and would like to use Bind 9.11.4

I’d consider changing that version. While Bind 9.11 *is* still supported, it is 
EOL at the end of this year. If you really really want to run 9.11, at least 
run the latest patch level (9.11.6 should be coming really soon).

9.14.10 is the current stable release and 9.11.15 is the current extended 
support release. Unless you know something is broken in 9.14.10 (unlikely) that 
would be the version to look at.


You absolutely should not be running a bind version several years old, as 
9.11.4 is.




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: General Discussion about GPLness

[Stephan von Krawczynski]

Hello again,

at least you are beginning to sound a bit more like being able to discuss
something ;-)
The thing about a lawyer (I learned you are) is that they judge the world
according to lawsuits. You can learn from the history of my home country that
laws and courts are no measure for moral and right behaviour.
So my whole purpose of the thread is not to find out how the laws in the US
are judging something. It is all about how _we_ (we meaning all the people
contributing) are judging the issue. Do we really think that it is the right
thing to do to prevent people from feature-extending linux (and distros) in
general? The zfs case is special in that it is a simple "free license clash".
Which means all involved parties agree on the free and open software
principle, only the licenses (i.e. paper) disagree on the usage of it - to a
certain extent. But lets not discuss legal details. In the end it all comes up
to this simple question: what do we really want with the project?
Because in the end even you have to agree that there is a whole lot more world
outside the US. If people from other countries agree on something which gives
a better performance in some area, then the US would be the last ones not to
jump onto the train. Who can testify better than this project, not being
native-US.
Do we think it is illegal to call GPL code from non-GPL code? Yes or no,
simple choice.
Me, I don't think so. This is why I suggest we take down the barriers and
walls for interaction. It should be obvious by now that there will be no
non-gpl invasion taking place. Instead a non-ideological use of GPL may
convince even more people that free and open software is a good concept and
adds benefit to the world and does not _harm_ technological progress.
Given, not many people think about this from ground up before releasing
software on linux. This is probably the only reason why you can buy software
for linux at all. And maybe, only maybe, the lawyers in your beloved case
where too dumb to turn this case around and ask why the gpl linux software was
forced to marry with the non-gpl real player (which is/was available
for linux). According to this courts' point of view this must have been equally
illegal.
I mean it extended the gpl software with a new feature without checking for
gpl compliance.
As you can see the whole idea of the court in this case is broken. And it
seems only because noone asked the right questions.
--
Regards,
Stephan



On Sun, 23 Feb 2020 12:56:13 +
whywontyou...@waifu.club wrote:

> If you don't understand English, it will be difficult to get any points 
> across to you. I will try
> 
> In simple terms:
> 1) Look up the court case "Universal City Studios Inc v Reimerdes,"
> 
> 2) In this case someone else' software was running at the same time as 
> the other persons software, and made changes, extensions _ONLY_ when 
> running. Just like a non-gpl'd (or gpl'd) module might make changes and 
> extensions.
> 
> 3) The court found this was obviously a modification of the Copyright 
> owners Work and barred in on summary judgement.
> 
> That is why you're not allowed to do as you wish with non-gpl'd modules: 
> the US Copyright Jurisprudence forbids marring a Copyright owners 
> _running_ _in_memory_ property against his wishes: it's a Copyright 
> violation.
> 
> That is the reason: people don't want to get sued. That is the ONLY 
> reason. That's it.
> 
> The thing is, the linux copyright owners are wimps and won't sue anyone 
> even for blatant infringement; so what is the conversation about?
> 
> It's like if you were in Russia, and you were copying DVDs. No one is 
> going to punish you for it: so what is there to discuss? The US 
> Copyright owners don't have the rocks to Invade Russia, Start a Nuclear 
> Winter, and DESTROY you for your Copyright Infringement in Russia.
> 
> JUST AS, the DOG LIKE Linux Copyright owners don't have the BALLS to 
> risk being blackballed from the programming industry for DEFENDING THEIR 
> COPYRIGHT.
> 
> The GPL ___IS___ dead. The FSF doesn't protect GCC copyright, and is 
> opposed to taking any action against blantant in-writing infringers 
> (OpenSourceSecurity (Grsecurity)) of GCC, just as the LINUX COMMUNITY is 
> OPPOSED to taking ANY action to defend its Copyrights and moves to 
> PUNISH those rightsholders who do.
> 
> > And another thing: court is for lawyers. Whenever the lawyers take over
> > something they don't (want to) understand the end is near ...  
> 
> I'm a lawyer and a programmer, got something to say?
> 
> 
> > How about talking with real names?  
> Why would I do that? Tell me? What is in it for me?
> I can stand here, in the forest, taking shots at your bullshit. Safe. 
> Secure. My words and their veracity the only measure.
> 
> But if I reveal the messanger; you'll just attack the messenger.
> Tell me how _I_ benifit from telling YOU my name. Tell me.
> Is it some sort of stupid werkin man white man bravado?
> 
> > I have no idea why you 

Mr. Teo En Ming's Guide to Deploying CentOS Web Panel (CWP) Web Hosting Control Panel on Amazon AWS Cloud

[Turritopsis Dohrnii Teo En Ming]

Redundant Links to Teo En Ming's Guide to Deploying CentOS Web Panel (CWP) Web 
Hosting Control Panel on Amazon AWS Cloud

[1] https://lkml.org/lkml/2020/2/23/71

[2] http://lkml.iu.edu/hypermail/linux/kernel/2002.2/08712.html

[3] https://marc.info/?l=linux-kernel=158246414013004=2

[4] 
http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-February/029096.html

[5] https://marc.info/?l=apache-httpd-users=158246714513728=2

[6] https://lists.launchpad.net/maria-discuss/msg05714.html

[7] https://marc.info/?l=php-general=158246811013917=2

















-BEGIN EMAIL SIGNATURE-

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: 
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html





Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United 
Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and 
Australia (25 Dec 2019 to 9 Jan 2020):


[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-END EMAIL SIGNATURE-



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Test

[Turritopsis Dohrnii Teo En Ming]

Test








-BEGIN EMAIL SIGNATURE-

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: 
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html




Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United 
Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and 
Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-END EMAIL SIGNATURE-

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Advice on balancing web traffic using geoip ACls

[G.W. Haywood via bind-users]

Hi there,

On Sun, 23 Feb 2020, Scott A. Wozny wrote:


Greetings BIND gurus,


Sorry, I can't make any claim to be a BIND guru.


... webserver clusters hosted on the west and east coasts of the US
and would like to use Bind 9.11.4


Hmmm.  You might want to look e.g. at all the fixes since 9.11.4 in

https://downloads.isc.org/isc/bind9/9.11.16/RELEASE-NOTES-bind-9.11.16.html


with the Maxmind GeoIP database to split the traffic about evenly ...


especially the release notes for 9.11.15 if you're sure about MaxMind.
(After the changes in their APIs a while back cost me many weeks of
effort, and some temporary loss in functionality, I'd be very cautious
about relying on them again.  It was a completely different scenario.)

Of course even if you do look at the location of your DNS clients, it
doesn't tell you much about where _their_ clients are, nor much about
the routing of any packets that their clients might exchange with your
webservers.  In England I frequently see email from the neighbouring
town that's been routed via Austria, Finland, Japan...

Wouldn't even random routing or round-robin (basically do nothing) be
easier to implement, faster, more reliable, more (perhaps strangely)
predictable, and ... ?

https://en.wikipedia.org/wiki/Round-robin_DNS

For your use case I guess you'd really need to instrument something to
know for sure, and by then you've gone and done it anyway. :)

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: General Discussion about GPLness

[Stephan von Krawczynski]

Dear whoeveryouare,

can you please state in a clearer form (more understandable to non-native
english talkers) what your true opinion on the topic is?
And in case you did not understand what I was saying, here is clearer form of
my opinion:

A kernel module with another license (be it whatsoever) is _no_ modification
of the kernel, but an extension of its features. If feature-extension is
against the GPL (which I seriously doubt) then I would say "go back onto your
trees". Because the human race and evolution is about little else than
feature-extension.

And another thing: court is for lawyers. Whenever the lawyers take over
something they don't (want to) understand the end is near ...

How about talking with real names? I have no idea why you spam rms or bruce
with this, as the question is all about _one_ project, namely linux-kernel.
I'd suggest taking them off this topic again ...

--
Regards,
Stephan



On Sun, 23 Feb 2020 11:03:56 +
whywontyou...@waifu.club wrote:

> Dear Stephan von Krawczynski;
> 
> Universal City Studios Inc v Reimerdes, piece of shit.
> 
> "[The court] reasoned that Ferret consumers who used the Ferret as a 
> plug-in to the Real Player altered the Real Player user interface by 
> adding the Snap search button or replacing it with the Stream box search 
> engine button. The court concluded that the plaintiff raised sufficently 
> serious questions going to the merits of its claims to warrant an 
> injunction pending trial"
> 
> Want to violate the linux kernel copyright, you fucking piece of shit? 
> Yes you do. Yes modifying the running kernel with violating pieces is 
> copyright infringement, you fucking piece of shit. Yes you should be 
> sued. Just as Open Source Security (Grsecurity) should be sued for their 
> violations (of section 4 and 6 of the linux kernel copyright license 
> (they're also violating the GCC copyrights too)).
> 
> Will they be sued? Will you be sued? No: Linux copyright holders are 
> scared little wageslave worker bees. They aren't going to sue you; 
> sorry. Why are you even announcing you intent to violate the copyright? 
> Why even give these dogs such intellectual deference?
> 
> I wish OpenSourceSecurity would be sued. I wish you would be sued. But 
> linux WERKIN MAHN wage slave piece of shit idiots won't do it: I hate 
> them much more than I hate the violators. Complete Dogs. They could move 
> from strenght to strenght, from victory to victory; but they're scared 
> for their "JEHRB"s. I have to say: white men are pathetic scum. If Linux 
> was built by others there would rightfully be lawsuits.
> 
> 
> 
> > Stephan von Krawczynski wrote:
> > Hello all,
> > 
> > you may have already heard about it or not (several times in the past),
> > non-kernel devices run into a symbol export problem as soon as 
> > something is
> > only exported GPL from the kernel.
> > Currently there is a discussion regarding zfs using this call chain:
> > 
> > vdev_bio_associate_blkg (zfs) -> blkg_tryget (kernel) -> 
> > percpu_ref_tryget
> > (kernel) -> rcu_read_unlock (kernel) -> __rcu_read_unlock (kernel)
> > 
> > where __rcu_read_[lock|unlock] is a GPL symbol now used by (not GPL 
> > exported)
> > percpu_ref_tryget.
> > 
> > That this popped up (again) made me think a bit more general about the 
> > issue.
> > And I do wonder if this rather ideologic problem is on the right track
> > currently. Because what the kernel tries to do with the export GPL 
> > symbol
> > stuff is to prevent any other licensed software from _using_ it in 
> > _runtime_.
> > It does not try to prevent use/copy of the source code inside another 
> > non-gpl
> > project.
> > And I do think that this is not the intention of GPL. If it were, then 
> > 100% of
> > all mobile phones on this planet are illegal. All of them use GPL 
> > software
> > from non-gpl software, be it kernel modules or apps - and I see no 
> > difference
> > in the two. The constructed difference between kernel mode software and
> > user-space software is pure ideology. Because during runtime everything 
> > is
> > just call-chained.
> > Which means if you fopen() a file in user-space it of course uses GPL 
> > symbols
> > down in the chain somewhere. The contents of the opened file are not
> > heaven-sent.
> > If you/we follow the current completely ideology-driven GPL strategy 
> > then I am
> > all for completely giving up this whole project. In real world you 
> > simply
> > cannot use such a piece of software. The success of linux during the 
> > last
> > years (i.e. decade) is not based on the pure GPL strategy, but on the
> > successful interaction between linux and non-GPL software.
> > Just think of the billions of smartphones all using a non-gpl firmware
> > (underneath, and there is no GPL version at all), the kernel (with 
> > non-gpl
> > modules) and apps (quite some of which are non-gpl).
> > This is only one prominent example, but there are lots of others.
> > In the end it all sums up to one simple