Re: Best OpenBSD cloud hosting?

[Paul Kelly]

On 9/10/2013 12:16 PM, openda...@hushmail.com wrote:
> Can anyone recommend a decent OpenBSD cloud hosting provider?

CloudSigma do. Looks like you can do a short trial as well.

http://www.cloudsigma.com/2013/09/26/running-freebsd-netbsd-and-openbsd-in-the-cloud/

Re: Best OpenBSD cloud hosting?

[Darren Spruell]

On Tue, Oct 8, 2013 at 6:16 PM,   wrote:
> Hi,
>
> Can anyone recommend a decent OpenBSD cloud hosting provider?

No experience with their cloud services, but M5 Hosting proudly offers
OpenBSD options. Maybe worth checking out:

http://www.m5cloud.com/

-- 
Darren Spruell
phatbuck...@gmail.com

Re: Sorry OpenBSD people, been a bit busy

[Benjamin Heath]

On Oct 8, 2013 8:21 PM, "Scott McEachern"  wrote:
>
> On 10/08/13 22:44, Benjamin Heath wrote:
>> But that's just it, isn't it? People are naive. They go to public schools
>> where they are taught to accept what is popular and reject all else, and
>> that's where much of it starts. Computers must run Windows. If you want
to
>> be different, buy a Mac. Programs must be big and graphical with plenty
of
>> room for error. Why have it any other way?
>
>
> So far as I understand it, kids often aren't being taught the course
material. They're being "taught the test". That is, the standardized
evaluation tests for each subject. It inflates test scores to "acceptable"
limits.
>
> The ability to think, critically, isn't being taught at all. You have
kids walking out of school thinking crap like "Intelligent Design" is
plausible, and that the earth really is only 6000 years old. Darwin's ideas
are "just theories", but fail to realize gravity is "just a theory" too.
Stand on a 10th floor balcony, and test out that "just a theory".
>
> Why would kids do such silly things as read books, when they have
summarized versions online that they can skim over while they're waiting
for their tweet/facebook update to be replied to. After all, it is the most
profound 130 character message ever written.

It isn't only the course material or the testing material, but I'd argue
that public school itself is a critical time in which a young human being
learns to desire what's popular, and to desire to be popular. (Look, I'm a
geek, and things like The Big Bang Theory on CBS make me cringe.) But the
lack of critical thinking in this issue leads to a lot of confused kids who
then graduate and are soon called legal adults if they aren't already. And
then what? Inattention, apathy, acceptance, mediocrity, and that's how the
toad boils.

It's also quite interesting that there are more books and other documents
on this planet than ever before, more people know the basics of how to read
and write than ever before, and yet the interest is shot down by lack of
attention, for whichever reason.

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 22:44, Benjamin Heath wrote:

Adding to your previous thoughts, it became clear to me some years ago that
the best way to gather information on someone is to find information which
they've volunteered.


The US Army, namely D/arpa and the Navy, invented the Internet and onion 
routing.


I can't believe they didn't invent such a clever way to extract 
information before MySpace/Facebook did.



Facebook and other social networks have a space to select your religion,
sexual identity, location, school, work, and contact information. Much of
this information can be selected from existing lists. Supplying this
information hands it into the realm of Facebook "apps" with permission to
access that information, too.

But, people have given up this information. They weren't even paid or
coerced. Why so naive?


I think P.T. Barnum said something about that.

People like free stuff. They think they are using a product for free. 
They don't realize *they* are the product.


I don't have a Facebook account. I have a G+ account (by way of having a 
gmail account for mailing lists) with a picture of my cat, and no 
information about myself except links to my website.



But that's just it, isn't it? People are naive. They go to public schools
where they are taught to accept what is popular and reject all else, and
that's where much of it starts. Computers must run Windows. If you want to
be different, buy a Mac. Programs must be big and graphical with plenty of
room for error. Why have it any other way?


So far as I understand it, kids often aren't being taught the course 
material. They're being "taught the test". That is, the standardized 
evaluation tests for each subject. It inflates test scores to 
"acceptable" limits.


The ability to think, critically, isn't being taught at all. You have 
kids walking out of school thinking crap like "Intelligent Design" is 
plausible, and that the earth really is only 6000 years old. Darwin's 
ideas are "just theories", but fail to realize gravity is "just a 
theory" too. Stand on a 10th floor balcony, and test out that "just a 
theory".


Why would kids do such silly things as read books, when they have 
summarized versions online that they can skim over while they're waiting 
for their tweet/facebook update to be replied to. After all, it is the 
most profound 130 character message ever written.



I have also noticed that the news is saying what is and isn't common sense
now. They use this term as a backhanded directive, as if to say, "Of course
it is so, this is common sense." In fact, common sense is a little more
inquisitive than that, and common sense would actually have it that you
don't trust everything you hear.


"I read it on the Internet, therefore it must be true."

99% of the "news" people digest daily is spoon fed to them by five 
megacorps that are more than happy to frame the narrative for you. 
People worship celebrities that are only famous because of their 
surnames or relatives, and spend their leisure time on the couch 
watching (un)reality TV shows.


TV crime shows, like CSI, get DNA results in minutes. They can pinpoint 
the bad guy, right down to the floor he's on, within seconds just from 
his IP address. Strong encryption is broken within seconds on a laptop 
computer. Firewalls are routinely hacked within minutes. Cases are 
always solved with conclusive proof.


Ask any prosecutor how her life in the courtroom has changed since 
CSI-type shows hit the air. Everyone on the jury is an armchair expert 
criminalist, and they get confused when cases aren't cut and dried, 
black and white.


The founding fathers of the US understood that an educated public, 
active in the political process, is a good thing.


Modern politicians understand that an uneducated, apathetic public is a 
better thing.



On topic and as a response to Theo, Twitter is a vehicle of passive
aggression and ad hominem attacks among other things. I blame Twitter for
the direction much of the Internet has taken. It is quick, it is short, and
that's how people are with other people. They are quick, and they are
short. And it seems a pretty weak attempt at disparaging your character.


I suppose twitter has its good uses, like during the Arab Spring, but by 
and large it's a time sink to read fluff. I wrote to someone earlier 
sharing my one and only tweet from three years ago. (I plagiarized Marco 
Peereboom.)



*Scott McEachern* ‏@*scott_mceachern* 
 24 Nov 10 



Twitter is the stupidest fucking thing to happen on the Internet.


Like I said, you read it on the Internet, so it must be true.

--
Scott McEachern

https://www.blackstaff.ca

"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four."  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Benjamin Heath]

Adding to your previous thoughts, it became clear to me some years ago that
the best way to gather information on someone is to find information which
they've volunteered.

Facebook and other social networks have a space to select your religion,
sexual identity, location, school, work, and contact information. Much of
this information can be selected from existing lists. Supplying this
information hands it into the realm of Facebook "apps" with permission to
access that information, too.

But, people have given up this information. They weren't even paid or
coerced. Why so naive?

But that's just it, isn't it? People are naive. They go to public schools
where they are taught to accept what is popular and reject all else, and
that's where much of it starts. Computers must run Windows. If you want to
be different, buy a Mac. Programs must be big and graphical with plenty of
room for error. Why have it any other way?

I have also noticed that the news is saying what is and isn't common sense
now. They use this term as a backhanded directive, as if to say, "Of course
it is so, this is common sense." In fact, common sense is a little more
inquisitive than that, and common sense would actually have it that you
don't trust everything you hear.

On topic and as a response to Theo, Twitter is a vehicle of passive
aggression and ad hominem attacks among other things. I blame Twitter for
the direction much of the Internet has taken. It is quick, it is short, and
that's how people are with other people. They are quick, and they are
short. And it seems a pretty weak attempt at disparaging your character.

Thank you, and please, please keep it up.
On Oct 8, 2013 6:14 PM, "Scott McEachern"  wrote:

> On 10/08/13 20:42, thornton.rich...@gmail.com wrote:
>
>> I love OpenBSD, seriously, and developers of it are clearly geniuses. And
>> any chance I get I promote it.
>>
>
> Excellent, and I applaud you for that.
>
> You should take a look at the papers/presentations the devs have given.
>  The stuff Theo wrote on W^X was mind boggling.  Over my head, but I got
> the gist.  I'm not going to find the ones I'm thinking of (it's been a
> while since I read them), I'll leave that as an exercise for the reader.
>  You'll find plenty of mind-blowing stuff.
>
> (Ok, I can't resist.  I'll link to one particular page that's really easy
> to understand: http://www.openbsd.org/papers/**eurobsdcon_2013_time_t/**
> mgp3.html.
> Maybe another, this is from 2005, and I nearly lost my mind:
> http://www.openbsd.org/papers/**ven05-deraadt/index.html
> )
>
> I don't mean to single out Theo, but he started this thread, so he remains
> the focus.  You should read the stuff the other devs have written, it's all
> excellent stuff.  The genius shines through.
>
>  Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
>> network.
>>
>
> All I can say is, I hope you don't do anything private with your device.
>  You have two /proven/ weak points in your hand.  Anything HTTPS/TLS/SSL on
> your handheld is probably moot, but I'd still use crypto anyway. :)
>  Convenience comes with a price.
>
> And Richard, thanks for sharing your thoughts.  It adds to the balance.
>
> --
> Scott McEachern
>
> https://www.blackstaff.ca
>
> "Beware the Four Horsemen of the Information Apocalypse: terrorists, drug
> dealers, kidnappers, and child pornographers. Seems like you can scare any
> public into allowing the government to do anything with those four."  --
> Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 22:35, Indunil Jayasooriya wrote:

My favourite O/S is also OpenBSD. Theo and his guys protect the world. so
they are naturally protected.


Almost, but not quite.

Theo actually has a devoted core of followers around the globe, highly 
trained in gung-fu, krav maga, and ninjitsu.  They fight to kill.


Meetings take place on a secret, members-only OpenBSD-powered web 
server.  One word, and a problem can be "solved", anywhere, any time.  
Or so I hear...


So yes, he and his fellow devs are protected, while they protect the world.

--
Scott McEachern

https://www.blackstaff.ca

"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four."  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Richard Thornton]

The NSA is just a backdrop against the real corruption, which guys like
Sen. Ted Cruz, who intentionally manipulate the markets by threatening to
default on USA debt.  Only an idiot would not assume these Senators are
selling their stocks before this stupid debate, drive the markets down,
buy on the cheap, then bam!  Come up with a deal, and make a huge windfall
profit.  meanwhile they keep everyone focused on other issues such as NSA
while they literally rape the country.


On Tue, 8 Oct 2013, Scott McEachern wrote:

> On 10/08/13 16:36, Martin Schröder wrote:
>> YYCIX is subject to canadian laws.
>> It likely must have a lawful interception interface for the canadian
>> police/whatever.
>
> Americans are subject to the highest law of the land:  The US Constitution.
> You know, that document the President and damned near every government
> employee has sworn an oath to obey and protect.
>
> The NSA has broken that oath.  Not long after the Snowden leaks started, the
> Director of National Intelligence, James Clapper, spoke before congress and
> explained what the NSA is "up to", in an attempt to play down Snowden's
> revelations.  Then more Snowden documents came out, proving that the DNI
just
> /lied/ to congress.  Curiously, he's not in jail, and is still in office.
> Lying to congress is an indictable offense, er, a "felony offence" in US
> legal-speak.
>
> Now here's another fun bit of trivia for you:  The constitution outranks
> *all* other laws, like state, regional, municipal, etc. All except one:
> Foreign treaties.  They hold equal rank to the constitution.  Think about
> that, vis a vis foreign treaties with other intelligence agencies.  The same
> applies in Canada with our Constitution and Bill of Rights.
>
> Lawful interception, you say?  Subject to Canadian laws?  Privacy laws?
> There are no privacy laws in either the US or Canadian constitutions; look
it
> up.  But we /do/ have treaties.
>
>> Canada is a member of Five Eyes.
>
> Thank-you for proving my point.  Nice treaties with the other members since
> 1948.  Treaties that have equivalent legal weight to the constitutions of
the
> respective countries.
>
> If you think our (Canadian) "morally superior" privacy laws, and our
> national/provincial privacy commissioners have any say in the matter, you're
> fooling yourself.
>
> A couple of weeks ago, John Tory, a very well-respected radio commentator
> (and former lawyer, former CEO of Rogers, former politician, etc.) on a
> respected AM talk radio station, interviewed a fellow who works deep inside
> the telecom industry.  Sorry, I can't remember the chap's name.  Tory asked
> the guy, "So what ISPs are giving customer data to the government?"  The guy
> deadpanned, "All of them.  All of them are doing it."
>
> Of course, there's no actual proof of this at the moment, but given what
> Snowden has released so far, and what those documents indicate (eg. PRISM) I
> think this theory has moved from "pure speculation" to "most likely"
status.
>
> --
> Scott McEachern
>
> https://www.blackstaff.ca
>
> "Beware the Four Horsemen of the Information Apocalypse: terrorists, drug
> dealers, kidnappers, and child pornographers. Seems like you can scare any
> public into allowing the government to do anything with those four."  --
> Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Indunil Jayasooriya]

On Wed, Oct 9, 2013 at 6:42 AM, Scott McEachern  wrote:

> On 10/08/13 20:42, thornton.rich...@gmail.com wrote:
>
>> I love OpenBSD, seriously, and developers of it are clearly geniuses. And
>> any chance I get I promote it.
>>
>
> Excellent, and I applaud you for that.
>
>
My favourite O/S is also OpenBSD. Theo and his guys protect the world. so
they are naturally protected.





Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala
Fonts

Best OpenBSD cloud hosting?

[opendaddy]

Hi,

Can anyone recommend a decent OpenBSD cloud hosting provider?

Digital Ocean looks nice but they don't yet offer OpenBSD 
(https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-).

There's ARP Networks and TransIP but they don't offer clouds.

Thanks.

O.D.

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 20:42, thornton.rich...@gmail.com wrote:

I love OpenBSD, seriously, and developers of it are clearly geniuses. And
any chance I get I promote it.


Excellent, and I applaud you for that.

You should take a look at the papers/presentations the devs have given.  
The stuff Theo wrote on W^X was mind boggling.  Over my head, but I got 
the gist.  I'm not going to find the ones I'm thinking of (it's been a 
while since I read them), I'll leave that as an exercise for the 
reader.  You'll find plenty of mind-blowing stuff.


(Ok, I can't resist.  I'll link to one particular page that's really 
easy to understand: 
http://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp3.html. 
Maybe another, this is from 2005, and I nearly lost my mind: 
http://www.openbsd.org/papers/ven05-deraadt/index.html)


I don't mean to single out Theo, but he started this thread, so he 
remains the focus.  You should read the stuff the other devs have 
written, it's all excellent stuff.  The genius shines through.



Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.


All I can say is, I hope you don't do anything private with your 
device.  You have two /proven/ weak points in your hand.  Anything 
HTTPS/TLS/SSL on your handheld is probably moot, but I'd still use 
crypto anyway. :)  Convenience comes with a price.


And Richard, thanks for sharing your thoughts.  It adds to the balance.

--
Scott McEachern

https://www.blackstaff.ca

"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four."  -- Bruce Schneier

Re: ospfd and testing link flapping

[Doran Mori]

Thanks for the acknowledgement. Seems bgpd is also a victim of this logic,
but I haven't looked in the code to make sure. :]

My workaround has been to filter (by various means) the redundant prefixes
(some are unneeded due to my simple setup) from ever entering the routing
table.

dmo


On Sat, Sep 28, 2013 at 12:58 AM, Sebastian Benoit wrote:

>
> Hi,
>
> thanks for your bug report.
>
> We'll be looking into this. Please be patient though.
>
> /Benno
>
>
> Doran Mori(dhm...@gmail.com) on 2013.09.25 19:10:53 -0700:
> > I have an OpenBSD box running 5.3 with multiple nics.
> >
> > When I ifconfig down one of the transit links ospfd adds another route
> > instead of changing because the route is marked down in the kernel. When
> I
> > ifconfig up the link the original route and new one are both installed in
> > the routing table now. If I cycle down/up with ifconfig again now I get
> > multipath flags and eventually bgpd will freak out and quit because of
> this.
> >
> > From digging around in the code:
> >
> > In send_rtmsg in kroute.c shows how the route gets added:
> > ...
> > retry:
> > if (writev(fd, iov, iovcnt) == -1) {
> > if (errno == ESRCH) {
> > if (hdr.rtm_type == RTM_CHANGE) {
> > hdr.rtm_type = RTM_ADD;
> > goto retry;
> > } else if (hdr.rtm_type == RTM_DELETE) {
> > log_info("route %s/%u vanished before delete",
> > inet_ntoa(kroute->prefix),
> > kroute->prefixlen);
> > return (0);
> > }
> > }
> >
> > It can't find the route because it's marked down and switches from CHANGE
> > to ADD and retries.
> >
> > I see related threads but nothing with a definite fix:
> > http://marc.info/?l=openbsd-misc&m=130710530911754&w=2
> > http://marc.info/?l=openbsd-misc&m=133759959417744&w=2
> > http://marc.info/?l=openbsd-misc&m=134892435720437&w=2
> > ^-- this one seems the most promising but it's a big patch for me to
> > integrate myself since it's for ospf6d
> >
> > I've been banging my head all day trying to figure out a fix or
> workaround.
> > Let me know if you need more specifics/configs etc.
> >
> > dmo
> >
>
> --

Re: Sorry OpenBSD people, been a bit busy

[thornton . richard]

I love OpenBSD, seriously, and developers of it are clearly geniuses. And
any chance I get I promote it.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: Scott McEachernSent: Tuesday, October 8, 2013 7:17 PMTo:
misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been a bit busy

On 10/08/13 17:38, Richard Thornton wrote:
> I am not flippant enough to say that the NSA revelations do not matter,
> but what are we supposed to do? The Middle Eastern terrorism threat is
> real and we need to be able to stop them anyway necessary.
>
> All it takes is one of them to hit every Walmart in the neighborhood,
> buy every pay-as-you-go phone they have, then pass them out to their
> friends in every Mosque. Now you have a new terrorism threat. So,
> welcome to the real world my friend, and wake up.

Seriously, after everything I've said so far (I see you just replied
privately to my most recent post), you're suggesting that *I* wake up to
the real world? I suggest you take that message to the ignorant,
complacent, apathetic masses. Please.

Take a look at the prime-time TV lineup on the major US networks, and
the "cable" stations like Showcase, HBO, etc. What are their plots
mostly focussed on? Terrorism. Top-rated shows like NCIS, NCIS: LA,
and the like: Terrorism. My point is that the media is feeding the
viewers a non-stop diet of potential terrorist plots. It's ridiculously
pervasive, and the fear is taking over peoples' minds.

Why do you think Bruce Schneier calls the TSA's actions "security
theatre"? They're reactive, not proactive. Maybe the NSA/CIA/FBI are
trying to be proactive, but what's their track record?

The intelligence agencies each had a piece of the 9/11 puzzle. Due to
infighting and protecting their respective turf, they didn't share
information, and 9/11 happened. Hindsight is 20/20, but it was revealed
that if they had only cooperated, 9/11 could have been prevented.

Look at the Boston bombings. The FBI received intel from the Russians,
of all people, beforehand that the two brothers were up to something.
How did that work out for them?

The Times Square bomber was stopped by a curious NYPD cop, not an
three-letter agency.

How about those US soldiers that converted to Islam, raising red flags
with their unusual behaviour and behavioural changes, going on shooting
rampages? How did the FBI do there?

Maybe they have foiled attacks, but you'd think they'd be shouting that
from the rooftops saying, "Look! We're doing good! Our Billion dollar
budgets are justified!" People know about PRISM now, but even if they
wanted to keep the source of their intel under wraps, I'm sure they
could find a way to "parallel construct" a plausible explanation without
revealing too much.

Like you said in a fresh post, maybe the NSA was helpful in stopping the
potential attacks on Toronto and various rail lines. Who knows. Read
my previous paragraph again.

And for the record, both you and Ze Loff should stick to facts and
rational discussion. Bigots and morons are best defeated with those,
and they'll show their true colours, debasing their own opinions.
There's no need for insults and ad hominem attacks.

You feel that Snowden is "quite the jerk"? You're entitled to that
opinion, but there are a great many people, myself included, that think
he is a hero for exposing blantant lies and violations of the law and
constitution. Snowden, and some other previous NSA employees, saw the
insanity of this, and the future of it. They were appalled, and went
public. They are heroes.

Privately, you casually dismissed Wolf as "another blow hard", "the
liberal version of Ann Coulter". Maybe so, but attacking her personally
does not negate the validity of her points. Watch the video, and think
about it with an open mind, if you can.

You asked, "What are we supposed to do?" There are no easy answers
here. I fully realize that there are shades of grey involved. But you
aren't looking at the thin end of the wedge; we've long passed that
point, and you are ceding your rights to allow it to not only continue,
but to expand. Remeber what Ben Franklin said: "Those who would give
up essential liberty to purchase a little temporary safety deserve
neither liberty nor safety."

His point in that quote speaks directly to the nature of government. It
hasn't changed since then. Government will take a mile when you give
them an inch. You've probably heard the glib comments that more people
in the US have died from choking on fishbones/car accidents/etc. in the
last 12 years than have died from terrorism.

But at what price, both financially (military spending) and in terms of
rights in a growing surveillance state? Where does it end, and what is
the logical conclusion?

I just don't have the answers, but I can repeat the suggestions of Bruce
Schneier: Trust the math. Trust the crypto. Be careful with the
implementation. The NSA isn't so much working on breaking the crypto
(for now), as they are attacking the e

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/06/13 20:48, dera...@cvs.openbsd.org wrote:

Now, why do I mention this in relation to OpenBSD?  Well, at the end
of 2007 someone decided to open an impersonation account on twitter in
my name, and start sending a mix of things I have said (see wikiquote
for instance), with things that I would never say.  That account is
http://twitter.com/theoderaadt

A few notes:  The account has now changed to declare that it is a
parody account and renamed to "Not Theo de Raadt", as of a few days
ago.  If you read back into the past, you will see true character of
the account and the individual.

People in the local community were directed to the account, to give a
negative, if not slanderous, view of my character.  The ones directing
them have high-profile roles in the community, so people would take
what they say as true.  Since I am the network manager for the
exchange equipment, this by extension was meant to hurt YYCIX.

Why would stewards of important infrastructure projects deliberately
spread such false stories?


[...]



Layers of hurt being thrown around.  Why?


I don't know, but I can guess.  Probably the same reason that a year or 
two ago some crap came out trying to discredit OpenBSD's IPSec 
implementation: To discredit you, and OpenBSD as a whole.


Like I said, I have absolutely no doubt the NSA has been keeping tabs on 
OpenBSD as a whole.  Anything more than that is pure speculation on my part.


You, and the project, are financially reliant on donations, so if you 
are discredited, those donations lessen, and the project falters.  I'd 
bet money that the NSA would love to see OpenBSD "go away".


What other real options would someone, like the NSA but not necessarily 
them, or just them, have?


Hack the OpenBSD servers?  Good luck with that.  OpenBSD is the "gold 
standard" in the hacker underground.  I've heard hackers say that when 
they are looking for targets, they skip the OpenBSD boxes they find; a 
waste of time.  (I don't know how true that is, so take it with a grain 
of salt.)


Inject code?  (Like was alleged in the IPSec situation.)  Good luck.  
Commits are public, reviewed, audited, etc.


Corrupt the project leaders, usually financially.  Theo is an idealist.  
(I mean that in a good way, don't get me wrong.)  If he wanted to make 
serious money, he could easily do so with his reputation, experience, 
and skill set.  I wish anyone luck with corrupting Theo, or those he 
trusts, with money.  I deeply believe that unlike psychopathic 
CxO-types, he's not in it for the money, or power.


Blackmail the leaders into doing your bidding.  Last I checked, Theo 
isn't married, so he doesn't have to worry about a leak of him with his 
mistress.  I suspect that Theo wouldn't cave if someone were to reveal 
he used the services of ladies of the night.  (For the record, I'm just 
making up scenarios here, I have no idea what he does in his private 
time, other than cycling.)


The other thing to consider is that I don't think many people in the 
OpenBSD community would give a shit if Theo did "questionable" things in 
his private life.  I'm not interested, and I doubt any serious person 
would be.  I simply look at the work he does.  The dedication and quality.


*Everyone* has secrets, period.  Nobody wants cameras in their bedrooms 
or bathrooms.  (Canada had a Prime Minister in the 70s by the name of 
Pierre Trudeau, that said quite clearly that the state has no business 
in the bedrooms of the nation.  He made plenty of mistakes, but he got 
that one dead right.)  What would Theo's (fictional!) indiscretions, or 
any other dev's indiscretions, have to do with OpenBSD development?  
Nothing.


However, not everyone thinks that way, so I think one of the simpler 
ways to attack OpenBSD is to discredit the project (IPSec), and 
discredit the project leader (fake twitter bullshit).  This demoralizes 
the funding base.  It scares people away, whether they are existing 
users or potential users.  Some say there's no such thing as bad 
publicity.  I beg to differ.


Theo needs to continuously refute the bullshit with truth and honesty, 
standing on his body of years of dedication and work. Given his status, 
I'm sure that would be a full-time task in itself.  Perhaps a PR firm 
using OpenBSD could donate some work in that area, to give back.  (I 
realize that's wishful thinking, but you never know..)


I'm sure Sun Tzu could read more into this, but he's dead.  One of his 
principal tenets was "know your enemy", and thanks to Snowden et al., we 
have seen the enemy, they are legion, and include the NSA. Now we know 
much more about them, their tactics and methods.  Again, he is a hero.


I'd laugh if his future leaks were titled "To: NSA; Subject: From Russia 
with Love". :)


--
Scott McEachern

https://www.blackstaff.ca

"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 17:38, Richard Thornton wrote:

I am not flippant enough to say that the NSA revelations do not matter,
but what are we supposed to do?  The Middle Eastern terrorism threat is
real and we need to be able to stop them anyway necessary.

All it takes is one of them to hit every Walmart in the neighborhood,
buy every pay-as-you-go phone they have, then pass them out to their
friends in every Mosque.  Now you have a new terrorism threat.  So,
welcome to the real world my friend, and wake up.


Seriously, after everything I've said so far (I see you just replied 
privately to my most recent post), you're suggesting that *I* wake up to 
the real world?  I suggest you take that message to the ignorant, 
complacent, apathetic masses.  Please.


Take a look at the prime-time TV lineup on the major US networks, and 
the "cable" stations like Showcase, HBO, etc.  What are their plots 
mostly focussed on?  Terrorism.  Top-rated shows like NCIS, NCIS: LA, 
and the like:  Terrorism.  My point is that the media is feeding the 
viewers a non-stop diet of potential terrorist plots. It's ridiculously 
pervasive, and the fear is taking over peoples' minds.


Why do you think Bruce Schneier calls the TSA's actions "security 
theatre"?  They're reactive, not proactive.  Maybe the NSA/CIA/FBI are 
trying to be proactive, but what's their track record?


The intelligence agencies each had a piece of the 9/11 puzzle.  Due to 
infighting and protecting their respective turf, they didn't share 
information, and 9/11 happened.  Hindsight is 20/20, but it was revealed 
that if they had only cooperated, 9/11 could have been prevented.


Look at the Boston bombings.  The FBI received intel from the Russians, 
of all people, beforehand that the two brothers were up to something.  
How did that work out for them?


The Times Square bomber was stopped by a curious NYPD cop, not an 
three-letter agency.


How about those US soldiers that converted to Islam, raising red flags 
with their unusual behaviour and behavioural changes, going on shooting 
rampages?  How did the FBI do there?


Maybe they have foiled attacks, but you'd think they'd be shouting that 
from the rooftops saying, "Look!  We're doing good!  Our Billion dollar 
budgets are justified!"  People know about PRISM now, but even if they 
wanted to keep the source of their intel under wraps, I'm sure they 
could find a way to "parallel construct" a plausible explanation without 
revealing too much.


Like you said in a fresh post, maybe the NSA was helpful in stopping the 
potential attacks on Toronto and various rail lines.  Who knows.  Read 
my previous paragraph again.


And for the record, both you and Ze Loff should stick to facts and 
rational discussion.  Bigots and morons are best defeated with those, 
and they'll show their true colours, debasing their own opinions.  
There's no need for insults and ad hominem attacks.


You feel that Snowden is "quite the jerk"?  You're entitled to that 
opinion, but there are a great many people, myself included, that think 
he is a hero for exposing blantant lies and violations of the law and 
constitution.  Snowden, and some other previous NSA employees, saw the 
insanity of this, and the future of it.  They were appalled, and went 
public.  They are heroes.


Privately, you casually dismissed Wolf as "another blow hard", "the 
liberal version of Ann Coulter".  Maybe so, but attacking her personally 
does not negate the validity of her points.  Watch the video, and think 
about it with an open mind, if you can.


You asked, "What are we supposed to do?"  There are no easy answers 
here.  I fully realize that there are shades of grey involved.  But you 
aren't looking at the thin end of the wedge; we've long passed that 
point, and you are ceding your rights to allow it to not only continue, 
but to expand.  Remeber what Ben Franklin said:  "Those who would give 
up essential liberty to purchase a little temporary safety deserve 
neither liberty nor safety."


His point in that quote speaks directly to the nature of government.  It 
hasn't changed since then.  Government will take a mile when you give 
them an inch.  You've probably heard the glib comments that more people 
in the US have died from choking on fishbones/car accidents/etc. in the 
last 12 years than have died from terrorism.


But at what price, both financially (military spending) and in terms of 
rights in a growing surveillance state?  Where does it end, and what is 
the logical conclusion?


I just don't have the answers, but I can repeat the suggestions of Bruce 
Schneier:  Trust the math.  Trust the crypto.  Be careful with the 
implementation.  The NSA isn't so much working on breaking the crypto 
(for now), as they are attacking the end points.  That's why they hacked 
the "Tor Bundle".  That's why they control so many Tor exit nodes.


Stick to known trusted OSes, like OpenBSD.  Avoid proprietary software, 
especially software developed in the US.

Re: Sorry OpenBSD people, been a bit busy

[Chris Cappuccio]

Martin Schr?der [mar...@oneiros.de] wrote:
> 2013/10/8 Kyle R W Milz :
> > I guess if the NSA has coerced with CSIS or whatever the Canadian
> > equivalent is then there might be cause for worry there (quite likely as
> > we parrot almost everything the US does).
> 
> YYCIX is subject to canadian laws.
> It likely must have a lawful interception interface for the canadian
> police/whatever.
> Canada is a member of Five Eyes.

This is the duty of the ISP that serves the (snooped) end-user, not the IX.

The ISP is the only entity in a position to capture all traffic for an end-
user unless they are multi-homed. Then the authority has to ask multiple ISPs
to tap for them.

Re: Sorry OpenBSD people, been a bit busy

[Zé Loff]

> The Middle Eastern terrorism threat is
> real and we need to be able to stop them anyway necessary.
> 
> All it takes is one of them to hit every Walmart in the neighborhood,
> buy every pay-as-you-go phone they have, then pass them out to their
> friends in every Mosque.

Well fuck you and your fucking stereotypes, you fucking bigot.

And thank you for validating the quote on Scott's signature, btw.

Re: Sorry OpenBSD people, been a bit busy

[thornton . richard]

I used to work at empire blue cross. I had many friends who worked in the
Trade Towers.I lived for a time in Battery Park nearby.So go to hell
asshole, the USA will neverLet another 9/11 happen again, And Snowden is
quite the jerk. These guys were recently planning attacks on Toronto as a
matter of fact and were discovered in time, maybe thanks to the NSA.
So sit in your tea house pouring over your netbook,Fuckin around, and
hide. And go to hell.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: Zé LoffSent: Tuesday, October 8, 2013 6:08 PMTo: Richard ThorntonCc:
Scott McEachern; misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been
a bit busy

> The Middle Eastern terrorism threat is
> real and we need to be able to stop them anyway necessary.
>
> All it takes is one of them to hit every Walmart in the neighborhood,
> buy every pay-as-you-go phone they have, then pass them out to their
> friends in every Mosque.

Well fuck you and your fucking stereotypes, you fucking bigot.

And thank you for validating the quote on Scott's signature, btw.

Looking for good, small, canadian version laptop suggestions

[g.lister]

Hi guys,

I am looking for some suggestions for a good, small quite laptop. I was 
looking at futureshop.ca and bestbuy.ca. I currently have an HP dv3 
which runs OpenBSD 5.2 but it is veeey loud some issue with keeping 
heat down it has i7 cores but I am willing to settle for a lot less 
threads and power I need it for some vim C coding and basic duties.


I would like to get something quieter and that also runs OpenBSD without 
major issues. I saw a lenovo thinkpad x131e on futureshop but it is kind 
of small on the screen size 11.6" and I am not sure if OpenBSD will work 
on it.


Does anyone care to mention what they are using.
Thanks in advance.
Cheers,
George

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 16:41, Kevin Chadwick wrote:


As I say I am far more concerned about 'modern' incompetent ISP's.
Uncaring ISPs or ISP's that can only care about profit (and so
advertising) or they are out of business and tasking them (perhaps to
their delight) with layer 7 filtering which requires great care and
expertise and arguably only securable passively which I am sure they
will not be doing.

This should certainly be stopped as it may give people with mostly evil
intentions similar access as the NSA or just reduce reliability perhaps
at a time when the net is needed most. Sounds like it was quite a bit
of work though or was that mostly the resistance?

Global government surveilance is not going to be stopped or the
backbone avoided and atleast likely comes from mostly good intentions
even if it is bound to be abused or infiltrated at times.


History has demonstrated time and time over that it is the nature of 
government to keep and expand power at all costs.  Surveillance states 
don't go away until a major upheaval takes place.  Look at East 
Germany's Stasi, or the former USSR's KGB.  Oh wait, that came back 
again with a new name, the GRU I believe.


As I said in a previous post, it's most likely that the NSA is vacuuming 
up /all/ Internet data.  Even if they aren't grabbing 100% of it, 
they're definitely getting the "interesting bits".  And that data is 
going to be stored forever.


Even if your data is safely encrypted today, that data will be stored 
somewhere for pretty much eternity.  In 20 years when supercomputers, or 
quantum computers, can make mincemeat of today's strong crypto, that 
data will be analyzed to "predict" the future by learning from the past.


Even if you can pretend the US government of today, or any other 
government for that matter, is truly innocuous with the best intentions 
(ha!), that doesn't take into account the nature of future governments.


Back in the pre-WW2 days, Belgium (or was it the Netherlands?  I 
forget.) kept detailed census and medical data on their citizens, 
including their religious affiliation.  It was useful data for a 
friendly government, never to be abused.


Then WW2 happened, and Hitler's Nazis invaded.  They found that data, 
especially the religion part, quite useful, and we all know how that 
turned out.


The NSA has been playing this game not for years, but *decades*. The 
breadth of PRISM and other programs with names always written in caps is 
astounding.  They, and other intelligence agencies, are /everywhere/.  
Routers and switches with backdoors from the US (like Cisco), China 
(Huawei), Russia and others.  Splitters on backbone fiber, like "Room 
641A".  Superfast computers that intercept HTTPS/SSL data using acquired 
private keys from "friendly" or coerced companies.  Moxie Marlinspike 
demonstrated these techniques at a black hat conference in 2009, google 
for it.


Sounds far fetched?  Look at the revelation that LavaBit did indeed shut 
down because the FBI insisted on having their private keys, and 
installing a "device" on their network to intercept and decrypt the 
data.  They originally were (allegedly) targeting just Snowden's 
account, but when the head of LavaBit declined, the FBI wanted the data 
for /all/ users.  So he shut it down.  Then Silent Circle shut down, and 
the list continues to grow.


More food for thought?  Go read Naomi Wolf's book "The End of America".  
(https://en.wikipedia.org/wiki/Naomi_Wolf for a quick outline.)  Don't 
have time to read it?  Watch her youtube video (~48mins) of a speech 
given at the U of Washington in 2007. 
(https://www.youtube.com/watch?v=y8u-5gsZdgc, amongst others) Hopefully, 
it will make you think about the direction the US is heading.


--
Scott McEachern

https://www.blackstaff.ca

"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four."  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Richard Thornton]

I am not flippant enough to say that the NSA revelations do not matter,
but what are we supposed to do?  The Middle Eastern terrorism threat is
real and we need to be able to stop them anyway necessary.

All it takes is one of them to hit every Walmart in the neighborhood,
buy every pay-as-you-go phone they have, then pass them out to their
friends in every Mosque.  Now you have a new terrorism threat.  So,
welcome to the real world my friend, and wake up.


On Tue, 8 Oct 2013, Scott McEachern wrote:

> On 10/08/13 16:36, Martin Schröder wrote:
>> YYCIX is subject to canadian laws.
>> It likely must have a lawful interception interface for the canadian
>> police/whatever.
>
> Americans are subject to the highest law of the land:  The US Constitution.
> You know, that document the President and damned near every government
> employee has sworn an oath to obey and protect.
>
> The NSA has broken that oath.  Not long after the Snowden leaks started, the
> Director of National Intelligence, James Clapper, spoke before congress and
> explained what the NSA is "up to", in an attempt to play down Snowden's
> revelations.  Then more Snowden documents came out, proving that the DNI
just
> /lied/ to congress.  Curiously, he's not in jail, and is still in office.
> Lying to congress is an indictable offense, er, a "felony offence" in US
> legal-speak.
>
> Now here's another fun bit of trivia for you:  The constitution outranks
> *all* other laws, like state, regional, municipal, etc. All except one:
> Foreign treaties.  They hold equal rank to the constitution.  Think about
> that, vis a vis foreign treaties with other intelligence agencies.  The same
> applies in Canada with our Constitution and Bill of Rights.
>
> Lawful interception, you say?  Subject to Canadian laws?  Privacy laws?
> There are no privacy laws in either the US or Canadian constitutions; look
it
> up.  But we /do/ have treaties.
>
>> Canada is a member of Five Eyes.
>
> Thank-you for proving my point.  Nice treaties with the other members since
> 1948.  Treaties that have equivalent legal weight to the constitutions of
the
> respective countries.
>
> If you think our (Canadian) "morally superior" privacy laws, and our
> national/provincial privacy commissioners have any say in the matter, you're
> fooling yourself.
>
> A couple of weeks ago, John Tory, a very well-respected radio commentator
> (and former lawyer, former CEO of Rogers, former politician, etc.) on a
> respected AM talk radio station, interviewed a fellow who works deep inside
> the telecom industry.  Sorry, I can't remember the chap's name.  Tory asked
> the guy, "So what ISPs are giving customer data to the government?"  The guy
> deadpanned, "All of them.  All of them are doing it."
>
> Of course, there's no actual proof of this at the moment, but given what
> Snowden has released so far, and what those documents indicate (eg. PRISM) I
> think this theory has moved from "pure speculation" to "most likely"
status.
>
> --
> Scott McEachern
>
> https://www.blackstaff.ca
>
> "Beware the Four Horsemen of the Information Apocalypse: terrorists, drug
> dealers, kidnappers, and child pornographers. Seems like you can scare any
> public into allowing the government to do anything with those four."  --
> Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 16:36, Martin Schröder wrote:

YYCIX is subject to canadian laws.
It likely must have a lawful interception interface for the canadian
police/whatever.


Americans are subject to the highest law of the land:  The US 
Constitution.  You know, that document the President and damned near 
every government employee has sworn an oath to obey and protect.


The NSA has broken that oath.  Not long after the Snowden leaks started, 
the Director of National Intelligence, James Clapper, spoke before 
congress and explained what the NSA is "up to", in an attempt to play 
down Snowden's revelations.  Then more Snowden documents came out, 
proving that the DNI just /lied/ to congress.  Curiously, he's not in 
jail, and is still in office.  Lying to congress is an indictable 
offense, er, a "felony offence" in US legal-speak.


Now here's another fun bit of trivia for you:  The constitution outranks 
*all* other laws, like state, regional, municipal, etc. All except one:  
Foreign treaties.  They hold equal rank to the constitution.  Think 
about that, vis a vis foreign treaties with other intelligence 
agencies.  The same applies in Canada with our Constitution and Bill of 
Rights.


Lawful interception, you say?  Subject to Canadian laws?  Privacy laws?  
There are no privacy laws in either the US or Canadian constitutions; 
look it up.  But we /do/ have treaties.



Canada is a member of Five Eyes.


Thank-you for proving my point.  Nice treaties with the other members 
since 1948.  Treaties that have equivalent legal weight to the 
constitutions of the respective countries.


If you think our (Canadian) "morally superior" privacy laws, and our 
national/provincial privacy commissioners have any say in the matter, 
you're fooling yourself.


A couple of weeks ago, John Tory, a very well-respected radio 
commentator (and former lawyer, former CEO of Rogers, former politician, 
etc.) on a respected AM talk radio station, interviewed a fellow who 
works deep inside the telecom industry.  Sorry, I can't remember the 
chap's name.  Tory asked the guy, "So what ISPs are giving customer data 
to the government?"  The guy deadpanned, "All of them.  All of them are 
doing it."


Of course, there's no actual proof of this at the moment, but given what 
Snowden has released so far, and what those documents indicate (eg. 
PRISM) I think this theory has moved from "pure speculation" to "most 
likely" status.


--
Scott McEachern

https://www.blackstaff.ca

"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four."  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Kevin Chadwick]

> Food for thought for everyone, but like I said, he doesn't care and 
> won't think about it.

As I say I am far more concerned about 'modern' incompetent ISP's.
Uncaring ISPs or ISP's that can only care about profit (and so
advertising) or they are out of business and tasking them (perhaps to
their delight) with layer 7 filtering which requires great care and
expertise and arguably only securable passively which I am sure they
will not be doing.

This should certainly be stopped as it may give people with mostly evil
intentions similar access as the NSA or just reduce reliability perhaps
at a time when the net is needed most. Sounds like it was quite a bit
of work though or was that mostly the resistance?

Global government surveilance is not going to be stopped or the
backbone avoided and atleast likely comes from mostly good intentions
even if it is bound to be abused or infiltrated at times.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
___

Re: Sorry OpenBSD people, been a bit busy

[Martin Schröder]

2013/10/8 Kyle R W Milz :
> I guess if the NSA has coerced with CSIS or whatever the Canadian
> equivalent is then there might be cause for worry there (quite likely as
> we parrot almost everything the US does).

YYCIX is subject to canadian laws.
It likely must have a lawful interception interface for the canadian
police/whatever.
Canada is a member of Five Eyes.

Best
   Martin

Pandaboard ES dmesg 9/26/2013 armv7 snapshot

[Diana Eichert]

In case any one is interested, thought I'd post a dmesg from a
Pandaboard ES running an OpenBSD snapshot from Sept 26, 2013.

There was one glitch on the install but was able to manually
work around it to get it working.  Glitch has been reported to
the developers.

diana


-- Forwarded message --
Date: Tue, 8 Oct 2013 11:06:21 -0600 (MDT)
To: deich...@wrench.com

OpenBSD 5.4-current (GENERIC-OMAP) #6: Mon Sep 16 01:42:55 CEST 2013
r...@imx.fritz.box:/usr/src/sys/arch/armv7/compile/GENERIC-OMAP
real mem  = 1073741824 (1024MB)
avail mem = 1045291008 (996MB)
mainbus0 at root
cortex0 at mainbus0
ampintc0 at cortex0 nirq 160
amptimer0 at cortex0: tick rate 396000 KHz
cpu0 at mainbus0: ARM Cortex A9 R2 rev 10 (ARMv7 core)
cpu0: DC enabled IC enabled WB disabled EABT branch prediction enabled
cpu0: 32KB(32b/l,4way) I-cache, 32KB(32b/l,4way) wr-back D-cache
omap0 at mainbus0: PandaBoard
omapid0 at omap0: omap4460
amptimer0: adjusting clock: new tick rate 35 KHz
prcm0 at omap0 rev 0.0
omdog0 at omap0 rev 0.1
omgpio0 at omap0 omap4 rev 0.1
omgpio1 at omap0 omap4 rev 0.1
omgpio2 at omap0 omap4 rev 0.1
omgpio3 at omap0 omap4 rev 0.1
omgpio4 at omap0 omap4 rev 0.1
omgpio5 at omap0 omap4 rev 0.1
ommmc0 at omap0
sdmmc0 at ommmc0
com0 at omap0: ti16750, 64 byte fifo
com0: console
ehci0 at omap0
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "TI OMAP EHCI root hub" rev 2.00/1.00 addr 1
/dev/ksyms: Symbol table not valid.
scsibus0 at sdmmc0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct fixed
sd0: 30703MB, 512 bytes/sector, 62879744 sectors
uhub1 at uhub0 port 1 "vendor 0x0424 product 0x9514" rev 2.00/1.00 addr 2
smsc0 at uhub1 port 1 "vendor 0x0424 product 0xec00" rev 2.00/1.00 addr 3
smsc0: address ff:ff:ff:ff:ff:ff
ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x0001f0, model 0x000c
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
boot device: sd0
root on sd0a (8f850e8fd3f0dafe.a) swap on sd0b dump on sd0b
WARNING: CHECK AND RESET THE DATE!

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 10:33, Kyle R W Milz wrote:

Now here is where things get interesting, from the data centre to my
home:

[...]

Take a look at the 5th and 6th hops, they are in the US. The data
goes from Calgary to Vancouver down into the US to Seattle and then all
the way back to Calgary.

So long winded answer to your question: Canadian internet traffic will
stay in Canada and won't make these ridiculous loops.

I guess if the NSA has coerced with CSIS or whatever the Canadian
equivalent is then there might be cause for worry there (quite likely as
we parrot almost everything the US does).


I've seen similar paths when tracerouting from my location (NE of 
Toronto) to west coast sites.  Depending on the site, the packets take a 
little detour to NYC, Chicago, Seattle, etc., before coming back into 
Canada.


Please forgive my little ramble here:

20 years ago, my girlfriend and I drove from Whitby, Ontario (just east 
of Toronto) to Banff, Alberta.  We drove through Calgary, BTW. On our 
way out there, we decided to take a short cut through some northern 
states: Michigan, Wisconsin, Minnesota and finally North Dakota, before 
heading north to Winnipeg, and continuing west.  It was considerably 
shorter than driving through northern Ontario, above Lake Superior.


Stupid me, I completely forgot I had a bag containing something the 
border authorities would very seriously frown upon.  They gave a cursory 
check to the trunk, and I paid a $2 duty on the (obvious) case of beer 
that I bought in Canada.  The guys in the car ahead of us got the full 
shakedown.


We slept in the car until the border opened.  It wasn't until we pitched 
our tents for the first time, the next night, and broke out the bag, 
that I realized my (our) mistake.  Needless to say, we didn't cross the 
border again and took the long way home.


My point is that staying in Canada and not crossing the border might be 
a good idea by car, (and that was pre-9/11), but I don't think in this 
day and age that it really matters if your packets cross the border or not.


Remember, Canada is one of the "Five Eyes" (along with the US, UK, 
Australia and New Zealand) whose intelligence agencies happily share 
information.  How much, we don't know, but it gets around legal 
loopholes about not being able to spy on your own citizens.  (Which the 
NSA disregards entirely.)


The Canadian equivalent to the NSA isn't CSIS, it's CSEC. 
https://en.wikipedia.org/wiki/Communications_Security_Establishment_Canada 
The ECHELON section on that page explains the Five Eyes setup, about 
sharing information, and it's been going on since 1948.  And don't 
forget, since we are "foreign", it is within the NSA's mandate to 
monitor us.


So you bet your ass they are watching us, because they can.

While I have no proof of this, it is strictly my unfounded theory, I 
would also think that the NSA pays particular interest to OpenBSD. It's 
right there on the OpenBSD site's pages that they're located in Canada 
to /specifically/ avoid US "interference".


If you were the NSA, wouldn't you find an organization that:

1) blatantly says they're in Canada to avoid US government problems,
2) is arguably the most secure OS on the market,
3) (I think..) was the first to use integrated heavy crypto, including 
IPSec,
4) has a subtle (and sometimes not so subtle) 
anti-government/anti-establishment tone on the mailing lists,

5) is completely open source with all commits publicly viewable,
6) is probably run by a bunch of "commie hippies" (in their eyes),

wouldn't /you/ (as the NSA) keep an eye on those liberal bastards?

My friend replied to me, from his gmail account, to my email server 
located in my own home, using my own Canadian-registered domain, "And if 
a government really wanted to track you, well, lets face the facts. You 
and I just aren't that important. haha"


I had to point out to him that, let's face facts, you are exactly one 
degree of separation from someone, who (albeit tangentially) is involved 
with not just any FOSS organization, but OpenBSD, who is /probably/ 
"watched".  I'm in the list archives, and listed on the donations page.  
You are one degree of separation from someone who runs their own 
servers, has publicly said uses full disk encryption on Internet-related 
servers (and knows how to pull a power cord), and runs a members-only 
site that requires HTTPS.  All of that is considered "suspicious".  If 
the NSA is looking around, they've probably noticed me, and looked at 
me.  Too paranoid?


I failed to mention (here), that one of my oldest friends is in the 
Canadian Forces.  He works in SIGINT.  I don't know what he does, and I 
don't know his exact clearance, just that at the least it's "secret" 
level.  I know he can't talk about anything work-related (and doesn't).  
Before he got his clearance, how far did they look into my friend's 
friends, like me?  I have no idea.


So, I said to my other friend: that "You and I just aren't that 
impo

Re: Sorry OpenBSD people, been a bit busy

[Kyle R W Milz]

On Tue, Oct 08, 2013 at 08:20:32AM -0400, Scott McEachern wrote:
> I didn't want to bring this up before, but it might be an
> interesting discussion, even though off-topic.  Feel free to ignore
> this part of the thread.
> 
> After reading Theo's post, I wondered what effect an IX had on what
> we now know about NSA surveillance.  I don't know anything about it,
> but I suspect it won't make any difference.

I have a colocated server in the same data center that the IX is being
installed in. I live in Calgary and also have a home internet connection
with a major ISP here, Shaw Cable.

Traceroutes from my home to the data centre are pretty normal, enmax
envision is a local commercial fibre carrier:

traceroute to getaddrinfo.net (216.171.227.98), 64 hops max, 40 byte packets
 1  192.168.1.1 (192.168.1.1)  6.809 ms  2.461 ms  14.730 ms
 2  * * *
 3  64.59.132.169 (64.59.132.169)  14.543 ms  10.710 ms  13.220 ms
 4  66.163.71.102 (66.163.71.102)  13.731 ms ra2so-tge2-1.cg.shawcable.net 
(66.163.71.98)  14.216 ms  13.916 ms
 5  rx0so-enmax.cg.bigpipeinc.com (66.244.207.158)  13.478 ms  10.950 ms  
14.982 ms
 6  a72-29-245-70.enmaxenvison.net (72.29.245.70)  12.979 ms  33.446 ms  9.483 
ms
 7  a72-29-245-66.enmaxenvison.net (72.29.245.66)  14.227 ms  13.917 ms  16.484 
ms
 8  216-171-224-253.datahive.ca (216.171.224.253)  9.981 ms  14.946 ms  25.484 
ms
 9  216-171-224-5.datahive.ca (216.171.224.5)  46.234 ms  29.974 ms  35.703 ms
10  216-171-227-98.datahive.ca (216.171.227.98)  36.741 ms  40.197 ms  41.490 ms

Now here is where things get interesting, from the data centre to my
home:

traceroute to krwm.net (184.64.152.209), 64 hops max, 40 byte packets
 1  216-171-227-97.datahive.ca (216.171.227.97)  0.636 ms  0.622 ms  0.411 ms
 2  216-171-224-246.datahive.ca (216.171.224.246)  0.409 ms  0.505 ms  0.561 ms
 3  gige-g2-7.core1.yyc1.he.net (72.52.101.149)  6.267 ms  0.823 ms  0.557 ms
 4  10gigabitethernet3-2.core1.yvr1.he.net (184.105.223.218)  17.967 ms  11.860 
ms  16.505 ms
 5  10gigabitethernet12-3.core1.sea1.he.net (184.105.222.1)  35.960 ms  14.592 
ms  20.456 ms
 6  rc1wt-ge4-1.wa.shawcable.net (206.81.80.54)  27.318 ms  23.863 ms  23.819 ms
 7  66.163.70.209 (66.163.70.209)  19.439 ms  20.140 ms  19.439 ms
 8  dx6no-g1.cg.shawcable.net (64.59.132.170)  24.978 ms  20.165 ms  19.573 ms
 9  krwm.net (184.64.152.209)  139.806 ms  33.179 ms  27.907 ms

Take a look at the 5th and 6th hops, they are in the US. The data
goes from Calgary to Vancouver down into the US to Seattle and then all
the way back to Calgary.

So long winded answer to your question: Canadian internet traffic will
stay in Canada and won't make these ridiculous loops.

I guess if the NSA has coerced with CSIS or whatever the Canadian
equivalent is then there might be cause for worry there (quite likely as
we parrot almost everything the US does).

> Some of Snowden's leaked documents detail how the NSA has the
> private keys for various US corporations, and they set up various
> computers on the backbone links.  Basically, the NSA can
> imperceptibly vacuum up all data.  Scary shit, really.
> 
> A few people have suggested they are vacuuming /everything/, not
> just "foreigners", while others counter that there's just too much
> data, and it's infeasible for them to store it.
> 
> I propose that not only is it possible, but quite likely.  When
> google mysteriously went offline for about 5 minutes a while back,
> it was said that Internet traffic dropped by 40%.  A shitload of
> that is going to be YouTube, which the NSA can easily ignore.  I've
> also heard that something like 40% of Internet traffic is porn, so
> they can ignore that, too.  Another big chunk goes to people
> downloading movies/TV by NetFlix, torrent or from the cable-type
> companies themselves.  Again, the actual content can be ignored, but
> the metadata can be kept.  Duplicate data can be ignored as well.
> There's no need for the NSA to keep 10,000 copies of the same shit
> Fox or CNN spews to 10,000 daily visitors.  Just keep the metadata.
> No need to keep advertisements, cool graphics/CSS stuff, or HTML.
> That can all be stripped away.
> 
> Whether those "40%" numbers are accurate or not -- and I doubt they
> are -- isn't the point.  The point is that a metric shitload of
> content can be safely ignored.  It wouldn't surprise me in the least
> if it were to be revealed that all the NSA actually traps is maybe
> 5% of total Internet traffic.  Not because of a lack of capacity,
> but a lack of interest in "crap".  Now go look at the two big data
> centres under construction.  Everyone knows about the Utah data
> centre, but there's another, slightly smaller one, under
> construction on the East coast.  (Sorry, I can't remember exactly
> where.)
> 
> But that's not the scariest thing.
> 
> The scariest thing is when a friend of mine talked about how cool
> his smartphone is.  I replied with the standard stuff:  "You're
> being watched and recorded" (etc).  He said

error: [drm:pidX:i915_get_vblank_timestamp] *ERROR* Invalid crtc 1

[Atanas Vladimirov]

Hi,
I got many i915_get_vblank_timestamp errors
"error: [drm:pid3:i915_get_vblank_timestamp] *ERROR* Invalid crtc 1"
on intel 865G (dmesg below). Any help is appreciated.

### dmesg #

OpenBSD 5.4-current (GENERIC) #63: Tue Oct  1 12:33:25 MDT 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF
real mem  = 1601695744 (1527MB)
avail mem = 1563807744 (1491MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/10/03, BIOS32 rev. 0 @ 0xeb4e0, SMBIOS 
rev. 2.3 @ 0xf8dd4 (59 entries)
bios0: vendor Hewlett-Packard version "786B2 v1.11" date 07/10/2003
bios0: Hewlett-Packard HP d530 CMT(DG751A)
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT SSDT SSDT APIC SSDT ASF! SSDT 
SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices PCI0(S4) HUB_(S4) COM1(S4) COM2(S4) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) EUSB(S3) PBTN(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (HUB_)
acpicpu0 at acpi0
acpibtn0 at acpi0: PBTN
bios0: ROM list: 0xc/0xa600 0xca600/0x2000 0xe0c00/0x9a00!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xf000, size 0x800
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1280x1024
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 18
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
pci1 at ppb0 bus 5
bge0 at pci1 dev 2 function 0 "Broadcom BCM5782" rev 0x03, BCM5705 A3 (0x3003): 
apic 1 int 20, address 00:0b:cd:71:65:30
brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 1 int 18 for native-PCI interrupt
auich0 at pci0 dev 31 function 5 "Intel 82801EB/ER AC97" rev 0x02: apic 1 int 
17, ICH5 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
uhidev0 at uhub1 port 2 configuration 1 interface 0 "Avago USB Optical Mouse" 
rev 2.00/2.00 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (b8e49a73e96975f2.a) swap on wd0b dump on wd0b
error: [drm:pid3:i915_get_vblank_timestamp] *ERROR* Invalid crtc 1
error: [drm:pid31279:i915_get_vblank_timestamp] *ERROR* Invalid crtc 1
error: [drm:pid31279:i915_

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 07:20, Kevin Chadwick wrote:


So has your internet access (ISP) improved too since a while back or
just locally and what resistance did you encounter - pro surveillance?

The UK broadband speeds have shot up and become more of an asset but
they are also becoming far more of a liability too. I am not too
bothered about well secured?? monitoring systems for the good of us all
by authorites that perhaps put as much importance on the security of the
monitoring systems as anyone else? if not more? but I am extremely
concerned about the government now even pushing ISPs to put in layer 7
filters such as TalkTalks homesafe on the cheapest and crappiest
hardware (of the same make as those with backdoors in audio switches,
thankfully firewalled) and possibly providing a cover for the previously
rejected advertising data harvesting systems of the future under the
compelling and so reason scuppering highly questionable method of
stopping kiddy porn.


If only more ISP engineers understood why OpenBSD is so secure or
atleast as much as they traditionally did with the mantra of ISP's
transport packets and that's all for safety reasons.


I didn't want to bring this up before, but it might be an interesting 
discussion, even though off-topic.  Feel free to ignore this part of the 
thread.


After reading Theo's post, I wondered what effect an IX had on what we 
now know about NSA surveillance.  I don't know anything about it, but I 
suspect it won't make any difference.


Some of Snowden's leaked documents detail how the NSA has the private 
keys for various US corporations, and they set up various computers on 
the backbone links.  Basically, the NSA can imperceptibly vacuum up all 
data.  Scary shit, really.


A few people have suggested they are vacuuming /everything/, not just 
"foreigners", while others counter that there's just too much data, and 
it's infeasible for them to store it.


I propose that not only is it possible, but quite likely.  When google 
mysteriously went offline for about 5 minutes a while back, it was said 
that Internet traffic dropped by 40%.  A shitload of that is going to be 
YouTube, which the NSA can easily ignore.  I've also heard that 
something like 40% of Internet traffic is porn, so they can ignore that, 
too.  Another big chunk goes to people downloading movies/TV by NetFlix, 
torrent or from the cable-type companies themselves.  Again, the actual 
content can be ignored, but the metadata can be kept.  Duplicate data 
can be ignored as well. There's no need for the NSA to keep 10,000 
copies of the same shit Fox or CNN spews to 10,000 daily visitors.  Just 
keep the metadata. No need to keep advertisements, cool graphics/CSS 
stuff, or HTML. That can all be stripped away.


Whether those "40%" numbers are accurate or not -- and I doubt they are 
-- isn't the point.  The point is that a metric shitload of content can 
be safely ignored.  It wouldn't surprise me in the least if it were to 
be revealed that all the NSA actually traps is maybe 5% of total 
Internet traffic.  Not because of a lack of capacity, but a lack of 
interest in "crap".  Now go look at the two big data centres under 
construction.  Everyone knows about the Utah data centre, but there's 
another, slightly smaller one, under construction on the East coast.  
(Sorry, I can't remember exactly where.)


But that's not the scariest thing.

The scariest thing is when a friend of mine talked about how cool his 
smartphone is.  I replied with the standard stuff:  "You're being 
watched and recorded" (etc).  He said he doesn't care.  He just doesn't 
care if the government watched the sex vids he shared with some ladies 
online, or read his emails.  Paraphrasing him, he asked, When was the 
last time someone I knew had a government official knock on their door?  
Never!  And you'll never see it happen in your lifetime, either!


I did reply with a few thought-provoking ideas, but I know damn well he 
won't think about it, because he just doesn't care, and no matter what I 
say, he never will.  (I did ask him, when /will/ it be too much for you, 
and will it be too late?  He didn't reply.)


I would suggest that most of the general population shares his apathy.  
Sure, a few people get riled up for a few minutes, but that goes away 
when Miley does something stupid with her ass, a dancing show comes on, 
or Michael Bay blows up a lot of stuff on the big screen.


Now we're finding out that the FBI and NSA own a whole lot of Tor 
nodes.  Some suspect half of them are government controlled, especially 
the exit nodes.


More scary?  The likes of Bruce Schneier and Glenn Greenwald, both privy 
to the compendium of Snowden's documents, are saying things like "We 
haven't seen the half of it...  It gets worse."  I can't wait..


A question for Theo and those in the know:  Do these IXs in any way 
deter or foil the NSA?  Or do they "just" make for better connectivity?  
Just curious.


@Kevin Chadwick:  About your 

Re: Sorry OpenBSD people, been a bit busy

[Kevin Chadwick]

> Why?  With a group of others, I started setting up an Internet
> Exchange in Calgary, and this has taken much time because it is highly
> politicized and has encountered some resistance.

So has your internet access (ISP) improved too since a while back or
just locally and what resistance did you encounter - pro surveillance?

The UK broadband speeds have shot up and become more of an asset but
they are also becoming far more of a liability too. I am not too
bothered about well secured?? monitoring systems for the good of us all
by authorites that perhaps put as much importance on the security of the
monitoring systems as anyone else? if not more? but I am extremely
concerned about the government now even pushing ISPs to put in layer 7
filters such as TalkTalks homesafe on the cheapest and crappiest
hardware (of the same make as those with backdoors in audio switches,
thankfully firewalled) and possibly providing a cover for the previously
rejected advertising data harvesting systems of the future under the
compelling and so reason scuppering highly questionable method of
stopping kiddy porn.


If only more ISP engineers understood why OpenBSD is so secure or
atleast as much as they traditionally did with the mantra of ISP's
transport packets and that's all for safety reasons.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
___

Re: Sorry OpenBSD people, been a bit busy

[hruodr]

On Mon, 7 Oct 2013, James Griffin wrote:

> [...] But when people don't listen, or continuosly repeat themselves 
> unnecessarily, the discussion digresses and becomes irrelevent and/or 
> annoying for those of us subscribed to the list. That's the point I 
> tried to make. Anyway, this is digressing too. 

No. This was obviously not the "reason". The offenses did not come from
people that complained about the amount of Emails. And I was not in the
discussion alone: mainly I answered; if I repeated, then because people 
did not understand me. Perhaps was the thema a little off-topic, but in my 
oppinion not irrelevant, it deserves to be discussed, and an objective 
discussion here was impossible. On the other side, I understand that such
discussions can be disturbing in a mailing list. This is one of the reasons
because I was for the existence of the old OpenBSD Usenet Groups.

In my opinion, the reason of the insults and diffamations is something very
primitive. For many people the operating system they use is part of their 
identity (as for others their car or their mobile telephone). Without 
their Operating System they feel to be no one. Belonging to a "community" 
they feel as part of an elite. Insulting and diffamating people outside 
make these feelings stronger, people insulting and diffamiting one individual
feel to be more together, they need it colectively from time to time.
Not to be part of it is a question of conscience, also of education,
from the ones that do it you cannot expect a much better behaviour.
BTW. The insults came together with the demand that I leave the list, not that
I stop posting about the thema: I was the enemy outside the "community".

Rodrigo.