date:20171020


Hi,

as far as I understud the whole thing

Am 20.10.2017 um 15:09 schrieb Michael Hekeler:


pass on hvn0 inet proto icmp all icmp-type echoreq


just to be curious: what is the effect of "on" in your rules "pass on ..."
As to pf.conf(5) there are only "in" or "out"


this  should allow traffic in and out on a given nic  but I might be 
wrong here. This is basically a training exercise for me so I dont do to 
much harm if some rules don't work right away as expected.


and this rule is valid even it if its not working as expected but after 
I activated it I could ping from the host and to the host. Without the 
rule I couldn't. On a host with just one nic it might be redundant but 
if you have more the one nic this might be a valid choice.


regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: a pf question maybe asked a 1000 times

2017-10-20 Thread sven falempin

On Fri, Oct 20, 2017 at 9:09 AM, Michael Hekeler 
wrote:

>
> Glad to hear that you have solved the problem
>
>
> > as you may notice I added the ping and the dns to the ruleset since
> > this was blocked in the original set of rules.
>
> You can allow outgoind dns with one single rule:
>
>   pass out on $ext_if inet proto { tcp, udp } from $ext_if \
> to any port domain keep state
>
>
> > ...
> > pass on hvn0 inet proto icmp all icmp-type echoreq
>
> just to be curious: what is the effect of "on" in your rules "pass on ..."
> As to pf.conf(5) there are only "in" or "out"
>
>
>
>
> https://man.openbsd.org/pflog

Observe what your are doing block log []

tcpdump [-n] -i pflog0

-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: a pf question maybe asked a 1000 times


Glad to hear that you have solved the problem


> as you may notice I added the ping and the dns to the ruleset since
> this was blocked in the original set of rules.

You can allow outgoind dns with one single rule:

  pass out on $ext_if inet proto { tcp, udp } from $ext_if \
to any port domain keep state


> ...
> pass on hvn0 inet proto icmp all icmp-type echoreq

just to be curious: what is the effect of "on" in your rules "pass on ..."
As to pf.conf(5) there are only "in" or "out"

Re: atascsi_passthru_done, timeout

2017-10-20 Thread Predrag Punosevac

Predrag Punosevac wrote:

> On Tue, Jun 27, 2017 at 2:19 PM, Jan Stary  wrote:
> > This is current/amd64 (dmesg below).
> > After installing smartmontools and running
> > /usr/local/sbin/smartctl -t short /dev/sd0c
> > in rc.local I get a log of
> > 
> > atascsi_passthru_done, timeout
> > 
> > in /var/log/messages. Is this anything to worry about?
> > 
> > Jan
> 
> It seems that this is still an issue 
> 
> # uname -a
> OpenBSD oko.bagdala2.net 6.2 GENERIC.MP#0 amd64
> # dmesg|tail -10
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout
> atascsi_passthru_done, timeout

This was due to misconfiguration on my end. I replaced 

/dev/sd0c -d sat -a -o on -S on -s (S/../.././02|L/../../6/03)
/dev/sd1c -d sat -a -o on -S on -s (S/../.././03|L/../../6/04)

with 

/dev/sd0c -d ata -a -o on -S on -s (S/../.././02|L/../../6/03)
/dev/sd1c -d ata -a -o on -S on -s (S/../.././03|L/../../6/04)

in /etc/smartd.conf, restarted smartd, and errors are gone.

Cheers,
Predrag

Re: a pf question maybe asked a 1000 times


Hi Michael,

as far as pfctl -sr goes a block return expands to block return all

but since I got it working now here is the ruleset that does what it 
suppose to do :)


ext_if="hvn0"

set skip on lo

block return# block stateless traffic
block inet6

pass on $ext_if inet proto {tcp udp} to port domain

pass on $ext_if inet proto icmp icmp-type echoreq

pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh
pass in on $ext_if inet proto tcp from any to ($ext_if) port 443

pass out on $ext_if inet proto tcp from ($ext_if) port { https, submission }

$ doas pfctl -sr
block return all
block drop inet6 all
pass in on hvn0 inet proto tcp from any to (hvn0) port = 22 flags S/SA
pass in on hvn0 inet proto tcp from any to (hvn0) port = 443 flags S/SA
pass out on hvn0 inet proto tcp from (hvn0) port = 443 to any flags S/SA
pass out on hvn0 inet proto tcp from (hvn0) port = 587 to any flags S/SA
pass on hvn0 inet proto tcp from any to any port = 53 flags S/SA
pass on hvn0 inet proto udp from any to any port = 53
pass on hvn0 inet proto icmp all icmp-type echoreq

as you may notice I added the ping and the dns to the ruleset since this 
was blocked in the original set of rules.


regards

Am 20.10.2017 um 14:27 schrieb Michael Hekeler:

On Fri, Oct 20, 2017 at 12:59:51PM +0200, Markus Rosjat wrote:

...
block return# block stateless traffic



Hi Markus, here´s another hint:

no matter if you want to drop silently or send a return for the dropped
packet, you have to tell **on which packet the block action should react**

   block drop all
   -or-
   block return all
   -or-
   block all
   


If you have this in your pf.conf and load this ruleset then 'pfctl -sr'
will give you a line like:

   block drop all
   (or whatever you have in pf.conf)




--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

2017-10-20 Thread Erik van Westen

Op 20-10-2017 om 12:29 schreef Niels Kobschaetzki:
>
> On 17/10/20 08:09, x9p wrote:
>>> Depending on the country the ISP will see then the police coming to
>>> their
>>> datacenter and start to pull servers. And then they can close shop
>>> because
>>> a single customer was an asshole and did illegal stuff on their
>>> ip-range
>>> and hardware. That is self-protection.
>>>
>>
>> agree on that. a single customer can ruin everything. I disagree that
>> you
>> need to pull servers offline. Just give them the VPS image and put it
>> offline. Image encrypted, btw.
>
> No, **you** do not pull the servers offline. The police will do that for
> you. A lawyer might help to negotiate that it is enough to hand them the
> encrypted VPS-image, but that won't necessarily work.
>
> Niels

A lawyer only comes in after the fact. Remember the "ex parte" part?
Damage is done.

Re: a pf question maybe asked a 1000 times

On Fri, Oct 20, 2017 at 12:59:51PM +0200, Markus Rosjat wrote:
> ...
> block return# block stateless traffic


Hi Markus, here´s another hint:

no matter if you want to drop silently or send a return for the dropped 
packet, you have to tell **on which packet the block action should react**

  block drop all
  -or-
  block return all
  -or-
  block all
  

If you have this in your pf.conf and load this ruleset then 'pfctl -sr' 
will give you a line like:

  block drop all
  (or whatever you have in pf.conf)

Re: a pf question maybe asked a 1000 times


Hi again,

okay big time PEBKAC  ... if you do the the -d you should at some point 
do the -e ... haha


anyway always fun to brainstorm with you guys this list rocks !!!

Am 20.10.2017 um 14:11 schrieb Markus Rosjat:

Hi,

yeah well the rules are loaded, I could flush befor do pfctl -f to make 
it all clean.


  I tried ssh m...@domain.tld from the machine with the ruleset. this works
  with the given rules but it shouldnt in my opinion.

and yes there is no dns traffic allowed in the rules. Maybe its really 
the flush that makes it all work. I will try that :)


regards



--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: DragonFly 5.0 released!

2017-10-20 Thread Karel Gardas

Sweet. Are you porting that to OpenBSD?

On Thu, Oct 19, 2017 at 11:39 PM, SOUL_OF_ROOT 55
 wrote:
> My inspiration for posting here is the following topic:
>
> https://forums.freebsd.org/threads/62876/
>
> Em quinta-feira, 19 de outubro de 2017, SOUL_OF_ROOT 55 <
> soulofroo...@gmail.com> escreveu:
>
>>
>> https://marc.info/?l=dragonfly-users=150816781917465=2
>>
>> This release features HAMMER2 file system as a technology preview enabled
>> in the default generic kernel.
>>

Re: a pf question maybe asked a 1000 times


Hi,

yeah well the rules are loaded, I could flush befor do pfctl -f to make 
it all clean.


 I tried ssh m...@domain.tld from the machine with the ruleset. this works
 with the given rules but it shouldnt in my opinion.

and yes there is no dns traffic allowed in the rules. Maybe its really 
the flush that makes it all work. I will try that :)


regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: a pf question maybe asked a 1000 times

On Fri, Oct 20, 2017 at 12:59:51PM +0200, Markus Rosjat wrote:
> ...
> what I notice is I can initiate a ssh connection from this machine.

Just a question:
how do you initiate the ssh connection?
  
  ssh host.example.com

Then you realise that there is also dns out (53/tcp,udp)

Re: a pf question maybe asked a 1000 times

2017-10-20 Thread Niels Kobschaetzki


On 17/10/20 12:59, Markus Rosjat wrote:

Hi there,

I was wondering, after reading mr hansteens excelent book about pf and 
the man pages, if I got it all wrong :)


so here is my example pf.conf

ext_if="hvn0"

set skip on lo

block return# block stateless traffic
block inet6

pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh
pass in on $ext_if inet proto tcp from any to ($ext_if) port 443

pass out on $ext_if inet proto tcp from ($ext_if) port { https, submission }

and what I expect is the following:

- traffic ipv4 and ipv6 gets blocked -> general deny
- I let enter ssh traffic
- I let enter https traffic
- I let out treffic on https und submission port
- I should not be able to establish a ssh connection from this host to
  another machine but should connect to be able to connect to this
  machine

what I notice is I can initiate a ssh connection from this machine. So 
there are three possible answers to this:


- 1st with allowing ssh traffic in the first place ssh port will be
  considered passable from both sites of the nic. Which would somehow
  makes no sense to me at all because its a explicit in rule
- 2nd the ssh connection initiated is somehow considered coming fom lo
  and for that not passed to the following rules
- 3rd my rules are just wrong :)

So for all the more skilled human beings out there can you help me with it?


Can you do an ssh to all hosts, or did you try to ssh to the from which
you ssh in?
H1 is yours, H2 is the server with the rules above, H3 some other
machine:

1) H1 --ssh--> H2
  and then you did H2 --ssh--> H1

Or 2) H2 --ssh--> H3?

In case 1 I would expect that it works because the state should allow
that. Only when the connection is terminated, it shouldn't be possible
anymore to ssh from H2 to H1.

Niels

Re: a pf question maybe asked a 1000 times

On Fri, Oct 20, 2017 at 12:59:51PM +0200, Markus Rosjat wrote:
> ...
> what I notice is I can initiate a ssh connection from this machine.
> So there are three possible answers to this:
>  - 1st with allowing ssh traffic in the first place ssh port will be
>considered passable from both sites of the nic. Which would somehow
>makes no sense to me at all because its a explicit in rule
>  - 2nd the ssh connection initiated is somehow considered coming fom lo
>and for that not passed to the following rules
>  - 3rd my rules are just wrong :)

Another 4:
You forgot to load your ruleset:  pfctl -f pf.conf

Re: a pf question maybe asked a 1000 times


Hi,

Am 20.10.2017 um 13:11 schrieb Bryan Harris:

I don't know the answer but I'm curious.  What does "pfctl -sr" command
show?  Can you do dns lookups?

PS - my rules have the "pass out all" rule at the bottom.

V/r,
Bryan



sure I can give the output:

$ doas pfctl -sr
doas (m...@my.own) password:
block return all
block drop inet6 all
pass in on hvn0 inet proto tcp from any to (hvn0) port = 22 flags S/SA
pass in on hvn0 inet proto tcp from any to (hvn0) port = 443 flags S/SA
pass out on hvn0 inet proto tcp from (hvn0) port = 443 to any flags S/SA
pass out on hvn0 inet proto tcp from (hvn0) port = 587 to any flags S/SA

I dont have a pass out all rule this would match every outgoing traffic then

but maybe match is the key here :)

regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: a pf question maybe asked a 1000 times

2017-10-20 Thread Solène Rapenne


Je 2017-10-20 12:59, Markus Rosjat skribis:

Hi there,

I was wondering, after reading mr hansteens excelent book about pf and
the man pages, if I got it all wrong :)

so here is my example pf.conf

ext_if="hvn0"

set skip on lo

block return# block stateless traffic
block inet6

pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh
pass in on $ext_if inet proto tcp from any to ($ext_if) port 443

pass out on $ext_if inet proto tcp from ($ext_if) port { https, 
submission }


and what I expect is the following:

 - traffic ipv4 and ipv6 gets blocked -> general deny
 - I let enter ssh traffic
 - I let enter https traffic
 - I let out treffic on https und submission port
 - I should not be able to establish a ssh connection from this host to
   another machine but should connect to be able to connect to this
   machine

what I notice is I can initiate a ssh connection from this machine. So
there are three possible answers to this:

 - 1st with allowing ssh traffic in the first place ssh port will be
   considered passable from both sites of the nic. Which would somehow
   makes no sense to me at all because its a explicit in rule
 - 2nd the ssh connection initiated is somehow considered coming fom lo
   and for that not passed to the following rules
 - 3rd my rules are just wrong :)

So for all the more skilled human beings out there can you help me with 
it?


regards


Hello,

I'm not a pf expert but you did not block traffic at all.
You may want to use "block all" instead of block return

Have a look at the differents examples : https://www.openbsd.org/faq/pf/

Re: a pf question maybe asked a 1000 times

2017-10-20 Thread Bryan Harris

I don't know the answer but I'm curious.  What does "pfctl -sr" command
show?  Can you do dns lookups?

PS - my rules have the "pass out all" rule at the bottom.

V/r,
Bryan

On Fri, Oct 20, 2017 at 6:59 AM, Markus Rosjat  wrote:

> Hi there,
>
> I was wondering, after reading mr hansteens excelent book about pf and the
> man pages, if I got it all wrong :)
>
> so here is my example pf.conf
>
> ext_if="hvn0"
>
> set skip on lo
>
> block return# block stateless traffic
> block inet6
>
> pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh
> pass in on $ext_if inet proto tcp from any to ($ext_if) port 443
>
> pass out on $ext_if inet proto tcp from ($ext_if) port { https, submission
> }
>
> and what I expect is the following:
>
>  - traffic ipv4 and ipv6 gets blocked -> general deny
>  - I let enter ssh traffic
>  - I let enter https traffic
>  - I let out treffic on https und submission port
>  - I should not be able to establish a ssh connection from this host to
>another machine but should connect to be able to connect to this
>machine
>
> what I notice is I can initiate a ssh connection from this machine. So
> there are three possible answers to this:
>
>  - 1st with allowing ssh traffic in the first place ssh port will be
>considered passable from both sites of the nic. Which would somehow
>makes no sense to me at all because its a explicit in rule
>  - 2nd the ssh connection initiated is somehow considered coming fom lo
>and for that not passed to the following rules
>  - 3rd my rules are just wrong :)
>
> So for all the more skilled human beings out there can you help me with it?
>
> regards
>
> --
> Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
>
> G+H Webservice GbR Gorzolla, Herrmann
> Königsbrücker Str. 70, 01099 Dresden
> 
>
> http://www.ghweb.de
> fon: +49 351 8107220   fax: +49 351 8107227
>
> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
> you print it, think about your responsibility and commitment to the
> ENVIRONMENT
>
>

a pf question maybe asked a 1000 times


Hi there,

I was wondering, after reading mr hansteens excelent book about pf and 
the man pages, if I got it all wrong :)


so here is my example pf.conf

ext_if="hvn0"

set skip on lo

block return# block stateless traffic
block inet6

pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh
pass in on $ext_if inet proto tcp from any to ($ext_if) port 443

pass out on $ext_if inet proto tcp from ($ext_if) port { https, submission }

and what I expect is the following:

 - traffic ipv4 and ipv6 gets blocked -> general deny
 - I let enter ssh traffic
 - I let enter https traffic
 - I let out treffic on https und submission port
 - I should not be able to establish a ssh connection from this host to
   another machine but should connect to be able to connect to this
   machine

what I notice is I can initiate a ssh connection from this machine. So 
there are three possible answers to this:


 - 1st with allowing ssh traffic in the first place ssh port will be
   considered passable from both sites of the nic. Which would somehow
   makes no sense to me at all because its a explicit in rule
 - 2nd the ssh connection initiated is somehow considered coming fom lo
   and for that not passed to the following rules
 - 3rd my rules are just wrong :)

So for all the more skilled human beings out there can you help me with it?

regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

2017-10-20 Thread Craig Skinner

On Thu, 19 Oct 2017 16:27:26 -0200 x9p wrote:
> .. .but of course need to act upon receiving a court order.

Which was raised by solicitors ("lawyers" is USA speak) in the hosting
country, in a court room, in the hosting country, and legally authorised
by the government of the hosting country, for sheriffs/bailiffs/police
of the hosting country to enforce.

USA subpoenas have no legal validity outside the USA, which is why
British Spamhaus refused to comply with a US Federal District court:

"The Illinois ruling shows how spammers can game US courts with ease,
as no proof or due process is required in certain US courts in order to
obtain default judgments over clearly foreign entities with no ties to
the US. .. judgments from United States courts are not recognised
in the United Kingdom. A Plaintiff seeking to have a US default order
enforced in the United Kingdom has no choice but to re-file the case in
a British court of law and fully prove jurisdiction as well as the
merits of the case under British law."

https://www.spamhaus.org/organization/statement/003/case-answer-e360insight-vs.-the-spamhaus-project
https://en.wikipedia.org/wiki/Spamhaus.org#e360_Lawsuit

The US legal system is slack, has low legal standards and procedures,
and it's judges pridefully think they rule the world.AKA ego.

"OpenBSD is developed and released from Canada and due to Canadian law
it is legal to export crypto to the world"USA law is not valid in
Canada.

http://www.openbsd.org/goals.html

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

2017-10-20 Thread tinkr

> Depending on the country the ISP ..

Guys, this is not an OpenBSD thread, so misc@OpenBSD.org is not an appropriate 
forum for it. Please do not continue with this thread here.

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

2017-10-20 Thread Niels Kobschaetzki



On 17/10/20 08:09, x9p wrote:

Depending on the country the ISP will see then the police coming to their
datacenter and start to pull servers. And then they can close shop because
a single customer was an asshole and did illegal stuff on their ip-range
and hardware. That is self-protection.



agree on that. a single customer can ruin everything. I disagree that you
need to pull servers offline. Just give them the VPS image and put it
offline. Image encrypted, btw.


No, **you** do not pull the servers offline. The police will do that for
you. A lawyer might help to negotiate that it is enough to hand them the
encrypted VPS-image, but that won't necessarily work.

Niels


On 20. Oct 2017, at 08:28, flipchan  wrote:

I want to c a system that Auto encrypts it vms (can "easily" be done
with some lines of python/whateverulike) and just forward all abuses to
the customer, some isp's does this , however they are fucking assholes
ISP that are retarded like dg-access in sweden who doesn't care about
its customers , I am thinking that Switzerland would be a good way to
host something in but as allways do allooot of research, try out acouple
of different and c who works

On October 20, 2017 7:48:42 AM GMT+02:00, Michael Hekeler
 wrote:

An "OpenBSD friendly hoster" is one who knows you are running an

OpenBSD

VPS, and doesn't suggest you change iptables settings when talking

about

your firewall with their support team.


Ah I see ;-)
ILm beginning to understand...
To me the term "OpenBSD friendly hoster" was not clear because for me a

"friendly hoster" is one that cares for the hardware and doesnLt care
for what I run inside my container (RedHat, *BSD, Plan9, whatever)


--
Take Care Sincerely flipchan layerprox dev





--
Schöne Grüße

Niels

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

> > professional software exists. So noone hacks his own scripts.

of course also a script can be professional ;-)
My meaning was that several software existsm that is already accepted by 
court and so the lawyer can be sure that these logs can be used in a 
lawsuit. What I wanted to say is that no lawyer will hack his own script 
to examine a filesharing platform (or something else)


> thats not much difference between "professional software" and a bunch of
> scripts doing the same job. been there.

difference is the acceptance in a lawsuit.

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

> Depending on the country the ISP will see then the police coming to their
> datacenter and start to pull servers. And then they can close shop because
> a single customer was an asshole and did illegal stuff on their ip-range
> and hardware. That is self-protection.
>

agree on that. a single customer can ruin everything. I disagree that you
need to pull servers offline. Just give them the VPS image and put it
offline. Image encrypted, btw.

> Niels
>
>> On 20. Oct 2017, at 08:28, flipchan  wrote:
>>
>> I want to c a system that Auto encrypts it vms (can "easily" be done
>> with some lines of python/whateverulike) and just forward all abuses to
>> the customer, some isp's does this , however they are fucking assholes
>> ISP that are retarded like dg-access in sweden who doesn't care about
>> its customers , I am thinking that Switzerland would be a good way to
>> host something in but as allways do allooot of research, try out acouple
>> of different and c who works
>>
>> On October 20, 2017 7:48:42 AM GMT+02:00, Michael Hekeler
>>  wrote:
 An "OpenBSD friendly hoster" is one who knows you are running an
>>> OpenBSD
 VPS, and doesn't suggest you change iptables settings when talking
>>> about
 your firewall with their support team.
>>>
>>> Ah I see ;-)
>>> ILm beginning to understand...
>>> To me the term "OpenBSD friendly hoster" was not clear because for me a
>>>
>>> "friendly hoster" is one that cares for the hardware and doesnLt care
>>> for what I run inside my container (RedHat, *BSD, Plan9, whatever)
>>
>> --
>> Take Care Sincerely flipchan layerprox dev
>
>

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods


The idea is quite nice, and no one has ever implemented it, to my
knowledge. Specifically to OpenBSD, I believe it could be achieved with an
expect+bioctl script talking to the serial console, emailing the
passphrase (or setting one chosen by the client).

Such hosting would be really privacy+encryption focused.

cheers.

x9p

> I want to c a system that Auto encrypts it vms (can "easily" be done with
> some lines of python/whateverulike) and just forward all abuses to the
> customer, some isp's does this , however they are fucking assholes ISP
> that are retarded like dg-access in sweden who doesn't care about its
> customers , I am thinking that Switzerland would be a good way to host
> something in but as allways do allooot of research, try out acouple of
> different and c who works
>
> On October 20, 2017 7:48:42 AM GMT+02:00, Michael Hekeler
>  wrote:
>>> An "OpenBSD friendly hoster" is one who knows you are running an
>>OpenBSD
>>> VPS, and doesn't suggest you change iptables settings when talking
>>about
>>> your firewall with their support team.
>>
>>Ah I see ;-)
>>IÂ´m beginning to understand...
>>To me the term "OpenBSD friendly hoster" was not clear because for me a
>>
>>"friendly hoster" is one that cares for the hardware and doesnÂ´t care
>>for what I run inside my container (RedHat, *BSD, Plan9, whatever)
>
> --
> Take Care Sincerely flipchan layerprox dev

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

2017-10-20 Thread Eric Furman

I'm posting this because it has as much to do with OBSD as all this
bullshit;

https://www.youtube.com/watch?v=py3u3P9OpBE


On Fri, Oct 20, 2017, at 05:52 AM, x9p wrote:
> 
> > hehe - you don´t know the situation in germany ;-)
> > I have seen many of these letters for "one time users" (even those with
> > only a few seconds connection)
> >
> 
> I do actually. By the time i lived there, a friend got something like EUR
> 800 bill for downloading a movie over torrent. Thats why I dont like
> Germany hosting, and enjoy offshore VPS :)
> 
> >
> >
> >> ...but it is really easy and cheap to write an script, collect IPs via
> >> torrent, and send DMCA takedown notices.
> >
> > professional software exists. So noone hacks his own scripts.
> >
> 
> thats not much difference between "professional software" and a bunch of
> scripts doing the same job. been there.
> 
> >
> >
> >> DMCA free ignores this automatic scripts, but of course need to act upon
> >> receiving a court order.
> >
> > Thanks for the clarification of "DCMA free".
> >
> >
> 
> welcome.
> 
> 
> 
>

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods


> hehe - you don´t know the situation in germany ;-)
> I have seen many of these letters for "one time users" (even those with
> only a few seconds connection)
>

I do actually. By the time i lived there, a friend got something like EUR
800 bill for downloading a movie over torrent. Thats why I dont like
Germany hosting, and enjoy offshore VPS :)

>
>
>> ...but it is really easy and cheap to write an script, collect IPs via
>> torrent, and send DMCA takedown notices.
>
> professional software exists. So noone hacks his own scripts.
>

thats not much difference between "professional software" and a bunch of
scripts doing the same job. been there.

>
>
>> DMCA free ignores this automatic scripts, but of course need to act upon
>> receiving a court order.
>
> Thanks for the clarification of "DCMA free".
>
>

welcome.

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

> You use OpenBSD, so why are you worried about DMCA? That is, you must care
> about security so youfre already using aggressive blocklists, encrypted
> peers only, etc etc. A well configured torrent client leaks very little
> info.
>

aggressive blocklists is a nice idea, will take a look.
good tip, had some bad experience with encrypted peers, software was
crashing a lot. will try again.


> Unless laws have changed and you donft need any proof of wrongdoing
> besides lots of peer to peer bandwidth to get investigated? In that case,
> just ignore me. I donft torrent anymore so I could be out of date.
> Actually if anyone knows more about the current status quo Ifd like to
> hear more just out of curiosity. The discussion about the Netherlands has
> been tremendously interesting to me. Only asking since Ifve found other
> OpenBSD people do tend to be more astute and well informed than me!
>
>>> On Oct 19, 2017, at 13:12, Mike  wrote:
>>>
>>> On 10/19/2017 11:36 AM, Michael Hekeler wrote:
>>> Am Thu, 19 Oct 2017 16:32:34 +0200
>>> schrieb "Christoph R. Murauer" :
>>>
 To the other things spoken here (which I don't quote to keep it more
 short). Hetzner is a German company, which is part of the EU. There
 are not so many OpenBSD friendly hoster outside the USA and the EU.
>>>
>>> At the risk of sounding stupid, what is an "OpenBSD friendly hoster"?
>>
>> For me, that's an easy answer.
>>
>> An "OpenBSD friendly hoster" is one who knows you are running an OpenBSD
>> VPS, and doesn't suggest you change iptables settings when talking about
>> your firewall with their support team.
>>
>
>

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods