Re: I hate Spam

[Bayard Bell]

Not wanting to end up in your killfile, but... what I've noticed is that I 
don't see any English-language spam at all on any of the lists. What I do see 
when periodically checking my junk folders for false positives is spam in 
Spanish, Russian, and maybe a bit of Chinese, French, and Portuguese. I don't 
say that to complain, just to observe. If someone more bothered wants to pitch 
in, download the last year or so of archives and knock yourself finding a way 
to extend the existing protections to catch non-English spam without, saying, 
deciding that posts containing patches are spam because they aren't in English.

On 11 May 2011, at 20:11, Stuart Henderson wrote:

 In gmane.os.openbsd.misc, you wrote:
 I'm new to this list and to OpenBSD,  and currently signed up for misc,
 ports and www lists, 
 
 and receive a lot of spam mail through the lists.
 
 Most of it is on www@ (because the address is at the bottom of
 many of the web pages), unsubscribe from that and you'll see a big
 reduction.
 
 Just wondering how other subscribers solving this mather ?
 
 Personally I read these lists on gmane.org via NNTP, using slrn
 with decent killfiles which get rid of a lot of the junk (and
 even better, can killfile a thread or an annoying person with
 about 3 keypresses, which saves way more time than the spam
 filtering).
 



smime.p7s
Description: S/MIME cryptographic signature


PGP.sig
Description: This is a digitally signed message part

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Bayard Bell]

Surely there are two separate problems here: 1) you think OpenBSD needs to
work to open up loopholes so that people who aren't donating or aren't
donating as much because of tax reasons will now do so (and Amit thinks this
is a series of technical problems that can be solved by non-strategic and
sometimes non-sensical deliverables, such as finding a way to license
distribution of a product that in its original distribution requires no
license, which looks more like a tax avoidance or money laundering scheme than
a legitimate fundraising tool and in any case not like anything that sentients
will pay for in substantial numbers); and 2) you personally would like to give
more, it's just that your tax accountant can't find a way.

Maybe we could add a scheme where people pay OpenBSD for each time they don't
send mail to misc, even though they really want to? Or when they mail misc and
realise a few replies later they really ought to have thought better of it? Or
when they flame the hell out of someone on misc and feel a lot better for it.
There have to be the rudiments of a previously undiscovered licensing,
royalty, or subscription scheme in there somewhere. Maybe you could consult
Apple and discover that OpenBSD should demand 30% of your monthly bills for
Internet access from your ISP(s), on the view that you wouldn't use the
Internet if it weren't for OpenBSD.

;-,
Bayard

On 21 Apr 2011, at 02:33, Benny Lofgren wrote:

 On 2011-04-21 02.51, Marco Peereboom wrote:
 When ordering a CD it lets you tack on a donation.  Call it 20 CDs and
 tax life is good.

 Yes I know, but as I tried to explain it doesn't help me if the receipt
 says donation or anything like it. You clearly don't know my
accountant...
 :-)  A simple multi-license article on the order form with a proper article
 text on the invoice would let me donate while keeping my accountant
happy,
 as well as avoiding paying more taxes than necessary.

 - or -

 Order 20 CDs, give 19 away.

 Not very hard...

 I don't think I can muster 19 willing recipients of a gift CD set among my
 friends to be honest... :-/  Besides, it may sound silly but I really don't
 like to waste resources, be it my money, someone elses or some finite
 natural resource (CD:s don't grow on trees, do they? :-) ).

 Really, I'd happily pay the same price for one CD set plus n-1 CD-less
 licenses (and hopefully get the same volume discount as well), and it would
 be a true win-win for everyone.


 Regards,
 /Benny

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: what is the “Online Certificate Status Protocol”

[Bayard Bell]

The simple answer as to why OCSP isn't itself via HTTPS is that this would be
a cyclical dependency: if you need to accept a certificate, you need to
confirm its continuing validity. If you have to use a connection relying on
that same logic to confirm validity, at what point are you then able to make a
connection? The cryptographic component of OCSP, as WIkipedia points out, is
providing a validating signature with the response.

On 9 Mar 2011, at 09:30, erikmccaskey64 wrote:

 But: with wireshark i can see some OCSP packets [
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol ]


 Question: What are these packets? Why aren't there in HTTPS?

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

nfsv4?

[Bayard Bell]

The last mail I can find on the subject seems to indicate that there were
problems getting RPC to work with ipv6 (from Henning:
http://marc.info/?l=openbsd-miscm=120291072230011w=3). I'm not sure if this
was for lack of a TI-RPC implementation or other reasons. Any info on where
this is?

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: nfsv4?

[Bayard Bell]

Henning,

I wouldn't say that there's anything wrong with the OpenBSD NFSv3
implementation, as the problems with NFSv3 are largely with the specification
(and/or the proliferation of specifications and protocols to deal with what's
not in the 1995 original). I'd anticipate a response not unlike evaluating
IPv4 vs. IPv6: granted the original is flawed, the fact that the successor
protocol is *supposed* to solve the problems of its predecessor doesn't mean
that it does as comprehensively or as well as hoped or that it doesn't have
problems of its own.

If I were looking for an objection to the OpenBSD implementation, I'd probably
follow the analogy between IPv4/IPv6 and NFSv3/NFSv4. Whereas OpenBSD
implements features like IPSec that are optional in IPv4 but mandatory in the
successor, the approach taken to the extensions in NFSv3 that were
subsequently made part of the core v4 spec seem to be displaced to transport-
rather than application-level measures (e.g. use IPSec rather than Kerberos
RPCSEC_GSS or RPCSEC_GSSv2, retaining system- rather than principal-based
authentication). Insofar as being stuck with NFSv3 means being stuck with
NFSv3 plus extensions or other supplements, I know that the interoperability
story across platforms is going to have some sad chapters.

Again, I'm not arguing that NFSv4 is or isn't a cure worse than the disease,
but I'm just as interested in what analysis may be available to argue that
conclusion if that's where the consensus is. I believe something similar was
done around IPv6 that helped feed back to changes in the protocol
specification.

I also suspect that consensus may have moved or divided around this. Looking
at a source like Secure Architectures with OpenBSD (admittedly written when
NFSv4 was rather over the horizon), I find that the relatively brief
concluding section on NFS security contends that, NFSv4 offers significantly
more security via GSS API and Kerberos. To the extent that people may have
moved on from that view, it would be helpful if the reasoning were documented
and available for broader dissemination. Insofar as there may be some
agreement and clarity as to what to deploy instead of NFSv4 that improves on
vanilla NFSv3, I don't think it well-advertised.

Speaking more broadly, I have this general sense that NFSv4 has disappointed
and that adoption has lagged, although more in terms of deployment than
implementation (OpenBSD seems exceptional in this regard, although perhaps not
exceptionally so by its own standards). There seem to be a lot of summary
expressions, but I've not found anything that really argues the case against
it and outlines how to learn to live with something that isn't NFSv4 and the
bomb. In other words: it seems to me that OpenBSD's not implementing NFSv4 may
be a more decisive expression of objections that are elsewhere given more
mumbled expressionI'd just like to see the case laid out and an acceptable
alternative more clearly articulated.

Cheers,
Bayard

On 27 Oct 2010, at 17:54, Henning Brauer wrote:

 * Bayard Bell buffer.g.overf...@googlemail.com [2010-10-27 17:19]:
 Sorry, but it's not entirely clear where the obstacles are. Is this
 unhappiness with the specification(s)? the code base for NFSv4 that's
 been rolled into the other BSDs? something else?

 personally I haven't looked closely at nfsv4, but what I saw didn't
 please me.

 i am not aware of anybody else (from us) looking into it deeply.

 what problem do you think nfsv4 solves for you again? what's wrong
 with our nfs implementation?

 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services, http://bsws.de
 Full-Service ISP - Secure Hosting, Mail and DNS Services
 Dedicated Servers, Rootservers, Application Hosting

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: nfsv4?

[Bayard Bell]

To judge from the question I don't think you've accurately parsed the
argument, which isn't so much about IPv6 per se as about how IETF corrects the
mistakes that invariably result in specifying more ambitious protocols like
IPv6 or NFSv4 (or doesn't and precludes itself from doing so).

If you nonetheless want to read more about the OpenBSD IPv6 audit of the IPv6
implementation, you might start with something like:

http://ipv6samurais.com/ipv6samurais/openbsd-audit/

On 27 Oct 2010, at 22:26, FRLinux wrote:

 On Wed, Oct 27, 2010 at 9:45 PM, Theo de Raadt dera...@cvs.openbsd.org
 wrote:
 The design process followed by the NFSv4 team members matches the
 methodology taken by the IPV6 people.  (As in, once a mistake is made,

 Sorry, I'll bite. What exactly is wrong with IPv6 here? I gathered
 from this list not a lot of developers here like it, but I still don't
 get it. Please educate me (this should be enlightening).

 Cheers,
 Steph

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: OpenBSD culture?

[Bayard Bell]

Am 14 Apr 2010 um 10:11 schrieb Zachary Uram:


As a long time Linux user I will soon try out OpenBSD, I have been
reading the list emails and contacted 1 OpenBSD top person who was
very rude. There is some of the RTFM or get lost attitude in
Linux, but if a questioner seems sincere there is usually a certain
level of friendliness in Linux community towards them. Just what I
have briefly observed the OpenBSD community is more abrupt and less
interested in helping newbies, they prefer one find the answer solely
on their own if possible. I must say I detect a certain attitude that
smacks of superiority and even condescension at times. Is this a fair
assessment of 6the OpenBSD culture?

Zach

 http://www.fidei.org 


I'd take this for why can't we all just get along? scolding.

I'd argue OpenBSD has the best documentation of any OS I've ever seen.  
Not answering these questions lets the developers get on with it. Non- 
developer members of the community know that the docs rock, so they've  
got a reasonable basis for thinking that anyone who's asking a  
question with a documented answer is being lazy (thus implicitly  
rejecting the sincerity standard you're proposing). People new to  
OpenBSD may need to get used to having documentation that doesn't  
suck, but the point is that OpenBSD also gets considerable advantage  
from having docs to which to refer. Not just developers but the  
OpenBSD community generally would rather emphasise that distinction to  
the point of hostility to accommodating people who don't (or don't  
yet) appreciate it. I follow you in terms of a sense of superiority,  
in that I think that the approach taken is demonstrably better, even  
if it's not intuitive to those with a perspective shaped by other  
communities (and may be sufficiently jarring to some people that they  
don't give it a full go because they don't understand the sense in  
which the OpenBSD community is nevertheless very much there to help),  
but I don't think it's condescending to try to protect a hard-earned  
and highly beneficial distinction. To the extent that such insistence  
on self-help through documentation excellence selects against  
community growth in a direction where bigger wouldn't be better,  
certainly not on the terms that have allowed OpenBSD to prosper thus  
far, I don't see that as objectionable, either. Thus in proposing that  
people be given the benefit of the doubt (sincere), the problem is  
precisely that the OpenBSD community is signalling clear distinctions  
about what it considers to be the standard of sincerity, based on  
strong functional motives. To put the problem more generally: how  
exactly does one accommodate such contrary standards without  
undermining the standard you mean to support?


To the extent that the Linux community has a soft spot for n00bs, I'd  
take it as largely an accommodation of the fact that documentation  
quality is widely inconsistent in quality or the bare fact of its  
existence. I don't think it can be taken to suggest that somehow the  
people who respond to questions about Linux have some greater  
generosity of spirit than can be found here, and I think that their  
reasons for behaving as they do are also functional. Why not ask  
instead why the Linux community continues to work around the root of  
the problem, thus creating some of the forces of habit that you treat  
with apparently uncritical discernment? Even if you don't find  
yourself comfortable here, you might reconsider the going standards of  
the Linux community and challenge those instead.


I don't mean to suggest that it's all sorted out in OpenBSD-land, but  
I reckon you'd have something more compelling (not to forget fair) to  
say if you took these differences and their rationales more thoroughly  
into account.


Cheers,
Bayard

Re: OpenBSD culture?

[Bayard Bell]

Am 14 Apr 2010 um 14:50 schrieb Theo de Raadt:


I guess this is the get lost mail he is referring to.

Yes, it is a damn fair assessment.  When you pay your taxes, do you go
make a personal request for assistance of your prime minister?

Your mail lies about what you saw, so here is the full exchange:


Surely he's contrasting his Linux experience based on the response to  
something like:


Torvalds,

I have been hearing very good things about Linux from people whose  
opinions I value highly. I have a MacBook and a Windows PC on which  
I'd like to run Linux dual-boot with the existing operating system.  
Could you please recommend a distribution and provide detailed  
installation instructions for each. Do you need to know the exact  
models? Do you need to know which version of Mac and Windows I am  
running? I am happy to provide that information if necessary.


Look forward to hearing from you soon, and please keep up the good work!

Cheers,
n00b

Re: Refusal to mention OpenBSD in a MSc Advanced Networking course

[Bayard Bell]

I'd venture that your professor isn't particularly well-educated if he
thinks BSD is dead or dying from either a commercial or a pedagogical
perspective. A considerable amount of literature on the subject of
networking is written using the BSD codebase as reference (e.g. the
Richard Stevens TCP/IP books), and I don't expect that anyone is going
to turn around and tell you that the Linux people got to where they
are by ignoring all of that literature and the code base around which
it was written. Second, beyond the base of open source host networking
stacks, the BSD code base has been extensively grafted into
proprietary Unix implementations, not to mention serving as the
foundation for dedicated network devices such as Junos. You might
argue that Junos isn't as prominent in the market as Cisco, but there
are a fairly considerable number of arguments against teaching using
IOS implementation pedagogically, except perhaps as a long series of
gotcha lessons. Third, BSD networking continues to be grafted into
other systems. A perfectly good example of this is that Sun has ported
BPF into the Solaris kernel to support firewall portability as one of
recent extension and refactoring initiatives to improve its network
performance and provide an alternate set of interfaces for portability
of networking code (e.g. for kernel code, or as an alternative to
write directly to DLPI or through libpcap for anything that can't be
implemented via [*cough*] Berkeley sockets).

The crux here is that the wisdom of acting as though *nix networking
is a monoculture completely dominated by Linux (which in my opinion
can both fail to be a monoculture in the way it needs to be and
succeed in being a monoculture in ways it needs to curb) or will
become one doesn't seem the only possible conclusion from examining
the history or contemporary dynamics (and that's setting aside the
rather material question of whether such a monoculture would be
desirable in any case, given how important cycles of divergence and
convergences have been to making *nix what it is qua dynamic and open
systemnot to say that Linux is a monoculture... or as dynamic and
open as ). Sure, Linux can have its value as teaching material, but
it's far less credible to do so if the premise is that this is the
only open source implementation worth teaching. There may be valid
reasons for focusing on a single implementation in course design, but
dismissing the value of a comparative approach or of subsequent
independent study of other systems strikes me as pissing away
credibility as an instructor and being dishonest about course design
decisions.

As for the instructor, you can lead a horse to water and all that.
Perhaps the more important thing to learn here is how and why he's
mistaken rather than that he is or to push him to such concessions. If
you can't push him so far as to change his decision, but you can
perhaps offer sufficient judicious counter-arguments to make other
students want to learn more and build some continuing study groups on
top of that.

Cheers,
Bayard

Am 13 Feb 2010 um 08:06 schrieb TS Lura:


Dear OpenBSD community,

I'm a student for a MSc Advanced Networking degree.

I have a little situation maybe you guys could give me some feedback
on.

The issue is that my module leader is refusing even to consider
mentioning
OpenBSD, or any BSD in introductory Linux course where the focus is on
network services. DNS, iptables, Apache.

It is a introductory course, with limited time. So it's
understandable that
one has to be level-headed on what's to go in as material in the
course. My
argument is only to have a reference to OpenBSD, PF, and maybe the
jailing
of named, when we go through the topics of iptables, and DNS.

My professor (the module leader) argue that almost no one is using
BSD, and
those that does is probably 70+ and so it will soon die off, in a
humours
tone. In more serious tone, lack of applications.

I'm a bit resigned by this attitude, because we are at a master
level about
networking. We learn about all the technologies surrounding  routers,
switches, wan, security, etc.  As such I think that OpenBSD is
really a bean
to be counted when we learn about open/free software. So in relation
to
this, I would argue that OpenBSD is a excellent platform for
networking
services.

I have said so in writing, and verbally only to be brushed off.

I feel it's game over, at this point. But maybe you guys have some
suggestion about good arguments that might persuade my professor?


Cheers,

TSLura.

PS.

This might be the wrong crowd, but I also argue for the documents on
the
internal web-learning facility to be published in PDF (ISO 32000
standard)
(he insist on doc), and that Linux at least once should be mentioned
as
GNU/Linux.(system-tools/Kernel, to pay tribute). This is also met in
the
same way as my BSD arguments. Which I find strange, since my
professor has
developed a bit of stuff for the GNU/Linux platform.

Re: Is OpenBSD + PF accredited or certified in any way ?

[Bayard Bell]

Formal evaluation just means that the features judged relevant to the  
evaluation can be minimally verified. On the flip side, there's David  
Litchfield's observation in the introduction to The Oracle Hacker's  
Handbook: The Oracle RDBMS was evaluated under Common Criteria to  
EAL4... However, the first few versions of Oracle that gained EAL4 had  
a buffer overflow in the authentication mechanism. He goes on to that  
standards are necessary to some extent but not fully indicative.  
You'll find summary arguments and starting links off the Common  
Criteria's Wikipedia entry. Given such limitations, perhaps you might  
propose a more open evaluation and make code access for audit,  
including by escrow access for an established third-party authority,  
as a major criteria?


Am 1 Feb 2010 um 23:06 schrieb Keith:

I've used OpenBSD  PF for a number of years without issue and am  
now in the position that I want to create a dmz between the Internet  
and my organisations WAN. Our security people are asking if the  
firewall that we use is accreditated by ITSEC and I am pretty sure  
it isn't but it turns out that our security people will be happy is  
the firewall is accredited for use by another government !


I am very happy with my PF firewalls and their reliability and don't  
want to be forced into purchasing some cisco / forenet comercial  
firewall that I've never used before so am desperate to find some  
details of any foreign governments that are using OpenBSD / PF as a  
firewall or any details of any certification of the PF firewall.


Can anyone help me out ?

Thanks
Keith


__ Information from ESET NOD32 Antivirus, version of virus  
signature database 4825 (20100201) __


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Re: OpenBSD in VirtualBox 3.1.x on non-SMP machine

[Bayard Bell]

According to http://www.virtualbox.org/wiki/Guest_OSes:

Requires VT-x or AMD-V hardware virtualization support.

It would appear they've therefore made VT-x and friends non- 
configurable. You can file a bug report and see where that goes.

Am 20 Dec 2009 um 10:18 schrieb Tomas Bodzar:

 Hi all,

 someone have running OpenBSD release/stable/current on new line of
 VirtualBox (3.1.x) on non-SMP machine? Older version 3.0.x was ok. Now
 it sets VT-x/AMD-V as default and you can't change it. Even when I
 disable it directly in .xml config file for guest it still try this
 feature. With release I can't continue even with boot. With current I
 can start installation, but too much segfaults and then Illegal
 instruction. On host capable of VT-x/AMD-V no problems. So it looks
 like they changed again something in their horrible way :-(

 -- 
 http://www.openbsd.org/lyrics.html

Re: A question about puting OpenBSD on a Soekris

[Bayard Bell]

I've been playing around with this lately, so I'm happy to have a stab  
at an answer, with the caveat that this reflects a recollection of my  
reading of the code rather than any attempt to make it work to your  
requirements. Whatever I may fail to clarify, recall, or understand is  
best taken to suggest that you'd be best served by reading the docs in  
full, consulting the code as necessary.


To start with the details, I reckon that reading mkdist shows that it  
does a du on vnddirs in the filesystem tree from which you're building  
and add then pads out those sizes (i.e. look for the loop in mkdist  
following the comment Determine sizes for partitions).


Reading code isn't, however, strictly necessary to answer your  
question: see the section of the FAQ that starts with What is the  
basic flahrd layout? What are tardirs? mfsdirs? vnddirs?.


More fundamentally, though: what are you trying to accomplish in  
growing /usr after laying down the flash image? It's likely more  
straightforward to lay down changes to the build (if not the  
personality, depending on whether your goal is to limit yourself to  
maintaining a single system or define a baseline build for use on  
multiple systems--if you're managing multiple systems, you might want  
to tweak the way you are preparing your builds and/or to modify the  
flashrd code so that it can pick up personality-related files from a  
separate tree than the build) on the regular filesystem tree from  
which you build the post-bootstrap flash svnd (i.e. the top-level  
directory you're passing as the mandatory parameter to flashrd),  
rather than trying to stack stuff onto the flash after this initial  
assembly is done. By the time you've got the basic image laid down in  
a file for your svnd, the initial partition scheme is already set.  
That doesn't mean that it's immutable, but it's a bit more work to do  
the slice and dice at that point. (cfgflashrd, on the other hand, is  
largely about configuring the bootstrap (terminal, root ramdisk)  
rather than what's subsequently brought up from the openbsd.vnd  
containing the full build.)


Not meaning to put too fine a point on it: I don't imagine you want to  
be trying this kind of post-op slice and dice if you've not spent time  
understanding how much of your problem may be adequately addressed in  
less baroque ways by documented behaviour.


Am 15 Dec 2009 um 15:25 schrieb stan:

I am trying to put OpenBSD on some Soekris machines. I have looked  
around
and fount the flashrd toolkit. Uinsg it, I was able to create a  
bootable
compact flash image for one of the machines. However, I pretty much  
did it
by following the driections without understnaidng what was being  
don, and

we all know where that leads  :-)

Now, I am trying to change a fwe things, and I need to get a better
understnading of what is being done here. Specifically, I want to  
create a
larger /usr partion in the vnd iamge. What determiens the size of  
these? I
have looked through the cfgflashrd, and the growimg scripts, but I  
don't

see any knobs to tweak in these for this.

--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: ComixWall terminated

[Bayard Bell]

Am 11 Dec 2009 um 09:19 schrieb P-O Yliniemi:

There are a lot more abuse of the misc list than Soner posting about  
his OpenBSD project. Maybe Theo should install a decent spam filter  
for the lists ?


This is levelling down a distinction: there's spam that's definitely  
spam and can be filtered reasonably easily before or after being sent  
to the list. Sending something to the list that's not readily  
distinguishable from other content is no longer a problem for a spam  
filter, wherever it may sit. The fact that the list doesn't filter  
spam for you mechanically doesn't mean members shouldn't intervene  
against a different class of posting.


What's wrong with posting OpenBSD-related 'adverts', and in this  
special case with ComixWall which is totally free ?


Well, if the principle is that this list is to build and support  
community around OpenBSD, it's a question about what's considered  
acceptable conduct within the community. Clearly there are strong  
feelings on either side, but I gotta ask whether advertising a  
redistribution, where there's not a lot of evidence of other  
involvement in the community, doesn't at least come across as, at  
minimum, genuinely subject to question. We can disagree as to what the  
answer is, but the exceptional characteristics that make this a  
question don't just answer themselves by the kinds of characteristics  
or implications that have been argued in its favour.


I agree with a lot of the other posts that ComixWall doesn't really  
promote OpenBSD in any way, but for those who are looking for a  
solution like the one that it provides, this distribution will  
save some hours of installation and compilation time.


Sure, but how about substantial questions like code audits for the PHP  
code and determining processes and mechanisms for patching? Binary  
distribution may not be a sin in itself (I've come around to the  
opinion that it's largely oversold as to its benefits), but,  
particularly if it's claiming to carry the flag of simplification, one  
may nevertheless be circumspect about the approach and implementation,  
by people who've not otherwise established standing in the community  
and demonstrated the viability of their work in that context. I  
understand why people who've made sustained contributions to OpenBSD  
would not be happy with advertising a redistribution vexed by these  
kinds of questions.


I've had enough experience with Unix engineering to have both sympathy  
for someone who does this kind of work independently of established  
community organs and a strong scepticism as to whether the product  
will be nearly as robust as advertised or imagined for lack of strong  
challenges and correctives from peers and existing centres of  
expertise. I can't think it reasonable to be so taken away with the  
sympathetic element of response as to overlook or underweight the  
strong prospect of flaws resulting from the approach taken, and I  
think it's adequate here that the issues be merely prospective, as  
vetting needs to happen before a product is announced as shipping.  
Conversely, with time spent talking about how you might solve the  
kinds of problems entailed by such project, developers have a decent  
chance of establishing credibility and the prospective quality of  
their project well enough that they wouldn't necessarily have to  
overload an existing channel to make release announcements.  
Alternatively, such developers would recognise some fundamental  
misconceptions and find other projects on which to expend their  
energies.


My 2p,
Buffer G. Overflow

Re: ComixWall terminated

[Bayard Bell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am 11 Dec 2009 um 09:19 schrieb P-O Yliniemi:

There are a lot more abuse of the misc list than Soner posting about  
his OpenBSD project. Maybe Theo should install a decent spam filter  
for the lists ?


Just a few of the recent ones:

From: Commonwealth Bankmemberserv...@commonwealth.com.au
To: misc@openbsd.org
Subject: Commonwealth Bank of Australia Security Department Team.
Date: 10 Dec 2009 15:47:59 -0800

From: Systat Software, Incnewversi...@systat.us
To: misc@openbsd.orgmisc@openbsd.org
Subject: SigmaPlot11.2 - NoCost Update Available
Date: Thu, 10 Dec 2009 14:25:49 -0800

From: Akis Angelakisi...@image-a.gr
To:misc@openbsd.org
Subject: LIFE GOOD NEWSLETTER no 57
Date: Thu, 10 Dec 2009 13:28:46 +0200

From: ma-boutique-deco.commaboutique-d...@my-deco-shop.com
To: misc@openbsd.org
Subject: 
=?utf-8?q?[blog_deco_et_design]_nouveaut=c3=a9s_my-deco-shop_-_m...@openbsd.org?=
Date: Thu, 10 Dec 2009 11:30:07 +0100


This is levelling down a distinction: there's spam that's definitely  
spam and can be filtered reasonably easily before or after being sent  
to the list. Sending something to the list that's not readily  
distinguishable from other content is no longer a problem for a spam  
filter, wherever it may sit.


What's wrong with posting OpenBSD-related 'adverts', and in this  
special case with ComixWall which is totally free ?


Well, if the principle is that this list is to build and support  
community around OpenBSD, it's a question about what's considered  
appropriate conduct within the community. Clearly there are strong  
feelings on either side, but I gotta ask whether advertising a  
redistribution, where there's not a lot of evidence of other  
involvement in the community, doesn't at least come across as, at  
minimum, genuinely subject to question. You can disagree as to what  
the answer is, but the exceptional characteristics that make this a  
question don't just answer themselves by the kinds of characteristics  
or implications that have been argued in its favour.


I agree with a lot of the other posts that ComixWall doesn't really  
promote OpenBSD in any way, but for those who are looking for a  
solution like the one that it provides, this distribution will  
save some hours of installation and compilation time.


Sure, but how about substantial questions like code audits for the PHP  
code and determining processes and mechanisms for patching? Binary  
distribution may not be a sin in itself (I've come around to the  
opinion that it's largely oversold as to its benefits), but,  
particularly if it's claiming to carry the flag of simplification, one  
may nevertheless be circumspect about the approach and implementation,  
by people who've not otherwise established standing in the community.


I've had enough experience with Unix engineering to have both sympathy  
for someone who does this kind of work independently of established  
community organs and a strong scepticism as to whether the product  
will be nearly as robust as advertised or imagined for lack of strong  
challenges and correctives from peers and existing centres of  
expertise. I certainly can't think it reasonable to be so taken away  
with the sympathetic element of response as to overlook or underweight  
the strong prospect of flaws resulting from the approach taken.  
Conversely, with time spent talking about how you might solve the  
kinds of problems entailed by such project, you'd have a decent chance  
of establishing your credibility and the prospective quality of your  
project well enough that you wouldn't have to overload an existing  
channel to make release announcements, no?



...my 217 kronor of time...

/PeO

iEYEARECAAYFAksiLBQACgkQcZQHT1XL9xkQ5ACgoF7xk2XHGkgYAJSWBEBBJnnX
orgAnixN3QXb89yZiZQ0v6hSr6nS+jbn
=UbvM
-END PGP SIGNATURE-

Re: softraid not building on boot

[Bayard Bell]

Am 10 Dec 2009 um 23:00 schrieb Marco Peereboom:


On Thu, Dec 10, 2009 at 05:00:34PM -0500, nixlists wrote:
Hmmm. I've used hardware raid cards for mirrors that have the  
verify function.

It would be interesting to know how and what those cards do.


They read the data to make sure the disk is working.  If one disk is
failed they can rebuild that block from the remaining disk provided  
that

the remaining disk isn't corrupt or broken too.  They assume that the
data that was read is accurate; if it isn't you are SOL.

They either don't detect or ignore blocks that are different because
they can not know which one is accurate (if any).

Verify for RAID 1 is mostly marketing fluff.


Not that it provides concrete options in deciding between the options  
available here, but doesn't intent logging combined with checksums  
allow this problem to be solved in software mirroring implementations  
such as VxVM or ZFS? Intent logging allows you to play back pending  
writes to deal with the question of differences in state after I/O is  
interrupted without detectable erroring, and checksums let you figure  
out whether a mirror is reading out data that is verifiably wrong  
(which may be the checksum or the data). You've mentioned RAID 5 and  
RAID 6 as solving these problems, where you by and large have to do  
checksum/parity operations for most kinds of I/O, but these  
characteristics needn't be exclusive to those RAID levels, even if  
they are necessarily to their implementation, no? (Again, this is an  
argument in principle, intended largely/solely as food for thought,  
rather than claiming that these problems are solved in any of the  
options at hand.)

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

[Bayard Bell]

Am 9 Dec 2009 um 19:01 schrieb Christopher Zimmermann:


On Wed, 9 Dec 2009 13:38:56 -0500
Jason Dixon ja...@dixongroup.net wrote:


How does the announcement of new releases for ComixWall
help OpenBSD?


It helps in promoting OpenBSD. And this is the official
purpose of the advocasy mailing list.

So I think that announcements of ComixWall releases could go
into the advocasy list.
Is this a false conclusion? If not Soner Tari could go on
with his project and post his announcements to the advocacy
list.

Anyway, since the advocascy list is dead, the two
announcements to misc should not be censured in such a harsh
way.


The premise that this is advocacy may be entirely mistaken, as it does  
not strike me as a strong argument in favour of OpenBSD to say that it  
needs to be redistributed with an alternate installer, a web GUI, and  
some additional software builds to be *really* useful than as released  
by the core development community. Might it not be the case that the  
existing packages and ports system already makes OpenBSD a fully FOSS  
and freely available UTM firewall or that improving support for  
what's bundled with ComixWall to make more components available as  
packages and/or ports would be offer greater flexibility in how people  
decide to acquire and deploy the product, more effectively supporting  
and growing the community? This creates a problem of due recognition  
and attribution, which is what's feeding all the moments of dispute  
and misunderstanding that follow.



How does abstraction of arguably the cleanest, easiest to
learn UNIX, help OpenBSD?


It helps in promoting OpenBSD. Promoting OpenBSD will make
OpenBSD more widely known. This will attract more possible
developers. They will write code for OpenBSD. This will help
OpenBSD.


These conclusions are tenuous leaps, amounting to a secret sauce  
argument: OpenBSD tastes good, but with the secret sauce it would be  
able attract all kinds of smart people it somehow can't attract with  
its current recipe. This logic of supplementarity rather makes the  
supplement the essential thing rather than the essential thing that  
it's supposed to promote, and that seems to sell what OpenBSD already  
is and its ability to continue to evolve as a technology, a  
development process, and a series of communities short. Not even  
prospectively can the proposition that there is no ComixWall without  
OpenBSD be not made reversible in the way you seem to suggest, any  
more than supporting a redistribution on premises overstated with  
respect to the OpenBSD core will amount to support in various forms  
getting back to OpenBSD per se. You say grafting, I say grifting.



I know I just added some additional noise, still I
would be glad to see this issue settled in a
non-destructive way.


It is settled.  You're whining.


If this is true, it's a pity. Then comixwall just died.

I still hope this issue can be settled in a NON-DESTRUCTIVE
way.
And yes. I AM WHINING. It bothers me when people destroy
such a huge amount of good work just because of a stupid
attack of bad mood.


Sorry if I'm repeating myself for a moment here, but isn't imagining  
ComixWall as a (or the) vital supplement to OpenBSD in the way you're  
suggesting selling a huge amount of very far good work short? I find  
myself able to reach that conclusion without being seized by a fit of  
pique, but I can imagine having good reason to be angry at the  
suggestion, the more so if I was one of the people with a sustained  
record of contribution to the project. If there's an attack that's  
happened, it may be a stupid, but that's as far as the agreed facts  
go. I'm sure you mean well, but I for one don't follow your account of  
what's destruction and what's supportive here. If the question is how  
to do better, the prospects for improvement are substantially reduced  
if one fails to grasp what has succeeded thus far.



OpenBSD is a great OS and ComixWall enables many people
to use it. I don't see any reason why the two projects
should not be able to cooperate.


Because they are not cooperative projects.  OpenBSD
doesn't need ComixWall.  OpenBSD is Free, Functional and
Secure(*).

(*) And easy.


Right. And the devil may care.

Not helping comixwall by bearing one release announcement
per year is not lazy, not even selfish, its just PLAIN
FUCKING STUPID!


As for the devil, aren't those the details the difference between  
Faust I lines 4611 and 4612? OpenBSD doesn't face Gretchen's problems,  
and overstating self-deprecation in the name of self-promotion seems  
more rather than less stupid, even if these indulgences are limited to  
a few annual episodes. Oh, the sauce!


If the complaint here is that there's something overwrought, it seems  
ironic in not quite the right way to be so overwrought in response. If  
I've poked you with a stick here it's aimed at ticklish spots so that  
we might now take a moment to have a chuckle and then get back on track.