Re: Doubt about license
On May 4, 2008, at 1:14 AM, Pieter Verberne wrote: On Sun, May 04, 2008 at 03:38:13AM +0530, debian developer wrote: [bsd vs. GPL] Sorry for 'stealing' this thread but I'm not sure if I should make a new thread for this. I'm wondering what OpenBSD people think about BSD (-like) licenses versus public domain. As an admin public domain code could leave me in a bad place. Imagine for a minute that I start building a project with it and the project turns into something cool and I want to start selling my services deploying it or similar things or selling boxes to do whatever it is it does. Or even just build a box that does something cool for work and they decide to have another business unit do the same thing. With the current state of OpenBSD licensing I'm in a good spot. I can do what I want and if any legal questions about the code arise I have a clear and legally well defined argument for why a reasonable person would think they could use the code in that way. And some very smart people at my back since any questions about my right to do anything I want with the code, short of denying those same very smart people credit, are also questions about their license and their right to do whatever they want with -their- code. Enlightened self interest is a fucking wonderful thing. By contrast with the GPL there are any number of hoops I need to jump through before doing the same thing and history shows us that relatively minor missteps result in them getting very ugly with you since , in their minds, you doing whatever you want with the code without meeting all of their conditions lessens their freedom. I think this also neatly disproves the idea that BSD/ISC style licenses put the power in the hands of the coders and GPL puts it in the hand of the users. BSD/ISC makes the coders and users partners based on mutual self interest whereas GPL puts -all- the power in the hands of the license holder. Public domain leaves me in a very bad place indeed. If anybody questions my right to use the code in question I have no real way to build a strong case that a reasonable person would think they could use the code in that way. Or at least it makes it a fuck of a lot harder than simply pointing at the license. This is because public domain is meant to be what happens to any work -after- the copyright expires. In the case of works that have passed into the public domain there is a clear and legally well defined trail of when it was in copyright, when it passed into the public domain, and where it came from. Which means that if, for example, I want to republish the original Tarzan nobody can come after me because it's trivial to prove that I have the right to do so. Not so with works placed directly into the public domain because doing so means that there is no legally well defined way to determine where it came from so anybody who can modify the timestamp on a file can claim to be the original author. What does the ISC license actually do? It buys the end user a legally well defined right to use the code that places him in partnership with the original author if any legal issues arise. As opposed to the lack of any legally well defined right to use it that results from works placed directly into the public domain or the mutually antagonistic relationship with the original author the GPL creates. And that's a fuck of lot. snip
Re: The REAL reason we use OpenBSD
On Mar 15, 2008, at 14:48, Genadijus Paleckis [EMAIL PROTECTED] wrote: http://blog.anamazingmind.com/2008/03/real-reason-we-use-linux.html oh, and before you started to read, to be more comfortable just do s/ linux/openbsd/g Whoever wrote that needs to discover girls and/ boys and beer. I use OpenBSD because it lets me get shit done and then go do more interesting things.
Re: OpenBSD and ISDN TA
I think ISDN is one of those technologies a significant part of the OpenBSD population would be very happy to suppress any remaining memories of. I'm getting flashbacks just reading this. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OT Re: OpenBSD and ISDN TA
On Jan 9, 2008, at 14:24, Diana Eichert [EMAIL PROTECTED] wrote: On Wed, 9 Jan 2008, Marco S Hyman wrote: Yeah, X.25 with a triple-X pad (X.3/X.28/X.29). a Yellow book version, none of that fancy new red or blue book stuff. It scares me that I remember such stuff. // marc Where a triple-X pad is not a description of some leftover Hippie from the 60's cabin in the wilderness used by all for Free(GPL) Love. ;-) Hahahah. diana
Re: Real men don't attack straw men
On Jan 6, 2008, at 8:07, Benoit Chesneau [EMAIL PROTECTED] wrote: On Jan 6, 2008 3:12 PM, V. Karthik Kumar [EMAIL PROTECTED] wrote: Run make install on that directory (www/opera-flashplugin) and woohoo! so _you_ decided to install non-free software. The question is why . Nothing forced you to install it. Because the bad evil obsd devs told him to and overcame all rational thought and personal responsibility on his part? -- - benont -- - benont
Re: Real men don't attack straw men
On Jan 6, 2008, at 9:20, Karthik Kumar [EMAIL PROTECTED] wrote: On Jan 6, 2008 10:41 PM, Paul de Weerd [EMAIL PROTECTED] wrote: On Sun, Jan 06, 2008 at 09:52:18PM +0530, Karthik Kumar wrote: | Perhaps you're *USING* these 4 files to install the adobe flash player | on your machine (your example a little bit later in this mail seems to | indicate you have at least installed it). That's non-free software | you've installed, but you are free to do so. Then, to you, those four | small files are not so useless, are they ? | | | Okay, I didn't install it. But it's like saying 'There is no proof | that the Makefiles won't work unless at least one person has installed | them and verified. In any case, I put forward the argument that the | Makefiles are useless because no single person has reported a | successful install with them. BooHoo! You are making an argument that Makefiles are useless when we are discussing the free-ness of OpenBSD. It doesn't have a lot to do with the subject at hand (again...), but there you go. You argued Makefiles are FREE. See ma, no .so in cvs.. etc. Now you use ftp and download PowerPoint to test if the system works, and say: hey. it's a free tool and I downloaded non-free. But just testing. But it's a free tool, like uhm. make and Makefile s ... so I guess everyone can use it to simply test if the non-free can be downloaded with free tools. Is that what you're getting at, about the FREE makefiles and their usefulness? Ah, okay; I understand you. I did, I tested the above procedure before sending my mail to the list. Doesn't mean I've used it, but if you think it's shameful to prove you wrong, I think that says more about you than about me. You're not proving me wrong. Whom are you kidding? You need to come to terms with yourself. You still have not shown any file in the OpenBSD cvs repository that is not free. You make gratuitous analogies that are completely irrelevant - try to stick to the subject, no analogies necessary. There's no cigarettes in OpenBSD, it's all free bits of software etc. Free bits of software which can download non-free bits = Harmless bits of paper and tobacco which when lit and inhaled will cause cancer. If you feel the analogy is painful, tough luck bro. Right. And it is your choice to do or use either so engage your brain and start making choices for yourself. I'm through talking to you here. I'm not going to reply to your posts again. -- Karthik http://guilt.bafsoft.net
Re: Real men don't attack straw men
On Jan 6, 2008, at 20:02, Tony Abernethy [EMAIL PROTECTED] wrote: V. Karthik Kumar wrote: You see, rms? You were right. OpenBSD has lots of trolls who: Curious, the contents indicate this is addressed to RMS. The mail headers indicate otherwise. This is obviously by one of the trolls. Quite often, beople are judged by the emails they send and by the intelligence or lack there of which is exhibited. When you are addressing RMS, do you expect him to read your reply from misc@openbsd.org or is there some undisclosed covert channel of communication to him? not much work, really --- kinda like smashing cockroaches. Nuke em from orbit. Its the only way to be sure.
Re: Real men don't attack straw men
On Jan 6, 2008, at 22:54, Roberto J. Dohnert [EMAIL PROTECTED] wrote: Quick question, do we really need an endorsement from Richard Stallman and the FSF for OpenBSD? Nobody involved in this thread wants this endorsement and it is not about getting him to change his mind. The point is, simply, to call him on his bullshit.
Re: Richard Stallman...
On Jan 5, 2008, at 9:53, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: On Sat, Jan 05, 2008 at 08:47:16AM -0600, Gilles Chehade wrote: On Sat, Jan 05, 2008 at 11:53:30AM +, Rui Miguel Silva Seabra wrote: On Fri, Jan 04, 2008 at 05:49:42PM -0600, Gilles Chehade wrote: Why didn't you answer my mail Rui ? You are a troll. Either I did and you missed it, or it wasn't the answer you'd expect or I found it so irrelevant it didn't even raise any bell. You have not answered at all, you have answered to other people so that you could dodge my embarassing question instead of explaining why it is different to do the exact same thing when you are from the FSF. I'm not from the FSF. According to YOU, it is okay to have emacs and gcc run on a proprietary system as it allows more people to run free software. How is it that it is wrong to allow more people to run a free system by giving them links to proprietary software if it encourages them to keep their free system instead of switching to a proprietary one ? 1) ftp://ftp.openbsd.org/ isn't links 2) using more free software is better than not running it at all 3) incentivating usage of non-free software on free software operating systems doesn't incentivate the creation of free software replacements 4) FYI I think the wine project is counter-productive as it enables running non-free software on free software operating systems, and as such de-incentivates the creation of replacements. 4.1) but it's free software and its authors have their own independence. By providing emacs and gcc for windows you encourage people to run just a few free applications with proprietary system and (many) tools, while we just give people the freedom to install a proprietary application on top of a free system with free tools. Look, OpenBSD is aggressive enough that people who need such non- free software likely won't even run it on OpenBSD, so what you're saying is that to the convenience of a few people who don't care for freedom of all users, you distribute non-free software. Anyways, most of your emails have been so rude that in afterthought I shouldn't even honour you with a reply. I try hard to keep my emails insult-free, saying that they are rude for helping you avoid embarassing questions is what makes you a troll. Just like your friend Stallman, you play on words and act like a victim if a person points No, I am a victim and your (generically, not specifically you) attitude actually makes my relation with OpenBSD very frustrating. So GTFO. Oh and lose the sig on a public mailing list. You don't like us we don't like you. You think we rank up there with baby killers. I will NEVER understand how that works so just FOAD and we can all be happy. Rui -- Wibble. Today is Setting Orange, the 5th day of Chaos in the YOLD 3174 Celebrate Mungday + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Suggested PF Setup when using BitTorrent?
On Jan 5, 2008, at 17:15, Joel Wiramu Pauling [EMAIL PROTECTED] wrote: The main annoyance I have had with bittorrent/p2p apps on openbsd is the relatively low file open limits. Pumping this is easy enough tho. rtorrent sorted that for me nicely. On 06/01/2008, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Maybe those watchdog timeouts have nothing to do with bittorrent, and are probably more related to nic problems. Have you tried running your torrent client with a different network card? On Jan 5, 2008 4:22 PM, Brian [EMAIL PROTECTED] wrote: Is there any suggested PF setup when using BitTorrent? Right now, the biggest problem I have when using BitTorrent is watchdog timeouts. Thanks, Brian Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- An OpenBSD user... and that's all you need to know =) Please, send private emails to [EMAIL PROTECTED]
Re: Real men don't attack straw men
On Jan 4, 2008, at 14:26, Ted Unangst [EMAIL PROTECTED] wrote: On Jan 4, 2008 1:22 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Otherwise why should he repeatedly say some thin that is not proprietary as proprietary even after being informed by tedu and others? Because for me it is proprietary when I can't run it in a commercial context. you clearly don't know what proprietary means. if you don't understand the big words, stop using them. you also totally failed to comprehend the license. what i find even more hysterical is your claim that running a 5 year old rogue clone is needed to get your work done. No he's claiming that not being able to use a five year old rogue clone in a commercial setting is a great injustice and unethical. See now that makes perfect sense. NOT.
Re: [Fwd: Open-Hardware]
On Jan 1, 2008, at 6:37 PM, [EMAIL PROTECTED] wrote: Dr Stallman i now see the dogged determination that has made you effective, He's not a doctor. In any sense of the word. Honorary degrees don't give you the right to use the title or to be called by it. --- Marina Brown Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost [127.0.0.1]) by mail.surferz.net (Postfix) with ESMTP id EDA7B149CB6 for [EMAIL PROTECTED]; Tue, 1 Jan 2008 16:33:12 -0500 (EST) Received: from mail.surferz.net ([127.0.0.1]) by localhost (mail.surferz.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 01692-04-28 for [EMAIL PROTECTED]; Tue, 1 Jan 2008 16:32:57 -0500 (EST) Received: from shear.ucar.edu (lists.openbsd.org [192.43.244.163]) by mail.surferz.net (Postfix) with ESMTP id 8CF7F149736 for [EMAIL PROTECTED]; Tue, 1 Jan 2008 16:32:18 -0500 (EST) Received: from openbsd.org (localhost.ucar.edu [127.0.0.1]) by shear.ucar.edu (8.14.1/8.13.6) with ESMTP id m01LS4Pw025278; Tue, 1 Jan 2008 14:28:04 -0700 (MST) Received: from fencepost.gnu.org (fencepost.gnu.org [140.186.70.10]) by shear.ucar.edu (8.14.1/8.14.1) with ESMTP id m01LOYXn016757 for misc@openbsd.org; Tue, 1 Jan 2008 14:24:34 -0700 (MST) Received: from rms by fencepost.gnu.org with local (Exim 4.60) (envelope-from [EMAIL PROTECTED]) id 1J9ob9-0005Sz-GD; Tue, 01 Jan 2008 16:24:31 -0500 Content-Type: text/plain; charset=ISO-8859-15 From: Richard Stallman [EMAIL PROTECTED] To: Paul Greidanus [EMAIL PROTECTED] Cc: misc@openbsd.org In-reply-to: [EMAIL PROTECTED] (message from Paul Greidanus on Tue, 01 Jan 2008 01:48:47 -0700) Subject: Re: [Fwd: Open-Hardware] Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Date: Tue, 01 Jan 2008 16:24:31 -0500 X-Loop: misc@openbsd.org Precedence: list Sender: [EMAIL PROTECTED] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at surferz.net I'm curious how you can recomend an OS, like gNewSense that only runs on non-free hardware, that has required non-free software to be used in it's creation? How do you do these things? Perhaps I do them the same way. The term non-free hardware is misleading, because the issues that divide free software from non-free software do not apply to hardware. There are no copiers for hardware and it has no source code. As for Intels use of non-ree software, I am sorry for them, and I hope that someday they will be able to move to free software.
Re: ssh client in bsd.rd
On Dec 21, 2007, at 7:34, Lars NoodC)n [EMAIL PROTECTED] wrote: The RAM-disk kernel (bsd.rd) seems to be missing an SSH client. Presumably that's been left out on purpose. Is there any reason beside size that it is not included? Ask google about yaifo. Regards, -Lars
Re: ssh client in bsd.rd
On Dec 21, 2007, at 8:07, Mike Erdely [EMAIL PROTECTED] wrote: On Fri, Dec 21, 2007 at 07:50:03AM -0800, Ray Percival wrote: On Dec 21, 2007, at 7:34, Lars NoodC)n [EMAIL PROTECTED] wrote: The RAM-disk kernel (bsd.rd) seems to be missing an SSH client. Presumably that's been left out on purpose. Is there any reason beside size that it is not included? Ask google about yaifo. yaifo doesn't include an ssh client. My bad. I misread the first mail. -ME
Re: Play Nice - Real men don't attack straw men (Theo)
On Dec 16, 2007, at 9:29 PM, David H. Lynch Jr. wrote: Sam Fourman Jr. wrote: On Dec 15, 2007 10:56 PM, David H. Lynch Jr. [EMAIL PROTECTED] wrote: Bengt Frost wrote: On Sat, Dec 15, 2007 at 12:31:25PM -0700, Darrb Finally as long as i do not hurt 'someone' (to mutch) then it must be up to me to choose what i want to do, f.ex. install packages through portssystem. If I wrote a a BSD Licensed program to mailbomb jews. Would that be acceptable within ports ? and who exactly would you bribe to get this mailbomb committed to the ports tree? That is the point! Why is it that I can not expect ports to accept this ? Because accepting it would be the same as tacitly endorsing it. Accepting non-free software is is equivalent to tacitly endorsing it. No. Because it's useless and nobody with commit access would want to put the time and effort into doing so. Please move on.
Re: Play Nice - Real men don't attack straw men (Theo)
On Dec 16, 2007, at 11:58 AM, David H. Lynch Jr. wrote: Marco Peereboom wrote: You can use OpenBSD to build a baby mulcher or a nookyoular weapon and you have the choice to retain the source code. You can use the GPL to build a puppy blood drainer or a dirty bomb provided you deliver the source code with it. Agreed, but would you except either in ports ? The question is not what is possible, but what are you willing to endorse. The purpose of the extreme example is to point out that including something within ports has meaning. Sure. Of course. A tool is just a tool. To not point at a given tool just because it could be used for evil is fairly fucking arrogant. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Theo [EMAIL PROTECTED] mailing list, May 29, 2001
Re: Play Nice - Real men don't attack straw men (Theo)
On Dec 16, 2007, at 2:24 PM, David H. Lynch Jr. wrote: Ray Percival wrote: On Dec 16, 2007, at 11:58 AM, David H. Lynch Jr. wrote: Marco Peereboom wrote: You can use OpenBSD to build a baby mulcher or a nookyoular weapon and you have the choice to retain the source code. You can use the GPL to build a puppy blood drainer or a dirty bomb provided you deliver the source code with it. Agreed, but would you except either in ports ? The question is not what is possible, but what are you willing to endorse. The purpose of the extreme example is to point out that including something within ports has meaning. Sure. Of course. A tool is just a tool. To not point at a given tool just because it could be used for evil is fairly fucking arrogant. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Theo [EMAIL PROTECTED] mailing list, May 29, 2001 That's fine, it is a statement of values and principals, that is exactly what I was looking for - something that is conspicuously absent from the OpenBSD web site. If it is what OpenBSD beleives - have the balls to say so, rather than the watered down language on the website. The OpenBSD website expresses a clear value for code quality, and one of security. Yeah, those are the things that matter. Why do you need so many guidelines and rules? If logic and commonsense isn't enough for you then there are other projects for you to bother. Cause it's more than enough for us. And since we've already established that your use of the word distribute is wacky to say the very least you have not point AT FUCKING ALL. It is also inconsistent with providing URL's to software that is not free to all. I do not care whether you use a different definition of freedom than the FSF/GNU/RMS. Whatever your definition of freedom is, if you do not apply it to the things you provide URL's for in ports, then you are saying that that freedom is not really all that important to you. If you really beleive in that stick to it, even with in URL's in ports. Tell RMS that OpenBSD will accept in ports only software that is freely redistributable, regardless, of what its purpose is. One of my problems with OpenBSD, is that the sense I get of what you mean by freedom is the freedom to do whatever I please, Speaking for myself. Damn straight it is. Put down the crack pipe for a minute and think about if your argument there makes any sense at all. Hint: No reasonable person would think it does. including reject your own values, when it is convenient. Further I think you are so hostile to the FSF/GPL/RMS that you would deliberately violate your own principles, to spite RMS. No. My principles are to to live and let die. In other words I could give a shit what anybody else does with a given system or if there happen to be a URL or two pointing them at some app in ports that might have a license I don't like. What business is it of mine? Since I think everybody should be allowed to do whatever they want with their stuff and that Big Mommy (as represented by Stallman and everybody else who think that reasonable adults will be corrupted in someway by being able to easily install software that might have a less permissive license than others) should fuck off and die this is PERFECTLY in line with what I think. And if you really can't see the difference between a blob loaded into kernelspace and a pointer to a userland app with a less permissive license well then you really are a religious and political shill and I can see why you want somebody enforcing various rules about thoughtcrime.
Re: Play Nice - Real men don't attack straw men (Theo)
On Dec 16, 2007, at 6:20 PM, David H. Lynch Jr. wrote: Marco Peereboom wrote: On Sun, Dec 16, 2007 at 05:24:48PM -0500, David H. Lynch Jr. wrote: That's fine, it is a statement of values and principals, that is exactly what I was looking for - something that is conspicuously absent from the OpenBSD web site. If it is what OpenBSD beleives - have the balls to say so, rather than the watered down language on the website. The OpenBSD website expresses a clear value for code quality, and one of security. Ports are 3rd party apps. Of course we don't make a value judgement on the OpenBSD website for it. WTF? So if I write a non-free insecure kernel and install it via ports that is acceptable. Yeah, sure. Have all sorts of fun. Why would anybody care? You are trying to argue both pragmatism and principle concurrently, You are obviously free to try but it makes things very easy for me. No, the principle is that you or anybody should be able to do anything they want with their system and that we don't care and won't put artificial limits on it. Easy enough to understand. It is also inconsistent with providing URL's to software that is not free to all. I do not care whether you use a different definition of freedom than the FSF/GNU/RMS. Whatever your definition of freedom is, if you do not apply it to the things you provide URL's for in ports, then you are saying that that freedom is not really all that important to you. If you really beleive in that stick to it, even with in URL's in ports. Tell RMS that OpenBSD will accept in ports only software that is freely redistributable, regardless, of what its purpose is. One is not at liberty to change words around to mean what they want. That is not part of a civil conversation. First we have to agree on the meaning then we can have a debate. As a politician he changes the meaning of words around to fit his purposes. I'll call BS on that every time I'll see it. I am not changing the meaning of words, for the most part I am taking your words, with your meanings, and applying them consistently to your system, until it produces a contradiction. If your words, your definitions and your values were consistent no contradiction would occur. One of the most serious problems that you have is that if you have a system that is self contraditictory and you accept the contradictions as truth, then you can prove anything. that is a principle of logic. It has nothing to do with me, except that I have used it as a tool. If there is no contraditiction in your system of values, then it will not work. One of my problems with OpenBSD, is that the sense I get of what you mean by freedom is the freedom to do whatever I please, including reject your own values, when it is convenient. Further I think you are so hostile to the FSF/GPL/RMS that you would deliberately violate your own principles, to spite RMS. You seem to fail to understand that nobody cares what RMS' little OS list looks like. What I care about is that he shows up on my mailing lists and start pissing in my sandbox. I don't care what his opinion is; he can say whatever he wants. What he can't do is lying about my OS in front of me and expect me not to react. He is full of it and we have told him so. If he is sick of being flamed he can stop responding. That is not the perception I have of OpenBSD. You're wrong. But then again in the last few days of emails it's become clear that you're a drooling fucking moron so no big surprise there.
Re: Play Nice - Real men don't attack straw men (Theo)
On Dec 16, 2007, at 6:27 PM, David H. Lynch Jr. wrote: William Boshuck wrote: On Sun, Dec 16, 2007 at 05:24:48PM -0500, David H. Lynch Jr. wrote: Ray Percival wrote: [quoting and excerpt from Theo's log message in (e.g.): http://www.openbsd.org/cgi-bin/cvsweb/src/etc/Attic/ipf.rules] ... But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Theo [EMAIL PROTECTED] mailing list, May 29, 2001 That's fine, it is a statement of values and principals, that is exactly what I was looking for - something that is conspicuously absent from the OpenBSD web site. Apart from the rhetorical flourish at the end, that's in the second item in the list near the top of http://www.openbsd.org/goals.html. (The ANY PURPOSE part goes way back, to the summer of '97.) Not to mention policy.html. the statements are different. Unless I am to interpret we want to make available source code, as equivalent to Software which openbsd uses and distrubutes must be free to all. Must is significantly different from want we want to make available source code is not the same as software which openbsd uses and distributes. Regardless, apply it to ports and remove non-free URL's. WTF is a non-free URL? They come with licenses now? You kids and your wacky new ideas. Trying to parse through the above gibberish the question remains is putting up a sign for a pub the same as serving drinks to somebody? Sure ports might contain some scripts and URLs for software with less permissive licenses. Who cares? No reasonable person would think of that as distribution. If somebody has found it useful enough to stick in there and some other people find it useful why should anybody care? Their business and we should just butt the fuck out. Code that is being distributed by OpenBSD meets higher standards. This is as it should be. This is as the people who build it and use it want it. Yeah, OK, our immortal souls are going to hell and we make the baby Jesus cry. Guess what? We don't give a shit. We're all adults and can figure out where these lines are without it being handed down from on high in every minor detail. So GTFO and go find a system that's orthodox enough to meet your high standards. We would rather have stuff that makes sense and works well. Wake me when gnewsense or whatever gets to that point.
Re: Play Nice - Real men don't attack straw men (Theo)
On Dec 16, 2007, at 5:52 PM, David H. Lynch Jr. wrote: Ray Percival wrote: You believe in absolute freedom - freedom to do whatever you damn well please. I really fail to see the problem with that but whatever. Yet you are seeking to deny the same freedom to Richard and everyone else that disagrees. Who wants to deny Stallman the freedom to do anything he wants? He has the freedom to say and do anything he would like. And I have the freedom to mock him for it. Everybody gets what they want.
Re: Real men don't attack straw men
On Dec 15, 2007, at 5:28 PM, Marc Balmer wrote: Richard Stallman wrote: For personal reasons, I do not browse the web from my computer. (I also have not net connection much of the time.) To look at page I send mail to a demon which runs wget and mails the page back to me. It is very efficient use of my time, but it is slow in real time. and it shows that you are a complete dork. you are disconnected from reality. how can we take you for serious? Why do I keep hearing Grandpa Simpson every time he says something? Oh, yeah, they're both weird old sore-headed cranks. Dear Advertisers, I am disgusted with the way old people are depicted on television. We are not all vibrant, fun loving sex maniacs. Many of us are bitter, resentful individuals who remember the good old days when entertainment was bland and inoffensive. The following is a list of words I never want to hear on television again. Number one: bra. Number two: horny. Number three: family jewels. I'll leave the comedy edits to you fine people. Oh and Richard is demon some HURD thing? The rest of the UNIX tradition has these things called daemons is a demon something like one of those? Oh and why isn't HURD on the list of things you recommend? Oh, yeah, sorry mea culpa.
Re: Real men don't attack straw men
On Dec 15, 2007, at 8:21 PM, David H. Lynch Jr. wrote: After reveiwing the OpenBSD Goals and Polices, it appears to me that the intent is that OpenBSD should be a free/Open Source system. But unless I am missing something that is not actually made clear. The polices page lists software licenses that are acceptable, and a few that are not, but I could not find an statement dfining what was and was not acceptable aside from by example. The goals page section on the kernel prefers BSD Licenses over the GPL, requires source, explictly bans NDA's, but provides no guidance on the remainder of the cosmos of source providing licenses. Would proprietary software with source be acceptable ? The requirement to respect copyright's and licenses might narrow the field somewhat, but it still leaves alot of possibilites, pretty much any license that allows redistributing source. I could not find any reference or guidance concerning what is acceptable outside the kernel itself. It is possible to read all of this and conclude that OpenBSD is a free OS and that non-free software is unacceptable - including prohibiting non-free URL's in ports. It is also possible to understand this as allowing the inclusion - even in the kernel of code that does not even meet the weak OSI definition of Open Source. That's all because reasonable, rational, intelligent adults don't need to have every little commonsense thing spelled out for them. Only people overly concerned with rules need such things the rest of us are more than happy with solid general guidelines and principles. So what the FUCK is your point?
Re: Real men don't attack straw men
On Dec 13, 2007, at 11:18 PM, David H. Lynch Jr. wrote: snip It is completely irrelevant to Stallman whether the OS he endorses is actually useful. In his world view, his definition of free trumps functional. It is always possible to improve the quality of something, it is may not be possible to regain freedom once it is lost. Nice work if you can get it. In a little place I call reality I make a living solving problems and I need something useful. This pretty much makes Stallman a useless fucktard in my book. You do not have to accept his thesis. Though OpenBSD does take an indistinguishable stance particularly on hardware and binary blobs. No. OpenBSD is against including blobs in their code. To quote Stallman non-free software, and people should not install it, or suggest installing it, or even tell people it exists. If the difference between We won't include a blob in base., what the quote from Stallman above implies, and the OpenBSD ports system is indistinguishable to you then you really are a simple fucking son of a bitch. Or a liar. Stupid would be charitable and I don't tend towards charity. And maybe you do not accept that he goes to fairly extreme efforts to conform his behavior to his own principles, but I do. No, I accept it. I know it for a fucking fact. I think both those principles and the fact that he goes to the efforts he does to conform to them makes him a fucktard. None of the distros that Stallman is talking about are actually USEFUL beyond the most trivial of applications. For those of us who actually need tools to solve problems with the bullshit Commissar Stallman spews is beyond fucking useless. If I gave two shits what he thinks the only choice I'd have most of the time is what vendor to buy borken shit from. Even if I were to grant his arguments about non- free (which I most certainly do NOT) I don't see how anybody who isn't a total fucking nutter could see that as better. OpenBSD has taken a strong principled stance against binary blobs and closed hardware - even when that results in loss of functionality. There is absolutely no distinction between the absolutist OpenBSD position on hardware and that of RMS on software. No. in Stallman's world to even mention that, for example, the non- free nvidia driver exists is a bad thing. OpenBSD takes a somewhat more adult much less religious talk about it but don't use it. Also, and this is the SINGLE BIGGEST DIFFERENCE, Theo and his folks are TRYING to bridge that gap and, in point of fact, they've written code that makes many bits of hardware work better than they do under the blobs that they reject. When was the last time that Stallman produced code or something useful? Absolutely any insult you toss at him regarding his stance on software can be reworded and lobbed back at you in the context of hardware. No. Because this isn't about his stance on software. This is about the fact that he made a statement that was wrong. The fact that you can install a non-free app or two with the ports system does not meet any real world definition of suggests only in a world where books that mention such things need burning does his argument make any sense at all. And the rest of us don't live in that world. OTOH OpenBSD not including blobs has direct real world benefits to me by leaving me with the sure knowledge that if I run into a bug with a driver that I won't have to depend on a vendor to fix it and that I won't have to worry about some vendor suddenly dropping support for it and the fact that they encourage others to reject those blobs would have even more direct real world benefits to me if they were to take their advice, by increasing free and open support for even more hardware and meaning they wouldn't have to keep reverse engineering things to make them work. In one case good is being done in the real world. In the other some fucktard is just blowing smoke out his ass to no good purpose. If you would like to make your above statement correct prove to me how pretending that non-free apps don't exist by not talking about them at all makes my life easier. Again any clear thinking adult will be able to see the clear difference between the two. I really question your motives if you can't. So, yeah, fuck Stallman. Fuck his endorsement. There is nothing good about this fucking nutter or anything he's trying to do. Orthodoxy is EVIL no matter what god it's in service of. OpenBSD is an extremely religiously orthodox system. Frankly it is a cult. There is a zero tolerance police for binary blobs. There is a zero tolerance policy for GPL in base and a low tolerance elsewhere. No other group in existance adheres to security with the same religious fanaticism. If orthodoxy, zealotry and fanaticism are evil, then OpenBSD is hell. Yeah, sure in a world where a ports system that makes it a wee bit easier to install a
Re: Real men don't attack straw men
On Dec 14, 2007, at 5:44 AM, David H. Lynch Jr. wrote: Ray Percival wrote: On Dec 13, 2007, at 11:18 PM, David H. Lynch Jr. wrote: snip Just as an example most advertisers choose not to name their competition. Politicians go out of their way to elicit denials from their opponents, because even denying something inextricably ties you to it. Ghandi claimed first they ignore you, then they fight you, then you win. The first step to victory for is to get from being ignored, because even fighting something constitutes recognition. snip I guess major advertising firms, politicians, and ghandi are not clear thinking adults. Good one. For a minute there I thought you were serious but now I see that you're just taking the piss since anybody who will hold up advertising firms and politicians as shining beacons of how to hold public discourse and intellectual honesty and imply that the Ghandi quote can be mentioned in the same statement HAS to be joking around. Very funny joke, well done.
Re: Real men don't attack straw men
On Dec 13, 2007, at 5:23 PM, David H. Lynch Jr. wrote: If you are unwilling to adopt policies consistent with his, accept that you are not getting his endorsement and shut this thread down. Nobody here asked for or WANTS his endorsement. He started the thread. We could give a shit about what he thinks. Now it's just about ripping him apart, yeah it's turned into a bit of a feeding frenzy but he brought it on himself. I'd LOVE to see somebody cross post this to the Debian and Ubuntu threads just to see what they think of his thoughts on the subject. Fuck, gNewSense? Seriously? I mean all joking aside, SERIOUSLY? He can see no reason that it's not a functional reason to choose OpenBSD over -that-? The most charitable way to read that is that alzheimer's has set in and to give him our pity. If anybody thinks I'm wrong go ahead and tell me how to do this with gNewSense or that I'd get that kind of support out of them. Go ahead try it. http://www.undeadly.org/cgi?action=articlesid=20071008153119 None of the distros that Stallman is talking about are actually USEFUL beyond the most trivial of applications. For those of us who actually need tools to solve problems with the bullshit Commissar Stallman spews is beyond fucking useless. If I gave two shits what he thinks the only choice I'd have most of the time is what vendor to buy borken shit from. Even if I were to grant his arguments about non- free (which I most certainly do NOT) I don't see how anybody who isn't a total fucking nutter could see that as better. So, yeah, fuck Stallman. Fuck his endorsement. There is nothing good about this fucking nutter or anything he's trying to do. Orthodoxy is EVIL no matter what god it's in service of.
Re: Real men don't attack straw men
On Dec 10, 2007, at 12:26 PM, Martin Schrvder wrote: 2007/12/10, Richard Stallman [EMAIL PROTECTED]: From what I have heard, OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. Richard, do you still remember the 2004 FSF awards? http://www.fsf.org/news/fsaward2004.html Theo's leadership of OpenBSD, his selfless commitment to Free Software ... Why don't you ask Theo, whom you once praised, about OpenBSD? Simply put in the years since then he's become much more shrill and intolerant. Perceived success is, IMO, going to the collective head of the FSF.
Re: Real men don't attack straw men
On Dec 11, 2007, at 4:43 AM, Lars Noodin wrote: Marc Espie wrote: ... You've got a choice of: Or 4) not up on the OpenBSD projects goals and current licensing requirements Some of that is probably due to the low profile of OpenBSD (low- profile is good, though) and the yammering of the FreeBSD crowd (which both includes a lot of MSFTers, and takes it upon itself to represent all *BSD). I realize it's good fun in Redmond to poke at RMS, however, that will not inform the public about the advantages of OpenBSD. The only purpose there is to make everyone look bad. Articles and other means of providing information about OpenBSD will increase knowledge of OpenBSD. So a high profile public figure talking out of his ass and representing things he's not informed about as facts as opposed to asking questions to get informed is better ... how? That's what we would expect from a political activist not an engineer.
Re: About non-free software in OpenBSD
On Dec 10, 2007, at 2:14 AM, Reyk Floeter wrote: On Sun, Dec 09, 2007 at 08:27:33PM -0800, Ray Percival wrote: X-Mailer: iPhone Mail (3B48b) Fancy X-Mailer, but isn't non-free and full of patents ;)? Yes, it is. Very much so. Also means I don't have to get off the couch when I want to send a quick missive while watching Family Guy. RMS would think I'm a very very bad man. But my personal tradeoff for when non-free is OK does, in point of fact, sit a bit towards the non- free side of his. But I've always been a heretic and always will. So, what Stallman seems to be saying is that preventing users from running the software they choose is more important than respecting patents. Slavery is freedom. And the fact is that OpenBSD does not include any non-free software, unlike all the Linuxes and other BSDs with binary blobs, evil licenses, and non-free stuff in the base system. Which is why the jokes about him saying that OpenBSD isn't free enough or whatever write themselves. Irony is delicious. But dead horses and flogs are no fun and I should have kept my big mouth shut. reyk
Re: About non-free software in OpenBSD
So, what Stallman seems to be saying is that preventing users from running the software they choose is more important than respecting patents. Slavery is freedom.
Re: Could Hiawatha replace Apache as in base HTTP server if it's license changed?
On Dec 7, 2007, at 9:41, Eric Furman [EMAIL PROTECTED] wrote: On Fri, 7 Dec 2007 10:39:39 -0600, Gregg Reynolds [EMAIL PROTECTED] said: On 12/7/07, Andris [EMAIL PROTECTED] wrote: Here is two messages from Hugo Leisink (Hiawatha developer). You'll First of all, you have to take a look at the webserver market. You use Apache, IIS, Lighttpd or you don't use anything at all. If you want Ok, I'll take the bait: http://wiki.codemongers.com/Main Dunno how secure it is, though. OK, I'll add my own two p. Even tho I know nobody asked. http://www.acme.com/software/thttpd/ Not feature rich, but it's small, fast and strives for security. Seems to have a BSDish license as well. The deal breaker for Hiawatha, IMO (and I know it counts for nothing), was his I will never abandon the GPL statement. That and the fact that it's not Apache. All of these nonstandard tools would have to bring something very fucking compelling to the table to make the work of bringing them into base worth it and this doesn't. I'm not even going to touch the insanity of thinking about a GPLed app in base.
Re: Dumb 486: Install From Hard Drive?
On Dec 1, 2007, at 4:10 PM, L wrote: snip yaifo.fs or pxe boot if the NICs in question support it. The docs for that are in the FAQ. I rather doubt your NICs do, the readme that you'll get when you grab the source explain how to do just what you want. http://erdelynet.com/?s=yaifo
Re: Helping with Softraid testing
On Nov 18, 2007, at 3:34 PM, Siju George wrote: snip I know I cannot escape recompiling the kernel because it is necessary for updates. But as far as possible I would like to stay away from it on production machines :-) That's what releases are for. Thanks a million for all the detailed answers once again :-))) Kind Regards Siju
Re: Any Ethereal, Wireshark related software in 4.2 ports?
On Nov 11, 2007, at 10:03 AM, Barry Miller wrote: Of course, if a bad guy _does_ get control of wireshark, he OWNS your network, but at least you're not totally rooted. Take your chances. How so? Given that all it is a frontend to libpcap. And how does this not apply to tcpdump? --Barry
Re: OT: Re: Theo's new compiler and etiquette both in cyberspace and the 'real world'
On Nov 4, 2007, at 7:36 AM, Timo Schoeler wrote: Timo iD8DBQFHLecDUY3eBSqOgOMRCu7WAKCtwy0qC/TmhZqzIbMKZEPy0+uqAgCffh+C Yg7jMg1F+EvUiK4xPprWiSI= =qMJx -END PGP SIGNATURE- Stop fucking signing mails to a public list that is BEYOND fucking annoying and all by itself proves that you're a clueless fuckwit. STFU and GTFO.
Re: : deploy openssl patch
On Nov 2, 2007, at 5:23 AM, Raimo Niskanen wrote:
A very nice startegy from you. I have been looking for how to patch
several machines this way. The kernel is easy since it is just
one file to patch. But the userland is more delicate. Just to
summarize
your script (I want to understand how to do it manually),
this seems what to do (?):
Just build a release and upgrade from that. Use yaifo if the machines
in question happen to be headless. Done and done. No need to
overthink things and make them a lot harder than they need to be.
OpenBSD has all the tools to do this quickly and easily with just a
little work upfront.
Preparation:
# MYTMP=/var/tmp/myroot # better use mktemp
# mkdir $MYTMP
# mkdir $MYTMP/obj $MYTMP/dest
# cd /usr/src/etc
# DESTDIR=$MYTMP/dest make distrib-dirs
# cd $MYTMP/dest
# mtree -c -k type ../dest.mtree
Patching:
# cd /usr/src
Patch and build all patches as usual, but use
`make DESTDIR=$MYTMP/dest install'
instead of plain `make install'
Creating the patch:
# cd $MYTMP/dest
# sudo mtree -f ../dest.mtree ../patch.mtree
# MYPATCH=$MYTMP/patch.tar.gz # better use mktemp
# grep '^extra:' ../patch.mtree | cut -d' ' -f2 \
| tar czf $MYPATCH -I - echo OK || echo FAILED
Where the important tricks are `make distrib-dirs' in
/usr/src/etc with DESTDIR set, mtree of the directory
tree that was created there, patching with make install
using argument DESTDIR, and mtree of the resulting tree
to find what has changed; tar:ing the added files.
On Thu, Nov 01, 2007 at 02:25:31PM -0700, Clint Pachl wrote:
Markus Wernig wrote:
Dear list
I have a couple of 4.1 firewalls that I would like to upgrade to
4.2.
Before taking them online again I'd like to deploy the openssl patch
from
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/
002_openssl.patch
I feel your pain. Others have dissed on you for not having compile
tools
on your hosts and assume you're doing it for security reasons. I
don't
know your reason, but I only have compile tools on my build system. I
create binary patches (see script below) and distribute across the
network. Who the hell wants 20 (# of servers in my network) builds
cranking on all your machines in the network? What a nightmare.
What if
they all fail? Worse yet, what if one fails? Someone is going to say,
script/automate it. Screw that. Now you need to figure out how
to make
the sources available to all the hosts, initiate the build, make sure
the build didn't fail, etc.
Another reason I don't have compile tools on some of my servers is
because they won't fit. Many of my dedicated systems use 256MB
flash drives.
The third reason to keep crap off your servers, including compiler
tools, is that potentially that extra stuff could be exploitable.
If it
is, then you have to patch it too. Just extra work.
Being perimeter firewalls, those systems don't have compile tools
installed. I would thus need to pre-compile libssl on a 4.2
buildhost
and deploy it onto the firewalls. I've been looking through the
documentation but did not find a good way to do this, because
openssl is not a package, but part of the base system.
OpenBSD makes if very easy to create binary patches. I wrote a script
below that automates most of the process. I have been using this
script
for a while and it works pretty good. The good thing about this is
that
it only creates a binary patch of executables and files that were
affected by the source patch. This also has the benefit of
touching only
a small portion of the installed system, which can be helpful when
you
are monitoring for trojan horses.
The alternative, which someone else mentioned, is just make a
release.
This is straightforward and officially supported. See release(8).
Is there any way other than tar - scp - untar after compiling
libssl?
thx for any pointers
/markus
I will apologize in advance for the screwed spacing/tabbing.
#!/bin/sh
#
# Builds kernel and userland from the /usr/src tree. The script
sets up the
# build environment then kicks the user to a shell to manually
patch the
# source. When in userland build mode, the user is also asked to
build and
# install using the instructions specified in the official OpenBSD
patch. After
# the user exits the work shell, this script will build the kernel or
create a
# binary userland patch depending on the operation mode.
#
# BUGS
# Does not build or make binary patches for the X system.
#
usage()
{
cat - EOF
usage: $APP {-k | -u} [-h] [-p patch-name]
-k : kernel build mode; makes GENERIC
GENERIC.MP kernels
-u : userland build mode; makes binary patches
-p : embedded in the newly built kernel/patch
filenames
-h : help
EOF
exit $1
}
APP=${0##*/}
REL=`uname -r`
ARCH=`uname -m`
Mode=0
PatchName=
KernCfgs='GENERIC GENERIC.MP'
while getopts p:kuh i
do case $i in
k) Mode=1 ;;
Re: lookup option in /etc/resolv.conf ignored
On Oct 13, 2007, at 2:43 AM, Karel Kulhavy wrote: I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Host queries your DNS server. It has no concept of a /etc/hosts file. As for Firefox. I'd guess that it's not asking for either by those EXACT names. But you would have to do some troubleshooting to figure that out. Why doesn't it work when man resolv.conf says it should? CL
Re: Have a OpenBSD store in Asia? Is it possible?
On Mar 18, 2007, at 7:19 PM, Bibby wrote: hi all: I use OpenBSD from 3.6, when every release is pre-ordered, i can't find a easy way to own a set. I live in China, Is it possible to have a OpenBSD store in Asia? China? Japan? Korean? or other coutries? Sure. Knock yourself out. Thanks very much. Bibby They do not preach that their God will rouse them a little before the nuts work loose.
Re: No Blob without Puffy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 snip Please do make an effort to find some information yourself before asking, or you will start getting on people's nerves, even if you do not intend to. Start? snip iD8DBQFF/AzH5B7p9jYarz8RAm2BAJ9ak/sun5B61mKN/jIF0GqMJbiy0gCfSsbx 9USyHH/QNgeX53vWKUovjxI= =f4Os -END PGP SIGNATURE-
Re: Important OpenBSD errata
On Mar 17, 2007, at 11:50 AM, Karel Kulhavy wrote: On Fri, Mar 16, 2007 at 05:53:10AM +, Karl O. Pinc wrote: On 03/15/2007 11:55:44 PM, Kian Mohageri wrote: Security isn't about receiving notifications to your Inbox in a timely fashion. It is about being proactive yourself. You should be the one taking measures to secure your systems, and you should be the one ACTIVELY LOOKING for problems. Watching mailing lists isn't enough, and this was announced very early on the ERRATA page. Perhaps my problem is that until this thread it wasn't clear to me that the errata page was inherently more reliable than the mailing list. From a technical perspective I see no reason why either can't be equally reliable. How am I to know? There are so many points to refer to regarding security - Errata page, misc mailing list, security-announce, Slashdot. It's easy to get confused. The ergonomy of work is decreased. Decrease the ergonomy of work and your accident rate goes up. That means, more people failing to upgrade their system containing with security problem. No. Everybody with a clue knows that there is two sources for good data. The errata page and source-changes. Everything else is just gravy or noise. Welcome to that club. Now you know everything you need to and just like the rest of OpenBSD it's simple, elegant, powerful, and very usable once you stop fighting the system and start using it. CL They do not preach that their God will rouse them a little before the nuts work loose.
Re: warning Yet Another Inane Post or every six month wierdness on misc@ list
On Mar 17, 2007, at 1:25 PM, Bob Beck wrote: * Diana Eichert [EMAIL PROTECTED] [2007-03-17 08:39]: I don't know what's worse, the junky posts from people who come out of the woodwork around release dates or the Two chick f/cking in wild orgy \ Normalize your Cholesterol \ mature blonde milf f/cking hardcore s/cking \ Time is running out to win the 10k Scholarship e-mails I SPAM filter on a daily basis. Well, if I had to prioritize them it would probably be the milfs and cholesterol would be more interesting than the junky posts, followed by the rest. But maybe my age is showing, I'm getting close to 40 ;) Must not make dead hookers and blow joke. :D -Bob They do not preach that their God will rouse them a little before the nuts work loose.
Re: Important OpenBSD errata
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mar 17, 2007, at 1:00 PM, Karel Kulhavy wrote: On Sat, Mar 17, 2007 at 11:43:47AM +1100, fonkprop wrote: Yet again, we see that although Theo is willing to beg, wheedle and threaten his user community into sending him money when he needs it, he holds them in too much contempt to respond to simple, uncontroversial and valid criticism. On 3/16/07, Theo de Raadt [EMAIL PROTECTED] wrote: Let's see... the fsck_ffs fix pedro commited a few hours ago. That fixes a serious problem where fsck fails to spot filesystem corruption. Should we spend time fully assessing how rare or common this situation is, and then errata it up the stream as fast as possible, maybe even consider if there are security risks from such filesystem corruption? Come on. What a bullshit argument. When you realised the problem was serious enough to update the homepage to say only two remote holes... you should also have sent out an email to security-announce. You had time to send an announcement to misc - not sending one to the list your project specifically created for just this type of situation means, quite simply, that you fucked up. You fucked up, Theo. Do it right next time, or de-commission the security-announce mailing list for once and for all. The fact that you can't get a simple thing like this right really makes me wonder about the wisdom of relying on OpenBSD for real-world use... The minute someone moans for a posting to the security-announce list they have removed any desire from me to do so. And the same comes for any other errata. What a completely fucking stupid, border-line insane thing to say. Let's get this straight - your project sets up a security announcement list specifically for announcements on vulnerabilities and patches. You then proceed to ignore it completely for one of the most serious OpenBSD security problems in the last decade. But no-one is allowed to actually say anything about this because if they do you'll not use it JUST TO SPITE US. You, sir, are a childish, immature cock. If people on our mailing list are going to be such jerks about patches which we do make available, then maybe we'll spend a whole lot less effort making errata and updating -stable. The whole concept of being subserviant towards a community of jerks is not realistitic. You know, Theo, it makes me fucking sick to see you treat the community of people who support your project and pay your wage like this. It makes me even sicker to see the crowds of shrill, stupid fanboys on this list who are so pathetically eager to agree with you that that they support even your most unreasonable, childish and frankly stupid statements. You are a goddam hypocrite - either you do OpenBSD purely for yourself and the other I don't think Theo is a hypocrite he makes otherwise a highly consistent behaviour impression on me. To me it looks like a slippage caused by an external factor. There's a problem and it has to be found and fixed. Theo, how much time do you sleep in average per night? Aren't you overworked? Don't you have some kind of family problem (relationship, death, serious disease)? Don't you you get too little money in donations and feel stressed by it? Or some other kind of cockup in your life? We need to understand that OpenBSD is a unique operating system - it's free, very complicated, AND and proper care is taken in design and programming. That must be very demanding on the developers. You need to FOAD and stop being an insulting little twat. This is nothing more and nothing less than the same frustration and rage that every working admin and coder in the world feels. It's not an accident that the BOFH is central to our culture in many ways. :) You can like it or not. We don't give a shit. Go ahead use the code that's what it's there for. But FFS stop trying to change our culture just because you don't like it. We love it and it's ours. Or if you really hate it. Go the fuck away. You will not be mourned or missed. You are a luser of the worst kind. To deny a man the right to blow off steam or to start insulting him because he does is just sick and wrong. So stop it. Now. CL developers (in which case I will stop financially supporting the project, and everyone else should too) or you recognise that what really keeps OpenBSD going is the group of people that advocate OpenBSD, use it in the real world, and buy your goddamn CDs and t-shirts to keep you going... The idiots on misc that support you when you treat your users this badly aren't the real friends of OpenBSD. They do not preach that their God will rouse them a little before the nuts work loose. iD8DBQFF/Fwj5B7p9jYarz8RAjjLAJ4ockK+w3JFQQtCdeaZ0XvAuawU9QCgoOPm gql5uZkp9G58bxHcork= =by3C -END PGP SIGNATURE-
Re: OpenBSD 4.1 Pre-Orders...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mar 17, 2007, at 3:07 PM, Bryan Allen wrote: On Mar 17, 2007, at 4:12 PM, Bob Beck wrote: Hate to tell you this, but Canada is not the United States. Give us a couple years. Pax Americana, yo. Actually I'm hoping to get BC to invade the Pac NW. :) -- bda They do not preach that their God will rouse them a little before the nuts work loose. iD8DBQFF/HJA5B7p9jYarz8RAt1jAJ99S8rRfgHlhSWpcLsnzHA7qIv7BQCbBuE/ GMNGil+Ir3CujYu05f1TuZw= =r9tw -END PGP SIGNATURE-
Re: Contradictory statement on vulnerability
On Mar 16, 2007, at 4:09 AM, Karel Kulhavy wrote: snip I am not following anything That's obvious. - just installed OpenBSD 4.0 from a CD. What should I follow, then? In other operating system the concept of upgrading is straightforward - Windows ask you and you press OK, in Gentoo Linux you type a magic sequence of magic commands and your system is up to date. But in OpenBSD it seems that the versions are not a sequence, but a tree with a lot of one way streets and that's what confuses me. The more I read your posts to the list the more it becomes clear that OpenBSD may not be for you. You might consider going back to Windows or Linux or whatever makes you happy cause this clearly ain't working out for you. OpenBSD needs what I call a maker's attitude. You need to want to read, learn, wrap your head around concepts that can have steep learning curves if you're starting at zero but that have a huge payoff if you're willing to put in the skull sweat. You don't seem to want to do this and it annoys the fuck out of us who have put in that effort and have fallen in love with the elegance of the system. Either educate yourself or move on. CL They do not preach that their God will rouse them a little before the nuts work loose.
Re: Important OpenBSD errata
On Mar 16, 2007, at 5:43 PM, fonkprop wrote: Yet again, we see that although Theo is willing to beg, wheedle and threaten his user community into sending him money when he needs it, he holds them in too much contempt to respond to simple, uncontroversial and valid criticism. No. This is pure bullshit. There was a hole. The patch and the errata had been up for -ages-. Anybody who really cares and really pays attention had patched and been happy for nearly a week. The logic behind the misc posting is so very obvious that to bitch about it is just finding something to complain about. I, of course, don't know the exact numbers but it seems pretty clear that misc has a much larger subscriber base than security-announce. Given that it just makes sense to post this to the list where the most people are going to see it. As for the rest of your rant. It's clear you've never been a working admin or coder. Try it for a while and come back when you've seen the elephant. snip
Re: Important OpenBSD errata
On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote: snip I agree. I'm very annoyed that I have to read about this problem on slashdot. The misc list is not the right place for this announcement, some low-traffic announce list that goes right into my inbox is where this stuff belongs. I rely on having a clear channel for security related problems. You -do- know that this has been on the errata page since Friday, right? Because as worried as you are and as important as this is to you you take the responsibility to check said page every day, of course. Oh wait. No you don't. Come on this is open source it should be a maker's culture. You know where these things are as soon as they hit the tree and it takes all of two whole minutes to glance at it once or twice a day. Step up to the plate and do for yourself. snip Problems communicating patch availability lead to security problems as severe as unpatched vulnerabilities. Therefore communication problems deserve the degree of acknowledgment and resolution accorded to bugs in the code. The only communication problem here is that you don't look at the information that the project puts out there for you. You are correct. This needs to be fixed. Do so. Regards, Karl [EMAIL PROTECTED] Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein They do not preach that their God will rouse them a little before the nuts work loose.
Re: OpenBSD 4.0 dvd case
On Mar 3, 2007, at 11:04 AM, Tom Van Looy wrote: Some people thought the current 4.0 artwork was to childish for a corporate environment. I created a more simple and clean looking dvd case. You can download it at http://puffy.ctors.net/ If you have some comments about this, please let me know. It's ugly, horrible, no fun and violates Theo's trademark with a whiffle bat. Oh and it's the Ubuntu folks who are colourblind. Not us. They do not preach that their God will rouse them a little before the nuts work loose.
Re: anyone join in and sponsor: Re: Any progress on WPA/WPA2 support ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jan 7, 2007, at 1:11 PM, Nick Guenther wrote: snip I would too, but I remember a while back (but cannot find the message now) Theo saying that WPA gives a false sense of security and that it would never be implemented. He didn't explain why. Does anyone else remember this? The problem with this junk is not about security. It's about being able to access them at all. It is becoming harder to find open networks because people are acting like this shit is secure. So you get WPA code, and voila, you can route out their nets. They think it gives them 'wire-security on wireless' -- but they still want it open. Ok, fine, so leave it open. You can't do real security with that WPA junk. Pretty sure that's what you're thinking of. -Nick They do not preach that their God will rouse them a little before the nuts work loose. iD8DBQFFoWcD5B7p9jYarz8RAg/0AJ9qcaMPOk9Wk3k+2bPLocSLG2mocACdFO+6 gQdaDOCMIVT14Tn/KU4SYPM= =s/wB -END PGP SIGNATURE-
Re: Serial cable connection by using some Japanese instructions
On Jan 7, 2007, at 3:37 PM, vladas wrote: http://www.openbsd.org/landisk.html mentions that .. Or you can attempt to build your own serial cable connection using some Japanese instructions .. Is there any demand for those instructions to be translated into English? You mean like this? http://www.ossmann.com/5-in-1.html They do not preach that their God will rouse them a little before the nuts work loose.
Re: Compatible hardware
On Jan 5, 2007, at 11:19 PM, Virgil Gheorghiu wrote: snip Can anyone confirm such hardware will work to its full ability under OpenBSD 3.9 or 4.0? Oddly enough, yes. The docs http://www.openbsd.org/plat.html. And whatever it says in your dmesg. I am mostly interested in the RAID status and management. I have another LSI card, LSI22320-R which supports IM (like RAID 1) / IS (like RAID 0), but OpenBSD does not provide ways to check RAID status via bioctl. Sure it does man bioctl All I get is when querying the RAID is alarm enabled, which I could also get by querying drives not part of the RAID. Any other suggestions kindly appreciated. Read more before mailing and learn how to ask smart questions. http://catb.org/~esr/faqs/smart-questions.html Best, Virgil They do not preach that their God will rouse them a little before the nuts work loose.
Re: LiveCD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Dec 23, 2006, at 3:49 PM, Passeur wrote: Hi, I am trying to build a live CD based on the official OpenBSD article. (http://www.openbsd-wiki.org/index.php?title=LiveCD) Nothing official' about it. They do not preach that their God will rouse them a little before the nuts work loose. iD8DBQFFjeL25B7p9jYarz8RAqLMAJ4s96wLOUGy3iFhUjuHRYHgzr/LbQCgkh+w wMv2MSjaFsiHb9MxZbTyUgs= =5GYn -END PGP SIGNATURE-
Re: Software License
On Nov 24, 2006, at 6:28 PM, Joel Goguen wrote: It seems to me that such a license would be too restrictive for many. The goal of OpenBSD (AFAIK) is not to force or coerce lock-in to a single OS - that's Microsoft's turf :) Theo said it best. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. [EMAIL PROTECTED] mailing list, May 29, 2001 snip They do not preach that their God will rouse them a little before the nuts work loose.
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
On Oct 5, 2006, at 4:39 PM, David T Harris wrote: When you say that the GPL is related to DRM, The point is that like DRM the GPL restricts what you can do and how you can use the code. The BSD license doesn't. what do you mean? I mean how is GPL related to DRM? Generally I try to avoid licensing discussions and what not and just focus on the technology, but I'm just curious in this regard. I know GPL3 has a lot dealing with DRM (or so I've heard) but GPL2 doesn't (supposedly, I really don't know). They do not preach that their God will rouse them a little before the nuts work loose.
Re: Low priority or real coders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sep 13, 2006, at 7:53 PM, steve szmidt wrote: Over the years one gets used to some small things that makes life easier but is only slowly catching up on OBSD. I'm curious as why this is. Is it that real coders don't need some of them, or is it just something like a matter of being a lower priority? * Not needing -a on ifconfig - Now implemented. * Not showing all I/F's by default in ifconfig, requiring -A. * Defaulting to bash, easier to use - Implemented. bash is *not* the default it's ksh. :) * Command prompt buffer not clearing but leaving at least one entry on the line and not clearing with arrow down. * Out of date vi, harder to navigate and use, poor visual feedback. Linux distros lie about this. The vast majority of them alias vim to vi. Welcome to vi. VI is proabably the worst as it gets a lot of use. It requires a lot more keystrokes than it's newer versions. It also requires a lot more attention to track the mode it is in. The newer VI is more like an typical editor and yet retained it's power. Install vim, alias it, and use a config that works for you. Some things are probably left with earlier versions due to priority, license issues and no doubt some developers just plain like some things not to change. What's on the horizon? -- Steve Szmidt To enjoy the right of political self-government, men must be capable of personal self-government - the virtue of self-control. A people without decency cannot be secure in its liberty. From the Declaration Principles They do not preach that their God will rouse them a little before the nuts work loose. iD8DBQFFCMZ95B7p9jYarz8RAuPtAKCfryuETZEULHOTJjmTgFh6F+OJQACghhqZ etOwTicjHMOvvgq3TSlSs5c= =sv3L -END PGP SIGNATURE-
Re: network cards - which one is the best ;
On Sep 3, 2006, at 3:59 PM, Sylwester S. Biernacki wrote: snip Theo wrote about em driver in OpenBSD and bad vendor design of Intel NICs in general. Exactly the opposite I have used Intel server cards with ~320Mbps traffic (max of old PCI board ;P) and everything worked as it should. I think he was writing about WiFi cards. I've yet to find anything bad about old-skool ethernet cards. Also the ethernet cards *do* have free drivers unlike the wifi cards. snip Ray Percival [EMAIL PROTECTED]
Re: network cards - which one is the best ;
On Sep 3, 2006, at 6:16 PM, Matthew R. Dempsky wrote: On Sun, Sep 03, 2006 at 05:00:37PM -0700, Ray Percival wrote: On Sep 3, 2006, at 3:59 PM, Sylwester S. Biernacki wrote: Theo wrote about em driver in OpenBSD and bad vendor design of Intel NICs in general. Exactly the opposite I have used Intel server cards with ~320Mbps traffic (max of old PCI board ;P) and everything worked as it should. I think he was writing about WiFi cards. I've yet to find anything bad about old-skool ethernet cards. Also the ethernet cards *do* have free drivers unlike the wifi cards. No, he made it explicitly clear he was talking about their gigabit ethernet cards: Approximately six years ago Intel gave the *BSD projects a driver for the Intel gigabit cards, the so-called em(4) driver. http://marc.theaimsgroup.com/?l=openbsd-miscm=115707648205545w=2 I stand corrected. They do not preach that their God will rouse them a little before the nuts work loose.
Re: authpf won't work as a shell with ssh
On Jul 8, 2006, at 8:49 PM, Bill Meigs wrote: Thanks. That fixed the adduser script issue, but I still get disconnected immediately. Read the authpf portion of the FAQ. It's in there. Darrin Chandler wrote: On Sat, Jul 08, 2006 at 06:24:40PM -0700, Bill Meigs wrote: One other related issue. If I use the adduser script and specify authpf as the shell, I get authpf: is not allowed!. I've used vipw to change the shell to /usr/sbin/authpf for the test user. man shells(5)? -- They do not preach that their God will rouse them a little before the nuts work loose.
Re: Xwindows Security Hole in OpenBSD 3.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Dec 24, 2005, at 3:50 PM, Edd Barrett wrote: On 24/12/05, Dave Feustel [EMAIL PROTECTED] wrote: I hate to send this Christmas present to misc, but there is definitely a security hole in Xwindows One wonders how software that doesn't exist can have security holes? snip - -- If you aren't solving your problems with violence, you aren't using enough. iD8DBQFDreE5+jjCYjWs3d0RArl5AJ0cJU9gDkBs6u78ecipar1DmYFExACcCpAJ 4fscKMrk0xFTLwdw1/7/aHQ= =b5sL -END PGP SIGNATURE-
Re: utilizing screen real estate without X
On Dec 24, 2005, at 3:16 PM, Michael Steinfeld wrote: Currently, I do not run X on my openbsd box and really would rather not. I am thinking of a way to have multiple ttys available for monitoring without switching back and forth between them. It might seem silly to some, when you have a dual headed vidcard and multiple displays and prefer not to use X, but I am curious to know what options I have for utilizing the real estate. screen I am thinking of writing an ncurses based app, but wanted to hear some suggestions first.. Thanks, Mike -- If you aren't solving your problems with violence, you aren't using enough.
Re: HOTO Write bad documentation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 27, 2005, at 4:20 PM, frantisek holop wrote: snip You're not contributing anything. if you are sent away right at the beginning, what's the point? expressing an opinion is still a contribution. without that, openbsd would be much poorer. i realize this thread brings nothing really new and annoys the hell out of the devs. but i think it's important that the more arty people here get these questions answered and be in the archives. and i still don't understand why we have to be ashamed of the openbsd site. it is not a commercial product, but that still doesn't mean it has to be ugly. or at least valid ugly html. So *code* something. Put it up someplace. See if anybody thinks there is a reason to switch. Offer to put the time and effort into maintaining it. A big part of the problem here is people who keep whining but don't produce any code. It's all there in CVS make with the code and I think you'll find you get much more respect. -f -- i am not a dictator. it's just i have a grumpy face. - -- If you aren't solving your problems with violence, you aren't using enough. iD8DBQFDilDQ+jjCYjWs3d0RAnDkAJ9LJU7R75Y6zn44aj1sWE6kbhWOKACdHBw9 kqHpiB/VCU6dCOXHaNjBLSk= =jjcE -END PGP SIGNATURE-
Re: HOTO Write bad documentation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 27, 2005, at 7:52 PM, Jeremy David wrote: On 11/27/05, Simon Morgan [EMAIL PROTECTED] wrote: Hackers like interesting problems. Pretty HTML and a nice website layout is not an interesting problem. Stop wasting peoples time with it. The website has its purpose and does a perfectly good job of serving it. I would have to disagree. I find that coming up with good visual layouts and good, solid web design is a large challenge. Otherwise I wouldn't do it. The OpenBSD website is functional for many people. However, it could be more functional, and work to maximum effect on all users across all platforms. I think there are a lot of misconceptions about what CSS is for. It's not just about pretty pictures. CSS and solid XHTML, when used properly, make your websites look great on the newest Mac and it makes them look and work great on lynx running on a 386. That's what good web design is all about. Right now, OpenBSD.org's layout and design relies on a lot of old hacks, which break down for many users. I find that unacceptable, just as I find the general attitude that something is good enough when it clearly could be better with a little effort to be unacceptable. Where is your diff? - -- If you aren't solving your problems with violence, you aren't using enough. iD8DBQFDioE9+jjCYjWs3d0RAlSXAJ0djmodweKg2XlpDxIu3mkY+sccUwCfb4+t 0yRldNZaeUt+5JhPG+k7MeE= =4tbv -END PGP SIGNATURE-
Re: Appliance Vendors?
On Thu, Oct 27, 2005 at 11:32:25AM -0500, L. V. Lammert wrote: We are getting ready to recommend an appliance to one of our clients, .. I know we could build a box (a la Soekris), but I have also heard that vendors like Lok Technologies are selling pre-built OBSD solutions. 1) Any recommendations pro/con about Lok? 2) Any other vendors (for US customers) with pre-built solutions? 3) Are there other h/w vendors that would be 'between' a Soekris regular PC? Sure just abour any small form factor PC should work. I would ilke to offer storage options (perhaps an email server), and I know the Soekris don't have regular HDs. You can put a HDD in a Soekris. In fact I run all mine that way. Mainly because I think flash is a bad use for a longterm massstorage device. All an appliance really is is a box that does one thing has few to no knobs and just works out of hte box. Hardware doesn't really matter. The only real reason you see so many of them on samll form factor type boxen is cost. For example I use Soekris when I sell perimeter security devices but that's simply because they are cheap to buy and to run. No other real reason. For a small form factor mail server I'd look at a shuttle type system. But unless you need a small form factor I'd just put it all on a PC or 1u server and call it good. TIA, Lee -- BOFH excuse #355: Boredom in the Kernel.
Netgear WG311 v3
These cards don't seem to be ath anymore. The relevant bits from my dmesg. rl0 at pci1 dev 0 function 0 D-Link Systems 530TX+ rev 0x10: irq 11 address 00:11:95:24:6a:0d rlphy0 at rl0 phy 0: RTL internal phy rl1 at pci1 dev 1 function 0 D-Link Systems 530TX+ rev 0x10: irq 5 address 00:11:95:24:6a:0c rlphy1 at rl1 phy 0: RTL internal phy vendor Marvell, unknown product 0x1faa (class network subclass ethernet, rev 0x03) at pci1 dev 2 function 0 not configured Thought you all might like to know. Thrice cursed vendors. Lucky for me it was an incredibly cheap impulse buy. Ray -- BOFH excuse #326: We need a licensed electrician to replace the light bulbs in the computer room.
Re: One time passwords?
On Tue, Sep 27, 2005 at 09:22:51PM -0400, stan wrote: I find myself in the position sometimes when away from home having access to only M$ machines with a base OS load only. Things I've learned from travel. 1. Carry a copy of putty on every form of media you can think of. I have one my camera. Often you can get someone to let you plug *something* in and putty pretty much just works. 2. If, like for example the public consoles at Changi and Narita, you can't plug in any media pull up the putty download page and choose the run application option from the IE download dialog. Putty runs just fine. This was tested at both airports and a handful of .sgian cybercafes. 3. Thanks to putty there is no need to resort back to telnet. I don;t have telnet open on my home network, but i was considering opening it up on the OpenbD firewall, and using some sort of one time password scheme. Would this be a sane thing to do? and f so, where cold find some software to support the one time password functionality? Yes. But do it *with* ssh. Can't be too carful about keyloggers. http://www.openbsd.org/faq/faq8.html#SKey -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967 -- BOFH excuse #276: U.S. Postal Service
Re: is there a way to block sshd trolling?
On Fri, Sep 23, 2005 at 08:24:15PM -0700, Bryan Irvine wrote: Some intelligent scripts look at tcp responses to port scans, ssh responds with SSH-2.0, which isn't too hard to identify. I don't know if changing the greeting would break the protocol, but I suspect it might break certain clients. I wonder if it's possible to fingerprint these programs. I actually have a copy of the ssh-scanner that they use. I got it by looking at the hack logs on a Linux server and going to the same FTP site they used (anonymous ftp even ;). I use the blocker script from this article. Seems to work pretty well. I'd just block Linux but I have a few friends who have yet to see the OpenBSD light. http://www.undeadly.org/cgi?action=articlesid=20041231195454mode=expanded The program that most of you see is probably Skara. If you're interested you run the program by doing ./a xxx.xxx where xxx.xxx is the first 2 octects of the network you want to scan (it only does class b). Once it finds all the servers running ssh, it then forks and runs ssh-scan on each and just crashes through the dictionary, till it finds some servers, and reports the findings. Usually something stupid like admin/admin or vmail/vmail. I ran it on my network to look for things that may have been done sloppily. I actually did find one server where someone had created a user of test with the pasword of test...nice. As long as you have secure passwords, I'd recomend just logging in as a standard user, and using su so that you don't see all those logs. Yeah. This is only a threat against *really* weak boxes. Having said that I've seen a lot of posts talking about changing ports. That's a line that I won't cross. I refuse to hide from the bots and it's not even a speedbump against somebody who is a real threat. But that just my personalline in the sand. Keep in mind that they are just kiddies scanning class b's so there's probably better things to worry about. A lot of nice tips though. I've learned a lot about PF just reading the thread. --Bryan -- BOFH excuse #345: Having to manually track the satellite.
Re: OpenBSD website Design.
On Wed, Sep 14, 2005 at 04:15:13PM -0400, Adam wrote: Matthias Herlitzius [EMAIL PROTECTED] wrote: IMHO a redesign should use XHTML/CSS. Otherwise it would be hard to realize proper accessibility for lynx :-) snip I just opened it up in lynx and myabe I just have low standards but I'm failing to find anything wrong with it. So what is it that you have objections to that could be fixes with XHTML/CSS? Adam -- BOFH excuse #156: Zombie processes haunting the computer
Re: OpenBSD website Design.
On Mon, Sep 12, 2005 at 01:56:16AM +0200, Martin Schrvder wrote: On 2005-09-08 08:57:29 +0530, Siju George wrote: One of my friends sent me this new OpenBSD website design he created. Please have a look at it :-D http://mayuresh.freeshell.org/openbsd/ Nice, but wrong: http://validator.w3.org/check?uri=http://mayuresh.freeshell.org/openbsd/ And in what browser do any of those four errors cause actual problems? And why instead of doing a redesign don't you just sumbit a patch that fixes those four problems? This is an honest question although I do clearly have a clear thought on the subject. Best Martin -- http://www.tm.oneiros.de -- BOFH excuse #257: That would be because the software doesn't work.
Re: OpenBSD website Design.
On Sat, Sep 10, 2005 at 09:52:02AM +0100, ed wrote: On Fri, 09 Sep 2005 22:12:03 +0200 Alexander Hall [EMAIL PROTECTED] wrote: What about http://www.openbsd.org/cgi-bin/cvsweb/www/ ? :-) I was taking a look at that, and it seems I am either getting behind with OpenBSD versions or something in ospfd development has torn a vortex in the rift of space time and 3.8 has popped through from the future creating the file 38.html, released in November 2005. http://www.openbsd.org/cgi-bin/cvsweb/www/38.html Does it come complete with instructions for building your own flux capacitor, or am I just being silly? Yes? /humour -- http://edd.link9.net - http://irc.is-cool.net -- BOFH excuse #309: firewall needs cooling
Re: Doing the evil thing, working with windows...
On Sat, Sep 03, 2005 at 04:10:02PM -0700, mojo fms wrote: I need to get an OpenBSD server to do Authentication on a MS Windows 2k3 network, trying to replace the DNS servers on them and im trying to secure the network a lot more. Im trying to also learn how about how to make OpenBSD and FreeBSD act as replacement options for Microsoft servers in the terms of logging in and handling things similar to AD. Isn't tha pretty much what Samba is for? Im pretty sure i need OpenLDAP to do most of this if not all, but any places on information on setting this up and personal experience's in this area would be very helpful and maybe one or two people i can toss a few questions at that generally hard to find answers for. Thanks -- BOFH excuse #353: Second-system effect.
Re: Routing and firewall performance on older machines?
On Mon, Aug 29, 2005 at 05:22:13PM -0400, Peter Landry wrote: Hi, We're going to be doing some network restructuring, splitting our internal network into 2 separate IP networks (192.168.1.0 and 192.168.2.0). We currently have a Microsoft ISA firewall for our whole network (since it's just 1 ip network right now, 192.168.0.0). I've suggested replacing the ISA firewall with an OpenBSD machine with 3 NICs, to handle both routing between the two internet networks, and firewall out to the internet. It will just be a static route between the two internal networks, in addition to whatever routing is necessary for firewall/NAT (I'm not sure on this?). As far as the firewall is concerned, I don't think it will be a problem as far as performance goes (our internet connect is 2mbit, which shouldn't be hard to saturate). For the internal routing though, what kind of hardware would we need to keep the 2 gigabit networks connected at a decent speed? Amazing what happens when you bother to read and search just a bit. Almost has if you aren't the only person in the world asking this question. http://www.openbsd.org/faq/pf/perf.html :) We're looking at a p4 with a gig of ram - does that sound like it'll be a bottleneck? I figured that OpenBSD would lower the requirements for our firewall machine (less bloat) as well as increase security. Sorry if this is too general or vague a question - I did some searching on the archives and could only find references to performance of IPSec implementations, which we won't be using Thanks, I appreciate any responses/links/feedback, Peter L. -- BOFH excuse #105: UPS interrupted the server's power
Re: SMS (mobile phone) authentication
On Sat, Aug 27, 2005 at 03:44:14PM +0200, Rickard Dahlstrand wrote: snip Right now the last line just logs the key to syslog instead of sending it to a phone. Also not that the otp-key password is hardcoded in the script. Not really a good idea, but I have no choice. (The file is not world readable) Yes, I know this is a hack and that I should probably find something better to do instead of wasting your time with my crappy code. BUT this exist, and even thought you don't see the use for it, can you please just give me a hand in pointing out if this most obvious security concerns. Since SMS is, I'm pretty sure plaintext, it has all the downsides of sending any password in the clear. Thanks, Rickard. -- BOFH excuse #306: CPU-angle has to be adjusted because of vibrations coming from the nearby road
Re: How to configure bind to work under OpenBSD 3.7
On Thu, Aug 25, 2005 at 11:13:52AM -0300, Joco Salvatti wrote: HI all, I'd like to know where I could find informations about how to configure bind to work under OpenBSD 3.7. I've already made a search in the net, but the available documents are vacant. I've already looked at FAQ files, but I also cound't find a thing. man rc.conf man named I also like the book Secure Architectures with OpenBSD. It's a bit dated and the pf stuff is shite, but other than that it can often start you down the right path. Thanks. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED] -- BOFH excuse #426: internet is needed to catch the etherbunny
Re: RSS feed for errata
On Wed, Aug 24, 2005 at 01:03:04AM -0500, Gerardo Santana Gsmez Garrido wrote: 2005/8/24, Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]: This has been discussed before. I think many people here agree this would be very useful. Some has even volunteered to do it, but I haven't found anything in Google about it yet. So, the question is ?has anybody made it?, otherwise, ?is anybody willing to do it? I've just found this from a message by dhartmei in undeadly: http://undeadly.org/cgi?action=errata It seems like a first attempt like Daniel says. Is it going to be improved maintained? Just to know if I should wait for it or start coding it myself. http://www.vuxml.org/ This is what I use. Could use some work but it is up to date and seems to be maintained. -- Gerardo Santana -- BOFH excuse #48: bad ether in the cables
Re: /usr/share/pf/ suggestion
On Wed, Aug 24, 2005 at 09:15:48AM -0400, Timothy Donahue wrote: On Tuesday 23 August 2005 11:58 pm, eric wrote: On Tue, 2005-08-23 at 16:53:25 -0600, Theo de Raadt proclaimed... It is plain simple bad advice. And totally ridiculous. And plus, with ipv6, it's imperative that the filters be pushed down to the end-host so we can quit relying on stupid firewalls and NAT bullshit to break networks and slow progress. Itojun mentioned the fact that each host should have a firesuit in the ipv6 world. It's quite good advice. Well, lets not get ahead of ourselves here. Filtering at the network edge is A Good Thing(TM) when done correctly, it is NAT that is not necessarily a good thing. Speaking as a network guy NAT is A Good Thing granted it breaks some outdated notion of end to end commo. But if more people payed strict attention to the OSI model that would not matter. Simply put if an application puts a IP addy someplace my NAT box can't touch it the application is broken. And in today's world anything that puts one more layer between my network and the net is good. Other than that I agree with everything else you've said. Filtering incoming (and possibly outgoing traffic) helps do several things, first it decreases the burden on your hosts. It also allows you a place to stop traffic that should never leave your network, for example, only your mail servers should be allowed to send traffic on port 25. I'm not saying that we should ignore host based firewalls, because that isn't the case, I'm just recommending that you not be so quick to dismiss the value of having a filter beyond the host. -- BOFH excuse #381: Robotic tape changer mistook operator's tie for a backup tape.
Re: OpenBSD 3.8 negative free space (?WTF?)
On Wed, Aug 24, 2005 at 08:56:32PM +0200, Erik Wikstrvm wrote: On 2005-08-24 20:21, John Kintaro Tate wrote: Hrm, I was installing the mono port and I ran into an error. The error was simple and we all know what it means. Trying 62.243.72.50... Unimplemented command. 61% |**| 8922 KB 04:55 ETA /: write failed, file system is full So I did the next thing that comes naturally, I aborted and did a df -h... # df -h FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 787M778M -30.6M 104%/ WTF is going on here? -30.6M sounds kinda weird. I might be dead wrong here but I think that some space is reserved for root or some such. ~5% to be exact. -- Erik Wikstrvm -- BOFH excuse #172: pseudo-user on a pseudo-terminal
Re: /usr/share/pf/ suggestion
On Tue, Aug 23, 2005 at 06:57:43PM -0400, Will H. Backman wrote: -Original Message- From: Theo de Raadt [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 23, 2005 6:53 PM To: Jason Crawford Cc: Will H. Backman; j knight; Misc OpenBSD Subject: Re: /usr/share/pf/ suggestion snip (Crawling out of my protective hole) So does it make sense to include a basic pf rule set for a basic end-user host that blocks everything by default? I've done it using the example I gave. Don't know if my way has some errors or not. I'd say punch a hole for SSH. This is because I consider a *NIX box that can not be managed via SSH to be borken. And, of course, we are only talking about having this as an example and maybe mentioned in a FAQ someplace and not turned on by defualt, right? -- BOFH excuse #394: Jupiter is aligned with Mars.
Re: Using an ASUS K8S-MX a mistake? - update
On Sun, Aug 14, 2005 at 09:04:04AM -0500, Joe Szedula wrote: I've installed the amd64 -current (13 August) on my ASUS K8S-MX system. snip The dmesg shows these unknown items: ppb1 at pci0 dev 6 function 0 vendor SIS, unknown product 0x000a rev 0x00 ppb2 at pci0 dev 7 function 0 vendor SIS, unknown product 0x000a rev 0x00 lm0 at isa0 port 0x290/8: unknown winbond chip ID 0x88 I decided to try another ethernet board I had: dc0 at pci0 dev 9 function 0 Lite-On PNIC rev 0x20: irq 10, address 00:a0:cc:24:be:91 During the boot process I get this message: dc0: failed to force tx and rx to idle state repeated twice, after the starting network line. The network seems to work just fine. What does this indicate? Since it only appears during boot is it something I can just ignore? Does this: SIS 182 SATA rev 0x01 at pci0 dev 5 function 0 not configured just mean there were no SATA drives connected? Will SATA drives work when connected to this motherboard? http://www.openbsd.org/amd64.html#hardware and since there is much overlap http://www.openbsd.org/i386.html#hardware The complete dmesg output follows this message. Joe - OpenBSD 3.8-beta (GENERIC) #0: Sat Aug 13 07:51:35 CDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 502722560 (490940K) avail mem = 419856384 (410016K) using 12324 buffers containing 50479104 bytes (49296K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 2800+, 2029.82 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFL USH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 SIS 760 PCI rev 0x03 ppb0 at pci0 dev 1 function 0 SIS 86C202 VGA rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 SIS 6330 VGA rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) SIS 965 PCI rev 0x47 at pci0 dev 2 function 0 not configured pciide0 at pci0 dev 2 function 5 SIS 5513 EIDE rev 0x01: 760: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: QUANTUM FIREBALLlct15 10 wd0: 16-sector PIO, LBA, 9736MB, 19941264 sectors wd1 at pciide0 channel 0 drive 1: QUANTUM FIREBALL EX3.2A wd1: 16-sector PIO, LBA, 3079MB, 6306048 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 wd2 at pciide0 channel 1 drive 0: HDS722512VLAT20 wd2: 16-sector PIO, LBA48, 117800MB, 241254720 sectors atapiscsi0 at pciide0 channel 1 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: E-IDE, CD-ROM 52X/AKH, A63 SCSI0 5/cdrom removable wd2(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 auich0 at pci0 dev 2 function 7 SIS 7012 AC97 rev 0xa0: irq 10, SiS7012 AC97 ac97: codec id 0x41445368 (Analog Devices AD1888) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ohci0 at pci0 dev 3 function 0 SIS 5597/5598 USB rev 0x0f: irq 5, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: SIS OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci0 dev 3 function 1 SIS 5597/5598 USB rev 0x0f: irq 5, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: SIS OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered ohci2 at pci0 dev 3 function 2 SIS 5597/5598 USB rev 0x0f: irq 3, version 1.0, legacy support usb2 at ohci2: USB revision 1.0 uhub2 at usb2 uhub2: SIS OHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 3 function 3 SIS 7002 USB rev 0x00: irq 5 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: SIS EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 8 ports with 8 removable, self powered vendor SIS, unknown product 0x0190 (class network subclass ethernet, rev 0x00) at pci0 dev 4 function 0 not configured SIS 182 SATA rev 0x01 at pci0 dev 5 function 0 not configured ppb1 at pci0 dev 6 function 0 vendor SIS, unknown product 0x000a rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci0 dev 7 function 0 vendor SIS, unknown product 0x000a rev 0x00 pci3 at ppb2 bus 3 dc0 at pci0 dev 9 function 0 Lite-On PNIC rev 0x20: irq 10, address 00:a0:cc:24:be:91 mtdphy0 at dc0 phy 1: MTD972 10/100 PHY, rev. 8 pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2
pf and authpf logging.
I've been asked to do something a bit silly for work. Let me give you the background. I have a bunch of network connections that run our of a non-OpenBSD firewall, they just happen to be VPN tunnels, for auditing purposes they want to generate a log when somebody starts a session down one of those tunnels and, this is the silly bit, a log when the session ends. This is where I'm at so far. I have a 3.7 box running pf with a authpf user. The authpf user logs in and I get that logged. Then he starts a ssh session to my test box and I get pf: Aug 10 16:33:44.148959 rule 3.rayp(7025).0/(match) pass in on xl0: 10.6.223.254.29881 172.22.22.2.22: S 2379237274:2379237274(0) win 64240 mss 1460,nop,nop,sackOK (DF) in my logs. This is a Good Thing, and btw colour me *very* impressed. Now I would happily stop there and call it good. But they want something like that, with username and IPs when the ssh session ends. I've been unable to find any way to do this in the docs that I've come across so far. Although the other logging features are hella cool. I know that this is rather silly and not really what it is meant to do but I'm hoping somebody might know how to do some deep magic. Thanks. Ray -- BOFH excuse #1: clock speed
authpf doesn't seem to be creating user_ip
I have the following pf.conf and authpf.rules. When I try to load the rules
into the anchor I get
authpfbob# pfctl -a authpf -f /etc/authpf/authpf.rules
/etc/authpf/authpf.rules:3: macro 'user_ip' not defined
/etc/authpf/authpf.rules:3: syntax error
pfctl: Syntax error in config file: pf rules not loaded
From reading the man page and the FAQ I think I have everything right. But
clearly I need to do somehting else to get user_ip to work. Wasn't able to
find anything in the archives. Any ideas, please?
authpfbob# cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if=xl1
int_if=xl0
#table spamd persist
#table spamd-white persist
table authpf_users persist
scrub in
#nat on $ext_if from !($ext_if) - ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
#rdr pass on $ext_if proto tcp from spamd to port smtp \
# - 127.0.0.1 port spamd
#rdr pass on $ext_if proto tcp from !spamd-white to port smtp \
# - 127.0.0.1 port spamd
block in all
#pass out keep state
#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if }
pass in on $int_if proto tcp to ($int_if) port ssh keep state
#pass in on $ext_if proto tcp to ($ext_if) port 49151 user proxy keep state
#pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
anchor authpf/*
load anchor authpf from /etc/authpf/authpf.rules
authpfbob# cat /etc/authpf/authpf.rules
int_if = xl0
pass in quick on $int_if proto tcp from $user_ip to any keep state
--
BOFH excuse #50:
Change in Earth's rotational speed
Re: authpf doesn't seem to be creating user_ip
On Mon, Aug 08, 2005 at 01:14:52PM -0600, Bob Beck wrote: * Ray Percival [EMAIL PROTECTED] [2005-08-08 12:17]: I have the following pf.conf and authpf.rules. When I try to load the rules into the anchor I get authpfbob# pfctl -a authpf -f /etc/authpf/authpf.rules /etc/authpf/authpf.rules:3: macro 'user_ip' not defined /etc/authpf/authpf.rules:3: syntax error pfctl: Syntax error in config file: pf rules not loaded I wouldn't expect loading that ruleset with pfctl to work that way. authpf adds the macro definition when it loads it. you can't expect to just run pfctl on that file and have it load correctly, unless you add a user_ip definition at the top of it (which should *NOT* be there when using authpf.) That was it. I got a bit confused between having a state problem that got sorted and reading trhe authpf and the more general anchor doc. Thanks for the pointer. Your pf.conf you attached looks, well, strange, you shouldn't be loading anchor authpf from anywhere. authpf does that. Try the examples as in the man page and verify you can make those work as expected first. -Bob -- BOFH excuse #340: Well fix that in the next (upgrade, update, patch release, service pack). [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Requesting an change in the installer
On Fri, Aug 05, 2005 at 09:37:52AM +0200, Artur Grabowski wrote: Lars Hansson [EMAIL PROTECTED] writes: snip Don't change settings and options unless you really have to. Because when you get used to the changes and for some reason need to change environment you'll get surprised and will make mistakes. The whole don't fiddle with options concept is not just to make people run GENERIC. It's everything between not compiling your own kernel to not change the color settings in your window manager (of course, I find the default fvwm settings awful and change them - hypocrite). So I should be shot in the face for this, http://www.scarynetworkguy.net/screen.html /humour For the record I agree with your point. //art -- BOFH excuse #188: ..disk or the processor is on fire.
Re: OT: any problems with webservers on high ports blocked by corporate-firewalls?
On Sun, Jul 24, 2005 at 03:24:06PM -0700, Miles Keaton wrote: Somewhat-OT, but I figure the PF-friendly OBSD gang would have more experience with this than anyone: Working on a webmin-style admin/control-panel service for our webhosting clients. Thinking of running it on high ports like :8383 - : or something. Anyone had problems with uncommon ports being blocked by corporate-firewalls? This tool is for light-personal use, so some people might need to log in from work. Wondering if anyone has seen a trend these days for most companies to block all but port 80 or something? We do. IMHO not enough places do and more should. Well not port only 80 but I think there should be more places that restrict access out. Having said that why are you running it on high ports? /curious -- BOFH excuse #227: Fatal error right in front of screen
Re: Openbsd 3.7 using USB 1gb (fat32-winxp) mount says Inappropriate file type or format
On Mon, Jul 18, 2005 at 01:35:37PM -0700, edgar mortiz wrote: I have a 1gb USB Flash Drive and i formatted it on Windows XP so i can move files from windows to openbsd and vice versa. i plugged the usb on my bsd box and dmesg shows up as: ** dmesg: ** umass0 at uhub0 port 2 configuration 1 interface 0 umass0: SONY USB 2.0 Flash, rev 1.10/1.00, addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0: SONY, USB 2.0 Flash, %z!Y SCSI2 0/direct removable sd0: 1024MB, 1024 cyl, 64 head, 32 sec, 512 bytes/sec, 2097280 sec total it seems that openbsd sees the drive .. cool but when i mount it relic# mount -t msdos /dev/sd0a /mnt mount_msdos: /dev/sd0a on /mnt: Inappropriate file type or format The error is a bit misleading. Try 'mount /dev/sd0i /mnt' which just works here and is what most of the google hits suggest. i check the disklabel, and fdisk results: ** disklabel: ** relic# disklabel sd0 disklabel: warning, DOS partition table with no valid OpenBSD partition # /dev/rsd0c: type: SCSI disk: SCSI disk label: USB 2.0 Flash flags: bytes/sector: 512 sectors/track: 32 tracks/cylinder: 64 sectors/cylinder: 2048 cylinders: 1024 total sectors: 2097280 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 209721763 MSDOS # Cyl 0*- 1024* c: 2097280 0 unused 0 0 # Cyl 0 - 1024* ** fdisk: ** relic# fdisk sd0 fdisk: sysctl(machdep.bios.diskinfo): Device not configured Disk: sd0 geometry: 1024/64/32 [2097280 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused *3: 0B0 1 1 - 1023 63 32 [ 32: 2097120 ] Win95 FAT-32 it seems that openbsd sees the fs as is FAT32 .. but i still don't get it why it's saying something like Inappropriate file type or format maybe I'm missing something .. any help from you guys out there ..as a workaround .. i've tried to format the usb drive via newfs_msdos ( newfs_msdos /dev/sd0a ) it was able to format it and all but when it's time to put it on the xp box .. it says drive cannot be read .. I'm using OpenBSD 3.7 GENERIC#50 Not likely to be a formating issue. Again the error is a bit misleading. any input is cool any answers .. will be awesome!! edgar --
Testimonial
I just upgraded a ftp server that has been running on Debian stable for the last 3 years, yes I know unsafe and unclean and all that but sadly my only choice is what to run it on not to make our customers go to sftp. I just upgraded it to OpenBSD 3.7. Setting it up in a more secure manner than it was before was dead easy compared to Debian and the performance improvement is nothing short of dramatic. Kudos and thanks to Theo and all the rest. I'm SO glad that I decided to learn OpenBSD. Ray -- BOFH excuse #264: Your modem doesn't speak English.
Re: ISAKMPD VPN w/ Cisco Concentrator
On Wed, Mar 23, 2005 at 12:28:17PM -0500, Paul Lussier wrote: Hi all, I'm need of a little help setting up a VPN tunnel between my OpenBSD box and a Cisco VPN concentrator. I have successfully set up a tunnel with another OpenBSD box, but in trying to change the isakmpd.conf to then connect to the Cisco, I'm running into trouble. Part of my problem is that I have no Cisco VPN experience, so I don't know how translate the options set on the Cisco side to something usable by isakmpd. The person in charge of the Cisco side sent me the following config settings: Interface is 192.168.0.5 Authentication ESP/MD5/HMAC-128 Encryption 3DES-168 IKE Proposal IKE-3DES-MD5 Preshared Key is f00zb411 Target Network 192.168.0.0 Should 'Athentication' above be AUTHENTICATION_METHOD in isakmpd.conf? And what does 'IKE Proposal' mean? I couldn't find anything that seemed to match up with that in the isakmpd.conf man page. It's simply the algorithm that you want to use to set up IKE. Has to do with dyanmic SAs. Good luck, btw. I can make almost any IPSEC capable device talk to almost any other IPSEC capable device. But the only thing I have ever got to talk to a Cisco is a Cisco. Can't help but notice that you just sent a preshared key to the whole world. I'll gladly sent my iskmpd.conf file if anyone needs to see it. Thanks. -- Seeya, Paul [demime 1.01d removed an attachment of type application/pgp-signature] -- BOFH excuse #287: Telecommunications is downshifting. [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Difficulty upgrading to 3.7
On Sun, Jul 03, 2005 at 01:23:16PM -0400, Ted Unangst wrote: On Sun, 3 Jul 2005, Aric Gregson wrote: Hope this is the appropriate list for this. Have tried to upgrade to 3.7 from 3.6 for a while a now. Tried booting from binary 3.7 -release on a CD (which I burned), but repeatedly received a hint as to arch would have been appreciated, as would the dmesg so far. ohci_pci_attach(?, ?, ?, ?, ?, fcbfd00) at ohci_pci_attach+0x1a8 I had a smiliar problem with a 3.7 install. Took out my USB fob and it workd fine. Not sure why. Do you have a lot of USB devices? disable ohci, then try again. -- And that's why Miami is Miami. -- BOFH excuse #69: knot in cables caused data stream to become twisted and kinked [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Stopping Xorg cleanly on Mac Mini
On Fri, Jul 01, 2005 at 11:55:31AM +0200, Dominik Epple wrote: On Thu, Jun 30, 2005 at 03:46:32PM -0500, Chandler May wrote: I recently posted to this list inquiring how to successfully initialize the Xorg server on a Mac Mini (With an LCD monitor through DVI) running OpenBSD 3.7. Now, I need to know how to stop it. ;-P I've tried reboot as root, and the Exit menu command in the FVWM menu, and I get the same results either way. After a few seconds, the screen goes blank. Another second and the keys lock up. Then, who knows what happens, but it doesn't leave me with any choice but to perform a hard reboot with the power button. My experiences with NetBSD (ya, I know we are on the OpenBSD list) are similar: The console freezes -- at least the screen. Who knows whether the keyboard still works if you have no screen ;) I've seen the same problem on a Dell laptop. I don't have the model number or a dmesg just now but I'll post one when I can get it. But the machine itself does not lock up, you can login with ssh. Perhaps you can try that? -- PGP Public Key and contact information available at http://www.tphys.physik.uni-tuebingen.de/tplist/phonelist.py?uid=epple [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] -- BOFH excuse #424: operation failed because: there is no message for this error (#1014)
Re: anoncvs
On Wed, Jun 22, 2005 at 06:43:36AM -0400, Nick Holland wrote: Ray Percival wrote: Trying to track -stable according to the FAQ I'm doing the following. setenv [EMAIL PROTECTED]:/cvs #Which seems to take and the following cvs commands work and the fingerprints match. Then cvs up -rOPENBSD_3_7 -Pd ? archivers/w-cabextract-1.1 ? archivers/w-unzip-5.51 ? archivers/w-faad-2.0p1 ? archivers/w-id3lib-3.8.3 ? archivers/w-lame-3.96.1 ? archivers/w-liba52-0.7.4p0 ? archivers/w-libid3tag-0.15.1b ? archivers/w-libmad-0.15.1b ? archivers/w-libmikmod-3.1.10p3 ? archivers/w-libogg-1.1.2 ? archivers/w-libvorbis-1.1.0p0 ? archivers/w-xmms-1.2.10p0 ? archivers/w-db-4.2.52p2 ? archivers/w-gdbm-1.8.3 ? archivers/w-autoconf-2.13p0 ? archivers/w-autoconf-2.57 ? archivers/w-autoconf-2.59 ? archivers/w-automake-1.4-p6p2 ? archivers/w-fribidi-0.10.4 ? archivers/w-gmake-3.80p0 ? archivers/w-gmp-4.1.4 ? archivers/w-help2man-1.29 ? archivers/w-libdvdread-0.9.4 ? archivers/w-libtool-1.5.10p2 ? archivers/w-metaauto-0.4 ? archivers/w-nasm-0.98.38 ? archivers/w-pkgconfig-0.15.0 ? archivers/w-sdl-1.2.7p1-sun ? archivers/w-ffmpeg-20050130p0 ? archivers/w-libmpeg2-0.4.0b ? archivers/w-python-2.3.5 ? archivers/w-tcl-8.4.7p1 ? archivers/w-libdvdnav-0.1.9 ? archivers/w-BitTorrent-3.4.2 ? archivers/w-wget-1.8.2 ? archivers/w-upsd-2.0 ? archivers/w-aspell-0.50.5p1 ? archivers/w-expat-1.95.6 ? archivers/w-texi2html-1.64 ? archivers/obconf ? archivers/w-msttcorefonts-1.2 ? archivers/w-tk-8.4.7 ? archivers/w-vlc-0.8.1p1 ? archivers/w-wxWidgets-gtk-2.4.2p0-gtk2 ? archivers/w-wxWidgets-headers-2.4.2p0 cannot create_adm_p /tmp/anoncvs.cMrHUf9372/cvs-serv15237/archivers No such file or directory in /usr/ports and in /usr/src (Which has been populated from the CD) cvs up -rOPENBSD_3_7 -Pd cannot create_adm_p /tmp/anoncvs.UAKvF11238/cvs-serv31158/bin No such file or directory I think I'm doing everything right. And can't find any steps that I'm missing inThe how-to. So what am I doing wrong, please. The ? files are files/directories which are in your tree, but not in the CVS repository. Apparently, you are fond of building stuff from source rather than using packages. :) (hmm...some of that stuff looks like it is in the wrong place. you might have Other Problems there) Well this *is* my first OpenBSD box. Had to try it out. That and I got rather frustrated with pkg_add not finding things and just built some stuff. Should likely stop that. :) Yeah, at least one of those is a unofficial port. But that's a rant for another day The error message is, unfortunately, very vague. CVS is kinda bizzare -- you can spend a lot of time trying to figure out why it can't create something in your /tmp directory, only to find out it was complaining about a problem on the SERVER end. So...first of all, check to make sure your /tmp directory is writable, make sure you have plenty of free space (note how I carefully dodged the any numbers that define plenty -- but 20M would probably do it). If that doesn't do it, try a different repository. Or try today, the problem may be long-since resolved. Cool thanks for the hints. Checking now. Nick. -- BOFH excuse #139: UBNC (user brain not connected) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: sshd suddenly not responding
On Tue, Jun 21, 2005 at 01:38:15PM -0700, Winston Williams wrote: I am just setting up an OpenBSD machine that I am hosting remotely in a data center. I was configuring qmail on two ssh sessions, when both sessions suddenly died. ssh will no longer respond apache and bind are still responding and work perfectly When I try to connect via ssh I get the following error: ssh_exchange_identification: Connection closed by remote host And here it is with -v verbose: OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004 This is a Debian box, and while Debian is a great Linux distro it's not OpenBSD. Having said that, odds are you have mucked up your /etc/hosts.deny and/or /etc/hosts.allow files. I would think that you might want to ask any follow up questions to Debian users. Please do *not* respond to me off list debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to tigl [207.114.###.###] port 22. debug1: Connection established. debug1: identity file /home/winston/.ssh/identity type -1 debug1: identity file /home/winston/.ssh/id_rsa type -1 debug1: identity file /home/winston/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host I am afraid that it will be at least 24 hours before they will be able to restart my machine, I am at a low-cost, unstaffed data center. -- Winston Williams [EMAIL PROTECTED] -- BOFH excuse #163: no any key on keyboard [demime 1.01d removed an attachment of type application/pgp-signature]
anoncvs
Trying to track -stable according to the FAQ I'm doing the following. setenv [EMAIL PROTECTED]:/cvs #Which seems to take and the following cvs commands work and the fingerprints match. Then cvs up -rOPENBSD_3_7 -Pd ? archivers/w-cabextract-1.1 ? archivers/w-unzip-5.51 ? archivers/w-faad-2.0p1 ? archivers/w-id3lib-3.8.3 ? archivers/w-lame-3.96.1 ? archivers/w-liba52-0.7.4p0 ? archivers/w-libid3tag-0.15.1b ? archivers/w-libmad-0.15.1b ? archivers/w-libmikmod-3.1.10p3 ? archivers/w-libogg-1.1.2 ? archivers/w-libvorbis-1.1.0p0 ? archivers/w-xmms-1.2.10p0 ? archivers/w-db-4.2.52p2 ? archivers/w-gdbm-1.8.3 ? archivers/w-autoconf-2.13p0 ? archivers/w-autoconf-2.57 ? archivers/w-autoconf-2.59 ? archivers/w-automake-1.4-p6p2 ? archivers/w-fribidi-0.10.4 ? archivers/w-gmake-3.80p0 ? archivers/w-gmp-4.1.4 ? archivers/w-help2man-1.29 ? archivers/w-libdvdread-0.9.4 ? archivers/w-libtool-1.5.10p2 ? archivers/w-metaauto-0.4 ? archivers/w-nasm-0.98.38 ? archivers/w-pkgconfig-0.15.0 ? archivers/w-sdl-1.2.7p1-sun ? archivers/w-ffmpeg-20050130p0 ? archivers/w-libmpeg2-0.4.0b ? archivers/w-python-2.3.5 ? archivers/w-tcl-8.4.7p1 ? archivers/w-libdvdnav-0.1.9 ? archivers/w-BitTorrent-3.4.2 ? archivers/w-wget-1.8.2 ? archivers/w-upsd-2.0 ? archivers/w-aspell-0.50.5p1 ? archivers/w-expat-1.95.6 ? archivers/w-texi2html-1.64 ? archivers/obconf ? archivers/w-msttcorefonts-1.2 ? archivers/w-tk-8.4.7 ? archivers/w-vlc-0.8.1p1 ? archivers/w-wxWidgets-gtk-2.4.2p0-gtk2 ? archivers/w-wxWidgets-headers-2.4.2p0 cannot create_adm_p /tmp/anoncvs.cMrHUf9372/cvs-serv15237/archivers No such file or directory in /usr/ports and in /usr/src (Which has been populated from the CD) cvs up -rOPENBSD_3_7 -Pd cannot create_adm_p /tmp/anoncvs.UAKvF11238/cvs-serv31158/bin No such file or directory I think I'm doing everything right. And can't find any steps that I'm missing inThe how-to. So what am I doing wrong, please. -- BOFH excuse #197: I'm sorry a pentium won't do, you need an SGI to connect with us. [demime 1.01d removed an attachment of type application/pgp-signature]
Encrypted Swap
Setting up GPG and I thought I enabled encrypted swap with sysctl -w vm.swapencrypt.enable=1 it threw a message telling me that it was changing it. I also uncommented it in /etc/sysctl.conf but have not booted since doing that. Looking thorugh the archives and the faq I thought that should make gpg stop yelling at me about insecure memory. But it still is. So have I missed something or is there something else I should be reading. Thanks. Ray -- BOFH excuse #443: Zombie processes detected, machine is haunted. [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Encrypted Swap
On Mon, Jun 20, 2005 at 09:17:55PM +0200, Rogier Krieger wrote: On 6/20/05, Ray Percival [EMAIL PROTECTED] wrote: Setting up GPG and I thought I enabled encrypted swap with sysctl -w vm.swapencrypt.enable=1 You're already there; only GPG doesn't know about that. I suspect you misread the instructions. GPG will whine about insecure memory so long as it does not have setuid bits set on the executable Yes I did, misread that is. Thanks for the clue. By encrypting the swap, you eliminated the need for those setuid bits. GPG, however, will continue to whine until you either tell it to shut up or add the (now unnecessary) setuid bits. Your gpg.conf is the place to edit and add the equivalent of the command line option --no-secmem-warning to your setup. Cheers, Rogier -- If you don't know where you're going, any road will get you there. -- BOFH excuse #343: The ATM board has run out of 10 pound notes. We are having a whip round to refill it, care to contribute ? [demime 1.01d removed an attachment of type application/pgp-signature]
Audio
I have a nforce mobo with built in sound. Dmesg shows auich0 at pci0 dev 6 function 0 Nvidia nForce AC-97 Audio rev 0xc2: irq 5, nForce AC97 audio0 at auich0 So I'm pretty sure the drivers are loaded and the card is supported. I think the problem is that /dev/sound is lrwx-- 1 root wheel 6 Jun 19 14:29 /dev/sound - sound0 and for some reason wont let me change the perms on it. /dev/sound0 looks better with crw-rw-rw- 1 root wheel 42, 0 Jun 19 14:29 /dev/sound0 Of course the really odd thing is that it is not working as root either. Any hints, please? -- BOFH excuse #437: crop circles in the corn shell [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Openbox and x.org
On Wed, Jun 15, 2005 at 04:20:50PM -0400, Mathieu Sauve-Frankel wrote: On Tue, Jun 14, 2005 at 10:36:00AM -0700, Ray Percival wrote: It would seem that openbox as installed from the package in 3.7 doesn't have rc.xml or menu.xml files. Is this on purpose or is it a bug or, very likely, am I missing something obvious? I'm going to try importing the ones I have on my Debian box to see if that solves it. missing something obvious /usr/local/share/openbox/rc.xml /usr/local/share/openbox/menu.xml Fair enough. Thit is what I'm seeing. Openbox will start and now that I have my xorg.conf right, thanks to Brian, the resolution is right. But I'm seeing a grey background, the default I assume, but I can't get any menus to come up with the right, left, or middle mouse buttons. I do have a cursor and it does move with the mouse so I'm pretty sure the mouse is configured right. To be honest at that point I rebooted into Debian and started doing some searching around I came across a old webpage and, much to my everlasting shame, made the assumption that the lack of config files it talked about was the problem. So this all brings me to the better version of my question. I'm seeing the above and know that by default openbox doesn't look in /usr/local/share but that that is where OpenBSD design says they should go. So should the OpenBSD build be looking there or do I just need to move the files over to the right spot in my home dir. I'm a bit confused because twm just works. Thanks much. Ray -- BOFH excuse #190: Proprietary Information. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Openbox and x.org
It would seem that openbox as installed from the package in 3.7 doesn't have rc.xml or menu.xml files. Is this on purpose or is it a bug or, very likely, am I missing something obvious? I'm going to try importing the ones I have on my Debian box to see if that solves it. Also coming from Debian I've not yet played with x.org a lot. I've not had a lot of luck with their website and was kind of hoping that somebody might point be at a OpenBSD specific fm. Thanks much in advance. -- BOFH excuse #242: Software uses US measurements, but the OS is in metric...
Re: A Business Case for integrating OpenBSD into IT Infrastructures
On Sun, Jun 05, 2005 at 10:25:39PM -0400, Steve Shockley wrote: Mark Uemura wrote: Remote access: Windows' built-in Remote Desktop is included with the OS, you don't need OpenBSD for that. You couldn't do that over your Intel VPN? Remote Desktop is potentially vulnerable to MITM, but it's probably more secure than an external web site like GoToMyPC. VPN: Why the hell does everyone hate the included Microsoft VPN? If you run an MS shop, it's easy and cheap. That uses IPsec, ISAKMP and PKI. It also has features to quarantine Windows clients that don't meet your criteria for system security. To start with http://www.schneier.com/pptp.html and also because I for one don't trust *any* security related code that I can't get the source for. I think I'm not alone here by any means. (Yes, the MS PPTP protocol had some weaknesses, but that was 1998. That'd be like avoiding OpenSSH because the SSH 1.0 protocol had some weaknesses.) No. It would be like SSH having well documented fundamental flaws and then a group with a reputation for producing bad code told us that they were all fixed but not letting us look at the code telling us that they are fixed. Fact of the matter is we can look at the OpenSSH code and see if the problems that we know about are fixed or not. You can't do that with closed source. So do you really want to trust your data going over a public network to a vendor with Microsoft's rep for getting crypto and security wrong? I sure as hell know I don't want to. -- BOFH excuse #99: SIMM crosstalk. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
