Re: It is 2010. Still no >3GB support by default?

2010-06-07 Thread Johan Beisser
On Mon, Jun 7, 2010 at 4:35 PM, Jacob L. Leifman wrote: > (yes, I am aware that there are > specialized applications that do require the use of a monster-sized > dump truck with an engine to match, but in reality how many places have > a genuine need of a database that even with fully optimized d

pfsync: bulk update failed

2010-05-22 Thread Johan Beisser
I have a pair of freshly installed OpenBSD 4.7/amd64-RELEASE systems. They're running redundant failover pairs with fw1 being the master. It seems I've got a problem getting pfsync to properly pass a full bulk update over, so longer term sessions time out when the MASTER takes over for the BACKUP

Re: time based rules on pf

2010-05-17 Thread Johan Beisser
Build an anchor, have a ruleset loaded to it by cron, and removed at the specified time later. On Mon, May 17, 2010 at 7:03 AM, Leonardo Carneiro - Veltrac wrote: > There is a way to do time-based rules on pf? Something like "this packet > will /pass/ from 10h to 13h" or "this packet will /pass/

Re: licensing

2010-04-15 Thread Johan Beisser
On Thu, Apr 15, 2010 at 10:34 AM, Thomas Pfaff wrote: > There's non-free software in the ports tree. Good thing it's in ports, then. Keeps that shady license where we can see it, and choose to suffer with it or not.

Re: is skype using encryption?

2010-04-10 Thread Johan Beisser
On Sat, Apr 10, 2010 at 7:55 AM, Jozsi Vadkan wrote: > Can someone [same subnet, e.g.: with a hub, not switch..] sniff my skype > password when i'm using Skype? Is it encrypted? Why are you asking a Skype support question on an OpenBSD mailing list? The best way to know is to dump the data yours

Re: selling bsd in cd for profit??

2010-02-26 Thread Johan Beisser
On Fri, Feb 26, 2010 at 4:44 PM, Citra Cool wrote: > Can I selling openBSD in CD for profit?? The OpenBSD project has a hard enough time making money on the CDs they're selling to fund the project. But, give this a read anyway. http://openbsd.org/policy.html

Re: Is it time to replace this hard disk?

2010-02-21 Thread Johan Beisser
On Sun, Feb 21, 2010 at 10:15 PM, Siju George wrote: > Hi, > > I get a few of this kind of error during a forced manual fsck at boot. > > Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn > 5392325 (wd0 bn 24734585; cn 1539 tn 167 sn 29) > Feb 15 15:43:51 fw2 /bsd: wd0g: uncorr

Re: OT, .. but has anyone seen a crontab editor

2010-02-19 Thread Johan Beisser
On Fri, Feb 19, 2010 at 8:21 AM, L. V. Lammert wrote: > No, that isn't going to work. This isn't some elitist club - if we can't > provide a simple, sane, safe way for a [priviledged] user to push a backup > image out to a DR server, than *we* have failed as technologists. Wait. What the hell i

Re: OT: opinions on IDS / IPS solutions

2010-02-17 Thread Johan Beisser
On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin wrote: > From a compliance perspective, I don't have much choice. From the > costs, infrastructure, and administrative perspectives, I am currently > evaluating whether or not I should be leaning towards and IDS or IPS > solution, and of course which

Re: fsck segfault on a big partition, 4.6

2010-01-27 Thread Johan Beisser
On Wed, Jan 27, 2010 at 4:53 PM, Denis Doroshenko wrote: > so the OS needs to do something. what should it do? should it just > panic? or may be losing one process is better than losing them all? > then, what are the criteria for choosing processes to be killed?.. > > wondering if "random" means

Re: OpenVPN problem.

2010-01-25 Thread Johan Beisser
On Mon, Jan 25, 2010 at 10:05 AM, Alessandro Baggi wrote: > Johan Beisser wrote: > Hi Johan. Thanks for the answer. I've reduced my pf.conf on client and > server side to: > > ext="rl0" > int="rl1" > > nat on $ext from $int:network -> $ext:0 &g

Re: OpenVPN problem.

2010-01-25 Thread Johan Beisser
On Mon, Jan 25, 2010 at 5:45 AM, Alessandro Baggi wrote: > Hi list! I'm setting up a vpn between two openbsd firewall: > This is the scenario: > > FW1 FW2 > $ext 192.168.1.33 $ext 192.168.1.2 > $int 10.1.1.1

Re: Another question: device naming convention

2010-01-22 Thread Johan Beisser
On Thu, Jan 21, 2010 at 11:54 PM, Otto Moerbeek wrote: >> You could makefs on /dev/sd0c instead. Nothing really forces you to >> create other slices (or partitions) on the device. > > Bad advice. disklabel does not record some redundant information for > the c partitiion. Which may bite you in ca

Re: Another question: device naming convention

2010-01-21 Thread Johan Beisser
On Thu, Jan 21, 2010 at 10:43 PM, Song Li wrote: > On Fri, Jan 22, 2010 at 6:44 AM, Bret S. Lambert > wrote: >> On Fri, Jan 22, 2010 at 05:42:25AM +0100, Song Li wrote: > "fdisk sd0" is not a problem to me now either after I've seen Aaron's > comments on fdisk. The problem on mount still exists

Re: Another question: device naming convention

2010-01-21 Thread Johan Beisser
On Thu, Jan 21, 2010 at 8:42 PM, Song Li wrote: > For the mount device: what's the device naming convention and the > rationale behind it? I do not think it's a good idea to search through > all the device and find out the device name. Linux and FreeBSD use > slightly different convention but the

Re: Problem with nat-to on -current

2009-12-29 Thread Johan Beisser
t; That's for 4.6 and the syntax is completely different from 4.6 to -current > > > > - Original Message - > From: Johan Beisser > To: Wade, Daniel > Sent: Tue Dec 29 20:02:34 2009 > Subject: Re: Problem with nat-to on -current > > On Tue, Dec 29, 20

Re: OT: Python (was Re: vi in /bin)

2009-12-19 Thread Johan Beisser
On Sat, Dec 19, 2009 at 4:00 PM, Marco Peereboom wrote: > > There is no limit to shit code produced by amateurs and "professionals". Out of this whole thread this is the only statement I agree with completely.

Re: How to disable IPv6?

2009-12-05 Thread Johan Beisser
Feeding the troll, sorry. On Sat, Dec 5, 2009 at 2:45 PM, rhubbell wrote: > > Not sure how care plays into this. A simple question that the folks here > would rather not answer but instead would rather meander about. I gave you the file where GENERIC for all kernels is configured. If you bother

Re: How to disable IPv6?

2009-12-05 Thread Johan Beisser
On Sat, Dec 5, 2009 at 12:52 PM, Jussi Peltola wrote: > At least some developers hang on misc@ and surely know how to disable > ipv6. The question is: do they care? In my experience, no.

Re: How to disable IPv6?

2009-12-05 Thread Johan Beisser
On Sat, Dec 5, 2009 at 12:44 PM, rhubbell wrote: > On Sat, 5 Dec 2009 15:28:09 -0500 > STeve Andre' wrote: > >> mostly a waste of time, except for the educational aspects of what not >> to do. > > Thanks for the nice story. I get a kick out of how far folks here go out > of their way not to help

Re: 200g harddisk after newfs = Available 174g?

2009-10-28 Thread Johan Beisser
Two words: Filesystem Overhead. On Tue, Oct 27, 2009 at 11:59 PM, Jennifer Ma wrote: > hi all, lately, i obtained a seagate 200g(wd1) harddisk from my elder > brother, after i disklabel, newfs and mount the disk. only 174g is > shown as available, in windows(through samba), said 9.16g already be

Re: OT: Juniper SSL-VPN?

2009-09-14 Thread Johan Beisser
On Mon, Sep 14, 2009 at 6:53 PM, patrick keshishian wrote: > ahhh... Do you know if there are any open-source clients that are able > to connect through their service? I'm unable to google any specifics > on what "protocol" they use, or rather what their java app does after > it is launched. Is i

Re: OT: Juniper SSL-VPN?

2009-09-14 Thread Johan Beisser
On Mon, Sep 14, 2009 at 5:39 PM, patrick keshishian wrote: > I didn't want to hijack the other VPN thread for this purpose, so here > is a new thread. Anyone know much about how Juniper SSL-VPN networks > work? It's a java based client that's run on the "client-side" and forwards specified packet

Re: router/firewall

2009-09-04 Thread Johan Beisser
On Fri, Sep 4, 2009 at 11:31 AM, Sha'ul wrote: > Thank you for the info. I was not looking for anything for how to install > OpenBSD, but only for how to use it as a router and wireless access point > system for network The difference between the two installs is almost zero. Understanding one with

Re: strange (?) ssh user

2009-08-21 Thread Johan Beisser
On Fri, Aug 21, 2009 at 7:34 AM, Uwe Dippel wrote: > Now I am pretty sure that this is what we see here. > It also makes sense, since all those users sit on a tightly controlled LAN; > while that machine is 'further out'. So that restricted services can be > accessed through some tunneling. > Now:

Re: MySQL and ulimit

2009-06-10 Thread Johan Beisser
On Tue, Jun 9, 2009 at 2:50 PM, Ted Unangst wrote: > The short answer is that you can't use more than 1GB of memory. Out of curiosity, what's the long answer?

Re: /var/db/dhcpd.leases

2009-06-09 Thread Johan Beisser
2009/6/9 Thanasis : > They are not static, but they are fixed and they actually get assigned They're fixed then. Yes, it's normal behavior because they're not considered a lease, and rather viewed as what they are: assigned and reserved. > So in this case is it normal, not having any entries in

Re: Fan mail!

2009-06-08 Thread Johan Beisser
On Mon, Jun 8, 2009 at 6:43 AM, Anton Parol wrote: > I still can't believe that I saw mpf@ on my train this morning. I thought I > remembered his face from hackathon pics, but then he pulls out his thinkpad > and I see the blue console messages come up. I was like, woah, very cool. > Thats a good s

Re: pf, altq, packet rate

2009-05-27 Thread Johan Beisser
On Wed, May 27, 2009 at 10:44 PM, SJP Lists wrote: > I know this is an option, but forcing the resending of traffic doesn't > seem to be the most efficient method to me, when I could instead just > shape that same traffic when it leaves another interface. It's a horrible option, but it's what wa

Re: pf, altq, packet rate

2009-05-27 Thread Johan Beisser
On Wed, May 27, 2009 at 12:02 PM, SJP Lists wrote: > Thanks Lars and Johan, > > I was trying to highlight to irix that once traffic is received, it is > too late to alter the bandwidth it already used coming in. > > In other words, doing it on the incoming is pointless. Thus, as in > your exampl

Re: 4.5 on Thinkpad 600x issue

2009-05-27 Thread Johan Beisser
On Wed, May 27, 2009 at 10:26 AM, STeve Andre' wrote: > I've never tried installing OpenBSD on a 600x but I'm a little surprised that > it isn't working fine. You're in for a few surprises when you do then. It should work fine, but there's some ACPI issues that have never been addressed. > Sinc

Re: pf, altq, packet rate

2009-05-27 Thread Johan Beisser
On Wed, May 27, 2009 at 11:04 AM, SJP Lists wrote: > How do you shape traffic that you have already received? Or to put it > another way, how do you alter the past? I've always just assigned inbound traffic to the existing outbound queues. My assumption is that the responding traffic would use t

Re: Help with PKG_PATH=

2009-05-14 Thread Johan Beisser
On Thu, May 14, 2009 at 10:41 AM, Jose Perez Rodriguez wrote: > Today i was installing OpenBSD 4.5 and i type: > export PKG_PATH=ftp://tp.openbsd.org/pub/OpenBSD/4.5/packages/i386/ "tp.openbsd.org"?

Re: sendmail vs. other MTAs

2009-05-13 Thread Johan Beisser
On Wed, May 13, 2009 at 2:38 PM, Renaud Allard wrote: > Sounds like you never tried exim, or at least v4. Currently, no other MTA is > able to do what exim does. Its licence may not be the best one, but it is > able to do more than any other existing MTA. Such as? I please ignorance, I haven't

Re: sendmail vs. other MTAs

2009-05-11 Thread Johan Beisser
On Mon, May 11, 2009 at 3:54 PM, Dan wrote: > So it seems like the goal is for it to be as good or better than qmail > if it's going to be smaller, easier to maintain, secure, etc. Then > where's the problem? Saying qmail has good design is a firm hand you've not actually really worked with it or

Re: Cell Phone as Modem

2009-04-16 Thread johan beisser
On Apr 16, 2009, at 2:08 PM, Fred Crowson wrote: Plug it in and if /var/log/messages has a line like: Apr 16 21:57:45 x41 /bsd: ucom0 at umodem0 You might be in luck. You may want to check that your provider permits tethering as a modem. Some do, quite a few don't. If they do, make sur

Re: the power of one

2009-02-27 Thread johan beisser
On Feb 27, 2009, at 3:36 AM, Mihai Popescu B.S. wrote: I don't want to be a smart ass, but I was a little bit confused about some answers on undeadly.org message post by me. Basicaly, I was saying that even 1 euro matters for the donations. I was thinking that thousands of OpenBSD users donating

Re: NAT, Firewall & pf

2009-02-23 Thread johan beisser
On Feb 23, 2009, at 9:11 PM, patrick keshishian wrote: why all the "quick" stuff? This is supposed to be a very simple set up. Granted we don't exactly understand what the OP wants to do, but from what I gather, he most likely wants to allow all outbound traffic with NAT and everything else get

Re: NAT, Firewall & pf

2009-02-23 Thread johan beisser
Comments inline. On Feb 23, 2009, at 5:58 PM, Hilco Wijbenga wrote: Hi all, I've been trying to get a simple firewall system up-and-running in OpenBSD. I have "The Book of PF" and "Secure Architectures with OpenBSD" so I thought it would be very simple. Well, we're two weeks later now and stil

Re: user-friendliness and netbsd

2009-02-23 Thread Johan Beisser
On Mon, Feb 23, 2009 at 10:48 AM, Dave Wilson wrote: > On the contrary, I find OpenBSD remarkably user-friendly. Almost > everything I want is already in base, most things are set up with > intelligent and safe defaults, I can't even remember the last time I had > to even *have* an xorg.conf, let

Re: NFS or SAMBA ?

2009-02-14 Thread johan beisser
On Feb 13, 2009, at 12:10 PM, Jean-Frangois wrote: Hi, It's for sharing btw Linux / OpenBSD. Last one is server. Probably other than Linux client one day. However for Windowd there are ways to install NFS client. And, all of those ways suck. Sadly, to windows Samba is about the best method th

Re: OT: NFS or SAMBA ?

2009-02-13 Thread johan beisser
On Feb 13, 2009, at 11:41 AM, Jean-Frangois wrote: I am mounting network drives. Would you recommand the use of NFS or SAMBA for home use ? What would you be serving to? PC Boxen? MacOS X? Linux? Another OpenBSD box? Both protocols are appropriate for similar - but not entirely the same - setu

Re: usr.sbin/wake removal

2009-02-09 Thread Johan Beisser
I'd gladly trade look(1) for wake(8). That's almost 8k right there. On 2/9/09, Emilio Perea wrote: > On Mon, Feb 09, 2009 at 09:05:13PM +1300, Richard Toohey wrote: >> On 9/02/2009, at 6:31 PM, Thomas Pfaff wrote: >> >>> I think this could use some explaining for those of us that are not >>> int

Re: hoststated status ?

2009-02-08 Thread Johan Beisser
A little more googling would have introduced you to relayd(8). On 2/8/09, Xavier Beaudouin wrote: > Hello, > > Just a quick question, what is the status of hoststated ? > > I ran into http://www.openbsd.org/papers/eurobsdcon07/pyr- > loadbalancing/ and I found that a quite exiting projet. > > U

Re: Virtualization, OpenBSD as host

2009-01-16 Thread johan beisser
On Jan 16, 2009, at 12:05 PM, Allie Daneman wrote: BingoI don't run this stuff voluntarily...I have to for work. If work is all SAE, and you have metric and SAE tools, do you bring your metric tools on the job site? No, because for the most part they won't fit, and you might strip the b

Re: Virtualization, OpenBSD as host

2009-01-16 Thread johan beisser
On Jan 16, 2009, at 11:00 AM, Allie Daneman wrote: I need to run Java on the guest...hence the reason Qemu doesn't work for me. T need virtualization software that runs java on an XP guest. The version of OpenBSD doesn't matter ;) I've been running it since 2.8 and am running current today

Re: Port ZFS to OpenBSD

2009-01-15 Thread johan beisser
On Jan 15, 2009, at 9:38 AM, Sevan / Venture37 wrote: The hammer FS seems promising from the BSDtalk Will & Matthew did. Outside of a single person who's doing porting (to an unknown OS), there's not been much in the way of updates on the status. It's a BETA filesystem at best, and still b

Re: REPLY ME IMMEDIATELY

2009-01-13 Thread johan beisser
On Jan 13, 2009, at 6:42 AM, Dan Colish wrote: On Tue, Jan 13, 2009 at 8:11 AM, Arno Kumpel wrote: I have a new email address!You can now email me at: arkump...@yahoo.com *- I have the sum of $8.5USD for offshore investment*. I will appreciate it so immersely if you could give details an

Re: ftp from script

2009-01-03 Thread johan beisser
On Jan 3, 2009, at 7:27 AM, Ed Ahlsen-Girard wrote: You're right. You're so right, in fact, that I'd already changed the code; even I noticed that my original was bad practice. You're doing this in perl, and not using Net::FTP? But my real problem was getting the download to work inside a s

Re: Trouble ticket system suggestions

2008-12-23 Thread Johan Beisser
I don't think any are bankrupt due to RT. On 12/23/08, Ted Unangst wrote: > On Tue, Dec 23, 2008 at 6:44 PM, bofh wrote: >> Here's a vote for RT. I've installed it, and also used it at F100 >> companies. > > Faint praise considering how many F100 companies are bankrupt. :)

Re: CARP with a single public IP address

2008-12-22 Thread johan beisser
On Dec 22, 2008, at 5:25 PM, Henning Brauer wrote: yurop is different And one day, the US might stop playing ketchup.

Re: CARP with a single public IP address

2008-12-22 Thread johan beisser
On Dec 22, 2008, at 12:27 PM, Henning Brauer wrote: * Todd T. Fries [2008-12-05 13:27]: Ironically, IPv6 cannot solve this scenario either, since by definition using ipv6 tends to require a tunnel a few ISPs here (too many) are stupid enough to deal with v6 to the extend of handing out v6

Re: smb protocol not supported error using konqueror on 4.4 with samba package

2008-12-21 Thread johan beisser
You need the KDE Samba package. http://www.openbsd.org/4.4_packages/i386/kdesamba-3.5.9.tgz-long.html On Dec 21, 2008, at 10:41 PM, Siju George wrote: Hi, I am running 4.4 and have both kdebase package and samba package installed. $ uname -a OpenBSD risen.hifxchn2.local 4.4 GENERIC#1021 i

[ptp-general] Re: OpenWRT auto-provisioning

2008-11-26 Thread johan beisser
On Nov 26, 2008, at 3:27 PM, Keith Lofstrom wrote: > > I would love to see an ALIX version of this. While I am still > having fun learning about the ALIX by doing my own setup, I > expect I will be setting up more than one ALIX board with > members of the Portland Linux Unix Group, and being abl

[ptp-general] Re: OpenWRT auto-provisioning

2008-11-26 Thread Johan Beisser
I was considering something similar for OpenBSD on Soekris and ALIX boards. I'll take a closer look at your stuff this afternoon. Thanks. On 2008-11-26, Tyler Booth <[EMAIL PROTECTED]> wrote: > Following up on Russell's excellent presentation on OpenWRT last week, > I've developed a set of scr

[ptp-general] Re: node infrastructure improvement

2008-11-17 Thread johan beisser
On Nov 17, 2008, at 9:26 PM, Russell Senior wrote: > > The $173 includes the board, small enclosure, the CF and power supply. > The enclosure is for indoors and doesn't need mounting hardware beyond > the little rubber feet it comes with. That's a pretty good cost. I'm tempted to grab one for my

[ptp-general] Re: node infrastructure improvement

2008-11-17 Thread Johan Beisser
What little I've seen of the ALIX board impressed me. But, is the cost including mouting hardware and the minipci wifi card? The $173 price tag strikes me that it doesn't. Am I correct to assume no chassis and transplanting the existing wifi card from the nucab? On 17 Nov 2008 19:31:17 -0800

Re: vpn with an iphone

2008-11-17 Thread Johan Beisser
PoPToP is in ports. On 11/17/08, jul <[EMAIL PROTECTED]> wrote: > Hello > > has someone setup a vpn tunnel between openbsd and an iphone ? > > it seems ipsec part is strictly limited to "cisco ipsec" with a user > account/password so not good for us. > Else there is pptp and l2tp but i'm not sur

Re: apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4

2008-11-17 Thread Johan Beisser
Did you turn off chroot? Also, why is "Starting Pure-FTPd" in the log? On 11/16/08, Andrei Pirvan <[EMAIL PROTECTED]> wrote: > Hello > > The problem I have is that default apache can't load PHP module. PHP > was installed from packages (php5-core-5.2.6.tgz), so here is nothing > custom made. The

Re: jdk for amd64!

2008-11-16 Thread Johan Beisser
It may not work with the release version of 4.4. Upgreade to a snapshot and cross your fingers. On 11/16/08, Tony Berth <[EMAIL PROTECTED]> wrote: > On 11/16/08, Stephan Andreas <[EMAIL PROTECTED]> wrote: >> Am Sonntag, 16. November 2008 18:32:55 schrieben Sie: >>> Dear Group, >>> >>> I just rea

Re: DNS Server behind Router

2008-11-15 Thread Johan Beisser
Check your bind config. It's likely not configured to respond to non-local network IP addresses. On 11/15/08, Vivek Ayer <[EMAIL PROTECTED]> wrote: > Hey guys, > > Need some help with DNS queries behind a router. I set up a DNS server > in my network and it responds when I'm within my network. I

Re: pf.conf

2008-11-11 Thread johan beisser
On Nov 11, 2008, at 5:38 PM, igor denisov wrote: ??? Would you tell me for sure what ports http, ssl, https, X, and lpt runs on, as well as daemons for them? Why? These are all documented already. Look at /etc/services and man pages.

Re: Gateway setup

2008-11-08 Thread johan beisser
On Nov 8, 2008, at 4:21 PM, Alfredo Perez wrote: On Sat, Nov 08, 2008 at 04:00:23PM -0800, johan beisser wrote: On Nov 8, 2008, at 3:34 PM, Alfredo Perez wrote: Hi I have the following configuration router/firewall <--- OPENBSD BOX <- Wireless switch I'm confused. Wh

Re: Gateway setup

2008-11-08 Thread johan beisser
On Nov 8, 2008, at 3:34 PM, Alfredo Perez wrote: Hi I have the following configuration router/firewall <--- OPENBSD BOX <- Wireless switch I'm confused. Why isn't the OpenBSD box the router/firewall? nat.conf shows nat on rl0 from dc0/24 to any -> rl0 nat.conf? Do you mean pf.con

Re: Packet Filter: how to keep device names on hardware failure?

2008-11-07 Thread johan beisser
On Nov 7, 2008, at 9:44 AM, Dave Anderson wrote: Network configuration has bugged me a bit ever since I started using OpenBSD, not just the real security issue that Harald Dunkel points out but general ease of administration issues. For example, on a typical single-NIC system one ought to be

Re: 4.4 sshd didn't start

2008-11-03 Thread johan beisser
On Nov 3, 2008, at 11:28 AM, elflord woods wrote: hello i've just installed 4.4 and answered yes during installation for the default start of sshd yet the sshd didn't start after reboot and then i add enable_sshd=YES in /etc/rc.local but then it complains that it could not load host key A

Re: openbsd-current strange keyboard behaviour

2008-10-31 Thread Johan Beisser
Interesting. I had this problem on an IBM 600x, but due to the age of the hardware assumed it was some quirkiness with its ACPI/apm implementation. In the end, I had to use a Windows install to manage the IRQs to stop a conflict between sone subsystems. It helped make the keyboard freeze less ofte

Re: 4.3 won't boot at all on my laptop

2008-10-28 Thread johan beisser
On Oct 28, 2008, at 4:11 PM, Stevoid wrote: I've burnt the various *.iso files to CD but my laptop doesn't recognise them as bootable but I know whet work. I've begun the installation process on several machines using these disks and they work. Are you 100% certain you burned the iso as an

Re: prob d'affichage minicom sur FreeBSD

2008-10-27 Thread Johan Beisser
No need to appoligize. If you ask in English I'll do my best to help you out. I've been using Soekris hardware for a while now. My french, for what it's worth, is so bad I didn't try too hard to read yours, so the person who should appoligize is me. And I was right in guessing that your English i

Re: prob d'affichage minicom sur FreeBSD

2008-10-27 Thread Johan Beisser
Problem 1: you're asking about FreeBSD on an OpenBSD mailing list. Problem 2: this list has standardized on English, since that is the common language for most (if not all) of the developers. Problem 3: misc@ doesn't really support minicom directly. Someone may be able to help you anyway, though.

Re: reliable, dd over simple ip network

2008-10-18 Thread johan beisser
On Oct 18, 2008, at 2:23 AM, Matthew Dempsky wrote: I know, but I understood "ssh will compress what goes through its tunnel to begin with" to imply this is the default behavior. Maybe Johan meant "can" instead of "will." You're right, I did. Sorry for the confusion, I was typing on the bla

Re: reliable, dd over simple ip network

2008-10-17 Thread Johan Beisser
You know ssh will compress what goes through its tunnel to begin with, right? So, you can eliminate at least one command there.. On 10/17/08, Girish Venkatachalam <[EMAIL PROTECTED]> wrote: > On 17:29:56 Oct 17, Mike wrote: >> > >> > will work out much faster and better than plain old dd(1). >>

[ptp-general] Re: Red&Black WifiDog outage

2008-10-17 Thread Johan Beisser
the wifidog authserver (that ipaddr > specifically). I can ping it from elsewhere, but not from red&black. > If I'm right, it looks like it's time to advise them to switch ISPs. > > > -- > Russell Senior, Secretary > [EMAIL PROTECTED] > > > >

Re: whitelisting X DSL (dynamic IP)s

2008-10-16 Thread johan beisser
On Oct 16, 2008, at 1:59 PM, Jose Fragoso wrote: So my question is: what is the best way to deal with this kind of situation. Should I reduce the value of whiteexp ? Has anybody thought of way of cleaning such road-warrior addresses on a daily basis ? To be fare, these address should not stay in

Re: package ports tools, ftp and pf

2008-10-16 Thread Johan Beisser
Either switch to passive ftp, or open your ftp-data port. That should solve some of your problems. On 10/16/08, Kendall Shaw <[EMAIL PROTECTED]> wrote: > I get no reply when I try to subscribe to the pf mailing list, so I'll > ask here. I'm running OpenBSD 4.3 stable on amd64. I use what is in t

Re: what exactly is enc0?

2008-10-16 Thread Johan Beisser
The board's PCI slot has to be molded to support it. If not, a dremmel and a little precision will permit the card to sit in the slot with no problems. Shave a few mm off the PCI slot's side, don't cut the card. . On 10/16/08, J.C. Roberts <[EMAIL PROTECTED]> wrote: > On Wednesday 15 October 2008

[ptp-general] Re: If the City seizes and removes MetroFi's gear...

2008-10-10 Thread johan beisser
On Oct 10, 2008, at 10:11 AM, Christopher Chen wrote: > > You just want a bucket truck. Who doesn't? --~--~-~--~~~---~--~~ The Personal Telco Project - http://www.personaltelco.net/ Donate to PTP: http://www.personaltelco.net/donate Archives: http://news.gmane.o

Re: Two years ago today...

2008-10-04 Thread johan beisser
On Oct 4, 2008, at 2:40 PM, Jason C. Wells wrote: You obviously haven't been upgrading enough. One day I will tell you teh story of teh "make world". You gonna sit him on your lap, pawpaw? ___ freebsd-chat@freebsd.org mailing list http://lists.free

[ptp-general] Re: Veganopolis has been down for 6-ish days

2008-10-02 Thread Johan Beisser
sn't been up since last Friday. > > Thanks! > > > -- > Russell Senior, Secretary > [EMAIL PROTECTED] > > > > -- Johan Beisser UNIX Contracting: infrastructure design, network security, disaster planning and recovery --~--~-~--~~--

Re: Dell SC440 hangs

2008-09-26 Thread johan beisser
On Sep 26, 2008, at 9:16 PM, Steve Shockley wrote: I'm running -current from September 9 on a Dell SC440. When I try to do a bulk ports build using dpb, it runs for a couple of hours and hangs. The console screen is blank and doesn't respond to keyboard, but I can still ping the machine. If

Re: NSA Resources For Rapid Targeting and Routing Analysis

2008-09-19 Thread Johan Beisser
It's always time for that hat. On 9/19/08, Stuart VanZee <[EMAIL PROTECTED]> wrote: >> From: Ted Unangst >> Sent: Friday, September 19, 2008 1:12 PM >> Cc: Misc OpenBSD >> Subject: Re: NSA Resources For Rapid Targeting and Routing Analysis >> >> >> On Fri, Sep 19, 2008 at 12:38 PM, Doug Milam >> <

Re: Patching a SSH 'Weakness'

2008-09-13 Thread johan beisser
On Sep 13, 2008, at 5:49 AM, steve szmidt wrote: Yes, the US had it for a while but a recent ruling has reversed that. Really? I never heard of it ever being passed in the first place. If it's the case I'm thinking of, the key couldn't be compelled from the guy due to how they were trying t

Re: Patching a SSH 'Weakness'

2008-09-13 Thread johan beisser
On Sep 13, 2008, at 3:21 AM, Toni Spets wrote: What about some known patterns like "screen (-r)" from the start of every session for example in an IRC shell where most people do that first? Could it be used with lots of data to crack open future sessions? I would say "yes it's possible. B

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 9:43 PM, Darrin Chandler wrote: I'm saying what he's wanting to prevent - Eve watching input and output to figure out passwords, based on keyboard timing and typing patterns - isn't really an easy attack for Eve to accomplish without a huge amount of data being coll

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 6:41 PM, Darrin Chandler wrote: On Fri, Sep 12, 2008 at 05:42:08PM -0700, johan beisser wrote: It's just a improbable attack. One that's easily defended against by maintaining the interactive shell/echoback and simply push additional Was it you who said earlie

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 4:08 PM, Damien Miller wrote: There is no reason to believe that keystroke timing attacks will be impossible against protocol 2 where they work against protocol 1. They might just be a little more tricky. I don't think I discounted an updated version of this attack against

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 3:12 PM, Philip Guenther wrote: On Fri, Sep 12, 2008 at 2:05 PM, johan beisser <[EMAIL PROTECTED]> wrote: This about security. Being realistic means *not* being optimistic that extracting data will be "too hard", "too unlikely", "only applic

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 2:28 PM, Stuart Henderson wrote: On 2008/09/12 14:05, johan beisser wrote: I'm not going to say "It's impossible." It's not. How about "really highly unlikely" that Eve will pick up enough useful signal to decrypt which letters are b

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 2:28 PM, Stuart Henderson wrote: On 2008/09/12 14:05, johan beisser wrote: I'm not going to say "It's impossible." It's not. How about "really highly unlikely" that Eve will pick up enough useful signal to decrypt which letters are b

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 7:02 AM, Kevin Neff wrote: Thanks for all the comments. I think we're all pretty much on the same page. First order of business is to look at how much of a weakness this may be. Then, implement several potential solutions. Finally, test to see if the "fixes" improve

Re: Patching a SSH 'Weakness'

2008-09-12 Thread johan beisser
On Sep 12, 2008, at 1:16 PM, Stuart Henderson wrote: Wait, how do you know someone is typing a password inside the session and not just writing a text file or typing arbitrary commands? e.g. when eve's machine that's hijacking the network packets picks up an outgoing SSH connection. I'm not g

Re: Patching a SSH 'Weakness'

2008-09-10 Thread Johan Beisser
Hell you say. I wear glasses and have been punched. Hard. In the face. Good to know I'll be immune from you. On 9/10/08, Aaron Glenn <[EMAIL PROTECTED]> wrote: > On Wed, Sep 10, 2008 at 7:56 PM, STeve Andre' <[EMAIL PROTECTED]> wrote: >> >> How about people with severe physical problems? I know

Re: pf to block against DDoS?

2008-09-04 Thread johan beisser
On Sep 4, 2008, at 12:23 PM, Redd Vinylene wrote: I was quite shocked today when I heard I could use pf to block against DDoS attacks, using Stateful Tracking Options, http://www.openbsd.org/faq/pf/filter.html#stateopts. But does anybody have any nice setups of this they'd want to share? I'd

Re: question on nat behaviour ....

2008-09-02 Thread johan beisser
On Sep 2, 2008, at 10:08 AM, Stefan Sczekalla wrote: I'm somewhat uncertain on how NAT behaves especially on nearly concurrent rules. e.g. assumption: ( ext_if has two addresse e.g. 82.100.200.1 and and ALIAS 82.100.200.2 ) nat pass on $ext_if form $internal_networks to 192.168.47.11 -> 82.10

Re: wd0(wdc1:0:0): timeout on openbsd 4.0 macppc

2008-09-01 Thread johan beisser
On Sep 1, 2008, at 11:44 AM, Khalid Schofield wrote: Hi, I'm running openbsd 4.0 (yeh old I know but it's a vital system that I'm replacing but it processes data that makes a lot of money). Better replace the disk tomorrow, then. Or, implement the software on a new system, and take the hit

Re: A place for a perl library in the hierarchy

2008-08-31 Thread Johan Beisser
As a rule, anything not in base is installed to /usr/local. Take the time to make sure your library isn't already in ports (or a package) before installing it. I've recently taken to putting my own packages and manually compiled binaries under /opt/local. It's non-standard, but works for me. -jb

Mesh wireless routing with OpenBSD

2008-08-30 Thread johan beisser
I've been poking around the Misc archives, and haven't seen anything related to solving this specific issue, at least with my own preferred router software: OpenBSD. So, while researching on implementation details for a community wireless system, I found out about Hazy-Sighted Link State Ro

Re: Howto connect to several wireless network ?

2008-08-28 Thread johan beisser
On Aug 28, 2008, at 4:06 PM, Nick Guenther wrote: The trouble with that is that these days you rarely want to just connect to the first open wifi you see (and most wifi isn't open anyway). Well, admittedly, it'd have to be rewritten and revised anyway. Ifstated(8) didn't exist the last time

Re: Howto connect to several wireless network ?

2008-08-28 Thread johan beisser
On Aug 28, 2008, at 12:48 PM, Vadim Zhukov wrote: ifstated(8) + ifconfig(8) (see "-M" option of ifconfig)? Interestingly, I had a script that would use "ifconfig -M" to figure out which AP it should use, sorted by rank (first match) and avoiding using generic or brand names. No match, and

Re: FYI: Some gloating redditors are currently trolling OpenBSD

2008-08-21 Thread Johan Beisser
On Thu, Aug 21, 2008 at 2:39 PM, ropers <[EMAIL PROTECTED]> wrote: > http://www.openbsd.org/cgi-bin/cvsweb/src/?sortby=";> style="position:absolute;top:10px;font-size:150pt">Only 2 > Remote bugs I find it more amusing that it's just injecting HTML in to what's being rendered. CVSWEB has a bug.

<    1   2   3   >