Hello Joachim,
Sorry I could not get on internet the answer from Alexey. Can you
please give the URL for this. Also please confirm that there is no
kernel parameter to make pf block everything by default.
Thanks in advance
murthy
Joachim Schipper wrote:
> On Mon, Jul 03, 2006 at 05:30
Theo,
Also the last I checked obsd still supports MD5
CU
Chet Uber
President and Principal Scientist
SecurityPosture, Inc.
3718 N 113th Plaza, Omaha, NE 68164
vox +1 (402) 505-9684 | fax +1 (402) 932-2130 | cell (402) 813-3211
[EMAIL PROTECTED] | www.securityposture.com
On Tue, Jul 04, 2006 at 02:29:56AM -0400, Chet Uber wrote:
> NP-complete problems are the most difficult complexity problems.
No, NP-complete problems are the most difficult problems _in NP_.
Not to bicker, but the resources needed to use a database of all
possible passwords even with alphanumerics and salted is very finite
-- albeit large.
OpenBSD's blowfish passwords have 128-bits of salt. A table of all 8
character (lower-case only) alphanumeric passwords would require
2^128 *
Not to bicker, but the resources needed to use a database of all
possible
passwords even with alphanumerics and salted is very finite --
albeit large.
OpenBSD blowfish hashes have 16 bytes of salt, so a database of these
will not be feasible for a while.
I agree that for all but those with
On Tue, Jul 04, 2006 at 12:04:11AM -0400, Chet Uber wrote:
> Not to bicker, but the resources needed to use a database of all
> possible passwords even with alphanumerics and salted is very finite
> -- albeit large.
OpenBSD's blowfish passwords have 128-bits of salt. A table of all 8
charact
On Tue, 4 Jul 2006, Chet Uber wrote:
> Not to bicker, but the resources needed to use a database of all possible
> passwords even with alphanumerics and salted is very finite -- albeit large.
OpenBSD blowfish hashes have 16 bytes of salt, so a database of these
will not be feasible for a while.
On Tue, Jul 04, 2006 at 02:15:09PM +1000, Rod.. Whitworth wrote:
| >Ahhh, .. that's what hash's are for; easily recreatable given duplicate
| >input strings, but creating the input string FROM the hash is just about
| >impossible [lacking near infinate resources].
| >
| >Storing hashes in a DB is j
Well, just to play the devil's advocate here ...
One of the main functions of any password hygiene program 'should' be to
prevent users from changing 'mypassword1' to 'mypassword2' and then
'mypassword3', etc. (Yes, we can force complex passwords, but the idea is
the same.)
It's fairly simple
On Mon, 3 Jul 2006 22:25:53 -0500 (CDT), L. V. Lammert wrote:
>On Mon, 3 Jul 2006, STeve Andre' wrote:
>
>> On Monday 03 July 2006 17:37, Jeff Simmons wrote:
>>
>> I can't resist pointing out that this is an AWFUL policy. You will be
>> remembering peoples passwords, a history of them, which are
I can't resist pointing out that this is an AWFUL policy. You
will be
remembering peoples passwords, a history of them, which are
very likely to be used on other systems. Thats really bad. I wonder
(at least in the USA) what would happen to your company if that
data was ever stolen?
--STeve
On Mon, 3 Jul 2006, STeve Andre' wrote:
> On Monday 03 July 2006 17:37, Jeff Simmons wrote:
>
> I can't resist pointing out that this is an AWFUL policy. You will be
> remembering peoples passwords, a history of them, which are
> very likely to be used on other systems. Thats really bad. I wond
L. V. Lammert wrote:
Certificates have nothing to do with Apache, much less OpenBSD. If you
want a signed certificate, you must create your own CA, or purchased a
publically-signed cert from Verisign, Eqifax, Thawte, et al.
That may be true, but mentioning "man 8 ssl" and referencing "GENERATIN
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
A client is setting up a password policy, and would like to
prevent users
from reusing a password for a period of time (four changes ninety
days
apart). Is there a way to do this, either within the OS or via a
program in
ports? I've been look
On Sun, 2 Jul 2006, FTP wrote:
> On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote:
>
> any chance to draw some attention to the above?
>
> Thanks
>
Certificates have nothing to do with Apache, much less OpenBSD. If you
want a signed certificate, you must create your own CA, or purchased a
publi
On Mon, 3 Jul 2006, Spruell, Darren-Perot wrote:
> From: [EMAIL PROTECTED]
> > A client is setting up a password policy, and would like to
> > prevent users from
> > reusing a password for a period of time (four changes ninety
> > days apart). Is
> > there a way to do this, either within the
On Tuesday 04 July 2006 05:05, Chris Cappuccio wrote:
> Either way, this makes them look like the biggest fucking idiots ever.
Most people who have ever had to use any of their devices knew this already.
---
Lars Hansson
On Monday 03 July 2006 23:29, Novak, Trevor SCIC wrote:
> I'm trying to setup a wireless bridge with openbsd on a Toshiba
> laptop. I'm using an SMC2532W-B (Prism 2.5) wireless card and a 3Com
> 3C574-TX.
Is the wi(4) in hostap mode? If not you cannot bridge...
Chris Zakelj <[EMAIL PROTECTED]> writes:
> Date: Mon, 03 Jul 2006 21:09:32 -0400
> From: Chris Zakelj <[EMAIL PROTECTED]>
> To: "STeve Andre'" <[EMAIL PROTECTED]>
> CC: misc@openbsd.org
> Subject: Re: Preventing password reuse
>
> STeve Andre' wrote:
> > On Monday 03 July 2006 17:37, Jeff Simmons
On Monday 03 July 2006 17:51, STeve Andre' wrote:
> On Monday 03 July 2006 17:37, Jeff Simmons wrote:
> > A client is setting up a password policy, and would like to prevent users
> > from reusing a password for a period of time (four changes ninety days
> > apart). Is there a way to do this, eithe
STeve Andre' wrote:
> On Monday 03 July 2006 17:37, Jeff Simmons wrote:
>
>> A client is setting up a password policy, and would like to prevent users
>> from reusing a password for a period of time (four changes ninety days
>> apart). Is there a way to do this, either within the OS or via a pro
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
> A client is setting up a password policy, and would like to prevent users
> from reusing a password for a period of time (four changes ninety days
> apart). Is there a way to do this, either within the OS or via a program in
> ports? I've been loo
Henning Brauer wrote:
>
> skip steps and set skip have noting to do with each other.
> set skip basically disables pf on a per-interface basis.
> skip steps is an optimization in rule processing you can safely ignore.
> it Just Works in the background and saves you CPU cycles :)
>
It does not have
On Mon, Jul 03, 2006 at 04:58:09PM +0200, Sebastian Reitenbach wrote:
> I can setup a tunnel between both hosts, and route the mulitcast
> packets through the tunnel and then have the IP address shared between
> the two hosts?
No. CARP does not accept packets that have crossed a router, to preven
On Monday 03 July 2006 16:19, Spruell, Darren-Perot wrote:
> I mention
> http://www.mindrot.org/passwdqc.html not because I know it can do what
> you're looking for but because it can offer a few steps up in password
> quality which may also be in your policy.
Yes, it does everything I need very n
* Nick Guenther <[EMAIL PROTECTED]> [2006-07-03 22:35]:
> unfortunate. It also doesn't help that the manpage say, next to, -s
> Rule:
> "Note that the ``skip step'' optimization done automatically by the
> kernel will skip evaluation of rules where possible." which seems to
> imply that `-s rules`
From: [EMAIL PROTECTED]
> A client is setting up a password policy, and would like to
> prevent users from
> reusing a password for a period of time (four changes ninety
> days apart). Is
> there a way to do this, either within the OS or via a program
> in ports? I've
> been looking for quit
On 2006/07/03 18:25, Nick Holland wrote:
> OpenWebmail is very charming because of how very little it needs to
> bring into base OpenBSD to get working. I set it up for a school of
> about 200 students on a PII-450, worked well (once I set up MASSIVE
> amounts of swap space...having 25 students
On 7/3/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
On 7/3/06, Giancarlo Razzolini <[EMAIL PROTECTED]> wrote:
> pfctl -sI -vv shows you if an interface is skipped or not.
-w is not documented in pfctl(8). What does it do?
It most certainly is.
Try -vv ('v' 'v', as in 'victor' 'victor'), avoid
Nick Guenther wrote:
> -w is not documented in pfctl(8). What does it do?
>
It is not -w it is -v that stands for -v(erbose). If you use it twice
(-vv) it increase the verbose level. It is in the pfctl man page.
My regards,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
I'm trying to setup a wireless bridge with openbsd on a Toshiba laptop. I'm
using an SMC2532W-B (Prism 2.5) wireless card and a 3Com 3C574-TX. I've
created a bridgename.bridge0 file and added wi0 and ep1 to the file. The
bridge is up and running. I can ping both on the wireless side and the
etherne
FTP wrote:
On Mon, Jul 03, 2006 at 08:49:03PM +0200, Sigfred Heversen wrote:
Stuart Henderson wrote:
On 2006/07/03 13:52, Nick Holland wrote:
(contrast this to Squirrelmail, which does (amazingly) run in a
chroot
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch with
On 7/3/06, Giancarlo Razzolini <[EMAIL PROTECTED]> wrote:
>
pfctl -sI -vv shows you if an interface is skipped or not.
My 2 cents,
-w is not documented in pfctl(8). What does it do?
On 7/3/06, Clint Pachl <[EMAIL PROTECTED]> wrote:
Henning Brauer wrote:
> * Daniel Ouellet <[EMAIL PROTECTED]>
A client is setting up a password policy, and would like to prevent users from
reusing a password for a period of time (four changes ninety days apart). Is
there a way to do this, either within the OS or via a program in ports? I've
been looking for quite a while and haven't found anything.
--
Henning Brauer wrote:
* Daniel Ouellet <[EMAIL PROTECTED]> [2006-07-03 21:44]:
Is there a special reason why we couldn't see the
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
it is not a rule.
It is an option.
Would it be beneficial to add an "Option
Daniel Ouellet wrote:
>> If this was to be implemented, it might be more appropriate to show in
>> the
>> runtime state (pfctl -si) than the rule output.
>
> I don't know. May be may be not. But I got cut with this. I had a
> sysadmin do changes in a pretty big multi interface box and he use the
>
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
it is not a rule.
I guess one could argue that:
set block-policy option
is not a rule either, but it does show up however:
Example 1:
In pf.conf
set block-policy return
block all
pfctl -sr
block return
J.C. Roberts [EMAIL PROTECTED] wrote:
>
> This sucks. It's no different than what Cisco did with their HSRP patent
> to try to kill off VRRP. The Huawei IPR claim to the IETF is nearly
> identical to the crap Cisco put out years ago in their IPR claim.
>
It's funny how these Chinese guys like to
> > In tree mail/imp depends on devel/horde that has exploit(s) in the wild.
This doesn't look very much fun, remote php execution and looks
like it's being actively probed-for.
Indeed it does, but not by hacking up `-s rules`. pfctl(8) lists all
the various things you can display with -s. 'options' (as per
pf.conf(5)) do not seem to be among them, however, which I agree is
unfortunate. It also doesn't help that the manpage say, next to, -s
Rule:
"Note that the ``skip st
From: [EMAIL PROTECTED]
> > In tree mail/imp depends on devel/horde that has exploit(s)
> in the wild.
> >
> > /Sigfred
> >
>
> I had a look on IMP and looks fine to me cause you can have
> POP3 too as well. I actually dodn't intend to isntall an IMAP server.
>
> As a result is IMP a good so
If this was to be implemented, it might be more appropriate to show in the
runtime state (pfctl -si) than the rule output.
I don't know. May be may be not. But I got cut with this. I had a
sysadmin do changes in a pretty big multi interface box and he use the
set skip to test new rules on indi
On 2006/07/03 16:26, Nick Guenther wrote:
> I don't know a lot about the architecture of pf (I plan to learn soon
> though) so maybe this is completely stupid, but I suggest adding modes
> for `pfctl -s` to match everything listed in pf.conf(5).
`-s config' to produce a usable pf.conf from in-memo
On Mon, Jul 03, 2006 at 08:49:03PM +0200, Sigfred Heversen wrote:
> Stuart Henderson wrote:
> >On 2006/07/03 13:52, Nick Holland wrote:
> >
> >>(contrast this to Squirrelmail, which does (amazingly) run in a chroot
> >
> >
> >Same for Hastymail and Roundcube. I guess it's not too much of a
> >stre
On 7/3/06, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> it is not a rule.
OK, not a rule, but still shouldn't it be possible or useful to see that
in effect? If you make changes for testing or what not and you use this
temporary, etc on a box of 10+ interfaces, just my thinking, but I was
expecti
it is not a rule.
OK, not a rule, but still shouldn't it be possible or useful to see that
in effect? If you make changes for testing or what not and you use this
temporary, etc on a box of 10+ interfaces, just my thinking, but I was
expecting to see this in display of how the pf was working.
From: [EMAIL PROTECTED]
> Is there a special reason why we couldn't see the
>
> set skip on interface
>
> in the display of the rules in pf with the regular:
>
> pfctl -sr
If this was to be implemented, it might be more appropriate to show in the
runtime state (pfctl -si) than the rule output.
Really odd problem here:
I've set up a fairly simple firewall utilizing dual DGE-530T gigabit cards.
Isolating a windows rack from the rest of campus. Note that testing the
speed from a 100Mb linux host in the same office (plugged into the same
router as the firewall but of course outside the fir
* Daniel Ouellet <[EMAIL PROTECTED]> [2006-07-03 21:44]:
> Is there a special reason why we couldn't see the
>
> set skip on interface
>
> in the display of the rules in pf with the regular:
>
> pfctl -sr
it is not a rule.
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mai
Is there a special reason why we couldn't see the
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
That's on 3.9.
One question regarding Kerberos authentication in ftpd is whether the daemon
supports only password authentication against the kerberos database, or if
it can support authentication using a service ticket from a user who has
already gotten a TGT (passwordless login).
Also, what (if any) openbsd-co
Stuart Henderson wrote:
On 2006/07/03 13:52, Nick Holland wrote:
(contrast this to Squirrelmail, which does (amazingly) run in a chroot
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch with IMP either (though I haven't actually used IMP recently
enough to have checked
On Mon, 3 Jul 2006, Stuart Henderson wrote:
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch with IMP either (though I haven't actually used IMP recently
enough to have checked chroot).
Horde/Imp works fine in chroot.
--
Antoine
On 2006/07/03 13:52, Nick Holland wrote:
> (contrast this to Squirrelmail, which does (amazingly) run in a chroot
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch with IMP either (though I haven't actually used IMP recently
enough to have checked chroot).
FTP wrote:
I installed openwebmail from the ports and when trying to launch:
http://your_server/cgi-bin/openwebmail/openwebmail.pl
I get a 500 error. I suppose that this is due to the chrooted apache
but how do I find the dependencies for a perl script?
1) you think really hard about what a p
From: [EMAIL PROTECTED]
> > useful implementation of a redundancy protocol. It's
> technically better
> > than HSRP or any of the versions of VRRP but the problems
> till stands
> > that it is not an "official" protocol, which simply means
> adoption and
> > inter operability will suffer to som
On Jun 30, 2006, at 7:11 PM, Theo de Raadt wrote:
> Why should we bleed our little hearts over a company who acted like
> assholes towards us for years, and only changed their policy due to
> public pressure?
Because behavior modification requires rewarding in some fashion
desired behavior?
Bec
ok, I have the server on datacenter, when freeze I will try it.
- Original Message -
From: "mickey" <[EMAIL PROTECTED]>
To: "diego" <[EMAIL PROTECTED]>
Cc: "Pedro Martelletto" <[EMAIL PROTECTED]>;
Sent: Monday, July 03, 2006 9:52 AM
Subject: Re: 3.9 freeze
On Mon, Jul 03, 2006 at 09
I installed openwebmail from the ports and when trying to launch:
http://your_server/cgi-bin/openwebmail/openwebmail.pl
I get a 500 error. I suppose that this is due to the chrooted apache but how do
I find the dependencies for a perl script?
Thanks
George
no...
- Original Message -
From: "vladas" <[EMAIL PROTECTED]>
To: "diego" <[EMAIL PROTECTED]>
Sent: Monday, July 03, 2006 10:00 AM
Subject: Re: 3.9 freeze
On 03/07/06, diego <[EMAIL PROTECTED]> wrote:
no, I can only ping the server or change tty (ctrl alt fn), but I can't
type
anyt
On Mon, Jul 03, 2006 at 05:30:44PM -0700, c.s.r.c.murthy wrote:
> Hi,
> This seems to be widely discussed problem in openbsd pf. There is no
> kernel parameter that makes the pf to block all packets by default. I
> have searched on the internet and found some discussion taken place in
> 2005
On Mon, Jul 03, 2006 at 05:25:31PM -0700, c.s.r.c.murthy wrote:
> Hi,
> We have configured a firewall with pf on openbsd-3.9. It is found that
> ftp-proxy is unable to operate when system is put in secure level 2.
> This is due to the fact that ftp-proxy can't add/delete rules in pf in
> secure
Hi,
sorry for late reply, unfortunately I was a bit off...
> On 2006/06/23 12:53, Sebastian Reitenbach wrote:
>> Both hosts are in different VLAN's. to reach each other
>> I have to set a host route via the default gateway to reach
>> the other system.
>
> You need to be able to multicast betwee
Federico Giannici wrote:
Pedro Martelletto wrote:
On Thu, Jun 22, 2006 at 03:25:41PM +0200, Federico Giannici wrote:
Yesterday another PC freezed!
It just crashed again!
did it freeze or did it crash?
I wrote it into the first email: it freezes with no error at all, no
network, only freez
On Mon, 3 Jul 2006, c.s.r.c.murthy wrote:
> We have configured a firewall with pf on openbsd-3.9. It is found that
> ftp-proxy is unable to operate when system is put in secure level 2.
> This is due to the fact that ftp-proxy can't add/delete rules in pf in
> secure level 2. But for security re
On Mon, Jul 03, 2006 at 03:58:13PM +0200, Andrea Cocito wrote:
> Hi,
>
> after googling, rereading the manuals and lurking into the code I
> really could
> not find a way to do this, unless I am missing something really simple!
>
> I have two BGP routers on a small subnet where they peer with a
On Mon, Jul 03, 2006 at 03:02:46PM +0200, FTP wrote:
> On Mon, Jul 03, 2006 at 10:47:04AM +0200, Joachim Schipper wrote:
> > On Sun, Jul 02, 2006 at 10:32:12PM +0200, FTP wrote:
> > > On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote:
> > > > when I try to access the site via lynx I do get an SSL
Hi,
after googling, rereading the manuals and lurking into the code I
really could
not find a way to do this, unless I am missing something really simple!
I have two BGP routers on a small subnet where they peer with a transit
provider, the two routers have a carp shared IP aswell, thus each
On Mon, Jul 03, 2006 at 10:47:04AM +0200, Joachim Schipper wrote:
> On Sun, Jul 02, 2006 at 10:32:12PM +0200, FTP wrote:
> > On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote:
> > > when I try to access the site via lynx I do get an SSL error message
> > > moaning that I have a self-signed cert.
On Mon, Jul 03, 2006 at 09:45:22AM -0300, diego wrote:
> no, I can only ping the server or change tty (ctrl alt fn), but I can't
> type anything.
you should sysctl ddb.console=1 for that to work...
> - Original Message -
> From: "Pedro Martelletto" <[EMAIL PROTECTED]>
> To: "diego" <[EM
no, I can only ping the server or change tty (ctrl alt fn), but I can't type
anything.
- Original Message -
From: "Pedro Martelletto" <[EMAIL PROTECTED]>
To: "diego" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, July 03, 2006 9:34 AM
Subject: Re: 3.9 freeze
Can you break into ddb?
-p.
Can you break into ddb?
-p.
> This seems to be widely discussed problem in openbsd pf. There is no
> kernel parameter that makes the pf to block all packets by default. I
> have searched on the internet and found some discussion taken place in
> 2005 regarding this. The discussion concludes no such parameter in
> kernel.
Hi all, I have problems with 3.9, sometimes I recived "/bsd:
uvm_mapent_alloc: out of static map entries" without panics, but the last
time after 4 thar message the server freeze.
Yesterday server freeze again without any message, I can't connect to the
server, but ping respond.
It's run apache,
Hi,
This seems to be widely discussed problem in openbsd pf. There is no
kernel parameter that makes the pf to block all packets by default. I
have searched on the internet and found some discussion taken place in
2005 regarding this. The discussion concludes no such parameter in
kernel. Ar
On Mon, 03 Jul 2006 12:47:40 +0200
Marcin Wilk <[EMAIL PROTECTED]> wrote:
>
> Do I understand correctly I could just cvs co usr/bin/who and use the
> official who and see who is online?
>
> Yes because only process privacy is done in kernel.
>
What's the point ?
Hi,
We have configured a firewall with pf on openbsd-3.9. It is found that
ftp-proxy is unable to operate when system is put in secure level 2.
This is due to the fact that ftp-proxy can't add/delete rules in pf in
secure level 2. But for security reasons we would like to have the
system runnin
On Mon, 3 Jul 2006, [EMAIL PROTECTED] wrote:
> Hi
>
> Here we go again, why is inetd on by default?
>
> I am very sorry to ask this question! My guess is that it has been asked a
> thousand times. I did look in the archives and on google, trying to find a
> clear answer but I must have mised it.
Massimo Lusetti wrote:
On Mon, 2006-07-03 at 00:51 -0700, Clint Pachl wrote:
Are both end points trying to negotiate? Try using the "passive" keyword
on one endpoint: "ike passive esp ..."
Yes both active. Does that should cause problems?
Here is what I have noticed while watching tcpdump:
At 07:18 2006-07-03, you wrote:
On 7/2/06, Marcin Wilk <[EMAIL PROTECTED]> wrote:
At 22:35 2006-07-02, you wrote:
>On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote:
> > On 7/2/06, Tobias Ulmer <[EMAIL PROTECTED]> wrote:
> >> On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski w
On Mon, 2006-07-03 at 00:51 -0700, Clint Pachl wrote:
> Are both end points trying to negotiate? Try using the "passive" keyword
> on one endpoint: "ike passive esp ..."
Yes both active. Does that should cause problems?
> I have experienced the same issue. I don't know the details of what
> ex
1. IPcomp is only used if it results in smaller packets
2. IPcomp on OpenBSD is broken and does not work correctly (some packets
are not compressed correctly).
-m
2006/7/3, laurent FANIS <[EMAIL PROTECTED]>:
Yeah that is true i didn't see it but wouldn't be possible to buy off
people ?I mean the company is in china and it is a country that has a
certain degree of corruption.This is what i'm afraid of too.
You are right to a degree (the patent will surely
On Sun, Jul 02, 2006 at 10:32:12PM +0200, FTP wrote:
> On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote:
> > when I try to access the site via lynx I do get an SSL error message
> > moaning that I have a self-signed cert. After accepting this, the
> > page gets dispalyed. So it looks like the p
Hi
Here we go again, why is inetd on by default?
I am very sorry to ask this question! My guess is that it has been asked a
thousand times. I did look in the archives and on google, trying to find a
clear answer but I must have mised it.
The note on the inetd.conf file, which states, that it is
Massimo Lusetti wrote:
I got a VPN network which works quite well, i mean works very well
thanks to OpenBSD and its implementation but i got one end point over
the 6 running which causing me troubles.
The configuration is done with ipsec.conf and is identical to others
which works well.
Here som
On 7/3/06, J. C. Roberts <[EMAIL PROTECTED]> wrote:
On Mon, 3 Jul 2006 09:40:01 +0300, "laurent FANIS"
<[EMAIL PROTECTED]> wrote:
>Couldn't resist asking but can they really patent :
>"sending "formatted" data over SSL" ?
>That is just plain ridiculous !!
As far as I know, at the moment it's on
On Mon, 03 Jul 2006 01:14:59 -0600, Theo de Raadt
<[EMAIL PROTECTED]> wrote:
>> I'm a bit confused by your reply. Yes, I kind of see what you mean but
>> it also seems I failed miserably to write things clearly. By putting
>> "Official" in quotes, I was trying to point out the stupidity of the bad
I got a VPN network which works quite well, i mean works very well
thanks to OpenBSD and its implementation but i got one end point over
the 6 running which causing me troubles.
The configuration is done with ipsec.conf and is identical to others
which works well.
Here some example config:
ike esp
On Mon, 3 Jul 2006 09:40:01 +0300, "laurent FANIS"
<[EMAIL PROTECTED]> wrote:
>Couldn't resist asking but can they really patent :
>"sending "formatted" data over SSL" ?
>That is just plain ridiculous !!
As far as I know, at the moment it's only a patent *application* rather
than a granted patent
J.C. Roberts wrote:
Don't misunderstand me, CARP is an amazingly innovative and extremely
useful implementation of a redundancy protocol. It's technically better
than HSRP or any of the versions of VRRP but the problems till stands
that it is not an "official" protocol, which simply means adoptio
> I'm a bit confused by your reply. Yes, I kind of see what you mean but
> it also seems I failed miserably to write things clearly. By putting
> "Official" in quotes, I was trying to point out the stupidity of the bad
> corporate decisions that occur far too often.
>
> There are countless corpor
On Sun, 02 Jul 2006 22:09:02 -0600, Theo de Raadt
<[EMAIL PROTECTED]> wrote:
>> Don't misunderstand me, CARP is an amazingly innovative and extremely
>> useful implementation of a redundancy protocol. It's technically better
>> than HSRP or any of the versions of VRRP but the problems till stands
93 matches
Mail list logo
