no default httpd.conf?
I just recently installed OpenBSD 6.3, and I was looking for an example
httpd.conf, but I did not find one. The manual page does document
more or less how to create one, but there still appears to be some lack
of ease and safety putting up a basic web page with dynamic content (I
am most used to PHP and PostgreSQL for that purpose, but of course
there are many options that more or less replace the ubiquitous "LAMP"
or "Linux/Apache/MySQL/PHP" stack.
Now there is nothing in OpenBSD's httpd really like Apache's "UserDir"
directive. Of course the real user directory has to dwell somewhere in
the "/var/www" chroot on OpenBSD. The alternative to "UserDirs" of
course, is wildcard subdomains, but those do not really cooperate all
that well with https, dnssec, or caa records, or with certain other
general goals of security.
The other thing I am curious about is something like "su-php" which
appears to be deprecated and outdated. So, assuming some sort of UserDir
scenario, (probably more sophisticated than my very basic one I
have hacked together below,) does php-fpm have a way to prevent one
user's malicious php script from reading another user's database
access credentials?
%<
# /etc/httpd.conf for amarillo.colmena.biz
server "default" {
listen on * port 80
listen on :: port 80
listen on * tls port 443
listen on :: tls port 443
tls certificate "/etc/ssl/fullchain.pem"
directory index index.php
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
location match "/~justina/.*%.php" {
root "/justina"
root strip 1
fastcgi socket "/run/php-fpm.sock"
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
location "/~justina/*" {
root "/justina"
root strip 1
directory auto index
}
location "/~justina" {
block return 301 "/~justina/"
}
}
types {
include "/usr/share/misc/mime.types"
}
Re: no default httpd.conf?
On Thu, 17 May 2018 11:26:54 + (UTC) Stuart Henderson wrote: > No need to run multiple copies of php-fpm yourself, it handles multi > uid itself. Various ways to handle chroot as well, you can chroot them > separately, or use a shared chroot and rely on permissions. This > should give you some ideas: I rather like the idea of separate chroots, or at least a chroot that would keep the listening socket out of reach. Separate sockets for separate users are not very useful if, for example, one user is allowed to fopen() another user's socket, for which the PHP function is just a thin wrapper over the C call. I'm quoting here from OpenBSD's stock configuration file (from ports & packages.) ==%<-- /etc/php-fpm.conf ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web ; server. Many BSD-derived systems allow connections regardless of ; permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www listen.group = www listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. ; When set, listen.owner and listen.group are ignored ;listen.acl_users = ;listen.acl_groups = ==%<-- I'm not trying to be hung up on PHP especially, either. This is rather a general issue, because we would have exactly the same problem in Perl, Python, Ruby, or any of several other popular web languages out there. On Thu, 17 May 2018 11:20:29 +0300 Vadim Zhukov wrote: > Regarding su-php, I'd go with per-user php-fpm process, actually, > that's much safer, and rarely used ones can easily wait in swap Do you think I have thousands of customers, and the little people's web pages are taking too long to load? No, that's a whole other issue ... > (I feel that you're trying to pack as much users as possible). Ok, sure, but if you can't do that, then what is the point of a multi-user operating system, anyways? A one-user webserver? Because everybody has permission somehow or another to read everybody else's scripts and database passwords. So let's start with a much simpler use case: I need to be able to add a test user and try out some stupid or crazy web programming project or idea without risking my production stuff that happens to be hosted on the same machine. Customers do that anyways at any web hosting provider. > Did you ever looked in /etc/examples? "Jesus saith unto them, Did ye never read in the scriptures, ... ?" That's almost a little bit of a mess, because these are not actual settings applied to system configuration, and I would not have expected to find them in the /etc directory. I was looking for examples more in /usr/share somewhere before my system locate database was populated. That one (/etc/examples/httpd.conf) somewhat "encourages" https-only, without actually using hsts. That would be okay, except a lot of times I am at a coffee shop or similar, and I have to visit a plain http page to trigger a redirect for login, because I am not willing to waive the certificate validation error that I get when I try to visit a secure site from public wifi somewhere. > OpenBSD HTTPd is a web server, but not each web server is > fully-featured Apache HTTP Server replacement. So, yes, no UserDir. > If you need this functionality, then just install apache-httpd from > packages. Apache has plenty of its own shortcomings, and I'm sure there was good cause to throw it out of base OpenBSD.
Re: Viewport for man.openbsd.org -- readability on phones
On Fri, 18 May 2018 23:50:24 +0300 Mihai Popescu wrote: > I have tested it on someone's Safari/iOS for iPhone, out of curiosity. > It takes the full screen. Looking at the font in the posted > screenshots i think it is Android in question. > > If it is not a secret, what runs behind man.openbsd.org? Like httpd, > CGI? No, its not quite a secret. I've been having a lot of fun with man.cgi(8). https://amarillo.colmena.biz/cgi-bin/man.cgi/man.cgi.8 It's part of the system; you just have to compile it yourself.
Re: Viewport for man.openbsd.org -- readability on phones
https://man.openbsd.org/mandoc.css That's the css. You style it how you like it. That's the whole point of it. And I agree. It's very readable on my phone. Original message From: Mihai Popescu Date: 5/18/18 11:04 PM (GMT-09:00) To: misc@openbsd.org Subject: Re: Viewport for man.openbsd.org -- readability on phones > I don't understand what you are trying to say. I took and iPhone with iOS and Safari ( i think!) on it and pointed the browser to the current link of man pages [1]. All i can say is the layout is displayed on full display, not stretched. Text is fine, paragraphs are scaled ok, not even a simple problem. Font is fine. [1] https://man.openbsd.org/
multiple manpaths for man.cgi?
I was looking for more man pages, so I copied the ones in /usr/X11R6/man and /usr/local/man over to /var/www/man and listed them in manpath.conf as instructed. So now they are available here. https://amarillo.colmena.biz/cgi-bin/man.cgi Several issues here: 1.) The search is not falling through to the second and third manpaths. 2.) The manpath appears in the URL for the second and third manpaths, but not the first. 3.) The links are not generated in the "see also" section for pages on the second and third manpaths.
Re: multiple manpaths for man.cgi?
On Sat, 19 May 2018 18:01:11 + justina colmena wrote: > 3.) The links are not generated in the "see also" section for pages on > the second and third manpaths. Okay. This looks like more of an issue with the man pages themselves... which just don't happen to be as fancy as OpenBSD's. /usr/local/man/man1/initdb.1 .SH "SEE ALSO" \fBpg_ctl\fR(1), \fBpostgres\fR(1) The "\fB" and "\fR" are just literal codes for font bold and back to font regular, not intended to automatically generate links like OpenBSD's man pages. http://man.openbsd.org/roff /usr/share/man/man1/ls.1 .Sh SEE ALSO .Xr chflags 1 , .Xr chmod 1 , .Xr symlink 7 , .Xr sticky 8 And that ".Xr" is some sort of macro more suitable for processing into a link.
Re: Intranet routing with dynamic IPs
What's this? Is there a giant email cock-up at 4:30am in the
https://chicken.coop/ ???
Or is someone trying to pass a certain proprietary networking IT training cert?
--> /var/www/cgi-bin/bgplg
*They* do not exactly want the BSD freeloaders looking at this stuff. Somebody
might need to tslk to the boss.
That thing actually is on my system "amarillo" in the cgi-bin folder, but I
don't think it's hooked up to anything at the moment.
Original message From: giant@cock.email Date: 5/19/18 2:47 PM
(GMT-09:00) To: misc@openbsd.org Subject: Intranet routing with dynamic IPs
Hi everyone,
I have a routing question which I don't know how to solve. I have two
routers. Both are connected to my ISP and get a dynamic IP. Both are
also connected to a local VLAN. I'd like to use the local VLAN for any
traffic in between the two and the ISP for everything else. Basically,
it should be like:
# Router A
1.2.3.x (DHCP)
10.0.0.1/30
10.0.1.1/24
# Router B
2.3.4.x (DHCP)
10.0.0.2/30
10.0.2.1/24
# Network A: 10.0.1.0/24
route 0.0.0.0/0 via 10.0.0.1
route 2.3.4.x/32 via 10.0.0.2
# Network B: 10.0.2.0/24
route 0.0.0.0/0 via 10.0.0.2
route 1.2.3.x/32 via 10.0.0.1
I've tried doing this with BGP with a config like this (on Router A, by
example):
AS 65001
router-id 10.0.0.1
network inet connected
neighbor 10.0.0.2 {
remote-as 65002
}
The problem here is that a computer in Network A will now try to use
Router B to connect to IP-address 2.3.4.5, whereas I want it to use
Router A.
I'd appreciate if anyone could lead me in the right direction here. The
reason why I'm doing is: I want to keep two networks separate, letting
them browse the Internet with different IP addresses, but use the
immediate link between the local routers for better performance.
Kind regards,
John Longe
socket permissions inside /var/www chroot
I am trying to tighten down some of the permissions for the listening sockets for various web applications which are chrooted to /var/www. It appears that httpd (which runs as user www and group www) refuses to connect to a fastcgi socket unless the socket's user and group are also www:www. (I do realize that MySQL and its fork MariaDB are much more common for "web" type applications, but they are licensed GPL, whereas PostgreSQL is released under more of a BSD-style license, so in that respect it almost seems to be a better "fit" with OpenBSD.) Anyways, the PostgreSQL socket is normally placed in the /tmp directory, but an additional directive does allow another socket to be placed in /var/www/tmp, which really does have to be world readable and writable with the sticky bit set in order for the user _postgresql to place the socket there, because PostgreSQL drops privileges before opening sockets. In particular I have configured a php-fpm "pool" to listen at /var/www/run/php/users/justina/php-fpm.sock and run as user justina group justina. Now PostgreSQL can authenticate even a chrooted user by the "peer" method, because it matches the userid of the connecting process, although the chrooted user must specify the username together with a dummy password (which is not used) to connect to the socket inside the chroot, apparently because there is no access to /etc/passwd or /etc/group inside the chroot. The other "pool" which I have listening at /var/www/run/php/php-fpm.sock is running as "www:www", but I would also like to drop its priveleges somewhat from the "www" user which has a tendency to become a little bit too powerful. I have listed below some of the "tightened-down" permissions. Are there any more ideas to ease this process? Or other security considerations of which I am not aware? %< amarillo# ls -lRd /var/www/run /var/www/tmp drwxr-xr-x 4 root daemon 512 May 18 19:28 /var/www/run drwxrwxrwt 2 root daemon 512 May 19 21:26 /var/www/tmp amarillo# ls -lR /var/www/run /var/www/tmp /var/www/run: total 8 dr-x-- 2 www www 512 May 19 02:46 cgi dr-x-- 3 www www 512 May 21 21:05 php /var/www/run/cgi: total 0 srw-rw 1 www www 0 May 19 02:46 slowcgi.sock /var/www/run/php: total 4 srw--- 1 www www0 May 21 21:05 php-fpm.sock dr-x-- 3 www www 512 May 18 17:27 users /var/www/run/php/users: total 4 dr-x-- 2 www www 512 May 21 21:05 justina /var/www/run/php/users/justina: total 0 srw--- 1 www www 0 May 21 21:05 php-fpm.sock /var/www/tmp: total 4 srwxrwxrwx 1 _postgresql _postgresql 0 May 21 20:49 .s.PGSQL.5432 -rw--- 1 _postgresql _postgresql 56 May 21 20:49 .s.PGSQL.5432.lock amarillo#
Re: socket permissions inside /var/www chroot
On Tue, 22 May 2018 06:04:57 +0300 IL Ka wrote: > I am definitely not an expert in this field, but here are some > thoughts: Exactly. There is always more than one way to skin a cat. I'm not looking for a perfectly spelled out "solution" I must follow to the letter. > So, you can create "_fastcgi" group, add www to this group, and > configure php-fpm > to create socket with this group (it must be main group of user used > by php-fpm). I was thinking more the other way around: creating a "_fastcgi" *user* and inviting that user into the "www" group. > See listen.group and listen.mode options. These are a little odd because OpenBSD's httpd apparently refuses to connect to the php fastcgi socket unless these are both set to "www" in /etc/php-fpm.conf > In PHP world maybe, but for Python/Django Postgres is default > database. Sure. There are plenty of good reasons to consider languages other than PHP for the web. > Again, you can add _postgres to some group, and give it permissions to > create socket in this folder. Very good observation. > > although the chrooted user must specify the username together with a > > dummy password (which is not used) to connect to the socket inside > > the chroot, apparently because there is no access to /etc/passwd > > or /etc/group inside the chroot. > > > /etc/passwd must be accessed by postgres (which is not chrooted, > right?) but not by client. > Client (php) just opens socket file, and postgres uses openbsd API to > get its user id. The client (inside the chroot) has its numeric userid, but cannot even look up its own username (in /etc/passwd) from inside the chroot to supply to PostgreSQL for the connection. That's why it must be specified manually from within the chroot.
Re: opensmtpd / ldap unreliable
On Tue, 22 May 2018 18:13:23 -0700 "Paul B. Henson" wrote: > If the ldap server isn't available when opensmtpd is started, it says > it started: > > # /etc/rc.d/smtpd start Then apparently you should have done # /etc/rc.d/ldapd start or preferably # rcctl start ldapd first. Are you enabling them both at boot time? # rcctl enable ldapd # rcctl enable smtpd Are they being started in the wrong order at boot time? Otherwise, there may well be arguably a certain reliability or error reporting issue in the code for it, but there is a certain bottom line here in that if you configure ASDF to _require_ JKL for authentication, then you really do need to have JKL "available" if you expect ASDF to work the way you configured it. What you ask is a very general question: If A depends on B, and B is missing, how do expect A to behave? Anyways, smtpd is a daemon. It was forked off, and it was still running when it was checked immediately after you issued the command "/etc/rc.d/smtpd start". Its parent process had no doubt already terminated and control had reverted to the shell before the fatal error occurred. You would have to issue the command # rcctl check smtpd to check that smtpd is still running at some later time.
utf-8 support in OpenBSD's httpd
My question is: How can I get OpenBSD's httpd to serve a particular
file, or all files of a particular extension, as the case may be, with
the following HTTP header?
Content-type: text/plain; charset=utf-8
I have written a simple "hello-world" PHP script which creates a table
and inserts some data into the PostgreSQL database, queries the
database, and displays the results.
https://amarillo.colmena.biz/~justina/contacto.php
There is a link at the bottom of that page "ver la fuente" to view the
source, which appears to be served properly by php-fpm, since PHP
allows one to specify HTTP headers verbatim. I have also copied the
exact same script to
https://amarillo.colmena.biz/~justina/contacto.txt
but this file is not served with the correct character set encoding to
view properly in a web browser. In particular I have initialized the
database with the locale "es_MX.UTF-8" which was available on my
OpenBSD system. My script names one of the columns in the database
table with the literal Spanish word "método", containing the utf-8
character "é" which is outside the 7-bit US-ASCII set.
In /etc/httpd.conf, I have the following section.
types {
include "/usr/share/misc/mime.types"
}
In /usr/share/misc/mime.types,
There is the line
text/plain txt
but there does not seem to be a way to specify the correct character set
in the HTTP header from OpenBSD's httpd. What am I missing here?
Re: utf-8 support in OpenBSD's httpd
Original message From: Larry Hynes Date: 5/23/18 10:03 AM (GMT-09:00) To: justina colmena Subject: Re: utf-8 support in OpenBSD's httpd > I think the usual response to this is "use relayd to add headers".> There's a > hack here, that works: > https://marc.info/?l=openbsd-tech&m=150263245318202&w=2 > For personal stuff, I just add a byte order mark to the head of text files. I like the relayd suggestion, as someone else also mentionedbecause you didn't post to the list. Technically you shouldn't be doing anything wrong by addingbyte order mark, because anything that interprets utf-8 is reallysupposed to accept a BOM. The thing to verify is that the BOM doesn't cause the PHPinterpreter to pass it through as output before the opening "
Re: httpd match pattern issue
On Thu, 24 May 2018 16:47:46 +0200
Thuban wrote:
> Hello,
> I need to redirect some URLS with httpd. As example :
>
> /test/?d=2018/05/02/13/14/50-some-title
>
> Must be redirected to /2018/05/02/some-title
>
> My problem is that "?" is never matched.
>
> Here is the pattern I use :
>
> location match
> "^/test/%?d=(%d%d%d%d/%d%d/%d%d)/%d%d/%d%d/%d%d%-(%g+)$" { block
> return 301 "/%1/$2" }
>
>
> Any advice?
> After many tests, it seems that the only problem is the "?"
>
> thanks.
>
The portion of the URL from the "?" on is the "query string" -- I
wonder if that isn't broken off before the pattern matching occurs and
simply passed on verbatim to the new location
In PHP you could accomplish a quick and easy redirection by creating a
file /var/www/htdocs/test/index.php something like this:
===%<-
Re: Viewport for man.openbsd.org -- readability on phones
On Wed, 23 May 2018 11:47:47 +0200 Marko Cupać wrote: > I am sure OpenBSD will correct their errors in html/css code, if any, Right now, https://man.openbsd.org/relayd.conf.5 fails html validation. https://validator.w3.org/nu/?doc=https%3A%2F%2Fman.openbsd.org%2Frelayd.conf.5 There are several html elements with duplicate IDs.
Re: acme-client new cert error
On Sat, 26 May 2018 09:14:35 -0700
Scott Vanderbilt wrote:
> On 5/26/2018 4:54 AM, Stuart Henderson wrote:
>
> > aeneas.datagenic.com doesn't respond on port 80. (And if I can't
> > fetch it, letsencrypt's checkers are also unlikely to be able to).
> >
> > Firewall issue?
>
> Oh, FFS.
>
> Yes. A silly pf rule blocking incoming traffic from outside my LAN
> that I overlooked when I first considered that idea, but then
> discarded on account of the error message. Which, to me, at least,
> does not in any reasonable way point to a connection problem.
>
> So, thanks very much for applying the clue stick. And, to whom may I
> suggest that the misleading error message from acme-client be changed
> to something actually resembling the problem it has encountered?
>
I had a little trouble with acme-client and was discussing it over here
https://community.letsencrypt.org/t/acme-client-on-openbsd-6-3/61785
My solution involved putting in a CAA ("Certificate Authority
Authorization") record for the domain for which I was requesting the
certficate. Of course letsencrypt is supportive of open standards and
working with other clients, etc., but they do seem to have their own
client, "certbot", which is available in ports and packages on OpenBSD.
* https://letsencrypt.org/
* https://certbot.eff.org/
Yes, it would be unreasonable to expect too much support from the
"certbot" folks on OpenBSD's acme-client, because they aren't the ones
who are responsible for developing acme-client, although is a little
curious to me that "certbot" has such a close relationship with
"letsencrypt".
[justina@blanco ~]$ dig amarillo.colmena.biz caa
; <<>> DiG 9.11.3-RedHat-9.11.3-6.fc28 <<>> amarillo.colmena.biz caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55341
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amarillo.colmena.biz.IN CAA
;; ANSWER SECTION:
amarillo.colmena.biz. 38362 IN CAA 0 issue "letsencrypt.org"
amarillo.colmena.biz. 38362 IN CAA 0 issuewild ";"
;; Query time: 570 msec
;; SERVER: 192.168.44.1#53(192.168.44.1)
;; WHEN: Sat May 26 18:25:19 GMT 2018
;; MSG SIZE rcvd: 107
[justina@blanco ~]$
Re: Limit CPU usage of a process?
On May 27, 2018 2:07:16 AM AKDT, Maximilian Pichler wrote: >Is it possible to limit the CPU usage of a given process to, say, 20%? > >I'd like to slow down the web browser since it is draining my laptop's >battery. With enough tabs open it's often consuming ~50% of CPU but >not doing anything productive. Apparently with RLIMIT_CPU in >setrlimit(2) the total CPU time of a process can be limited. Can a >similar limit be set for the percentage? > >Thanks Use the "ulimit" command within ksh(1). A lot of websites these days run malicious JavaScript to mine for Bitcoin on their client's computers. -- https://www.colmena.biz/~justina/contacto.php
Re: acme-client new cert error
On May 27, 2018 2:21:13 PM AKDT, Stuart Henderson wrote: >certbot used to just be called "letsencrypt" and was some kind of joint >EFF/letsencrypt development, hence the close relationship. That's fine. If certbot may be used with other CAs, and if letsencrypt is willing to issue certs on request from other clients, and they are O.K. with that, so much the better. Otherwise we've got something a little bit too proprietary-ish going on, but in any case, letsencrypt is the default or example CA for OpenBSD's native acme-client. Plenty of folks are no doubt a bit concerned about the commercial viability of their business model of charging money for "commercial" certs accepted by major browsers. Maybe it's actually illegal to use a non-commercial cert on a .biz domain and I just haven't been made officially aware of that fact. -- https://www.colmena.biz/~justina/contacto.php
Re: Autocompletion with pass in ksh
On Sun, 6 May 2018 06:33:13 +0200 Niels Kobschaetzki wrote: > pass (www.password-store.org) is a password manager Did you mean https://www.passwordstore.org/ (no hyphen)? "the standard unix password manager" It depends on GnuPG, https://www.gnupg.org/ which is a GNU project. If this is part of an actual Unix standard, please do tell. "UNIX(R)" is a registered trademark of "The Open Group" http://www.opengroup.org/unix "The Open Group" is a very strange consortium of large tech corporations, none of which have anything to do with GnuPG or with this little utility "pass," however useful it might be.
Re: relayd(8) relay to unix domain socket
On Sun, 3 Jun 2018 00:57:11 +0300 IL Ka wrote: > Is it possible to relay to unix domain socket using relayd(8)? > It seems that relayd(8) only works with protocols on top of IP. That's a good question. A similar question I would have is whether it is able to relay connections arbitrarily between IPv4 and IPv6. I wonder if it wouldn't be easier to hack something together with inetd(8) if you want to serve a unix domain socket over TCP/IP.
Re: System crash freeze after patching OpenBSD 6.3
On June 2, 2018 5:44:01 PM AKDT, Joseph Olatt wrote:
>Hi,
>
>My system started crashing and freezing after applying the latest
>patch.
>Only a hard reset by pressing the power button brings the system back.
>The symptoms seem identical to that described in:
>
> https://marc.info/?l=openbsd-misc&m=152753921800394
>
>The error I get is:
>
> Kernel: protection fault trap, code=0
> Stopped at wakeup_nt0 xae movq %rcx 0(%rax)
> ddb{0}>
>
I've been doing some googling. Something is covered up. That "xae" appears
to be a rather 'sensitive' acromym of sorts for something to do with a remote
kill switch for automotive applications... Why would it show up in BSD code?
--
https://www.colmena.biz/~justina/contacto.php
Re: Send public IP / Alias / Reported in Round Robin manner
On June 5, 2018 7:22:05 AM AKDT, Berry Wendermouth wrote: >When I check for the public ip [2] the original IP "A" is constantly >reported. This will likely be the case until the ttl on the original dns record expires. >When I check from a connected VPN client the public IP is returned in >a "Round Robin" manner, switching between "A" and "B" for each check. This is perfectly normal load-balancing behavior when you have two A records (or 2 records) for the same host in dns. Put in some A records for ipa.myhost.riseup.net and ipb.myhost.riseup.net or otherwise give the two ip addresses unique (additional) names if you wish to distinguish. -- https://www.colmena.biz/~justina/contacto.php
Re: OpenBSD logo on my private hompage. It is allowed?
On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer wrote: >Hallo, > >Thanks! I have read over that. > >Best regards, >Johannes Krottmayer > >On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin wrote: >> On 7 June 2018 at 17:36, Johannes Krottmayer >wrote: >>> Can I use the OpenBSD logo on my homepage? It is allowed? >>> I can't find any information about this plan. >> >> http://www.openbsd.org/art1.html has all the details. >> >> C. >> " ... it is our intent that anyone be able to use these images to represent OpenBSD in a positive light -- but do not make profit from them " The no-profit clause is new. Sounds like I'd better dump OpenBSD entirely if I want to make a profit at any sort of business or keep any of my private information private or retain any of MY intellectual property for my own use. There's a giant hole in my pocket that needs to be sewn up. Not sure where to go. The lawyers are coming out like alligators from the Florida swamps. This is as bad as SCO and groklaw. OpenBSD is for non-profit use only. Thank you for bringing that to my attention. -- https://www.colmena.biz/~justina/contacto.php
Re: OpenBSD logo on my private hompage. It is allowed?
On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III wrote: > > >On 06/07/18 18:51, justina colmena wrote: >> On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer > wrote: >>> Hallo, >>> >>> Thanks! I have read over that. >>> >>> Best regards, >>> Johannes Krottmayer >>> >>> On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin >wrote: >>>> On 7 June 2018 at 17:36, Johannes Krottmayer >>> wrote: >>>>> Can I use the OpenBSD logo on my homepage? It is allowed? >>>>> I can't find any information about this plan. >>>> http://www.openbsd.org/art1.html has all the details. >>>> >>>> C. >>>> >> " ... it is our intent that anyone be able to use these images to >represent OpenBSD in a positive light -- but do not make profit from >them" >> >> The no-profit clause is new. Sounds like I'd better dump OpenBSD >entirely if I want to make a profit at any sort of business or keep any >of my private information private or retain any of MY intellectual >property for my own use. There's a giant hole in my pocket that needs >to be sewn up. Not sure where to go. The lawyers are coming out like >alligators from the Florida swamps. This is as bad as SCO and groklaw. >> >> OpenBSD is for non-profit use only. Thank you for bringing that to my >attention. >> -- >> https://www.colmena.biz/~justina/contacto.php >> >I hope your joking. Obviously they don't want rogue people selling >merchandise with these images since it would detract from legitimate >sales that support the project. The operating system's license info is >here: >https://www.openbsd.org/policy.html Straw that broke the camel's back. There are a few other issues, namely people getting foreign psych degrees and prescribing "benzedrine" and such. I don't do drugs, and no, I am most certainly not joking. I am not happy with that kind of stuff, and I personally do not want to support it on MY web page. -- https://www.colmena.biz/~justina/contacto.php
