the DNSSEC validation DoS
vulnerabilities - both CVE-2023-50387 ("KeyTrap") and CVE-2023-50868 (NSEC3
vuln) - improvements welcome)
--
Royce Williams
Tech Solvency
On Sat, Feb 17, 2024 at 1:11 AM Dave Taht wrote:
> Really long list of fixed dns servers here:
>
>
> https://ww
On Wed, Feb 7, 2024 at 7:14 AM Marcel Becker via mailop
wrote:
> On Wed, Feb 7, 2024 at 7:46 AM Royce Williams via mailop <
> mailop@mailop.org> wrote:
>
>> This only applies if your sending more than 5000 messages per day.
>>> Most smaller senders are still fine
On Wed, Feb 7, 2024, 4:55 AM Andreas S. Kerber via mailop
wrote:
> Am Wed, Feb 07, 2024 at 02:20:25PM +0100 schrieb Jaroslaw Rafa via mailop:
> > For outgoing, Google requires that you have DMARC record set up. So if
> you
> > are sending anything to Google, you need that.
>
> This only applies i
This is a note to whoever maintains the Outlook Support autoresponder email
reply templates.
tl;dr Almost every single recommended link in the "helpful tips" guidance
you're sending is broken - likely because the latest year included in the
document is *2007*.
(If someone knows of an up-to-date v
;
> https://en.m.wikipedia.org/wiki/NTP_server_misuse_and_abuse#
> <https://en.m.wikipedia.org/wiki/NTP_server_misuse_and_abuse#:~:text=NTP%20server%20misuse%20and%20abuse%20covers%20a%20number%20of%20practices,the%20NTP%20rules%20of%20engagement.>
>
>
> -mel
>
> On Aug 6, 2023,
Naively, instead of abstaining ;) ... isn't robust diversity of NTP peering
a reasonable mitigation for this, as designed?
Royce
On Sun, Aug 6, 2023 at 10:21 AM Mel Beckman wrote:
> William,
>
> Due to flaws in the NTP protocol, a simple UDP filter is not enough. These
> flaws make it trivial t
On Tue, Jan 3, 2023 at 11:59 AM John Curran wrote:
> FYI - ARIN Online now has FIDO2/Passkey as an option for two-factor
> authentication (2FA) - this is a noted priority for some organizations.
>
John - this is a great step forward! Kudos to the tech team who helped make
the leap - it can be da
On Fri, May 27, 2022, 9:55 PM Peter Beckman wrote:
> Not to be confused with FIDO U2F, which is basically what TOTP 2FA is,
> just implemented differently.
>
FIDO U2F is materially different from TOTP 2FA.
With TOTP, there is no cryptographic validation of the requester / server.
A user can
Even multi-pass overwrite of SSDs is not a sufficient purge, due to how
writing is distributed / optimized on SSDs. So dd / dc3dd is insufficient.
Only invoking the on-controller ATA Secure Erase / sanitize command (using
'camcontrol security -e' as Eugene said elsewhere in the thread) is the
val
On Sun, Dec 13, 2020 at 3:30 PM John Levine wrote:
> In article you write:
> >On Sun, 13 Dec 2020, Randy Bush wrote:
> >> i find this extremely frustrating. i realize that i am a dinosaur, but
> >> i really want a usable response to a whois query. compare
> >
> >I would just like to be able to
On Sun, Dec 13, 2020 at 11:09 AM Maarten Bosteels
wrote:
> I fully agree with Steve that domain names have a peculiar value. Perhaps
> the purchase price has become too low?
>
That feels like treating the wrong part of the problem chain. Loss of a
phone number can also cause significant business
The recent thread on CIDR aggregation cleanup scripts reminds me that I'm
looking for a similarly efficient implementation of a related tool. (I'm
gearing up to write my own in Perl, but don't want to reinvent the wheel.)
I'd like a fast, Unix-pipeline-ready tool that *replaces* all IPs within
tha
Is the @freebsdsecurity Twitter handle managed by the security team? (If
so, looks like it's been fallow since 2016?)
If not, is there an equivalent Twitter account that is official?
--
Royce
___
freebsd-security@freebsd.org mailing list
https://lists.
On Tue, Dec 31, 2019 at 7:46 AM Matt Harris wrote:
>
> On Tue, Dec 31, 2019 at 10:34 AM Royce Williams
> wrote:
>
>> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote:
>>
>>>
>>> The better solution here isn't to continue to support known-flaw
On Tue, Dec 31, 2019 at 7:32 AM Royce Williams
wrote:
> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote:
>
>> On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen wrote:
>>
>>> On 12/31/19 12:50 AM, Ryan Hamel wrote:
>>> > Just let the old platforms
On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote:
> On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen wrote:
>
>> On 12/31/19 12:50 AM, Ryan Hamel wrote:
>> > Just let the old platforms ride off into the sunset as originally
>> > planned like the SSL implementations in older JRE installs, XP, etc.
On Tue, Dec 31, 2019 at 6:12 AM Seth Mattinen wrote:
> On 12/31/19 12:50 AM, Ryan Hamel wrote:
> > Just let the old platforms ride off into the sunset as originally
> > planned like the SSL implementations in older JRE installs, XP, etc. You
> > shouldn't be holding onto the past.
>
>
> Because p
On Wed, Dec 25, 2019 at 1:15 AM william manning
wrote:
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-189.pdf
>
I can't speak to the technical content, but this put a curdle in my morning
coffee:
"... that comprise the internet [sic]" .
Et tu, NIST?
I will die on this "c
The difference is that Chrome won't use resolvers other than the ones
you've configured yourself, and will simply opportunistically upgrade to
DoH if they detect that those resolvers support it.
In other words, there is no usurpation of administrative intent.
Royce
On Wed, Oct 30, 2019 at 7:30 A
On Wed, May 8, 2019 at 11:12 PM Eric S. Raymond wrote:
> Chris Adams :
> > Once upon a time, Royce Williams said:
> > > The La Crosse 404-1235UA-SS UltrAtomic (not affiliated, just a fan)
> tracks
> > > DST - and even leap seconds. They have much better reach than
On Wed, May 8, 2019 at 7:16 PM Bryan Holloway wrote:
> On 5/8/19 7:55 PM, Brian Kantor wrote:
> > On Wed, May 08, 2019 at 07:47:56PM -0500, Bryan Holloway wrote:
> >> 100% true. But there is also a practical side to this ...
> >>
> >> When a NOC-ling, in their own local timezone, says, "hey, what
On Sat, May 4, 2019 at 8:02 AM Royce Williams
wrote:
> On Sat, May 4, 2019 at 7:40 AM Royce Williams
> wrote:
>
>> On Sat, May 4, 2019 at 7:32 AM Keith Medcalf wrote:
>>
>>>
>>> I will stick to the "clearly false" since it is now well to the po
On Sat, May 4, 2019 at 7:40 AM Royce Williams
wrote:
> On Sat, May 4, 2019 at 7:32 AM Keith Medcalf wrote:
>
>>
>> I will stick to the "clearly false" since it is now well to the point
>> where we are in 2019-05-04 (even in local UT1, let alone UTC), studies ar
On Sat, May 4, 2019 at 7:32 AM Keith Medcalf wrote:
>
> I will stick to the "clearly false" since it is now well to the point
> where we are in 2019-05-04 (even in local UT1, let alone UTC), studies are
> disabled (and have been since forever), no studies have been loaded, and my
> extensions sti
On Wed, Apr 24, 2019 at 8:33 PM Mike Bolitho wrote:
> "than the relatively low risk of a database compromise leading to a
>> miscreant getting ahold of their wireless password and using their access
>> point as free wifi."
>>
>
> And this is the thing, not only does someone have to 'hack' the dat
On Tue, Jan 29, 2019 at 7:52 PM Keith Medcalf via Dumpsterfire <
dumpsterfire@firemountain.net> wrote:
> On Monday, 28 January, 2019 08:45, José María Mateos
> wrote:
>
> >The Japanese government approved a law amendment on Friday that will
> >allow government workers to hack into people's Intern
And just imagine what email threading might be like today ...
... if early email clients had defaulted to displaying the *bottom* of the
thread (as if you'd scrolled there).
Thoughtful UX design matters.
--
Royce Williams
Tech Solvency
On Mon, Jan 14, 2019 at 8:39 PM wrote:
> A: Be
Obligatory list of all known same-quad servers and their DNS status -
corrections welcome:
https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1
If there is info about previous/historical use of these IPs, I'd like to
find a way to incorporate that as well.
--
Royce
On Thu, N
On Sun, Jul 29, 2018 at 8:58 PM wrote:
>
> On Mon, 30 Jul 2018 06:43:35 +0200, Ramy Hashish said:
> > If you are going to start a security team in a newly founded IT
> > organization, what will the objectives/results be?
>
> The answer will depend heavily on the organization that contains the IT
>
On Sat, May 26, 2018 at 4:57 PM Dan Hollis wrote:
> I imagine small businesses who do a small percentage of revenue to EU
> citizens will simply decide to do zero percentage of revenue to EU
> citizens. The risk is simply too great.
That would be a shame. I would expect the level of effort to be
And FWIW, there are currently a few other other same-quad open resolvers:
# IP - desc | CIDR | recursion-yes
1.1.1.1 - APNIC-LABS - Research prefix for APNIC Labs (now Cloudflare
distributed public recursive DNS) | 1/8 | recursion-yes
8.8.8.8 - Google LLC (public recursive DNS) | 8.8.8/24 | recurs
On Fri, Mar 30, 2018 at 5:30 AM, Christopher Morrow
wrote:
>
> On Thu, Mar 29, 2018 at 10:32 AM, Stephane Bortzmeyer
> wrote:
>
> > Public DNS resolvers still help against "ordinary" adversaries. (If
> > your ennemy is the NSA, you have other problems, anyway.)
If you're individually targeted by
On Thu, Mar 1, 2018 at 1:38 PM, Randy Bush wrote:
>
> > this is sort of why openbsd listens only on 127.0.0.1/::1 by default,
> > right? it's the only sane choice for 'fresh out of the box' network
> > daemons: "Yes, it's running, yes I can healthcheck it locally to prove
> > it's running"
>
> ami
On Wed, Jan 3, 2018 at 10:01 AM, Lev Serebryakov wrote:
> Hello Joey,
>
> Wednesday, January 3, 2018, 4:56:50 AM, you wrote:
>
> > No way around it. It's hardware FAIL, and ignoring it isn't an option
> since
> > it's apparently a huge hole.
> Looks like there IS way around it and it was "silent
On Sun, Dec 3, 2017 at 10:31 AM, Grant Taylor via NANOG
wrote:
> On 12/03/2017 10:08 AM, Filip Hruska wrote:
>
>> It's kind of a pain to manage a mail server.
>>
>
> I disagree.
>
> I have been running my own mail server for > 15 years and extremely happy
> with it.
>
> I spend less than an hour
On Fri, May 12, 2017 at 10:30 AM, Royce Williams
wrote:
> My $0.02, for people doing internal/private triage:
>
> - If your use of IPv4 space is sparse by routes, dump your internal
> routing table and convert to summarized CIDR.
>
> - Feed your CIDRs to masscan [1] to scan for
My $0.02, for people doing internal/private triage:
- If your use of IPv4 space is sparse by routes, dump your internal routing
table and convert to summarized CIDR.
- Feed your CIDRs to masscan [1] to scan for internal port 445 (masscan
randomizes targets, so destination office WAN links won't s
On Sat, Mar 25, 2017 at 6:36 PM, John Levine wrote:
>>Is there a way to decrease the cost of enforcement, and to increase
>>leverage over abusive domains, while still allowing private
>>registration?
>
> Sure. Do what .CA does, limit proxies to natural people, and remove
> the proxy if the domain
It's been a while since I worked the abuse desk, but "using WHOIS to
combat abuse" is a convenient handle that may gloss over an important
part of how it's really used.
Don't abuse fighters usually need to know WHOIS data, not to act on it
directly ourselves ... but rather to direct *someone else'
On Fri, Mar 17, 2017 at 4:21 PM, Bill Campbell wrote:
> I've had PCI testers complain when they tried port scans on
> systems we monitor, and their IPs were blocked almost
> immediately. They couldn't understand active measures that
> detect attacks and take actions to prevent damage. They actu
On Fri, Mar 17, 2017 at 9:42 AM, wrote:
> On 17 Mar 2017 15:47:50 +0100, "John R Levine" said:
>
>> I used to have my own credit card account and my card processor demanded
>> PCI compliance. About 1/4 of it was reasonable, 3/4 was cargo cult stuff
>> that mostly involved stuff like setting pack
On Mon, Mar 6, 2017 at 5:12 AM, Andrew Gallo wrote:
>
> On 3/6/2017 3:55 AM, Majdi S. Abbas wrote:
>>
>> On Wed, Feb 22, 2017 at 04:59:53AM -0800, Hal Murray wrote:
>>>
>>> Any suggestions for gear and/or software that works with WWV (or CHU)?
>>> Or general suggestions for non GPS sources of time
On Thu, Mar 2, 2017 at 3:36 PM, Erik Nordstrøm wrote:
> Hi all,
>
> A few years back, The FreeBSD Mall was selling t-shirts with the
> FreeBSD bobble head prominently printed on them.
>
> I bought three of these t-shirts and given how much I enjoy
> using FreeBSD they are of course my favorite t-
On Wed, Mar 1, 2017 at 7:57 PM, James DeVincentis via NANOG
wrote:
[ reasonable analysis snipped :) ]
> With all of these reasons all wrapped up. It clearly shows the level of hype
> around this attack is the result of sensationalist articles and clickbait
> titles.
I have trouble believing t
We just need to keep the likely timeline in mind.
As I saw someone say on Twitter today ... "don't panic, just deprecate".
Valeria Aurora's hash-lifecycle table is very informative (emphasis mine):
http://valerieaurora.org/hash.html
Reactions to stages in the life cycle of cryptographic hash fu
On Wed, Feb 22, 2017 at 12:17 PM, Gary E. Miller wrote:
> Yo Royce!
>
> On Wed, 22 Feb 2017 11:38:04 -0900
> Royce Williams wrote:
>
>> On Wed, Feb 22, 2017 at 11:30 AM, Gary E. Miller
>> wrote:
>> >
>> > Yo Achim!
>> >
>>
On Wed, Feb 22, 2017 at 11:30 AM, Gary E. Miller wrote:
>
> Yo Achim!
>
> On Wed, 22 Feb 2017 18:21:01 +0100
> Achim Gratz wrote:
>
> > Gary E. Miller writes:
> > > Mark was thinking of a separate ntp-tools package or option. Many
> > > distros has a X package and a matching X-tools package. We
Quoting myself on IRC today:
CSS/presentation request for the blog: something to visually separate
the byline from the text ... either more whitespace, or a line or two,
or a different color, etc.
My eyes keep trying to read the first line as:
"One of the earliest technical decisions the NTPsec
On Sat, Jan 28, 2017 at 2:22 AM, Shahab Vahabzadeh
wrote:
>
> Hello Hello,
> Can anybody help me to find out IP Address Ranges of Akamai and Instagram?
> I wanna do some optimizations on my cache side?
> Thanks
I do not know the difference between Akamai's corporate blocks and
those used for cach
On Tue, Jan 17, 2017 at 3:04 PM, Eric Tykwinski wrote:
> So I’ve come across this on Qualys and just wondering if there’s any
> practical examples out there in the wild.
> I know some BIND guys are on here, so I’m sure I’m missing something from the
> RFCs.
> Just wanted to test this out on my p
On Fri, Jan 6, 2017 at 8:14 AM, Eric S. Raymond wrote:
> The successful scalarization of both 64-bit timestamp types has now
> been achieved.
Most excellent! From my vantage point in the peanut gallery, it's been
a fascinating and inspiring show.
[snip]
> 7. NTPv5? Maybe a new base protocol, m
On Thu, Dec 22, 2016 at 4:05 PM, Harlan Stenn wrote:
> This sort of misconfiguration will happen and the NTP Pool Project
> clearly isn't the place to solve this problem overall. It *is*
> something NTF is in a position to address.
Harlan, could you be more specific about how NTF can address th
owshare. :)
Royce
>> On Dec 21, 2016, at 22:16, Royce Williams wrote:
>>
>> On Tue, Dec 20, 2016 at 7:08 AM, Royce Williams
>> wrote:
>>
>> [snip]
>>
>>> IMO, *operational, politics-free* discussion of items like these would
>>> also
On Tue, Dec 20, 2016 at 7:08 AM, Royce Williams wrote:
[snip]
> IMO, *operational, politics-free* discussion of items like these would
> also be on topic for NANOG:
>
> - Some *operational* workarounds for country-wide blocking of
> Facebook, Whatsapp, and Twitter [1], or Si
On Wed, Dec 21, 2016 at 3:49 PM, Ken Chase wrote:
> On Wed, Dec 21, 2016 at 04:41:29PM -0800, Doug Barton said:
> [..]
> >>Everyone has a line at which "I don't care what's in the pipes, I just
> >>work here" changes into something more actionable.
> >
> >Stretched far beyond any credibil
On Tue, Dec 20, 2016 at 8:19 PM, Royce Williams wrote:
> On Tue, Dec 20, 2016 at 8:04 PM, Yury Shefer wrote:
>>
>> Google announced public NTP service some time ago:
>> https://developers.google.com/time/
>
> Leap smearing does look interesting as way to sidestep the
On Tue, Dec 20, 2016 at 8:04 PM, Yury Shefer wrote:
>
> Google announced public NTP service some time ago:
> https://developers.google.com/time/
Leap smearing does look interesting as way to sidestep the
potentially-jarring leap-second problem ... but a note of caution.
I've had multiple time ge
n Sat, Dec 17, 2016 at 6:15 PM, Doug Barton wrote:
> On 12/16/2016 1:48 PM, Hugo Slabbert wrote:
>>
>> This started as a technical appeal, but:
>>
>> https://www.nanog.org/list
>>
>> 1. Discussion will focus on Internet operational and technical issues as
>> described in the charter of NANOG.
>
>
On Mon, Dec 19, 2016 at 12:49 PM, Dan Drown wrote:
> Quoting David :
>>
>> On 2016-12-19 1:55 PM, Jan Tore Morken wrote:
>>>
>>> On Mon, Dec 19, 2016 at 01:32:50PM -0700, David wrote:
I found devices doing lookups for all of these at the same time
{0,0.uk,0.us,asia,europe,north
See also:
https://twitter.com/textfiles/status/808715999042117632
https://twitter.com/textfiles/status/808922272551550976
Jason Scott@textfiles
When your boss gives you the goahead to mirror 200tb of NOAA data,
you run with it
Don't let the fact that The Internet Archive is all over thi
On Mon, Nov 21, 2016 at 2:18 PM, Kurt Roeckx wrote:
> On Mon, Nov 21, 2016 at 02:11:12PM -0900, Royce Williams wrote:
>>
>> If those minimal changes are turned into a compile-time option, this
>> would enable adding fuzzing to the rolling test suite, perhaps using
>>
This can obviously wait until after the current CVE scramble dies down.
Below is how Stubman modified ntpd to be afl-friendly. I'm not sure,
but I think he modified ntpd to accept UDP "input" from stdin, and
created valid initial NTP UDP "packets" as test-case data with which
to to "seed" afl.
Un
On Wed, Nov 2, 2016 at 6:47 PM, William Herrin wrote:
> On Wed, Nov 2, 2016 at 10:39 PM, Randy Bush wrote:
> > the sysadmins' dilemma: do you install today's critical update or wait a
> > day until the next one is out before you reboot 50 servers?
>
> Neither. You wait for the normal patch cycle
On Mon, Sep 26, 2016 at 7:23 AM, Mark Milhollan wrote:
>
> On Sun, 25 Sep 2016, Stephen Satchell wrote:
>
> >Yeah, right. I looked at BCP38.info, and there is very little concrete
> >information.
>
> Yeah, it's pretty naked. But how-to isn't the usual stumbling block, as
> has been pointed out i
On Tue, Aug 30, 2016 at 9:11 PM, Royce Williams wrote:
> On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke wrote:
>>
>> http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html
>>
>> One of the largest Chinese root certificate authority WoSign issued many
>
On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke wrote:
>
> http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html
>
> One of the largest Chinese root certificate authority WoSign issued many
> fake certificates due to an vulnerability. WoSign's free certificate
> service allowed its u
It might also be interesting to post some redacted/simplified examples of
both formats. If the conversion is "just" text manipulation and reworking
of logic, it might not be hard to cobble something basic together quickly,
and then crowdsource improvements quickly on Github.
Royce
On Mon, Apr 25
On Thu, Mar 10, 2016 at 6:57 AM, John R. Levine wrote:
>>>
>>> I've set up .ws.sp.am (that's ws for Whois Server) which is
>>> updated every day from a variety of sources so it's pretty accurate.
>>> It's had the right server for pro.ws.sp.am all along.
>
>
>> Hey, that's fantastic!
>>
>> Feature
On Thu, Mar 10, 2016 at 4:32 AM, John Levine wrote:
> > _whois._tcp.pro. srv 0 100 43 whois.afilias.net.
>
> A swell idea, but unfortunately the idea of putting SRV records in
> gTLD zones makes heads at ICANN explode. For RDAP there's a registry
> at IANA but it's not populated yet and it
On Wed, Mar 9, 2016 at 3:54 PM, Mark Andrews wrote:
>
> Additionally 'whois' is free form text. Whois doesn't include a
> AI to workout what this free form text means so, no, there isn't a
> actual referral for a whois application to use.
I'm not affiliated, but there are a couple of companies t
On Tue, Mar 8, 2016 at 10:21 AM, Hugo Slabbert wrote:
> On Tue 2016-Mar-08 19:10:14 +, Gavin Henry
> wrote:
>
> Really love the Opengear IM range. We use IM4216's
>>
>
> I'm surprised no one's mentioned freetserv[1] yet. I haven't used them so
> don't consider this an endorsement, but on th
On Thu, Feb 18, 2016 at 5:40 AM, Jay R. Ashworth wrote:
> Let me be, apparently, the first to extend congratulations to long time
> NANOGer, Columbia CS professor, security researcher, and co-inventor of
> Usenet -- does anybody remember Usenet? :-) -- Steven M. Bellovin, who,
> it was announced y
On Fri, Feb 12, 2016 at 1:49 PM, John Marino wrote:
> Royce wrote:
>> It would be nice to be asked at the point of installing the system
>> what kind of software management you want:
>>
>> [X] Install software from binary packages only
>> [ ] Install software from ports only (compiling everything
On Fri, Feb 12, 2016 at 1:07 PM, Roger Marquis wrote:
>>> (The Ubuntu /etc/alternatives symlink system and other mechanisms solve
>>> this well)
>
>
> That hasn't been my experience but then I'm not a big fan of symlinks
> which can't be safely modified outside of the (d)pkg system. As a
> genera
On Fri, Feb 12, 2016 at 6:38 AM, Royce Williams wrote:
> This is, indeed, a gap in the Debian world. It's one that the ports
> system is a great start towards resolving. That's why I think that
> ports + pkg could be a superior offering that people would flock to,
> a
On Fri, Feb 12, 2016 at 5:56 AM, Jim Ohlstein wrote:
> On 2/11/16 7:22 PM, Royce Williams wrote:
>> Is the abstraction is happening at the equivalent level here? The
>> platforms that I'm thinking of -- that appear to have already solved
>> this entire class of p
On Thu, Feb 11, 2016 at 3:41 PM, John Marino wrote:
>
> On 2/12/2016 1:22 AM, Royce Williams wrote:
> > Is the abstraction is happening at the equivalent level here? The
> > platforms that I'm thinking of -- that appear to have already solved
> > this entire class o
On Thu, Feb 11, 2016 at 11:17 AM, John Marino wrote:
> On 2/11/2016 9:08 PM, Royce Williams wrote:
>> On Thu, Feb 11, 2016 at 10:33 AM, John Marino wrote:
>>>
>>> On 2/11/2016 8:25 PM, Lev Serebryakov wrote:
>>>> -BEGIN PGP SIGNED MESSAGE-
>>
On Thu, Feb 11, 2016 at 10:33 AM, John Marino wrote:
>
> On 2/11/2016 8:25 PM, Lev Serebryakov wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On 07.02.2016 17:28, John Marino wrote:
> >
> >> ports-mgmt/synth. I would love to hear what signficant thing
> >> portmaster can d
On Tue, Feb 9, 2016 at 6:50 AM, Royce Williams wrote:
> IMO, this entire thread is masking a deeper symptom: FreeBSD
> ports/packages management is fragmented.
[snip]
> We need to capture users' reasons for preferring specific frameworks,
> and build a roadmap to how they
IMO, this entire thread is masking a deeper symptom: FreeBSD
ports/packages management is fragmented.
Each unofficial tool treats some symptoms well, and others poorly.
The fact that I have to use the phrase "ports/packages" is indicative
of a deep schizophrenia.
Don't get me wrong -- I love the
No direct knowledge, but from comments on another list, it may be intermittent.
Jason Fesler of test-ipv6.com reported on Jan 30 2016 at 2:08 PM PST
that his Team Cymru API connections for ISP ASN and Name checks broke,
and pushed a workaround to all test nodes. He then reported at 7:30
PM PST th
On Fri, Dec 18, 2015 at 8:03 AM, Steven M. Bellovin
wrote:
> On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote:
>
>> On 18 Dec 2015, at 7:28, Dave Taht wrote:
>>
>>> I think "unauthorized code" is still plausible newspeak for "bug".
>>>
>>> Why blame finger foo when you can blame terrorists?
>>
On Wed, Dec 9, 2015 at 6:32 AM, Brandon Applegate wrote:
> They’ve made some changes recently - I had a perl script that would do the
> lookup and scrape live - it was great. It broke a week or so ago.
>
> This seems to be the page to search for OUI:
>
> https://regauth.standards.ieee.org/standa
On Sat, Nov 14, 2015 at 3:34 AM, Roland Dobbins wrote:
>>
>> More likely this is going to be iterations of what is already being more
widely accepted. Downloadable pre-configured client software that works
with a particular VPN service.
>
>
> Again, downloading is a barrier to entry. Don't you re
On Fri, Nov 13, 2015 at 8:28 PM, Roland Dobbins wrote:
> On 14 Nov 2015, at 11:32, Owen DeLong wrote:
>
> Go out onto the street and ask a random number of people over 30 if they
>> know what a URL is and how to enter one into a browser.
>>
>
> They don't know what URIs are, nor do they enter th
Firmware should match driver, e.g.:
mps0: Firmware: 19.00.00.00, Driver: 19.00.00.00-fbs
Some of this may help -- not yet updated for 10.2, but may still be useful:
http://roycebits.blogspot.com/2015/01/freebsd-lsi-sas9211-8i-hba-firmware.html
Royce
On Thu, Nov 12, 2015 at 12:05 PM, Kai Galla
On Mon, Oct 26, 2015 at 9:10 AM, Pablo Lucena
wrote:
> On Sun, Oct 25, 2015 at 12:22 AM, Josh Luthman <
> j...@imaginenetworksllc.com>
> wrote:
>
> > Can we please get a filter for messages with the subject "Fw: new
> message"
> > ???
> >
> So far I've dealt with it via Gmail's 'mute conversatio
On Mon, Oct 12, 2015 at 7:23 AM, Todd Underwood wrote:
>
> it's also not entirely obvious what the point of having local IXes
> that serve these kinds of collections of people.
>
> how much inter-ASN traffic is there generally for a city of 100k
> people, even if they all have 1Gb/s connections?
On Tue, Sep 29, 2015 at 7:12 AM, Job Snijders wrote:
>
> Hi Bob,
>
> On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote:
> > This seems like a very good proper civil approach - maybe this or
> > something like it ARIN might help promote and endorse as a benefit to
> > the community ? Be nic
On Wed, Sep 23, 2015 at 1:34 AM, Nick Hilliard wrote:
> What are people using for ear protection for datacenters these days?
For me, it depends on the use case.
If I need to monitor for other sounds, or listen to music:
Bose QuietComfort 15 - discontinued, but still at Costco.com for $240.
The
HD Moore just posted the results of a full-Internet ZMap scan. I didn't
realize that it was remotely detectable.
79 hosts total in 19 countries.
https://zmap.io/synful/
Royce
Why didn't anyone mention this port to me? ;)
http://www.ebay.com/itm/151786056996
The auction says "It has not been started up" - so maybe there's a
"Powered by FreeBSD" sticker on the chassis or something ...
Royce
___
freebsd-chat@freebsd.org ma
On Thu, Jun 18, 2015 at 3:21 AM, Peter Olsson <
list-freebsd-annou...@jyborn.se> wrote:
> On Thu, Jun 18, 2015 at 05:53:20AM +, FreeBSD Errata Notices wrote:
> > Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE)
> > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELE
On Thu, May 21, 2015 at 6:21 AM, Mark Felder wrote:
>
>
> On Wed, May 20, 2015, at 17:48, Xin Li wrote:
> ]>
> > Well, currently OpenSSL do accept weak DH so _arguably_ it does affect
> > FreeBSD, and it's likely to break existing applications if we enforce
> > such restrictions (namely, Java 6).
On Tue, May 19, 2015 at 7:15 AM, Ulrich Drolshagen wrote:
> Hi all,
>
> I brought myself in real trouble with a really important 9.0 release
> system (9.0-RELEASE-p4). It's amd64. By accident I deleted the following
> binaries from /bin: cat, chflags, chio, chmod and cp
> Does anybody still have
On Tue, Apr 14, 2015 at 12:05 PM, Baptiste Daroussin wrote:
> Final pkg 1.5.0 has been released.
Great! How do I upgrade to it?
$ date
Tue Apr 14 13:51:47 AKDT 2015
$ pkg --version
1.4.12
$ pkg info | egrep '^pkg-'
pkg-1.4.12 Package manager
$ sudo pkg upgrade pkg
Updatin
On Apr 2, 2015 9:44 AM, "Chris H" wrote:
>
> IMHO I believe that the height of the bar, is directly proportionate
> to the quality of the product.
We were all new once.
There are many reasons - language, social fluidity, economic background,
etc. - for which a too-high initial hurdle can make a
On Sat, Mar 21, 2015 at 12:20 AM, Colin Percival wrote:
> On 03/20/15 17:49, Eitan Adler wrote:
>> On 20 March 2015 at 10:50, Jeremy C. Reed wrote:
>>> Anyone heard of any university/college scholarships for studies or
>>> community involvement related to open source or BSD?
>>
>> http://www.daem
On Tue, Jan 13, 2015 at 5:41 PM, Joshua Smith wrote:
>> On Jan 13, 2015, at 6:14 PM, Royce Williams wrote:
>>
>> At Craig Rodrigues' request, I'm starting a new thread here branched
>> from a freebsd-ports@ thread. For those who want more context, the
>>
1 - 100 of 270 matches
Mail list logo
