On Thu, 2010-12-09 at 15:01 +, lh wrote:
> Hi,
>
> what are the good available alternatives (security/privacy) for gmail
> you're using?
>
Colo box (I'll toss the various virtual machine and chroot jail hosting
solutions into that).
Some flavor of VPN account where you can keep a nice static
On Wed, 2010-09-22 at 19:29 +, Rikky Taylor wrote:
> I was after some general advice. I need to setup a routing firewall with 3
> interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
Sorry, that's just too vague to have any meaning.
Come back with a topology and numbers for t
On Fri, Jun 11, 2010 at 05:32:00PM +0200, Marc Espie wrote:
> On Fri, Jun 11, 2010 at 10:24:16AM -0400, Chris Dukes wrote:
> > On Thu, Jun 10, 2010 at 11:28:40AM +0300, Dexter Tomisson wrote:
> > > http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
> >
> > IH
r the task at hand.
--
Chris Dukes
precated SSL/SMTP (aka SMTPS) port. Sorry,
I don't know if relayd's SSL acceleration will help here.
3) Use a greylisting engine other than spamd that supports
TLS and SMTP-AUTH (It would appear that spey and ITEISA can do that)
4) Patch spamd to handle TLS negotiation and SMTP-AUTH for
immediate white listing.
--
Chris Dukes
to see if this allows
you to remain with a default kernel config. Unfortunately, I run
OpenBSD in headless applications so I cannot verify for myself.
Section "Device"
Identifier "my-self-configured-device"
Driver "intel"
Option "DebugFlushCaches" "1"
Option "DRI" "Off"
# Option "AIGLX" "Off"
EndSection
--
Chris Dukes
e of boards (ALIX) or any other equivalent to perform as a
> server on compact flash? (I used to use soekris but not sure I want to
> do down that road again).
If it's a 19 foot rack, I don't think you need anything compact.
Maybe you can find some of the washing machine sized harddrives
for a VAX.
--
Chris Dukes
' made some sense when the disk was mostly full and there was
a huge penalty to keep seeking between data and metadata.
'dd' continues to make sense if you need to make a copy of
everything before attempting to recover data or metadata.
--
Chris Dukes
On Fri, Apr 16, 2010 at 03:26:14PM +0530, Siju George wrote:
> On Thu, Apr 15, 2010 at 10:47 PM, Chris Dukes wrote:
> >
> > Multibooting is having several operating systems on one computer, and some
> > means of selecting which OS is to boot. It is not a trivial ta
phase :-) Ever since I have had need of
> open-platform OS's, OpenBSD's has always been the easiest to get, say,
> a DNS server AND NOTHING ELSE running on whatever hardware I had lying
> around.
Things were slightly different in the days of 386BSD and the pre 1.0
Linux kernels :-).
--
Chris Dukes
n obtaining a Linux.
And it is still the case that for running some software solutions,
it's much easier to get it done on Linux.
Fortunately, frequently the best solution is to not run that software :-).
--
Chris Dukes
fore attempting a multiboot
configuration on a production machine. FAQ 14 has more information about the
OpenBSD boot process.
--
Chris Dukes
the behavior in an unencumbered fashion.
As for the personal attacks, you can print off this email,
fold it until it's all corners, and shove it up your ass.
--
Chris Dukes
On Wed, Apr 14, 2010 at 09:21:53AM -0600, Ted Roby wrote:
> /* umpla...@cc.umanitoba.ca */
http://lmgtfy.com/?q=plawny+umanitoba
I think you'll find a good idea of who to write care of which company.
--
Chris Dukes
sts.
You can also use one IP address to service multiple services that
are actually provided by multiple backend boxes if the load demands
such separation.
--
Chris Dukes
ts.
I do know that the use of var2=`echo $var1 | sed -e 's,^.*/,,`
has a high correlation with gems like
if [ -z $var ]; then ...
--
Chris Dukes
On Thu, Feb 18, 2010 at 07:08:44PM -0600, L. V. Lammert wrote:
> that would be useable for basic sysadmin types (maybe something
> nCurses)?
'crontab -e'
Unless "basic admin" had developed some new meaning of which I am unaware.
--
Chris Dukes
), and that Linux at least once should be mentioned as
> GNU/Linux.(system-tools/Kernel, to pay tribute). This is also met in the
> same way as my BSD arguments. Which I find strange, since my professor has
> developed a bit of stuff for the GNU/Linux platform.
It sounds like you're at a school that should have an adequate MBA program.
>
--
Chris Dukes
ting to ZFS and replacing Perl in base with Java. Good times for
> OpenBSD indeed. Glad to see they are finally making some much needed
> improvements.
Nope, entire kernel in elisp...
(Unix device drivers written in C++ has already been done)
>
--
Chris Dukes
ASSWORD:/' /etc/shadow
Breaks on AIX :-). Breaks with NIS and LDAP as well :-).
I've always had the pipe dream of there being a chpasswd(8)
on *BSD like there is on current AIX and Linux distros.
But usually there isn't that much headache using something like usermod.
>
--
Chris Dukes
ill woefully inadequate if snort, vpn, and DNS are moved
off the firewall?
I ask because running DNS on the firewall has given me the heebie jeebies
for years. And I have dim memories of a few security exploits for snort.
>
--
Chris Dukes
On Tue, Jan 19, 2010 at 07:34:24PM +0100, Stefan Rinkes wrote:
[SNEEP]
Generally the best day to post these announcements is the first day
of the fourth month of the year.
And if you're into product life cycle management, it's a wonderful day
for a product to be out of service...
--
Chris Dukes
On Tue, Jan 12, 2010 at 11:11:54PM -0500, Pascal Lalonde wrote:
[SNEEP]
Err, have you considered looking at relayd for this and
make the decision to punt to the lower powered boxes based off of
check http or check script.
There are plenty of knobs to tweak.
--
Chris Dukes
eful to validating procedures before applied to production
and for working out a load balanced configuration.
--
Chris Dukes
D's protections you'll still get sufficiently maliciously
pwned through several application exploits.
--
Chris Dukes
27; could evolve to a digital "channel
> simulator" or even a "link emulator", similar to 'dummynet' for
> example which was/is used by m0n0wall and pfSense (primarily to
> implement traffic shaping/policing though).
Have you ever looked at
http://vde.sourceforge.net/
?
--
Chris Dukes
a message id, but an exception
doesn't return the message-id for which it was raised.
>
>
>
> --
> Floor Terra
> www: http://brobding.mine.nu/
>
--
Chris Dukes
utable detection and quarantine, and flagging
of nigerian bank scams and such.
I currently use postfix for the MTA, but have also recently configured
other MTAs because they were less of a PITA to configure to different
virtualhost/virtualuser backends for IMAP.
--
Chris Dukes
iderations.
I understand and appreciate your mistrust of running OpenBSD under
a virtual machine emulator.
But there are folks like me that find it useful to be able to
hold a dog and pony show for a network and cluster design on a
laptop rather than an anvil case of laptops, switches, and routers.
--
Chris Dukes
t;
> What is the wisdom of the list on this?
As memory serves I went with Virtual Box directly from Sun's website
when i tracked down the bits to disable in GENERIC to get it to play
nice under KVM.
It works under KVM. I vaguely recall mpbios0 and acpmiadt0 need to be
disabled.
--
Chris Dukes
.
I found the ballpark for the config changes after READING the KVM
mailing lists from around the time 4.5 was released.
I have yet to be bored enough to repeat the excercise with OpenBSD 4.6.
--
Chris Dukes
o use a non-standard port,
have a redirect rule on one of the firewalls that changes the
destination port.
Personally, I'd try and split the internal traffic and external traffic
different machines and if that wasn't possible to different NICs on
different subnets.
>
> Cheers,
> Simon.
>
--
Chris Dukes
> --
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted." -- Gene Spafford
> learn french: http://www.youtube.com/watch?v=30v_g83VHK4
>
--
Chris Dukes
nternal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted." -- Gene Spafford
> learn french: http://www.youtube.com/watch?v=30v_g83VHK4
>
--
Chris Dukes
ronment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted." -- Gene Spafford
"Securing Windows NT: Wire Cutter or Thermite?"
> learn french: http://www.youtube.com/watch?v=30v_g83VHK4
>
--
Chris Dukes
folks were kind enough to document their patches to resolve the
issue.
--
Chris Dukes
The zero stands for usefulness.
>
> On Thu, Aug 20, 2009 at 09:37:48AM -0400, Chris Dukes wrote:
> > On Wed, Aug 19, 2009 at 06:01:57PM -0500, Marco Peereboom wrote:
> > > ZCR is marketing fluff. It ads nothing.
> >
> > The same could be said for most LSI megaRAID pr
in JBOD mode and managed through
raidframe/softraid.
--
Chris Dukes
if you live in one of those parts of the world where you can buy
DVD bootlegs of movies made in the US before they actually appear
in theatres in the US... The people that sell those DVDs are exactly
the people with whom you should open a dialog.
--
Chris Dukes
On Thu, Aug 06, 2009 at 02:20:37PM -0400, PJ wrote:
> Chris Dukes wrote:
> > On Thu, Aug 06, 2009 at 12:54:12PM -0400, PJ wrote:
> > [ A lot of crap snipped ]
> >
> > Phil,
> > You failed to answer the question.
> > "What the hell is your end goal
al
alligators you are wrestling rather than the metaphorical matter you
need to drain the swamp.
--
Chris Dukes
e hosting provider.
Oh, and you might want to strike ptahhotep.com from your .sig, you let
it expire back in June.
--
Chris Dukes
As a result they also involve
cleartext passwords going across the network.
--
Chris Dukes
d future
> problems regarding security.
The two biggest threats to computer security are
1) Users
2) Ignorance
Hopefully this email will start to address #2.
I suggest a wood chipper for addressing #1.
--
Chris Dukes
into extracting that data from
your registration system, and then correlate it against ARP data.
--
Chris Dukes
45 matches
Mail list logo
