a) you're wrong
b) you don't know what problem he is trying to solve.
On Tue, May 14, 2013 at 5:28 AM, Salim Shaw wrote:
> OpenBSD is a server/router/network service OS, it's not designed for
> desktops. OpenBSD is the pre-eminent platform for Firewalling, IPsec, IPv6.
> Trying to shove OpenBSD
On Thu, Mar 14, 2013 at 10:22 PM, Jiri B wrote:
> I'm aware of both. So what is this renaming of ifaces good
> for?
On Windows it has it's advantages because by default you get stupid and
unhelpful names like "Local Area Connection X".
It's pretty nice to be able to rename it to something usefu
On Sat, Feb 16, 2013 at 10:41 AM, Fil DiNoto wrote:
> with something vaguely familiar to what they would encounter in the
> other equipment like cisco or juniper they would be far less likely to
> make a mistake that would result in an outage or security problem. So
> as superficial as this might
ntpd and sshd are only running if you enabled them when installing. For the
rest, just turn off inetd.
Why are they enabled by default? Search the mailing lists, it has been
asked and answered before.
Lars
Oh, you mean the space thing. Well, it probably doesn't but I Have never
needed that.
---
Lars
On Wed, Jan 2, 2013 at 6:50 PM, Lars Hansson wrote:
> In-tree dhcp most certainly support options because I am using them:
> option autoproxy-script "http://1.2.3.4/wpad.dat"
In-tree dhcp most certainly support options because I am using them:
option autoproxy-script "http://1.2.3.4/wpad.dat";;
Cheers,
Lars
On Mon, Dec 31, 2012 at 11:19 PM, Chris Smith wrote:
> Maybe it's a problem due to Unbound being a package and not part of
> the core system, but a normal config
On Sat, Jul 21, 2012 at 1:29 AM, Alessandro Baggi
wrote:
> Disabling mpbios see only one core and not smp.
I think that's the expected behavior if you disable mpbios. OpenBSD
runs great on a single core
in KVM anyway so why bother with SMP?
Cheers,
Lars
On Thu, Jun 28, 2012 at 6:40 AM, Nick Holland
wrote:
> Other than "boring", no one has actually STATED a problem of the OpenBSD
> website.
That's because there is no problem with it. Sure, it doesn't look like
the latest
whizz-bang sites (I have nothing against such sites, btw) but neither does i
On Fri, Jun 29, 2012 at 7:20 PM, Eric Furman wrote:
> I beg all true @misc followers
> Search the archives for this shit eating moron's posts.
Funny, the only ones showing up when I search for useless posts are yours.
Cheers,
Lars
Hmm..I get "This post could not be found."
Cheers,
Lars
On Sat, Jun 9, 2012 at 1:55 AM, Chris Smith wrote:
> ... if you really want a firewall you need pfSense.
>
> Also if you " walk into any security experts convention and claim that
> raw OpenBSD is "a firewall", you will get laughed out of
On Thu, May 10, 2012 at 12:32 AM, Weldon Goree wrote:
> Right... because AutoSFTP and AutoSSH do not allow an administrator to
> tamper with *them* at all?
I guess it's because they have "Anti-Trojan" capabilities so
presumably the binaries will detect if they have been tampered with.
Of course,
On Thu, Apr 26, 2012 at 8:50 PM, Lars Hansson wrote:
> On Thu, Apr 26, 2012 at 8:43 PM, Mihai Popescu wrote:
>> This is interesting too (first paragraph), from the Ion author:
>> http://tuomov.iki.fi/software
>
> Guess why Ion3 isn't in ports anymore.
Or more correct
On Thu, Apr 26, 2012 at 8:43 PM, Mihai Popescu wrote:
> This is interesting too (first paragraph), from the Ion author:
> http://tuomov.iki.fi/software
Guess why Ion3 isn't in ports anymore.
---
Lars
Disable mpbios.
Cheers,
Lars
On Mon, Mar 19, 2012 at 5:50 AM, Stuart Henderson wrote:
> No idea how well OpenBSD does in xen.
Last time I tried OpenBSd in Xen ~2 years it worked like crap.
Couldn't get networking
to work at all and it was slow as a dog.
Cheers,
Lars
On Fri, Mar 9, 2012 at 8:33 PM, Dmitrij D. Czarkoff wrote:
> So you state that the fact that "if one chooses to use the whole disk,
> the whole disk is used" needs further documentation?
Well, since this is the one of the few (only?) destructive actions the
installer takes
I can certainly see why
On Fri, Mar 9, 2012 at 3:28 PM, Fredrik Staxeng wrote:
> Do you want users at all? Or was Linus right?
Yes.
I dunno, I usually ignore his fire-brand rants.
---
Lars
On Wed, Feb 29, 2012 at 10:44 AM, Nathan Stiles wrote:
> Also I've noticed that HTTPS isn't implemented on openbsd.org.
Why would it be? There is no user login or accout information
exchanged with openbsd.org.
Are you worrying that someone would, almost magically, insert
malicious code in the ISO
On Sun, Jan 22, 2012 at 3:35 AM, Anonymous wrote:
> I asked this before but I guess you didn't see it. So if you contribute
> "much more code to OpenBSD" than someone else do you automatically get
> license to insult people and post 100% noise as some kind of reward?
Since you're such an incredib
> I notice you spend much more time scolding people than actually saying>
> anything worthwhile. You should work on yourself and find out why that> is.
> Perhaps you could benefit from some anger management training?
I notice that Henning is contributing much more code to OpenBSD than
you ever ha
> - how would you compare with facts and not flamewars OpenOSPFd against
> Quagga or BIRD implementations?
This is not technical but...the openbsd ospfd tools does not pretend
to be Cisco and does not mimic the god-awful IOS cli and config
format.
Personally that is something I really, really lik
Uhm...ok, never mind. I'm an idiot. it does work. Sorry for that unneeded noise.
Cheers,
Lars
I run a number of 4.9 i386 boxes that functions as routers and are
logging to memory buffers.
Today I noticed that if I sighup the syslogd process the memory
buffers are no longer being logged to.
Below is the output from "syslogd -d" and I'm guessing the problem has
something to do with the "Membu
On Wed, Nov 23, 2011 at 3:14 AM, patrick keshishian wrote:
> Unless I'm misreading you, what you say doesn't make much sense.
It makes perfect sense and is in fact also the recommended way to run BIND.
> The setup you suggest is more involved. Two servers: one resolving,
> and the other dealing
On Sat, Nov 12, 2011 at 4:57 AM, Amit Kulkarni wrote:
> Antoine,
> does this mean that we have to search for a way to disable automatic
> indexing of files which KDE does? that's a daemon/service started by
> KDE by default.
Nepomuk is started by KDE itself on log in and is not a system daemon.
B
Yeah, my bad too. Shouldn't have replied.
---
Lars
http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
http://www.trollaxor.com/2010/06/why-i-almost-gave-openbsd-10-didnt.html
http://www.trollaxor.com/2011/10/why-i-uninstalled-openbsd.html
So pray tell, when DID you leave, really?
Cheers,
Lars Hansosn
Since you didn't specify exactly what problem you have it's a bit
difficult to help. Still, it seems it's a KVM virtual server and
OpenBSD works just fine with KVM. The only thing I can think of that
would cause a problem is if you didn't disable mpbios.
Cheers,
Lars
and openbsd-misc isn't free tech support.
---
Lars Hansson
On Wed, Aug 31, 2011 at 2:59 AM, Anonymous Remailer (austria)
wrote:
>> Call IBM support. You will have 10 technicians onsite in a week.
>
> And 10 invoices in tomorrow's mail.
If you want a comparison, I have run a small OpenBSD router under KVM
and it easily sustained 80Mbps. It was connected to a FastEthernet
switch so it couldnt actually go much higher. This was using the
emulated e1000 KVM device and OpenBSD 4.9 release with mpbios & iic
disabled (disabling iic remov
If you're running under KVM then ACPI shutdown will not work unless
you disable mpbios. I always disable it with KVM since I don't
allocate more than one CPU to a VM anyway. I haven't noticed any
performance problems or other issues with it disabled.
Cheers,
Lars Hansson
Use config:
[nembus]$ config -e -f /bsd
OpenBSD 4.9 (GENERIC) #671: Wed Mar 2 07:09:00 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
Enter 'help' for information
ukc> find mpbios
352 mpbios0 at bios0 disable flags 0x0
ukc>
Cheers,
Lars Hansson
option mitel.l2p06;
option mitel.dscp 46;
The Mitel phones complain that option 128 is missing (I take this to
mean that it have the wrong format or type since it's obviously there)
and goes no further.
I'm hoping it's just a matter of figuring out how to use the options
and format them correctly.
Cheers,
Lars Hansson
the PC, gets the RAM, reads ya SSH key and turns the PC on again
> (just in case you might used it before this brave student..)...
>
> You could do this in like 10minutes (max!).
10 minutes is a lot longer than "seconds or even minutes".
---
Lars Hansson
ight? Right... :)
I guess he's just too busy actually writing code. You know,
contributing to the project in a constructive and meaningful way.
---
Lars Hansson
On Feb 6, 2008 4:45 PM, Lars Noodin <[EMAIL PROTECTED]> wrote:
> You've provided that data point yourself: MS Windows.
Since when is misc@ a Linux-esque anti-MS list?
---
Lars Hansson
WAY past
the point where that mattered.
For everyones sanity just leave it alone.
---
Lars Hansson
On Jan 5, 2008 1:54 PM, Richard Stallman <[EMAIL PROTECTED]> wrote:
> The "wget" he uses is worse.
> You can download any non-free software with it and it does not warn
> the user at all!!!
>
> I don't object to general-purpose tools just for being general.
OpenBSD is a general-purpose
Windows
> workstations (It may not be the very same words, but the intent is the
> same).
Luckily for Linux RMS doesn't have a say in who works on the kernel. If he
had I guess Linux would now have been what GNU HURD is: unknown and
irrelevant.
---
Lars Hansson
ake you ethical?
Most OSS, for example, can be, and is, used by governments to oppress
the people. Does that make working on OSS unethical?
---
Lars Hansson
On Jan 3, 2008 6:33 PM, Michael Dexter <[EMAIL PROTECTED]> wrote:
> Can someone tell me what marketing speak to look for to determine if a
> motherboard supports > hw.setperf and "apmd -C/A" CPU speed regulation?
IIRC for Intel it's SpeedStep and for AMD PowerNow/Cool' n'Quiet.
---
Lars Hansson
On 12/17/07, David H. Lynch Jr. <[EMAIL PROTECTED]> wrote:
> Yet you are seeking to deny the same freedom to Richard and everyone
> else that disagrees.
No-one is trying to deny RMS the freedom to say and think whatever the
hell he wants, no matter how wacky.
---
Lars Hansson
hard has offered you the oportunity to aquire his endorsement.
Are we supposed to feel special?
> If that does not matter then shut this thread down, because it is
> pointless.
It was pointless from the start.
---
Lars Hansson
Can we please stop this thread now because it is
really not interesting at all.
---
Lars Hansson
's problem that some companies implement pointless
"security" policies.
---
Lars Hansson
No. OpenBSD doesn't sign code.
---
Lars Hansson
is (a license). I think he just might accept us
> to licence it.
Yes, the discussion is in the archives and no he didnt. qmail had a
weird license.
---
Lars Hansson
On Nov 19, 2007 1:51 PM, Clint Pachl <[EMAIL PROTECTED]> wrote:
> Does it even matter?
If you want to connect to networks that are using WEP, yes.
---
Lars Hansson
On Nov 17, 2007 8:35 AM, David Higgs <[EMAIL PROTECTED]> wrote:
> I combined authpf with OpenVPN, using some big hints from some easily
> google-able places. Even though WEP and WPA aren't supported by
> OpenBSD,
OpenBSD supports WEP.
---
Lars Hansson
just installed without any problems.
Yes.
---
Lars Hansson
it would also be useful to allow users to mount
> directories not owned by them. As it stands if you want to allow a
> user to mount a cdrom drive, they each need thier own mount directory.
Right, so just mount them somewhere under your home directory. I dont
hink this is a problem in most cases.
---
Lars Hansson
27;s. It does'nt even apply
to non-VM situations since it solves a problem that only exists in
virtualization.
> As pointed out previously, the discussion was originally about the benefits
> of separate application domains within an enterprise.
I'm sure there are benefits for certain situations.
---
Lars Hansson
On 10/25/07, Edd Barrett <[EMAIL PROTECTED]> wrote:
> The workaround is to do something like this, with a shorter filename
or make sure you have a long filename in the root directory of the
partition or mount with -l.
---
Lars Hansson
other.
> Nobpdy has to write any code to understand that - the secuity benefits
> are ovbious to everyone from the PHBs to the admins.
Actually they aren't. What are the "obvious" security benefits? I'm
not saying there aren't benefits, just that I can't see any obvious
security benefits.
---
Lars Hansson
ox.
Or perhaps future (bette) virtualizations won't require special OS
support. Xen is not a be-all-end-all.
---
Lars Hansson
ny queue adsl_client2_up
> pass in on $client_if from any to $adsl_client2_net queue adsl_client2_dn
Since you keep state (the default) you want to assign on the external
interface too, otherwise connections initiated from the "outside"
won't be assigned the correct queue.
---
Lars Hansson
her and hope they actually do.
It's amazing that in 2007 there are still so many mail operators and
relay-check sites that doesn't have a clue.
---
Lars Hansson
ys for the digitally signed distributions?
---
Lars Hansson
On 9/20/07, The One <[EMAIL PROTECTED]> wrote:
> Sorry but I am just disagreed with Theo saying that OS X is buggy and
> insecure.
Who gives a shit? This tread is more then FIVE months old and didnt
even belong here in the first place. Just stop.
---
Lars Hansson
On 9/19/07, Lars Noodin <[EMAIL PROTECTED]> wrote:
> By what method is shutdown then forced to wait until said processes have
> cleaned up?
None. rc.shutdown is for those processes with slow/important shutdown
that needs waiting for.
---
Lars Hansson
sy if they're not.
---
Lars Hansson
install something like freedt or runit from ports to
get those features.
---
Lars Hansson
Welcome to a really long time ago.
---
Lars Hansson
ken
> away. Is this a correct inference?
I don't think think running Linux is a basic human right.
---
Lars Hansson
with a pf table and with a small program that polls your
dns caches and remove/add entries to the table. Agreed, it would be
very nice if hoststated supported DNS but currently it doesn't. It
does supported scripted checks though so that may also be an option.
---
Lars Hansson
On 8/28/07, Die Gestalt <[EMAIL PROTECTED]> wrote:
> Why doesn't he run the monitoring software in a virtual machine?
Because it would violate his parole? Who cares anyway?
If you can't do the time don't do the crime.
---
Lars Hansson
can set xterm to always use a
login shell, for example, but that does not affect your DE/WM, only
xterm.
It's not hard to create, say, /etc/xprofile and just source that from
Xsession though.
---
Lars Hansson
.profile is processed after /etc/profile. Variables
set in /etc/profile can be overridden by the user in .profile so
setting the global defaults in /etc/profile works fine.
---
Lars Hansson
re using xdm things are different though. The Xsession script
does not source any global files so you'll have to modify it to source
/etc/profile.
---
Lars Hansson
ender bounces on it
in which case it's pretty rude to be so completely in violation of
standards and best practices.
Lars Hansson
ature that can help a lot.
Help a lot with what?
---
Lars Hansson
Joco Salvatti wrote:
MAC is much more sophiscitated that DAC. Thus I would like to know
from you why OpenBSD does not implement this type of mechanism.
More sophisticated != better.
The longer answer is in the archives.
---
Lars Hansson
Here's a patch to fix it:
--- /etc/netstart.orig Tue Jun 19 11:12:42 2007
+++ /etc/netstart Tue Jun 19 11:49:36 2007
@@ -195,6 +195,23 @@
done < /etc/bridgename.$1
}
+ip6start() {
+ if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then
+ fw=`sysctl -n net.in
I ran into something a bit odd today.
If I put "rtsol" in my /etc/hostname.ural0 file I get the expected "IPv6
autoconf: ural0" during boot BUT if I do "sh /etc/netstart ural0" rtsol
is not run. Is this the intended behaviour?
I'm running current.
---
Lars Hansson
Linden Varley wrote:
Anyone know of any load balancing software for OpenBSD that can do
direct-server return? (our load balancers (openbsd boxes) are co-located
and we pay for all data bandwidth).
hoststated?
---
Lars Hansson
nBSD.
I hope OpenBSD doesn't slowly go GNU/Linux in the spaghetti sense.
This is exactly what is avoided by not also having a standalone port of
expat.
---
Lars Hansson
Praveen wrote:
From the man page it appears that spamd relies on
static information about spam originators.
greylisting is pretty dynamic.
---
Lars Hansson
currently works in the IT industry. The majority of the people with
certification got it by going to a boot camp or buying one of them
examcram books thus end up with a certificate yet knowing nothing of value.
---
Lars Hansson
s you should just get/use
a free email account that you can control.
But, I'm glad that you appreciate what the lawyers and IS have come up
with.
Perhaps if they had actually used their brains they wouldn't have
implemented it in the first place.
----
Lars Hansson
Chris S wrote:
It might really be Ubuntu's modified version that is to blame... for
instance, the standard menu.lst features a "quiet" command that is
listed nowhere in the official GRUB documentation, AFAIR.
I use Ubuntu's GRUB and I dont have this problem.
---
Lars Hansson
years ago?) you have way more pain
coming your way then making routed work.
---
Lars Hansson
Open Phugu wrote:
From a project that has always placed security before
everything, I do not understand the motivation behind not using a secure
algorithm such as SHA-256 or SHA-512.
Maybe they just understand the security implications better than you do.
---
Lars Hansson
Benoit Myard wrote:
By the way, is anyone aware of the reason why this option is not
present in OpenBSD's mount [2] (technical, security) ?
man sysctl, man mount. Look for usermount.
No idea if that works for NFS though.
---
Lars Hansson
Kian Mohageri wrote:
I could argue either way, but my preference is 'block drop' most of the
time.
Hopefully "most of the time" does not include ICMP.
---
Lars Hansson
ect to download anything before then.
and all you others: so is it not a punishment that you
have the cds and still can't use them? hypocrites, all of you!
Yeah, getting the CD's ahead of the official release date sure is a
heavy punishment. Seriously, how hard is this to understand?
---
Lars Hansson
4 hereof."
It's questionable if that is a legal limitation. It's like Ford would
sell you a car but you could only drive to places Ford had approved of.
Just because it's in a license doesn't mean it's legally valid.
---
Lars Hansson
reen corruption happening when you switch
between X and the character terminal then I have too had that a few
times since the switch to xenocara.
---
Lars Hansson
OpenBSD 4.1-current (GENERIC.ACPI) #4: Wed Apr 11 17:10:58 PHT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.ACP
Paolo Supino wrote:
I appriciate your straight and forward replies :-) but the world isn't
black and white and sometime you have to create work arounds to overcome
other people's crap (well most of the time).
No, in this case it is black and white. There is NO WAY to reliably fix
this probl
man page doesnt mention anything about using backticks.
---
Lars Hansson
chefren wrote:
Clearly not to death and people here are seriously interested in pro and
contra arguments.
People are interested in discussing a lot things but that doesn't mean
those discussions belong on [EMAIL PROTECTED]
---
Lars Hansson
Tobias Weisserth wrote:
Who the hell do you think you are that you can impose a definition of
free on me?
I dunno, who does RMS think he is imposing his definition of free on me?
---
Lars Hansson
ke a right, doesn't it?
Don't bother responding, I'm gone. Have fun with your Broadcom chips
No thanks, I don't buy from moronic companies.
---
Lars Hansson
mail-lists wrote:
This would be great. However, I've yet to find an IPsec client that's
'easy' to set up.. ie. an end user can do it. Perhaps you know of a good
way to solve this issue? I'd love to hear it!
TheGreenbow.
---
Lars Hansson
Joachim Schipper wrote:
All in all, I might choose OpenVPN if it involved end users (lots of
NAT, Windows, and other crappy stuff),
OpenVPN isn't exactly awesome on Windows.
---
Lars Hansson
Jeremy Huiskamp wrote:
I'd like to hear an actual developer position on that statement.
Check the archives for Reyk's comments on WPA. It will be in OpenBSD one
day because, secure or not, it is gaining traction and is/will be
required by many AP's (especially "enterpris
those WEP and WPA
are the only ways to secure your all your wireless traffic.
---
Lars Hansson
Maxime DERCHE wrote:
IMHO you should think to configure your AP to provide a WAP-based
encryption...
WAP-based encryption? Do you mean WPA?
---
Lars Hansson
port 10023 too?
While comparing Apples and Oranges is fun it's not accurate.
---
Lars Hansson
d doesn't?
Sure, it's not much but it does keep the average joe out. If you are
aware of WEP's weaknesses there's nothing wrong with using it.
---
Lars Hansson
nsion/plugin (or
whatever the heck net-snmp call it).
---
Lars Hansson
1 - 100 of 360 matches
Mail list logo
