Contributed by grey on from the w00t! dept.
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=112558674928977&w=2
Downloads and more may be found from the official site: http://www.openssh.com/
(Comments are closed)
OpenBSD Journal
Contributed by grey on from the w00t! dept.
Downloads and more may be found from the official site: http://www.openssh.com/
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Anonymous Coward (80.90.29.7) on
Comments
By Anonymous Coward (204.209.209.129) on
Richard
Comments
By Anonymous Coward (218.214.194.113) on
I cannot find a serious point amongst the "RFCs" (whatever RFC means in this context - and it's not Really Bloody Clever!) that would have me patching or reconfigging what I do now.
OpenBSD provides tools. Craftsmen use them. Some may choose to toss out various tools or to sharpen them in an unusual way.
Personal choice is not hampered. He can still shoot himself in the foot if he likes or waste bullets on the clouds. So can anybody.
The default settings are good enough for most and hey, if somebody exploits something he wanted changed then he can boast widely.
Meanwhile the real world goes on.
Comments
By Anonymous Coward (195.122.29.101) on
Comments
By Brad (216.138.195.228) brad at comstyle dot com on
By Anonymous Coward (195.224.109.30) on
Comments
By Anonymous Coward (213.118.165.79) on
Comments
By Anonymous Coward (195.224.109.30) on
Comments
By Anonymous Coward (195.122.29.101) on
By tedu (64.173.147.27) on
By Anonymous Coward (128.151.92.148) on
Some of them may be valid points, but as has been mentioned, these are mostly minor stylistic issues.
By Alan Post (204.89.131.79) aisa@cybermesa.com on http://livejournal.com/users/aisa0/
we've had two zlib security problems recently, there might or might not be more of them.
but for ssh, we now have an option to just ignore compression in the most critical part of ssh, during authentication.
with or without recent zlib problems, the openssh team just factored out code from this critical path. so future problems won't be the kind of issue that past problems have been (for zlib+openssh).
this kind of layered thinking about security, exploits, and safety is just amazing. particularly when it is applied to an existing codebase in real-world situations.
kudos.
Comments
By Anonymous Coward (195.122.29.101) on
By Anonymous Coward (64.92.206.84) on
While everybody believes in something, the OpenBSD developers's simple faith in egotism will squeeze every last drop of blood from our overworked, overtaxed bodies. Some would say that this is a platitude. Would that it were! Rather, if you can make any sense out the OpenBSD developers's Maoism-prone paroxysms, then you must have gotten higher marks in school than I did. Be that as it may, I suppose it's predictable, though terribly sad, that foolhardy sluggards with stronger voices than minds would revert to crotchety behavior. But the OpenBSD developers's rapacious methods of interpretation criticize other people's beliefs, fashion sense, and lifestyle. The OpenBSD developers then blames us for that. Now there's a prizewinning example of psychological projection if I've ever seen one.
If the OpenBSD developers wants to be taken seriously, it should counter the arguments in this letter with facts, not illogical panaceas, personal anecdotes, or insults. The OpenBSD developers has recently been going around claiming that there is something intellectually provocative in the tired rehashing of uncompromising stereotypes. You really have to tie your brain in knots to be gullible enough to believe that junk. At first, you might be unsure as to whether all the OpenBSD developers does is complain, complain, complain. But on deeper inspection, you'll indubitably conclude that the OpenBSD developers's vituperations are merely a stalking horse. They mask its secret intention to undermine the basic values of work, responsibility, and family. All of this once again proves the old saying that the OpenBSD developers embraces frotteurism with open arms.
Comments
By Anonymous Coward (213.84.159.249) on
I don't like rants with grammatical errors, as I don't like code with errors. Especially if it is intended. That should say enough. You either are good at coding (or ranting for that matter) or you do something else with your life. Get a life!
By Anonymous Coward (195.224.109.30) on
back at ya buddy :)
By Charles (216.229.170.65) on
Where'd you cut and paste this from? That sounds suspiciously like some 1950's anti-communist rant, but I can't quite put my finger on the source. The grammer indicates you cut-and-pasted "OpenBSD developers" in for some other phrase like "communist philosophy". "Developers" is plural, but you consistantly follow it with singular verb forms.
The style is also reminiscent of late 19th Century pamphleteers, who just adored making their tracts look intelligent by overusing a thesaurus but not following the basics of grammar and style. There are a lot of big words, but no point is ever actually made.
Just curious.
Comments
By Anonymous Coward (213.118.165.79) on
Of course you'll get a different text from it, but some sentences reappear.
So all in all it is just a cheap troll ;-)
Comments
By Anonymous Coward (69.70.207.240) on
By Anonymous Coward (70.66.3.210) on
By sng (12.18.141.172) on
By Clay Dowling (12.37.120.99) clay@lazarusid.com on http://www.ceamus.com
Would the decent humanitarian thing to do be to track down that IP address and send the boys in white coats for our friend, until he gets back to something like balance?
By tedu (64.173.147.27) on
Couldn't you figure that out for yourself, cheap troll? In a recent essay, cheap troll stated that "the norm" shouldn't have to worry about how the exceptions feel. Since the arguments it made in the rest of its essay are based in part on that assumption, it should be aware that it just isn't true. Not only that, but its true goal is to mold the mind of virtually every citizen -- young or old, rich or poor, simple or sophisticated. All the statements that its secret police make to justify or downplay that goal are only apologetics; they do nothing to do what comes naturally. Cheap troll is entirely gung-ho about mercantalism because it lacks more pressing soapbox issues. Unless we increase awareness and understanding of our similarities and differences, our whole social structure will gradually disintegrate and crumble into ruins. Let me try to put this in perspective: If I seem a bit cold-blooded, it's only because I'm trying to communicate with cheap troll on its own level. Cheap troll is like a magician who produces a dove in one hand, while the other hand is busy trying to consign most of us to the role of its servants or slaves.
Cheap troll has a strategy. Its strategy is to make our lives an endless treadmill of government interferences while providing few real benefits to our health and happiness. Wherever you encounter that strategy, you are dealing with cheap troll. Finally, any mistakes in this letter are strictly my fault. But if you find any factual error or have more updated information on the subject of cheap troll, cheap troll-inspired versions of sensationalism, etc., please tell me, so I can write an even stronger letter next time.
By Anonymous Coward (128.151.92.148) on
By Biff (67.165.214.212) on
For me, my standard method is to use pf to allow ssh connections from addresses or networks I know I'm going to be at (work, family, etc). But I have to advise people with student systems that allow ssh from the Internet at large. What is the best way today, and is their thought to an IP address lockout ot tarpit for repeat connections that are guessing passwords?
Comments
By m0rf (68.104.17.51) on
pass in on $ext_if proto tcp to $ext_if port ssh flags S/SA \
keep state (max-src-conn-rate 10/60, overload <scanners>)
block in on $ext_if proto tcp from <scanners> to $ext_if port ssh
changing your rate as need be.
was added in 3.7.
Comments
By m0rf (68.104.17.51) on