From owner-freebsd-advocacy Mon Feb 5 5:58:23 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 8086E37B503; Mon, 5 Feb 2001 05:58:02 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id GAA13374; Mon, 5 Feb 2001 06:57:54 -0700 (MST) Message-Id: <4.3.2.7.2.20010205065652.04d81b40@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 05 Feb 2001 06:57:46 -0700 To: Siobhan Patricia Lynch From: Brett Glass Subject: Re: NEABUG Cc: freebsd-advocacy@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Just went to that URL, and all I saw was the Apache test page.... --Brett At 07:52 PM 12/7/2000, Siobhan Patricia Lynch wrote: >ok, the website is now up at http://neabug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Mon Feb 5 5:59:45 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from superconductor.rush.net (superconductor.rush.net [208.9.155.8]) by hub.freebsd.org (Postfix) with ESMTP id 8920D37B491; Mon, 5 Feb 2001 05:59:25 -0800 (PST) Received: from localhost (trish@localhost) by superconductor.rush.net (8.9.3/8.9.3) with ESMTP id IAA14505; Mon, 5 Feb 2001 08:58:40 -0500 (EST) Date: Mon, 5 Feb 2001 08:58:40 -0500 (EST) From: Trish X-Sender: trish@superconductor.rush.net To: Brett Glass Cc: freebsd-advocacy@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: NEABUG In-Reply-To: <4.3.2.7.2.20010205065652.04d81b40@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG yeah working on the site, hope to have it up soon again... On Mon, 5 Feb 2001, Brett Glass wrote: > Just went to that URL, and all I saw was the Apache test page.... > > --Brett > > At 07:52 PM 12/7/2000, Siobhan Patricia Lynch wrote: > > >ok, the website is now up at http://neabug.org > __ Trish Lynch FreeBSD - The Power to Serve trish@bsdunix.net Rush Networking trish@rush.net VA Linux Systems trish@valinux.com O|S|D|N trish@osdn.com New England Area BSD Users Group trish@neabug.org --- "Why, do you like playing around with My, narrow scope of reality? I can feeling it all slipping, I think I'm breaking down." -Disturbed, Stupify To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Mon Feb 5 6:56:16 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from peorth.iteration.net (peorth.iteration.net [208.190.180.178]) by hub.freebsd.org (Postfix) with ESMTP id 90EC137B491 for ; Mon, 5 Feb 2001 06:55:59 -0800 (PST) Received: by peorth.iteration.net (Postfix, from userid 1001) id 424275760F; Mon, 5 Feb 2001 08:56:28 -0600 (CST) Date: Mon, 5 Feb 2001 08:56:28 -0600 From: "Michael C . Wu" To: freebsd-advocacy@freebsd.org Subject: non-biased presentation of data Message-ID: <20010205085628.A97280@peorth.iteration.net> Reply-To: "Michael C . Wu" Mail-Followup-To: "Michael C . Wu" , freebsd-advocacy@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-PGP-Fingerprint: 5025 F691 F943 8128 48A8 5025 77CE 29C5 8FA1 2E20 X-PGP-Key-ID: 0x8FA12E20 Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG http://vip.hpnc.com/~cbbrowne/linuxkernel.html Q: OK, so what can I do, I'm stuck with 32-bit box? A: use 2.4 or 2.2 with LFS patches or FreeBSD. All of them will handle more than 2Gb on ext2. -- +------------------------------------------------------------------+ | keichii@peorth.iteration.net | keichii@bsdconspiracy.net | | http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. | +------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Mon Feb 5 7:12:52 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from sol.cc.u-szeged.hu (sol.cc.u-szeged.hu [160.114.8.24]) by hub.freebsd.org (Postfix) with ESMTP id 11FD737B4EC for ; Mon, 5 Feb 2001 07:12:34 -0800 (PST) Received: from petra.hos.u-szeged.hu by sol.cc.u-szeged.hu (8.9.3+Sun/SMI-SVR4) id QAA14571; Mon, 5 Feb 2001 16:12:32 +0100 (MET) Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian)) id 14PnJf-0006NJ-00 for ; Mon, 05 Feb 2001 16:12:31 +0100 Date: Mon, 5 Feb 2001 16:12:31 +0100 From: Szilveszter Adam To: freebsd-advocacy@freebsd.org Subject: Re: non-biased presentation of data Message-ID: <20010205161231.O12103@petra.hos.u-szeged.hu> Mail-Followup-To: Szilveszter Adam , freebsd-advocacy@freebsd.org References: <20010205085628.A97280@peorth.iteration.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010205085628.A97280@peorth.iteration.net>; from keichii@iteration.net on Mon, Feb 05, 2001 at 08:56:28AM -0600 Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Feb 05, 2001 at 08:56:28AM -0600, Michael C . Wu wrote: > > http://vip.hpnc.com/~cbbrowne/linuxkernel.html > > Q: OK, so what can I do, I'm stuck with 32-bit box? > > > A: use 2.4 or 2.2 with LFS patches or FreeBSD. > All of them will handle more than 2Gb on ext2. Except that we don't use ext2 much, if at all. Also, we know that NetBSD, OpenBSD can do this as well. Other than that, good to see this:-) (Although the page seems rather unorganized to me:-) -- Regards: Szilveszter ADAM Szeged University Szeged Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Mon Feb 5 9:10:41 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from saffron.via-net-works.ie (saffron.via-net-works.ie [212.17.32.24]) by hub.freebsd.org (Postfix) with ESMTP id DD6D137B503 for ; Mon, 5 Feb 2001 09:10:23 -0800 (PST) Received: from mushroom.dialups.via-net-works.ie ([212.17.34.149] helo=cooperationireland.org) by saffron.via-net-works.ie with esmtp (Exim 3.20 #1) id 14Pp4m-0005AW-00 for advocacy@freebsd.org; Mon, 05 Feb 2001 17:05:16 +0000 Received: from it1 (it1 [199.107.2.129]) by cooperationireland.org (8.11.1/8.11.1) with SMTP id f15H9hR06065 for ; Mon, 5 Feb 2001 17:09:44 GMT (envelope-from relyod@cooperationireland.org) Message-Id: <3.0.5.32.20010205171028.00833690@199.107.2.1> X-Sender: relyod@199.107.2.1 X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Mon, 05 Feb 2001 17:10:28 +0000 To: advocacy@freebsd.org From: Mike Doyle Subject: Good "advocacy" article in this weeks BYTE Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG There's a nice article (favourably) comparing FreeBSD 4.1.1 to Linux 2.4 (didn't say which distro) in this week's BYTE. The article is in the weekly "Serving with Linux" column by Moshe Bar, the journalist who is paid to write about Linux. However the conclusion at the end of the article states: Linux 2.4.0 is available for no money. So is FreeBSD. Linux uses advanced hardware, so does FreeBSD. FreeBSD is more stable and faster than Linux, in my opinion. We penguinistas sometimes believe we are having more fun than anybody. But then I lean over the fence and discover the FreeBSD folks are having a hell of a party, too. And their OS is as fast as I have seen. I have to ask myself why I don't just switch my server to FreeBSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Mon Feb 5 9:47:17 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from peorth.iteration.net (peorth.iteration.net [208.190.180.178]) by hub.freebsd.org (Postfix) with ESMTP id 5DBBE37B4EC for ; Mon, 5 Feb 2001 09:47:00 -0800 (PST) Received: by peorth.iteration.net (Postfix, from userid 1001) id 0F79857611; Mon, 5 Feb 2001 11:47:30 -0600 (CST) Date: Mon, 5 Feb 2001 11:47:29 -0600 From: "Michael C . Wu" To: Mike Doyle Cc: advocacy@freebsd.org Subject: Re: Good "advocacy" article in this weeks BYTE Message-ID: <20010205114729.B98288@peorth.iteration.net> Reply-To: "Michael C . Wu" References: <3.0.5.32.20010205171028.00833690@199.107.2.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3.0.5.32.20010205171028.00833690@199.107.2.1>; from relyod@cooperationireland.org on Mon, Feb 05, 2001 at 05:10:28PM +0000 X-PGP-Fingerprint: 5025 F691 F943 8128 48A8 5025 77CE 29C5 8FA1 2E20 X-PGP-Key-ID: 0x8FA12E20 Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Feb 05, 2001 at 05:10:28PM +0000, Mike Doyle scribbled: | There's a nice article (favourably) comparing FreeBSD 4.1.1 to | Linux 2.4 (didn't say which distro) in this week's BYTE. For interested parties: The url is at http://www.byte.com/column/BYT20010130S0010 -- +------------------------------------------------------------------+ | keichii@peorth.iteration.net | keichii@bsdconspiracy.net | | http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. | +------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Mon Feb 5 16:13:14 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from sanson.reyes.somos.net (freyes.static.inch.com [216.223.199.224]) by hub.freebsd.org (Postfix) with ESMTP id 8E22737B491 for ; Mon, 5 Feb 2001 16:12:56 -0800 (PST) Received: from zoraida.reyes.somos.net (zoraida.reyes.somos.net [10.0.0.15]) by sanson.reyes.somos.net (8.9.3/8.9.3) with ESMTP id TAA74005; Mon, 5 Feb 2001 19:10:10 -0500 (EST) (envelope-from fran@reyes.somos.net) Date: Mon, 5 Feb 2001 19:17:30 -0500 (EST) From: Francisco Reyes To: Mike Doyle Cc: Subject: Re: Good "advocacy" article in this weeks BYTE In-Reply-To: <3.0.5.32.20010205171028.00833690@199.107.2.1> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > The article is in the weekly "Serving with Linux" column by > Moshe Bar, the journalist who is paid to write about Linux. Nice article. In particular I like how stablishes up fron that he didn't do extensive testing and that this was just sort of a test he did for himself. I like how he ends the article kind of possing the question "If FreeBSD better then why am I not using it".. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Thu Feb 8 12:16:40 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from smtp.interlog.com (bretweir.total.net [154.11.89.176]) by hub.freebsd.org (Postfix) with SMTP id 54AD037B6C5 for ; Thu, 8 Feb 2001 12:16:19 -0800 (PST) Received: (qmail 24425 invoked from network); 8 Feb 2001 20:16:17 -0000 Received: from unknown (HELO vws3.interlog.com) (207.34.202.29) by bretweir.total.net with SMTP; 8 Feb 2001 20:16:17 -0000 Received: by vws3.interlog.com (8.9.0/8.9.0) id PAA29933; Thu, 8 Feb 2001 15:16:17 -0500 (EST) Date: Thu, 8 Feb 2001 15:16:17 -0500 (EST) Message-Id: <200102082016.PAA29933@vws3.interlog.com> To: freebsd-advocacy@freebsd.org From: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ============================================================================= FreeBSD-SA-01:INSERT_NUMBER_HERE Security Advisory FreeBSD, Inc. Topic: FreeBSD on record to set most advisory releases for year 2001 Category: All Announced: 2001-02-07 Credits: sil@loopback.antioffline.com http://www.antioffline.com Vendor status: Developers sleeping right now FreeBSD only: Yes I. Background FreeBSD is the most robust chopperating sysdumb in the world and we mean it. Our TCP stack will kick your TCP stacks hynee. Currently we are releasing an advisory every 1.95 days which means we are bound to surpass Microsoft. II. Problem Description We normally do not assess security when creating the ports distribution often allowing anyone to build any program we decide to run in the ports directory. Recently we have noticed that we can no longer fool users into thinking because we provide checksumming for the programs, that they will be secure. Unlinke other operating systems and the developers of them who audit their ports, we feel it is not our problem if someone accessess your system because we're too lazy to do things right the first time. III. Impact Obviously anyone can end up control your machine or worse. IV. Workaround We will not be mentioning the ultra secure OpenBSD operating system since we feel it is not our problem and does not help to promote a better OS than our own. V. Solution One of the following: 1) Rub a magic lamp and wait for the security genie to fix it. 2) Download NSA Linux so you too can have miniscule backdoors in it which you won't see. 3) Pray to the hacker god Kevin Mitnick for assistance. 4) Install a more secure O(penBSD)S NOTE: FreeBSD developers are now red faced VI. Shouts Hard Lee Strange Mike Hunt Ivana Swallows Mike Hock Dick Famous Kathie Lee Gifford To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Thu Feb 8 17: 1:34 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from smtp02.primenet.com (smtp02.primenet.com [206.165.6.132]) by hub.freebsd.org (Postfix) with ESMTP id 5AE4C37B67D; Thu, 8 Feb 2001 17:01:14 -0800 (PST) Received: (from daemon@localhost) by smtp02.primenet.com (8.9.3/8.9.3) id RAA19165; Thu, 8 Feb 2001 17:55:16 -0700 (MST) Received: from usr08.primenet.com(206.165.6.208) via SMTP by smtp02.primenet.com, id smtpdAAA.Ha4tL; Thu Feb 8 17:55:05 2001 Received: (from tlambert@localhost) by usr08.primenet.com (8.8.5/8.8.5) id SAA29682; Thu, 8 Feb 2001 18:01:00 -0700 (MST) From: Terry Lambert Message-Id: <200102090101.SAA29682@usr08.primenet.com> Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE To: security-advisories@FreeBSD.ORG (FreeBSD Security Advisories) Date: Fri, 9 Feb 2001 01:00:59 +0000 (GMT) Cc: freebsd-advocacy@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG In-Reply-To: <200102082016.PAA29933@vws3.interlog.com> from "FreeBSD Security Advisories" at Feb 08, 2001 03:16:17 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Topic: FreeBSD on record to set most advisory releases for > year 2001 Heh. But obviously someone is out to challenge them for the record, issuing these ones, since they weren't issued by FreeBSD. [ ... ] > We will not be mentioning the ultra secure OpenBSD operating system > since we feel it is not our problem and does not help to promote a > better OS than our own. The interesting problem here is that OpenBSD is vulnerable to hardware limitation based attacks at boot time. They themselves draw the line at auditing the hardware and firmware of every motherboard out there. Some viable attacks on OpenBSD can still be instituted via a network connection. You have to draw the line somewhere, and that's one of the places they draw theirs. PS: You really aren't doing yourself any favors by trying to stir up enmity between the camps; it's not going to work. All us BSD folks like or at least respect each other enough that all you are going to do is evoke a "Hey! Only *I* get to pick on my brother!" response. 8-). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Thu Feb 8 22:21:38 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id C8A6237B401; Thu, 8 Feb 2001 22:21:15 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f196KCF91888; Fri, 9 Feb 2001 06:20:13 GMT (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Terry Lambert" , "FreeBSD Security Advisories" Cc: , Subject: RE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Date: Thu, 8 Feb 2001 22:21:13 -0800 Message-ID: <001801c09260$80407ec0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <200102090101.SAA29682@usr08.primenet.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I was very sad to see this post, it would have been a very humorous piece if it hadn't been stuffed full of spelling and grammar errors. They really ruined the smooth flow that's so important to bringing off a good e-mail joke. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com > -----Original Message----- > From: owner-freebsd-advocacy@FreeBSD.ORG > [mailto:owner-freebsd-advocacy@FreeBSD.ORG]On Behalf Of Terry Lambert > Sent: Thursday, February 08, 2001 5:01 PM > To: FreeBSD Security Advisories > Cc: freebsd-advocacy@FreeBSD.ORG; freebsd-chat@FreeBSD.ORG > Subject: Re: FreeBSD Ports Security Advisory: > FreeBSD-SA-01:INSERT_NUMBER_HERE > > > > Topic: FreeBSD on record to set most advisory releases for > > year 2001 > > Heh. But obviously someone is out to challenge them for the record, > issuing these ones, since they weren't issued by FreeBSD. > > [ ... ] > > > We will not be mentioning the ultra secure OpenBSD operating system > > since we feel it is not our problem and does not help to promote a > > better OS than our own. > > The interesting problem here is that OpenBSD is vulnerable to > hardware limitation based attacks at boot time. They themselves > draw the line at auditing the hardware and firmware of every > motherboard out there. Some viable attacks on OpenBSD can still > be instituted via a network connection. You have to draw the > line somewhere, and that's one of the places they draw theirs. > > > PS: You really aren't doing yourself any favors by trying to stir > up enmity between the camps; it's not going to work. All us BSD > folks like or at least respect each other enough that all you are > going to do is evoke a "Hey! Only *I* get to pick on my brother!" > response. 8-). > > > Terry Lambert > terry@lambert.org > --- > Any opinions in this posting are my own and not those of my present > or previous employers. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-advocacy" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Fri Feb 9 10:14:14 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 6589E37B401 for ; Fri, 9 Feb 2001 10:13:55 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 14RICc-0000Jx-00 for freebsd-advocacy@freebsd.org; Fri, 09 Feb 2001 11:23:26 -0700 Message-ID: <3A84359E.4E8B9864@softweyr.com> Date: Fri, 09 Feb 2001 11:23:26 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-advocacy@freebsd.org Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE References: <200102082016.PAA29933@vws3.interlog.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Some random moron at vws3.interlog.com wrote: > > II. Problem Description > > We normally do not assess security when creating the ports distribution > often allowing anyone to build any program we decide to run in the ports > directory. Recently we have noticed that we can no longer fool users > into thinking because we provide checksumming for the programs, that > they will be secure. > > Unlinke other operating systems and the developers of them who audit > their ports, we feel it is not our problem if someone accessess your > system because we're too lazy to do things right the first time. Which operating systems would this be? http://www.openbsd.org/ports.html Take particular not of the first paragraph in RED text, which says: The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security. Don'tcha just love it when our favorite prankster is too stupid to even effectively joke about the topics he takes on? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Fri Feb 9 10:53:46 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from SCARAB.bnj.com (mail.beav01.bnj.com [208.161.105.35]) by hub.freebsd.org (Postfix) with ESMTP id 4B43B37B503 for ; Fri, 9 Feb 2001 10:53:23 -0800 (PST) Received: by SCARAB.bnj.com with Internet Mail Service (5.5.2653.19) id <1DALS4X6>; Fri, 9 Feb 2001 10:51:13 -0800 Message-ID: From: Linh Pham To: Wes Peters , freebsd-advocacy@freebsd.org Subject: RE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_ HERE Date: Fri, 9 Feb 2001 10:51:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C092C9.4647B440" Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C092C9.4647B440 Content-Type: text/plain I personally think it would take too much manpower and resources to `audit' each and every port that is produce for each of the BSD's. But yes, it is quite funny to see a prankster tripping over his/her/it's own ranting :) -----Original Message----- From: Wes Peters [mailto:wes@softweyr.com] Sent: Friday, February 09, 2001 10:23 To: freebsd-advocacy@freebsd.org Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Some random moron at vws3.interlog.com wrote: > > II. Problem Description > > We normally do not assess security when creating the ports distribution > often allowing anyone to build any program we decide to run in the ports > directory. Recently we have noticed that we can no longer fool users > into thinking because we provide checksumming for the programs, that > they will be secure. > > Unlinke other operating systems and the developers of them who audit > their ports, we feel it is not our problem if someone accessess your > system because we're too lazy to do things right the first time. Which operating systems would this be? http://www.openbsd.org/ports.html Take particular not of the first paragraph in RED text, which says: The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security. Don'tcha just love it when our favorite prankster is too stupid to even effectively joke about the topics he takes on? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message ------_=_NextPart_001_01C092C9.4647B440 Content-Type: text/html Content-Transfer-Encoding: quoted-printable RE: FreeBSD Ports Security Advisory: = FreeBSD-SA-01:INSERT_NUMBER_HERE

I personally think it would take too much manpower = and resources to `audit' each and every port that is produce for each = of the BSD's. But yes, it is quite funny to see a prankster tripping = over his/her/it's own ranting :)

-----Original Message-----
From: Wes Peters [mailto:wes@softweyr.com]
Sent: Friday, February 09, 2001 10:23
To: freebsd-advocacy@freebsd.org
Subject: Re: FreeBSD Ports Security Advisory:
FreeBSD-SA-01:INSERT_NUMBER_HERE


Some random moron at vws3.interlog.com wrote:
>
> II.  Problem Description
>
> We normally do not assess security when = creating the ports distribution
> often allowing anyone to build any program we = decide to run in the ports
> directory. Recently we have noticed that we can = no longer fool users
> into thinking because we provide checksumming = for the programs, that
> they will be secure.
>
> Unlinke other operating systems and the = developers of them who audit
> their ports, we feel it is not our problem if = someone accessess your
> system because we're too lazy to do things = right the first time.

Which operating systems would this be?

http://www.openbsd.org/ports.html

Take particular not of the first paragraph in RED = text, which says:

        The ports = & packages collection does NOT go through the
        thorough = security audit that OpenBSD follows. Although we
        strive to = keep the quality of the packages collection high,
        we just = do not have enough human resources to ensure the
        same = level of robustness and security.

Don'tcha just love it when our favorite prankster is = too stupid to even
effectively joke about the topics he takes = on?

--
          &nb= sp; "Where am I, and what am I doing in this = handbasket?"

Wes = Peters           =             =             =             =           Softweyr = LLC
wes@softweyr.com        = ;            = ;            = ;           http://softweyr.com/


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the = body of the message

------_=_NextPart_001_01C092C9.4647B440-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sat Feb 10 13: 1:19 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 46C9E37B401 for ; Sat, 10 Feb 2001 13:01:02 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.67]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8K00BAC7JLPR@mta5.snfc21.pbi.net> for freebsd-advocacy@freebsd.org; Sat, 10 Feb 2001 12:57:31 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id 36B9867270; Sat, 10 Feb 2001 13:00:02 -0800 (PST) Date: Sat, 10 Feb 2001 13:00:02 -0800 From: Kris Kennaway Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_ HERE In-reply-to: ; from linhp@bnj.com on Fri, Feb 09, 2001 at 10:51:13AM -0800 To: Linh Pham Cc: Wes Peters , freebsd-advocacy@freebsd.org Message-id: <20010210130001.A65847@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH" Content-disposition: inline User-Agent: Mutt/1.2.5i References: Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Feb 09, 2001 at 10:51:13AM -0800, Linh Pham wrote: > I personally think it would take too much manpower and resources to > `audit' each and every port that is produce for each of the BSD's. But > yes, it is quite funny to see a prankster tripping over his/her/it's own > ranting :) Amusingly, FreeBSD *is* auditing parts of the ports collection. We've discovered and published quite a few vulnerabilities already. Kris --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6havRWry0BWjoQKURAkBKAKCQeDLKXbDijt9TTvbFwa5IW3aORgCgzkfP HWUPXIyrGqoOhkpB7tkLrWc= =/uxn -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sat Feb 10 13:13:13 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from epsilon.lucida.ca (epsilon.lucida.ca [209.47.215.67]) by hub.freebsd.org (Postfix) with SMTP id BD68637B491 for ; Sat, 10 Feb 2001 13:12:55 -0800 (PST) Received: (qmail 5815 invoked by uid 1000); 10 Feb 2001 21:12:54 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 Feb 2001 21:12:54 -0000 Date: Sat, 10 Feb 2001 16:12:53 -0500 (EST) From: Matt Heckaman To: Kris Kennaway Cc: FreeBSD-ADVOCACY Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_ HERE In-Reply-To: <20010210130001.A65847@mollari.cthul.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 10 Feb 2001, Kris Kennaway wrote: ... : Amusingly, FreeBSD *is* auditing parts of the ports collection. We've : discovered and published quite a few vulnerabilities already. This is the whole point! The REASON we've been seeing tons of port advisories is because they are being audited. The security team should be thanked for that. Otherwise these bugs would probably be unknown! * Matt Heckaman - mailto:matt@lucida.ca http://www.lucida.ca/pgp * * GPG fingerprint - 53CA 8320 C8F6 32ED 9DDF 036E 3171 C093 4AD3 1364 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.ca/pgp iD8DBQE6ha7WMXHAk0rTE2QRAhgYAJ9u3ACDsVW6/rgh1DnqmjyutrS5owCgvPWP 3jHwdbyhq+TcBbSs3cSov04= =sMKa -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sat Feb 10 13:35:39 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 4F54537B503 for ; Sat, 10 Feb 2001 13:35:22 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 14RhgT-0000Bv-00; Sat, 10 Feb 2001 14:35:57 -0700 Message-ID: <3A85B43D.507AF04@softweyr.com> Date: Sat, 10 Feb 2001 14:35:57 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: Linh Pham , freebsd-advocacy@freebsd.org Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_ HERE References: <20010210130001.A65847@mollari.cthul.hu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > On Fri, Feb 09, 2001 at 10:51:13AM -0800, Linh Pham wrote: > > I personally think it would take too much manpower and resources to > > `audit' each and every port that is produce for each of the BSD's. But > > yes, it is quite funny to see a prankster tripping over his/her/it's own > > ranting :) > > Amusingly, FreeBSD *is* auditing parts of the ports collection. We've > discovered and published quite a few vulnerabilities already. Which indirectly benefits everyone else who uses these programs, including the OpenBSD ports system our antagonist is so undeservedly fond of. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sat Feb 10 14: 7: 8 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 9888237B491 for ; Sat, 10 Feb 2001 14:06:51 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f1AM6W305589; Sat, 10 Feb 2001 14:06:33 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Matt Heckaman" , "Kris Kennaway" Cc: "FreeBSD-ADVOCACY" Subject: RE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Date: Sat, 10 Feb 2001 14:06:35 -0800 Message-ID: <000801c093ad$bbf82140$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > -----Original Message----- > From: owner-freebsd-advocacy@FreeBSD.ORG > [mailto:owner-freebsd-advocacy@FreeBSD.ORG]On Behalf Of Matt Heckaman > Sent: Saturday, February 10, 2001 1:13 PM > > This is the whole point! The REASON we've been seeing tons of port > advisories is because they are being audited. The security team should be > thanked for that. Otherwise these bugs would probably be unknown! > Say rather than unknown, unpublished. If nobody knew about them they wouldn't be security holes now would they? Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sat Feb 10 14:42:52 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 2675F37B491 for ; Sat, 10 Feb 2001 14:42:35 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 14RioM-0000Em-00; Sat, 10 Feb 2001 15:48:11 -0700 Message-ID: <3A85C52A.1F398101@softweyr.com> Date: Sat, 10 Feb 2001 15:48:10 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Ted Mittelstaedt Cc: Matt Heckaman , Kris Kennaway , FreeBSD-ADVOCACY Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE References: <000801c093ad$bbf82140$1401a8c0@tedm.placo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ted Mittelstaedt wrote: > > > -----Original Message----- > > From: owner-freebsd-advocacy@FreeBSD.ORG > > [mailto:owner-freebsd-advocacy@FreeBSD.ORG]On Behalf Of Matt Heckaman > > Sent: Saturday, February 10, 2001 1:13 PM > > > > This is the whole point! The REASON we've been seeing tons of port > > advisories is because they are being audited. The security team should be > > thanked for that. Otherwise these bugs would probably be unknown! > > > > Say rather than unknown, unpublished. If nobody knew about them they > wouldn't be security holes now would they? No, but they'd still be bugs. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sat Feb 10 14:43:56 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from nwlynx.network-lynx.net (nwlynx.network-lynx.net [63.122.185.99]) by hub.freebsd.org (Postfix) with ESMTP id DB09037B491 for ; Sat, 10 Feb 2001 14:43:39 -0800 (PST) Received: from Silver-Lynx.com (doze-1.network-lynx.net [63.122.185.106]) by nwlynx.network-lynx.net (8.11.1/8.9.3/Who.Cares) with ESMTP id f1AMi4I23611; Sat, 10 Feb 2001 15:44:04 -0700 (MST) (envelope-from Don@Silver-Lynx.com) Message-ID: <3A85C412.B56FC777@Silver-Lynx.com> Date: Sat, 10 Feb 2001 15:43:30 -0700 From: Don Wilde X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Wes Peters Cc: freebsd-advocacy@freebsd.org Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_ HERE References: <20010210130001.A65847@mollari.cthul.hu> <3A85B43D.507AF04@softweyr.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG My question is, how did the joker get to post to freebsd-announce? Isn't that post-restricted? -- Don Wilde Don@Silver-Lynx.com Silver Lynx Embedded Microsystems Architects 2218 Southern Bl. Ste. 12 Rio Rancho, NM 87124 505-891-4175 FAX 891-4185 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message From owner-freebsd-advocacy Sat Feb 10 14:53: 1 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id CD8AC37B401 for ; Sat, 10 Feb 2001 14:52:43 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.67]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8K00GSUCNVJ0@mta5.snfc21.pbi.net> for freebsd-advocacy@FreeBSD.ORG; Sat, 10 Feb 2001 14:47:55 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id 7DA3B67384; Sat, 10 Feb 2001 14:50:38 -0800 (PST) Date: Sat, 10 Feb 2001 14:50:38 -0800 From: Kris Kennaway Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_ HERE In-reply-to: <3A85C412.B56FC777@Silver-Lynx.com>; from Don@Silver-Lynx.com on Sat, Feb 10, 2001 at 03:43:30PM -0700 To: Don Wilde Cc: freebsd-advocacy@FreeBSD.ORG Message-id: <20010210145038.A92060@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="cNdxnHkX5QqsyA0e" Content-disposition: inline User-Agent: Mutt/1.2.5i References: <20010210130001.A65847@mollari.cthul.hu> <3A85B43D.507AF04@softweyr.com> <3A85C412.B56FC777@Silver-Lynx.com> Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --cNdxnHkX5QqsyA0e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Feb 10, 2001 at 03:43:30PM -0700, Don Wilde wrote: > My question is, how did the joker get to post to freebsd-announce? Isn't > that post-restricted? It was supposed to be, but it was broken. Kris --cNdxnHkX5QqsyA0e Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6hcW+Wry0BWjoQKURAv2/AKClKP/6loB1eve/viYgezkq0Ftc0gCfUNaE ItaLnKnVB2vxa2wm/vcki7w= =3EBu -----END PGP SIGNATURE----- --cNdxnHkX5QqsyA0e-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message