From owner-freebsd-questions@freebsd.org Fri Sep 18 22:13:08 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A079D9CE8BD for ; Fri, 18 Sep 2015 22:13:08 +0000 (UTC) (envelope-from wam@hiwaay.net) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6F77A191F for ; Fri, 18 Sep 2015 22:13:08 +0000 (UTC) (envelope-from wam@hiwaay.net) Received: from kabini1.local (dynamic-216-186-213-32.knology.net [216.186.213.32] (may be forged)) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id t8IMD6U1027156 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Fri, 18 Sep 2015 17:13:06 -0500 Subject: Re: HTTPS on freebsd.org, git, reproducible builds References: <1442578892.1807598.387215049.07156D0F@webmail.messagingengine.com> <1442579551.1810383.387233801.46EBDA6D@webmail.messagingengine.com> <55FC1498.7090902@Plominski.eu> <55FC19B7.1010607@hiwaay.net> <20150918174436.GF85844@kropotkin.auxio> Cc: freebsd-questions@freebsd.org From: "William A. Mahaffey III" Message-ID: <55FC8C71.3040902@hiwaay.net> Date: Fri, 18 Sep 2015 17:18:35 -0453.75 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20150918174436.GF85844@kropotkin.auxio> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2015 22:13:08 -0000 On 09/18/15 12:50, Alastair Hogge wrote: > On 2015-09-18 Fri 09:09:05 +0000 William A. Mahaffey III , wrote: >> On 09/18/15 08:47, Daniel DP. Plominski wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA512 >>> >>> well, encryption does not cost much, most mobile devices are now fast enough >>> for IP obfuscation there vpn providers or anonymity networks like Tor >>> >>> you should look for "when leaken metadata", customized Firefox >>> versionslike the "torbundle" package or FreeBSD features such as: >>> disabled tcp timpstamp, activated net.inet.ip.stealth etc. >>> >>> may be that the most information are not critical of freebsd.org >>> on a page about political commitment, however, twice what you click on >>> >>> in the post snowden/nsa area, i think it is not heard now de rigueur, >>> but should be compulsory >> Where is that 'net.inet.ip.stealth' setting ? I didn't find it in my >> /etc/defaults/rc.conf file .... > What about: > $ sysctl -d net.inet.ip.stealth > net.inet.ip.stealth: IP stealth mode, no TTL decrementation on forwarding > > $ sysctl -d net.inet.ip.random_id > net.inet.ip.random_id: Assign random ip_id values > > Add them to /etc/sysctl.conf > > To good health > -- > The liberals can understand everything but people who don't understand them. > -- Lenny Bruce > [root@kabini1, /etc, 10:07:39am] 353 % sysctl -d net.inet.ip.stealth sysctl: unknown oid 'net.inet.ip.stealth' [root@kabini1, /etc, 5:17:54pm] 354 % sysctl -d net.inet.ip.random_id net.inet.ip.random_id: Assign random ip_id values [root@kabini1, /etc, 5:18:07pm] 355 % uname -a FreeBSD kabini1.local 9.3-RELEASE-p24 FreeBSD 9.3-RELEASE-p24 #0: Sat Aug 22 01:54:44 UTC 2015 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 [root@kabini1, /etc, 5:18:16pm] 356 % Maybe a 10.n thing ? -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.