I'm thinking that using http://www.twospy.com/galleriffic/#1, then some custom code to generate the static html based on a directory structure seems to be about as simple as it can be Hey guys hey Just the guy I wanted to get ahold of! in what sense? :) I want to run my (untrusted) users in a separate jail. But I've got into problems when I'm running an identd on the host Specifically the identd on the host listens to all available IPs And that's not good well - the WTF there is "identd??" yeah, 2010 What's the future then? :) identd was invented in 1990 to solve a non-problem, badly just stop running it Bleh why should *that* machine over *there* care which *username* I've assigned to *this* process *here*? it's a different protection realm there's a fakeidentd that just answers "root" to all requests" you could run that one :) hehe it's just as fvalid The problems come with IRC ;) again, anyone who demands identd on IRC is nuts I'm not running it here. Some IRC servers (I think I'm looking at you, EFNet) won't let people connect without an identd and as I'm running a small shell I need an identd to allow more than X hosts on some servers ... The ident protocol is considered dangerous because it allows crackers to gain a list of usernames on a computer system which can later be used for attacks. A generally accepted solution to this is to set up a generic/generated identifier, returning node information or even gibberish (from the requesters point of view) rather than usernames. I'm on EFNet all the time without identd seriously.. just run the fake one that returns gibberish Hmm.. Yeah ... http://www.freshports.org/net/widentd/ ... widentd is a small ident/rfc1413 deamon which provides a fixed (and fake) auth reply regardless of the ip/port pair quoted. see, that's why I asked you :) indeed I am a veritable font of knowledge You learn something every day! something new* I learn *two* new things a day to keep up with your questions. :) If i had the money I would have you kidnapped and use you as my information slave Anyway, thanks Shouldn't be too hard to create my own why bother when it's a port? I can't find one that always replies with a random string That would be awesome That's why I'd like to create my own hidentd is apparently capable of that but it doesn't seem to work :P did you look at widentd? the one I linked? Yeah it's fixed reply oh. didn't see Anyway shouldn't be too hard to modify RandalSchwartz: Fixed it fixed what? Modified widentd and added a random string-generator from hidentd :p Booya! oh heh! yeay Under 220 lines of code That was awesome It even has ipv6 support I think :p Now... don't you feel more safe and secure? see how identd really makes a difference? :) which is why ircd's that demand it are being stupid Hehe Are there any noteworthy irc networks that still demand ident? Some servers on EFNet I think (i've seen them) - and QuakeNet if you want more than five connections per host :P ident is still important on places like EFNet what if you had a wraith/eggdrop net with all the same ident, they could be banned with one mode change and the channel taken over vcs: Solution: Don't run an identd :P uhhh /mode +b *!~*@* the correct solution is to use oidentd, and spoof each bots ident to its nickname The correct solution would be for the irc server to not prepend ~ to users without an identd and/or run each bot as different users thats stupid ....there's a correct solution to irc? ;-) being able to ban ~ is an effecient way of banning drones Not really and also non technical users And the point with that being? Elitism? also, often trolls will keep changing their ident so i guess it is kindof pointless And that isn't possible with an identd? but then you can just ban by host the real point of identd is to stop abuse on shells by banning ident, not hostname so non abusive users are not effective it also links users back to their accounts for filing abuse repots ident definitley is still relevant on networks like EFNet where most people connect from a shell how is it relevent? unless you control root on the box you're getting identd from otherwise, the data is completely untrustworthy the point is as dxtr just demostrated most people who have a shell for IRC do NOT have root so at least to some extent that's not true for most of freenode maybe some other nets EFNet is very unlike freenode... it's still putting trust in something fundamentally untrustworthy that's worse than not doing it at all that's fake security RandalSchwartz: after being on EFNet many years it has served me well and who cares if they spoof and come back? that's an indepdendent variable alot of the time, you can stop after you ban their ident it has nothing to do with identid it can be fake security but it also can be very useful when dealing with abusive shell users RandalSchwartz: http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzab6/xacceptboth.htm <- according to that binding to in6addr_any should bind to both :: and 0.0.0.0 Do you know anything about that+ Because I can't get it to work in FreeBSD when I go there... I get blank I bet it's frames which you can't bookmark properly what language are you in? C? Yeah It work for me, btw :P wait - you just said "can't get it to work" which is it? I was about to start helping you I can't get ipv4/ipv6-stuff to work, but that page I sent you works for me Oh - you probably have a cookie or something What I can get to work is ipv6 connectivity. But, as I said, according to that page in6addr_any should listen to both ipv4 and ipv6 Then I thought that it might be Linux-specific - but I found that FreeBSD also has the IPV6_V6ONLY flag And what's the point of having that flag if it doesn't do anything anyway? I know it works on OSX I've connected to apps and gotten an IPv6 addr of 0::nnnn Yeah, that should work which is the way v4 gets mapped in v6 for these sockets Exactly did you look at the manpage? I've look at many man pages setsockopt doesn't appear to have a v6-only flag nor is there such a definition in /usr/incldue man 4 ip6 /IPV6_V6ONLY didn't make its way to setsockopt() though Yeah, I noticed :P ahh - what happens if you get that option? http://www.ops.ietf.org/lists/v6ops/v6ops.2003/msg01141.html I was just about to try it Uhh - not sure why you keep bringing up non-freebsd URLs :) if you're asking about freebsd you *are* using AF_INET6, right? Yeah That URL was kind of relevant ok not authoritative though "do you know of any OS that sets the IPV6_V6ONLY socket option on by default?" "netbsd, freebsd (version >= 5), openbsd" sure - one guy says that is he on the freebsd dev team? Oh - right on by default would be bad for you anyway so set it off :) Yeah And as I thought It's on And it works Awesome! vcs: My identd will revolutionize identds Reconnect and you get a new ident! Bwahaha! lol the one thing you two do not understand is shell providers DO NOT allow spoofs so it is relevant in context of shell providers sure, on any of my boxes i cant do whatever i want with ident but not everyone has their own VPS / Colo box evening BarberRonny: afternoon! (PST) finally published a piece-meal price list (see "Extras"), b/c I keep getting asked for it http://arpnetworks.com/vps awesoem Awesome* up_the_irons: you might want to add what the price is for things like bandwidth overages. as in, lets say I have 200gb/mo included.. but use 250gb oh yeah.. it's in the FAQ, but i should put it there, yes *nod* it's always nice to have a centralized "what will it cost me if..." page oh, I have to get you the UUID of my vps where the disk changed on me. one sec not PST yet up_the_irons: What benefits would I get from running my own caching DNS server vs. using your? not for another few weeks yours* dxtr: yours would be faster Would it? well, it kinda depends actually. if you're using a cache only NS, that only serves a few clients.. and you're doing lookups for hosts that'd be present in the providers NS's.. (ie, already cached) the ARP NS's would be faster. Yeah up_the_irons: But you know what you should do? have your DNS servers on IPv6 too :) That would be sweet yeah i know (and website!) that too :) from my short time here, it sounds like up_the_irons is neck deep in work already, though. ;) that's why these things don't get done :) it's the chicken/egg problem. sounds like you need to write some automation processes for some of these things.. but you don't have time to automate because you're too busy doing the things you need to automate. heh yup, exactly or i just need to hire someone to do the small support tasks (change ISOs, DNS, etc...) I'll offer this: I don't have a strong programming background.. but if you want some additional help for things where you don't need to hand me keys to the castle, I'd happily help. I enjoy doing DNS stuff ;) ISO's would probably be simple-ish. thanks for the offer! need to cut my hair, bbl later but not everyone has their own VPS / Colo box woops, wrong screen ment to up + enter into bash >_>