SoftwareNetBSD
Various bits of the NetBSD project:
milter-greylistmilter-greylist is an efficient and easy to set up spam filter for Sendmail. It is used in production on thousands of servers throughout the Internet. Wrote everything, except the numerous submissions from hardcore users. Many thanks to them. [top] IPsec-tools
A few bits of the IPsec-tools project, which is an IPsec key exchange daemon:
DSTDST stands for Distributed Spam Traps. It is an attempt at building a real-time, strongly authenticated, DDoS-resistant tool for propagating spam reports. This seems to be a dead experimental software. [top] milter-rcptfilterTool for building ACL on e-mail recipients. Useful for filtering out mail sent to unexistant addresses when you do not have time, courrage or knowledge to reconfigure Sendmail so that it blocks them properly. This software is superseeded by milter-greylist, which includes all milter-rcptfilter features, and more. [top] mddmdd stands for Multicast Data Dump. This tool is designed to spread a file to a multicast group. It was written to upload a hard disk image to a set of identical machines in a computer room. Warning: The protocol is rather simple and does do any rate limiting. That makes it completely unsuitable outside of a private LAN where no congestion can occur. Do not use that tool on the Internet, it will eat all your bandwidth and flood the multicast group you send data to. [top] cmapasswdcmapasswd is a wrapper on the passwd command. It is designed to allow some users (e.g.: teachers) to change the password of users in given groups (e.g: students that forgot their passwords). A configuration file is used to decide who is allowed to change password for what groups of users. [top] hobbitclientHobbit Monitor is a free software replacement for defunct project Big Brother. Hobbitclient is the free software replacement for the Big Brother client. It is written in C with OS-dependant backends. This project seems to be dead and superseeded by Nagios. [top] ldap2radiusA shell back-end written in C for OpenLDAP that enable bridging LDAP authentication to a RADIUS server. This is designed so that the actual LDAP database queries are sent to a real LDAP datababse, while the LDAP authentication is done through RADIUS. Note that you can also setup OpenLDAP to use SASL, SASL to use PAM, and PAM to use RADIUS. [top] French mac keyboard layout for WindowsWhen running Windows in Parallels on a mac, you may get a PC keyboard layout. With a french mac keyboard, pressing - produces a =, for instance. There is an Apple driver for fixing this on recent Windows releases, but on NT 4.0, it's a bit harder. Here is a workaround. Microsoft provides MSKLC, an utility for creating keyboard layouts, but it works only on Windows 2000 and above. Fortunately, the keyboard mappings it produces can be dropped in an NT 4.0 system and that will work. Here is Kbdfr.dll, a keyboard layout for a mac french keyboard. Just overwrite C:\WINNT\System32\Kbdfr.dll, reboot, and you will be done. Make sure your administrator password does not depend on the modified keys, or you might be locked out. This keyboard maps correctly all characters that are written on the keys. For characters that are not written on the keys, such as |, {, and so on, the PC keyboard mapping is retained: Use AltGr-6 to produce a |. Thanks to Arthur Duprat for helping on that hack. [top] NFS-aware quota(1) for MacOS XAs of MacOS X.4, it seems impossible for quota(1) to report NFS mounts quotas. The command just seems unable to query the rpc.rquotad(8) daemon. Here is a quick MacOS X port of NetBSD's quota(1), which is NFS-aware. [top] Contributions to OpenLDAPMinor but useful improvements to some OpenLDAP overlays:
[top] CrudeSAMLCrudeSAML features a PAM module and a SASL plugin (for Cyrus SASL) that perform crude checks on SAML assertions: signature, dates, user Id, issuing Identity Provider and audience Service Provider. Using CrudeSAML, SAML assertions can be used by web applications as tokens for authenticating to other services such as IMAP (WebSSO for webmail), LDAP (WebSSO for unprivilegied LDAP web applications), or SSH (WebSSO to whatever hack you implemented by ssh).. [top] SPIP2LaTeXSPIP2LaTeX is a SPIP plugin that converts article and section to LaTeX. It can be used to generate nice PDF from web pages managed by SPIP.
See also the
SPIP2LaTeX
page at spip-contrib.net.
Apache modulesmod_mkdir is an Apache 2 module that creates directories on the fly as they are requested by the client. This is useful used with PUT methods, when the client attemps to drop a file in a directory that does not exits yet. mod_logbeast in another Apache 2 module that attempts to spot BEAST vulnerable browsers. This is done by checking TLS version, cipher, and 1/n-1 split mitigation technique for vulnerable CBC ciphers with TLS up to version 1.0. The 1/n-1 split detection is a bit naive, as it does not try to parse TLS packets, but instead looks for the number of bytes obtained from mod_ssl. mod_auth_ofba implements Microsoft Office Forms Based Authentication, which allows MS Office for Windows to use a WebDAV share without prompting for user authentication everytime it opens a document from WebDAV. mod_upload is a stand-alone file upload manager that is compatible with PHP. It allows setting the write block size, which helps a lot improving performance on network filesystems. Contributions to mod_dav and mod_dav : MS-WDV support, RFC 4331 quotas. [top] OpenVPN modulesOpenVPN wtmpx(5) accounting module to have OpenVPN connections log available from the last(1) command.
OpenVPN
Nagios plugin,
which uses OpenVPN protocol to probe VPN services, checking for certificate
expiration.
Nagios pluginsNagios plugins in C, to check
Useful patchesPHP 5.3 to 7.1 LDAP exop support. This brings to PHP LDAP operations such as PASSMOD, REFRESH and WHOAMI. PASSMOD is better than directly writing the userPassword attribute since it allows the use of overlays like slapo-smbk5pwd (NTLM and kerberos V password sync), or slapo-ppolicy (Password strength and reuse policy). The feature is included in base PHP distributuon starting with 7.2. Apache 2.2
Elliptic curve support. Used with appropriate Apapche directives, this
makes
Perfect Forward Secrecy available for all modern browsers (as reported
by Qualys SSL labs server test).
Suggested Apache configuration:
NetBSD support in GlusterFS
NetBSD support in GlusterFS. All
required patches are contributed to GlusterFS repository.
syncffsd
syncffsd scans for
update in a FFS filesystem by monitoring the superblock, and fires
rsync(1) to update a remote filesystem on each change.
ASCIIdir
ASCIIdir is an utility
to remove non-ASCII characters in a file hierarchy. A custom
translitteration map can be provided instead ot the built-in one.
Books and PapersFUSE and beyond: bridging file systems
A paper on FUSE, PUFFS, REFUSE, PERFUSE and GlusterFS on NetBSD, presented at EuroBSDcon 2014, Sofia, Bulgaria, september 2014.
TLS hardening
A paper on TLS hardening,
published in june 2014 issue of BSD Magazine.
Per-user filtering settings with milter-greylist
Filtrage sur mesure avec milter-greylist (Per-user filtering settings with milter-greylist), presentation in french at Solutions Linux 2009, Paris, april 2009.
SAML and services behind the web
SAML et services hors web (SAML and services behind the web), presentation in french for the CRU, Paris, january 2011.
What's new in NetBSD in 2006
What's new in NetBSD in 2006, EuroBSDCon 2006, Milan,
Italy, november 2006.
Developer interviews
Interview of Open Source Software developers, on various topics:
My opinion on the European Constitution
Why I will vote no to the french
referendum on the European Constitution. This is some non computer-related
material, in french. I also wrote later about
Lisbon treaty and the MES. I should really
write something on the latest EU monsters like TSCG, six pack, and two pack.
Le cahier de l'admin BSD
Le cahier de l'admin BSD, 2nd edition.
July 2004, Editions Eyrolles, ISBN 2-212-11463-X. In french (english version may pop
up one day).
Remote user access VPN with IPsec
Remote user access VPN with IPsec, EuroBSDCon 2005, Basel, Switzerland, 25-27 november 2005, proceedings p113-124
MacOS X binary compatibility in NetBSD
MacOS X binary compatibility: challenges and implementation, EuroBSDCon 2004, Karlsruhe, Germany, 29-21 october 2004, proceedings p65-80.
Chrooting ntpd on NetBSD
Securing systems with chroot: what is a chroot jail, how does it helps securing systems? January 2001, ONLamp.com.
Mail filters
Mail filtering techniques: a short introduction to internet mail, and a survey of different mail filtering techniques. May 2004, ONLamp.com.
IRIX binary compatibility on NetBSD
An introduction to binary compatibility, august 2002, ONLamp.com.
Linux binary compatibility on NetBSD/PowerPC
Setting up minimal emulation support, may 2001, ONLamp.com.
The MPC parallel computerO. Glück, A. Zerrouki, J.L. Desbarbieux, A. Fenyö, A. Greiner, F. Wajsbürt, C. Spasevski, F. Silva and E. Dreyfus, Protocol and Performance Analysis of the MPC Parallel Computer, 15th International Parallel & Distributed Processing Symposium (IPDPS, 2001), San Francisco, USA, 23-27 avril 2001, p52. A. Zerrouki, O. Glück, J.L. Desbarbieux, A. Fenyö, A.Greiner, C. Spasevski, F. Wajsbürt, F. Silva and E. Dreyfus, The MPC Parallel Computer : hardware, Low-level Protocols and Performances, Parallel and Distributed Computing and Systems (PDCS, 2000), Las Vegas, USA, 6-9 novembre 2000, Vol 1, p87-92. [top] Last modification: 2023/03/13 |