Peter N. M. Hansteen is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Peter N. M. Hansteen

Preparing to submit to upcoming conferences, again working on the ever developing tutorial. The 2017 BSDCan version is at - please do poke us with questions + suggestions (in comments or directly) on how we can make future sessions more useful!

I must admit I like 's /#dkim failure reports. They've taken care to include all relevant headers so I can use the report to blacklist the offending IP address *and* add the faked sender to my spamtraps at (also see for the blacklist maintenance principles).

It looks like at least part of the reason is that end user products ship with a default configuration that has admin as sole user with admin as the password, see eg And apparently a lot of rpis out there run with the pi user still enabled (guess the password!). I get a lot of those too.

Looking at my sshd auth logs, I see almost as many attempts at admin as root. Was there ever a Unix variety with admin was a common username, or are we just seeing that it's early in their dictionary and all they get around to before the auto-LART? (as in or

p2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more

Please remember that fun and useful things like exist because made them possible (an incomplete list of innovations is up at So if you benefit from any of this, please donate, see the options listed at

Today the total number of spamtraps at rolled past 40k, mainly due to some dimwit feeding a DOS-style file to a Unix program, producing some hilarious invalid usernames used to try to log in to one of my boxes. Blacklisted hosts hover around 27k.

To view the full list, see (also included in the page). Your browser will semi-correctly interpret some entries as HTML tags and does not render the full page (for why see

p2k17 Hackathon Report: Anthony J. Bentley on firmware, games and securing pkg_add runs

p2k17 Hackathon report: Christian Weisgerber on random devices, build failures and gettext

p2k17: Herzliche grusse vom Berlin (espie@ on mandoc, misc packages progress)

What looks to be a new phishing round sends mail from ??DocumentSend@yourdomain.tld. Greylist dump from here at - could be more out there, developing.

Do you use ? Or ,# LibreSSL or (on any platform)? Then donating to the OpenBSD Foundation is a good thing: If you need more reasons, here's my "OpenBSD and you" presentation:

WARNING: There are people in charge of mail infrastructure that are ignorant enough to ask for copies of messages *with headers and body* when confronted with the scenario described in