Re: Hide VM data from customer
One of the services provided by a previous employer was to on-premise appliance for customers, rented in a SAAS model. Customers paid for a certain amount of disk space. To ensure they couldn’t just swap disks to add more capacity, each of our disks went through a ‘blessing’ process where we performed various interesting perturbations to the first few megs of every disk, including a checksum that was a function of a machine and customer identifier. We fully understood that these efforts would never get in the way of a dedicated and sophisticated adversary, but the bar was low since most of the customers were end users who were using a managed service provider and never directly interacted with our appliance. You might want to try something like that to make it non-trivial for customers to pull your data. - Eric On Dec 9, 2014, at 4:14 PM, Steve Shockley steve.shock...@shockley.net wrote: On 12/9/2014 2:38 PM, John Merriam wrote: Oh, and no matter what you do, they could always dump the RAM from your VM instance and get your data from there after it's been decrypted. The key is also likely stored in RAM, and it is simpler to get a snapshot of RAM from a VM than it is to get one from a physical machine.
Re: Malformed request shuts down httpd
I upgraded to 5.6-STABLE (amd64) on November 26th and when I ran this against my httpd instance it returned: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head title500 Internal Server Error/title style type=text/css!-- body { background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; } --/style /head body h1Internal Server Error/h1 div id='m'/div hraddressOpenBSD httpd at {ADDRESSREMOVED} port 80/address /body /html httpd process still running happily, and valid pages are still being served. - Eric On Nov 28, 2014, at 3:26 AM, Ezequiel Garzon m...@ezequiel-garzon.net wrote: Hello! I know a lot is happening to httpd lately, so maybe this is not an issue anymore. I've noticed that a malformed HTTP request such as $ printf 'GET /file\r\n\r\n'| nc myhost 80 doesn't just silently fail, but rather shuts down httpd. My /etc/httpd.conf is minimal: server default {listen on egress port 80} Has anybody else tried this? Thanks and cheers, Ezequiel
Question about /etc/mail post 5.6 upgrade
Hello, I recently upgraded from 5.5 to 5.6. I was surprised to see that the various apparently sendmail-specific files in /etc/mail are not in the ‘Files to delete and move’ list in upgrade56.html, now that sendmail is no longer in base. I suspect that either there are other reasons to keep the contents of this directory as-is post 5.6 upgrade, or I missed a step in the upgrade guide. I’m new to OpenBSD, so clue sticks are welcome. - Eric
Question about /etc/mail post 5.6 upgrade
Hello, I recently upgraded from 5.5 to 5.6. I was surprised to see that the various apparently sendmail-specific files in /etc/mail are not in the ‘Files to delete and move’ list in upgrade56.html, now that sendmail is no longer in base. I suspect that either there are other reasons to keep the contents of this directory as-is post 5.6 upgrade, or I missed a step in the upgrade guide. I’m new to OpenBSD, so clue sticks are welcome. - Eric
Re: OpenBSD on a 2013 MacBook Air
The Mid-2013 MBA technical specs[1] list USB 3.0 ports only. I suspect it is similar to my late 2013 MBP in that the built-in keyboard is also treated as a USB 3.0 device. Since the OpenBSD’s xhci driver is still in development, you will have to force the firmware into legacy USB 2.0 mode[2] to get a working keyboard, whether built-in or external. I have not tried this. - Eric [1] http://support.apple.com/kb/SP678 [2] https://gist.github.com/jcs/5573685 On Sep 3, 2014, at 8:08 AM, David Coppa dco...@gmail.com wrote: On Wed, Sep 3, 2014 at 12:38 PM, nuu6...@hush.com wrote: I was recently gifted a 2013 Haswell MacBook Air. While OS X is nice, I would like to run OpenBSD as the only OS on the machine. Is anyone doing this on a Haswell MBA? When I Google this, I can't seem to find info on running it as the sole OS. wifi doesn't work (broadcom hell). Dunno about the remaining components. ciao, David
Re: pfctl: DIOCADDQUEUE: No such process
I cannot give you the dmesg output of the machine because the uptime (dmesg was polluted by some carp messages :p), i cannot reboot it at this time, it's a BGP router and the redundancy is in maintenance. try ‘cat /var/run/dmesg.boot'
Re: Requested upstream patch to use OpenBSD's malloc
Done and done. Just a heads-up if you try to comment on the issue and encounter a page with no content, it’s because you’re not logged in. - Eric On May 31, 2014, at 12:09 PM, Andrew Fresh and...@afresh1.com wrote: I opened a ticket with upstream to use OpenBSD's malloc by default. https://rt.perl.org/Public/Bug/Display.html?id=122000 Perl was setup to use perl's malloc on OpenBSD by default in 2010. https://rt.perl.org/Public/Bug/Display.html?id=75742 The perl in OpenBSD base has always used OpenBSD's malloc, and I believe that is what OpenBSD users will expect, even building perl themselves. If you have opinions that may sway the perl5-porters, please chime in on the above ticket #122000. l8rZ, -- andrew - http://afresh1.com People who invent random theories which only defend the vendor must have been beaten as children. Beaten with sticks. At least, that's my theory. -- Theo De Raadt
Re: Run 'n' play missing home-based package manager for OpenBSD
Users can compile and run whatever they want in their home directories, and any other directory they can write to. There is no need for root privileges. On a multi-user production system this is unattractive from this system administrator's point of view. On a single-user system this is redundant because the ports system already exists, and you have the priveledge to install whatever you want. I don't see the problem that is solved with this.