Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Glen Barber
On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: > On Sat, Aug 06, 2016 at 09:05:26PM +, Glen Barber wrote: > > -BEGIN PGP SIGNED MESSAGE- > > > o The new system hardening options have been fixed to avoid overwriting > > other options selected during install time. > >

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Lars Engels
On Mon, Aug 08, 2016 at 02:44:05PM +, Glen Barber wrote: > On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: > > On Sat, Aug 06, 2016 at 09:05:26PM +, Glen Barber wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > > > o The new system hardening options have been fixed to

Re: kernel panic caused by virtualbox(?)

2016-08-08 Thread John Baldwin
On Thursday, August 04, 2016 05:10:29 PM Don Lewis wrote: > Reposted to -current to get some more eyes on this ... > > I just got a kernel panic when I started up a CentOS 7 VM in virtualbox. > The host is: > FreeBSD 12.0-CURRENT #17 r302500 GENERIC amd64 > The virtualbox version is: >

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Lars Engels
On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: > > > On Aug 8, 2016, at 8:02 AM, Lars Engels wrote: > > > > On Mon, Aug 08, 2016 at 02:44:05PM +, Glen Barber wrote: > >> On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: > >>> On Sat, Aug 06,

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Devin Teske
> On Aug 8, 2016, at 12:39 PM, Bernard Spil wrote: > > Hi Devin, > > This resource documents the choices pretty well I think > https://stribika.github.io/2015/01/04/secure-secure-shell.html > > Author has

Re: some [big] changes to ZPL (ZFS<->VFS )

2016-08-08 Thread Alan Somers
On r303834 I can no longer reproduce the problem. -Alan On Sat, Aug 6, 2016 at 5:05 AM, Andriy Gapon wrote: > On 05/08/2016 23:31, Alan Somers wrote: >> I'm not certain it's related, but on a head build at r303767 I see a >> LOR and a reproducible panic that involve the snapdir

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Devin Teske
> On Aug 8, 2016, at 8:02 AM, Lars Engels wrote: > > On Mon, Aug 08, 2016 at 02:44:05PM +, Glen Barber wrote: >> On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: >>> On Sat, Aug 06, 2016 at 09:05:26PM +, Glen Barber wrote: -BEGIN PGP SIGNED

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Nathan Whitehorn
On 08/08/16 10:56, Glen Barber wrote: On Mon, Aug 08, 2016 at 10:53:26AM -0700, Nathan Whitehorn wrote: On 08/08/16 10:43, Lars Engels wrote: On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: On Aug 8, 2016, at 8:02 AM, Lars Engels wrote: On Mon, Aug 08,

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Conrad Meyer
The OpenSSH defaults are intentionally sane. RSA 2048 is anticipated to be fine for the next 10 years. It would not be a bad choice. I'm not aware of any reason not to use EC keys, and presumably the openssh authors wouldn't ship them as an option if they knew of any reason to believe they were

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Glen Barber
On Mon, Aug 08, 2016 at 10:53:26AM -0700, Nathan Whitehorn wrote: > > > On 08/08/16 10:43, Lars Engels wrote: > >On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: > >>>On Aug 8, 2016, at 8:02 AM, Lars Engels wrote: > >>> > >>>On Mon, Aug 08, 2016 at 02:44:05PM

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Allan Jude
On 2016-08-08 14:17, Conrad Meyer wrote: > The OpenSSH defaults are intentionally sane. RSA 2048 is anticipated > to be fine for the next 10 years. It would not be a bad choice. I'm > not aware of any reason not to use EC keys, and presumably the openssh > authors wouldn't ship them as an

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Glen Barber
On Mon, Aug 08, 2016 at 11:22:27AM -0700, Nathan Whitehorn wrote: > > > On 08/08/16 10:56, Glen Barber wrote: > >On Mon, Aug 08, 2016 at 10:53:26AM -0700, Nathan Whitehorn wrote: > >> > >>On 08/08/16 10:43, Lars Engels wrote: > >>>On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: >

Re: kernel panic caused by virtualbox(?)

2016-08-08 Thread Konstantin Belousov
On Mon, Aug 08, 2016 at 10:22:44AM -0700, John Baldwin wrote: > On Thursday, August 04, 2016 05:10:29 PM Don Lewis wrote: > > Reposted to -current to get some more eyes on this ... > > > > I just got a kernel panic when I started up a CentOS 7 VM in virtualbox. > > The host is: > > FreeBSD

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Nathan Whitehorn
On 08/08/16 10:43, Lars Engels wrote: On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: On Aug 8, 2016, at 8:02 AM, Lars Engels wrote: On Mon, Aug 08, 2016 at 02:44:05PM +, Glen Barber wrote: On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote:

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Devin Teske
Which would you use? ECDSA? https://en.wikipedia.org/wiki/Elliptic_curve_cryptography "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover operation", cryptography experts have also expressed concern over the security

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Bernard Spil
Hi Devin, This resource documents the choices pretty well I think https://stribika.github.io/2015/01/04/secure-secure-shell.html Author has made some modifications up to Jan 2016 https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md The short

Re: kernel panic caused by virtualbox(?)

2016-08-08 Thread Don Lewis
On 8 Aug, Konstantin Belousov wrote: > On Mon, Aug 08, 2016 at 10:22:44AM -0700, John Baldwin wrote: >> On Thursday, August 04, 2016 05:10:29 PM Don Lewis wrote: >> > Reposted to -current to get some more eyes on this ... >> > >> > I just got a kernel panic when I started up a CentOS 7 VM in

Re: kernel panic caused by virtualbox(?)

2016-08-08 Thread Don Lewis
On 8 Aug, John Baldwin wrote: > On Thursday, August 04, 2016 05:10:29 PM Don Lewis wrote: >> Reposted to -current to get some more eyes on this ... >> >> I just got a kernel panic when I started up a CentOS 7 VM in virtualbox. >> The host is: >> FreeBSD 12.0-CURRENT #17 r302500 GENERIC

Re: kernel panic caused by virtualbox(?)

2016-08-08 Thread Don Lewis
On 8 Aug, Konstantin Belousov wrote: > On Mon, Aug 08, 2016 at 10:22:44AM -0700, John Baldwin wrote: >> On Thursday, August 04, 2016 05:10:29 PM Don Lewis wrote: >> > Reposted to -current to get some more eyes on this ... >> > >> > I just got a kernel panic when I started up a CentOS 7 VM in

Build failed in Jenkins: FreeBSD_HEAD #554

2016-08-08 Thread jenkins-admin
See -- [...truncated 324428 lines...] [192.168.10.2] out: usr.sbin/pw/pw_useradd:user_add_account_expiration_date_relative -> passed [0.114s] [192.168.10.2] out:

Re: lengthy sdhci timeouts on KBL-Y tester

2016-08-08 Thread O. Hartmann
On Mon, 8 Aug 2016 18:43:42 -0700 "K. Macy" wrote: > I have a KBL-Y "Software Development Platform" for purposes of getting > the i915 KMS working on that system on FreeBSD. I've just installed 11 > BETA4. sdhci timeouts add several minutes to boot time. The dmesg > output

lengthy sdhci timeouts on KBL-Y tester

2016-08-08 Thread K. Macy
I have a KBL-Y "Software Development Platform" for purposes of getting the i915 KMS working on that system on FreeBSD. I've just installed 11 BETA4. sdhci timeouts add several minutes to boot time. The dmesg output follows: Copyright (c) 1992-2016 The FreeBSD Project. Copyright (c) 1979, 1980,

Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

2016-08-08 Thread Jeffrey Bouquet
Will/could there be some kind of UPDATING announcement re which files explicitly to switch out/remove/replace/checkfor etc the deprecated lines and precisely the steps to replace with new or some other suitable action? Action required for both the sshd and client? Subdirectories involved?

Re: FreeBSD 11.0-BETA4 Now Available

2016-08-08 Thread Lars Engels
On Sat, Aug 06, 2016 at 09:05:26PM +, Glen Barber wrote: > -BEGIN PGP SIGNED MESSAGE- > o The new system hardening options have been fixed to avoid overwriting > other options selected during install time. Can those options also get added to "bsdconfig"? pgpDIfHtky6GL.pgp