On Tue, 27 Sep 2005, Andreas Bihlmaier wrote:
On Mon, Sep 26, 2005 at 10:29:37AM +0200, Otto Moerbeek wrote:
report, including all details.
-Otto
I would file a bug report, if you tell me what more information I could give
than I already did?
It worked until a week ago (I
Theo de Raadt wrote:
Wow, free advice as to how I can spend my time. Aren't you kind? Want
some advice from me?
Yes, I _am_ full of grandmotherly kindness, as well as invariably
excellent advice. It is well that you realize this. In this instance,
that advice was Do not spurn good ideas,
David Hill wrote:
If you want PostgreSQL, install it from the ports tree.
What is wrong with dump/restore and using tar for a backup solution?
Thank you, I am well aware of the fact that it can be installed from
the ports tree. Going back and _reading_ the original post, we find
that
I second that. Blocking ssh access from Linux hosts removes 95% of these
attacks. Simple and effective.
block drop in log quick on $ext_if proto { tcp, udp } from any os Linux to any
port ssh label Block ssh from Linux hosts
/jkm
* Nick Ryan ([EMAIL PROTECTED]) wrote:
You could use pf to
Chris Kuethe wrote:
I was just about to say SQLite. From their web page: Sources are in
the public domain. Use for any purpose. see
http://www.sqlite.org/copyright.html
SQLite might be easier, indeed.
I don't think the actual requirement is for any particular server,
although I note that
Hi all
I have a basic webpage running on Apache 1.3, I have setup the site with
the needed CA's etc and can run the whole webpage under HTTPS/Secure,
but I only want to use HTTPS/SSL for /cgi-bin/ I'm happy for the rest to
run over normal HTTP.
How is this done?
On 9/26/05, Bryan Irvine [EMAIL PROTECTED] wrote:
For example, i was looking at the Promise SATA 150TX4 and i have not yet
been able to find what chip that controller uses. Any suggestions on
what controller card i should get?
Good luck with Promise. I went through this a while back, and
On Tue, 2005-09-27 at 17:01:44 +1000, Luke Fogarty proclaimed...
I have a basic webpage running on Apache 1.3, I have setup the site with
the needed CA's etc and can run the whole webpage under HTTPS/Secure,
but I only want to use HTTPS/SSL for /cgi-bin/ I'm happy for the rest to
run over
Hello Jason,
Jason Ackley wrote:
Stephan A. Rickauer wrote:
I guess the general problem here is two machines appear with one mac
address at the same time on both switches, right? How can one solve that?
You may also want to make sure that the port is
in STP 'portfast' mode or whatever
Few days ago I installed new OBSD system, which has /, /var and /usr.
Today I found out that /usr is not mounted and all the /usr stuffs
installed in /. When I tried to extract src.tar.gz something was wrong.
I have /dev/wd0d, which is not used and free. Mounted it as /usr1 and
copied all the
On Mon, 26 Sep 2005 16:37:48 -0600, Theo de Raadt
[EMAIL PROTECTED] wrote:
Every release, more people download OpenBSD and fewer people buy OpenBSD.
But the solution is not to make OpenBSD developers web businessmen.
That is a road to slower development.
The solution is not to complain
On Sep 27, 2005, at 2:01 AM, Szechuan Death wrote:
Yes, I _am_ full of grandmotherly kindness, as well as invariably
excellent advice. It is well that you realize this. In this
instance,
that advice was Do not spurn good ideas, Do not whine about your
users not buying CDs if you're in the
Dulmandakh Sukhbaatar wrote:
Few days ago I installed new OBSD system, which has /, /var and /usr.
Today I found out that /usr is not mounted and all the /usr stuffs
installed in /. When I tried to extract src.tar.gz something was wrong.
I have /dev/wd0d, which is not used and free. Mounted it
Alexander Hall wrote:
Dulmandakh Sukhbaatar wrote:
Few days ago I installed new OBSD system, which has /, /var and /usr.
Today I found out that /usr is not mounted and all the /usr stuffs
installed in /. When I tried to extract src.tar.gz something was
wrong. I have /dev/wd0d, which is not
Good morning
When I installed squid from the ports, and tried to use the https_port
option,
I get a Failed to acquire SSL certificate: error:0200100E:system
library:fopen:Bad address
Anyone an idea how to solve ?
OpenBSD 3.7
Squid 2.5 STABLE 9
Thanks
Alexander Hall wrote:
Dulmandakh Sukhbaatar wrote:
Alexander Hall wrote:
Dulmandakh Sukhbaatar wrote:
Few days ago I installed new OBSD system, which has /, /var and
/usr. Today I found out that /usr is not mounted and all the /usr
stuffs installed in /. When I tried to extract src.tar.gz
Dulmandakh Sukhbaatar wrote:
Alexander Hall wrote:
Dulmandakh Sukhbaatar wrote:
Few days ago I installed new OBSD system, which has /, /var and /usr.
Today I found out that /usr is not mounted and all the /usr stuffs
installed in /. When I tried to extract src.tar.gz something was
wrong. I
--On 27 September 2005 19:44 +0900, Dulmandakh Sukhbaatar wrote:
I did
# cd /usr
# cp -i * /usr1
Something wrong?
This doesn't copy permissions. A command like pax(1) or cpio(1) is good
at preserving these.
After reboot I can login as my non-root account and also with root
account. But I
Theo's reply was good :-) and you're just doing blah-blah here.
The blah-blah about the integrated d/b was waste of time too.
Why don't you shut up and implement your ideas yourself?
On 9/27/05, Szechuan Death [EMAIL PROTECTED] wrote:
Theo de Raadt wrote:
Wow, free advice as to how I can
--On 27 September 2005 03:04 -0700, J.C. Roberts wrote:
(an idiot who bought a MegaRAID ATA 133-2 thinking it would work
with OpenBSD since MegaRAID was listed as supported)
The new http://www.openbsd.org/lyrics.html#38 suggests it works too,
and ami(4) and 'supported hardware' lists don't
On Tue, 27 Sep 2005 13:19:05 +0100, Stuart Henderson
[EMAIL PROTECTED] wrote:
--On 27 September 2005 03:04 -0700, J.C. Roberts wrote:
(an idiot who bought a MegaRAID ATA 133-2 thinking it would work
with OpenBSD since MegaRAID was listed as supported)
The new
Hi,
(obsd3.7-stable)
I'm trying to use an allow directive with a partial domain name:
Here is directive from my httpd.conf:
Directory /var/www/htdocs/download
DAV On
SSLRequireSSL
Options Indexes
AllowOverride None
AuthType Basic
AuthName Restricted
I am trying to install the package pear-DB-1.6.8 on a 3.7 box (i386).
According to pear.php.net, PEAR DB 1.6.8 requires PHP version 4.2.0 or
newer, but the OpenBSD package has a @depend
www/php5/core,-pear:php5-pear-5.0.*:php5-pear-5.0.3p line in the
+CONTENTS file and so it refuses to work with
Hi,
Yes I use the chrooted version.
Hmm ... but it works correctly when omitting the deny directive.
The default httpd.conf has for example: Directory /var/www/htdocs
I think my directory entry is correct, or isn't it?
-Original Message-
From: Marc Peters [mailto:[EMAIL PROTECTED]
On Monday, September 26, Szechuan Death wrote:
What is wrong with dump/restore/tar is that nobody running a network
larger than two computers uses it. Yes, I'm sure you can make it work
with plenty of Perl scripting, some clever use of cron and ssh, and
plenty of disk space. Nobody in
On Monday 26 September 2005 20:10, you wrote:
Try this one out for size, I can vouch that it's super
http://www.lsilogic.com/products/megaraid/sata_150_4.html
Brandon
Is there an LSI SATA card that doesn't have RAID and works with OpenBSD?
I don't want RAID support, so buying an expensive ($216
On Tue, Sep 27, 2005 at 03:23:41PM +0300, Dimitar Kodjabachev wrote:
I am trying to install the package pear-DB-1.6.8 on a 3.7 box (i386).
According to pear.php.net, PEAR DB 1.6.8 requires PHP version 4.2.0 or
newer, but the OpenBSD package has a @depend
Is it possible to run systrace on chroot? I get a segmentation fault.
On OpenBSD 3.8-current (GENERIC), Sep 23 2005, i386.
$ su
# chroot -u root / /bin/sh
# exit
This works.
# systrace -a chroot -u root / /bin/sh
Segmentation fault (core dumped)
This does not.
trying to debug some crappy script of mine, noticed what seems
to be an instance of setting xtrace changing the way the
script runs. -current snapshots from openbsd.rt.fm on sep.22
OpenBSD 3.8-current (GENERIC) #152: Thu Sep 22 13:31:38 MDT 2005
[EMAIL
Daniel A. Ramaley wrote:
On Monday 26 September 2005 20:10, you wrote:
Try this one out for size, I can vouch that it's super
http://www.lsilogic.com/products/megaraid/sata_150_4.html
Brandon
Is there an LSI SATA card that doesn't have RAID and works with OpenBSD?
I don't want RAID
On Tue, 27 Sep 2005, Joost Tr wrote:
Is it possible to run systrace on chroot? I get a segmentation fault.
On OpenBSD 3.8-current (GENERIC), Sep 23 2005, i386.
$ su
# chroot -u root / /bin/sh
# exit
This works.
# systrace -a chroot -u root / /bin/sh
Segmentation fault (core dumped)
On Tue 2005.09.27 at 12:22 +, Joost Tr wrote:
Is it possible to run systrace on chroot? I get a segmentation fault.
On OpenBSD 3.8-current (GENERIC), Sep 23 2005, i386.
$ su
# chroot -u root / /bin/sh
# exit
This works.
# systrace -a chroot -u root / /bin/sh
Segmentation fault
On Tue, Sep 27, 2005 at 08:42:47AM -0500, Daniel A. Ramaley wrote:
On Monday 26 September 2005 20:10, you wrote:
Try this one out for size, I can vouch that it's super
http://www.lsilogic.com/products/megaraid/sata_150_4.html
Brandon
Is there an LSI SATA card that doesn't have RAID and
On Tue, 27 Sep 2005, jared r r spiegel wrote:
trying to debug some crappy script of mine, noticed what seems
to be an instance of setting xtrace changing the way the
script runs. -current snapshots from openbsd.rt.fm on sep.22
OpenBSD 3.8-current (GENERIC) #152: Thu Sep 22 13:31:38
I successfully added the redhat_ base package, but now I'm having a problem
using the rpm command. I am trying to rpm the file jdk-1_5_0_05-
linux-i586.rpm in /usr/jdk (I have already chmod ed to be able to execute
the file, and I uncommented the linux_emul=1 line in sysctl.conf) but when
I try to
On Tue, 27 Sep 2005 03:04:19 -0700
J.C. Roberts [EMAIL PROTECTED] wrote:
On Mon, 26 Sep 2005 16:37:48 -0600, Theo de Raadt
[EMAIL PROTECTED] wrote:
Every release, more people download OpenBSD and fewer people buy OpenBSD.
But the solution is not to make OpenBSD developers web
From: Tobias Weingartner [mailto:[EMAIL PROTECTED]
On Monday, September 26, Szechuan Death wrote:
Again, looking at the original post, the database seemed to me to be
part and parcel of this, for efficiency reasons. As you might be
aware, you can't have a dependency outside the src/ tree;
The OpenBSD 3.8 song is now available, at
http://www.openbsd.org/lyrics.html#38
Many wonderful new things have made it into OpenBSD 3.8, but we wanted
to focus on one particular thing -- our support for native
free-software RAID management on at least one brand of RAID card,
those made
On 9/22/05, Jonathan Gray [EMAIL PROTECTED] wrote:
On Thu, Sep 22, 2005 at 11:48:15AM -0700, James Wright wrote:
based on the patch at http://nightlies.mt-daapd.org/, patch-daap_c goes
into /usr/ports/audio/mt-daapd/patches and patch-Makefile to be applied
in /usr/ports/audio/mt-daapd (just
Is it better to apply egress filtering rules on the internal interface
of the firewall or the external interface?
A snippet of my rules look like this right now:
(I'm filtering on both interfaces)
pass in quick on $int_if inet proto tcp from $int_if:network to any port
$tcp_ports modulate
Probably the program gets killed because your polciy denies everything.
Yep, it did deny everything :)
you probably want -A first, or at least some policy.
With -A instead of -a i get what i was aiming for.
thanks !
From: Okan Demirmen [EMAIL PROTECTED]
To: misc@openbsd.org
Subject:
On Tue, 27 Sep 2005 10:25:14 -0600
Theo de Raadt [EMAIL PROTECTED] wrote:
The OpenBSD 3.8 song is now available, at
http://www.openbsd.org/lyrics.html#38
Many wonderful new things have made it into OpenBSD 3.8, but we wanted
to focus on one particular thing -- our support for native
Install tcsh from the /usr/ports/shells/tcsh it have the same functionality
that csh , but include tab completion and command line editing.
Regards.
On 9/26/05, Dulmandakh Sukhbaatar [EMAIL PROTECTED] wrote:
I installed new OBSD box as proxy server and test server. But I don't
want to type
On Tue, 27 Sep 2005 11:26:08 -0400, Bill [EMAIL PROTECTED] wrote:
On Tue, 27 Sep 2005 03:04:19 -0700
J.C. Roberts [EMAIL PROTECTED] wrote:
On Mon, 26 Sep 2005 16:37:48 -0600, Theo de Raadt
[EMAIL PROTECTED] wrote:
Every release, more people download OpenBSD and fewer people buy
Hi All,
Anyone here using one of the Supermicro AMD 8131-based
motherboards on their OBSD system? If these are
unsuitable for OpenBSD, then what AMD64 or Opteron
motherboards are the current cream of the crop that do
work well with OpenBSD?
Thanks in advance,
Mike
I believe you have to use rpm2cpio blah.rpm | cpio -iv
because there is no real rpm d/b on OpenBSD
On 9/27/05, Zeigler White II [EMAIL PROTECTED] wrote:
I successfully added the redhat_ base package, but now I'm having a problem
using the rpm command. I am trying to rpm the file jdk-1_5_0_05-
There is uneeded duplication in your setup. If all your box is doing is
acting as a firewall, then you're modifying the states twice with modulate
state. The primary use of modulate state is to re-generate the sequence
numbers to protect weak hosts behind your firewall. You don't (or
shouldn't)
Hi all,
I installed OpenBSD 3.7 via cd37.iso and HTTP. Now I want to build a new
release. I checked out the source code via 'cvs co -P -rOPENBSD_3_7
src'. Then I did what is written in 'man release'. (Build a new kernel
etc.) But when I do a 'make build' it fails with
===
I totally love the idea but it's not a song. The skit was great but I was
really hoping to blast some music everything I got a error from my raid
array because of this problem. It should be a good punk rock song! How about
God Save the RAID?
God save the RAID her fascist regime
Share the
On Tuesday, September 27, =?ISO-8859-15?Q?J=F6rg_Horchler?= wrote:
I installed OpenBSD 3.7 via cd37.iso and HTTP. Now I want to build a new
release. I checked out the source code via 'cvs co -P -rOPENBSD_3_7
src'. Then I did what is written in 'man release'. (Build a new kernel
etc.) But
Just revived an aging laptop (details at end) for occasional use as a
logging/filtering bridge. Went through the brconfig man page once I had
two NICs in the box. man brconfig has in its Examples section (in both
3.7 and Current) the encouraging text
Create a bridge pseudo network
On Tue, 2005-09-27 at 12:48 -0700, John Brahy wrote:
I totally love the idea but it's not a song. The skit was great but I was
really hoping to blast some music everything I got a error from my raid
array because of this problem. It should be a good punk rock song! How about
God Save the
On Tue, Sep 27, 2005 at 12:48:08PM -0700, John Brahy wrote:
[...] It should be a good punk rock song!
So write a song for the next release.
How about
[...]
God Save the RAID?
$ man -k god
god: nothing appropriate
(SCNR)
Ciao,
Kili
Argghh my musical brains!!!
tap tap tap tap. cat ~/nfs/nowplaying
NP: John Williams - Raiders Of The Lost Ark - 01 - The Raiders March.mp3
Oooff...
# Han
Matthias Kilian wrote:
John Brahy wrote:
[...] It should be a good punk rock song!
So write a song for the next release.
How about
[...]
God Save the RAID?
$ man -k god
god: nothing appropriate
(SCNR)
Heh, you don't know `God save the queen' from the sex pistols :-)
# Han
Hello,
Some of my clients are searching online for a reputable source for
information on HTML coding/programming. My job is to find one place to work
with. I'd like to discuss an arrangement with you.
Please contact me at your earliest convenience. I will be in today
(Tuesday) from 8:00 AM PST
On 9/27/05, Magne J. Andreassen [EMAIL PROTECTED] wrote:
On Tue, 2005-09-27 at 12:48 -0700, John Brahy wrote:
I totally love the idea but it's not a song. The skit was great but I was
really hoping to blast some music everything I got a error from my raid
array because of this problem. It
On Mon, Sep 26, 2005 at 10:01:29PM -0800, Szechuan Death wrote:
Do not whine about your users not buying CDs if you're in the
business of writing free software, because nobody wants to hear
it
Free from restrictions, not monetary cost. Just because this makes it
easy for you to download and
On Tue, Sep 27, 2005 at 09:15:42PM +0100, Stefek Zaba wrote:
I leave it to the Relevant Authorities whether to classify this in one
of the three categories suggested in the Subject: line, or dispose of it
some other way. Those three possibilities, in order of increasing work, are
a)
On Tue, 27 Sep 2005 06:28:14 -0400
Jason Dixon [EMAIL PROTECTED] wrote:
Theo doesn't want or need your talk. The project needs users of
their code to help out by purchasing a CD, shirt, maybe even a
poster. Nag your buddy who you usually lend your CD to, or that
downloads via FTP,
Hello,
I have an OpenBSD 3.7 i386 installation on an external usb-enclosure.
I have some space left, and I would like to create an msdos partition
(to transfer files between windows and OpenBSD).
I have tried to create one using OpenBSD's fdisk; then I have
formatted the new partition in windows
I have an OpenBSD 3.7 i386 installation on an external usb-enclosure.
I have some space left, and I would like to create an msdos partition
(to transfer files between windows and OpenBSD).
I have tried to create one using OpenBSD's fdisk; then I have
formatted the new partition in windows
I use an intruder table within pf
table intruders file /etc/pf.intruders
Then in pf rules:
block drop in log-all from intruders to any
Then I run this script out of cron on a periodic basis (remove the echo
statements for cron use - I like to run it manually, too)
#!/usr/local/bin/bash
#
On Tue, 27 Sep 2005 23:01:10 +0200
Han Boetes [EMAIL PROTECTED] wrote:
Matthias Kilian wrote:
$ man -k god
god: nothing appropriate
Heh, you don't know `God save the queen' from the sex pistols :-)
I have the album if anyone wants it... #8, I'm bored of it, it's
very 80's UK punk.
I
On Tue, Sep 27, 2005 at 10:49:28PM +0100, ed wrote:
On Tue, 27 Sep 2005 23:01:10 +0200
Han Boetes [EMAIL PROTECTED] wrote:
Heh, you don't know `God save the queen' from the sex pistols :-)
I have the album if anyone wants it... #8, I'm bored of it, it's
very 80's UK punk.
Motorhead's
I find myself in the position sometimes when away from home having access
to only M$ machines with a base OS load only.
I don;t have telnet open on my home network, but i was considering opening
it up on the OpenbD firewall, and using some sort of one time password
scheme.
Would this be a sane
On Tuesday 27 September 2005 18.47, Mike wrote:
Hi All,
Anyone here using one of the Supermicro AMD 8131-based
motherboards on their OBSD system? If these are
unsuitable for OpenBSD, then what AMD64 or Opteron
motherboards are the current cream of the crop that do
work well with OpenBSD?
On Tue, Sep 27, 2005 at 09:22:51PM -0400, stan wrote:
I find myself in the position sometimes when away from home having access
to only M$ machines with a base OS load only.
Things I've learned from travel.
1. Carry a copy of putty on every form of media you can think of. I have one my
Why?. Why why why why why
If you're going to trust the untrusted machine anyway running a virus
run-time environment just google for putty, download and run it.
Having said that I'd never log in from crap like that. your risk of
getting nailed by a keylogger or
On 9/27/05, stan [EMAIL PROTECTED] wrote:
I find myself in the position sometimes when away from home having access
to only M$ machines with a base OS load only.
I don;t have telnet open on my home network, but i was considering opening
it up on the OpenbD firewall, and using some sort of one
Like S/Key?
(man skey) - I've not used it, but my understanding is its one time
passwords
But why not just load a business card cdrom or something with putty and
do ssh. Heck, put it up somewhere so you can download it.
On Tue, 27 Sep 2005 21:22:51 -0400
stan [EMAIL PROTECTED] spake:
I
Why?. Why why why why why
If you're going to trust the untrusted machine anyway running a virus
run-time environment just google for putty, download and run it.
I find myself in a similar situation shortly - I'm going to be
doing some vacationing in Europe, and will not be
stan wrote:
I find myself in the position sometimes when away from home having access
to only M$ machines with a base OS load only.
I don;t have telnet open on my home network, but i was considering opening
it up on the OpenbD firewall, and using some sort of one time password
scheme.
Would
That's a fine plan. OTP is kind of tricky to do though, so I
recommend you try it a few times before you accidentily lock
yourself out. Remember you don't have to disable password logins.
You just shouldn't do it from public terminals.
# Han
I don't like the idea of logging in from an unknown host, but I
might have to. I'd like to think the above plan is reasonable,
but as always, am open to criticism. :)
My criticism is as before:
have to - versus $99.00 laptop on ebay - if you can't
afford that you're either
On Tue, Sep 27, 2005 at 09:39:56PM -0500, C. Bensend wrote:
Why?. Why why why why why
If you're going to trust the untrusted machine anyway running a virus
run-time environment just google for putty, download and run it.
I find myself in a similar situation shortly - I'm
I don;t have telnet open on my home network, but i was considering opening
it up on the OpenbD firewall, and using some sort of one time password
scheme.
Webmin has a built-in java ssh client. I'd probably just use that.
It also has VNC that might let you get to your windows machines.
--Bryan
Have to - you keep using those words. I don't think it
means what you think it means.
Yes, I know what it means, just as you do. 98% of the time,
have to is want to or really want to. I'm using it
loosely. And in this situation, the networks I'm talking about
are my own, so the biggest
If you don't trust the endpoint, no amount of one time passwords, or
ssh will save you. You will get keylogged, or followed in, and owned.
it's that simple. Why mess around with gymnastics like s/key from an
untrusted host instead of solving the real threat to your security?
I was in a
On Tue, Sep 27, 2005 at 08:42:47AM -0500, Daniel A. Ramaley wrote:
On Monday 26 September 2005 20:10, you wrote:
Try this one out for size, I can vouch that it's super
http://www.lsilogic.com/products/megaraid/sata_150_4.html
Brandon
Is there an LSI SATA card that doesn't have RAID and works
Doing it any other way is totally stupid. Or you don't need security
and won't have it.
And anyone else here who suggested that you could use OTP to solve
this is totally clueless.
Obviously, I am missing something fundamental.
If I use an OTP to log into a remote system via an untrusted
Greetings,
I found out that sh(1) reads file in process of execution (instead of
read whole file and execute it from memory image), which makes
editing such scripts unreliable and/or dangerous. Is there any
existing ways to solve this problem ?
Is there sense to make sh(1) to read whole
If I use an OTP to log into a remote system via an untrusted host,
and I don't type any further passwords in, what exposure am I
presenting?
What exactly do you think untrusted means in the phrase untrusted
host?
Come on, THINK...
What exactly do you think untrusted means in the phrase untrusted
host?
That anything and everything will be captured and logged in plain
text. That's what _I_ consider untrusted. Everything including
the login credentials, but they're a one-time thing. Right? Is
that not the case?
What am
What exactly do you think untrusted means in the phrase untrusted
host?
That anything and everything will be captured and logged in plain
text. That's what _I_ consider untrusted. Everything including
the login credentials, but they're a one-time thing. Right? Is
that not the case?
I don;t have telnet open on my home network, but i was considering opening
it up on the OpenbD firewall, and using some sort of one time password
scheme.
Would this be a sane thing to do? and f so, where cold find some software
to support the one time password functionality?
Once you log
Theo de Raadt wrote:
You are trusting that the keylogger does not make the guy show up and
take over your one time password session.
I can't believe you couldn't see that.
Sounds pretty TheoRaadtical. :-)
# Han
87 matches
Mail list logo