On Wed, Mar 04, 2015 at 01:22:55PM GMT, Ed Ahlsen-Girard wrote:
First method: mount all the slices in /tree and run a series of cp -R
as root. Files seemed to get there but something was not right with
permissions when I tried booting the new disk, so I dropped back and
did some research.
Hello,
---
Does LibreSSL supports RSA export-grade keys? - FREAK Attack
Apple's SecureTransport and OpenSSL -- have a bug in them. This bug causes
them to accept RSA export-grade keys *even when the client didn't
Peter Hessler phess...@theapt.org writes:
1) lynx has some amazingly insecure code
2) the installer installs a functional pkg.conf if you installed from
the network.
3) nethack is not in base
--
Manuel Giraud
I think that's a win.
What about PFS-only + HIGH ciphers?
On Wed, Mar 4, 2015 at 4:32 PM, Ted Unangst t...@tedunangst.com wrote:
someone wrote:
Does LibreSSL supports RSA export-grade keys? - FREAK Attack
Export ciphers were deleted from LibreSSL last summer.
On Wed, 4 Mar 2015, Raf Czlonka wrote:
In the same manual, however, it reads:
However, cp copies hard linked files as separate files. To
preserve hard links, use a utility such as pax(1) or tar(1)
instead.
So using 'cp' to, effectively, mirror the disk, is not the best of
Ed Ahlsen-Girard eagir...@cox.net writes:
I decided to upgrade the internal drive, so I hooked up the new on on
the CD's usual SATA channel and installed, having adjust the disklabel
more to suit me (the auto partition of /usr left it really tight on
space, and home was not big enough).
1) lynx has some amazingly insecure code
2) the installer installs a functional pkg.conf if you installed from
the network.
On 2015 Mar 04 (Wed) at 10:11:17 -0500 (-0500), Bob Eby wrote:
:Lynx is gone. Wow just wow, I'm stupefied by just how much you guys have
:removed from base.
:
:The least
On Wed, Mar 04, 2015 at 03:22:45PM GMT, L. V. Lammert wrote:
rsync -avH will copy hard linked files, .. and is a much better option
- especially if using a network connection [e.g. to the backup disk
mounted on another machine].
Hi Lee,
I was meant to mention it but given the issues the OP
I think that's a win.
What about PFS-only + HIGH ciphers?
What about interoperability? It is too early to restrict LibreSSL to
PFS ciphersuites, alas.
Miod
On Wed, Mar 04, 2015 at 05:06:57PM +0200, Lars Nooden wrote:
The only other strange symptom is that the machine locks up hard every
week or two requiring a powercycle or hardware reset to restart. I can
find nothing in the logs anywhere near the time of the lock ups. The main
board runs
Marc Espie said:
I believe this is reported when $PKG_TMPDIR isn't writable.
Definitely looks like somebody had fun with his /var/tmp - /tmp change... :p
Not me. I didn't even touch either directory neither before nor after
the breakage.
--
Dmitrij D. Czarkoff
On Mar 04 07:22:55, eagir...@cox.net wrote:
I decided to upgrade the internal drive, so I hooked up the new on on
the CD's usual SATA channel and installed, having adjust the disklabel
more to suit me (the auto partition of /usr left it really tight on
space, and home was not big enough).
On Wed, Mar 04, 2015 at 04:49:06PM +0100, Manuel Giraud wrote:
Peter Hessler phess...@theapt.org writes:
1) lynx has some amazingly insecure code
2) the installer installs a functional pkg.conf if you installed from
the network.
3) nethack is not in base
At least parts of nethack is
On Mar 04 17:57:22, czark...@gmail.com wrote:
Jan Stary said:
http://www.openbsd.org/faq/faq6.html#Wireless
lists the supported wireles chipsets, marking with NFF
those that need the non-free firmware to be downloaded.
It does not mark iwn(4) as such,
It should.
--- faq6.html.orig
Hello again
On 27/02/15(Fri) 11:40, patrick keshishian wrote:
I can confirm this change alone causes no adverse, observable
change on my x120e's touchpad.
Could you guys confirm that the last fix from Ulf also fixes your issue?
https://marc.info/?l=openbsd-techm=142513927519879w=2
Thanks,
I decided to upgrade the internal drive, so I hooked up the new on on
the CD's usual SATA channel and installed, having adjust the disklabel
more to suit me (the auto partition of /usr left it really tight on
space, and home was not big enough).
First method: mount all the slices in /tree
Jan Stary said:
http://www.openbsd.org/faq/faq6.html#Wireless
lists the supported wireles chipsets, marking with NFF
those that need the non-free firmware to be downloaded.
It does not mark iwn(4) as such,
It should.
--
Dmitrij D. Czarkoff
Sometimes you have to break things to make it better
On Wed, Mar 4, 2015 at 5:13 PM, Miod Vallat m...@online.fr wrote:
I think that's a win.
What about PFS-only + HIGH ciphers?
What about interoperability? It is too early to restrict LibreSSL to
PFS ciphersuites, alas.
Miod
interoperable - you mean there are still softwares that really count and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
On Wed, Mar 4, 2015 at 7:27 PM, Miod Vallat m...@online.fr wrote:
Sometimes you have to break things to make it better
Yes, and getting people to
Its not in my pay grade to offer a technical opinion on Lynx removal!
But ,,WHAT r u folks using instead, considering??
thanks OpenBSD
On 04-03-2015 15:48, Jeff St. George wrote:
Its not in my pay grade to offer a technical opinion on Lynx removal!
But ,,WHAT r u folks using instead, considering??
Well, for the task the OP mentioned, finding a mirror for pkg_add, you
could do plenty of things to accomplish that.
On Wed, Mar 04, 2015 at 06:47:38PM GMT, sven falempin wrote:
# i did play around with the file resolv.conf
# cat /etc/resolv.conf
lookup file
nameserver 127.0.0.1
nameserver 8.8.8.8
# because i dont get it i even did that
# cat /etc/resolv.conf.tail
nameserver 8.8.8.8
This is due to the
On 2015-03-04, Giancarlo Razzolini wrote:
curling the mirrors page is another.
This was my first thought. I don't think this is out of anyone's league if they
are already choosing to install OpenBSD.
On Thu, 5 Mar 2015, at 07:37 AM, someone wrote:
interoperable - you mean there are still softwares that really count
and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
On Wed, Mar 4, 2015 at 7:27 PM, Miod Vallat m...@online.fr wrote:
Sometimes you have to break
On 3/4/15, Martin Pieuchot mpieuc...@nolizard.org wrote:
On 04/03/15(Wed) 10:49, patrick keshishian wrote:
On 3/4/15, Martin Pieuchot mpieuc...@nolizard.org wrote:
Hello again
On 27/02/15(Fri) 11:40, patrick keshishian wrote:
I can confirm this change alone causes no adverse,
On Wed, Mar 04, 2015 at 06:54:20PM GMT, L. V. Lammert wrote:
Raf,
Lee,
No issue there, .. but rsync is much better than anything IN base for
file synchronization (cross-filesystem, works over ssh [et al], properly
handles permissions and hardlinks, . ). If there is an
On Wed, Mar 04, 2015 at 07:15:58PM GMT, sven falempin wrote:
YES,
lookup file bind,
(but i did delete the line completly and it wasnt working.)
Hmmm... then the behaviour you describe seems to both contradict my own
experience (double-checked a second ago) as well as the 'resolv.conf(5)'
# i did play around with the file resolv.conf
# cat /etc/resolv.conf
lookup file
nameserver 127.0.0.1
nameserver 8.8.8.8
# because i dont get it i even did that
# cat /etc/resolv.conf.tail
nameserver 8.8.8.8
[0]-[router]-[~]
# host google.ca
google.ca has address 173.194.45.47
google.ca has
Sometimes you have to break things to make it better
Yes, and getting people to stop using LibreSSL because it suddenly is
not interoperable with anything would surely help a lot.
Instead, we are trying to get developers to try and use LibreSSL
provided libtsl, which defaults to sane, strong
On 3/4/15, Martin Pieuchot mpieuc...@nolizard.org wrote:
Hello again
On 27/02/15(Fri) 11:40, patrick keshishian wrote:
I can confirm this change alone causes no adverse, observable
change on my x120e's touchpad.
Could you guys confirm that the last fix from Ulf also fixes your issue?
On 04/03/15(Wed) 10:49, patrick keshishian wrote:
On 3/4/15, Martin Pieuchot mpieuc...@nolizard.org wrote:
Hello again
On 27/02/15(Fri) 11:40, patrick keshishian wrote:
I can confirm this change alone causes no adverse, observable
change on my x120e's touchpad.
Could you guys
On Wed, 4 Mar 2015, Raf Czlonka wrote:
Hi Lee,
I was meant to mention it but given the issues the OP had with (seemingly)
simple 'tar' syntax, I did not want to get into explaining yet another
tool (i.e. trailing slash, etc.). Besides, it's not in base.
Regards,
Raf
Raf,
No issue
On 4 March 2015, Manuel Giraud man...@ledu-giraud.fr wrote:
Ed Ahlsen-Girard eagir...@cox.net writes:
I decided to upgrade the internal drive, so I hooked up the new on on
the CD's usual SATA channel and installed, having adjust the disklabel
more to suit me (the auto partition of /usr
On Wed, Mar 4, 2015 at 2:15 PM, L.R. D.S. arrowscr...@mail.com wrote:
1) lynx has some amazingly insecure code
So, remove Xombrero from base too, he segfault everytime
and is much more insecure due to ECMAscript engine of WebKit.
curl
Please guys, a browser is different from a http/ftp
L.R. D.S. wrote:
So, remove Xombrero from base too, he segfault everytime
Done!
On 03/04/2015 01:16 PM, Nils Reuße wrote:
On 04.03.2015 02:39, Jason Adams wrote:
Somewhere along the road of moving from 5.5 to 5.6 (i386) my performance in
X has really taken a hit
when dragging windows around. The window trails the pointer by several
inches. X performance used
to be
1) lynx has some amazingly insecure code
So, remove Xombrero from base too, he segfault everytime
and is much more insecure due to ECMAscript engine of WebKit.
curl
Please guys, a browser is different from a http/ftp downloader. A
browser have HTML parser, and funcionality's for you... ahm...
On 04.03.2015 02:39, Jason Adams wrote:
Somewhere along the road of moving from 5.5 to 5.6 (i386) my performance in X
has really taken a hit
when dragging windows around. The window trails the pointer by several inches.
X performance used
to be surprisingly good on 5.5.
I note the following
someone wrote:
Does LibreSSL supports RSA export-grade keys? - FREAK Attack
Export ciphers were deleted from LibreSSL last summer.
They are just using what the softwares provide.
https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
This guy scanned Alexa's list of top 1,000,000 websites. At janvier 11
2014. 45% of them had TLS support.
1.23% of websites only accept 3DES, and 1.56% of websites only accept RC4.
PFS
interoperable - you mean there are still softwares that really count and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
There are still idiots top-posting, why wouldn't there be idiots
misconfiguring TLS servers or not giving a damn?
Miod
On Wed, Mar 4, 2015 at 2:11 PM, Raf Czlonka rczlo...@gmail.com wrote:
On Wed, Mar 04, 2015 at 06:47:38PM GMT, sven falempin wrote:
# i did play around with the file resolv.conf
# cat /etc/resolv.conf
lookup file
nameserver 127.0.0.1
nameserver 8.8.8.8
# because i dont get it i even
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On
Behalf Of Bob Eby
Sent: Wednesday, March 04, 2015 10:11 AM
To: misc@openbsd.org
Subject: lynx is gone?
Lynx is gone. Wow just wow, I'm stupefied by just how much you guys have
removed from base.
On Wed, Mar 4, 2015 at 1:48 PM, Jeff St. George f...@speednet.com wrote:
Its not in my pay grade to offer a technical opinion on Lynx removal!
But ,,WHAT r u folks using instead, considering??
typically when I am setting up a server I have a laptop with me. the
laptop will either
Hi,
Updating the situation, I already used -stable, and I am using now
-current, and still the problem.
I tried some browsers like (firefox, midori and chromium), and they get
really slow when I am watching a html5 video, and it freezes all the
time if the video is in HD.
Here is almost all the
On 03/04/2015 04:34 AM, Jonathan Gray wrote:
On Tue, Mar 03, 2015 at 05:39:51PM -0800, Jason Adams wrote:
Somewhere along the road of moving from 5.5 to 5.6 (i386) my performance in
X has really taken a hit
when dragging windows around. The window trails the pointer by several
inches. X
So, remove Xombrero from base too, he segfault everytime
Done!
Hey, wait! The plan was to improve browsers, wasn't it?
That's not the same thing as deleting them, you know!
Then again, if we set the firefox to keep the tedu (err... or
was it the other way round...?) we need not be surpised
This sounds like:
As with a knife one could cut throats, let's start eating only with the
fork. Oh, btw, but also the fork could poke, so let's use just the spoon.
Using netcat or ftp to browse the web/intranet/localhost in the 3rd
millennium is like eating a steak with a spoon.
It's the same
Get done! I forgot the http header Content-Type'.
2015-03-04 22:26 GMT-03:00 Antonio Feitosa antonio@gmail.com:
HI I made the correct configuration to run bgplg script, but somehow I
can't run ksh script. I already made the copy of /bin/ksh to
/var/www/bin/sh and fix the permission of
On Wed, Mar 04, 2015 at 02:12:09PM -0800, Jason Adams wrote:
On 03/04/2015 04:34 AM, Jonathan Gray wrote:
On Tue, Mar 03, 2015 at 05:39:51PM -0800, Jason Adams wrote:
Somewhere along the road of moving from 5.5 to 5.6 (i386) my performance
in X has really taken a hit
when dragging
On Thu, 5 Mar 2015, at 07:37 AM, someone wrote:
interoperable - you mean there are still softwares that really count
and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
On Wed, Mar 4, 2015 at 7:27 PM, Miod Vallat m...@online.fr wrote:
Sometimes you have to break
interoperable - you mean there are still softwares that really count and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
Look, stop being a child. There are plenty of discussions about this
topic in many places.
HI I made the correct configuration to run bgplg script, but somehow I
can't run ksh script. I already made the copy of /bin/ksh to
/var/www/bin/sh and fix the permission of script file. The web page
appears blank, with no data, but bgplg works.
Somebody knows how to fix that?
Regards,
--
Hi,
My goal was to make cvs (in base) to show a template (with files
commiting) in editor when cvs commit is executed. E.g.:
Modified files: program.c program.h
Fix: __fill this up__
Comments: __fill this up__
Where program.c program.h is auto filled in (by cvs hooks?). The
reason for this is
On 05.03.2015 08:14, Nils Reuße wrote:
On 04.03.2015 22:42, Jason Adams wrote:
On 03/04/2015 01:16 PM, Nils Reuße wrote:
On 04.03.2015 02:39, Jason Adams wrote:
Somewhere along the road of moving from 5.5 to 5.6 (i386) my performance in X
has really taken a hit
when dragging windows around.
On 04.03.2015 22:42, Jason Adams wrote:
On 03/04/2015 01:16 PM, Nils ReuÃe wrote:
On 04.03.2015 02:39, Jason Adams wrote:
Somewhere along the road of moving from 5.5 to 5.6 (i386) my performance in
X has really taken a hit
when dragging windows around. The window trails the pointer by
On Mar 04 09:19:42, phess...@theapt.org wrote:
And when you run fw_update, does it fetch the correct firmware?
iwn-firmware-5.11p1 is what fw_update fetched.
Isn't it the correct one?
On 2015 Mar 04 (Wed) at 08:26:16 +0100 (+0100), Jan Stary wrote:
And when you run fw_update, does it fetch the correct firmware?
On 2015 Mar 04 (Wed) at 08:26:16 +0100 (+0100), Jan Stary wrote:
:http://www.openbsd.org/faq/faq6.html#Wireless
:lists the supported wireles chipsets, marking with NFF
:those that need the non-free firmware to be downloaded.
:
:It
On 2015-03-01, Felipe Scarel fbsca...@gmail.com wrote:
Now loading the phishing/domains URL list, which has about ~63k
entries. relayd's parent process ballons to over 2GB memory usage
(I'm assuming it's reading the URL lists and building a data structure
for the relays),
Yes, it's building a
On Tue, Mar 03, 2015 at 06:21:52PM -0500, Bob Eby wrote:
I'm trying to connect to a wireless network using OpenBSD 5.6. I see a
couple FAQ questions talking about a wpa-psk command to convert plaintext
to encrypted string, but still getting secure wireless working is about as
clear as mud.
On 2015-03-03, someone thisistheone8...@gmail.com wrote:
Wow, copying the .Xauthority to the separated user worked!
But I'm still thinking that the separated user can give out the command:
xinput test 6
and can see what anyone types in via X.
See xauth(1) about generating an untrusted auth
On Tue, Mar 03, 2015 at 09:20:00AM -0500, Ted Unangst wrote:
Peter N. M. Hansteen wrote:
On Tue, Mar 03, 2015 at 12:56:44PM +0100, Adam Wolk wrote:
I just updated to the March 1 (i386) snapshot and now I'm in process of
doing a 'pkg_add -uiv' so far no issues on my side (packages are
On Tue, Mar 03, 2015 at 01:17:33PM -0800, Philip Guenther wrote:
On Tue, Mar 3, 2015 at 3:35 AM, Dmitrij D. Czarkoff czark...@gmail.com
wrote:
I've updated to March 1 snapshot, and after sysmerge tried to update
packages. What I got was:
: $ sudo pkg_add -u
: Use of uninitialized
Thanks for all the useful comments :)
On Wed, Mar 4, 2015 at 12:33 PM, Jiri B ji...@devio.us wrote:
On Tue, Mar 03, 2015 at 08:16:11PM +0100, someone wrote:
If X security is so bad, how can one run a GUI app, ex.: Firefox without
it? Using framebuffer? How can then someone use a GUI
* Libertas liber...@mykolab.com [2015-01-02 06:25]:
I've tuned PF parameters in the past, but it doesn't seem to be the
issue. My current pfctl and netstat -m outputs suggest that there are
more than enough available resources and no reported failures.
just a sidenote, it is safe to bump the
On Tue, Mar 03, 2015 at 08:16:11PM +0100, someone wrote:
If X security is so bad, how can one run a GUI app, ex.: Firefox without
it? Using framebuffer? How can then someone use a GUI password manager to
copy the pwd to the Firefox in the fb?
google doesn't gives too many answers, to be more
Thanks for clarifying!
On Tue, Mar 3, 2015 at 9:33 PM, Nick Holland n...@holland-consulting.net
wrote:
On 03/03/15 10:55, Thisis theone wrote:
Hello,
Do you expect to run the X Window System? [yes] no
Do you want the X Window System to be started by xdm(1)? [no] no
Isn't this a
On Wed, Mar 4, 2015 at 6:29 AM, Stuart Henderson s...@spacehopper.org wrote:
On 2015-03-01, Felipe Scarel fbsca...@gmail.com wrote:
Now loading the phishing/domains URL list, which has about ~63k
entries. relayd's parent process ballons to over 2GB memory usage
(I'm assuming it's reading the
The OpenBSD Foundation is pleased to announce that we have been
accepted as a mentoring organization for Google Summer of Code 2015.
As such if you are a student who qualifies to apply for GSOC, you will
be able to find us in Google's Summer of Code Application process.For
details on the
On Wed, Mar 04, 2015 at 07:39:05AM -0500 or thereabouts, Bob Eby wrote:
I had tried this link:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/hostname.if.5?query=hostname.ifsec=5
Which seemed to say this would work:
nwid mynwid
wpakey mywpakey
dhcp
which doesn't work,
I had tried this link:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/hostname.if.5?query=hostname.ifsec=5
Which seemed to say this would work:
nwid mynwid
wpakey mywpakey
dhcp
which doesn't work, what is up, unwiredbsd, rtsol etc?
Thanks,
Bob
I decided to upgrade the internal drive, so I hooked up the new on on
the CD's usual SATA channel and installed, having adjust the disklabel
more to suit me (the auto partition of /usr left it really tight on
space, and home was not big enough).
First method: mount all the slices in /tree and run
Hello,
I run OpenBSD 5.6 as gateway for wireless networks. Interfaces:
em0 - link to switch with Ubiquiti APs that provide 4 SSIDs
vlan 2 - 10.10.12.0/24, SSID Guests
vlan 3 - 10.10.13.0/24, SSID Devs
vlan 4 - 10.10.14.0/24, SSID VPNs
(The last SSID is Internal in internal_nw_2
On Tue, Mar 03, 2015 at 05:39:51PM -0800, Jason Adams wrote:
Somewhere along the road of moving from 5.5 to 5.6 (i386) my performance in X
has really taken a hit
when dragging windows around. The window trails the pointer by several
inches. X performance used
to be surprisingly good on
On 03/04/15 07:38, Bob Eby wrote:
I had tried this link:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/hostname.if.5?query=hostname.ifsec=5
Which seemed to say this would work:
nwid mynwid
wpakey mywpakey
dhcp
which doesn't work, what is up, unwiredbsd, rtsol etc?
You
On Wed, Mar 04, 2015 at 08:05:02AM -0500 or thereabouts, Nick Holland wrote:
On 03/04/15 07:38, Bob Eby wrote:
I had tried this link:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/hostname.if.5?query=hostname.ifsec=5
Which seemed to say this would work:
nwid mynwid
On Wed, 4 Mar 2015, Ed Ahlsen-Girard wrote:
I decided to upgrade the internal drive, so I hooked up the new on on
the CD's usual SATA channel and installed, having adjust the disklabel
more to suit me (the auto partition of /usr left it really tight on
space, and home was not big enough).
I have an old Soekris 5501 with a wireless (WL-RT2561-ST 802.11a/b/g) PCI
card, running a recent snapshot. I have slow wireless transfer rate and
sluggishness that went from being occasional to nearly 100% of the time.
Instead of 830kB/s or so from the net, I'm getting transfer rates of
Lynx is gone. Wow just wow, I'm stupefied by just how much you guys have
removed from base.
The least you could do is put something on afterboot useful to getting a
web browser up and running. Note: it's usually helpful to have a
web-browser to do things like oh, I don't know, find a suitable
79 matches
Mail list logo
