On Wed, Sep 28, 2022 at 11:05:35AM +0300, Kapetanakis Giannis wrote:
> Hi,
>
> Looking for upgrading our firewall/router and thinking about switching
> from Xeon to EPYC (73F3 - 16C @ 3.5 GHz).
>
> Anyone running on EPYC? Any problems?
>
> Alternative would be something like dual Intel Xeon
On Fri, May 13, 2022 at 11:10:41PM +0200, n18fu...@tutanota.com wrote:
> Hi,
>
> I've set up an OpenBSD server on the Cloud, set up a Wireguard tunnel, and
> configured default route through that server. I've noticed that I can't
> access some websites: my browser was not able to complete TLS
On Wed, May 11, 2022 at 04:54:02PM +0100, james palmer wrote:
> i have a local dhcp server running which gives out three nameservers:
>
> - 192.168.0.2 (resolves some local machine names)
> - 9.9.9.9
> - 149.112.112.112
>
> on linux, android, and windows the local nameserver takes priority over
On Fri, Apr 01, 2022 at 03:45:13PM -0500, Luke Small wrote:
> So if it’s a potential vulnerability for the kernel to be linked the same
> without KARL (I presume because if the source code is known and ASLR and
> PIE can potentially be randomly overcome) then can there be a KARL type
> extension
On Thu, Mar 17, 2022 at 06:34:28PM -, Stuart Henderson wrote:
> On 2022-03-16, Marc Espie wrote:
> > On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote:
> >> Since Go has support for pledge and unveil, I was thinking about
> >> "imitating" the setup for httpd.
> >>
> >> I
On Thu, Mar 17, 2022 at 09:41:13PM +0100, i...@tutanota.com wrote:
> >> I assume go has bindings for setuid() and friends.
>
> > Go software doesn't usually like to do this because of some issue
> > with doing so on Linux that I don't _think_ apply to OpenBSD. And
> > they have the "allow binding
I recently installed Prosody after a few years hiatus from XMPP. Previously
I used ejabberd, but that was removed from ports. Given the ease of writing
modules in Lua generally, and Prosody specifically, I figured it would be
relatively simple to add pledge(2) and unveil(2) support.
On Mon, Sep 13, 2021 at 12:28:04PM +0200, Simon Hoffmann wrote:
> > do you have "lookup file bind" record in your /etc/resolv.conf file?
>
> This option is not available in the current debian version.
FWIW, the equivalent setting on glibc-based Linux systems would be the
`hosts` line in
On Sat, Jan 09, 2021 at 12:05:31AM -0800, William Ahern wrote:
> Interestingly, DragonflyBSD and FreeBSD already do it this way[3][4], yet I
> can confirm FreeBSD still has the problem. (DragonflyBSD has nearly
> identical code.) But that implementation duplicates the short-circu
On Fri, Jan 08, 2021 at 07:09:01PM -0800, Jordan Geoghegan wrote:
> Hey folks,
>
> I've noticed some surprising behaviour from cmp(1) when using the '-s'
> flag.
>
> It appears that cmp -s is ignoring the byte offset arguments I'm giving
> it.
> Not sure what to make of this, I noticed this
On Tue, Apr 21, 2020 at 02:01:10PM +0200, Otto Moerbeek wrote:
> On Tue, Apr 21, 2020 at 10:51:54AM +, Roderick wrote:
>
> >
> > Acording to the man page: "timegm() is a deprecated interface that
> > converts [...]"
> >
> > O.K., deprecated. And what is the alternative?
> >
> > Thanks for
On Thu, Apr 16, 2020 at 10:28:55AM +0200, Ben wrote:
> > AFAIU, ENOBUFS happens when the NIC transmit queue is full. Have you looked
> > at the interface statistics to see if there are many dropped packets? Try,
> > e.g.,
> >
> > $ netstat -ni
>
> NameMtu Network Address
On Wed, Apr 15, 2020 at 10:53:49PM +0200, Ben wrote:
> I have exactly one device - an Apple smartphone - within one of the
> subnets, that Unbound is not able to send "some" data. The log tells us
> "sendto failed: No buffer space available". Beside the error message,
> the device seems to work
On Thu, Jan 16, 2020 at 01:16:47PM +0100, Otto Moerbeek wrote:
> On Thu, Jan 16, 2020 at 11:20:10AM +, gritzmann wrote:
>
> > Hi,
> >
> > How do I change the birth time of a file? `touch -acm -d "1980-01-01
> > 00:00:00" myfile` changes only the access, modify and change times.
> >
> >
On Fri, Jan 10, 2020 at 03:58:16AM +, Joseph Mayer wrote:
> Maybe this topic is better suited for tech@, you tell:
>
> Is there some way I can implement PCI drivers in userland in OpenBSD?
In light of the other responses I think the best you could expect is PCI
passthrough to a virtual
On Fri, Dec 13, 2019 at 10:52:03PM +0100, Alexander Pluhar wrote:
>
> > Just upgraded my APU2 to the latest -current and it seems to hang on the
> > disk.
> > It was fine running on -current #512.
>
> I encountered this problem on 6.6 stable with the latest syspatches installed
> after
>
On Wed, Mar 13, 2019 at 06:53:43PM -0700, William Ahern wrote:
> The real issue here is that the EJBCA specification wasn't just a failure in
> language precision, but was and remains entirely ill considered on this
> score. If ASN.1 INTEGERs must now be 65 bits, it's a good bet
On Wed, Mar 13, 2019 at 11:32:50PM +0100, Ingo Schwarze wrote:
> Hi Tom,
>
> Tom Smyth wrote on Wed, Mar 13, 2019 at 08:32:20PM +:
>
> > Just saw the following article and i was wondering if libressl
> > Might be affected by the bug also
> > Top bit being set to 0 always making an effective
On Mon, Feb 25, 2019 at 03:44:10PM +, Michael Lam wrote:
> Hi,
>
> I have a very straight forward setup use case that I want to use my
> OpenBSD router as a VPN gateway, which will accept IKEv2 road warrior
> connections from the Internet and route all traffics through my
> router.
>
> I am
On Fri, Feb 08, 2019 at 12:02:50PM -0600, Mike Coddington wrote:
> Last night I screwed up my /tmp directory's permissions. I fixed it by
> looking at another machine's permissions and editing the directory with
> chmod(1). Is there a tool in OpenBSD which would work better than this?
> I'm
On Thu, Jan 24, 2019 at 04:55:50PM -0600, John Page wrote:
> This is my first attempt at a router. Liberally borrowing from tutorials
> and reading Absolute OpenBSD, 2nd Edition and Building Linux and OpenBSD
> Firewalls, I decided on installing OpenBSD 6.4 on a PC Engines apu4. I
> had previously
On Thu, Jan 17, 2019 at 10:41:37AM +, kolargol wrote:
> regarding TPM there were this patches:
>
> http://bsssd.sourceforge.net/download.html
>
> but looks like quite abandoned as diff dates back to OpenBSD 4.7, looks like
> lack of interest in TPM...
>
I'd love to use the TPM for private
On Sat, Dec 15, 2018 at 06:18:39PM -0600, Theodore Wynnychenko wrote:
> On the local gateway:
>
> 17:37:00.199269 (authentic,confidential): SPI 0x7b90f84c: 172.30.1.20.20692 >
> 172.30.6.201.443: S 3823001077:3823001077(0) win 16384 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 48604571
On Sun, Nov 04, 2018 at 02:49:44PM -0800, Misc User wrote:
> On 11/4/2018 2:25 PM, Mik J wrote:
> > Hello Peter,
> >
> > Thank you for this article.
> > Do you know why, and particularly Microsoft, use very random IPs to send
> > mails.
> > In that way, they make greylisting not as reliable as
On Wed, Oct 04, 2017 at 04:17:32PM +0800, Nan Xiao wrote:
> Hi all,
>
> I find the type of executable file format on OpenBSD is "DYN", not
> "EXEC":
> Is there any special consideration for it? Thanks very much in advance!
>
Because it was built as a position-independent executable (PIE). See
On Fri, Jan 17, 2014 at 11:32:41PM +, Miod Vallat wrote:
And it's not full emulator if it doesn't emulate the
bugs.
It's almost bedtime in Europe. Do you mind if I tell you a bedtime
story?
Years ago, a (back then) successful company selling high-end Unix-based
On Fri, Jan 17, 2014 at 07:33:01PM -0700, Theo de Raadt wrote:
You may argue that, since the kernel has a workaround for this issue,
this is a moot point. But if some developer has a better idea for the
kernel heuristic, how can the new code be tested, if not on the real
hardware?
On Fri, Jan 17, 2014 at 08:38:05PM -0700, Theo de Raadt wrote:
I do use emulators, specifically for ARM, because it's just easier for me.
And one of my co-workers is a contributor to the Hercules emulator.
Then you know it is not sufficient for our needs, yet we keep getting
the same
On Tue, Oct 29, 2013 at 02:06:48PM -0400, Gabriel Guzman wrote:
On 10/29, Theo de Raadt wrote:
snip
The /dev/*random nodes are not specified in any standard, furthermore
once you get into chroot all bets are off (like you discovered).
This allows the program to work, but I'm wondering if
TL;DR http://25thandclement.com/~william/YubiKey_NEO.html
This is slightly off-topic, but perhaps some people on this list would be
interested in this.
I've been waiting over a decade, and tonight I've finally found the
smartcard promise land. By gods, I'll never have to d*ck around with OpenSC
On Sun, Sep 15, 2013 at 01:08:05AM +0200, Martin Schröder wrote:
2013/9/15 Jeffrey Walton noloa...@gmail.com:
I wanted to add myself to the sudo group.
man sudo
man visudo
man adduser
man group
Are any of those directly useful for adding a group to a user's
supplementary groups? I'd
On Sat, Sep 14, 2013 at 07:42:46PM -0400, Jeffrey Walton wrote:
snip
And 'usermod -G sudo jwalton' does not work, either. It errors with
Can't append group sudo for user jwalton.
This stuff really should not be this hard...
I'm going to go out on a limb here and guess that you really want
On Fri, Aug 09, 2013 at 06:50:19PM -0500, Francisco Valladolid H. wrote:
On Fri, Aug 9, 2013 at 5:22 PM, Hermes Ojeda Ruiz hermes@gmail.com
wrote:
I've used the Soekris brand. http://soekris.com/, but they are a little
expensive. (In M?xico taxes are a big problem).
Yes, taxes and
On Thu, May 30, 2013 at 03:26:07PM +0200, Xianwen Chen wrote:
Hi folks,
I like the versioning feature in Google Docs a lot. There I can review
past revisions of a document, which were generated automatically. In
LibreOffice Writer, such a feature can be improvised if I change the
user name
On Wed, May 15, 2013 at 01:52:45PM +0200, Peter J. Philipp wrote:
On 05/15/13 13:41, Jérémie Courrèges-Anglas wrote:
Doesn't kqueue() fit your needs?
Thank you for your reply,
I've never used kqueue before, does this only report events on
descriptors that have been opened?
Yes, but
On Mon, Jan 07, 2013 at 12:53:01PM +1000, David Diggles wrote:
Maybe the following will help.
See Tuning for More
http://wiki.squid-cache.org/BestOsForSquid
I use mount options: noatime and async.
I don't use softdep for squid cache either.
that is not good policy. you
On Thu, Dec 20, 2012 at 03:53:44AM -0500, Jean-Philippe Ouellet wrote:
Hello,
I'm trying to learn about writing high performance servers, and I have a
few questions not clearly answered by any documentation I can find. I'm
comfortable with select(), poll(), and kqueue(), but that only goes
On Tue, Nov 27, 2012 at 04:13:47PM -0200, Friedrich Locke wrote:
Hi folks,
i have seen, some minutes ago, a message about cloud with BSD!
I have seen announcements on cloud computing every where. What is the
difference between a BSD cloud and a linux cloud ? A windows cloud and a
linux
On Sat, Nov 10, 2012 at 09:47:58PM +0100, rustyBSD wrote:
Hi,
is there a wayto useauth_userokay()without setgid
to auth ?
snip
So it seems that I have to setgid to auth, and my binary
must be setuid.
Am I wrong ? Is there a way of authenticatingwithout being
setuid ?
There's also
On Thu, Nov 08, 2012 at 08:08:05PM +0200, Dan Shechter wrote:
For unrelated reasons, I can't directly receive the TCP stream.
I must copy the TCP data from a running stream to another server. I
can use tap or just port-mirroring on the switch. So I can't use any
network stack or leverage any
On Thu, Nov 01, 2012 at 08:11:26AM +, Jamie Paul Griffin wrote:
/ Tyler Morgan wrote on Wed 31.Oct'12 at 20:04:11 -0700 /
Don't do it! Seriously, the upgrade process is easy, and is worth
becoming familiar with. At least give it a shot since you're
planning on reinstalling anyway. I
From /usr/src/lib/libc/gen/auth_subr.c. When using auth_userokay(3) I keep
getting the message dup of backchannel: Bad file descriptor. Yet, I'm
puzzled how the condition could even occur (the last line is the only place
this message exists in the entire source tree):
if
I've just released the first version of mod_auth_bsd which supports
authentication of system accounts from a chrooted Apache. You can download
version 0.8.0 of mod_auth_bsd from
http://25thandclement.com/~william/projects/bsdauth.html
This release was supported by Barracuda Networks.
43 matches
Mail list logo