SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)

Hi misc@, I looked through previous discussions on whether a SWAP partition should be inside or outside the RAID partition when making a crypto softraid. The only argument I stumbled into was that it should be outside because swap is encrypted anyhow and it would be unnecessary to double-encrypt

Re: Wondering if any of my hardware is working on -current

Chris, install -current on USB key and boot from it. Ve.

Is it me or is python playing games with OpenSSL?

https://www.openssl.org/docs/man1.0.2/crypto/X509_VERIFY_PARAM_set1_host.html They say they NEED this because they can delete a whole load of code that could have security bugs. Perhaps I am wrong but upon a quick glance, doesn't this just boil down to some simple ORing? How does this sit with

Re: considering a move to OpenBSD

On Thu, 8 Feb 2018 13:41:20 -0800 Charlie Eddy wrote: > hello misc, > > I am considering a move to OpenBSD Where from? > > However, a programmer who I know personally and respect considers > OpenBSD to be old-school, in a negative sense. He recommends Arch > Linux

Re: considering a move to OpenBSD

Hi Charlie, https://sivers.org/openbsd is another good site to view :) @Joren that is commitment the Tat :) Thanks Tom Smyth On 8 February 2018 at 22:12, Jeroen wrote: > Hi, > > OpenBSD has a clear and proactive stance when it comes to security, > while Arch does not. If

Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)

On Thu, February 8, 2018 1:49 pm, Tinker wrote: > Hi misc@, > > I looked through previous discussions on whether a SWAP partition > should be inside or outside the RAID partition when making a crypto > softraid. > > The only argument I stumbled into was that it should be outside because > swap is

Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)

Afaik swap is encrypted anyway on OpenBSD On 8 Feb 2018 6:52 PM, "Tinker" wrote: Hi misc@, I looked through previous discussions on whether a SWAP partition should be inside or outside the RAID partition when making a crypto softraid. The only argument I stumbled into was

Re: For a FFS on an SSD, which of "-o" nil, "sync" &/ "softdep" is more data-safe and fast?

Also use noatime mount option so whe reading files you are not updating access time On 8 Feb 2018 7:36 PM, "Tinker" wrote: > Hi! > > If I understand mount(8) (http://man.openbsd.org/mount) right, FFS > mounts have a metadata I/O mode and a data I/O mode. By default, >

considering a move to OpenBSD

hello misc, I am considering a move to OpenBSD, since I subscribed to this mailing list some time ago (~few months). I want to take advantage of security. However, a programmer who I know personally and respect considers OpenBSD to be old-school, in a negative sense. He recommends Arch Linux as

Re: considering a move to OpenBSD

If your programmer friend has any source code patches he would like to submit then I am sure the project would love to have them. On Thu, Feb 8, 2018 at 4:58 PM Charlie Eddy wrote: > hello misc, > > I am considering a move to OpenBSD, since I subscribed to this

Re: Kernel memory leaking on Intel CPUs?

>When it comes to Meltdown: >Does OpenBSD is going to release patches for 6.2? I don't see anything related >to Meltdown in errata, but maybe it is too early. I understand other OSes >received disclosed information about bug a few months earlier. amd64 snapshots contain a fix, which is undergoing

How to send a bug report with sendbug? What to configure to actually send the message?

Hello, I'm very new to the OpenBSD OS, I found a bug in the inteldrm driver and I want to send it with sendbug. Probably something needs to be configured to actually send out the message, because I sent the bug report, but it only landed in my local mailbox. The question is what should I

Re: considering a move to OpenBSD

Hi, OpenBSD has a clear and proactive stance when it comes to security, while Arch does not. If you want to stay atop of new developments, feel free to try -current. If you need a very stable environment, go with -stable. Don't expect to find that latter one in Arch, as it works with a rolling

Re: How to send a bug report with sendbug? What to configure to actually send the message?

Hi Zolt you can open the message on a command terminal ... copy and paste the message manually into a working email client, make sure the subject and email addresses are consistent I hope this helps ... Tom Smyth On 8 February 2018 at 21:37, Zsolt Kantor wrote: >

For a FFS on an SSD, which of "-o" nil, "sync" &/ "softdep" is more data-safe and fast?

Hi! If I understand mount(8) (http://man.openbsd.org/mount) right, FFS mounts have a metadata I/O mode and a data I/O mode. By default, metadata is accessed synchronously and data is accessed asynchronously. "-o sync" will force both to synchronous mode, and "-o softdep" would change the

Re: For a FFS on an SSD, which of "-o" nil, "sync" &/ "softdep" is more data-safe and fast?

Also use noatime mount option so whe reading files you are not updating access time Ie there would be writes to disk everytime u access a file if noatime is not set On 8 Feb 2018 7:36 PM, "Tinker" wrote: > Hi! > > If I understand mount(8)

Re: considering a move to OpenBSD

On Thu, 8 Feb 2018 13:41:20 -0800 > Does the difference boil down to one's > definition of free software, and then compliance with that definition? There is a huge difference. Arch is at the whim of Linux which is far behind even the Windows kernel in mitigations (which is far behind OpenBSD)

Re: considering a move to OpenBSD

On 8 Feb 2018 23:23, "Steve Litt" wrote: On Thu, 8 Feb 2018 13:41:20 -0800 Charlie Eddy wrote: > hello misc, > > I am considering a move to OpenBSD, since I subscribed to this > mailing list some time ago (~few months). I want to take

Signify option semantics

Hello all, I've been reading into the signify(1) program a little recently, and the manual page mentons the '-t' option, which is used to ensure the public key deduced from the signature comment "matches /etc/signify/*-keytype.pub", where 'keytype' is the argument given to '-t'. I'm not sure what

Re: considering a move to OpenBSD

Thanks Daniel. Definitely the correct answer. On Thu, Feb 8, 2018 at 4:07 PM, Daniel Bolgheroni wrote: > On Thu, Feb 08, 2018 at 09:41:20PM +, Charlie Eddy wrote: > > hello misc, > > > > I am considering a move to OpenBSD, since I subscribed to this mailing > list > >

Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)

Thanks kevin i missed the dump part... agree with disable dump on prod ..enable on dev On 8 Feb 2018 22:51, "Kevin Chadwick" wrote: > On Thu, 8 Feb 2018 19:39:39 + > > > > Afaik swap is encrypted anyway on OpenBSD > > It is with a random key which is actually more

Re: Signify option semantics

multiplex'd wrote: > Hello all, > > I've been reading into the signify(1) program a little recently, and the > manual page mentons the '-t' option, which is used to ensure the public > key deduced from the signature comment "matches /etc/signify/*-keytype.pub", > where 'keytype' is the argument

Re: considering a move to OpenBSD

On Thu, Feb 08, 2018 at 09:41:20PM +, Charlie Eddy wrote: > hello misc, > > I am considering a move to OpenBSD, since I subscribed to this mailing list > some time ago (~few months). I want to take advantage of security. > > However, a programmer who I know personally and respect considers

Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)

On Thu, 8 Feb 2018 19:39:39 + > Afaik swap is encrypted anyway on OpenBSD It is with a random key which is actually more secure than the softraid key. However to the OPS question relating to dumps. I believe the answer is that dumps are helpful and OpenBSD is a developer system primarily

Re: considering a move to OpenBSD

On Thu, 8 Feb 2018 13:41:20 -0800 Charlie Eddy wrote: > hello misc, > > I am considering a move to OpenBSD, since I subscribed to this > mailing list some time ago (~few months). I want to take advantage of > security. > > However, a programmer who I know personally

Re: How to send a bug report with sendbug? What to configure to actually send the message?

On Feb 8, 2018 4:26 PM, Tom Smyth wrote: > > Hi Zolt > > you can open the message on a command terminal ...  copy and paste > the message manually into a working email client, > make sure the subject and email addresses are consistent > > I hope this helps ... > Tom

Re: Wondering if any of my hardware is working on -current

Chris Bennett(chris...@bennettconstruction.us) on 2018.02.07 21:03:09 -0800: > Does any of my hardware work in -current? cd0 at scsibus1 targ 1 lun 0: ATAPI 5/cdrom removable your cd-rw drive probably works. > Lots of stuff fails in 6.2 stable. > WiFi and touchpad

OpenBSD IRQ sharing on ISA

I install OpenBSD on my Fastwell CPB905 Singleboard compter. IT have 4-RS-232 port on same IRQ, but on different address on isa bus. Then i setup only one port using configure command all ports work normally. But when i setup 2 of them in one boot configuration i get in dmesg: irq already in use.

Re: OpenBSD IRQ sharing on ISA

> I install OpenBSD on my Fastwell CPB905 Singleboard compter. IT have > 4-RS-232 port on same IRQ, but on different address on isa bus. Then i > setup only one port using configure command all ports work normally. But > when i setup 2 of them in one boot configuration i get in dmesg: irq >

Re: Wondering if any of my hardware is working on -current

On Wed, Feb 07, 2018 at 09:03:09PM -0800, Chris Bennett wrote: > OpenBSD 6.2 (GENERIC.MP) #2: Sun Dec 10 21:14:42 CET 2017 > > r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 3774021632 (3599MB) > avail mem = 3652612096 (3483MB) the ram will

Re: samba client

install package gvfs if X, to use with xfce or gnome... Le 08/02/2018 à 01:18, listo factor a écrit : > I have a need to mount existing samba shares on a linux box, > on the  openbsd 6.2 computer. There is no use for a samba server > on it, and I would prefer not to install one. What is the >

Re: OpenBSD IRQ sharing on ISA

On Thu, Feb 08, 2018 at 02:31:31PM +0500, ?? wrote: > I install OpenBSD on my Fastwell CPB905 Singleboard compter. IT have > 4-RS-232 port on same IRQ, but on different address on isa bus. Then i > setup only one port using configure command all ports work normally.

Re: How to send a bug report with sendbug? What to configure to actually send the message?

Thanks for the answer. On Friday, February 9, 2018 1:29 AM, "ed...@pettijohn-web.com" wrote: On Feb 8, 2018 4:26 PM, Tom Smyth wrote: > > Hi Zolt > > you can open the message on a command terminal ... copy and paste > the

Re: considering a move to OpenBSD

On Thu, Feb 08, 2018 at 01:41:20PM -0800, Charlie Eddy wrote: > hello misc, > Hi! > I am considering a move to OpenBSD, since I subscribed to this mailing list > some time ago (~few months). I want to take advantage of security. > Good, go ahead, all doors are open. > However, a programmer

Re: considering a move to OpenBSD

On 02/08/18 19:28, mazocomp wrote: On Thu, Feb 08, 2018 at 01:41:20PM -0800, Charlie Eddy wrote: hello misc, Hi! I am considering a move to OpenBSD, since I subscribed to this mailing list some time ago (~few months). I want to take advantage of security. Good, go ahead, all doors are

Re: How to send a bug report with sendbug? What to configure to actually send the message?

Yes, thanks for the hint. I thought about this. Actually in theory is more simple to use directly the sendbug command, but for that you need to configure a server (smtp I think). And I do not want to spend days now to learning how to do it. So I will do at the simple way, as you told me. Thanks

Re: Kernel memory leaking on Intel CPUs?

Intel provided stable microcode for Skylake mitigating Spectre variant 2. Current status https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf When it comes to Meltdown: Does OpenBSD is going to release patches for 6.2? I don't see anything related to

Re: OpenBSD IRQ sharing on ISA

On 02/08/18 04:31, Захаров Анатолий wrote: > I install OpenBSD on my Fastwell CPB905 Singleboard compter. IT have > 4-RS-232 port on same IRQ, but on different address on isa bus. Then i > setup only one port using configure command all ports work normally. But > when i setup 2 of them in one boot

Re: samba client

On Thu, Feb 08, 2018 at 11:33:01AM +, listo factor wrote: > On 02/08/2018 08:58 AM, Stephane HUC "CIOTBSD" wrote: > > install package gvfs if X, to use with xfce or gnome... > > Unfortunately, this is an "X-less", non-graphic "portal", > the only computer open to the world, and only via ssh,

Re: relayd(8) as a plain HTTP proxy?

On 2018-02-07, Grzegorz Kowalczyk wrote: > Hi, > > can relayd(8) be used as a plain HTTP proxy (no interception, no > filtering, SSL/TLS via the CONNECT method)? No. tinyproxy is probably the simplest existing thing that can do this.

syslogd loghost only - without unix socket & /dev/klog

Hi, I was speculating about another instance of syslogd, just as a log host services while having base syslogd running on same box. 1. -p /dev/null deletes /dev/null and replaces it with socket file with same name crw-rw-rw- 1 root wheel2, 2 Feb 8 13:25 /dev/null # syslogd -d -F -f

Re: OpenBSD IRQ sharing on ISA

> Then i setup only one port using configure command all ports work normally. I worked a lot with multiple RS-232 ports boards. They all had some hardware jumpers to configure the IRQ and Address for each port ( a lot of jumpers!). Maybe this option is integrated in your board BIOS, check it.

Re: samba client

On 02/08/2018 08:58 AM, Stephane HUC "CIOTBSD" wrote: install package gvfs if X, to use with xfce or gnome... Unfortunately, this is an "X-less", non-graphic "portal", the only computer open to the world, and only via ssh, on a LAN full of Linux and Windows computers that are samba servers.

Re: OpenBSD IRQ sharing on ISA

On Thu, Feb 8, 2018 at 1:02 PM, Mihai Popescu wrote: > > How did you manage to find and even install 3.8 ? > > To his defense, he didn't say he installed 3.8. Only what he found something in the 3.8 documentation.

Re: OpenBSD IRQ sharing on ISA

On Thu, Feb 8, 2018, at 7:02 AM, Mihai Popescu wrote: > > Then i setup only one port using configure command all ports work normally. > > I worked a lot with multiple RS-232 ports boards. They all had some > hardware jumpers to configure the IRQ and Address for each port ( a > lot of jumpers!).

Re: Wondering if any of my hardware is working on -current

On Wed, Feb 07, 2018 at 09:03:09PM -0800, Chris Bennett wrote: > Does any of my hardware work in -current? > > OpenBSD 6.2 (GENERIC.MP) #2: Sun Dec 10 21:14:42 CET 2017 > > r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > pckbc0 at isa0 port 0x60/5 irq 1 irq 12