Re: high-end audio drivers [was: OSS audio drivers]

On Wed, Oct 24, 2007 at 12:55:39AM +0200, Jan Stary wrote: What is the relation of OpenBSD's audio drivers to the OSS project? What, if anything, does opensourcing (GPL, I know) their code mean for our audio drivers? In particular, does that mean (future) support for the high-end

Non-x86 (was: About Xen: maybe a reiterative question but ..)

Theo de Raadt wrote: x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. He probably meant psychological security, or job security. ... Then running your operating system on

Re: : Network Time Synchronization using timed or ntpd or a Combination?

There is one thing I really miss in OpenBSD's ntpd, and that is some way of asking the status. It need not be something like ntpq for standard ntpd. Sending it e.g SIGUSR1 so it would dump current servers, their status and ntpd's general status would be nice. When there is nothing for a while in

Re: About Xen: maybe a reiterative question but ..

* [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-10-24 03:03]: Virtualization seems to have a lot of security benefits seems? to whom? to people who never wrote a line of code and don't understand how things work? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services,

Re: max-src-conn-rate rule question

* Rob [EMAIL PROTECTED] [2007-10-24 00:05]: I'm not a pf newbie by any means, but I'm not really qualified to answer questions about it either. That said, I don't usually use an '=' sign in my pf rules, and the pf faq doesn't list that as one of the accepted operators for the port range well,

HW selection for openBSD based web/Multimedia server and NAS

Guys, I'm currently in-charge in assembling a generic multimedia server (like youtube) but in much more smaller scale. Before we invest on something big on server platform like ibm, sun, hp or dell, we're thinking of using intel or tyan serverboard. In this testing environment, we will

Re: Network Time Synchronization using timed or ntpd or a Combination?

* Boris Goldberg [EMAIL PROTECTED] [2007-10-23 18:15]: It's always better to don't run a demon if you don't have to. :) It's always better to not write a nonsense mail if you don't have to. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service

Re: Network Time Synchronization using timed or ntpd or a Combination?

* Martin Schrvder [EMAIL PROTECTED] [2007-10-24 00:51]: 2007/10/23, Darrin Chandler [EMAIL PROTECTED]: pool.ntp.org and score quite well. In fact, they compare favorably to servers running the more heavyweight ntp daemons. While we are talking about ntpd: Is there hope of an update of the

Re: Network Time Synchronization using timed or ntpd or a Combination?

* Clint Pachl [EMAIL PROTECTED] [2007-10-24 00:45]: Henning Brauer wrote: * Boris Goldberg [EMAIL PROTECTED] [2007-10-23 15:50]: CP One system would get time from the NTP pool and all other servers on CP the network would sync to the local server. You don't really need ntpd on

Re: MegaRAID SAS 8204ELP not working ?

From looking at the lsi site and the driver names it ships on these model controllers, it looks like these nics are really mpi(4) based with a driver that does software raid on top of it. Way to sully the MegaRAID name LSI... Anyway, I think you're going to have to move up from the value line of

Re: Performance problem with CF card on AMD CS5536 IDE

As I mentioned in my first mail, it appears to be an OpenBSD - specific problem. On the exact same hardware, I can measure a throuphput of about 10 MB/second when using FreeBSD. This matches more or less the CF specifications (PQI industrial Turbo Compact Flash Card). UDMA33 is used under

Re: : Network Time Synchronization using timed or ntpd or a Combination?

Raimo Niskanen [EMAIL PROTECTED] wrote: There is one thing I really miss in OpenBSD's ntpd, and that is some way of asking the status. It need not be something like ntpq for standard ntpd. Sending it e.g SIGUSR1 so it would dump current servers, their status and ntpd's general status would

Re: : : Network Time Synchronization using timed or ntpd or a Combination?

On Wed, Oct 24, 2007 at 09:43:56AM +, Christian Weisgerber wrote: Raimo Niskanen [EMAIL PROTECTED] wrote: There is one thing I really miss in OpenBSD's ntpd, and that is some way of asking the status. It need not be something like ntpq for standard ntpd. Sending it e.g SIGUSR1 so it

Re: LDAP users

On Wed, 24 Oct 2007 07:26:39 +0200, [EMAIL PROTECTED] wrote: Hi all. I want the OpenBSD system to see system users in LDAP. I know, that OpenBSD doesn't have anything, like nsswitch in other Unix. What can i do? First of all post to the right list. ;) This would fit better in the misc-list.

Re: gpio support on ALIX board

Martin Hedenfalk wrote: Hello list, Is anyone working on getting the gpio pins supported on the PCEngines ALIX boards? I'd like to be able to control the LEDs using gpioctl, just like on the WRAP. I am. - mb

Re: Network Time Synchronization using timed or ntpd or a Combination?

Boris Goldberg wrote: Hello Rogier, Tuesday, October 23, 2007, 9:01:32 AM, you wrote: RK On 10/23/07, Boris Goldberg [EMAIL PROTECTED] wrote: You don't really need ntpd on all systems. One (timeserver) runs ntpd, and others use rdate, called from cron (once a day is usually enough). RK

Re: LDAP users

Linus SwCFCB$las wrote: On Wed, 24 Oct 2007 07:26:39 +0200, [EMAIL PROTECTED] wrote: Hi all. I want the OpenBSD system to see system users in LDAP. I know, that OpenBSD doesn't have anything, like nsswitch in other Unix. What can i do? First of all post to the right list. ;) This would

Re: : : Network Time Synchronization using timed or ntpd or a Combination?

Raimo Niskanen [EMAIL PROTECTED] wrote: If you send -current ntpd SIGINFO, it will syslog its status. But not 4.2, right? Right. -- Christian naddy Weisgerber [EMAIL PROTECTED]

current and fluxbox

Hi, I made a fresh install of current some five days ago and when I tried to install fluxbox I get: # pkg_add fluxbox Can't install imlib2-1.4.0: lib not found png.6.0 Dependencies for imlib2-1.4.0 resolve to: png-1.2.18, bzip2-1.0.4, libid3tag-0.15.1bp0, jpeg-6bp3,

Re: current and fluxbox

On 2007/10/24 11:31, Pau Amaro-Seoane wrote: I have tried different ftp mirrors (even the master one) in these days but I get the same problem all the time. At the moment, you need to build your own from ports or wait a while. There have been some changed libraries recently and it will take a

Re: current and fluxbox

thanks for the answer! Pau 2007/10/24, Stuart Henderson [EMAIL PROTECTED]: On 2007/10/24 11:31, Pau Amaro-Seoane wrote: I have tried different ftp mirrors (even the master one) in these days but I get the same problem all the time. At the moment, you need to build your own from ports or

Re: max-src-conn-rate rule question

On 10/24/07, Henning Brauer [EMAIL PROTECTED] wrote: * Rob [EMAIL PROTECTED] [2007-10-24 00:05]: Note that I wouldn't use a flush global directive for a rule like this, because it can lead to a neat DoS where somebody can spoof one of your own IP addresses and shut down any ssh sessions you

ifstated(8) missing if state changes?

Hi list, it seems that ifstated(8) sometimes does not see all events and thus fails to change state. My setup consists of 2 boxes with 5 carp interfaces. CARP works fine, on box frw1 all are MASTER and on box frw2 all are in BACKUP state. When i bring down all carp interfaces on frw1, all get

System time 100% on Vmware Fusion

Hello, On Vmware Fusion (tested with Fusion 1.1 on a Core2duo imac), OpenBSD (-current) is very slow on anything that is not just a pure computation task. While compiling something, or while running MySQL, PgSQL, Apache or Sendmail, top always shows that the CPU spends 99% or 100% of its

Re: About Xen: maybe a reiterative question but ..

Dear sirs please: I will return to my original question. I just wondered if xen will be included into the OpenBSD's kernel to act as a para-virtualized DomU or not. Nothing more. I will not go into issues of the type is insecure or not. Theo, or somebody from developer team: Will be

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, carlopmart [EMAIL PROTECTED] wrote: Dear sirs please: I will return to my original question. I just wondered if xen will be included into the OpenBSD's kernel to act as a para-virtualized DomU or not. Nothing more. I will not go into issues of the type is insecure or not.

Re: About Xen: maybe a reiterative question but ..

Chris Kuethe wrote: On 10/24/07, carlopmart [EMAIL PROTECTED] wrote: Dear sirs please: I will return to my original question. I just wondered if xen will be included into the OpenBSD's kernel to act as a para-virtualized DomU or not. Nothing more. I will not go into issues of the type is

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Henning Brauer wrote: * [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-10-24 03:03]: Virtualization seems to have a lot of security benefits seems? to whom? Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic

Re: About Xen: maybe a reiterative question but ..

On Tue, Oct 23, 2007 at 08:35:39PM -0700, Ben Goren wrote: On 2007 Oct 23, at 5:57 PM, [EMAIL PROTECTED] wrote: Virtualization seems to have a lot of security benefits. ``Seems'' is the key word, here. On hardware like an IBM mainframe that can acutally support what's necessary for

Re: About Xen: maybe a reiterative question but ..

On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote: | On Wed, 24 Oct 2007, Henning Brauer wrote: | | * [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-10-24 03:03]: | Virtualization seems to have a lot of security benefits | | seems? | to whom? | | Virtualization provides near

Re: About Xen: maybe a reiterative question but ..

On Tuesday 23 October 2007 18:22:00 ropers wrote: Hi Christoph, Right now, on the OpenBSD misc mailing list, there is this discussion: http://www.sigmasoft.com/~openbsd/archives/html/openbsd-misc/2007-10/thread s.html#01149 about OpenBSD/Xen. We last spoke last year, when I put your BSDtalk

Re: About Xen: maybe a reiterative question but ..

On Wednesday 24 October 2007 16:14:19 Chris Kuethe wrote: On 10/24/07, carlopmart [EMAIL PROTECTED] wrote: Dear sirs please: I will return to my original question. I just wondered if xen will be included into the OpenBSD's kernel to act as a para-virtualized DomU or not. Nothing more. I

Re: About Xen: maybe a reiterative question but ..

* L. V. Lammert [EMAIL PROTECTED] [2007-10-24 16:46]: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls. The security comes about in that each DOMU is totally isolated from the the others, while the

Wake on LAN, tcpdump weirdness with two ethernet interfaces

I'm noticing some strangeness in conjunction with WOL(*), which seems not to be working and am not sure where the problem lies(**). The machine launching the packets has two interfaces, re0 and em0, with the receiving machine connected to re0. The machine does not wake up either using port 9 or

Re: About Xen: maybe a reiterative question but ..

On Wednesday 24 October 2007 17:25:25 Artur Grabowski wrote: Christoph Egger [EMAIL PROTECTED] writes: So I'm going to guess the answer is No, integrating xen paravirtualization is not a project priority at this time. Also, where are your diffs? The OpenBSD/Xen source is at

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, L. V. Lammert wrote: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls. The security comes about in that each DOMU is totally isolated from the the others, while the core DOM0 is

spamdb expire value gets default value instead of spamd_flag value (-G)

Hi, When testing greylisting with synchronizing we noticed the following strange behavior: Machine A (10.100.64.234) is the machine we receive mail through. Machine B (10.100.64.233) is synced through spamd Check out the expire value on machine A after the state have gone from Grey to White! It

Re: About Xen: maybe a reiterative question but ..

Christoph Egger wrote: On Wednesday 24 October 2007 17:25:25 Artur Grabowski wrote: Christoph Egger [EMAIL PROTECTED] writes: So I'm going to guess the answer is No, integrating xen paravirtualization is not a project priority at this time. Also, where are your diffs? The OpenBSD/Xen source

Re: Network Time Synchronization using timed or ntpd or a Combination?

Hello Clint, Tuesday, October 23, 2007, 5:36:15 PM, you wrote: CP From what I have read in this thread, it looks like only one guy CP prefers the old timed and rdate tools. A few are even telling him he is CP giving bad advice when promoting the usage of these tools. Henning CP mentioned that

Re: max-src-conn-rate rule question

David, I would take a look at adding synproxy to your rules before worrying about max-src-states. Synproxy will allow max-src-conn-rate to work more reliably. By default, pf(4) passes packets that are part of a tcp(4) handshake be- tween the endpoints. The synproxy state option can be used to

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Paul de Weerd [EMAIL PROTECTED] wrote: This is the theory. In theory, there's no bugs in OpenBSD. In practice, many of the commits to the tree are not new features/drivers but actual bugfixes. Read the paper by Tavis Ormandy, referenced by Theo. There is a real problem with

Re: About Xen: maybe a reiterative question but ..

In the scientific cluster computing and enterprise spaces, it's already well demonstrated, by many, many practitioners in those fields [3], that virtualization is a very, very good tool. So what? Someone showed up here and said it is actually all about security. That is obviously false to

Re: About Xen: maybe a reiterative question but ..

On Oct 24, 2007, at 10:59 AM, Theo de Raadt wrote: You don't build better security by building another gigantic layer. That is obvious to anyone who actually works in the field. Having worked in REAL VM :-) (IBM VM/ESA now z/VM) it isn't per se about security like we mean security ...

multimode fiber card recs for OpenBGPD

I have two servers that I would like to setup to run OpenBGPD for our border routers. I need to find a supported PCIe (not PCI-X) fiber card that runs multi-mode and a supported PCIe (not PCI-X) fiber card that runs single-mode. (One of our providers is coming to us with mm, the other with sm.)

Re: Network Time Synchronization using timed or ntpd or a Combination?

On Wed, Oct 24, 2007 at 10:47:45AM -0500, Boris Goldberg wrote: | May be it makes sense to set -ncv as a default behavior of rdate, but | there is should be a way to synchronize time without running a demon (don't | understand why are people so aggressive about that) if you don't need |

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Paul de Weerd wrote: On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote: | On Wed, 24 Oct 2007, Henning Brauer wrote: | | * [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-10-24 03:03]: | Virtualization seems to have a lot of security benefits | | seems? |

Re: About Xen: maybe a reiterative question but ..

Bottom-line is, the more complicated your setup gets, the more chances you get to fuck-up. All that stuff about extra permissions, extra layers. Each thingie you add you need to configure. And you won't be 100%, not all the time. So, Xen is just another opportunity to get fucked. Instead of

Re: About Xen: maybe a reiterative question but ..

At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert [EMAIL PROTECTED] [2007-10-24 16:46]: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls. The security comes about in that each DOMU

Re: About Xen: maybe a reiterative question but ..

I am just astounded by how some people who love virtualization keep making the same mistakes. Are you even listening? Practice also. XEN is a great tool for 'duplicating' a machine in an entererprise environment (IME running 'user level' tools for hundreds or thousands of users). Separating

Re: About Xen: maybe a reiterative question but ..

At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert [EMAIL PROTECTED] [2007-10-24 16:46]: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls. The security comes about in that

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Christoph Egger [EMAIL PROTECTED] wrote: - aio(2) support creaking along. - POSIX ptsname() (this is used in a python binding module) dunno. - newer gcc version due to a structure padding bug with an alignment attribute hidden in a typedef (this is fixed in gcc 3.4) I use

Question about 4.2 Package availability

I just wanted to confirm the following: If I've installed OpenBSD 4.2 and I need a specific package (in this case, net-smpd) which is not available on the CD, I must wait until 4.2 is officially released. Then I can get the packages I need from the ftp site.

Re: Network Time Synchronization using timed or ntpd or a Combination?

Boris Goldberg wrote: May be it makes sense to set -ncv as a default behavior of rdate, but there is should be a way to synchronize time without running a demon (don't understand why are people so aggressive about that) if you don't need up-to-second synchronization (in my case

Re: Question about 4.2 Package availability

Hi Joe, If I've installed OpenBSD 4.2 and I need a specific package (in this case, net-smpd) which is not available on the CD, I must wait until 4.2 is officially released. Then I can get the packages I need from the ftp site. Yes. (Or you build it from ports. Still, 4.2 is very much

pgt/Netgear WG511

I have, what appears to be, v1 of this card, but I get the following from dmesg--even when booting from the latest snapshot of cd42.iso: Intersil, ISL3890, -, - (manufacturer 0xb, product 0x3890) Intersil Prism GT/Duette rev 0x01 at cardbus1 dev 0 function 0 not configured I'm not certain

Re: About Xen: maybe a reiterative question but ..

At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: Anything we can do to increase security, *including* setting up VMs (of any flavor) is an improvement [that also increased hardware utilization]. This last sentence is such a lie. That depends on your viewpoint. There certainly may be

Re: HP ProLiant DL320 v. Sun Fire V125

Hello evo, Wednesday, October 24, 2007, 12:51:13 AM, you wrote: e I'm choosing firewall/proxy/mail-gateway hardware running (of course) e OpenBSD for medium office and my shortlist is: e (a) HP ProLiant DL320 and (b) Sun Fire V125 I'm upgrading my servers/firewalls to HP ProLiant DL320

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert wrote: At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert [EMAIL PROTECTED] [2007-10-24 16:46]: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls. The security comes

Re: About Xen: maybe a reiterative question but ..

At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: Anything we can do to increase security, *including* setting up VMs (of any flavor) is an improvement [that also increased hardware utilization]. This last sentence is such a lie. That depends on your viewpoint. There certainly

Re: Network Time Synchronization using timed or ntpd or a Combination?

* Paul de Weerd [EMAIL PROTECTED] [2007-10-24 19:28]: On Wed, Oct 24, 2007 at 10:47:45AM -0500, Boris Goldberg wrote: | May be it makes sense to set -ncv as a default behavior of rdate, but | there is should be a way to synchronize time without running a demon (don't | understand why are

Re: About Xen: maybe a reiterative question but ..

On Wed, Oct 24, 2007 at 01:41:38PM -0500, L. V. Lammert wrote: | For example, say you have three departments within a company: Marketing, | Development, Production. Allowing each department to maintain their own | server instance allows each department to have their own users, home | directory

Re: Network Time Synchronization using timed or ntpd or a Combination?

* Marc Balmer [EMAIL PROTECTED] [2007-10-24 20:25]: Boris Goldberg wrote: May be it makes sense to set -ncv as a default behavior of rdate, but there is should be a way to synchronize time without running a demon (don't understand why are people so aggressive about that) if you

Re: About Xen: maybe a reiterative question but ..

Can Erkin Acar wrote: L. V. Lammert wrote: At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert [EMAIL PROTECTED] [2007-10-24 16:46]: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handling kernel calls.

Re: Network Time Synchronization using timed or ntpd or a Combination?

Hello Marc, Wednesday, October 24, 2007, 1:13:23 PM, you wrote: May be it makes sense to set -ncv as a default behavior of rdate, but there is should be a way to synchronize time without running a demon (don't understand why are people so aggressive about that) if you don't need

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, L. V. Lammert [EMAIL PROTECTED] wrote: At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: Anything we can do to increase security, *including* setting up VMs (of any flavor) is an improvement [that also increased hardware utilization]. This last sentence is such a lie.

Re: About Xen: maybe a reiterative question but ..

The security benefits are at the application level, *NOT* at the OS level. What hogwash. The security benefits are at the ability to buy a steak for dinner level. You've already made the decision to decrease security by de-compartmentalizing onto one physical box, so you are just thrilled with

Re: LDAP users

Linus SwCFCB$las schrieb: OpenBSD doesn't include an LDAP module though so you'd have to write your own, details for how to do so is in the login.conf(5) man page. Or perhaps you can google something, someone else has probably built one already. login_ldap no longer in ports?

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Jack J. Woehr [EMAIL PROTECTED] wrote: All things being equal, the safest base installations in the universe would be those whose user instances were encased in some kind of solid VM and whose base instance administrators were provided with and followed best practices. My VM:

Re: multimode fiber card recs for OpenBGPD

* N.J. Thomas [EMAIL PROTECTED] [2007-10-24 19:28]: I have two servers that I would like to setup to run OpenBGPD for our border routers. I need to find a supported PCIe (not PCI-X) fiber card that runs multi-mode and a supported PCIe (not PCI-X) fiber card that runs single-mode. (One of

Re: About Xen: maybe a reiterative question but ..

* Darren Spruell [EMAIL PROTECTED] [2007-10-24 21:48]: Remember back 10-ish years ago when VLANs were being touted as the ultimate network segmentation technology by marketers of managed switches? And now everyone hopefully realizes that while VLANs technically do offer network segmentation,

Re: About Xen: maybe a reiterative question but ..

It's a very simple concept. There is *nothing* in any virtualization software that makes having it *more secure* than not having it at all. Period. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Theo de Raadt wrote: The security benefits are at the application level, *NOT* at the OS level. What hogwash. The security benefits are at the ability to buy a steak for dinner level. Nah, I like steak, I hate enterprise computing. You've already made the decision

Re: Network Time Synchronization using timed or ntpd or a Combination?

Boris Goldberg wrote: [snip] There are pros and cons in the demon and in the cron schema. I decided to use cron and I know why. Every sysadmin/architect should make that decision for *his* systems (and know why). Home users should probably stay with the default (ntpd),

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Henning Brauer [EMAIL PROTECTED] wrote: without bad config errors (that are getting harder to make, except on cisco, they got the semantics completely wrong and stupid defaults) and usedcorrectly, yes, VLANs perfectly isolate network segments. I'm curious about this. Do you have

Re: About Xen: maybe a reiterative question but ..

On Oct 24, 2007, at 4:16 PM, Henning Brauer [EMAIL PROTECTED] wrote: * Darren Spruell [EMAIL PROTECTED] [2007-10-24 21:48]: Remember back 10-ish years ago when VLANs were being touted as the ultimate network segmentation technology by marketers of managed switches? And now everyone hopefully

Re: About Xen: maybe a reiterative question but ..

You have failed to satisfactorily explain why running a specific application in a VM is more secure then running it in a standard OS. It's nonsense that you think it's more secure that way. It saves a lot of money, yes -- you don't necessarily want a separate box just to run an application - but

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Theo de Raadt wrote: At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: Anything we can do to increase security, *including* setting up VMs (of any flavor) is an improvement [that also increased hardware utilization]. This last sentence is such a lie.

Re: About Xen: maybe a reiterative question but ..

Theo de Raadt wrote: The security benefits are at the ability to buy a steak for dinner level. I vote to add it to theo.c. Thanks Daniel Index: src/usr.bin/mg/theo.c === RCS file: /cvs/src/usr.bin/mg/theo.c,v retrieving

Re: About Xen: maybe a reiterative question but ..

* L. V. Lammert [EMAIL PROTECTED] [2007-10-24 23:22]: Running different application domains on separate VMs provides isolation BETWEEN those application domains. no, it does not. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure

Re: About Xen: maybe a reiterative question but ..

Certainly there is a small, compount risk increase due to multiple OS images involved, but the OS images must be analyzed independently FIRST, and THOSE risks addressed. Certainly you pulled that assesment out of your ass. **IF** OBSD were available as a host OS, that would be good security.

Re: multimode fiber card recs for OpenBGPD

On Wed, Oct 24, 2007 at 10:25:32PM +0200, Henning Brauer wrote: * N.J. Thomas [EMAIL PROTECTED] [2007-10-24 19:28]: I have two servers that I would like to setup to run OpenBGPD for our border routers. I need to find a supported PCIe (not PCI-X) fiber card that runs multi-mode and a

Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel

knitti wrote: On 10/19/07, Stephen Bosch [EMAIL PROTECTED] wrote: Other things I've tried: - moving the Jetdirect to a different port on the same physical switch - a variety of static and dynamic IPs in the subnet I also forwarded the external port 9100 to this print server and tried to

Re: About Xen: maybe a reiterative question but ..

You have failed to satisfactorily explain why running a specific application in a VM is more secure then running it in a standard OS. It's nonsense that you think it's more secure that way. It saves a lot of money, yes -- you don't necessarily want a separate box just to run an application -

Re: About Xen: maybe a reiterative question but ..

At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote: Certainly there is a small, compount risk increase due to multiple OS images involved, but the OS images must be analyzed independently FIRST, and THOSE risks addressed. Certainly you pulled that assesment out of your ass. I thought it was

Re: About Xen: maybe a reiterative question but ..

At 11:26 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert [EMAIL PROTECTED] [2007-10-24 23:22]: Running different application domains on separate VMs provides isolation BETWEEN those application domains. no, it does not. Is that your ostrich response? Lee

Re: About Xen: maybe a reiterative question but ..

* L. V. Lammert [EMAIL PROTECTED] [2007-10-25 00:11]: At 11:26 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert [EMAIL PROTECTED] [2007-10-24 23:22]: Running different application domains on separate VMs provides isolation BETWEEN those application domains. no, it does not.

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert wrote: gibberish

Re: About Xen: maybe a reiterative question but ..

Paul de Weerd wrote: Why compare this to all departments on one machine, all on the same OS ? That's not a fair comparison. Why? Because that's what happens *anyway*. -- Matthew Weigel hacker [EMAIL PROTECTED]

Re: About Xen: maybe a reiterative question but ..

At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote: L. V. Lammert wrote: gibberish Wow, such intelligence Now we get crap instead of ostrich logic. Sheesh. Lee

new dell install completed, but...

all, I'm happy to read whatever I need to, in order to get this system running. I come before this list humbly. Please don't flame my ass with RTFMs :) I have a new Dell Optiplex 745 with an Intel Core 2 Duo. this system completed the install. Now on boot it hangs after: wskbd1: connecting

Re: About Xen: maybe a reiterative question but ..

On Oct 24, 2007, at 3:41 PM, Theo de Raadt wrote: We know what a VM operating system has to do to deal with the PC architecture. It is too complex to get perfectly right. I concur with this assessment and the discussion of actual x86 PC implementation vs. 390 architecture which led up to it.

Problem with disk size

Hello all! I have an OpenBSD-box with two 250G drives inside (and some SCSI). Trying to use one of the drives as a whole gave this from disklabel $ sudo disklabel -p g wd0 [snip] 16 partitions: # sizeoffset fstype [fsize bsize cpg] c:233.8G 0.0G unused

Re: How can i boot a bsd.rd from windows 2000 ?

Christopher Bianchi skrev: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure

Re: About Xen: maybe a reiterative question but ..

On 24-Oct-07, at 5:59 PM, L. V. Lammert wrote: At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote: You must be more qualified with regards to the actual code than I am because I flat out don't believe this at all. Believe what? OBSD is secure? I thought you were proud of the project? Sheesh!

sanely designed hardware?

After enjoying the Xen thread, and the comments about the horrid mess that is x86 hardware design, I'm wondering what hardware on which OpenBSD will run _is_ well designed. Who makes a hardware architecture that is open (enough) that OpenBSD can run fully on it, that has good performance. I'm

Re: About Xen: maybe a reiterative question but ..

Hi! I think you are missing the point about x86 hardware being a mess. Theo made an excellent point about the architecture itself having so many filthy quirks. If a VM is compromised through any means, that attacker can now leverage the dirty architecture to bypass the hypervisors (supposed)

Re: About Xen: maybe a reiterative question but ..

On Wed, Oct 24, 2007 at 05:44:37PM -0500, L. V. Lammert wrote: At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote: L. V. Lammert wrote: gibberish Wow, such intelligence Now we get crap instead of ostrich logic. Sheesh. Actually, that's a fair assessment at this point. Looking at what

Re: Problem with disk size

Jon Sjvstedt wrote: Hello all! I have an OpenBSD-box with two 250G drives inside (and some SCSI). Trying to use one of the drives as a whole gave this from disklabel $ sudo disklabel -p g wd0 [snip] don't snip. 16 partitions: # sizeoffset fstype [fsize bsize

Re: new dell install completed, but...

[EMAIL PROTECTED] wrote: all, I'm happy to read whatever I need to, in order to get this system running. I come before this list humbly. Please don't flame my ass with RTFMs :) I have a new Dell Optiplex 745 with an Intel Core 2 Duo. this system completed the install. Now on boot it

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert [EMAIL PROTECTED] wrote: If not, then security issues compound due to multiple guest OSs and each set of inherent vulnerabilities. security issues and protections do not add up like numbers. Sure they do. If I'm running Windoze as a guest OS, there are hundreds or

  1   2   >