Problem with Pf

Hi Guys, I hope I am posting on the right mailing list. I am sending you this email because I have been experiencing a lot of BAD State in pf recently. I don't know if this has been discussed previously. More and and more people are now using Oses that can adapt the TCP Windows Size. In pf, I

Re: Compliments and Knob Question

Richard Toohey wrote: On 5/12/2007, at 7:09 PM, Richard Toohey wrote: On 5/12/2007, at 4:24 PM, L wrote: Question about buttons and knobs.. What exactly is a knob? [cut] it simpler. For example the CP command is just a knob for copy.. My understanding of knob is an option or a switch.

Re: Access to a remote Oracle database

Hi, afaik all access to oracle databases require oracle client software. only exception I know of is JDBC ( java database connectivity, which has a thin client requiring only tcp and the oracle jdbc client, which is pure java. maybe that is an option. if not you might connect your ms sql server

DLT4000 on openbsd st0: 10240-byte record too big

Hi, this error seems to have been around a bit on the news groups but I see no answers only questions (yeh I've got a bible on the shelf next to the Koran so I could try that). I've a DLT4000 tape drive connected to a scsi card in my sun blade 100 running openbsd 4.2 I'm getting this

Re: DLT4000 on openbsd st0: 10240-byte record too big

working :) many thanks On 5 Dec 2007, at 10:52, Otto Moerbeek wrote: On Wed, Dec 05, 2007 at 10:23:46AM +, Khalid Schofield wrote: Hi, this error seems to have been around a bit on the news groups but I see no answers only questions (yeh I've got a bible on the shelf next to the

A necessary evil: snmpd(8) and snmpctl(8)

Hi! I just imported snmpd(8) and snmpctl(8), an initial attempt to implement a new SNMP daemon for OpenBSD. SNMP is the Simple Network Management Protocol and it is still very commonly used in corporate networks, by network vendors, and in network management systems (NMS). SNMP is very

Re: DLT4000 on openbsd st0: 10240-byte record too big

On Wed, Dec 05, 2007 at 10:23:46AM +, Khalid Schofield wrote: Hi, this error seems to have been around a bit on the news groups but I see no answers only questions (yeh I've got a bible on the shelf next to the Koran so I could try that). I've a DLT4000 tape drive connected to a scsi

Re: More than 255 vhid's w/ CARP

It's true, but this can't solve any problems. In my case I have a /16 subnet and I need to nat every single IP to a different IP, for a total amount of about 400 IPs. Same subnet, same interface, redundant firewall with carp. Is there another way to increase vhid limit? On Aug 10, 2006 2:47 AM,

Re: A necessary evil: snmpd(8) and snmpctl(8)

This is great news! Hopefully I'll find the time to help test. John On Wed, Dec 05, 2007 at 11:52:12AM +0100, Reyk Floeter wrote: Hi! I just imported snmpd(8) and snmpctl(8), an initial attempt to implement a new SNMP daemon for OpenBSD. SNMP is the Simple Network Management Protocol

AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics with powersave on.

Hi Folks, I am running, or at least trying to run, OpenBSD 4.2 on a minipc using AMD's GEODE LX-800. (Its a http://www.sdlsystem.se/shop/product_info.php?cPath=23_56products_id=65 6 ) At first I had almost given up, since trying to boot the system was impossible since I always got a kernel-panic

Re: More than 255 vhid's w/ CARP

On Wed, Dec 05, 2007 at 01:00:11PM +0100, SeDoFa wrote: It's true, but this can't solve any problems. In my case I have a /16 subnet and I need to nat every single IP to a different IP, for a total amount of about 400 IPs. Same subnet, same interface, redundant firewall with carp. Is there

Re: pfctl - show port numbers

On 12/4/2007 at 6:53 PM Henning Brauer wrote: |actually, if I were to implement these parts now I'd make it print port |numbers only and not names = That's what I plan to do when I change the code.I don't need the command line option part because I have never needed the name

Re: PF problems

On 2007/12/05 13:02, Kleber Rocha wrote: My rule is being ignored and the connection is being blocked by the default block rule: block in log all But these rules work well in OpenBSD 4.0 See the 4.0 - 4.1 upgrade guide.

Re: Code signing in OpenBSD

What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to signing errata or official communications. Name one justifiable use for them. If

Re: Code signing in OpenBSD

On 12/5/07, Lars Hansson [EMAIL PROTECTED] wrote: On Dec 5, 2007 11:16 AM, new_guy [EMAIL PROTECTED] wrote: I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process

PF problems

I have the following rule in pf. pass in quick from 10.1.100.210 to any Here the result of pfctl -sr pass in quick inet from 10.1.100.210 to any flags S/SA keep state But the connection is being blocked by pf, follows log of pflog0: Dec 02 06:58:58.343862 rule 0/(match) [uid 0, pid 23271] block

Re: OpenBSD mentioned in Bruce Schneier interview

On 12/5/07, Lars Noodin [EMAIL PROTECTED] wrote: OpenBSD gets a short mention in a blog: Q: ... why in the world canb t we design a computer that can b cold bootb nearly instantaneously? I know about hibernation, etc., but when I do have to reboot, I hate

Re: Code signing in OpenBSD

Nick Guenther wrote: Well, there's the MD5 files (e.g. http://openbsd.arcticnetwork.ca/pub/OpenBSD/4.2/i386/MD5). but yeah, for the most part OpenBSD doesn't need it. -Nick Could you explain in more detail? Why doesn't OpenBSD need to use pgp keys? Really, I'm not trying to start

Re: Code signing in OpenBSD

On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned

Re: binary installed? or not?

$ man pkg_info On Dec 5, 2007 5:22 PM, badeguruji [EMAIL PROTECTED] wrote: Hello, On solaris, i can do: grep name /var/sadm/install/contents and see whether it is installed or not, also location etc. But, How can i do it on OB? where is the system map? to see whether/where name is

Re: binary installed? or not?

On 12/5/07, badeguruji [EMAIL PROTECTED] wrote: Hello, On solaris, i can do: grep name /var/sadm/install/contents and see whether it is installed or not, also location etc. But, How can i do it on OB? where is the system map? to see whether/where name is installed. Thanks in advance

Re: inetd needed for basic NAT/Firewall operation?

I have run an OBSD firewall for years and run nothing on it...the only listening port is 22 on one of the internal interfaces. You don't need identd or any of that crap on a firewall...it's forwarding or blocking packets only. -- ~Allie D. On Wed, December 5, 2007 10:58, Andreas Maus wrote: On

Re: Code signing in OpenBSD

Ah, my apologies. I was looking at the wrong thing. No further comment. On Dec 5, 2007 6:18 PM, Brad Tilley [EMAIL PROTECTED] wrote: Wow, my surprise grows... I shall no longer add to this thread... Bye now. http://www.kernel.org/signature.html http://www.freebsd.org/doc/pgpkeyring.txt *

Re: Code signing in OpenBSD

For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers. Please explain. You've also conveniently ignored bofh's question.

Re: Code signing in OpenBSD

BOFH-5 wrote: Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read: http://www.schneier.com/paper-pki.html Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys as you seem to. In fact, he has a few of his own: Bruce Schneier [EMAIL

inetd needed for basic NAT/Firewall operation?

Hello, When using OpenBSD only as a NAT router / Firewall with all of the services in inetd.conf commented out is there any need to enable inetd? I believe it's no longer necessary for ftp-proxy and want to make sure I'm not missing anything. Thank you. -- Chris

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote: I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. OpenBSD

Re: Code signing in OpenBSD

Wow, my surprise grows... I shall no longer add to this thread... Bye now. http://www.kernel.org/signature.html http://www.freebsd.org/doc/pgpkeyring.txt * One example of a signed Linux Kernel path... there are many others: ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-2.6.9.sign * One

Re: Code signing in OpenBSD

On 12/5/07, new_guy [EMAIL PROTECTED] wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? yes.

Re: binary installed? or not?

See the following link http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_infosektion=1manpath=OpenBSD+4.2 On Dec 5, 2007 10:52 PM, badeguruji [EMAIL PROTECTED] wrote: Hello, On solaris, i can do: grep name /var/sadm/install/contents and see whether it is installed or not, also location

OpenBSD4.1 IPSEC - transport_send_messages: giving up on exchange

Hi all, I have a lot of VPN connections from all subsidiaries of my business (46 subsidiaries/46 tunnels exactly). At the matriz i have an CISCO ASA 5520 VPN concentrator. Over subsidiaries, i have a openbsd 4.1. my ipsec.conf is: --

binary installed? or not?

Hello, On solaris, i can do: grep name /var/sadm/install/contents and see whether it is installed or not, also location etc. But, How can i do it on OB? where is the system map? to see whether/where name is installed. Thanks in advance for your guidance. -BG

Re: Code signing in OpenBSD

Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this.

Re: Code signing in OpenBSD

On Dec 5, 2007 12:41 PM, new_guy [EMAIL PROTECTED] wrote: BOFH-5 wrote: Would you consider Bruce Schneier to be knowledgeable about PKI? Have you read: http://www.schneier.com/paper-pki.html Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys as you seem to.

Re: Code signing in OpenBSD

On 12/5/07, new_guy [EMAIL PROTECTED] wrote: Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to

Re: Code signing in OpenBSD

Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need to signing errata or official communications. Name one

Re: A necessary evil: snmpd(8) and snmpctl(8)

Hi! I just imported snmpd(8) and snmpctl(8), an initial attempt to implement a new SNMP daemon for OpenBSD. SNMP is the Simple Network Management Protocol and it is still very commonly used in corporate networks, by network vendors, and in network management systems (NMS). SNMP is very

Re: inetd needed for basic NAT/Firewall operation?

I have inetd disabled on almost all of my systems (including all my firewalls). If you have commented out every service in inetd.conf, there is no need to run inetd, it has nothing to do and just sits there. s -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

Re: OpenCON 2007 thanks

fabioFVZ wrote: ... See you next year! Between now and then is there a chance of listening to the talks online? If so, what is the URL for the audio? Regards -Lars

OpenBSD4.1 IPSEC - transport_send_messages: giving up on exchange

Hi all, I have a lot of VPN connections from all subsidiaries of my business (46 subsidiaries/46 tunnels exactly). At the matriz i have an CISCO ASA 5520 VPN concentrator. Over subsidiaries, i have a openbsd 4.1. my ipsec.conf is: --

Re: Code signing in OpenBSD

On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. sign it yourself, then download it. problem solved.

Re: inetd needed for basic NAT/Firewall operation?

On Wed, 5 Dec 2007 19:58:59 +0100, Andreas Maus wrote: The only service that should (or could,depends on your point of view) be allowed from the internet is IMHO the identd service. Blocking this service may cause some delay because some mailers and irc servers are checking for this service.

Re: Code signing in OpenBSD

On Wed, 5 Dec 2007 08:46:16 -0800 (PST), new_guy wrote: Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries

Re: Code signing in OpenBSD

Yes, that's what I gathered was meant. Going into PKI and code signing, however, I assumed he meant signing and verifying the underlying source code, and navigating the trees, I haven't noticed that. Evidently he meant signing binary packages. In that case, I can kind of understand the

Re: Code signing in OpenBSD

On Dec 5, 2007, at 7:46 PM, Rui Miguel Silva Seabra wrote: I don't see what is the problem with blessing a fingerprint of the binaries with a PKI signature, which would mean that *these* are the binaries the devs intended to release. Who would sign the binaries? Would each package maintainer

Re: Code signing in OpenBSD

If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Oh wait, we should devote resources to people who care about security, just not enough

Re: OpenCON 2007 thanks

See you next year! Thank you it was a great event with perfect presentations. Rouven

Re: inetd needed for basic NAT/Firewall operation?

On Wed, Dec 05, 2007 at 11:49:07AM -0500, Chris Smith wrote: Hello, When using OpenBSD only as a NAT router / Firewall with all of the services in inetd.conf commented out is there any need to enable inetd? Hi Chris. The only service that should (or could,depends on your point of view) be

Re: Code signing in OpenBSD

On Dec 5, 2007 2:23 PM, Ted Unangst [EMAIL PROTECTED] wrote: On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet.

Re: Code signing in OpenBSD

blah blah blah have you ever wondered why openbsd doesn't do binary updates? maybe you are now going to be able to figure out why we don't need complex signing mechanisms. On Wed, Dec 05, 2007 at 06:46:01PM +, Rui Miguel Silva Seabra wrote: On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick

Re: Code signing in OpenBSD

On 12/5/07, bofh [EMAIL PROTECTED] wrote: Why, I tell you, if you can just make openbsd more like windows, you'll get a lot more users Don't you care about market share? (Cue Theo's story about the VC who tried to dotcom-ize openbsd :-)) Oh? What story is that? I can't

Re: Two carp firewalls keep swapping from master/backup

Are you allowing the carp traffic in and out? This is the more common fuckup I make when configuring them that has this result. make sure the carp and pfsync traffic makes it in and out.

Re: Code signing in OpenBSD

That's irrelevant (the impersonating bit). What you have to understand is this - this is not a commercial venture, nor is openbsd looking to grow marketshare or ease of use or anything. This is a project by developers for themselves. Yes, they do sell CDs and so on to help support the project,

hoststated - some questions

I am working with hoststated and trying to figure out if it will work for what I want to do. I have some questions that I hope people can answer for me. kern.version=OpenBSD 4.2-stable (GENERIC) #0: Sun Dec 2 13:43:16 GMT 2007 [EMAIL

Re: Two carp firewalls keep swapping from master/backup

Dag Richards wrote: Your understanding of preempt seems correct I had a similar issue on a pair of 4.1 FW's. A careful examination revealed that one of the carp ifaces on one system had ip addrs that were missing on the other. Carefully compare ifconfig -aA on each machine to each other. I

Two carp firewalls keep swapping from master/backup

Hello, A quick question. I have a pair of 4.1 boxes acting as firewalls using carp/pfsync etc. The primary has advskew 0, the backup has advskew 100. I have net.inet.carp.preempt=1 on both. So anyway, I was downloading some 4.2 install binaries onto the backup fw, and I noticed that the

Re: Code signing in OpenBSD

Bob Beck-2 wrote: If you want a secure binary. buy an official CD.. This is what most people do. PKI requires infrastructure that would cost OpenBSD money and developer time. Official CD's keep OpenBSD alive. Oh wait, we should devote resources to people who care about

Re: Two carp firewalls keep swapping from master/backup

On 2007/12/06 10:06, Josh wrote: So anyway, I was downloading some 4.2 install binaries onto the backup fw, and I noticed that the backup/primary carp interfaces kept on switching between master/backup fairly rapidly ( around every 5 - 10 seconds or so ) despite both hosts being up just

Re: Code signing in OpenBSD

Lars Hansson-5 wrote: No. OpenBSD doesn't sign code. --- Lars Hansson Oh that surprises me, are OpenPGP signatures used for anything? Errata, official communication, etc... maybe this is a stupid question, by it seems everyone does it these days... even small software projects. Not being

Re: /var/log/messages permissions in 4.2

On Tue, Dec 04, 2007 at 02:30:28PM -0800, Bryan Irvine wrote: What would be the rationale for 640? ;) Well according to cvs log: it can be easily changed if you like it another way. millert, So I guess one rationale might be as simple as because ;) Does anything get posted to the log

OpenCON 2007 thanks

OpenCON 2007 is over. This year due to problems at work I had to leave OpenCON 2007 organization in the hands of Marc Balmer and Vera Hardmeier. I'd like to thank them for their perfect work (as for the usual OpenBSD way of doing things). Without their support OpenCON shouldn't happened.

PCMCIA card Reader...

Hello, Will the product at the following link work under OpenBSD? http://www.synchrotech.com/products/card-rw_06_p111_p222_elan_pcmcia_pc-card_reader_slot.html It's costing US$75, paying that kind of money and not have it work would be quite heart breaking. Thanks, ~Mayuresh

Re: Two carp firewalls keep swapping from master/backup

Stuart Henderson wrote: On 2007/12/06 11:48, Josh wrote: I will investigate what Stuart Henderson mentioned. If it's that, tcpdump on the parent iface will show proto 112 IPv6 packets every few seconds, and ifconfig carpXX destroy sh /etc/netstart carpXX should clear things out. It does not

Re: PCMCIA card Reader...

Mayuresh Kathe wrote: Will the product at the following link work under OpenBSD? http://www.synchrotech.com/products/card-rw_06_p111_p222_elan_pcmcia_pc-card_reader_slot.html I haven't actually tried it, but their web site says it uses the TI PCI-1420 PCI-Cardbus bridge, and OpenBSD appears

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007, STeve Andre' wrote: Yes, one can dismiss the benefits. Think about what an MD5 (or any other cyptographic) checksum means. If the OpenBSD site publishes that list, how does something more complicated help? Answer: it doesn't. Wrong. If someone cracks a website, then

Re: Code signing in OpenBSD

On Wednesday, 05.12.2007 at 17:59 +, Kevin Stam wrote: For one thing, I think you're quite confused. Unless I'm missing something, I'm not noticing the FreeBSD, NetBSD, Linux kernel developers signing their code, or doing anything particularly differently from the OpenBSD developers.

Re: OpenCON 2007 thanks

On 05/12/2007, fabioFVZ [EMAIL PROTECTED] wrote: OpenCON 2007 is over. This year due to problems at work I had to leave OpenCON 2007 organization in the hands of Marc Balmer and Vera Hardmeier. Thankyou. I had a great time! -- Best Regards Edd

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 11:23:28AM -0800, Ted Unangst wrote: On 12/5/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet.

Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics with powersave on.

And naturally I attached the wrong files, apart from the mistyping of install42.iso. Here's the dmesg from the working kernel. TQ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Taisto Qvist XX Sent: den 5 december 2007 13:14 To: misc@openbsd.org

Re: Code signing in OpenBSD

Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated binaries from the *SAME* website?

Re: Code signing in OpenBSD

On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote: Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated binaries from the *SAME*

Re: Two carp firewalls keep swapping from master/backup

Josh wrote: Hello, A quick question. I have a pair of 4.1 boxes acting as firewalls using carp/pfsync etc. The primary has advskew 0, the backup has advskew 100. I have net.inet.carp.preempt=1 on both. So anyway, I was downloading some 4.2 install binaries onto the backup fw, and I noticed

Re: Two carp firewalls keep swapping from master/backup

On 2007/12/06 11:48, Josh wrote: I will investigate what Stuart Henderson mentioned. If it's that, tcpdump on the parent iface will show proto 112 IPv6 packets every few seconds, and ifconfig carpXX destroy sh /etc/netstart carpXX should clear things out. It does not happen all the time, just

Re: Compliments and Knob Question

On 05/12/2007, Jeremy Huiskamp [EMAIL PROTECTED] wrote: That thing on the door is a handle. A knob would let you adjust how far the door opens, how much it resists being opened, whether or not it shuts itself (and how quickly) and how far you have to turn the handle to get it to start

OpenBSD mentioned in Bruce Schneier interview

OpenBSD gets a short mention in a blog: Q: ... why in the world canbt we design a computer that can bcold bootb nearly instantaneously? I know about hibernation, etc., but when I do have to reboot, I hate waiting those three or four minutes.

Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics with powersave on.

On Wed, Dec 05, 2007 at 01:13:31PM +0100, Taisto Qvist XX wrote: Hi Folks, I am running, or at least trying to run, OpenBSD 4.2 on a minipc using AMD's GEODE LX-800. (Its a http://www.sdlsystem.se/shop/product_info.php?cPath=23_56products_id=65 6 ) At first I had almost given up, since

Re: PCMCIA card Reader...

On 2007/12/05 18:22, Steve Shockley wrote: Mayuresh Kathe wrote: Will the product at the following link work under OpenBSD? http://www.synchrotech.com/products/card-rw_06_p111_p222_elan_pcmcia_pc-card_reader_slot.html I haven't actually tried it, but their web site says it uses the TI

more unimplemented commands in azalia driver

Hi, I was trying to use the gmfsk digital radio communication program with azalia but ran into some snags. It is giving the sound card commands it can't recognize: sound_open_for_read: sndopen: setinfo failed: m and sound_open_for_write: sndopen: setinfo failed: m Gmfsk uses /dev/audio.

Re: Code signing in OpenBSD

On Wednesday 05 December 2007 11:46:16 new_guy wrote: Harpalus a Como wrote: What is the benefit of doing so? What's the point? Is the website so likely to be hacked into, that the developers need to sign all communication just to ensure that it comes from them? There's absolutely no need

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 08:46:16AM -0800, new_guy wrote: Can you dismiss PKI Seems they do. The problem of signing code does not remove the problem of checking the signature. When you sign code and when you ask developers to do so, they need to own some private key which will let you check on

Re: Code signing in OpenBSD

On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: On Wed, Dec 05, 2007, STeve Andre' wrote: Yes, one can dismiss the benefits. Think about what an MD5 (or any other cyptographic) checksum means. If the OpenBSD site publishes that list, how does something more complicated help?

Re: A question about pecl install fileinfo

A good night's sleep did the trick. Probably this is common knowledge but no amount of searching for the error messages when I did pecl install fileinfo gave me useful results. Anyways, if there is anyone who has had problems installing horde on OpenBSD as a result of fileinfo not being

Re: Code signing in OpenBSD

bofh wrote: On Dec 5, 2007 7:15 PM, Tony Abernethy [EMAIL PROTECTED] wrote: Claus Assmann wrote: Wrong. If someone cracks a website, then he can put up a modified binary and a modified MD5 checksum. This is silly. You mean that you get the checksums and the associated

Re: Code signing in OpenBSD

But, my god, you're asking people to do actual work? Goddamn it, you aren't doing your bit to improve the ease of use of people using openbsd. Where's the one click gui to install everything that I want (but only what I want and nothing more!)? It is positively embarassing that I have to use a

Re: Code signing in OpenBSD

On Thu, 06 Dec 2007 02:35:38 +0100, Gilbert Fernandes [EMAIL PROTECTED] wrote: Signing the hashes could help but you do know very few people are really going to check those. Or you pull the MD5s from another source than your packages, not bloody likely that the two different sites you've

Re: more unimplemented commands in azalia driver

Rob Lytle writes: It is giving the sound card commands it can't recognize: sound_open_for_read: sndopen: setinfo failed: m and sound_open_for_write: sndopen: setinfo failed: m Is that really the error message? What a horrible error message. The program is probably trying to use an

Re: Code signing in OpenBSD

On Thu, Dec 06, 2007 at 04:03:48AM +0100, Linus Sw?las wrote: Or you pull the MD5s from another source than your packages, not bloody likely that the two different sites you've selected for download has both been hacked. This does not protect against the master site being owned though,

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007, STeve Andre' wrote: On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was only noted because users checked the (digital) signature. You

Re: Code signing in OpenBSD

On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Come on... twice a year and get the benefit of not being excluded from company policies which require digital signature of software downloaded through the internet. It's not really OpenBSD's problem that some companies

Re: PCMCIA card Reader...

On Dec 6, 2007 4:52 AM, Steve Shockley [EMAIL PROTECTED] wrote: Mayuresh Kathe wrote: Will the product at the following link work under OpenBSD? http://www.synchrotech.com/products/card-rw_06_p111_p222_elan_pcmcia_pc-card_reader_slot.html I haven't actually tried it, but their web site says

Re: OpenBSD mentioned in Bruce Schneier interview

... hibernation modes are readily available. Lars, you misspelled this, `available` = sucks! Ioan Lars NoodC)n [EMAIL PROTECTED] 05/12/2007 11:40 OpenBSD gets a short mention in a blog: Q: ... why in the world canbt we design a computer that can bcold bootb nearly

Re: Code signing in OpenBSD

On Wed, Dec 05, 2007 at 07:02:03PM -0800, Claus Assmann wrote: On Wed, Dec 05, 2007, STeve Andre' wrote: On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote: Someone actually did the former with sendmail.org (to distribute a version of sendmail with a backdoor). The problem was

Re: more unimplemented commands in azalia driver

On Wed, Dec 05, 2007 at 05:27:31PM -0800, Rob Lytle wrote: Hi, I was trying to use the gmfsk digital radio communication program with azalia but ran into some snags. It is giving the sound card commands it can't recognize: sound_open_for_read: sndopen: setinfo failed: m and