Re: fw_update verify firmware?

2020-05-13 Thread Theo de Raadt
The firmwares are packages, and are signed with the /etc/signify/openbsd-XX-fs.pub key. There is no risk. Mogens Jensen wrote: > I was just trying out the fw_update program on OpenBSD 6.5, deleting/ > installing all the firmware and was wondering if fw_update will verify > the files before

Re: Intel I210 Fiber Optic Ethernet Card Transceiver Info.

2020-05-13 Thread Vertigo Altair
Hi, Sorry for late reply but I had a problem accessing this device. I’ve tried both OpenBSD 6.6 and 6.7 (amd64), nothing changed: I think you’re probably right; transceiver command is only available for ix(4) driver. But what about ifconfig em0 media output showing only supporting

Re: using aggr interface instead of trunk

2020-05-13 Thread Iain R. Learmonth
Hi, On 13/05/2020 13:10, mabi wrote: > I am currently running OpenBSD 6.5 as firewall with two ix interfaces inside > a trunk interface with LACP protocol. On top of that I have a few vlan > interfaces so it's basically (ix -> trunk -> vlan). > > Now I saw that OpenBSD has a new interface

Re: unveil documentation

2020-05-13 Thread Theo de Raadt
Kevin Chadwick wrote: > The unveil man page is perfectly correct and it is not hard to test it's > behaviour. > > I just wonder if it may aid unveil adoption in languages other than C, if it > explicitly mentioned that exec is not required on a dir to allow reading the > files within, e.g. if

unveil documentation

2020-05-13 Thread Kevin Chadwick
The unveil man page is perfectly correct and it is not hard to test it's behaviour. I just wonder if it may aid unveil adoption in languages other than C, if it explicitly mentioned that exec is not required on a dir to allow reading the files within, e.g. if the dev is more used to filesystem

Re: Any plans to support newer Loongson-based systems?

2020-05-13 Thread Juan Francisco Cantero Hurtado
On Tue, May 12, 2020 at 11:46:58AM -0300, Fabio Martins wrote: > > I believe loongson people are primaly after running some Linux distros for > their processor (new ones), but maybe if you ask them directly about their > plans to donate people's effort / hardware to OpenBSD, might be a good >

using aggr interface instead of trunk

2020-05-13 Thread mabi
Hello, I am currently running OpenBSD 6.5 as firewall with two ix interfaces inside a trunk interface with LACP protocol. On top of that I have a few vlan interfaces so it's basically (ix -> trunk -> vlan). Now I saw that OpenBSD has a new interface specifically for LACP which is called aggr.

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

2020-05-13 Thread Marko Cupać
On 2020-05-13 11:02, i...@aulix.com wrote: (all your emails to @misc) Dear Info, the best way to get answers to all of your questions regarding OpenBSD is to try and run OpenBSD for a few years trying to make it help with your real-world needs, such as personal laptop, home gateway,

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

2020-05-13 Thread info
> This is "testing the waters" racism. Where did you find an indication of a racism?

Re: OpenSSH FIDO (Nitrokey) support (Was: Re: OpenBSD insecurity rumors from isopenbsdsecu.re)

2020-05-13 Thread info
Btw, thanks for this site link, may be something like: https://web.archive.org/web/20200513115537/https://undeadly.org/cgi?action=article=20190302235509 could work. > On Wed, May 13, 2020 at 12:59:26PM +0200, i...@aulix.com wrote: > >> Thanks for your suggestion, >> >> but googling for keys:

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

2020-05-13 Thread Paul Wisehart
On Tue, May 12, 2020 at 05:09:16AM +0200, i...@aulix.com wrote: > Treat it as my secret, I want and that is why I ask because I can, I wish you > tell me the answer without a knowledge of "why I ask", > it is a very long discussion of answering by a question to question in your > Jewish style,

Re: OpenSSH FIDO (Nitrokey) support (Was: Re: OpenBSD insecurity rumors from isopenbsdsecu.re)

2020-05-13 Thread info
Thanks for suggestion, I already have seen it and even contacted SSH developer Damien Miller regarding FIDO key support a few weeks ago. What I am looking for right now is something different, it is if ssh-pkcs11-helper works with SSHD daemon on OpenBSD to store there its server private key in

OpenSSH FIDO (Nitrokey) support (Was: Re: OpenBSD insecurity rumors from isopenbsdsecu.re)

2020-05-13 Thread Peter N. M. Hansteen
On Wed, May 13, 2020 at 12:59:26PM +0200, i...@aulix.com wrote: > Thanks for your suggestion, > > but googling for keys: +openbsd +nitrokey > > does not indicate anything interesting except a few of my own questions on > the Nitrokey support forum. I had to look up "Nitrokey" to verify that

[www] list of associated projects: adding rpki-client

2020-05-13 Thread Alex Naumov
Hey, since rpki-client has its own home page like other "associated projects", it makes sense to add a new link. Cheers, Alex Index: index.html === RCS file: /cvs/www/index.html,v retrieving revision 1.740 diff -u -p -r1.740

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

2020-05-13 Thread info
Thanks for your suggestion, but googling for keys: +openbsd +nitrokey does not indicate anything interesting except a few of my own questions on the Nitrokey support forum. I would like to hear from some real OpenBSD user about he is happy with Nitrokey on OpenBSD. Another my point is about

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

2020-05-13 Thread info
> Free advice from a fellow East European who might better understand your obnoxious behaviour on this list: I find behavior of commenters like you much more obnoxious and simply trolling me and the whole topic of this thread and some interesting facts mentioned here which might not please

Re: USB 3.0 flash drive not functional

2020-05-13 Thread Andrew Klaus
So I've confirmed that sd_get_parms is returning -1 here (by using printf() statements in /usr/src/sys/scsi/sd.c): 1671: if (sd_read_cap(sc, flags) != 0) 1672:return -1; Then then sets this error variable to -1: 218: error = sd_get_parms(sc, sd_autoconf); Then this check is false, and