> I haven't seen anyone mention acme.sh yet--a shell script for
> letsencrypt with no external dependencies.
>
> https://github.com/Neilpang/acme.sh
No external dependencies, and no security foundations.
No privsep, no clear seperation.
Using pretty much every unsafe pattern tied to security h
> acme.sh does not require root/sudoer access. For sure I run it as an
> unprivileged user and hope you do as well!
The concept of privsep isn't about running as an unprivileged user.
It is so much more.
The problem is that unprivileged users still have the full system call
interface available
> Christoph R. Murauer wrote:
> > True but let me be a littlebit paranoid. Would it not be possible to create
> > a new .fs / .iso with new keys in /etc/signify/* and new SHA256 / .sig
> > files to place bad content and distribute it using a torrent ? I came
> > across this idea as I readed long
That is not possible.
pledge only works on behalf of a process itself.
In the simplest case, a call to pledge is done between the first part
of a program "initialization" and the second part of a program "main
loop".
It serves no purpose if done earlier, and as you noted execve resets
pledge, to
> Michael Hendricks wrote:
> > I would like to have pledge on the command line so I can restrict an ad-hoc
> > process during execution. For example:
> >
> > $ pledge "stdio" sed -e "s/foo/bar/g" output.txt
> >
> > I can't modify sed, for example, because I don't always want it pledged
> > that
> I can imagine pledge(2) becoming very complex if individual ports are
> blocked. It is not just the syscall, it's also the code in the
> kernel. From what I can gather, pledge is really to restrict processes
> to a subset of functions available, rather than restricting each
> individual argument,
> Seems like syspatch should install new /bsd.sp and /bsd.mp and then link
> /bsd to the correct one based on whether sp or mp kernel is running. This
> would be consistent with the installer.
You are pretty sure of yourself, but that isn't what the installer does.
It does not "link". You can go
> After a bit of investigation, I found that it was becasuse the unpriv
> shell function generated an error upon invoking su:
>
> su: approval failure: Undefined error: 0
>
> Is there no way to run syspatch in a chroot either?
No.
And that's just plain crazy.
> I noticed in my logs things like this.
> May 1 03:00:02 isildur openssl: vfprintf %s NULL in "%s %2d
> %02d:%02d:%02d%.*s %d%s"
>
> It comes down to this command to fetch ocsp response:
> openssl ocsp -respout ocsp.der -no_nonce -issuer chain.pem -cert
> cert.pem -url http://ocsp.int-x3.letse
>In patch "OpenBSD/patches/6.0/common/002_perl.patch.sig" I've found
>references to two paths that appear to not exist in OpenBSD/octeon:
>
>* /usr/libdata/perl5/octeon-openbsd/5.20.3/IO
>* /usr/libdata/perl5/octeon-openbsd/5.20.3/IO/Socket
>
>Instead, there are:
>
>* /usr/libdata/perl5/mips64-ope
>2) Notion of transactions
>
>Often, more patches are installed at once, with the single `syspatch`
>command. One might want to be able to revert all those patches at once
>as well. A notion of transactions could be made by adding a notion
>of transactions, but that would add more unnecessary compl
>On 2017-05-15 Mon 01:31, Theo de Raadt wrote:
>> >2) Notion of transactions
>> >
>> >Often, more patches are installed at once, with the single `syspatch`
>> >command. One might want to be able to revert all those patches at once
>> >as well. A
>On Mon, May 15, 2017 at 08:36:21AM +, Michal Bozon wrote:
>> I think the justification is:
>>
>> Why do i even need to revert a patch? Only because something got broken
>> by the last syspatch command, that may have applied multiple patches.
>> I might not now which patch caused the problem.
> I was planning on buying one but was waiting to see what the feedback was.
>
> Any other issues other than the resume?
If I had one I would probably work on the resume the iron I
carry around is getting a little dinged.
> On Fri, May 05, 2017 at 09:34:57PM +, Christian Weisgerber wrote:
> > On 2017-05-05, Roland Kammerer wrote:
> >
> > > Today I upgraded to OpenBSD 6.1 and saw that none of the mirrors seem to
> > > contain packages for mips64el anymore.
> > >
> > > Are they still building?
> >
> > Yes.
>
>
I am being harrassed by a guy called Markus Uhlin.
https://github.com/uhlin?tab=following
By sending this mail, I'm hoping he comes to understand I am fed up.
That mirror is updating way too slow.
> I had to switch to ftp.openbsd.org to get the 008 patch for -stable
> since my preferred mirror, ftp.eu.openbsd.org, doesn't seem to be
> updating. The timestamp file says last update was run on 1495188001
> (Fri May 19 12:00:01 CEST 2017).
>
> There is no
Great thing is you all have source code, and can run the same
debuggers live in your key-happy situations, and then generate traces
to expose the problem so that someone can help you.
But, yet, that doesn't happen. Strange isn't it?
1. it works, be happy.
2. the memory map from the bios is being honoured; the kernel makes
conservative decisions to honours it, as a result it works. see 1.
3. if you want to drill down further and get access to more memory,
you have the source code AND the hardware.
4. if you don't wan
> For a few years I have been running nc from inetd together with pf
> redirect rules to reach LAN servers via their public IP adresses from
> LAN:
>
> # cat /etc/inetd.conf
> 127.0.0.1:20080 stream tcp nowait proxy /usr/bin/nc nc -w 20 PR.IV.AT.E 80
> 127.0.0.1:20443 stream tcp nowait proxy /usr/
> is somebody messing with the graphics stack by any chance?
It is probably rude to call steps-being-taken-toward-progress "messing"
> On Sun, 11 Jun 2017 09:42:15 -0600
> "Theo de Raadt" wrote:
>
> > > is somebody messing with the graphics stack by any chance?
> >
> > It is probably rude to call steps-being-taken-toward-progress "messing"
> >
> >
>
> I
> Asbel Kiprop wrote on Sun, Jun 11, 2017 at 09:24:23PM +0300:
>
> > cat: /var/www/dev/urandom: Device not configured
>
> By default, /var is mounted nodev. See mount(8), fstab(5).
Providing a workaround that reduces security is a poor answer.
Perhaps the drive to make-it-work inevitably overri
> So my question is, will there be any security implications that I
> should be concerned about with setting wxallowed in /etc/fstab to the
> home mountpoint?
Yes there is a security implication. From mount(8),
wxallowed Processes that ask for memory to be made writeable
> However, the convenience of just installing packages is then lost.
> After a discussion on IRC, a couple of ways to deal with this came up:
>
> 1. add a non-USE_WXNEEDED flavour of the python port
>
> 2. have the python port(s) ship two binaries (one with, one without
>OPENBSD_WXNEEDED)
>
> Please forgive me if this has been noted on misc@, as I've overlooked
> it, but, just out of curiosity, can anyone account for the recent
> doubling in size of base61.tgz in recent amd64 snapshots of -current?
>
> As recently as 7 June, it was ~58 MB in size, but over the last couple
> of da
This is intentional. But the script /etc/rc may not be working
exactly as intended yet. rpe, tb and I are still iterating this, and
also attempting to satisfy the unhibernate case which requires booting
the original kernel.
The intent of the hash is so that a developer can build their own kernel
> I get the error Message that "installboot: /mnt/usr/mdec/biosboot extends
> Beyond sector 268435455. OpenBSD might not boot." I'm dual booting with
> Windows using Windows' boot loader first.
You've created an OpenBSD MBR partition too far up your disk. It
won't work in legacy mode. The BIOS w
> Kai Wetlesen wrote:
> > What would a potential curator of a bug tracker need
> > to do besides spin up a server, install, and maintain
> > the chosen (or written) software?
>
> not underestimate the effort involved.
>
> so this has come up before, and the answer remains the same. anyone can set
> Hi Raul,
>
> I am very glad your effort to support me since I DO NEED to get an MAC of
> an OLD PC.
>
> This PC was removed from the network last week.
>
> unfortunately "arp -a" does NOT give the MAC of that PC.
>
> I am running darkstat as well. It also does NOT give it either. I think
> T
> > > no idea what to do?
> >
> > Plug it back in. Power it up. Make sure it has a reachable IP. Ping
> > it.
> >
>
> very sorry. It is prohibited to plug it back in and power it up.
>
> To do it, We might need a special request.
>
> Theo, Anyway, thanks for you support.
Another solution
> Another solution is to smash that device with a hammer. Repeatedly.
> Don't stop before you are sure it is destroyed.
>
> Then it has no MAC address.
>
> Later, if you search the world, you won't find it's MAC address.
>
> Eventually through exhaustive search you might be able to make a good
> On 06/22/17 23:11, Stuart Henderson wrote:
> > These warnings mean something like: "don't move straight from a release
> > or an older snapshot directly to building new code from source (whether
> > that's -current or a newer release)".
> >
> > If there is much of a gap between the version you'r
> If the user of that PC spoofed the MAC address, What does arp -a show in
> OpenBSD ?
It shows in:du:ni:l0:00:01
Every time.
> Anyway, thanks for the thoughts; but I do still want a working ipmi :).
> No biggie to add one line and recompile the kernel, but it would be nice
> to get fixed. It's still disabled by default out of the box, you have to
> explicitly reconfigure your kernel to enable it.
If you want it working,
> This is not helpful. You insist that you know what is going on when I
> was in front of the computer and you were not. File copying to an ext2
> filesystem on a usb drive is 10x slower than to an ffs filesystem on
> an internal sata drive mounted async (ext2 is async; apples to
> apples). I know
> On 2 July 2017 at 13:54, Theo de Raadt wrote:
> >> This is not helpful. You insist that you know what is going on when I
> >> was in front of the computer and you were not. File copying to an ext2
> >> filesystem on a usb drive is 10x slower than to an ffs files
> I went with wsfb because it doesn't need allowaperture. Any other
> differences?
>
>
> PS: The FAQ is silent on this topic. I had to dig through old
> mailing list posts for a reminder to enable allowaperture.
> I knew there was a wscons-based driver, too, but if you don't
> know
>Hi Mik,
>
>not quoting anything because your posting is too ill-formatted.
>
>Yours is a frequently answered question. The directory /var/mail/
>is intended for individual user mailboxes. If you need a directory
>for a different purpose - like mailbox subhierarchies for virtual
>domains - create
> I've been putting mine in a dedicated partition. /var/vmm should probably
> be its own partition if used.
>
> nodev, nosuid are probably good choices there too.
That won't work. People without an additional partition will get these
mount options. And anyways those system flags don't make any
> On 2017-07-18, multiplex'd wrote:
> > Thank you for explaining; I suspected the reasoning was such. Speaking
> > specifically
> > about ports, is there a way to start a port build as root and then drop
> > priviledges
> > (in a similar manner to the base system's build infrastructure)? A qui
> Sure. I don't have a really strong opinion one way or the other. When I
> mentioned I put mine in a dedicated partition, I use /data/vmm or various
> places in /home if I've already fully partitioned the machine in question.
I don't think a seperate partition is neccessary.
However I think this
> > Now, I am running on the assumption that these ioctl()s were
> > implemented as a kernel-side component of doas's "password timeout"
> > functionality as observed when using the "persist" configuration
> > keyword. From that, my question is whether there is any particular
> > reason for reco
> On Wed, 12 Jul 2017, Mihai Popescu wrote:
>
> > Hello,
> >
> > I preffer to keep it calm, but some people on the list are using
> > protonmail and their mails are impossible to read directly on the
> > list. I think they are destroying the list, maybe they should turn
> > that feature off. Here
> As things stand, ProtonMail is not a suitable client for writing to this
> mailing list.
>
> Your messages are nearly unreadable.
Maybe it should be blocked. Then the users there can tell them to fix it.
Would have no downside for me.
> If your clock drift is worse than that, your clock is broken. Which
> alas is the case for vm.
I agree with this statement.
About 20 years ago, I defined the minimum system we attempt to run well
on as IPL32 or I32LP64, with a MMU.
Soon this was redefined as with an FPU as well, after which I
> It seems syspatch looks at the current machine capabilities instead of
> which kernel is running when it decides on if /bsd is /bsd.sp or /bsd.mp.
>
> I tried to install OpenBSD 6.1 to a USB connected CF card that later will
> run in an alix2d13 that has got one core, but I did the installation
> Is there a way to make sysctl re-read its conf file, or even another file,
> like sysctl -p does on linux systems ?
> Supporting this option would be nice, as it is used by the sysctl module of=
> ansible.
But sysctl doesn't have a configuration file.
there is a file called sysctl.conf, but it
> On 07:39 Thu 20 Jul, Theo de Raadt wrote:
> > someone in linux land went off the map here. and then another piece of
> > software started un-portably assuming that's the way to do things?
>
> Because it's a nice way to apply configuration changes made to
> /
> > > On 07:39 Thu 20 Jul, Theo de Raadt wrote:
> > > > someone in linux land went off the map here. and then another piece of
> > > > software started un-portably assuming that's the way to do things?
> > >
> > > Because it's
> > On Jul 21, 2017, at 3:47 AM, Stuart Henderson =
> wrote:
> >=20
> > On 2017-07-20, BARDOU Pierre wrote:
> >> Is there a way to make sysctl re-read its conf file, or even another =
> file, like sysctl -p does on linux systems ?
> >> Supporting this option would be nice, as it is used by the sy
> > On Jul 21, 2017, at 3:42 PM, li...@wrant.com wrote:
> >=20
> > Fri, 21 Jul 2017 12:33:31 -0700 Peter Faiman
> >> # ./sysctl -p example.conf
> >> Peter
> >=20
> > Hi Peter, ansibles,
> >=20
> > No guarantee systems controls stay affixed, wrapper tools comply got =
> it?
>
> The point of sysctl
Peter, please leave. People around here don't need to read your
insults.
> > This is a solid machine, if you can get it, do so. OpenBSD 6.1 works
> > very well on this hardware, I have used mine variously as a gateway
> > router with PF, DHCP server, DNS server with unbound, and local name
> > server with nsd. Currently it's acting as local name server while
> > stand
> That said, while "minimum requirement" is neither useful nor
> understandable, it might be interesting to document nominal
> requirements - for example, size of base system on disk and memory
> occupied on bootup.
The landisk builds are done on a SH4 cpu running at 267 MHz, with 64MB
of ram. Ne
> On Sun, Jul 23, 2017 at 09:10:07PM +0200, Martijn Rijkeboer wrote:
> > On 22-07-17 02:02, Sha'ul wrote:
> > > In Lumina desktop how do I enable shutdown from GUI menu for point and
> > > click poweroff and reboot?
> >
> > Try adding yourself to the 'operator' group.
>
> The operator group has r
> I'm our maintainer of the Lumina port. Let me chat with my friends
> upstream and see if we can't come up with a better solution for this.
> As a quick thought, allowing users in a particular group (perhaps
> :wheel?) to run shutdown(8) without a password prompt using doas seems
> like a starti
> No. Filesystem is FFS. The os is 4.9 or later but not above 5.4 afaik.
Sorry, that's too old for you to get any 'free support' or assistance.
> I wonder how fast the NIC's will be - using this CPU and still no hardware
> acceleration.
>
> Yeah, I'm wondering that too. It's pretty cool this platform is
> becoming more popular to run openBSD on.
>
> People are willing to take an unknown (right now) performance penalty
>
> then a 'dig' or 'nslookup' fails even though I can get to port 8053 on
> 127.0.0.1.
This is due to the socket pledge code, with SOCK_DNS. This area was
damaged during the transition to pledge, and hasn't been repaired.
Maybe one day. But for the moment, it is not getting fixed because
it isn
There are some known problems on xhci usb3.0. the driver isn't perfect yet.
> both regarding content and markup (including pf.conf(5) and
> ifconfig(8)), and that is not a coincidence: The subject matter is
> unusually difficult, the number of features to explain is unusually
> large, the number of people qualified to judge the accuracy of the
> manual pages and proposed c
> As of today, what package testing is automated by anyone?
None. So you can be first to do it...
> > P.S.
> > There is no good reason to insult Todd
>
> I don't know him, I might've heard of him once. Needless to say, the
> insult obviously wasn't personal.
>
> > for running spamd(8), which
> > is a standard tool and less annoying than some others.
>
> How do you find 'Hello, spam sender. P
> > The old behavior was that the kernel would wait after the "fdc0 ..." line
> > until fd0 attaches. Now it does the waiting in the background and continues
> > booting. I agree that it's a bit ugly, but it makes booting about 5 seconds
> > faster.
>
> It's not just a bit ugly... It's horrible
> Since the main goal of OpenBSD is security, I keep wondering about one
> thing.
> There are packages like irssi or Thunderbird that should be updated to
> the newest upstream version.
These two sentences don't make sense together. You equate "update
update" with security.
That doesn't make s
> >> I understand that -stable is not place for the latest packages available
> >> and it's expected to be rock solid, but also secure.
> The thing is that mentioned packages are already updated in MAIN.
Twice the work == twice the work.
> I'm curious how looks the process of merging package upda
> For 6.1 amd64/i386 is there a difference between a syspatched -release
> and a compiled -stable (in base syspatched -release eq compiled
> -stable)?
> And what about the userland in -release in contrary to a fresh compiled
> userland for -stable? For amd64/i386 I just want to understand the
>On 2017-09-11, Marc Espie wrote:
>> I'm just discovering the issue and the thread with it.
>>
>> I don't quite understand why we don't talk it over with Colin Percival.
>>
>>
>
>PERMIT_*_FTP would seem alright to me, as long as people are careful
>not to add patches ..
Yeah, and the same policy
> Hello misc, I used config -ef on my current kernel, and after rebooting,
> kernel relinking fails. The log only contains "(SHA256) /bsd: FAILED"
Yes, this is known. If you take control of the kernel using various
means, relinking deactivates.
> Looking for help. I am trying to run an application that requires 2 GB
> of swap. My VPS instance has 256 by default. For some reason the
> application will not accept a swap file. It is possible to resize
> partitions live to get a bigger swap space?
On fooVPS you type
# fooswap -a /foo
> Firefox has W^X compliance and so runs with the secure defaults.
it uses page aliasing, which is a shitty way of being compliant
> The latest Firefox (Not ESR as mtier provides) has recently had
> sandboxing for Windows and Linux added and legacy extensions will be
> phased out.
>
> It is ther
> >> ktrace gives me following:
> >> 4013 relayd CALL getdtablecount()
> >> 4013 relayd RET getdtablecount 101/0x65
> >> 4013 relayd CALL getrlimit(RLIMIT_NOFILE,0x7f7bb630)
> >> 4013 relayd STRU struct rlimit { cur=3D65536, max=3D65536 }
> >> 4013 relayd RET getrlimit 0
>
> Now that there are no CDs, are stickers also gone?
I guess many people didn't think through what happened when CD
production stopped.
Stickers, posters, etc. were subsidized by the sales of CDs.
With CDs gone, of course there isn't an efficient way to sell
stickers, and make even a few pennies
Only one boot attempt occurs, whether network or disk.
It is expected behaviour.
> After a failed/aborted PXE boot (e.g., hitting a key or no network)
> a laptop is "hanging" at the (OpenBSD 6.2 snapshot)
> >boot
> prompt which normally (AFAICT) times out and just boots after a few
> seconds (fro
> I'm trying to use pledge to protect a go program.
>
> The exec aborts with abort trap: core dump
>
> Ktrace and /var/log/messages say that the __set_tcb
> syscall is denied.
>
> Can I configure pledge to allow such syscall ?
In post-6.2, this is now allowed. It wasn't allowed earlier
due to
Completely intentional.
Snapshots convert into released mode, but not all the parts are
released yet. Release happens when enough parts are built.
When you encountered this problem, did you read the manual pages to
look for a solution?
Why not?
> I installed today via usb the latest snapshot >
This is kind of intentional, since noone has put effort into making
softraid understand the disk-binding logic found in the BIOS-RAID
sectors. Maybe we should reconsider, dunno.
> I've just tried to install the amd64 OpenBSD 6.2 and it doesn't see
> hard disks when controller in RAID mode (BIOS c
> > I don't feel this warrants a bug report, but nevertheless feel that this
> > behavior is inconsistent with the way dhclient works. I have a vultr
> > server running nsd/OpenBSD 6.2, and I suspect that the move to slaacd
> > from kernel code in 6.1 is what has broken my nsd config (it fails to
> What does that mean ?...
It means you cannot pledge big pieces of software that perform
arbitratry magic. Learn the magic, change the magic.
> On Thu, Oct 12, 2017 at 12:18:52AM +0300, Rostislav Krasny wrote:
> > You just lose users and popularity.
>
> In this community, your statement has the opposite effect of what it is
> trying to achieve. It puts developers off and discourages them from
> worrying about your problem.
>
> At any g
> On Thu, Oct 12, 2017 at 2:43 AM, Mike Larkin wrote:
> > On Thu, Oct 12, 2017 at 02:36:11AM +0300, Rostislav Krasny wrote:
> >> On Thu, Oct 12, 2017 at 1:10 AM, Stefan Sperling wrote:
> >> > On Thu, Oct 12, 2017 at 12:18:52AM +0300, Rostislav Krasny wrote:
> >> >> You just lose users and popular
You own all the pieces.
> RO /usr also breaks the shiny new kernel relinking.
>
> So the best I have come up with is crontab lines
>
> @reboot sleep 60 mount -urf /usr
>
> The 60 may be too short on very old systems.
>
> Perhaps it's time to drop the ro but I'm quite attached to my security
>
> I just discovered, to my dismay, that size_t is only 32 bits, even on
> 64-bit processors. Is there a particular pressing reason for this? A
> quick investigation reveals that even dd(1) is affected -- this is IMO
> not good.
You are wrong.
limits.h:#defineSIZE_T_MAX ULONG_MAX
> I wrote:
> > I'd suggest, given modern file sizes, that we bump it to 64 bits on all
> > platforms.
>
> Oh, and off_t *is* 64 bits, at least on i386; pity most routines don't
> use it: they use size_t.
off_t is used where it should be used. size_t is used where it should
be used.
You are show
> >> I just discovered, to my dismay, that size_t is only 32 bits, even on
> >> 64-bit processors. Is there a particular pressing reason for this? A
> >> quick investigation reveals that even dd(1) is affected -- this is IMO
> >> not good.
> >
> > You are wrong.
> >
> > limits.h:#define SIZE_T_MAX
> On Wed, Oct 11, 2017 at 11:01 AM, Stuart Henderson
> wrote:
> > What is not good is when you do have a RAID array, the controller is
> > in RAID mode, but OpenBSD doesn't understand the metadata, so it corrupts
> > data on the disk.
> >
> > This is a difficult area. We don't want to corrupt dat
> theo wrote:
> >
> > off_t is used where it should be used. size_t is used where it should
> > be used.
>
> In that case I change the proposal to the introduction of an uoff_t, or
> is there already something appropriate? If so, why doesn't dd(1) use it?
>
> > You are showing inexperience.
>
>
> Perhaps I'm mistaken, but it doesn't seem like there's a facility for
> automatically restarting daemons after a crash or similar. Is the idea
> just that daemons should be designed to not crash?
Yes. Fail closed. It is the only secure thing to do.
> I'm familiar with 3rd party tools like dae
> That's sensible, but if money or lives were on the line, I think It'd
> be better to have a running but potentially vulnerable service. For my
> use case, this is completely acceptable, I'm just curious about the
> implications for others.
Then you can do that on your own, if it suits your use c
> OpenBSD also has plenty of redundancy service failover (CARP, relayd
> etc.) as do service providers. So one/more can take over whilst the
> failed are audited.
Uhm, in your dreams.
This is a conversation about simply restarting such failing services.
> Can someone explain to me why xargs(1) does not support using newline
> as a separators, when that is one of the most common unix separators?
Because then you don't need xargs, normal tooling seperates each line
into a seperate argv entry regardless of other spacing.
You are proposing an incomp
> (2) Given that POSIX is an incomplete specification, why is POSIX the
> issue here?
What does 'incomplete specification' mean.
You mean incompatible extensions should be added, quite similar to the
damage bash creates in the ecosystem with it's incompatible extensions?
> The problem here is that you currently can't get xargs to use newline
> as a separator without also getting spaces as a separator. This
> creates a variety of problems.
But it creates lots of other problems when you propose an extension to
only one operating system's version of a utility.
I thi
> Ok, I am curious - what new problems would this create?
I explained in the first mail.
> It does seem to me that the implementation should be portable.
Wow, you don't get it.
You want to add a feature.
The someone will use the feature.
In a script intended to be portable.
But other systems won't have this feature
Therefore the script won't work.
That sucks.
If you want to add
> I read "hacking blind." Can you restart a daemon with another forked
> process that's only job is to monitor a pipe or a waitpid()-like operation
> and if the parent dies, it exec's to restart it, or even execs "rcctl
> restart ntpd"
>
> If the mitigations are successful at limiting execution to
> Maybe more things should be randomized like the stack canaries. Is that a
> new idea?
Time to orer a new keyboar.
> In light of the message regarding /dev/arandom and /dev/urandom would it now
> be correct to use *ONLY* /dev/urandom on current versions of OpenBSD ?
In OpenBSD it doesn't matter which one you use.
/dev/urandom, /dev/arandom and /dev/random all work the same
They are identical
- gaurantee exc
i'm watching a bunch of losers who argue before running diff
> You didn't really make a great case for the newer awk, either. Is there a
> good reason to use the 2012 release from upstream? If so, you could submit
> a diff and explain the benefits.
>
> On Oct 19, 2017 12:15 AM, "Niels Kobschaet
1 - 100 of 3011 matches
Mail list logo
