On Fri, Oct 10, 2014 at 07:31:50PM -0400, Ian Grant wrote:
> I want to try to implement some form of concealed port knocking in
> OpenBSD, along the lines of Martin Kirsch:
>
> https://gnunet.org/sites/default/files/ma_kirsch_2014_0.pdf
Looking through the abstract and introduction, that's
Just a notice: there is a new OpenSSL advisory, at
https://www.openssl.org/news/secadv_20140605.txt. Reproduced below for
your convenience.
(No word on the degree to which LibreSSL is vulnerable.)
===
OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS MITM
On Sun, Apr 20, 2014 at 01:30:14PM +, Артур Истомин wrote:
> On Sat, Apr 19, 2014 at 11:29:44PM +0200, joasia et damien wrote:
> > - Wiadomość oryginalna -
> > > On Fri, Apr 18, 2014 at 08:54:06AM +0200, joasia et damien wrote:
> > > > Is there any way to change vi-bindings in pdksh?
>
On Mon, Apr 14, 2014 at 12:28:15AM -0700, alexander taylor wrote:
> The problem I'm trying to solve is that casual users [...] may not bother
> creating
> passphrases for their private ssh keys. [...] [T]hese keys could be
> cryptographically protected under the user's Windows/Linux logon
> passwo
On Mon, Feb 20, 2012 at 05:57:05PM +0100, Roger S. wrote:
> I am facing regular and consequent DDoS, and I would like to know how
> the OpenBSD community deal with these. Hints and inputs welcome.
>
> The obvious first : my input pipes are not filled, there is plenty of
> bandwith available for my
On Thu, Feb 16, 2012 at 11:49:03AM +0100, Markus wrote:
> occasionally I'm in the situation where having multiple
> configurations for a single network interface are handy to have.
> Most seamlessly, [multiple wifi networks] could be handled by using an
> arbitrary extension to the hostname.if fil
On Tue, Apr 19, 2011 at 09:08:52AM +, Julien Dyie wrote:
> Hi,
> after the reading of syslog.conf (5) and syslogd (8), I can't find how to
> disable syslog's listening on specifical interfaces.
syslogd always opens a UDP port, but it silently drops all traffic
unless you pass the -u option. Ye
On Tue, Apr 19, 2011 at 11:56:51AM +0200, Peter N. M. Hansteen wrote:
> Alexander Schrijver writes:
> > I think it's a bad idea to disable ssh login while someone is bruteforcing
> > your
> > account.
>
> (...) industrial-scale password guessing (...)
>
> If you allow password logins at all, th
On Mon, Apr 18, 2011 at 04:26:12PM +0200, Raimo Niskanen wrote:
> On Mon, Apr 18, 2011 at 12:10:31PM +0200, Alessandro Baggi wrote:
> > Hi list. I'm making a program that maps some ip address to a specified
> > dns. My problem is relative to CNAME record.
> :
> > Supposing that I have 209.85.148.1
On Wed, Apr 13, 2011 at 09:19:19AM +, nemir nemirius wrote:
> Hi,
>
> One of my clients is a major bank. We need to exchange data a few
> times a day at different intervals, and they're insisting that we
> initiate the VPN on demand with relevent traffic.
>
> It works from their end. Tunn
On Thu, Mar 31, 2011 at 05:42:21PM -0700, Matthew Dempsky wrote:
> Does anyone use IPcomp and/or PPP-deflate? Would anyone be sad to see these
> go?
>
> They seem pretty busted right now (e.g., no userspace support for
> enabling IPcomp, and sys/net/zlib.c is broken on 64-bit arches), and
> ther
On Thu, Mar 24, 2011 at 07:58:50AM -0700, johhny_at_poland77 wrote:
> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
>
> "Users of Mozilla Firefox that are concerned about this issue should
> enable security.OCSP.require in the about:config d
On Sat, Mar 19, 2011 at 06:05:49AM -0700, johhny_at_poland77 wrote:
> Does somebody has an idea, that what kind of iptables/pf rule must i use to
> achieve this?:
>
> i only want to allow these connections [on the output chain]:
>
> on port 53 output only allow udp - dns
> on port 80 output only
On Fri, Mar 18, 2011 at 03:50:12PM +0100, Stefan Wollny wrote:
> Marco Peereboom wrote:
> >On Fri, Mar 18, 2011 at 07:02:58AM -0700, johhny_at_poland77 wrote:
> >> So our point is, if there is a good method to encrypt the full disk [like
> with dm-crypt/AES/under Linux], and we could have an up-to-
On Sat, Mar 12, 2011 at 07:39:12AM +0100, Antoine Jacoutot wrote:
> On Sat, 12 Mar 2011, Indunil Jayasooriya wrote:
> > > > # /usr/local/sbin/havp
> > > > Starting HAVP Version: 0.91
> > > > *Mandatory locking disabled! KEEPBACK settings not used!
> > > > *
> > > > then, I tried to mount in this wa
On Wed, Mar 09, 2011 at 03:03:22PM -0430, Andres Perera wrote:
> On Wed, Mar 9, 2011 at 9:27 AM, Joachim Schipper
> wrote:
> > On Wed, Mar 09, 2011 at 01:30:39AM -0800, erikmccaskey64 wrote:
> >> I use privoxy. In the user.action file i have a redirect rule an
On Wed, Mar 09, 2011 at 01:30:39AM -0800, erikmccaskey64 wrote:
> I use privoxy. In the user.action file i have a redirect rule and a few
> websites:
>
>
> { +redirect{s@http://@https://@} }
> .twitter.com
> .facebook.com
>
>
> Ok! it's working great, e.g.: if i visit any "*twitter.com" URL i
On Tue, Mar 08, 2011 at 04:38:41PM +0100, Jordi Espasa Clofent wrote:
> 2011-03-08 10:31, Earin Gregor skrev:
> >I just wanted to know how the current development of opensmtp is going?
> >Is it ready for prime time or still considered as to early in development?
>
> http://www.openbsd.org/cgi-bin/
On Mon, Mar 07, 2011 at 01:04:56PM -0500, marc wrote:
> Hi Janne,
>
> Thanks a lot for your answer. I did read this section (actually subsection
> 'Windows 7') so I'm afraid I'm the only one getting it wrong...
>
> I had the impression that the command:
>
> < bcdedit /set {0154a872-3d41-11de-bd6
On Mon, Mar 07, 2011 at 11:34:50AM +0100, Daniel Gracia wrote:
> El 07/03/2011 10:54, Henrik Engmark escribiC3:
> >Is there a way, good or bad, to relax pf enough to let nmap do its OS
> >detection?
> >I am on 4.8.
> >
>
> Way too vague question; you should at least describe the scenario.
I'm pre
On Mon, Mar 07, 2011 at 05:22:10AM -0500, marc wrote:
> Dear all,
>
> I was reading through the docs on how to boot openbsd with the windows 7
> boot loader so I learned I have to execute:
> dd if=/dev/sd0a of=openbsd.pbr bs=512 count=1
^
The "raw" device won't be busy while the file
On Mon, Mar 07, 2011 at 10:54:09AM +0100, Henrik Engmark wrote:
> Is there a way, good or bad, to relax pf enough to let nmap do its
> OS detection?
> I am on 4.8.
You can always disable pf (pfctl -d). I'd also expect any sensible
configuration without "scrub" or (implicit) "keep state" to work, b
On Sun, Mar 06, 2011 at 04:14:33PM +0100, Jens A. Griepentrog wrote:
> On 03/06/11 02:25, Matthew Dempsky wrote:
> > [...] Jens A. Griepentrog wrote:
> >>What went wrong? The procedure works for usual hard disks and memory
> >>sticks with sectors of 512 bytes. I would be grateful for any hint.
>
On Thu, Feb 24, 2011 at 10:11:22AM +0100, Jan Stary wrote:
> On Feb 09 17:56:59, Ingo Schwarze wrote:
> > text/html; /usr/bin/lynx -stdin -force_html -dump ; copiousoutput
>
> On Feb 09 10:59:54, Marco Peereboom wrote:
> > text/html; /usr/local/bin/links -dump '%s'; copiousoutput; description=HTML
On Tue, Feb 22, 2011 at 03:04:25PM +0100, Pete Vickers wrote:
> Now that the IPv4 address space if fully allocated, perhaps it's time to
> update the comments in /etc/hosts ? Here is my attempt at a reasonably concise
> update:
>
> # Assignments from RFC5735 (supersedes RFC1918)
> #
> # Allocated
On Mon, Feb 21, 2011 at 02:31:20PM -0500, Ted Unangst wrote:
> On Mon, Feb 21, 2011 at 10:08 AM, Luis Useche wrote:
> > I would love this feature in OpenBSD src list. Is it possible to use the
> > activitymail script on the OpenBSD CVS repo?
>
> seems like a serious waste of bandwidth. If you ca
On Sun, Feb 20, 2011 at 10:23:32PM +0100, Peter [prive] wrote:
> Trying to find the problem I did the following:
> I added 1 rule as the first rule.
> pass out quick log (user) proto tcp to port 54321
Can you post a minimal pf.conf that exhibits this problem? It looks like
you have other rules as
On Sat, Feb 19, 2011 at 10:08:50PM +0800, Ana Zgombic wrote:
> Hi Misc,
>
> i'm trying to collect firsthand experience on implementing application
> level bandwidth throttling.
>
> background: i'm looking at playing with thttpd and i want to remove
> the bandwidth throttling code since it looks i
On Fri, Feb 18, 2011 at 04:54:57PM -0500, Ted Unangst wrote:
> On Fri, Feb 18, 2011 at 3:35 PM, Joachim Schipper
> wrote:
> > Actually, if one could specify an encryption password for the memory
> > written to disk, a stolen hibernating system would be less dangerous
>
On Fri, Feb 18, 2011 at 06:41:26PM +0100, Pascal Stumpf wrote:
> I am too experiencing the booting problems described a few days ago for
> the SL410. With the MP kernel, booting would sometines just stop at
> mtrr: Pentium Pro MTRR support,
>
> forcing a hard reset of the machine. Other times it
On Fri, Feb 18, 2011 at 05:17:57PM +, Kevin Chadwick wrote:
> On Fri, 18 Feb 2011 16:17:25 +0100 Joachim Schipper wrote:
> > On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
> > > does it exists?
> >
> > Not yet.
>
> Hibernate offers more i
On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
> does it exists?
Not yet.
Joachim
--
PotD: converters/wv2 - library functions to access Microsoft Word/Excel files
http://www.joachimschipper.nl/
On Wed, Feb 09, 2011 at 10:31:05AM +0100, Ezequiel Garzsn wrote:
> On Fri, Feb 4, 2011 at 10:35 PM, Benny Lofgren wrote:
> > On 2011-02-04 21.12, Ezequiel Garzsn wrote:
> > > Hello! [F]rom my fresh OpenBSD VPS, which I
> > > assume has had a default installation (...) I tried lynx
> > > *from my
On Tue, Feb 01, 2011 at 05:51:01PM +, Kevin Chadwick wrote:
> >>> > /usr/local/libexec/symux: can't load library 'libfontconfig.so.6.0'
>
> > OK, I figured this out: I must have accidentally gotten the wrong
> > xbase47.tgz fileset. problem solved.
>
> For the archives:
>
> You also get a mi
On Mon, Jan 31, 2011 at 01:29:40PM -0600, tra...@subspacefield.org wrote:
> I have a script to sort of kickstart an installation after doing a
> bare install of OpenBSD, and it's designed to be idempotent (won't
> hurt to run it several times).
>
> Currently I install some packages, but that's a b
On Mon, Jan 31, 2011 at 05:10:04PM +, Jason McIntyre wrote:
> On Mon, Jan 31, 2011 at 11:28:13AM +0100, Henning Brauer wrote:
> > then i change my mind and we should add a note that the default pass
> > behaviour (NOT rule, even tho there kinda is a default rule
> > internally...) doesn't lead
On Wed, Jan 26, 2011 at 10:56:02AM +0100, Leslie Jensen wrote:
> Upon installation of noip I ran the command noip2 -C to configure it.
>
> I want noip to run a script every 30 minutes that sends a mail to me
> at the end of the updating of the address.
>
> So I choose the settings accordingly whe
On Sat, Jan 08, 2011 at 09:50:36PM +0100, Pieter Verberne wrote:
> On Sat, 8 Jan 2011 21:03:56 +0100, Henning Brauer wrote:
> >* Pieter Verberne [2011-01-08 17:23]:
> >>I'm not sure if it is a good idea (or even possible) but I'm
> >>trying to
> >>run OpenBSD as guest in qmemu on a Soerkis and Ope
On Fri, Jan 07, 2011 at 05:50:25AM -0500, Eric Furman wrote:
> > On Fri, Jan 07 2011 at 59:07, Girish Venkatachalam wrote:
> > > Many websites these days "Akamize" or do whatever that gives them a
> > > different IP address
> > > everytime you access it.
> Don't use stupid shit like "Akamize". Pro
On Tue, Jan 04, 2011 at 02:34:08PM +, Rodolfo Gouveia wrote:
> I have a machine with 4.7 softraid CRYPTO.
> On the upgrade48.html it's recommended to rebuild the softraid volume
> to use some of the upcoming features.
> Thing is I can't rebuild a CRYPTO softraid volume.
>
> # bioctl -v softra
On Fri, Dec 31, 2010 at 04:19:53PM -0600, Matt Evans wrote:
> A friend and I are both on dynamic IP residential broadband
> connections. We both use OpenBSD boxes as edge devices.
>
> We were wondering if it were possible to create an ipsec tunnel between
> us, even though we both have dynamic pu
On Wed, Dec 29, 2010 at 08:04:14AM -0800, S Mathias wrote:
> Are there any programs blocking ip, and has frequently updated lists,
> like the peerguardian on windows?
>
> sorry for the question, but i looking for this kind of application :O
Five minutes' research shows that PeerGuardian is mainly
On Tue, Dec 28, 2010 at 01:51:19PM +0900, Joel Rees wrote:
> Just want to check on whether the situation with my sort-of new
> install of 4.8 is normal, and if my guess as to how to approach it is
> correct.
>
> I didn't have time last night to go through and tweak everything I
> know to tweak, an
On Mon, Dec 27, 2010 at 01:41:07PM -0600, Orestes Leal R. wrote:
> Martin Schrvder wrote:
> >2010/12/27 Orestes Leal R. :
> >>the 2 programs work ok, but the do not execute from crontab when I
> >>logged
> >>out from console,ssh.
> >>but when I logged on into an ssh session or console session then
On Mon, Dec 27, 2010 at 10:34:31AM -0500, Frank Bax wrote:
> I see this message in /var/log/daemon about every 10 minutes or so
> (starting about an hour ago); what does this mean?
>
> Dec 27 10:30:01 bax inetd[28318]: pop3/tcp server failing (looping),
> service terminated
It means you'll want
On Mon, Dec 27, 2010 at 10:08:09AM -0500, Frank Bax wrote:
> On 12/27/10 09:35, Dmitrij D. Czarkoff wrote:
> >I use a custom script to remove automaticly installed dependencies to the
> >manually installed packages I deleted.
>
> If you had used "-D dependencies" when you manually deleted a
> pack
On Fri, Dec 24, 2010 at 11:00:48AM +0100, Webcharge wrote:
> Must be the holiday season *sigh* my OpenBSD server is suddenly
> giving the occassional read-timeout on the /var slice of the main
> harddisk:
> There is a second harddisk installed, with OpenBSD formatted slices,
> but of different
On Sun, Dec 19, 2010 at 08:07:45AM -0500, Josh Smith wrote:
> Dear Misc@,
>
> I have a largeish ( around 10 gb) mail archive stored in a mbox file
> and it's starting to get a bit unwieldy to maintain, it's difficult to
> search through and etc. With that in mind I was wondering what others
> on t
I'm sure most of you are already aware, but
http://news.ycombinator.com/item?id=2014004 suggests that Jason fixed a
potentially-dangerous bug in the IPSEC code in the NETSEC timeframe
(src/sys/netinet/ip_esp.c r1.75).
Joachim
On Sun, Dec 12, 2010 at 01:00:17PM -0600, Yarin wrote:
> As the documentation explains, when poll() is interrupted by a signal, it
> should return -1/EINTR.
> However, I'm getting a return indicating that all of the polling descriptors
> are ready, but when I check their flags out, none of them a
On Sun, Dec 12, 2010 at 09:11:16PM -0700, Travis King wrote:
> Joel Wiramu Pauling wrote:
> > Marti Martinez wrote:
> > > Ted Unangst wrote:
> > >> At some point you're going to realize that the javascript that
> > >> decrypts your mail has to come from someplace.
> > >
> > > A better alternativ
On Sun, Dec 12, 2010 at 03:44:18PM +0400, OpenBSD Geek wrote:
> To remove users from example group "users", i usually do it by editing the
> file /etc/group, and remove it manually.
> Is there a way from command line to remove some users from a specific
> group ?
>
> I want to do a script like tha
On Thu, Dec 09, 2010 at 10:41:32PM +0100, roberth wrote:
> Brad Tilley wrote:
> > Adam M. Dutko wrote:
> > > How do[es Lavabit] deal with legal jurisdiction? Technically the
> > > government can still subpoena and they'd have to turn over the
> > > documents in the persons account, including back
On Sun, Dec 05, 2010 at 11:10:06AM -0800, Randal L. Schwartz wrote:
> Theo de Raadt writes:
>> If you don't know why I am sending this mail.. you are reading US
>> managed news, and need to much much more informed
>
> If this is in reference to Wikileaks, it's because Paypal believes that
> W
On Sat, Dec 04, 2010 at 06:28:04PM -0700, Clint Pachl wrote:
> When I open [the UPS developer's guide] with xpdf(1) I get a [message]
> to download the the latest Adobe crapware to view it.
This is cheating, but have you tried throwing it into Google docs?
Joachim
On Mon, Nov 29, 2010 at 06:52:38PM -0800, Scott Stanley wrote:
> Someone gave me a bunch of HP Proliant DL360 G3 servers, so I promptly
> went to install 4.8 i386 on one to see if it was worth keeping.
> (I'm just playing around at home with these)
>
> Installer makes it all the way to installatio
On Wed, Nov 24, 2010 at 01:03:00AM +0200, Kapetanakis Giannis wrote:
> I've recently tested login_ldap and ypldap on OpenBSD 4.8 as a test
> case for an authpf gateway for ldap users.
>
> Apart from these solution and having in mind that PAM is not (and
> probably never will be) an option, what wo
On Tue, Nov 23, 2010 at 01:38:04PM +0100, carlopmart wrote:
> I will to know your opinion about using virtual firewalls in virtual
> infraestructures like vmware, kvm ,xen, etc (...) [What about]
> security?
Let me add one more reason to the ones already offered: there are *many*
side-channel atta
On Sat, Nov 06, 2010 at 04:29:22PM +0100, Jan Stary wrote:
> On Nov 06 15:47:54, Claudio Jeker wrote:
> > On Sat, Nov 06, 2010 at 02:13:46PM +0100, Jan Stary wrote:
> > > For some time now, I have been using (...)
> > > net.inet.tcp.recvspace
> > > net.inet.tcp.sendspace
> > > net.inet.udp.recvspac
On Sat, Nov 06, 2010 at 02:13:46PM +0100, Jan Stary wrote:
> For some time now, I have been using the following sysctl's
> mentioned in FAQ 6.6.4, which sped up my network traffic
> considerably:
>
> net.inet.tcp.recvspace
> net.inet.tcp.sendspace
> net.inet.udp.recvspace
> net.inet.udp.sendspace
On Sat, Nov 06, 2010 at 01:22:43PM +0100, Jean-Francois wrote:
> I think of installing as a ftp daemon vsftpd or pure-ftpd since both
> seems to be simple and secure.
>
> Would you recommend one or the other in terms of security or
> scalability ?
vsftpd wins for security. You may also want to co
On Tue, Nov 02, 2010 at 02:23:23AM +1300, Jammer wrote:
> I'm experiencing problems setting up an OpenBSD box as a
> firewall/Wireless Access Point(...)
>
> Firstly my setup:
> * I've tried this using OpenBSD v4.1, v4.6 and a 4.8 snapshot from
> 29/10/20 all with similar results.
Just install 4.8
On Tue, Nov 02, 2010 at 12:53:15PM +0800, Edwin Eyan Moragas wrote:
> as i understand, sendmail is initially configured to send emails
> locally (ie, users on the same host).
>
> i'm setting up PHP on chrooted apache. mini_sendmail-chroot is already
> installed. i don't have any shells copied to t
On Sat, Oct 30, 2010 at 02:44:50PM -0700, Philip Guenther wrote:
> On Sat, Oct 30, 2010 at 10:34 AM, Maurice Janssen wrote:
> > (...) I extracted the src.tar.gz from the 4.8 CDROM and
> > synchronized the src tree to -stable through CVS. I expected to see
> > about 5 files being changed, but to m
On Tue, Oct 26, 2010 at 04:24:04AM -0700, Russell wrote:
> On 10/22/2010 09:43 AM, Joachim Schipper wrote:
> >On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote:
> >>On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote:
> >>>My ideal setup would be:
&g
On Thu, Oct 21, 2010 at 02:02:26PM -0400, Adam M. Dutko wrote:
> I recently tried to list contents of some of the CVS servers without doing a
> checkout to see if it would be feasible to write a small script to identify
> hot spots in the development tree based on recent commits. I believe this
>
On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote:
> On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote:
> > My ideal setup would be:
> > 1) no passwords ("*" in /etc/passwd or via vipw)
> > 2) only ssh for remote access
> >i.e. no password-based security, only something b
On Thu, Oct 14, 2010 at 03:28:20PM -0400, Brad Tilley wrote:
> Brad Tilley wrote:
> > I created (...) /etc/profile to force sh and ksh to logout users
> > after a certain period of idleness:
> >
> > $ cat /etc/profile
> >
> > # Force sh and ksh to logout idle users after 15 minutes
> > # Prevent
On Wed, Oct 13, 2010 at 09:09:29AM +, Leif Blixt wrote:
> Brad Tilley 16systems.com> writes:
>
> >
> > I was experimenting with a program to meet PCI DSS 1.2 password length
> > and content/complexity requirements and integrating it with login.conf
> > for users who have shell access to Open
On Thu, Oct 07, 2010 at 01:34:50PM +0200, g.du...@otasc.org wrote:
> If I understand you think to combine C and Python ?
> Do you think is good to code the tool in C, with only shell interface,
> and add the graphical front-end in Python ?
> In this case Python will call on each click the C binary
On Thu, Oct 07, 2010 at 10:27:43AM +0200, Guillaume Duali wrote:
> On Thu, 7 Oct 2010 06:02:10 +0200, Tomas Bodzar
> wrote:
> > 4.8 is closed for a quite long time. Support can start only in current
> > so 4.9 is nearest possible release which will support your HW ;-)
> Ho ok ^^
> So, what must I
On Thu, Oct 07, 2010 at 03:44:38AM +0200, Guillaume Duali wrote:
> On 01/10/2010 17:27, Guillaume Duali wrote:
> >On my laptop, I install the latest iso file downloaded here :
> >ftp://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/i386/install48.iso
> >
> >And with it, the acpi is bugged.
> >If I do a c
On Fri, Oct 01, 2010 at 08:42:04AM -0400, Michael W. Lucas wrote:
> I have to build a new mail relay host, and would like to use spamd and
> smtpd on OpenBSD. I'm required to provide antivirus scanning of mail
> contents, however. Has anyone attached any antivirus software to this
> combination?
On Fri, Oct 01, 2010 at 10:45:30AM +0200, Massimo Lusetti wrote:
> On Wed, 29 Sep 2010 Theo de Raadt wrote:
> > [Ted Unangst wrote: -- Joachim Schipper]
> > > [/dev/arandom] is more efficient. There is almost always enough entropy
> > > for
> > > arandom,
On Fri, Oct 01, 2010 at 09:31:18AM +0200, Claer wrote:
> On Thu, Sep 30 2010 at 45:10, Tilo Stritzky wrote:
> > On 30/09/10 00:40 Claer wrote:
> > > I have a minipci umts modem that is reconized fine by OpenBSD (4.7-stable)
> > > but I'm unable to find the good pppd configuration to establish the
On Wed, Sep 29, 2010 at 09:39:06AM -0600, Theo de Raadt wrote:
> > On Wed, Sep 29, 2010 at 9:57 AM, Simon Perreault
> > wrote:
> > > I'm trying to use /dev/srandom, but I can't get even a single byte out
> > > of it.
> >
> > Independent of other problems, I don't think you should be using
> > sra
On Wed, Sep 29, 2010 at 09:57:53AM -0400, Simon Perreault wrote:
> I'm trying to use /dev/srandom, but I can't get even a single byte out
> of it.
>
> $ hexdump -n 1 /dev/srandom
>
> It just hangs there, sleeping. If I use /dev/urandom instead, it returns
> immediately, as expected:
>
> $ hexdum
On Mon, Sep 27, 2010 at 07:46:56AM -0700, Pauline Merton wrote:
> I will be moving users from an openbsd 3.7 to openbsd 4.7 server.
>
> Do I just copy over /etc/passwd and /etc/shadow?
No, that function is handled by /etc/master.passwd on OpenBSD. Copy that
file (and /etc/groups, if appropriate)
On Mon, Sep 27, 2010 at 04:33:03PM +0200, Martin Schrvder wrote:
> 2010/9/27 Brad Tilley :
> >> The absence of reports doesn't prove that the flaws don't exist (and
> >> no, I'm not sitting on a 0day for OpenBSD :).
> >
> > I agree. I only meant that history shows Linux has these and OpenBSD has
>
Date: Sat, 25 Sep 2010 21:35:29 +0200
From: Joachim Schipper
To: misc@openbsd.org
Subject: Re: help configuring Huawei E182E
Message-ID: <20100925193529.gb22...@polymnia.joachimschipper.nl>
Mail-Followup-To: misc@openbsd.org
References:
MIME-Version: 1.0
Content-Type: text/plain; char
On Wed, Sep 22, 2010 at 02:04:39PM -0600, Beavis wrote:
> Greetings List,
>
> I would like to ask if someone has done routing via pf(4) (non-NAT
> rules). My idea is to be able to route packets from one interface to
> the other. say from tun0 to rl0. I've been googling a lot and most of
> the rule
On Tue, Sep 21, 2010 at 10:03:54PM -0400, LOL wrote:
> Does openBSD have a tools that search packages ? The only way I found it's
> by installing ports tree but I think it's a bit stupid to have all the tree
> just to a search.
> Does openBSD has a boot manager like Grub or Boot0 for FreeBSD ?
[Ad
On Wed, Sep 15, 2010 at 08:21:57PM -0300, Hugo Osvaldo Barrera wrote:
> On Wed, Sep 15, 2010 at 17:02, Joachim Schipper
> > In the specific case of Subversion, it's easy enough to invoke it
> > directly from SSH (...)
>
> I know, I've used svn+ssh for some tim
On Wed, Sep 15, 2010 at 12:34:48PM -0300, Hugo Osvaldo Barrera wrote:
> I'm planning on having a few servers (including SVN) listening on 127.0.0.1
> on machine A, and then tunneling into that machine from machine B to use
> those services.
>
> However, how safe is "lo" this sort of tunnel? Is th
On Mon, Sep 13, 2010 at 10:59:56AM +0200, Pete Vickers wrote:
> I'm trying to set up a box such that normal users are chroot'd to their home
> directories, and can only use sftp.
> Any clues what I'm doing wrong ? Google seems to hint that the chroot
> directory might have to be owned by root, but
On Mon, Aug 30, 2010 at 10:07:06AM +0200, Jean-Francois wrote:
> Might you please indicate how in the construction of an IP packet the mac
> address in incorporated into it. Is the job of the OS or of the IF ? If the
> OS
> is responsible for it, how is it processed and is it possible to change
On Thu, Aug 26, 2010 at 01:26:25PM +0200, Johan Linnir wrote:
> We need help/support with setting up a couple of pf firewalls with
> carp etc. and are of course willing to pay for it if we find the
> right resource. Please reply off list if you're interested or can
> recommend a company/person whom
On Wed, Aug 25, 2010 at 01:00:36PM -0400, Juan Miscaro wrote:
> Hi gang,
>
> I have found Linux info [1] on restricting users to file transfers
> (sftp, scp, rsync, etc) using rssh. Is this recommended from OpenSSH
> developers? Is there a native way of doing this (in OpenBSD, in
> Linux)?
>
>
On Tue, Aug 17, 2010 at 12:27:04PM +0200, Matt wrote:
> Quite possibly more of a 'which software' question:
>
> I am looking for a way to have two parties share documents securely
> through an OpenBSD server.
> User A can not look into directory B but is allowed in dir C, that
> sort of thing. Sha
On Sat, Aug 14, 2010 at 12:04:56AM +0400, open...@e-solutions.re wrote:
> Hi,
>
> I installed OpenBSD 4.7 for web hosting (test).
> So i have 3 websites for 3 users (1 site per user) :
> www.first.xx (user : firstxx)
> www.2nd.xx (user : 2ndxx)
> www.third.xx (user : thirdxx)
>
> All web pages a
On Tue, Aug 10, 2010 at 07:00:37PM +0200, Martin Schrvder wrote:
> 2010/8/10 Iqigo Ortiz de Urbina :
> > Mainstream open source monitoring is pretty much about munin, cacti,
> > nagios, zabbix. You can make any of these run on openbsd, AFAIK.
>
> A munin port would be highly appreciated. :-)
net/
On Fri, Aug 06, 2010 at 06:19:07PM +0100, Kevin Chadwick wrote:
> On Fri, 06 Aug 2010 12:14:09 -0400
> Nick Holland wrote:
>
> > I'm also a bit dubious about anything which involves qemu as a solution,
> > as I've seen too many people immediately jump on using qemu when much
> > easier and simple
On Fri, Aug 06, 2010 at 12:18:06PM -0500, Ahlsen-Girard, Edward F CTR USAF
AFSOC AFSOC/A6OK wrote:
> Nick Holland wrote:
> > On 08/06/10 18:38, Aaron Lewis wrote:
> > > How much space should i put for a separated partition, mounted on
> > > /usr/obj, is 4 GiB more or less ?
> >
> > 4GB is signific
On Fri, Jul 23, 2010 at 10:43:36AM -0400, Michael W. Lucas wrote:
> Hi,
>
> I'm running 4.7 GENERIC.MP#0 amd64 with the cwm window manager. Read
> the man pages and searched, but no answer to this.
>
> My employer runs SSH on a specific non-standard port. (Yes, I know,
> but that's the rule and
On Sun, Jun 27, 2010 at 02:13:01PM +0930, Damon McMahon wrote:
> Greetings,
>
> I need someone to hit me with a clue-stick here. I was trying to get a
> status of ping(1) using ^T but it appeared not to be sending a SIGINFO
> command. Reading through the man pages I see that stty(1) defines this
>
On Wed, Jun 23, 2010 at 12:36:38PM +0200, Ektor Wetterstrvm wrote:
> I know http://bulk.fefe.de/scalability/ is wrong / outdated /
> non-scientific / whatever... But what about this? Phoronix has more
> credibility imho...
>
> http://www.phoronix.com/scan.php?page=article&item=linux_bsd_opensolari
On Mon, Jun 21, 2010 at 03:03:08PM +0200, Tony Berth wrote:
> did the following:
>
> after navigating to: http://openbsd.org/anoncvs.html#starting
>
> applied:
>
> # *cd /usr; cvs checkout -P -rOPENBSD_4_7 src*
>
> using *cvsroot=anon...@anoncvs.fr.openbsd.org:/cvs*
That gets you -stable. Don'
On Sun, Jun 20, 2010 at 01:54:21PM +0800, Aaron Lewis wrote:
> > Aaron Lewis wrote:
> > > I'm looking for some crypt methods that will encrypt the whole
> > > disk, rather than saving it to a single file.
> > >
> > > And i need it to be supported both Linux and OpenBSD, is it
> > > possible?
> >
On Thu, Jun 17, 2010 at 01:35:29PM +0200, Robert wrote:
> Joachim Schipper wrote:
> >Easy enough, just create a softraid CRYPTO volume on top of a softraid
> >RAID-0 volume. Do keep good backups, including of the key you use.
>
> I remember that I asked something similar a ye
On Thu, Jun 17, 2010 at 09:43:46AM +0100, Harry Palmer wrote:
> > Have you considered softraid crypto?
>
> Thanks for this independent advice. Looks like it works at the block
> device level which must be better.
>
> I must say that while the official openbsd documentation I've seen is
> second t
1 - 100 of 1287 matches
Mail list logo