Some minutes ago I had a energy blackout here in my city. I was running
OpenBSD.
When I booted after energy came back, the system did the usual fsck.
But this time something went wrong and he just escaped to root, without asking
for any passphrase.
The system did a question like "point the
As in all BSD's I know of, edit /etc/ttys (as root) and change console
to be insecure (it defaults to "secure"). This way you'll be asked for a
password when in single user mode.
This is no security issue, it is how single user mode "operates" and
it's configurable.
George.
PS. Be sure you
Am 19.02.2016 15:31 schrieb Christopher Sean Hilton:
* Am I right to assume that when connecting to isakmpd the soekris
box will match to the "Remote router" stanza because it's trying
to build a tunnel from "srcid <-> dstid" or is isakmpd using the
"local <-> peer" to choose
Since, as it seems, this list is not the appropriate place for asking
ikev2 related questions, could anybody please direct me as to where such
a place would be (mailing list, irc, etc.)?
Thanks again!
On 17/02/2016 11:57 πμ, George Mamalakis wrote:
On 16/02/2016 11:59 πμ, George Mamalakis
On 2016-02-20, arrowscr...@mail.com wrote:
> Some minutes ago I had a energy blackout here in my city. I was running
> OpenBSD.
> When I booted after energy came back, the system did the usual fsck.
> But this time something went wrong and he just escaped to root, without
Wow, that's new to me. Thanks.
Anyway, I still think that this "password rescue" should not be allowed by
default.
I know operating systems can do very little to prevent physical problems like
side-channel attacks,
but this is not the case, and this does not mean that the OS should not make it
Do you also sandbox the browser with some sort of remote desktop, or run
under a separate X session? AFAIK X allows any program to meddle with
any other program under the same display.
No, I don't.
Setup is easy. In the easiest scenario just create user, add to /etc/sudoers
line which lets you
On 2016-02-20, arrowscr...@mail.com wrote:
> Wow, that's new to me. Thanks.
> Anyway, I still think that this "password rescue" should not be allowed by
> default.
> Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is
> real encryption, there's
> not
On 2016-02-18, Kapetanakis Giannis wrote:
> On 12/02/16 18:56, Stuart Henderson wrote:
>> On 2016-02-12, Kapetanakis Giannis wrote:
>>> Hi,
>>>
>>> I have a carped firewall which is using dhcrelay to forward dhcp
>>> requests to another
On 20/02/2016 12:52 μμ, arrowscr...@mail.com wrote:
Wow, that's new to me. Thanks.
Anyway, I still think that this "password rescue" should not be allowed by
default.
I know operating systems can do very little to prevent physical problems like
side-channel attacks,
but this is not the case,
On 20/02/16 13:52, Stuart Henderson wrote:
Are the carp interfaces "up" (i.e. master) when you see these messages?
Yes always.
On both firewalls I have net.inet.carp.log=3 and I haven't logged any
carp up/down - MASTER/BACKUP transition messages.
On the other hand, on backup firewall I
Hi,
This email is an attempt to get some knowledge on how softraid works.
There's basically zero docs on these topics out here (all docs are about
how to set it up first & subsequent times in non-failure cases).
If you would be able to respond in "HOWTO form" would be awesome, then
at least
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bioctl.8?query=bioctl=i386
says
"CAVEATS
Only devices with 512-byte sectors are supported."
Is any update upcoming?
While it's 512-byte only, what does that mean for write wear
amplification and access speeds on SSD:s with 4KB or
ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET):
> This email is an attempt to get some knowledge on how softraid works.
So many of your questions are answered if you start with bioctl(8)[1],
and continue with softraid(4)[2]. Maybe bio(4)[3] helps, too.
What's there is usually
On 2016-02-20 22:23, Marcus MERIGHI wrote:
ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET):
This email is an attempt to get some knowledge on how softraid works.
So many of your questions are answered if you start with bioctl(8)[1],
and continue with softraid(4)[2]. Maybe
Sat, 20 Feb 2016 11:52:32 +0100 arrowscr...@mail.com
> Wow, that's new to me. Thanks.
Yep, the FAQ is pretty new and shiny. FAQ8 general questions.
FAQ10 system management. A must read for half the questions you may
have in general use. The entire FAQ is the first thing to query before
the
I have an Atheros AR5418 mini-PCI card in my laptop, which I think
came from an eBay seller in China. It used to work under OpenBSD, but
that may have been back about 5.2 or 4.7. Now I'm using 5.7. It
works now in Kismet under OpenBSD, but an ifconfig scan comes up not
finding anything. If I
ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET):
> On 2016-02-20 22:23, Marcus MERIGHI wrote:
> >ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET):
> >>This email is an attempt to get some knowledge on how softraid works.
> >
> >So many of your questions are answered if you
scrub is IIRC not supported by any softraid yet. Rebuild by all which
support redundancy. Marcus recommendation to read man pages can just
be highlighted here. Otherwise just read the code for ultimate
reference of what is or is not done.
I'm on 5.9-stable, got XFCE on here and just wondering about getting the power
and shutdown buttons working as they are greyed out for root and non-root.
Here's the old instructions for when 'sudo' was the standard:
%users ALL = NOPASSWD:/usr/local/lib/xfce4/session/xfsm-shutdown-helper
Then add
On 20 February 2016 at 10:29, Karel Gardas wrote:
> scrub is IIRC not supported by any softraid yet. Rebuild by all which
> support redundancy. Marcus recommendation to read man pages can just
> be highlighted here. Otherwise just read the code for ultimate
> reference of what
In a server (OpenBSD amd64 5.7) with many concurrent perl programs that
have to open a lot of SSH connections, I get many errors like this:
connect() on closed socket GEN136 at
/usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216.
Maybe at some point no more sockets can be opened
Marcus,
Holy moly, that is beautiful.
So glad to understand better what's in the box.
Also please note that I'm not trying to suggest to implement lots of
crap, am perfectly clear that high security is correlated with low
complexity.
On 2016-02-21 00:29, Marcus MERIGHI wrote:
On 2016-02-21 01:29, Karel Gardas wrote:
scrub is IIRC not supported by any softraid yet.
But there's "patrol"!
"bioctl -t start mysoftraid"
Rebuild by all which support redundancy.
Yey! Clarified by Marcus & looking forward to his clarification
Marcus recommendation to read man pages
On Sat, Feb 20, 2016 at 9:23 PM, Tinker wrote:
>
> On 2016-02-21 01:29, Karel Gardas wrote:
>>
>> scrub is IIRC not supported by any softraid yet.
>
>
> But there's "patrol"!
>
> "bioctl -t start mysoftraid"
bioctl also supports hardware raid cards besides softraid, so
Hi.
On 02/20/16 16:20, Nick wrote:
I'm on 5.9-stable,
>
5.9 isn't released yet, maybe you wanted to say 5.8-stable or 5.9-current?
got XFCE on here and just wondering about getting the power and shutdown
buttons working as they are greyed out for root and non-root.
Here's the old
On 20 February 2016 at 12:23, Tinker wrote:
>
> On 2016-02-21 01:29, Karel Gardas wrote:
>>
>> scrub is IIRC not supported by any softraid yet.
>
>
> But there's "patrol"!
>
> "bioctl -t start mysoftraid"
[...]
> On 2016-02-21 02:44, Constantine A. Murenin wrote:
>>
>> On
On Sat, Feb 20, 2016 at 8:44 PM, Constantine A. Murenin
wrote:
>
> Scrub cannot possibly be supported due to the design of the softraid:
>
> http://mdoc.su/o/softraid.4
>
> The RAID 1 discipline does not initialize the mirror upon creation. This
> is by design because
On 2016-02-21 05:05, Karel Gardas wrote:
The RAID 1 discipline does not initialize the mirror upon
creation. This is by design because all sectors that are read are
written first. There is no point in wasting a lot of time syncing
random data.
I'm afraid the claim "all sectors that are read
On 20 February 2016 at 14:29, Tinker wrote:
[..]
> On 2016-02-21 04:39, Constantine A. Murenin wrote:
[..]
>> When you do http://mdoc.su/o/newfs.8, it does not write to every
>> sector of the underlying partition; thus you cannot expect all sectors
>> to be the same.
>
>
>
Right enough, meant to say 5.8 stable!
Thanks a lot for your advice, I now have everything set up the way I want it -
thanks! ..really gotta remember to read the pkg_readme's next time! ha
Regards
Hi.
On 02/20/16 16:20, Nick wrote:
> I'm on 5.9-stable,
>
5.9 isn't released
Sat, 20 Feb 2016 20:06:57 +0100 Federico Giannici
> In a server (OpenBSD amd64 5.7) with many concurrent perl programs that
> have to open a lot of SSH connections, I get many errors like this:
Have you tried connection sharing with ssh(1) yet? Does the Net:SSH
give you
On Wed, Feb 17, 2016 at 1:38 AM, Stuart Henderson
wrote:
>
> A more generic (but more complicated) approach would be to use ifstated
> to wait until the interface is up before running isakmpd.
Stu,
Thanks a bunch for this suggestion. This turned out to be the ticket!
Hi Guys,
Any updates on this? I am toying with AWS in the case one of my lab's
projects has to be moved to thier infrastructure. I just played creating
network gateway/firewall using Colin Percival's FreeBSD. Works OK but
having OpenBSD latest PF, relayd, httpd, and other goodies sure would be
34 matches
Mail list logo