Re: Full disk encryption including /boot, excluding bootloader?

2020-02-18 Thread Dumitru Moldovan
On Mon, Feb 17, 2020 at 04:09:57PM +0100, Julius Zint wrote: I'm not really in a position to reflash my machine but I would still be curious for details. There is no need to reflash your firmware if the system has a integrated and supported TPM 1.2 chip. The prototype uses a Static Root of

Re: Detecting DoH using PF

2020-02-18 Thread Peter Müller
Hello *, for detecting DNS over HTTPS traffic without interfering with the connection, perhaps these articles might be helpful: - https://dshield.org/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616 -

Re: Full disk encryption including /boot, excluding bootloader?

2020-02-18 Thread Julius Zint
> Are there any downsides though? For example, would resume from > hibernation still work for such a setup? It should work with hibernation without any problems, but i did not test this extensively. > > More so, for the less knowledgeable of us, how does this relate to > UEFI's "Secure

Re: Full disk encryption including /boot, excluding bootloader?

2020-02-18 Thread Eric Furman
Make sure no one has physical access to you machine! EVER. Lock it away. That way no 'Evil Maid' or any one else can access it! This is not hard. Why is this a thing? If someone has physical access to you box then it is Game Over! All of these fantasy efforts are BS. Physically secure your

Re: Full disk encryption including /boot, excluding bootloader?

2020-02-18 Thread Frank Beuth
On Tue, Feb 18, 2020 at 08:05:29AM +0100, Paul de Weerd wrote: On Tue, Feb 18, 2020 at 05:12:25AM +, Frank Beuth wrote: | Yes, it's a cool way to combine things to get unexpected functionality. | I haven't dug into the bootloader much... is there a reasonably easy way | to get the

Re: Detecting DoH using PF

2020-02-18 Thread Tim Baumgard
On Mon, Feb 17, 2020 at 1:19 PM Erik Lauritsen wrote: > Is a DNS over HTTPS recognizable somehow so that it can be fingerprinted > and redirected or blocked using pf? > > I am thinking about the ability of PF to detect when requests are coming from > a windows machine for example. As Paul asked,

deny unknown-clients

2020-02-18 Thread myml...@gmx.com
Hi All, I'm running openbsd current and running dhcpd, on all of my subnets I use "deny unknown-clients;" and comment out the range. I have a wireless access point defined in one subnet (192.168.0.0/24), but not in another (192.168.1.0/24). When I move the ethernet cable from the interface

Re: suggestions for USB printer (maybe even with scanner)?

2020-02-18 Thread Stuart Longland
On 6/2/20 7:26 am, Adam Thompson wrote: > I don't know what you need in a printer, and I don't know what you mean > by cheap, so... YMMV. > > However, I've found Brother **LASER** printers to be very good, and most > of them support PCL6 and/or PS3. > For example, the HL-L2370DW can only connect

Old thread, but wondering if any updates?

2020-02-18 Thread myml...@gmx.com
I posted this way back in 2017 but i'm wondering if anything has changed... https://marc.info/?l=openbsd-misc=149613307021262=2 Is the 16Tb restriction been removed for full disk encryption? Thanks

Re: USB printer?

2020-02-18 Thread Maurice McCarthy
In my belief, you _must install hpcups. And if you use the usb then you _must disable ulpt in the kernel. See /usr/local/share/doc/pkg-readmes/cups

Re: Smartphone Alternatives

2020-02-18 Thread Rubén Llorente
Hi there. I have yet to see a smartphone I would trust with anything important. Nowadays I have a real laptop for computer stuff and leech free wifi, and a Nokia feature phone from 2016. I tried to get an Android phone into a "secure state" by replacing the OS with LineageOS, but the Android

Re: USB printer?

2020-02-18 Thread Stefan Sperling
On Mon, Feb 17, 2020 at 06:47:49PM +0100, Claus Assmann wrote: > I got a > HP DeskJet 2630 > printer and connected it via usb > I tried to use it "directly", i.e., /etc/printcap: > usb:lp=/dev/ulpt0:sd=/var/spool/output/usb:sf:sh:tr=^D: > as mentioned in the original mail > > but this results in

softraid i/o errors, crypto blocks

2020-02-18 Thread freda_bundchen
I've had Postgresql data on an encrypted external USB drive (encrypted via the OpenBSD FAQ instructions) for about a year and it's worked great. Recently, I started gettting dmesg messages saying softraid i/o error and it listed various crypto blocks: Feb 18 09:04:14 freda /bsd: softraid0: