Re: AnonCVS and -rHEAD

On Sun, 07 Jun 2015 22:27:05 -0400 Nick Holland n...@holland-consulting.net wrote: On 06/07/15 20:14, bytevolc...@safe-mail.net wrote: Hello all, I noticed on http://www.openbsd.org/faq/faq5.html#BldGetSrc that there is information about preloading the tree, but does not mention that

Re: Correction to the AnonCVS documentation

Please ignore/delete this. The SMTP server I was using was initially blocked, and thanks to the list owner, it is now fixed. As a result, this message may have been backlocked and sent. It is essentially a duplicate of another message, which has received reasonable replies. On Mon, 8 Jun 2015

Correction to the AnonCVS documentation

Hello all, I noticed on http://www.openbsd.org/faq/faq5.html#BldGetSrc that there is information about preloading the tree, but does not mention that getting to -current requires -rHEAD at least the first time using 'cvs update' after pre-loading the tree with the source files from the last

(Potentially dangerous) ATA timeout with 'atactl secerase'

Hello, I am not sure if this should go into tech@ since I cannot work out a decent fix for this yet, but atactl secerase has a potentially dangerous 1000mS timeout set. Potentially dangerous, because this timeout results in some misinformation being provided to the caller or user: # atactl wd1

AnonCVS and -rHEAD

Hello all, I noticed on http://www.openbsd.org/faq/faq5.html#BldGetSrc that there is information about preloading the tree, but does not mention that getting to -current requires -rHEAD at least the first time using 'cvs update' after pre-loading the tree with the source files from the last

Re: Booting Live openbsd image on fat32 media

The Windows DISKPART command-line utility (Windows Vista and later) can split your USB disk into multiple partitions. There are no GUI tools that can do this, to the best of my knowledge, though perhaps the Disk Management (diskmgmt.msc) snap-in can. On Mon, 21 Sep 2015 16:24:40 +0330 Mohammad

pledge(2) API ideas for libraries

I have thought of a way pledge(2) can be made a little more library-friendly. This is not a patch, but just a thought. There are 2 setups I have thought of: === 1. Variable arguments === int pledge(const char *promises, const char *paths[]) { return vpledge(1,

Re: Is there such a thing as a fanless OpenBSD-capable laptop?

On Mon, 13 Jun 2016 05:25:17 +0300 li...@wrant.com wrote: > ... until you meet the quality expectations. Irony mode ACTIVATE.

Re: Is there such a thing as a fanless OpenBSD-capable laptop?

If you can't read the question properly, please remain silent. On Mon, 13 Jun 2016 02:21:48 +0300 li...@wrant.com wrote: > For you only, the archives deserve much better: higher quality > threads. ... > You're in for a LOT of disappointment if you follow marketing material > without dmesg and

Re: Is there such a thing as a fanless OpenBSD-capable laptop?

On Sun, 12 Jun 2016 03:21:40 +0300 li...@wrant.com wrote: > Sat, 11 Jun 2016 20:03:37 +0200 ropers > > Does anybody here have a fanless laptop they run OpenBSD on? > > (Possibly even as their primary computer? How poor of a desktop > > replacement is it?) > > For a true no

Re: Is there such a thing as a fanless OpenBSD-capable laptop?

I do have a Panasonic Toughbook CF-30 which doesn't have a fan, I have successfully run -current on it. If you want something more modern, but a bit smaller, the CF-19 may be a good choice. It is a bit small though. On Sat, 11 Jun 2016 20:03:37 +0200 ropers wrote: > Does

Re: Is there such a thing as a fanless OpenBSD-capable laptop?

; > Also, while dmesg requests aren't a bad idea (bytevolcano? pretty plz? > joekiser? when available?), ...

Re: Is there such a thing as a fanless OpenBSD-capable laptop?

Thanks for all the private personal attacks and abusive messages such as this one, Wrant. Really appreciate it. On Sun, 12 Jun 2016 13:46:47 +0300 li...@wrant.com wrote: > Shithead. Get lost. You're on auto-delete. You don't exist.

Re: Is there such a thing as a fanless OpenBSD-capable laptop?

Allow me to explain that complex thought. I didn't say that all machines are useless, nor did I say that any machine is useless. One machine that is useful for Purpose #1 is useless for Purpose #2; likewise, the machine that works well for Purpose #2 is quite possibly useless for Purpose #1.

Re: hardware recommendation for openbsd-based thin client?

Hello Marko, Perhaps look into VIA's EPIA boards. They offer a pico-ITX form factor (pretty close to the size of an audio cassette), with VGA and keyboard. Whilst not all of the features (eg. watchdog) will work, it should do for your purposes. I have used a P900 board and it seems to work fine.

Re: where is the image of openbsd arm ?

On Fri, 24 Jun 2016 04:30:39 +0300 li...@wrant.com wrote: > > What is more important is the level of engineering information > available from the manufacturer (PC Engines) web site including tech > specs, manual, BIOS updates, accessories, enclosures, diag boards and > also: Schematics! I

Re: where is the image of openbsd arm ?

On Fri, 24 Jun 2016 06:32:33 +0300 li...@wrant.com wrote: > Fri, 24 Jun 2016 12:10:11 +1000 > > On Fri, 24 Jun 2016 04:30:39 +0300 > > li...@wrant.com wrote: > > > > > > What is more important is the level of engineering information > > > available from the

Re: where is the image of openbsd arm ?

On Fri, 24 Jun 2016 06:32:33 +0300 li...@wrant.com wrote: > Fri, 24 Jun 2016 12:10:11 +1000 > > On Fri, 24 Jun 2016 04:30:39 +0300 > > li...@wrant.com wrote: > > > > > > What is more important is the level of engineering information > > > available from the

Re: bioctl disk encryption

On Sat, 9 Apr 2016 20:18:11 -0400 Matt Schwartz wrote: > I really like the bioctl full disk encryption feature. I would love > to see it extended to support multiple users/passkeys. I once worked > with a commercial full disk encryption product that allowed this ...

Re: date not respect for 5.8 and 5.9

Like, because OpenBSD is for, like, REBELS, mn! Which is like, totally gnarly dude! On Thu, 31 Mar 2016 10:58:00 +0200 "Max Power" wrote: > Hi guys! > Why the release 5.8 and 5.9 did not comply with the canonical date > of the 1th November and of the 1th May? > >

Re: Alternate Puffy Logo Design

On Thu, 19 May 2016 15:18:45 -0400 "Ted Unangst" wrote: > Mihai Popescu wrote: > > First, the webpage design change suggestion, then the logo > > alternative ... I guess a project name change suggestion will > > follow, I'm curious if this will be till weekend. > > We're

Re: Suggestion: new webpage for openbsd.org

I agree, we need buttons with rounded corners and ones that appear when you hover your mouse over them. Those hyperlinks in the current OpenBSD site are sharp and someone could poke their eyes out. On Wed, 18 May 2016 11:00:54 +0530 Jay Patel wrote: > I would like to see

Re: Suggestion: new webpage for openbsd.org

On Sun, 22 May 2016 09:32:47 +0200 Reinhold Straub wrote: > On 21.05.16 01:12, Theo de Raadt wrote: > > > I think the site is fine. Thanks for the table above. I agree > > there would be value in small tweaks to improve the view for narrow > > displays. > > Wouldn't it

Re: Suggestion: new webpage for openbsd.org

On Fri, 20 May 2016 03:50:51 +0300 li...@wrant.com wrote: > Interesting, the moment some other systems started swapping designs, > the moment their public knew they've sold out and commercialised in. This is a good point; I have certainly noticed this on a lot of other sites and projects. As

Re: Suggestion: new webpage for openbsd.org

The reason the OpenBSD site hasn't changed for years, aka. "aged", is because there is no need to change just for change's sake. A lot of problems in this world are caused by the young generation being taught to "ALWAYS IMPLEMENT CHANGE!" by new-agey college professors and teachers. In fact,

Re:

On Mon, 16 May 2016 10:47:02 + 1 9 wrote: > What editor? vim or emacs? what is the reason? MS-DOS EDLIN.

Re: Is loss of read-only /usr permanent?

li...@wrant.com wrote: > Defending read only file systems on a writable medium is pointless, but > your option, which does not qualify as a bug report. Now read one book. Wrant, calm down and curb the attitude please. You often come up with good stuff here, and there are even things you have

Re: mfs vs tmpfs: advantages and disadvantages

I actually wrote a patch to that a while back, and it was not accepted. Looking back, I am not disappointed that it was rejected, and it forced me to find another solution: shell scripts, included below. However, in light of what Theo said, I'm possibly going to move back to mfs; even if I

Re: mfs vs tmpfs: advantages and disadvantages

On Tue, 03 May 2016 02:53:36 -0600 Theo de Raadt wrote: > mfs is reliable. > tmpfs has bugs, and as a result of those bugs, it has fewer and fewer > users. > Or, maybe there are fewer problem reports because fewer people use > it, because those who tried to use it ran

mfs vs tmpfs: advantages and disadvantages

Hello, With tmpfs being in the tree for the last 2+ years (since OpenBSD 5.5), I would like to ask, besides the "-P" option in mount_mfs, what is the advantage of using mfs over tmpfs? It seems tmpfs has the following advantages: - Can grow or shrink; shrinks when files are erased. - Can

shm_mkstemp(3) without the file name

Hello, I am writing a local server which requires the use of shared memory objects. Essentially, other applications communicate to this server by connecting to a UNIX domain socket within the file system. Occasionally such an application may require a shared memory buffer to share large

Re: tmpfs

mxb wrote: ... For someone who "doesn't use tmpfs" or "doesn't care that much" about it, you sure are making a racket on this thread.

Re: tmpfs

Marc Espie wrote: On Tue, Aug 02, 2016 at 02:53:43AM -0400, Eric Furman wrote: ... Nope, I'm rather sure Theo doesn't care one way or the other. I'm one of the guys who would very much like working tmpfs. Actually, it has worked "good enough for me", but there are a few issues at work. - I

Re: Weird cursor problem

e, I also find it strange that there is no X > > -configure option; I am trying to configure my touch pad to disable > > the annoying tap-to-click feature; I feel this is partially the > > culprit in my case. > > Hi bytevolcano, > > Could be, could be not.. I run l

Re: shm_mkstemp(3) without the file name

Jeremie Courreges-Anglas wrote: bytevolc...@safe-mail.net writes: Hello, I am writing a local server which requires the use of shared memory objects. Essentially, other applications communicate to this server by connecting to a UNIX domain socket within the file system. Occasionally such an

Re: shm_mkstemp(3) without the file name

Ted Unangst wrote: bytevolc...@safe-mail.net wrote: When I use ftruncate(2) to actually allocate the segment, the file is as long as the segment that is allocated. Even if the file is unlinked before ftruncate(2) is called, enough free space in the /tmp *file system* is required for the shared

Re: shm_mkstemp(3) without the file name

Theo de Raadt wrote: Is using ftruncate(2) to lengthen the segment the right way to do it, or is this yet another stupid limitation of POSIX shared memory? If you are getting the picture that the standards commitee cobbled together a bunch of junk and expected a good outcome, you are well on

Re: shm_mkstemp(3) without the file name

Philip Guenther wrote: Well, I am amazed. I guess I just have to do some more investigation into workarounds for this, as RAM-based tmpfs file systems will get full very quickly with shared memory segments, and large segments result in high disk activity when munmap() is called. And SysV shared

Re: shm_mkstemp(3) without the file name

Ted Unangst wrote: bytevolc...@safe-mail.net wrote: I see where you are coming from, but what I am getting at is, where in the POSIX standard does it say that it needs to be anywhere in the file system at all? If it is shared memory, then surely this doesn't require backing up. Oh. It doesn't

Re: shm_mkstemp(3) without the file name

Ted Unangst wrote: bytevolc...@safe-mail.net wrote: Yes, it seems to create files with long names (that have nothing to do with the template I provide) in the /tmp root. If it doesn't respect the path or template, what is the point of having this argument there in the first place, and what is

Re: ratble and rdomain support on dhcpd and openvpn

Kapetanakis Giannis wrote: On 15/07/16 22:34, Difan Zhao wrote: Thank you sir! So I probably just stick with my hacking approach and wait for the 6.0. I see that will come in November so not too much waiting. So any idea how the openvpn might start to support rtable or rdomain? Thanks, Difan

Re: How make "pkg_add" auto-choose some package version for me when same package is available in more versions?

On Tue, 05 Jul 2016 10:12:01 +0800 Tinker wrote: > Wait, can "%" be used to install the latest version for unimportant > packages? > > Or at least make pkg_add choose *some* version for me because I > totally don't care, this would just be a trick to automate system >

Re: tp-link tl-wn722n athn0: could not load firmware

Mihai Popescu wrote: Had anyone any success with this usb wireless in recent snapshots. Following some hints that this chip is not properly powered from USB port, I hardwired it to the power supply of the computer, but the result is the same: it fails to load the firmware. Nevertheless I had

Re: thunderbird segfaults

Stefan Wollny wrote: Hi Theo! Gesendet: Montag, 08. August 2016 um 17:21 Uhr Von: "Theo Buehler" An: misc@openbsd.org Betreff: Re: thunderbird segfaults disklayout: a: 5122.2M / b: 1019.8M swap d: 10244.6M /tmp e: 15359.0M /var f:30718.0M /usr g:

Re: Weird cursor problem

Philip Guenther wrote: On Tue, Aug 2, 2016 at 8:12 AM, Alan Corey wrote: Anybody else see this? It's happening at least 6 times a day, it's a little annoying. It's happened a few times on my laptop (same 5.7 i386). It does happen without Firefox open but most of the

Re: How boot HDD-side crypto softraid from (bootable) USB disk? (AMD64/ARM. Currently installboot fails with "cross-device install"!..)

Perhaps I should point out that the only reason I suggested installing OpenBSD on the stick here was for recovery purposes, and for installing the boot loader. The boot loader allows you to select the HDD you have at the start. So edit /etc/boot.conf *on the stick* as follows: boot sr0a:/bsd

Limits for bcrypt_pbkdf(3) vs bcrypt(3)

I am investigating bcrypt_pbkdf(3) or bcrypt(3) to secure passphrases within an existing application. However, the man page for bcrypt_pbkdf() does not mention the 72-character password limit that bcrypt() does, especially given bcrypt_pbkdf() appears to accept an output buffer whose length is

Re: Limits for bcrypt_pbkdf(3) vs bcrypt(3)

cheers Ted, On Tue, 07 Feb 2017 14:50:49 -0500 "Ted Unangst" wrote: > bytevolc...@safe-mail.net wrote: > > 1. Does the 72-character limit also apply to bcrypt_pbkdf() > > [presumably this will mean softraid(4) crypto won't accept > > passwords >72 chars anymore]? > > No.

Re: How boot HDD-side crypto softraid from (bootable) USB disk? (AMD64/ARM. Currently installboot fails with "cross-device install"!..)

There is still an elephant in the room. What if someone has physical access to your machine's USB ports, and decides to boot something nasty from it, which in turn modifies the firmware in your system (very likely to be possible due to stupid "consumer-grade" junk like UEFI or OS-flashable BIOS

Re: https://undeadly.org

I vaguely recall this sort of thing happening before with deadly.org; this is how undeadly.org started. Maybe undeadly.org will turn into [something with a zombie-like name].org? On Tue, 28 Feb 2017 10:59:24 + (UTC) Stuart Henderson wrote: > On 2017-02-28, minek van

Re: OpenBSD 6.0 release and errata60.html

Hello Andreas, On Fri, 2 Sep 2016 12:29:28 +0200 Andreas Kusalananda Kähäri wrote: > On Fri, Sep 02, 2016 at 11:33:59AM +0200, Alexander Hall wrote: > > On Thu, Sep 01, 2016 at 03:03:15PM -0400, Daniel Ouellet wrote: > > > On 9/1/16 2:59 PM, R0me0 *** wrote: > > > >

Re: doas.conf, no persist option in 6.0 Release

On Tue, 13 Sep 2016 10:28:56 -0400 Eike Lantzsch wrote: > On Dienstag, 13. September 2016 06:46:04 PYT jungle Boogie wrote: > > On 13 September 2016 at 05:55, Eike Lantzsch > > wrote: > > > but in man doas.conf of 6.0 Release it is not mentioned and using > > >

security.html

Hello, I have a suggestion to reduce the amount of maintenance work necessary for errata. Why not just have a link to errata.html on the security.html page, instead of each releases' errata? Each releases' errata is already accessible on the errata.html page anyway. This is just a suggestion;

Re: FW Hardware

On Thu, 22 Sep 2016 15:29:12 -0400 Eike Lantzsch wrote: > or for a little more you get > PC Engines APU.2C2 > which is amd64, has far more RAM and three Gigabit-ports. > Interfaces: Realtek 8168 Or if you are patient, and need multiple SIM cards, you can wait for the APU3a4 or

Re: Booting BSD on a Libreboot system - documentation needed

On Thu, 6 Oct 2016 15:05:04 +1100 Aaron Mason wrote: > Holy frijole, just reading some of the responses from the some people > in GNU - I'm at the point where I'm not entirely convinced that GNU > isn't a cult, with Stallman as the high almighty leader. I am

Re: Add a Theo fortune cookie

Rather than going through all the trouble of mucking around with the build of an existing application, why not make it a standalone program? Before anyone here goes mad, I can't be bothered testing this; it is something I conjured up in less than two minutes, and I personally do not have any use

Re: Dual booting - can't boot OpenBSD from Windows 10 bootloader

Hi Eric, On Fri, 23 Sep 2016 08:04:19 -0400 Eric Furman wrote: > NO professional dual boots OS's Apart from those who are sick and tired of Windows, and sick and tired of Microsoft controlling their PCs. Many a professional will use Windows to do their work-related

Man page for md5(1)

For md5(1) (and therefore, sha1(1), sha256(1), sha512(1)), the man page has this: "-q Only print the checksum (quiet mode)." Since this has the same behaviour as "cksum -q", would it be best to keep it in line with it: "-q Only print the checksum (quiet mode) or if used in conjunction

Re: DigitalOcean and OpenBSD

andrew fabbro wrote: ... - some day in the bright shining future when vmm is done, you may be able to buy an OpenBSD guest VM on an OpenBSD host...and then these piddling Amazon and Microsoft Azure empires will fall as Puffy storms the net. To the cloud! Those "piddling Microsoft Azure

Re: LLVM license change

On Tue, 27 Sep 2016 20:29:56 -0500 Amit Kulkarni wrote: > On Tue, Sep 27, 2016 at 8:06 PM, Chris Cappuccio > wrote: > > > Ingo Schwarze [schwa...@usta.de] wrote: > > > Hi Benjamin, > > > > > > kbenjamin Coplon wrote on Mon, Sep 26, 2016 at 01:23:43PM

Re: Cron logs in /var/cron/log instead of /var/log/cron?

On Sun, 02 Oct 2016 22:45:00 -0600 "Theo de Raadt" wrote: > > Why is it in /var/cron/log and not /var/log/cron by default? To me > > it makes more sense to have it all in /var/log/, but given it has > > been the default for several years, is there a reason (other than > >

Cron logs in /var/cron/log instead of /var/log/cron?

I have noticed for the last 5 years of OpenBSD usage that the cron log location is /var/cron/log, instead of /var/log/cron: # $OpenBSD: syslog.conf,v 1.19 2015/11/26 15:25:14 deraadt Exp $ # *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages

Re: Laptop Recommendations?

I seem to be doing fine on an old Panasonic Toughbook. They can be bought quite cheap if you don't mind them being several years old. Having said that, if you want a laptop that is "close to free", then expect failures to be "close to free" also. On Wed, 09 Nov 2016 23:47:52 -0600 Nathan Koch

Re: -current

On Fri, 25 Nov 2016 16:55:03 -0700 ch...@ccmach14.org wrote: > Hello - Where can I get sys.tar.gz -current? Thanks! Chuck > Greetings Chuck, You can use the sys.tar.gz and src.tar.gz from the latest release (at the moment 6.0) and use "cvs update -rHEAD" on it.

Re: Laptop Recommendations?

On Sat, 12 Nov 2016 07:25:11 -0600 Chris Bennett wrote: > > I also notice that Thinkpads and Toughbooks seem to be the preferred > choices for a cheaper laptop. I need a newer laptop too, so I will > look into those on ebay. > > Thanks > Chris Bennett >

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Fri, 14 Oct 2016 20:50:20 +0200 "thrph.i...@gmail.com" wrote: > or this kind... > > " The only truly secure system is one that is powered off, cast in a > block of concrete and sealed in a lead-lined room with armed guards - > and even then I have my doubts. " > It

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Mon, 17 Oct 2016 14:38:00 +0300 Gregory Edigarov wrote: > On 14.10.16 22:48, Raul Miller wrote: > > On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com > > wrote: > >> " The only truly secure system is one that is powered off, cast in > >> a

Re: Opinion about Rust and Go

You know things are bad when a programming language is named after a type of often-unwanted corrosion (often associated with iron alloys) or a type of devastating plant fungus. And what good are these "memory-safe" languages when there are so many that you won't be able to remember them? On Tue,

Re: doas(1) adjustable timeout length

Understood (though in this case it looks unfinished when 99% of the implementation is already present). In any case you have answered my original question. Thanks, Ted. On Tue, 14 Mar 2017 18:29:25 -0400 "Ted Unangst" wrote: > bytevolc...@safe-mail.net wrote: > > I'm not

Re: Topics for revised PF and networking tutorial

On Mon, 10 Apr 2017 17:10:55 -0500 Adam Thompson wrote: > You've asked almost the same question as "why does anyone need > tutorials? just read the man pages!" just at the next level up. The > answer is because the man pages aren't adequate to cover every > scenario,

Re: Substitute for other variables in pkg.conf(5)

On Fri, 7 Apr 2017 17:44:30 + (UTC) Stuart Henderson wrote: > On 2017-04-06, > wrote: > > Since pkg.conf(5) is no longer used, how would you set fullwidth, > > loglevel, nochecksum, ntogo? > > > > In particular, I

Re: Why isn't OpenBSD in Google Summer of Code 2017?...

This can all be done without GSoC, and OpenBSD is better off without it. Obviously I cannot speak on behalf of any OpenBSD developers here, this is just my thoughts based on observations of other open-source projects that did GSoC over the years. Some students were shit, letting the projects down

Re: Topics for revised PF and networking tutorial

I've been using a trick to emulate scheduled rules using IP tables. It would be nice to have something like this covered. I have even seen it in the silliest of home router firewalls. First, create a rule with a table like so: # Schedule Table table persist # Scheduled access to HTTP pass in

Re: Topics for revised PF and networking tutorial

On Wed, 5 Apr 2017 22:44:54 + (UTC) Stuart Henderson wrote: > On 2017-04-05, > wrote: > > I've been using a trick to emulate scheduled rules using IP > > tables. > > Nice trick. Anchors are also good for this. >

Substitute for other variables in pkg.conf(5)

Since pkg.conf(5) is no longer used, how would you set fullwidth, loglevel, nochecksum, ntogo? In particular, I am interested in fullwidth, loglevel, and ntogo.

Re: Is randomizing UID/GUID would make sense?

Thanks for the start points, Christian and Philip. I would have never thought about those use cases. I'll definitely look into this further. On Wed, 19 Apr 2017 13:31:08 + (UTC) Christian Weisgerber wrote: > On 2017-04-19, Philip Guenther wrote: > >

Re: Is randomizing UID/GUID would make sense?

Responding to multiple messages: On Fri, 20 Jan 2017 08:43:46 +0100 "minek van" wrote: > I can see that the default users and when creating new ones have > their UID/GUID incremented by 1. > > Could it bring more security if the UIDs/GUIDs would be random? On Mon, 23 Jan

Re: Is randomizing UID/GUID would make sense?

On Sat, 15 Apr 2017 23:16:18 -0600 "Theo de Raadt" wrote: > > Responding to multiple messages: > > > > On Fri, 20 Jan 2017 08:43:46 +0100 > > "minek van" wrote: > > > I can see that the default users and when creating new ones have > > > their UID/GUID

Re: For the super paranoid

In order for me to trust AMD's implementation, they first need to can that ridiculous Platform "Security" Processor. It is as useless and dangerous as Intel Management Engine, running unknown code. A more plausible attack would be an application using malloc() for a large segment of memory, and

Re: doas(1) adjustable timeout length

>From what I have read, it appears to be 15 minutes on some systems and 30 minutes on others, and this can be adjusted by the admin without having to recompile the code. I'm not saying "you must do everything my way or else", but rather I am trying to understand the reasoning behind making this

doas(1) adjustable timeout length

Hi, Are there plans (or perhaps code already being worked on) to allow doas(1) 'persist' to have a different time other than 5 minutes? I am thinking of writing a patch for this, but I do not want to duplicate effort if the devs have other/similar plans ahead. I would like to configure the

Re: For the super paranoid

>From your link: AMD replied: "Thanks for the inquiry. Currently we do not have plans to release source code but you make a good argument for reasons to do so. We will evaluate and find a way to work with security vendors and the community to everyone's benefit."

Re: doas(1) adjustable timeout length

On one box I test configuration edits and backups, I find myself using doas around once every 7-9 minutes, exceeding the 5 minute limit. Another box is basically a gateway, so I don't exceed 2 minutes between doas runs. It would be nice to have the option of deviating from the default, and the

Re: Please: Is there ANY chance that Linux binaries might run again???

On Wed, 8 Mar 2017 09:52:39 +1100 (AEDT) Damian McGuckin wrote: > On Tue, 7 Mar 2017, Stefan Wollny wrote: > > > Yes - I will (again) contact SoftMaker trying to persuade them to > > provide an OpenBSD-version of their office suite. But they seem to > > have none with some

Re: Topics for revised PF and networking tutorial

On Fri, 7 Apr 2017 17:39:16 + (UTC) Stuart Henderson wrote: > On 2017-04-06, > wrote: > > On Wed, 5 Apr 2017 22:44:54 + (UTC) > > Stuart Henderson wrote: > > > >> On 2017-04-05,

Re: OpenBSD httpd and HTTP/2

On Fri, 31 Mar 2017 12:14:34 +0200 Reyk Floeter wrote: > Isn't QUIC the hot new thing now? It is UDP, so Google can reinvent > TCP and turn even more of their browser into an OS-replacement ;) Oh come on now, how else will Google be able to claim they are inventing or

Re: Is randomizing UID/GUID would make sense?

On Sun, 16 Apr 2017 12:01:48 + (UTC) Stuart Henderson wrote: > On 2017-04-15, > wrote: > > OpenBSD still randomizes PIDs, but I don't see the point these days: > >

Re: Is randomizing UID/GUID would make sense?

An idiot whose question lacks clarity. My apologies. Of course software uses it. What I was trying to ask was *why* would software actually nee a deterministic PRNG, rather than "what software uses it." In other words, what will break if the PRNG was non-deterministic? Yes, it may be "standards

Re: pledge for sockets

I can imagine pledge(2) becoming very complex if individual ports are blocked. It is not just the syscall, it's also the code in the kernel. From what I can gather, pledge is really to restrict processes to a subset of functions available, rather than restricting each individual argument, unless

Re: Qubes-OS is "fake" security

Virtualization has its uses though, despite the hype. It is good for testing different system configurations before deployment, and is also a good way to save on physical resources for configuring multiple low-usage services that may require different OS or system config, such that it is not

Re: Sad story

Then the backup was restored, and they all lived happily ever after. :) On Mon, 5 Jun 2017 12:14:51 +0200 "L. R. S." wrote: > Forgot the passphrase of a full-disk encrypted OpenBSD system ;_; > So many documents will be lost, like [coughs] accesses to NULL. > > >

Re: Can I use OpenBSD as a desktop system?

On Sun, 11 Jun 2017 02:32:10 +0300 li...@wrant.com wrote: ... > Hi Nicolas, > > Soul of root canal is a half retarded troll, totally lacking any > character. I can not believe you're still falling for their simply > elemental tactics.. > > There is one absolutely zero diff between my init reply

Re: pledge for sockets

On Sun, 30 Apr 2017 00:29:01 +1000 wrote: ... > Even with "block reset all" in PF rules, nc does this. > > It would be nice if the "reset" keyword tells the kernel to return > EACCES when bind(2) is called on a port blocked by PF rules for a > particular user. Mistake

Re: code duplication

Just a tip from an outsider. I would suggest you show a little sympathy for those who are getting spammed by useless Nigerian scammers, cryptovirus authors, and the like, claiming to be some kind of "Head of Financial Business Management Department Business Managing Director" or some other sort

Re: Chip cheaper than chips

Not yet thanks. Not if it has that flawed Intel ME in it, I don't want it running on my routers. I have enough trouble coming to grips with AMD's Platform Security Processor rubbish, but at least that hasn't got any known exploits, and the firmware blob for it appears much smaller. On Fri, 01 Dec

Re: Chip cheaper than chips

Better yet, get rid of such insane rubbish in the first place. Why would you want a remote admin tool built into the CPU out of all things? On Mon, 4 Dec 2017 13:46:02 + Kevin Chadwick wrote: > Dangerous Bugs aren't new such as with core2duo but this is looking >

Re: Integrating "safe" languages into OpenBSD?

On Mon, 4 Dec 2017 16:24:52 +0100 Nicolas Schmidt wrote: > So they wrote a program that was a) shitty and b) memory-safe? Those are two > orthogonal dimensions. Also, the anecdotal evidence that safe languages > attract bad programmers does not imply that using safe

Re: The "like" factor

On Mon, 20 Nov 2017 00:40:38 +0100 wrote: > bytevolc...@safe-mail.net wrote: > > Perhaps it isn't just word/excel, but rather, getting used to the > > operating system changes and its antics. It appears you have changed > > their OS and their software, and this has upset them.

Re: SPOOFED: Re: The "like" factor

Perhaps it isn't just word/excel, but rather, getting used to the operating system changes and its antics. It appears you have changed their OS and their software, and this has upset them. No training was provided explaining to them the nooks and crannies of the new software, so they are

Re: Integrating "safe" languages into OpenBSD?

I've always subscribed to the idea that too much safety results in too may idiots, and the same is true for all these "safe" programming languages. "Oh I don't have to write any form of bounds-checking, because the language will do it for me." To add further insult to injury, if the language's

  1   2   >