On 12/09/13(Thu) 13:50, Philip Guenther wrote:
On Thu, Sep 12, 2013 at 10:19 AM, Mike Belopuhov m...@belopuhov.com wrote:
...
either way, we need to move forward on this. we want to use if_index
for the purpose of looking up the interface w/o a pointer to the ifnet.
This sounds like just
Physical email is as susceptible to MITM attacks as network connections. I
know a story of laptops entering the mail system and car springs coming
out the other end in the same box. :-)
Yes, the MITM was DPD. Great currier. I recommand it to everyone. NOT!
Yes, the MITM was DPD. Great currier. I recommand it to everyone. NOT!
^courier
On 2013/09/13 09:10, Martin Pieuchot wrote:
On 12/09/13(Thu) 13:50, Philip Guenther wrote:
(I don't get why it's useful for tun0-in-layer3 mode to have the same
if_index as tun0-in-layer2 mode. The properties are so different that
there doesn't really seem to be continuity of identity
On Fri, Sep 13, 2013 at 10:32:43AM +0300, Paul Irofti wrote:
Yes, the MITM was DPD. Great currier. I recommand it to everyone. NOT!
^courier
the two aren't necessarily mutually exclusive ;)
- P
--
Peter N. M. Hansteen, member of the first RFC 1149
On 12/09/13(Thu) 18:56, Henning Brauer wrote:
* Mike Belopuhov m...@belopuhov.com [2013-09-12 17:54]:
it makes no sense whatsoever, reyk. those indices can be easily
stolen and nobody guarantees that if you create vlan10, vlan11,
then destroy vlan10, create vlan12 and vlan10 that vlan10
Security itself is not the primary issue here. The issue is to easily prove
an assessor without reasonable doubt that you are running the right thing.
They will not worry about governments trying to break in with MITM signed
ssl or about armies breaking in with the tanks. But they would worry
While debugging a problem with pcscd from security/pcsc-lite
06361622 hotplug_libusb.c:514:HPAddHotPluggable() Adding USB device: 3:2:0
0191 hotplug_libusb.c:558:HPAddHotPluggable() libusb_open failed: -4
We (Damien and me) quickly found that the cause was:
16097 pcscdGIO fd 1 wrote
On Fri, Sep 13, 2013 at 09:53:03AM +0200, Martin Pieuchot wrote:
-let snmpd (or sth else) make up ifindices just for that purpose
That looks like the best solution to me. If a userland program want
to expose following numbers, then it probably needs to create its own
indexes anyway, even
* Valentin Zagura put...@gmail.com [2013-09-13 10:15]:
Security itself is not the primary issue here. The issue is to easily prove
an assessor without reasonable doubt that you are running the right thing.
They will not worry about governments trying to break in with MITM signed
ssl or about
On 2013/09/13 09:53, Martin Pieuchot wrote:
On 12/09/13(Thu) 18:56, Henning Brauer wrote:
-let snmpd (or sth else) make up ifindices just for that purpose
That looks like the best solution to me. If a userland program want
to expose following numbers, then it probably needs to create its
* Reyk Floeter r...@openbsd.org [2013-09-13 10:20]:
please read the history: if_index _was_ created for SNMP.
I'm not at all certain you got the history right there...
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting,
On 13/09/13(Fri) 10:14, Reyk Floeter wrote:
On Fri, Sep 13, 2013 at 09:53:03AM +0200, Martin Pieuchot wrote:
-let snmpd (or sth else) make up ifindices just for that purpose
That looks like the best solution to me. If a userland program want
to expose following numbers, then it
On 13/09/13(Fri) 10:17, David Coppa wrote:
While debugging a problem with pcscd from security/pcsc-lite
06361622 hotplug_libusb.c:514:HPAddHotPluggable() Adding USB device: 3:2:0
0191 hotplug_libusb.c:558:HPAddHotPluggable() libusb_open failed: -4
We (Damien and me) quickly found
On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
mpieuc...@nolizard.org wrote:
Out of curiosity, can I see the dmesg for this machine? I'd like to
know which devices attach at ugen(4).
ask djm@
Makes sense to me, it's not too difficult to have more than 2 usb
devices attached as ugen(4)
On Fri, Sep 13, 2013 at 10:45:57AM +0200, Martin Pieuchot wrote:
No, that's utterly stupid. The interface index is a value that is
supposed to be consistent across the system. How should it be synced
with other userland tools? How would you handle it in if_nametoindex
and friends?
So
On 2013/09/13 10:59, David Coppa wrote:
On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
mpieuc...@nolizard.org wrote:
Out of curiosity, can I see the dmesg for this machine? I'd like to
know which devices attach at ugen(4).
ask djm@
Makes sense to me, it's not too difficult to
On Fri, Sep 13, 2013 at 11:19 AM, Stuart Henderson st...@openbsd.org wrote:
On 2013/09/13 10:59, David Coppa wrote:
On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
mpieuc...@nolizard.org wrote:
Out of curiosity, can I see the dmesg for this machine? I'd like to
know which devices attach
On Fri, 13 Sep 2013, Martin Pieuchot wrote:
16097 pcscdNAMI /dev/ugen2.00
Out of curiosity, can I see the dmesg for this machine? I'd like to
know which devices attach at ugen(4).s
It's a Lenovo x61t. Two devices attach to ugen before I plug anything in,
the built-in fingerprint
On Fri, Sep 13, 2013 at 4:01 PM, Kirill Bychkov ki...@linklevel.net wrote:
On Fri, September 13, 2013 13:19, Stuart Henderson wrote:
On 2013/09/13 10:59, David Coppa wrote:
On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
mpieuc...@nolizard.org wrote:
Out of curiosity, can I see the dmesg
In general, when we don't have enough of a device, we end up with clonable
shit or something don't we ?
We've all expressed reasonable doubt. In the US you can be assured
that the USPS will open, scan, read, and deliver your mail. So it's
reasonable to believe that they may also tamper with your openbsd
CD's. Just buy the disks, let this thread die along with the stupidity
of PCI-DSS (which I've
Date: Fri, 13 Sep 2013 17:55:17 +0200
From: Marc Espie es...@nerim.net
In general, when we don't have enough of a device, we end up with clonable
shit or something don't we ?
Not really. Cloneable devices are used to create per-open context.
People,
Let me mention my sadness at trying to research this.
1. The PCI-DDS v 2.0 pdf is behind a click through that proports to create
a binding legal contract. So the boilerplate looked okay but there was a
warning about the document mayhaps being a controlled munition. I was
irritated and
On Fri, Sep 13, 2013 at 07:24:27PM +0200, Mark Kettenis wrote:
Date: Fri, 13 Sep 2013 17:55:17 +0200
From: Marc Espie es...@nerim.net
In general, when we don't have enough of a device, we end up with clonable
shit or something don't we ?
Not really. Cloneable devices are used to
I think you're in trouble. Some of the software on the openbsd CDs was written
by me,
and I never made any promises it's safe to use on an important
server. Not that you should trust me even if I did make such a promise.
It's software you're getting from the Internet. Made by people from the
Not really. Cloneable devices are used to create per-open context.
well, it seems to me that having a limit on the number of devices like usb
stuff or something is somewhat wasteful. It would probably be nicer if it
could adjust automatically (note that I have no idea how much more work
Commercial software is the same. They make it clear that no promises are
made that the software is fit for any particular purpose in the EULA. My
assumption is making such a promise would hold them accountable when it
failed, and I doubt any company would find it profitable to invest in
enough
Reyk Floeter wrote:
Yes, in theory if_index should be fixed and return a consistent number
between 1 and the number of interfaces. But this is obviously
difficult and I'm not sure if it's worth the effort. So the hack
that you're going to remove was a best effort. But putting another
29 matches
Mail list logo
