Re: dangerously dedicated physical disks.
On Sun, 22 Sep 2013 08:25:24 -0600 (MDT), Warren Block wrote: It's dangerous because that partitioning format is rare outside of BSD-based systems. Disk utilities may not recognize it, and could damage it. I think this is a good characterization of the term currently used. In historical context this layout would deserve the name traditional, as non-PC BSD installations did not _require_ a MBR enclosing to be present - this is a concept introduced by the PC world. Most PCs still work with dedicated perfectly well if desired (even though there is no real reason to use that layout approach). I try to avoid the part dangerously because the danger is only significant in non-BSD land, like some obscure systems that could try to repair something and cause data loss, which is well known and feared... :-) Most of the rest of the world used MBR partitioning, which allowed up to four MBR partitions (called slices by FreeBSD) per disk. Those are, precisely called DOS primary partitions (in difference to DOS extended partitions which somehow behave like slices in BSD terminology). :-) Yes, one partition format inside another. It only seems complicated because it is. Which makes it useful and flexible. :-) With GPT, there is no reason to use BSD disklabels at all. And most modern computers do not have any problem booting it. The old MBR approach (as well as dedicated) will probably only be needed in niche applications and exceptions. You can have all the advantages of being easy stuff known from dedicated layout by using the GPT tools, plus you gain more compatibility if this matters. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
What is Negative permissions
In the daily security run I see the following: Checking setuid files and devices: Checking negative group permissions: 3791965 -rwxr--r-x 1 admin wheel 172 Mar 9 10:59:55 2011 /usr/home/admin/bin/noip_update.sh Is it just a reminder that the group has no x permissions or should I give those permissions? Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What is Negative permissions
On 23/09/2013 11:54, Leslie Jensen wrote: In the daily security run I see the following: Checking setuid files and devices: Checking negative group permissions: 3791965 -rwxr--r-x 1 admin wheel 172 Mar 9 10:59:55 2011 /usr/home/admin/bin/noip_update.sh Is it just a reminder that the group has no x permissions or should I give those permissions? Yes, basically. It's obviously very odd to give everyone OTHER than :wheel members permission to run it. What about user root in group wheel - is root allowed to run it? Actually, yes, even though you might think you've forbidden members of wheel. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
vBSDcon Registrations Only Open For 30 More Days!
Hi all, There are only 30 more days left to register for Verisign's vBSDcon. Online registrations will become unavailable October 23, 2013. For those planning to attend, we encourage you to register soon at http://www.vbsdcon.com/. You will not want to miss this event. There will presentations by several well seasoned technologists such as Baptiste Darroussin on the subject of PkgNG, a new packaging system for FreeBSD based system such as FreeBSD, PC-BSD, and Dragonfly BSD. Baptiste has a background in UNIX Systems Engineering and is involved in multiple facets of the FreeBSD project including being a Ports committer for 3 years and a src committer for 2 years. His involvement also includes being a member of the Port management team. PkgNG, a new package management framework for FreeBSD, is one of Baptiste's primary roles where he is a lead developer. In addition to plenary speakers, vBSDcon will also feature after conference hours Hacker Lounges and Doc Sprints. These sessions will be available for the entire BSD communities to include NetBSD, OpenBSD, FreeBSD, and other BSD based distributions to have a collaborative space to work and communicate with one another. Complimentary wireless internet access will also be available. We look forward to seeing you all there for this opportunity to come together as a community. Remember, online registrations will close on October 23, 2013. Register for vBSDcon at http://www.vbsdcon.com/. -- Vincent (Rick) Miller Systems Engineer vmil...@verisign.com t: 703.948.4395 m: 703.581.3068 12061 Bluemont Way, Reston, VA 20190 http://www.vbsdcon.com/ http://www.verisigninc.com/ This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dangerously dedicated physical disks.
On Mon, Sep 23, 2013 at 6:25 AM, Polytropon free...@edvax.de wrote: With GPT, there is no reason to use BSD disklabels at all. And most modern computers do not have any problem booting it. The old MBR approach (as well as dedicated) will probably only be needed in niche applications and exceptions. You can have all the advantages of being easy stuff known from dedicated layout by using the GPT tools, plus you gain more compatibility if this matters. Not entirely. Due to GEOM specs, if you create a GELI encrypted container, you cannot use GPT partitioning inside that container. You must use BSD. This is an edge case, and I've submitted a bug about it a while ago, but like I just said, this is apparently a feature not a bug. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
All: It's good to see corporate support of BSD, but at the same time I have mixed feelings about certain corporations -- Verisign among them -- hosting BSD-related conferences or becoming involved in the development of BSD-based operating systems. Why? Because Verisign, based in Reston, Virginia (the city next door to Vienna, VA, home of the NSA), has strong ties to this shadowy agency. The NSA, in turn -- as reported in documents recently leaked by Edward Snowden -- has a very strong interest in weakening the security of cryptographic algorithms, cryptographic software, and operating systems. We may want to look this gift horse very carefully in the mouth, or at least monitor very closely contributions of code that might introduce backdoors or weaknesses. --Brett Glass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
Brett Glass wrote: All: It's good to see corporate support of BSD, but at the same time I have mixed feelings about certain corporations -- Verisign among them -- hosting BSD-related conferences or becoming involved in the development of BSD-based operating systems. Why? Because Verisign, based in Reston, Virginia (the city next door to Vienna, VA, home of the NSA), has strong ties to this shadowy agency. No. I used to work right down the street from Network Solutions (now known as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was better off to stay where I was. The NSA is headquartered at Ft Meade, near Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few miles down the Dulles Toll Rd to the west. I've been to all these places, so this is not some MapQuest google for me. The NSA, in turn -- as reported in documents recently leaked by Edward Snowden -- has a very strong interest in weakening the security of cryptographic algorithms, cryptographic software, and operating systems. We may want to look this gift horse very carefully in the mouth, or at least monitor very closely contributions of code that might introduce backdoors or weaknesses. On some level I agree with this - to a point. Examine how the NSA maneuvered the NIST to approve and mandate the FIPS-140 protocols, where deeply concealed was a known weak prng. To some of us this is not news - we've known it for a long time. Arguments of pro vs con, good vs evil, ad infinitum ad nauseum, etc, are better served in a different venue. It is so much easier to get away with concealing such things inside the closed-source paradigm. What I like and admire with open source is the code is out there in public for all to examine. These truly arcane crypto stuffs operate at such a high level of mathematical complexity that even very highly skilled cryptographer/mathematicians argue amongst themselves. I am just not that smart, or that highly educated. There are some in the open source community who do have very large propellers on their beanie caps. I defer to them simply because they are smarter then me. I would trust them long before I would trust closed source. I agree about the 'looking the gift horse in the mouth' concept. Bear in mind, however, some of the guys at NIST are pretty smart too. And yet this FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed open source in general) to try and engage, include, and attract to the community the kinds of elite mathematician who may have the facilities to examine the code at a higher level than can dummies like me. Whenever The Citadel wants the public to fixate on any one particular brouhaha I know they are trying to get everyone looking in a particular direction whilst they are pulling something else. Verisign may very well have some other obfuscated agenda. Take a step backwards and try to obtain some view of the bigger picture (hint). Will not elaborate here, even though I do have some crackpot ideas. I find it highly ironic: http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden I got no end of amusement from this. Just my $ 0.02. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
Any contribution from a company like Verisign needs to be carefully scrutinized. I also don't think it wise to allow them to take a leadership role of any type. On Mon, Sep 23, 2013 at 4:29 PM, Michael Powell nightre...@hotmail.com wrote: Brett Glass wrote: All: It's good to see corporate support of BSD, but at the same time I have mixed feelings about certain corporations -- Verisign among them -- hosting BSD-related conferences or becoming involved in the development of BSD-based operating systems. Why? Because Verisign, based in Reston, Virginia (the city next door to Vienna, VA, home of the NSA), has strong ties to this shadowy agency. No. I used to work right down the street from Network Solutions (now known as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was better off to stay where I was. The NSA is headquartered at Ft Meade, near Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few miles down the Dulles Toll Rd to the west. I've been to all these places, so this is not some MapQuest google for me. The NSA, in turn -- as reported in documents recently leaked by Edward Snowden -- has a very strong interest in weakening the security of cryptographic algorithms, cryptographic software, and operating systems. We may want to look this gift horse very carefully in the mouth, or at least monitor very closely contributions of code that might introduce backdoors or weaknesses. On some level I agree with this - to a point. Examine how the NSA maneuvered the NIST to approve and mandate the FIPS-140 protocols, where deeply concealed was a known weak prng. To some of us this is not news - we've known it for a long time. Arguments of pro vs con, good vs evil, ad infinitum ad nauseum, etc, are better served in a different venue. It is so much easier to get away with concealing such things inside the closed-source paradigm. What I like and admire with open source is the code is out there in public for all to examine. These truly arcane crypto stuffs operate at such a high level of mathematical complexity that even very highly skilled cryptographer/mathematicians argue amongst themselves. I am just not that smart, or that highly educated. There are some in the open source community who do have very large propellers on their beanie caps. I defer to them simply because they are smarter then me. I would trust them long before I would trust closed source. I agree about the 'looking the gift horse in the mouth' concept. Bear in mind, however, some of the guys at NIST are pretty smart too. And yet this FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed open source in general) to try and engage, include, and attract to the community the kinds of elite mathematician who may have the facilities to examine the code at a higher level than can dummies like me. Whenever The Citadel wants the public to fixate on any one particular brouhaha I know they are trying to get everyone looking in a particular direction whilst they are pulling something else. Verisign may very well have some other obfuscated agenda. Take a step backwards and try to obtain some view of the bigger picture (hint). Will not elaborate here, even though I do have some crackpot ideas. I find it highly ironic: http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden I got no end of amusement from this. Just my $ 0.02. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
Hi, Good points in Brett Michael's posts, but for brevity not copied. Best avoid having code written reviewed just in USA as it would get less trust globaly, NSA is a known alien mega spy, USA even coerces non USA citizens outside USA, eg http://www.theguardian.com/world/2009/aug/01/gary-mckinnon-extradition-nightmare http://www.change.org/en-GB/petitions/ukhomeoffice-stop-the-extradition-of-richard-o-dwyer-to-the-usa-saverichard Best encourage FreeBSD sources to be used suspiciously reviewed by a variety of programmers mathematicians/ cryptologists from different backgrounds countries; Max chance of loophole reporting with more people from a spectrum of countries with rival mutualy distrusting governments from such as eg { Britain, China, France, Germany, Israel, North Korea, Russia, Syria, USA } etc. Presumably nearly all of us are cluless on crypto. math. so meantime encourage involvement of citizens of at least a few different dis-trusting countries. Kernels perhaps have less reviewers than cross-OS S/W eg GPG Open-SSH etc, so kernels might be target of choice of suborners ? Maybe FreeBSD Foundation could set up a cheap bonus scheme for security bugs exposed/ fixed - Special edition coffee mugs, non purchasable, sent only as a reward, posted globaly free. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with . Send plain text. No quoted-printable, HTML, base64, multipart/alternative. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
On Mon, 2013-09-23 at 20:00 -0400, Robert Simmons wrote: Any contribution from a company like Verisign needs to be carefully scrutinized. No it has to be turned down flat. Huge companies from the USA at all events are untrustworthy. The only trustworthy companies are such companies: I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. - http://lavabit.com/ Levison said that he could be arrested for closing the site instead of releasing the information, and it was reported that the federal prosecutor's office had sent Levinson's lawyer an e-mail to that effect. - https://en.wikipedia.org/wiki/Lavabit There can't be any doubts about it, Verisign will do what they can do to make FreeBSD insecure. Nothing good will contributed by them. Not a single big company from the USA does not cooperate with the NSA, they all cooperate with the NSA. Regards, Ralf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dangerously dedicated physical disks.
On Mon, 23 Sep 2013, Robert Simmons wrote: On Mon, Sep 23, 2013 at 6:25 AM, Polytropon free...@edvax.de wrote: With GPT, there is no reason to use BSD disklabels at all. And most modern computers do not have any problem booting it. The old MBR approach (as well as dedicated) will probably only be needed in niche applications and exceptions. You can have all the advantages of being easy stuff known from dedicated layout by using the GPT tools, plus you gain more compatibility if this matters. Not entirely. Due to GEOM specs, if you create a GELI encrypted container, you cannot use GPT partitioning inside that container. You must use BSD. This is an edge case, and I've submitted a bug about it a while ago, but like I just said, this is apparently a feature not a bug. It's not GEOM, it's just GPT. By specification, the backup partition table has to be at the end of the disk. That interferes with anything else that wants to put metadata there, like GELI or gmirror. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org