If you want the slave machine (the one currently not winning the carp
elections) to be able to send traffic (logs, mail, respond to monitoring
and so on), you want local traffic to be originating from the interface IP
and not the carp ip.
2014-04-09 2:54 GMT+02:00 Florenz Kley f...@well.com:
On Tue, Apr 8, 2014 at 9:40 PM, Theo de Raadt dera...@cvs.openbsd.org wrote:
OpenSSL is not developed by a responsible team.
And on twitter and google+ I've seen a lot of people who believe that
OpenSSL is an OpenBSD project :(
* Chris Cappuccio ch...@nmedia.net [2014-01-18 21:25]:
Mike, [...], You were henning's roommate
err, no.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Perfect Forward Secrecy by default? Is it on in OpenBSD?
On Wed, Apr 9, 2014 at 9:07 AM, David Coppa dco...@gmail.com wrote:
On Tue, Apr 8, 2014 at 9:40 PM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
OpenSSL is not developed by a responsible team.
And on twitter and google+ I've seen a
On Apr 9, 2014, at 08:39, Janne Johansson icepic...@gmail.com wrote:
If you want the slave machine (the one currently not winning the carp
elections) to be able to send traffic (logs, mail, respond to monitoring and
so on), you want local traffic to be originating from the interface IP and
On 2014-04-09, sven falempin sven.falem...@gmail.com wrote:
i which this : https://polarssl.org was open and inside the base
You can wish, but that is commercial+GPL code so OpenBSD can't use it in base.
https://en.wikipedia.org/wiki/Secure_Transport#Overview
Though I wonder how many OpenSSL
On 2014-04-09, Florenz Kley f...@well.com wrote:
hello misc,
can anyone please help me with a pointer:
two hosts have one interface each configured on the same subnet (.1 and .2),
and also have a carp interface (.3) using the interfaces as carpdev. No load
balancing is configured.
Is
On 2014-04-08, Giancarlo Razzolini grazzol...@gmail.com wrote:
I find it very useful using a very simple script I created that:
1) Opens up /etc/pf.conf using whatever editor is in $EDITOR
2) After you save it, it uses pfctl -nf to check pf.conf syntax
3) If you made a mistake,
2014-04-09 11:31 GMT+02:00 Stuart Henderson s...@spacehopper.org:
Hmm.. It is often fairly quick to pick up rules which over-block (though
problems with jobs which only occur weekly or monthly can take a while to
track down, and also there are situations where you won't notice a
problem
Hi all
I took the heartbleed bug as a pretext to redo my entire PKI, and
while reading openssl's man page, I have a couple of doubts regarding
the sample configuration file on the CA EXAMPLE section:
RANDFILE = $dir/private/.rand
...
default_md = md5
I don't know enough about SSL to be sure
On Wed, Apr 09, 2014 at 04:01:07AM +0100, Raf Czlonka wrote:
That may have something to do with the way you have configured TLS (i.e.
version) either under 'nginx' or 'Firefox'[0].
Thanks. I should probably have mentioned that I got the same error (ssl
handshake failed) in xombrero and luakit
Hi folks,
I have implemented ypldap and it is working quite well. But i am having a
hard time getting netgroups to work locally.
In my user database i have adding the following entry using vipw:
+@we:*/bin/ksh
My netgroup file is:
we (,grios,mojave)
When i issue a finger command, it
Em 09-04-2014 06:31, Stuart Henderson escreveu:
On 2014-04-08, Giancarlo Razzolini grazzol...@gmail.com wrote:
If you're going to script this, you could have it make a copy of the
file and work on that, so an unexpected reboot won't leave you with a
pf.conf that may have errors.
For even
Em 09-04-2014 05:02, nobody escreveu:
Perfect Forward Secrecy by default? Is it on in OpenBSD?
I use httpd and with the default configuration it uses PFS by default,
if you just enable ssl and setup the cert and key. But it allows any
cipher, so an old browser or a client that does not support
Hi folks,
i am trying to get my ypldap working with a single user entry in passwd
comeing from the ldap directory.
I changed the passwd file (using vipw) and add the following line:
+grios:*
When i issue a id grios on command line, i get:
obsd# id grios
uid=2000(grios) gid=2000(ord)
I took the heartbleed bug as a pretext to redo my entire PKI, and
while reading openssl's man page, I have a couple of doubts regarding
the sample configuration file on the CA EXAMPLE section:
RANDFILE = $dir/private/.rand
...
default_md = md5
I don't know enough about SSL to be sure
Theo de Raadt wrote:
Some other debugging toolkits get them too. To a large extent these
come with almost no performance cost.
Is there any special reason why there is no /etc/malloc.conf by
default (linking to, say, 'S') then?
Philippe
On Wed, Apr 09, 2014 at 11:49:56AM -0400, Philippe Meunier wrote:
Theo de Raadt wrote:
Some other debugging toolkits get them too. To a large extent these
come with almost no performance cost.
Is there any special reason why there is no /etc/malloc.conf by
default (linking to, say, 'S')
Theo de Raadt wrote:
Some other debugging toolkits get them too. To a large extent these
come with almost no performance cost.
Is there any special reason why there is no /etc/malloc.conf by
default (linking to, say, 'S') then?
Yes, there's a real good reason -- too much portable software
Is there any hope of OpenBSD running on IBM Power hardware (System P,
LPAR) in the future?
I've recently been working with this hardware and it’s pretty amazing.
I can't speak to its future market share but there seems to be a lot
of propaganda from IBM regarding “Linux on Power” which suggests
On 9 April 2014 12:24, Fil Di Noto fdin...@gmail.com wrote:
Is there any hope of OpenBSD running on IBM Power hardware (System P,
LPAR) in the future?
I've recently been working with this hardware and it's pretty amazing.
I can't speak to its future market share but there seems to be a lot
Hi All,
I've been working on a diff to get SSHFP support for ed25519 in OpenSSH.
SM has been working through the IETF process to obtain the SSHFP RR Type
number.
Despite getting rough consensus, we still haven't heard anything from the
IETF Security Directors for the draft. SM sent a mail
Le 2014-04-09 12:47, Loganaden Velvindron a écrit :
This situation is rather unusual, and that makes me wonder what's
exactly going on there, as I believe that we've done our homework
correctly.
UNUSUAL??? The IETF is notorious for its incredible delays. The
situation is typical IMHO.
Nobody
Le 2014-04-09 12:47, Loganaden Velvindron a écrit :
This situation is rather unusual, and that makes me wonder what's
exactly going on there, as I believe that we've done our homework
correctly.
UNUSUAL??? The IETF is notorious for its incredible delays. The
situation is typical IMHO.
Em 09-04-2014 14:29, Theo de Raadt escreveu:
Alternatively, come to a realization that SSH is not controlled by the
IETF.
Let's be honest. Although SSHFP records are a great thing, very few
system administrators use it. I use it myself. But only in my internal
network and in my own resolver
On 2014-04-09, Theo de Raadt dera...@cvs.openbsd.org wrote:
Is there any special reason why there is no /etc/malloc.conf by
default (linking to, say, 'S') then?
Yes, there's a real good reason -- too much portable software
breaks.
No, the performance impact of the stricter malloc options
I should add that once using source control abs a script to manage edits to
pf.conf, it is easy to use at(1) to simulate Juniper's commit confirmed
feature, adding another level of safety.
-Adam
On April 9, 2014 7:50:14 AM CDT, Giancarlo Razzolini grazzol...@gmail.com
wrote:
Em 09-04-2014
Hi folks
I have been recently playing with OpenBSD.
I am very impressed with the whole experience, great job people !!
I am using an HP nc6320 Laptop.
Quite often, I get an error similar to this with amd64 5.4 and 5.5
acpitz3: critical temperature exceeded 3786C, shutting down
For me it was a
The server is back online syncing, sorry the delay.
--
Sending from my pocket toaster...
On Wed, 9 Apr 2014, Loganaden Velvindron wrote:
Maybe the OpenSSH community needs to get involved, so that we can
get work done :-) ?
I think getting involved will be a matter of us acting unilaterally
and just committing support for the new SSHFP code point.
-d
Maybe the OpenSSH community needs to get involved, so that we can
get work done :-) ?
I think getting involved will be a matter of us acting unilaterally
and just committing support for the new SSHFP code point.
If that is what it takes to reserve a number these days...
It has been done
Hi,
I've having this extremely wierd issue.
My hostname is elysion.barrera.io. When I try to ping, curl, or something
alike aDomainIReallySureDoeNotExist.com, it pings/curls/whatever
my local domain. Maybe an example can me clearer:
# ping adsfsdgasdadsfasfsdfasdf.net
PING elysion.barrera.io
Stuart Henderson stu at spacehopper.org writes:
On 2014-04-09, sven falempin sven.falempin at gmail.com wrote:
i which this : https://polarssl.org was open and inside the base
You can wish, but that is commercial+GPL code so OpenBSD can't use it in base.
What I would wish for is the
Em 10-04-2014 00:43, Hugo Osvaldo Barrera escreveu:
Hi,
I've having this extremely wierd issue.
My hostname is elysion.barrera.io. When I try to ping, curl, or something
alike aDomainIReallySureDoeNotExist.com, it pings/curls/whatever
my local domain. Maybe an example can me clearer:
#
On 2014-04-10 01:16, Giancarlo Razzolini wrote:
Em 10-04-2014 00:43, Hugo Osvaldo Barrera escreveu:
Hi,
I've having this extremely wierd issue.
My hostname is elysion.barrera.io. When I try to ping, curl, or something
alike aDomainIReallySureDoeNotExist.com, it pings/curls/whatever
my
On Wed, Apr 9, 2014 at 8:44 PM, Ralph W Siegler rsieg...@rsiegler.orgwrote:
Stuart Henderson stu at spacehopper.org writes:
On 2014-04-09, sven falempin sven.falempin at gmail.com wrote:
i which this : https://polarssl.org was open and inside the base
You can wish, but that is
The problem with that as I see it is that people will complain about
not being able to donate to a specific subset of the project. As
with OpenSSH in the past and probably present. The same way many
complained before the foundation existed about paying Theo's power
bill and humble salary.
On Wed, Apr 9, 2014 at 10:25 PM, Theo de Raadt dera...@cvs.openbsd.orgwrote:
The problem with that as I see it is that people will complain about
not being able to donate to a specific subset of the project. As
with OpenSSH in the past and probably present. The same way many
complained
38 matches
Mail list logo