Re: Because Theo de Raadt said that the buttons are for idiots?

On this list, English is the language to use, and Google translate does not cut it. I do think I understand what you're after, but have someone help you write comprehensible English and try again. /Alexander On October 20, 2016 8:11:20 PM GMT+02:00, SOUL_OF_ROOT 55

Re: PF suddenly thinks traffic is not part of an established connection anymore?

Should have mentioned it but the situation described below was with the 'defer' option of pfsync enabled. I think you are right about the problems being with TCP sequence number checks. I tried the PF rule with 'keep state (sloppy)' and that "fixes" the problem (or I guess it would be better

Re: Because Theo de Raadt said that the buttons are for idiots?

Because nobody answer? 2016-10-18 18:45 GMT-02:00 SOUL_OF_ROOT 55 : > Because Theo de Raadt said that the buttons are for idiots? > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/ > Attic/theo.c?rev=1.125 > > Peoples that participate in IRC of openbsd-br

Re: PF suddenly thinks traffic is not part of an established connection anymore?

For this config where you can't predict which firewall receives the packet from upstream, and especially if you end up with packets from your "inside" machine going through a different firewall as the one receiving external packets, you can run into problems with the TCP sequence number checking

Re: 4th nic for pcengines apu2

On 2016-10-20, Marc Peters wrote: > What about Supermicros with four em(4)? We have a pair of > > Product Name: X10SLM+-LN4F > > in production for a branch office with couple of ipsec tunnels. They > have four copper nics onboard and PCIe expansion slots, if you are in > need of

Re: Build a new kernel for apcupsd

On 2016-10-20, lilit-aibolit wrote: > Hi list. > In recent OpeBSD versions usb devices attached to upd driver. > This is why apcupsd doesn't detect APC USB devices. > > After installing apcupsd there is statement > how to deal with above situation: >

Re: Flaw resides in BTB helps bypass ASLR

On 10/20/16 11:46, Lampshade wrote: >> if you read the paper, you will notice that they only tested on Ubuntu and >> OSX, >> neither of which actually ship with ASLR enabled by default if I remember >> correctly. > > https://wiki.ubuntu.com/Security/Features which claims that ASLR is indeed

Re: Flaw resides in BTB helps bypass ASLR

On Thu, Oct 20, 2016 at 3:19 PM, Theo de Raadt wrote: >> On Thu, Oct 20, 2016 at 11:02 AM, Ted Unangst wrote: >> > >> > I recommend not letting attackers run code on your computer. >> >> Good idea, but then poor AWS/Xen/xVM/dockers/what ever container

Re: 4th nic for pcengines apu2

Am 10/19/16 um 21:03 schrieb Marko Cupać: > Hi, > > I have a budget which is a few times the price of single apu2. > Actually, initially I planned to use a pair of HPE ProLiant DL20 gen9 > for this purpose. Unfortunately, it appears DL20gen9s won't boot > OpenBSD:

Re: Flaw resides in BTB helps bypass ASLR

On Thu, Oct 20, 2016 at 11:20:01AM +0200, Peter N. M. Hansteen wrote: > On Thu, Oct 20, 2016 at 10:40:28AM +0200, Peter Janos wrote: > > Hello, > > > > http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha > > swell-cpu-509460.shtml > > ?? > > paper: > >

Re: ntpd terminates after a few seconds of running

On Thu, Oct 20, 2016 at 02:44:56PM +0200, Rafael Zalamena wrote: > On Thu, Oct 20, 2016 at 02:18:27PM +0200, Andreas Kusalananda K?h?ri wrote: > > Hi, > > > > Running -current on amd64, I noticed that the ntpd daemon wasn't > > responding: > > > > $ ntpctl -s all > > ntpctl: connect:

Re: Flaw resides in BTB helps bypass ASLR

> On Thu, Oct 20, 2016 at 11:02 AM, Ted Unangst wrote: > > > > I recommend not letting attackers run code on your computer. > > Good idea, but then poor AWS/Xen/xVM/dockers/what ever container cloud > provider users who do not buy whole box for themselves. you're missing

Build a new kernel for apcupsd

Hi list. In recent OpeBSD versions usb devices attached to upd driver. This is why apcupsd doesn't detect APC USB devices. After installing apcupsd there is statement how to deal with above situation:

Re: ntpd terminates after a few seconds of running

On Thu, Oct 20, 2016 at 02:18:27PM +0200, Andreas Kusalananda K?h?ri wrote: > Hi, > > Running -current on amd64, I noticed that the ntpd daemon wasn't > responding: > > $ ntpctl -s all > ntpctl: connect: /var/run/ntpd.sock: Connection refused > > So I restarted it and tried again: > >

ntpd terminates after a few seconds of running

Hi, Running -current on amd64, I noticed that the ntpd daemon wasn't responding: $ ntpctl -s all ntpctl: connect: /var/run/ntpd.sock: Connection refused So I restarted it and tried again: $ doas rcctl start ntpd ntpd(ok) $ ntpctl -s all 0/4 peers valid, constraint offset -1s, clock unsynced

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

Am 19. Oktober 2016 19:48:49 MESZ, schrieb Mikael : > 2016-10-20 1:15 GMT+08:00 Ralph Siegler : > .. > > > Their ecosystem? > > > > closed source softwares including for x86-64 like Websphere, DB2, MQ, > > > .. > > > Hardware platforms limited to

Re: 4th nic for pcengines apu2

Hi, I am planning to try DL320e G8 v2, in the same price range of the DL20 G9. If you have a few weeks I should be able to tell you if it works. For the APU, I would go with a manageable switch and VLAN. -- Cordialement, Pierre BARDOU -Message d'origine- De : Marko Cupać

Re: Flaw resides in BTB helps bypass ASLR

On Thu, Oct 20, 2016 at 11:02 AM, Ted Unangst wrote: > > I recommend not letting attackers run code on your computer. Good idea, but then poor AWS/Xen/xVM/dockers/what ever container cloud provider users who do not buy whole box for themselves.

Re: Flaw resides in BTB helps bypass ASLR

> if you read the paper, you will notice that they only tested on Ubuntu and > OSX, > neither of which actually ship with ASLR enabled by default if I remember > correctly. https://wiki.ubuntu.com/Security/Features

Re: Flaw resides in BTB helps bypass ASLR

On Thu, Oct 20, 2016 at 10:40:28AM +0200, Peter Janos wrote: > Hello, > > http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha > swell-cpu-509460.shtml > ?? > paper: > http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs > /micro16.pdf] > ?? >

Re: Flaw resides in BTB helps bypass ASLR

Peter Janos wrote: > Hello, > > http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha > swell-cpu-509460.shtml >   > paper: > http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs > /micro16.pdf] >   > could we somehow prevent this attack on

PF suddenly thinks traffic is not part of an established connection anymore?

Hi list! I've ran into a situation with PF which I don't quite understand. The situation is as follows; I have 2 OpenBSD firewalls connected to an upstream provider which forwards traffic to us via equal cost multi path routing (ECMP). The firewalls are connected via a crossover cable over wich

Flaw resides in BTB helps bypass ASLR

Hello, http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha swell-cpu-509460.shtml   paper: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs /micro16.pdf]   could we somehow prevent this attack on OpenBSD?