derstand this first sentence.
>
> I would like to see the address lifetime, which address is preferred, which
> is deprecated, etc. On Linux a simple command like "ip a s" shows.
As quoted above, ifconfig is your friend:
[Wed Apr 19 14:19:35] peter@elke:~$ ifconfig iwm0
iwm0: fl
ated, you could do worse than head
over to http://www.openbsd.org/donations.html and donate an equivalent
(or larger!) amount via whatever option appears appropriate.
I'm sure this will make you feel even better while downloading the release.
--
Peter N. M. Hansteen, member of the first RFC 1149 imple
was actually quite simple: the installer does not select the
bsd.mp kernel automatically, but do select it. Then it will get
installed and the system will boot the correct mp kernel.
I'm sure we can supply more detail if needed.
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149
=160633=6271=WACOM+CTL-490DW
Any feedback would be appreciated.
Regards,
-peter
that point :D
Yes and no.
With a sufficiently restrictive rule set (eg
https://home.nuug.no/~peter/pf/newest/simplest-secure.html just to do
some blatant self-promotion) you could be fairly certain to have
successfully prevented access of any kind via the network.
Working from tha
oad ' option.
Tables can hold both inet and inet6 items, and you can add them as
single addresses or with masks:
[Fri Apr 07 18:31:40] peter@skapet:~$ doas pfctl -t myself -T show
127.0.0.1
192.168.103.1
213.187.179.198
::1
2001:470:27:658::2
2001:470:28:658::1
2001:470:df85:dead:bee
cluded.
On the other hand there is a chance we will be able to offer a similar
session at EuroBSDCon too, but no decisions have been made yet.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Reme
y addresses DHCPv6 prefix delegation.
Peter
0
C Netherlands
P
T Huizen
Z 1273 LD
O Wenka Computer Systems
I
A Delta 81
M i...@wenka.nl
U http://www.wenka.nl/en/
B +31 85 111 8800
X
N IT security, networking and open source software consultancy.
OpenBSD-based networking and VoIP support.
0
C Netherlands
P
T Huizen
Z 1273 LD
O Wenka Computer Systems
I
A Delta 81
M i...@wenka.nl
U http://www.wenka.com/en/
B +31 85 111 8800
X
N IT security, networking and open source software consultancy. OpenBSD-based
networking and VoIP support.
o you have questions on PF and related matters, or are there specific
topics you would like to see covered?
We want to hear from you, either contact us directly at the reply-to
address use the list.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot
Yes, that's the point of QUIC.
On 2017 Mar 31 (Fri) at 13:30:59 +0200 (+0200), Marina Ala wrote:
:UDP servers listening? would that open possibility for massive DOSes?
:
:
:Sent: Friday, March 31, 2017 at 12:14 PM
:From: "Reyk Floeter"
:To: "Marina Ala"
e (yes, that could be time consuming),
if at all possible collecting dmesg output for each variation (saving to
somewhere on the usb stick you're installing from should work fine).
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://w
ely to be time consuming (just ask the people who did just that
on the OpenBSD source and ports trees at least once), but unless they get
everyone
explicitly on board with the new license they will need to go through one.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation tea
There is no way hardware supported way to do this on mainstream Intel / AMD.
Yes it's possible to make a chip that could do it. No it's not reasonable, it
would destroy performance without really helping that much. If you are facing
an adversary powerful enough to have access to your RAM sticks,
t most
of Michael's books, btw)
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconne
>> add athn0
>
> If i recall correctly, from some discussion on misc@, you cannot use a
> wireless interface in a bridge ( athn0 or all, I'm not sure). But
> maybe I say something wrong, search the archive.
>
You certainly can have a wireless device in a bridge, this is how my current
hostap athn
n even think of several tutorials and accompanying slides that deal
with what you are looking for, available right there on the Internet.
And even a book (*cough*).
But start with the PF FAQ, go on to the pf.conf man page and then move
to the other resources if you feel the need to.
--
Pete
On 2017 Feb 26 (Sun) at 03:56:33 + (+), Tinker wrote:
:Hi misc,
:
:I just wanted to understand what's going on with SMP on ARM -
:
:Did I get it right, that ARM64 has SMP (as of the patches this week), but
:ARM32 does not have SMP and will not get it too?
:
:What was the reason for not
it would be appreciated.
I'm kinda desperate to get igmp v3 support since I want my settop box to
work so that I can sit down and relax over a movie somedays.
OH yeah I'm working off -current sources and snapshot system from feb
14th. :-(
Regards,
-peter
rev Peter Hessler <phess...@theapt.org>:
:>
:> Are you establishing an ospf session with the N3048? If you are, then
:> there is an MTU miss-match.
:>
:> Either "system jumbo mtu" refers to the IP packet, which doesn't match
:> the 1500 set on trunk1, or it refer
Are you establishing an ospf session with the N3048? If you are, then
there is an MTU miss-match.
Either "system jumbo mtu" refers to the IP packet, which doesn't match
the 1500 set on trunk1, or it refers to the ethernet packet which should
be 1518 (16 bytes for the ethernet header).
Is it
I agree I don't give much information. I have no idea what information to
give.
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Marcus MERIGHI
Sent: Tuesday, January 31, 2017 3:13 AM
To: Peter Fraser <p...@thinkage.ca>
Cc: 'misc@openb
My /var/log/messages is filling up with messages like the following:
Jan 30 10:28:06 gateway sendsyslog: dropped 4 messages, error 55
Jan 30 10:28:06 gateway sendsyslog: dropped 2 messages, error 55
Jan 30 10:28:06 gateway sendsyslog: dropped 2 messages, error 55
Jan 30 10:28:06 gateway
Also, as I keep repeating to anybody who cares to listen, just like
"verbing weirds the language", "excessiv quicks weird your PF rule set".
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://ww
r the packet.
Also as Sebastien mentioned do check for any "set skip on lo" or similar
in your ruleset. If you have that, filtering simply does not happen on
interfaces or interface groups in the "set skip" rule.
--
Peter N. M. Hansteen, member of the first RFC 1149 im
the newly changed code.
Cheers,
-peter
On 2017 Jan 12 (Thu) at 11:18:58 +0100 (+0100), Uday MOORJANI wrote:
:Dear OpenBSD-Misc,
:
:First of all, awesome work on the OpenBGPd and BFD code. I'm working on a
:WAN setup for an enterprise and we are migrating from static route WAN to a
:full fledge BGP transit in a multi home environment
On 2017 Jan 13 (Fri) at 13:48:13 +0200 (+0200), Claudiu Popescu wrote:
:Hi,
:
:First of all, hopefully I managed to send this email to the correct list :)
:I am pretty new to OpenBSD but so far I managed to get everything
:working for a router without IPv6 OSPF.
:I have ospfd and ospf6d running
9 January, 2017 05:44:10
Subject: Re: Funding for Skylake support
On 1/7/2017 3:19 PM, Peter Membrey wrote:
> Hi all,
>
> I've gotten OpenBSD up and running on a new Intel NUC, but unfortunately
> Skylake isn't supported. I was able to get X working in software accelerated
>
plainly put it,
>If you don't want such firmwares loaded onto the hardware, then don't
>buy the hardware that needs it.
On Sat, Jan 7, 2017 at 9:28 PM, Martin Hanson
<greencopperm...@yandex.com> wrote:
> 08.01.2017, 02:53, "Peter Rippe" <peter.ri...@gmail.com>:
>
I think it absolutely is a language issue:
> On policy page it clearly says: "OpenBSD strives to provide code that can
be freely used, copied, modified, and distributed by anyone and for any
purpose."
Operative word being **strives** - might want to look it up.
It does not say 'guaranteed',
of funding would be needed.
Thanks in advance!
Kind Regards,
Peter Membrey
Ah yes I see those lines now, thank you.
Kevin, what version of OpenBSD are you using? You mentioned this is a new
project so I assume 6.0?
Peter
On Jan 5, 2017, at 10:08, Theo de Raadt <dera...@openbsd.org> wrote:
>> Hmm. The default number of files is 128 for daemons, but it's s
socket pairs are created between all the
relayd processes, i.e. n^2 * 2 ish file descriptors, which could exceed 128
pretty fast. Are you running with a non-default prefork setting?
Peter
> On Jan 5, 2017, at 09:12, Kevin <spy...@gmail.com> wrote:
>
> Nope. I was hoping for a
Have you modified your open file limits in /etc/login.conf? Especially in the
daemon section?
Peter
> On Jan 5, 2017, at 08:50, Kevin <spy...@gmail.com> wrote:
>
>> On Tue, Jan 3, 2017 at 1:16 PM, Kevin <spy...@gmail.com> wrote:
>>
>> Hey gang,
>>
Yes I did try with the extra .0 it made no difference
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Denis Fondras
Sent: Tuesday, January 3, 2017 1:56 AM
To: Peter Fraser <p...@thinkage.ca>
Cc: 'misc@openbsd.org' <misc@openbsd.org>
[mailto:owner-m...@openbsd.org] On Behalf Of
Steve Williams
Sent: Monday, January 2, 2017 6:57 PM
To: Peter Fraser <p...@thinkage.ca>; 'misc@openbsd.org' <misc@openbsd.org>
Subject: Re: isakmpd set up
Hi,
I have been using OpenBSD on a dynamic IP address for 10+ years.
I have an account
A charity that I support has been having trouble with its internet provider
(Rogers).
The problem I have is that Roger is the only supplier that is available that
will
give a fixed IP address.
I want the fixed IP address so I don't have to drive there to fix problems.
It occurred to me that if I
I want with log data. Also, a few links to useful resources
such as http://bgp-spamd.net/.
I hope you find this useful.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evi
On 12/13/16 19:29, Mik J wrote:
> Peter, you use greylists but I read somewhere that gmail servers change
> their IPs when they retry to send the mails. With a high outgoing volume
> of mails, many IPs can be whitelisted thanks to spamlogd. But my server
> is very low volume. How wo
On Mon, Dec 12, 2016 at 11:12:33PM +, Mik J wrote:
> Thank you Peter,
> I've added the -s 5 Option and removed the -5Do you know what is the default
> -w window size ?About the -S I didn't understand what it means (I read the
> man)
the -S option: by default spamd will 'stutte
On 2016 Dec 12 (Mon) at 21:31:25 + (+), Mik J wrote:
:Hello,
:I've been annoyed for months/years by a few marketing companies from which I
regularly unsubriscribed (according to the law in my country they should have
done it).A few days ago I decided to make spamd work on my pf machine.
On 2016 Dec 10 (Sat) at 22:56:05 +0100 (+0100), Christian Schulte wrote:
:$ uname -a
:OpenBSD t60.schulte.it 6.0 1KHZ.MP#7 amd64
You broke it. Please use a GENERIC kernel, and it will work as normal.
On 2016 Dec 08 (Thu) at 16:27:29 +0100 (+0100), Roger Schreiter wrote:
:Hello,
:
:is there a mean to get a running process running on
:a certain cpu (core)? Or restrict it from running on a cpu?
:
:I have a cheap Atom CPU with four cores, and all interrupts,
:also network traffic, is using CPU0.
:
able to a classic buffer overflow.
Yes. See http://www.tedunangst.com/flak/post/who-even-calls-link-ntoa
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malic
On Sat, Dec 3, 2016 at 8:24 PM, Jonathan Gray <j...@jsg.id.au> wrote:
> On Sat, Dec 03, 2016 at 11:57:18AM -0600, Peter Miller wrote:
>> On Mon, Nov 28, 2016 at 11:23 AM, Stefan Sperling <s...@stsp.name> wrote:
>> > On Mon, Nov 28, 2016 at 11:09:
On Mon, Nov 28, 2016 at 11:23 AM, Stefan Sperling <s...@stsp.name> wrote:
> On Mon, Nov 28, 2016 at 11:09:12AM -0600, Peter Miller wrote:
>> As for the wifi, I don't see support for the atheros 6174 chipest in
>> the man pages, and I don't know if anyone is wor
: connecting to wsdisplay0
uhidev1 at uhub4 port 5 configuration 1 interface 1 "Microsoft Wired
Keyboard 600" rev 2.00/3.00 addr 3
uhidev1: iclass 3/0, 2 report ids
uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
uhub5 at u
d it's worth keeping in mind one other option: get
the highest quality access point or 'wireless router' you can afford, configure
it as access point only (no dhcp or routing, leave that to the OpenBSD tools)
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementati
tion"
[ 1792.791] compiled for 1.18.4, module version = 1.0.0
[ 1792.791] ABI class: X.Org Video Driver, version 20.0
[ 1792.791] (II) VESA(0): initializing int10
[ 1792.792] (EE) VESA(0): Cannot read int vect
[ 1792.792] (II) UnloadModule: "vesa"
[ 1792.792] (II) UnloadSubModule: "int10"
[ 1792.792] (II) Unloading int10
[ 1792.792] (II) UnloadSubModule: "vbe"
[ 1792.792] (II) Unloading vbe
[ 1792.792] (EE) Screen(s) found, but none have a usable configuration.
[ 1792.792] (EE)
Fatal server error:
[ 1792.792] (EE) no screens found(EE)
[ 1792.792] (EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
[ 1792.792] (EE) Please also check the log file at
"/var/log/Xorg.0.log" for additional information.
[ 1792.792] (EE)
[ 1792.794] (EE) Server terminated with error (1). Closing log file.
--
Later
Peter
Using clamsmtpd and the instructions in
http://technoquarter.blogspot.ca/2015/02/openbsd-mail-server-part-3-clamav-an
d.html
I was able to smtpd to interface with clamd.
Is there a similar procedure to get rspamd or similar to work with smtpd?
On 11/26/16 04:57, R0me0 *** wrote:
> As I did see any mention around here, I was boosted to post this great
> presentation by Peter N . M. Hansteen.
>
> https://home.nuug.no/~peter/blug2016/
It's nice to hear you like it!
The meeting where I presented this was a lot less well att
d-command address=119.141.24.19 host=119.141.24.19 command="RCPT
> TO:" result="550 Invalid recipient"
> Nov 26 06:06:57 server smtpd[55880]: 3bcc430eee258cd7 smtp event=closed
> address=119.141.24.19 host=119.141.24.19 reason=disconnect
You could try configuring spamd(
n bit OpenBSD guests more frequently than others. But
again, we don't have sufficient information to help you diagnose.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit
xt few days. I'll
report back if I notice any difference.
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]:
.10/51.27 addr 4
uhidev2: iclass 3/1
ums0 at uhidev2: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhub5 at uhub3 port 1 configuration 1 interface 0 "Intel Rate Matching
Hub" rev 2.00/0.00 addr 2
uhub6 at uhub5 port 3 configuration 1 interface 0 "Standard Microsystems
product 0x2660" r
which in my case was the
USB
thumbdrive with the bsd.rd on it.
Any input on how to proceed appreciated, dmesg from the install to USB
thumbdrive follows
- Peter
OpenBSD 6.0-current (GENERIC.MP) #0: Thu Nov 17 15:57:16 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile
C) to create the situation.
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
On Fri, Nov 18, 2016 at 05:56:20AM +1000, Stuart Longland wrote:
> On 18/11/16 05:51, Peter N. M. Hansteen wrote:
> > This is probably a one-off (actually two, but more about that later) that
> will only ever bite me and never be heard of againg, but I have to ask:
> >
> &g
was attempting to upgrade my laptop to the
latest amd64 snapshot, the upgrade failed due to a full root file system.
I thought that to be distinctly odd, because the file system layout is very
close to the default with a gigabyte for root, to wit:
[Thu Nov 17 20:03:37] peter@elke:~$ df -h
Filesystem Size
Since going to 6.0 emacs-24.5p5-gtk2 has randomly and infrequently been non
responsive and consuming one CPU.
The only way to stop is a kill -9. This is on a 32 system, and the only thing
strange I did was to
use gsettings-desktop-schemas-3.20.0p1 to stop the errors on emacs initial
load
Is
Fondras Sun, 08 Jun 2014 09:28:25
-0700
:
:Any idea when will it get in? It looks promising!
:
:Thanks!
:
:> Sent: Monday, November 07, 2016 at 9:40 PM
:> From: "Peter Hessler" <phess...@openbsd.org>
:> To: "minek van" <minek...@mail.com>
:> Cc: misc
There is currently no RPKI in OpenBGPD.
On 2016 Nov 07 (Mon) at 21:19:20 +0100 (+0100), minek van wrote:
:Hello,
:
:is RPKI production ready with OpenBGPD? Does anyone uses it?
:
:Many thanks!
:
-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Otto
Moerbeek
Sent: Friday, November 4, 2016 2:38 PM
To: Peter Fraser <p...@thinkage.ca>
Cc: 'misc@openbsd.org' <misc@openbsd.org>
Subject: Re: php system using httpd and php-fpm
On Fri, Nov 04, 2016 at 05:29:54PM +,
I actually wanted to call php's mail function which I could not get to work, I
think I have tracked to problem down to exec not working
the details follow using a test web page datetest.php
newweb:/var/www/htdocs/web # cat datetest.php
cat datetest.php
Date Test
Date Test';
if it's a known bug it would
save me the effort next year. The DNS server was built with OpenBSD as
the development machine and is now also running in a strict OpenBSD
environment on my VPS's.
Thanks in advance for your sharing,
-peter
the established schedule.
In the meantime, there are worse things knowledgeable OpenBSD users can do with
their time than trying out snapshots to get the feel for how development is
progressing.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ ht
If this is what the original poster is trying to address, blocking
on an additional table sourced from a file might be useful.
[1] https://home.nuug.no/~peter/pf/en/bruteforce.html
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www
That's what ftp-proxy is for. It inserts the rules it needs in the
anchor. My hunch is that you're not actually allowing traffic initiated
by the proxy to pass.
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://w
Hi Denis
Yes, I am in quite close contact with Job and the IETF IDR-WG, and will
update this in the near future.
On 2016 Oct 27 (Thu) at 08:12:08 +0200 (+0200), Denis Fondras wrote:
:Hello,
:
:Here is a patch to update the large communities attribute value. IANA has
:changed it from 30 to 32.
to mind).
The packet loss could conceivable by a side effect of the number of
states going into the territory where timeouts are scaled down
(exceeding 60% of state table limit IIRC).
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://
This isn't expected to work at all. That is why it was disabled.
You'll need to upgrade the Hypervisor to -current, or to 6.1 when it is
released.
On 2016 Oct 22 (Sat) at 00:06:08 -0200 (-0200), R0me0 *** wrote:
:Hello misc.
:
:For testing purposes
:
:I compiled kernel with vmd support.
:
The poster is just trolling, and trying to get reactions. Don't answer.
On 2016 Oct 20 (Thu) at 23:57:26 +0200 (+0200), Alexander Hall wrote:
:On this list, English is the language to use, and Google translate does not
:cut it. I do think I understand what you're after, but have someone help
ich claims that ASLR is indeed enabled by default in all recent Ubuntu
releases.
Well, something in this story doesn't quite fit. Until we see the actual
code, and a credible demonstration, I remain unconvinced that the paper
tells the whole truth.
--
Peter N. M. Hansteen, member of the first RFC
On Thu, Oct 20, 2016 at 10:40:28AM +0200, Peter Janos wrote:
> Hello,
>
> http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha
> swell-cpu-509460.shtml
> ??
> paper:
> http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nae
Hello,
http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha
swell-cpu-509460.shtml
paper:
http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs
/micro16.pdf]
could we somehow prevent this attack on OpenBSD?
"Christian Weisgerber" <na...@mips.inka.de>
To: misc@openbsd.org
Subject: Re: SSHowDowN
On 2016-10-18, "Peter Janos" <peterjan...@mail.com> wrote:
> so having AllowTcpForwarding=NO would help.
>
> Why is it yes by default? someone requested it to be yes? does a
.de>
To: misc@openbsd.org
Subject: Re: SSHowDowN
On 10/18/2016 10:56 AM, Peter Janos wrote:
> sometimes I send mails in HTML format, sorry for that, mail.com has this by
> default..
>
> so the PDF also states that the "admin" user had /sbin/nologin for shell
>
> ---
default? someone requested it to be yes? does anybody know?
Thanks.
Sent: Tuesday, October 18, 2016 at 10:46 AM
From: "Christian Gruhl" <cgr...@uni-kassel.de>
To: misc@openbsd.org
Subject: Re: SSHowDowN
On 10/18/2016 10:41 AM, Sol��ne Rapenne wrote:
> Le 2016-10-18 10:35,
shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Thanks.
;Otto Moerbeek" <o...@drijf.net>
To: "Peter Janos" <peterjan...@mail.com>
Cc: "openbsd misc" <misc@openbsd.org>
Subject: Re: What are the security features in OpenBSD 6.0 that are by
default disabled?
On Fri, Oct 14, 2016 at 09:21:24AM +0200, Peter
if anyone interested, correction for the pax topic Sent: Tuesday, October
11, 2016 at 3:57 PM
From: "W. Dean Freeman" <wdfree...@acumensecurity.net>
To: "'Peter Janos'" <peterjan...@mail.com>
Subject: RE: RE: OpenBSD PaX Test questionIncreasing the stack gap si
remote supervisor/console solutions are still turned on while the server
is off, so simply powering off the OS isn't enough.there were/will be
many bugs for these remote console solutions too Sent: Friday, October
14, 2016 at 9:48 PM
From: "Raul Miller"
To:
Hello,
I know some features that can give additional security isn't turned on due to
because of the bad quality of the code in ports and some also decreases
performance (or disables a feature, ex.: screenlock doesn't work if nosuid
set, but if feature not used, nousid can be used).
I only know
Hello gods,
http://seclists.org/fulldisclosure/2016/Oct/62
->
https://github.com/guidovranken/openssl-x509-vulnerabilities
a little bit old, but LibreSSL got this?
The original X509_NAME decode free code was buggy: this
could result in double free or leaks if a malloc failure
occurred.
On 2016 Oct 04 (Tue) at 09:27:50 +0200 (+0200), Jasper Siepkes wrote:
:Hi list!
:
:I'm experimenting with CARP and I'm a bit puzzled by the following
:behavior; I have 2 hosts setup in an active/passive way with CARP.
:Host A has an advskew of 0 and becomes master, Host B has an
:advskew of 100
(guessed) "to 20
quality bits". Thanks! Sent: Sunday, October 02, 2016 at 12:12 PM
From: "Peter Janos" <peterjan...@mail.com>
To: misc@openbsd.org
Subject: Fix paxtest output on OpenBSD 6.0?Fix paxtest output on OpenBSD
6.0?
Hallo :)
Also I included a few other OS.
Mirror
blackhat
PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad
Spengler <spen...@grsecurity.net>
Released under the GNU Public Licence version 2 or later
Writing output to /root/paxtest.log
It may take a while for the tests to complete
Test results:
./paxtes
Hallo :)
Also I included a few other OS. Mirror for the post:
https://pastebin.com/raw/y9qHwZxi
Tests are after a default/fresh install (not livecd), using
https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz
All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a
somewhat similar reaction as yours when I first read
about the binary PF logs, but in practical terms the way it's done
actually makes sense.
- P
[1] One such setup is described, with some anecdotes just because, at
http://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html
--
On 2016 Sep 24 (Sat) at 06:55:40 + (+), Ruslanas G??ibovskis wrote:
:Hi team, maybe it would be a great thing if you would be able to create a
:list of hw developpers would be interested to develop. so any sysadmin
:would know what is needed for openbsd devs and send out hw to dev team.
:
1
and the USB drive was recognized and mountable.
I had vaguely noticed some USB related commits recently, but hey, you
fixed things!
dmesg from today is up at
https://home.nuug.no/~peter/dmesg_elke_20160920.txt.
Thanks!
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 impl
_add -v wget
> >
> > cant find wget
See previous.
> > 4.
> >
> > cd /usr/games
> >
> > hangman
Check your PATH.
> > nothing works
Start with the FAQ. It has lots of useful information and possibly some
useful links to other resources.
--
Peter N. M.
There are no callouts for suggestions. The themes are chosen
internally, described on http://www.openbsd.org/lyrics.html.
Thanks for enjoying the releases, and of course: Be sure to drink your
OpenBSD. Or Ovaltine. I mean OpenBSD.
On 2016 Sep 20 (Tue) at 13:52:39 +1000 (+1000), Aaron Mason
and give a
passthrough to the router, I don't know if the Draytek Vigor can do this.
Regards,
-peter
On 09/13/16 11:51, Harald Dunkel wrote:
> Hi folks,
>
> I am using an openbsd (5.9) box as gateway/firewall to the
> internet. ISP is Deutsche Telekom. In between is a Vigor 130
> VDSL2 mo
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
After installing
mariadb-server-10.0.25p0v1.tgz
and
rcctl enable mysqld
/etc/rc.d/mysqld start
I got errors
Directly running
/usr/local/libexec/mysqld
gave
160908 10:07:09 [Note] /usr/local/libexec/mysqld (mysqld 10.0.25-MariaDB)
starting as process 15703 ...
160908 10:07:09 [Warning]
Whenever I start emacs on an OpenBSD 6.0 , from an xterm start from a remote
windows system running cygwin Xwin I get:
(emacs:17220): GLib-GIO-CRITICAL **: g_settings_schema_source_lookup:
assertion 'source != NULL' failed
The failed assertion does not seem to cause any trouble, and I expect
Yes, the repos should be done with their surgery now. Please let us
know if you still see issues.
On 2016 Sep 03 (Sat) at 13:11:42 +0200 (+0200), Teno Deuter wrote:
:meaning I shall try at a later time?
:
:Thank you
:
:On Sat, Sep 3, 2016 at 12:40 PM, Ted Unangst wrote:
:>
701 - 800 of 2798 matches
Mail list logo