Re: hardening BSD (was systrace/stsh policies)
Robert Watson's paper discusses concurrency vulnerabilities. Impact include policy bypass and audit trail invalidation. A bypass means it is useless. That pretty much hammered in the last nail on the coffin for security tools based on system call interposition. On 10/15/07, Steve Shockley <[EMAIL PROTECTED]> wrote: > Joachim Schipper wrote: > > You should probably do a Google search on systrace before continuing > > further down this road. In particular, I believe the issue highlighted > > by Robert Watson has not been fixed yet (although I could be wrong, and > > would be happy to be wrong in this case). > > The white paper for the systrace vulnerability was a little bit beyond > me; what's the impact of the issue? Is a system running systrace *more* > vulnerable than a normal system, or is the problem just that a > determined user can circumvent systrace (like the bottom of systrace(1) > suggests)? If it's the latter, it seems like it'd still be useful for > policy enforcement to some extent.
Re: hardening BSD (was systrace/stsh policies)
2007/10/14, Aaron <[EMAIL PROTECTED]>: > I guess with all the hoopla about 'hardening'/trusted this and > that/fuzzy knobs(i.e. SE Linux) i got a little overzealous looking for As others have already pointed out these knobs might not be useful to your setup and your needs. Think also that more complexity you add then more likely you'll find out bugs lurking in the dark, waiting for the right moment to bite your ass. I have a box running FreeBSD with MAC policies configured in production for a year now; I must be honest, the only thing I'm really sure about is it's a royal pain to update and manage. Not a great deal, I'm planning a switch to 4.2. f.
Re: hardening BSD (was systrace/stsh policies)
Joachim Schipper wrote: You should probably do a Google search on systrace before continuing further down this road. In particular, I believe the issue highlighted by Robert Watson has not been fixed yet (although I could be wrong, and would be happy to be wrong in this case). The white paper for the systrace vulnerability was a little bit beyond me; what's the impact of the issue? Is a system running systrace *more* vulnerable than a normal system, or is the problem just that a determined user can circumvent systrace (like the bottom of systrace(1) suggests)? If it's the latter, it seems like it'd still be useful for policy enforcement to some extent.
Re: openbsd 41 install
This is a clean install. the probe-scsi shows sd0, so I know that the drive is there. On 10/15/07, Nick Holland <[EMAIL PROTECTED]> wrote: > Mike F wrote: > > i am installing in ipx, created floopy, booted ok into floopy, but got > > these errors when I selected [I] for install. > > > > ERROR: No root partition (sd0a). > > disklabel: ioctl DIOCGDINFO: Input/output error > > > > Is my hdd toast? > > > > thanks, > > Toast, or not there, or not hooked up properly... > > dmesg will tell some... > > Nick.
Re: openbsd 41 install
Mike F wrote: > i am installing in ipx, created floopy, booted ok into floopy, but got > these errors when I selected [I] for install. > > ERROR: No root partition (sd0a). > disklabel: ioctl DIOCGDINFO: Input/output error > > Is my hdd toast? > > thanks, Toast, or not there, or not hooked up properly... dmesg will tell some... Nick.
Re: Google employment opportunity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andris wrote: > On 10/14/07, Martin Schrvder <[EMAIL PROTECTED]> wrote: >> He will not be independent anymore. > > Why not? As long as Theo releases his software under the ISC license, > I see no issue with independency. And if Google have problems with new > development, Theo could quit. Yeah, he will lose money, but he doesn't > have that money now anyway. > It isn't about the money, but about the work. What if he was compelled by nature of his work to devote his time to "Products" than building a generic world class operating system? And, what if he was so involved in his work that he'd have no time to work on OpenBSD? And, if they liked OpenBSD, you think they wouldn't ask Theo to implement any one particular thing at all? Not that I don't want him to, but working in Google and not makes a difference. Like Martin said, if Google required a good OS, they'd simply donate to OpenBSD and eventually pick it up when it meets their needs. And this isn't quite the same. - -- - -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.7 (GNU/Linux) mQGiBEa0y88RBACpSIuwbUvraagYtkWKMlwe+KI6Sh2UU2vipE8Fotkrq/iTnRiK pu2dJcP+jTNvbatcLGedWQOHiCvGfadZD/SxmYsJpQXazL/CORGvdzZwq4eBsDVV 94E/pibIT6ouaOFVMsvARPOyk+Q6N8T/tsvtCxFYrx/NnUIoMdb1DCXEZwCgs90U 9xQExo7OfJYyafTYLyXSzbsD/jqNhMJwnNsT+/GOqDeod98s54IImpgVA/bGyOQi ek+l2SGlrZ6LmZzGO/zVRqsPISAm7Wa5xbVe6qL+hUr1XIFOQoj+08yOCYPDrPoh m4QtFQHKlr5E0u6ev188wI6uIyz6jpzt6C/Aq3Q4irCj3Graeg9xGnHgsjMujubR WebABACgJzTS2mfEu5Rb75+KlgGgnA8zkTpf/Qqdwk/eo1WZPbcIijROEP4MNhVS IWacQXt4Ng8aWviFTZvysAc4k4hxnmFJgyRcUOSOmYd3uWkQI0OV1+cS5FoXmiQ2 Oucsw4iBC3VHqQmNhtuCNZ4Nx1v0kexqfBQCRBSB3HGXGBKjQ7REVi4gS2FydGhp ayBLdW1hciAoaHR0cDovL2d1aWx0LmJhZnNvZnQubmV0KSA8a2FydGhpa2t1bWFy QGdtYWlsLmNvbT6IZgQTEQIAJgUCRrTLzwIbAwUJAeEzgAYLCQgHAwIEFQIIAwQW AgMBAh4BAheAAAoJEEc052Xw3SBP+dkAoI5xfNw/7M7OVpmquFAwRb0k9KbYAJ0e IOypL+F8bUsxqISUIw3GFeb60LkEDQRGtMvPEBAA4SptM/eorjFWmC1S7xBfvKMF UMyFQvkwiWtDsWIrD0AMU4acT7fjYlMEKmVsaymXppxyvK6e/4jOX72UcsJZ4LL/ jtm4SGfknC6yEXdeyYz5Mmd6CN52LC/KfS4b771zO9yMDAl79/FxHIR7AvoSWb14 sbc7yKiF7OwfEFeZNtOYsZwDsQabnuFd5mzIMev/W2hgs55DF4ZJnmaVYb/PQbbw X5g7OwsN17OESPF/syaCzqKJ0GuzhnGHYgwY/84eeWkzqnGTxG52HH6Y1sYwKEmJ 32XLkUEHxHKoCvMW8C6E/s72Aw/WrBzq2yHhqW5npBrCIBCYWC70wzkew2DaOG/j WYtRP2ahJKxV9598D86w97M+6kNX2efMdSgJyLlFyyXlqX95sobE8BJRxjXqkiJy uaLgXv3CQZ1+kizhnkZeInA85NNahb3f2j/jA03eVoAhRq64fqN8W1kfvQwv YF31G7dsLLI2gx2ui1ouj6phIIlZPzypoDkoYZiXn3qXMDiyxJb+4wT5MZz2hjTU w51Z5WPe2ylPXKPqmiDw6zMNQW8OWVIXFljxLcRAhY9DQC9MIgnw7wCz9Bdu8sUs kkZjSsLo6Mc1SPCwjcuD8bDuvc7JIugNn/QFrLtV0o/BVpxMX0ujm2gC8/y7ruBJ cGPvx99e7lj7cmgac7cAAwUP/2h7MDCA3o1Bt1mInBlC+LHdJIaipToVc72lF8nN H3InjMppUkgvHQ+D/4r5hcWtskkRY+YG1iG45RbWMQlprfONOWEYfjkc/WDRj+PO lFszhcOSc2IlgCYsY1yEIF6HfE2MZpFWjM0z0hjotEULxlvi9meMV0OZRqwDdhEp 871jk1+3WkdjGMcZI3AO3wGRwb60eYW0cVNMv1umH0Cgh2pgU/vTbCqB7P5DaNHf BxflFAWumm7P70qJMoCa9SRNKh7vitlLBLGnSuhgT22aE/N/zslcprS7tFM3JFAl Jvr9V3pXzMmkk4zGwzpfvA8LpCPNVqqABrkGsduTsTyoPjLDmPH/CuFMu6RZCUHL sSKKhTpbE3zTgmyGja8DiJFKWmtojFPDEnPDSQweJYItkfnGSbHQVx5wkKhjABQ6 bCraNqgem0C+tKnDoRk/NlhKBCpGVdt8kIRNZ+iTA+4VB+R1usUY3ZpvrHYZFDX5 RxJ4jYLnhlKspSYvKkLg4IP7KnGr9dC16XJCa2wqR68EJa0u5XxigV4zscaawGYA Mx56+PoouaWI24+9JUPTMkV3UvF5xU2BumOW/IsKqs2qYEkG3QdczVwTnNuAZFQa 1WJAKOT7elDsrYsrdGWZpge2d/uoIFKjDobz7eZnkSLiX2rIzbkDniDD+aZd8G60 NVJliE8EGBECAA8FAka0y88CGwwFCQHhM4AACgkQRzTnZfDdIE91ngCgpgLiwwXQ MbyOCWjuWGY+phmYeagAnj7nMffLNWLpfVmKtA4yrtOHkSAM =RuU8 - -END PGP PUBLIC KEY BLOCK- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHErp5RzTnZfDdIE8RArrMAKCSjVdIf2eUFhRtPL8lr/iYGsRM3ACeL/uH rGAMDW4BQsuFRMBxDgvAWBY= =l7Ml -END PGP SIGNATURE-
Re: Google employment opportunity
On 10/14/07, Martin Schrvder <[EMAIL PROTECTED]> wrote: > He will not be independent anymore. Why not? As long as Theo releases his software under the ISC license, I see no issue with independency. And if Google have problems with new development, Theo could quit. Yeah, he will lose money, but he doesn't have that money now anyway.
Re: : Which remvable drive is connected to which USB port
> -Original Message- > From: Otto Moerbeek [mailto:[EMAIL PROTECTED] > Sent: Friday, 12 October 2007 5:53 PM > To: Raimo Niskanen > Cc: Edwards, David (JTS); misc@openbsd.org > Subject: Re: : Which remvable drive is connected to which USB port > > > On Fri, 12 Oct 2007, Raimo Niskanen wrote: > [snip] > > > > Missing is still some way to find out what the kernel device > > tree looks like - the kernel must know that sd0 is attached > > to scsibus1 targ 1 lun 0 which is attached to umass0 which > > is attached to uhub1 port 1. The question is if there is > > a way of finding that without parsing dmesg. I agree that's my problem in a nutshell. > I can see an easy way to identify disks, without any dependency on the > physical stuff like cables etc. > > Use the disklabel: it has a disk name field that can be edited. Thanks for the idea but unfortunately it doesn't help. Take three USB disks, plug them in and then tell me how to put the right label on the right physical disk? It would work of course if our "restore" procedure went: for each backup disk available Plug in the disk and check the lable to see if it's the right one if it is the right one Restore from the disk end fi end I suspect this would get a bit tedious.. ciao dave --- Dave Edwards
Re: OpenBSD current: XF4 or xenocara?
On Mon, Oct 15, 2007 at 12:28:36AM +0300, Antti Harri wrote: > On Sun, 14 Oct 2007, Martin Toft wrote: > > > I would like to upgrade from a snapshot to current. > > Any particular reason? Why not just use the snapshots? Even though I haven't created any patches for OpenBSD yet, I like to have the possibility to hack on the system. I have also experienced situations, where I simply thought "Hmm, how do they do that?" and it was nice to just open the source code directly from my hard drive in my favourite editor. I don't run -current on servers or other critical boxes. This is my laptop -- my development box. It's not important to me that it works all the time. > > I would like to try out xenocara > > It's included in the snapshots. > > > should I follow section 5.3 in the FAQ > > (http://www.openbsd.org/faq/faq5.html#Bld) and checkout (using cvs) > > the XF4 module or should I checkout the xenocare module? > > Xenocara. Thanks for the answers. Martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: OpenBSD current: XF4 or xenocara?
--- Martin Toft <[EMAIL PROTECTED]> wrote: > I would like to upgrade from a snapshot to current. I know my way > around > kernel, userland and ports, but I'm a bit confused with regard to XF4 > versus xenocara. [snip] I was also unsure. I installed with Sept 24 snapshot and upgraded to current. I could not find xenocara source tarball so it took some time. I then built everything (with xenocara) and then a release. All install sets were built. However, my machine does not actually use X so no testing has been done with actual usage of those sources/sets. // juan Get news delivered with the All new Yahoo! Mail. Enjoy RSS feeds right on your Mail page. Start today at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: OpenBSD current: XF4 or xenocara?
On Sun, Oct 14, 2007 at 11:16:18PM +0200, Martin Toft wrote: > I would like to upgrade from a snapshot to current. I know my way > around kernel, userland and ports, but I'm a bit confused with regard > to XF4 versus xenocara. I would like to try out xenocara -- should I > follow section 5.3 in the FAQ > (http://www.openbsd.org/faq/faq5.html#Bld) and checkout (using cvs) > the XF4 module or should I checkout the xenocare module? > > Feel free to direct me to any information that I might have missed. I > have googled, visited www.xenocare.org and read mbalmer's article on > Undeadly: http://undeadly.org/cgi?action=article&sid=2006071016 I apologize for the xenocare typo, of course it should have been xenocara everywhere. Martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: OpenBSD current: XF4 or xenocara?
On Sun, 14 Oct 2007, Martin Toft wrote: I would like to upgrade from a snapshot to current. Any particular reason? Why not just use the snapshots? I would like to try out xenocara It's included in the snapshots. should I follow section 5.3 in the FAQ (http://www.openbsd.org/faq/faq5.html#Bld) and checkout (using cvs) the XF4 module or should I checkout the xenocare module? Xenocara. -- Antti Harri
Re: Google employment opportunity
2007/10/14, bofh <[EMAIL PROTECTED]>: > simply give them a paycheck. And weren't they one of the ones who > kicked in $10k when it was needed? I know the heads of python and > samba are both employed at Google. From an independence point of > view, I know Theo has demonstrated that he will be independent, but > what are the implications of him getting a paycheck, and being told to > work 100% on openbsd? I find that interesting. He will not be independent anymore. If they want to support the project, donations are the simplest way to go. Best Martin
OpenBSD current: XF4 or xenocara?
I would like to upgrade from a snapshot to current. I know my way around kernel, userland and ports, but I'm a bit confused with regard to XF4 versus xenocara. I would like to try out xenocara -- should I follow section 5.3 in the FAQ (http://www.openbsd.org/faq/faq5.html#Bld) and checkout (using cvs) the XF4 module or should I checkout the xenocare module? Feel free to direct me to any information that I might have missed. I have googled, visited www.xenocare.org and read mbalmer's article on Undeadly: http://undeadly.org/cgi?action=article&sid=2006071016 Martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: hardening BSD (was systrace/stsh policies)
On 10/14/07, Aaron <[EMAIL PROTECTED]> wrote: [snip] > I guess with all the hoopla about 'hardening'/trusted this and > that/fuzzy knobs(i.e. SE Linux) i got a little overzealous looking for > ways to tweak things (which i know can end up either making things less > secure (especially with false sense of security) or just plain breaking > them), but if there is/are acceptable, ways, I'd at least like to be > aware of them and the scope of their use from the people that know > OpenBSD best. You're asking the right questions. Some of the answers, unfortunately, aren't as cut and dry as one might hope at first, and this stems from the fact that some security measures are sometimes subjective. What one person might see as a good hardening measure might be considered completely useless to another person. Ultimately it comes down to whether you feel a hardening measure makes sense for the gap you're trying to cover in your circumstance. OpenBSD goes a very long way toward providing a very hardened Unix system out of the box, without you having to flip a set of switches to turn them on. You can see them everywhere. Run a web server using the included httpd and you'll have the benefit of chroot'd operation. Run the in-tree BIND as a nameserver and you'll find that it employs a number of security improvements out of the box which make it a safer system. This kind of stuff exists everywhere in the system and they are examples of real, practical, and effective things which a.) do improve security of a system against known threats, and b.) don't required complicated decisions by the admin to kludge them into place (a la some of the policy wrappers that exist out there.) Figure out your threat profile for your anticipated use, figure out from that how those threats will impact the services you intend to run, and address those with controls you feel you can put in place that can mitigate those threats. External controls might help, like firewall or IDS/IPS, and don't forget you can use PF locally. See if you think a file integrity checker makes sense. Don't run things as root that don't need to. See if you can help things out with policy and technical enforcement to back it up (like if you have shell users, and you're afraid they'll choose weak passwords, configure SSH to only support key-based authentication and make that your authentication policy. ...and so on. DS
Re: Google employment opportunity
On 10/14/07, Bryan Irvine <[EMAIL PROTECTED]> wrote: > On 10/14/07, Karthik Kumar <[EMAIL PROTECTED]> wrote: > > @Theo: they asked you in front of everybody, you should give it a reply so > > all of us can hear. > > I must admit, I'm extremely curious too. OTOH the guy obviously made > a mistake, why embarrass him further? I must admit I was impressed that he was big enough to apologize for it. > Just let them shift it to a private correspondence where it belongs. I'm kind of curious. Google does have a history of employing people simply give them a paycheck. And weren't they one of the ones who kicked in $10k when it was needed? I know the heads of python and samba are both employed at Google. From an independence point of view, I know Theo has demonstrated that he will be independent, but what are the implications of him getting a paycheck, and being told to work 100% on openbsd? I find that interesting. And when I visited the campus, I saw a number of openbsd t-shirt wearing geeks. -- "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation.
SOLVED Re: RaidFrame woes on 4.2 (RAIDFRAME: failed rf_ConfigureDisks with 2)
On 10/14/07, Greg Oster <[EMAIL PROTECTED]> wrote: > knitti writes: > > raidlookup on device: /dev/wd3d failed ! > ^ > I suspect you have an extra space after "wd3d" in the config file... > And, unfortunately, that annoying little non-feature is enough to > stop RAIDframe in its tracks... :( Thanks a lot, I tried to be as minimal in creating the config file as it could get, but I failed. Sure enough it was an additional space. --knitti
hardening BSD (was systrace/stsh policies)
Joachim Schipper wrote: On Thu, Oct 11, 2007 at 08:54:42PM +0200, Xavier Mertens wrote: Hi *, I'm busy with a systrace/stsh implementation but there is a lack of standard policies (IMHO). Any idea where I can find some ready-to-use policies? I must be missing some important ones, when the user logs in, he got immediately the following error: systrace: getcwd: Permission denied You should probably do a Google search on systrace before continuing further down this road. In particular, I believe the issue highlighted by Robert Watson has not been fixed yet (although I could be wrong, and would be happy to be wrong in this case). Otherwise, I seem to recall a repository of configurations called 'hairy eyeball'. And the interactive policy generators (xsystrace for instance) can be pretty useful, too. Joachim I hope i'm not out of line changing the thread but this seemed like a good place to ask this question. I'm fairly new to OpenBSD and have set up a few machines, nothing production, trying out configurations, rebuilding, patching etc. before i felt comfortable putting one in production. One thing I did read up on, where i could find it, was hardening beyond the default install. Two of the tools that most of the hardening articles i found, Securelevels and systrace, (the third one seems to be common sense), have now seemingly been rendered useless. I followed the huge thread on "why can't openbsd's securelevels be saved" and now this thread has alerted me to the fact that systrace is able to be circumvented. I also noticed that Joachim commented on both so I figured this for a good place for this topic. I'm wondering if there are other tools/ways besides these that I just haven't heard of to do similar things(hardening of the system) or if there is in effect no way to do the things that, these two tools, specifically systrace has historically handled(is there really a need in the first place?). I say specifically systrace because from the discussions i've been reading, the whole securelevel methodology, to the people that do the work on OpenBSD, is flawed. I'm not here to dispute or even to discuss that point, as currently I can't program (nor afford to hire people that can) so my likes and dislikes are moot. Like i say, i'm still relatively new to OpenBSD so I'm just looking for insight, I haven't used systrace in the past, and until about a week ago was working with securelevels but then found the aforementioned article. I had abandoned the securelevel method in light of the 'issue'(s)/false sense of security with securelevels and from the discussion had decided to pick up with systrace, until i saw this thread yesterday. Is it more common than not, to not worry as much about "hardening" the OS, via these methods, but rather just to make 'hopefully' wise decisions, install the least amount of software as you need, physical separations(i.e. logging to remote server instead of sappnd'ing your logs)(but what happens when after getting root on the system producing logs, the attacker proceeds to work towards your logging server?) and stay current w/at least the stable branch? I guess with all the hoopla about 'hardening'/trusted this and that/fuzzy knobs(i.e. SE Linux) i got a little overzealous looking for ways to tweak things (which i know can end up either making things less secure (especially with false sense of security) or just plain breaking them), but if there is/are acceptable, ways, I'd at least like to be aware of them and the scope of their use from the people that know OpenBSD best. Thanks, Aaron
Re: Google employment opportunity
On 10/14/07, Karthik Kumar <[EMAIL PROTECTED]> wrote: > @Theo: they asked you in front of everybody, you should give it a reply so > all of us can hear. I must admit, I'm extremely curious too. OTOH the guy obviously made a mistake, why embarrass him further? Just let them shift it to a private correspondence where it belongs. --B
Re: RaidFrame woes on 4.2 (RAIDFRAME: failed rf_ConfigureDisks with 2)
knitti writes: > Hi, > > I tried to set up a RAID 1 softraid with raidframe, but no matter what > I try, the RAID refuses to configure. So please, if anyone has an idea > what I may have missed... > > # raidctl -C raid0.conf raid0 > raidctl: ioctl (RAIDFRAME_CONFIGURE) failed > > this adds the following lines to the dmesg buffer: > > raidlookup on device: /dev/wd3d failed ! ^ I suspect you have an extra space after "wd3d" in the config file... And, unfortunately, that annoying little non-feature is enough to stop RAIDframe in its tracks... :( (A fix for the issue is here: http://cvsweb.netbsd.org/bsdweb.cgi/src/sbin/raidctl/rf_configure.c.diff?r1=1.19&r2=1.20 ) Otherwise what you have is just fine.. Later... Greg Oster
Re: openbsd 41 install
i am installing in ipx, created floopy, booted ok into floopy, but got these errors when I selected [I] for install. ERROR: No root partition (sd0a). disklabel: ioctl DIOCGDINFO: Input/output error Is my hdd toast? thanks,
Re: lookup option in /etc/resolv.conf ignored
On 10/13/07, David Vasek <[EMAIL PROTECTED]> wrote: > The resolver.conf file is a configuration file for the resolver. What is > the purpose of the host(1) command using it then, and following only a > part of it and ignoring the rest? It's really messy. > > From the host(1) man page: > "server is an optional argument which is either the name or IP address of > the name server that host should query instead of the server or servers > listed in /etc/resolv.conf." "host is a simple utility for performing DNS lookups." reading entries out of /etc/hosts is not performing DNS lookups.
My apologies
Hello everyone, I wanted to apologize for the email I sent out to your entire mailing list on Friday. The email was intended for one individual and I simply made a mistake in sending it to your entire group. I do take this matter seriously and I promise that this will not happen again. Kind regards, David Mack Technical Recruiter/Sourcer Google Staffing 650-253-7919 [EMAIL PROTECTED]
Re: OpenBSD on ESX - Networking experiences
Just for the record: I upgraded to ESX 3.0.2 and... 1.) So far, I did not observe any stalls on the emulated e1000 (em) interfaces. Currently I am playing with the vmxnet driver as well. 2.) VGT mode seems to work correct, very short ethernet frames (i.e., ICMP ping packets produced by windows XP machines routed over a virtual OpenBSD 4.1 firewall with interfaces in VGT mode) are not dropped anymore. Thanks for all the feedback.
OpenCON 2007 Registration is Open
OpenCON, the only conference dedicated to OpenBSD only, just opened it's virtual doors for the fourth time. The registration is now open. http://www.opencon.org/ OpenCON is a free entrance event; get the latest informations on PF, how to use VPN technologies in OpenBSD, or how make your own ports for free. There are carefully prepared tutorials by OpenBSD developers and long time OpenBSD professionals. On the two days following the tutorial days, listen to presentations by OpenBSD developers and users, and generally enjoy a few nice days in Venice, talking to other OpenBSD afficionados. Attendance is completely free, there is, however, a small charge for food during the conference; and let me point out to the 2^3 OpenSSH birthday party on Saturday. We will celebrate the birthday of OpenSSH in a nice place in Venice. The fee will be small, the fun factor will be enormous. If you can make it, join us in Venice (airport code: VCE) Marc Balmer PS: Last year we had people joining the conference from Australia, Canada, Switzerland, Lebanon, Germany, Gibraltar, ... PPS: If you are a company (or even an individual) that wants to sponsor this event, please contact me, there are a lot of very interesting possibilities to do so.
Re: RaidFrame woes on 4.2 (RAIDFRAME: failed rf_ConfigureDisks with 2)
Hi Boris, On 10/14/07, Boris Goldberg <[EMAIL PROTECTED]> wrote: > You've said that you'd tried different configurations, but the one you > are showing here just can't work, because you don't have wd3. I wrote: " I tried both with wd0d, wd1d (both exist) and with wd1d,wd3d (latter doesn't physically exist), none of these is mounted or in use, in fact nothing of wd1 is currently used." thats because there are tutorials on the web which create a degraded raid forcefully with one missing component. I gave this a shot. I also tried with wd0d, wd1d, which both exist and were not in use. --knitti
Re: Google employment opportunity
@Theo: they asked you in front of everybody, you should give it a reply so all of us can hear. You guys think they'll hire everybody/somebody else on the list? Since everybody is posting something or the other, I suggest we make this the next long thread. Without the flamebaits. +1 On 10/14/07, Craig Skinner <[EMAIL PROTECTED]> wrote: > > On Sun, Oct 14, 2007 at 11:45:48AM +0200, Tonnerre LOMBARD wrote: > > Could someone please enlighten me how this is OpenBSD related? > > OpenBSD = "Free, Functional & Secure" > Google = ? > > One man on this list leads by example as he was not compromised by a > corrupt govt defence project splashing about much more than 30 pieces of > silver. > > As the messiah said when he was in Britain with his 4 brothers (BRT:3:1) > > BRT:6:29> "To know what is right and not to do it is cowardice. Wealth > and station are desired by every man, but if these can be aquired or > retained only to the detriment of his service to his creed, he must > relinquish them." > > -- Karthik http://guilt.bafsoft.net
Re: RaidFrame woes on 4.2 (RAIDFRAME: failed rf_ConfigureDisks with 2)
Hello knitti, Saturday, October 13, 2007, 3:43:27 PM, you wrote: k> raidlookup on device: /dev/wd3d failed ! k> ... k> START disks k> /dev/wd3d Shouldn't it be /dev/wd0d ? k> /dev/wd1d k> ... k> # disklabel wd0 k> ... k> d:606244905 18892440RAID k> ... k> # disklabel wd1 k> ... k> d:606244905 18892440RAID You've said that you'd tried different configurations, but the one you are showing here just can't work, because you don't have wd3. -- Best regards, Borismailto:[EMAIL PROTECTED]
Re: Google employment opportunity
On Sun, Oct 14, 2007 at 11:45:48AM +0200, Tonnerre LOMBARD wrote: > Could someone please enlighten me how this is OpenBSD related? OpenBSD = "Free, Functional & Secure" Google = ? One man on this list leads by example as he was not compromised by a corrupt govt defence project splashing about much more than 30 pieces of silver. As the messiah said when he was in Britain with his 4 brothers (BRT:3:1) BRT:6:29> "To know what is right and not to do it is cowardice. Wealth and station are desired by every man, but if these can be aquired or retained only to the detriment of his service to his creed, he must relinquish them."
Re: Google employment opportunity
Craig Skinner wrote: On Sat, Oct 13, 2007 at 09:08:39AM -0500, Jacob Yocom-Piatt wrote: Be gentle with them, they read your mail. Yup, because it is a "free" service, the data remains thier property to do with as they see fit, without informing you of WHATEVER that is. http://www.google-watch.org/gmail.html and watch your searches, possibly index files on your computer, have high-resolution sattelite pictures of your home, control what can and cannot be advertised, choose what's "newsworthy" and cooperate with repressive gov'ts to stymie the free flow of information. a fair number of actually smart people might see a bit of a problem with this... or or realise that they are just being typical j3uu!sh monopolistict businessmen like d3ll & m$: http://www.jewwatch.com/jew-capitalists-high-technology.html http://www.google-watch.org/ http://www.google-watch.org/krane.html "We are moving to a Google that knows more about you." "their new policy makes it clear that they will be pooling all the information they collect on you from all of their various services. Moreover, they may keep this information indefinitely, and give this information to whomever they wish." Fu<| But those mine enemies, which would not that I should reign over them, bring hither, and slay them before me. Yahweh speed the day. bible(KJV) [Jn8:31]> Then said Yahushua to those j3uu5... ... ... bible(KJV) [Jn8:44]> Ye are of your father the devil, and the lusts of your father ye will do. He was a murderer from the beginning, and abode not in the truth, because there is no truth in him. When he speaketh a lie, he speaketh of his own: for he is a liar, and the father of it. ... ... bible(KJV) [Jn8:48]> Then answered the j3uu5, and said Is obsessional racism official policy at Sun?
Re: Google employment opportunity
Thank you. Some clarification. "Bad" jew is heeb.. I don't like how heeds behave nowadays... I have nothing against jew as a nation in general of-course.. ;) On 10/14/07, ropers <[EMAIL PROTECTED]> wrote: > Fuck you, too. > > On 14/10/2007, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > +1 > > > > On 10/14/07, Craig Skinner <[EMAIL PROTECTED]> wrote: > > > On Sat, Oct 13, 2007 at 09:08:39AM -0500, Jacob Yocom-Piatt wrote: > > > > >Be gentle with them, they read your mail. > > > > > > Yup, because it is a "free" service, the data remains thier property to > > > do with as they see fit, without informing you of WHATEVER that is. > > > http://www.google-watch.org/gmail.html > > > > > > > > > > > > > > > > and watch your searches, possibly index files on your computer, have > > > > high-resolution sattelite pictures of your home, control what can and > > > > cannot be advertised, choose what's "newsworthy" and cooperate with > > > > repressive gov'ts to stymie the free flow of information. a fair number > > > > of actually smart people might see a bit of a problem with this... or > > > > > > or realise that they are just being typical j3uu!sh monopolistict > > > businessmen like d3ll & m$: > > > http://www.jewwatch.com/jew-capitalists-high-technology.html > > > > > > http://www.google-watch.org/ > > > http://www.google-watch.org/krane.html > > > > > > "We are moving to a Google that knows more about you." > > > > > > "their new policy makes it clear that they will be pooling all the > > > information they collect on you from all of their various services. > > > Moreover, they may keep this information indefinitely, and give this > > > information to whomever they wish." > > > > > > Fu<| > > > > > I for 1 am _EXCEEDINGLY_ glad that the filth that has a 6 pointed star, > > > that also has 6 triangles and 6 lines for its symbol, and illegally > > > occupies palestine coz: > > > > > > bible(KJV) [Lu19:27]> But those mine enemies, which would not that I > > > should reign over them, bring hither, and slay them before me. > > > > > > Yahweh speed the day. > > > > > > > > > > > > > > > bible(KJV) [Jn8:31]> Then said Yahushua to those j3uu5... > > > ... > > > ... > > > bible(KJV) [Jn8:44]> Ye are of your father the devil, and the lusts of > > > your father ye will do. He was a murderer from the beginning, and abode > > > not in the truth, because there is no truth in him. When he speaketh a > > > lie, he speaketh of his own: for he is a liar, and the father of it. > > > ... > > > ... > > > bible(KJV) [Jn8:48]> Then answered the j3uu5, and said > > > > > > > -- > www.ropersonline.com
OpenCON 2007, There is Wiki to coordinate travel
Hi There has been some discussion recently about how to tavel to Venice or about sharing rooms at OpenCON here on this list. To simplify things, we have put online a Wiki at the following URL: http://wiki.opencon.org/doku.php (it also linked on www.opencon.org). The event is free, but nevertheless there are costs involved with it. So we are still looking for Sponsors and individual contributions through paypal to the account [EMAIL PROTECTED] (Fabio Cazzin) are also very welcome. See you all in Venice! - Marc Balmer
Re: Google employment opportunity
You 2 guys made me drop my Gmail account and set up home servers/move to other free service for everything ;) Thanks mates! PS I know about one real service run by VMS hackers.. though maybe could you suggest noninfected free from your point of view please? On 10/14/07, Craig Skinner <[EMAIL PROTECTED]> wrote: > On Sat, Oct 13, 2007 at 09:08:39AM -0500, Jacob Yocom-Piatt wrote: > > >Be gentle with them, they read your mail. > > Yup, because it is a "free" service, the data remains thier property to > do with as they see fit, without informing you of WHATEVER that is. > http://www.google-watch.org/gmail.html > > > > > > > > and watch your searches, possibly index files on your computer, have > > high-resolution sattelite pictures of your home, control what can and > > cannot be advertised, choose what's "newsworthy" and cooperate with > > repressive gov'ts to stymie the free flow of information. a fair number > > of actually smart people might see a bit of a problem with this... or > > or realise that they are just being typical j3uu!sh monopolistict > businessmen like d3ll & m$: > http://www.jewwatch.com/jew-capitalists-high-technology.html > > http://www.google-watch.org/ > http://www.google-watch.org/krane.html > > "We are moving to a Google that knows more about you." > > "their new policy makes it clear that they will be pooling all the > information they collect on you from all of their various services. > Moreover, they may keep this information indefinitely, and give this > information to whomever they wish." > > Fu<| > I for 1 am _EXCEEDINGLY_ glad that the filth that has a 6 pointed star, > that also has 6 triangles and 6 lines for its symbol, and illegally > occupies palestine coz: > > bible(KJV) [Lu19:27]> But those mine enemies, which would not that I > should reign over them, bring hither, and slay them before me. > > Yahweh speed the day. > > > > > bible(KJV) [Jn8:31]> Then said Yahushua to those j3uu5... > ... > ... > bible(KJV) [Jn8:44]> Ye are of your father the devil, and the lusts of > your father ye will do. He was a murderer from the beginning, and abode > not in the truth, because there is no truth in him. When he speaketh a > lie, he speaketh of his own: for he is a liar, and the father of it. > ... > ... > bible(KJV) [Jn8:48]> Then answered the j3uu5, and said
Re: Google employment opportunity
+1 On 10/14/07, Craig Skinner <[EMAIL PROTECTED]> wrote: > On Sat, Oct 13, 2007 at 09:08:39AM -0500, Jacob Yocom-Piatt wrote: > > >Be gentle with them, they read your mail. > > Yup, because it is a "free" service, the data remains thier property to > do with as they see fit, without informing you of WHATEVER that is. > http://www.google-watch.org/gmail.html > > > > > > > > and watch your searches, possibly index files on your computer, have > > high-resolution sattelite pictures of your home, control what can and > > cannot be advertised, choose what's "newsworthy" and cooperate with > > repressive gov'ts to stymie the free flow of information. a fair number > > of actually smart people might see a bit of a problem with this... or > > or realise that they are just being typical j3uu!sh monopolistict > businessmen like d3ll & m$: > http://www.jewwatch.com/jew-capitalists-high-technology.html > > http://www.google-watch.org/ > http://www.google-watch.org/krane.html > > "We are moving to a Google that knows more about you." > > "their new policy makes it clear that they will be pooling all the > information they collect on you from all of their various services. > Moreover, they may keep this information indefinitely, and give this > information to whomever they wish." > > Fu<| > I for 1 am _EXCEEDINGLY_ glad that the filth that has a 6 pointed star, > that also has 6 triangles and 6 lines for its symbol, and illegally > occupies palestine coz: > > bible(KJV) [Lu19:27]> But those mine enemies, which would not that I > should reign over them, bring hither, and slay them before me. > > Yahweh speed the day. > > > > > bible(KJV) [Jn8:31]> Then said Yahushua to those j3uu5... > ... > ... > bible(KJV) [Jn8:44]> Ye are of your father the devil, and the lusts of > your father ye will do. He was a murderer from the beginning, and abode > not in the truth, because there is no truth in him. When he speaketh a > lie, he speaketh of his own: for he is a liar, and the father of it. > ... > ... > bible(KJV) [Jn8:48]> Then answered the j3uu5, and said
Re: Google employment opportunity
Salut, On Sun, Oct 14, 2007 at 08:47:45AM +0100, Craig Skinner wrote: > [I hate jews] Could someone please enlighten me how this is OpenBSD related? Tonnerre [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Google employment opportunity
On 14/10/2007, Craig Skinner <[EMAIL PROTECTED]> wrote: > On Sat, Oct 13, 2007 at 09:08:39AM -0500, Jacob Yocom-Piatt wrote: > > >Be gentle with them, they read your mail. > > > and watch your searches, possibly index files on your computer, have > > high-resolution sattelite pictures of your home, control what can and > > cannot be advertised, choose what's "newsworthy" and cooperate with > > repressive gov'ts to stymie the free flow of information. a fair number > > of actually smart people might see a bit of a problem with this... or > > or realise that they are just being typical j3uu!sh monopolistict > businessmen like d3ll & m$: > http://www.jewwatch.com/jew-capitalists-high-technology.html I have a problem with that site. According to Wikipedia ( http://en.wikipedia.org/wiki/Jew_watch ): "Many, including the UN High Commissioner for Human Rights, have categorized it as an antisemitic hate site.[1]" and: "The website is owned and maintained by Frank Weltner of St. Louis, Missouri. Weltner is a member of the National Alliance, a white nationalist and white separatist organization. [2][3]" Listen mate: I'm German. Many of my immediate family were Nazi true believers during the Nazi era. My grand-uncle was in the Waffen SS, in the battalion that later did the massacre in Oradour-sur-Glane ( http://en.wikipedia.org/wiki/Oradour-sur-Glane ). My grandfather pioneered the establishment of the Hitler Youth chapter in his local area and later worked in the F|hrerhauptquartier. While my grandfather changed his views after the war, my grand-uncle never reformed. And let me tell you: That "Jew Watch" website is complete and utter shite. These paranoid eejits have it all backwards. These gobshites don't fucking know what they're talking about and are fucking deluded. Take it from somebody who knows because his own family learnt the hard way: Whatever insights the nincompoop knackers running that site believe they have, at the end of the day it all amounts to pure and unadulterated horse puckey bullshit. So some of the people working in the IT industry are Jewish. Yes? And your point is? That they're somehow doing bad things professionally because of their religion and/or family background? Get a fucking clue. In posting that link, you, Craig Skinner, have either spectacularly failed at an attempt of tasteless humour, or you are a sewer-headed bell-end with less sense than a pygmy marmoset in a persistive vegetative state. The rest of your email, wherein you even appear to be asking for Jews to be slaughtered, makes it abundantly clear which of the two it is. Sure, I still believe freedom of speech is supremely important. That does not however make you any less of a shitehawk. If you as much as dare to touch one of my Jewish fellow humans, know that people like me will be there to oppose you and your aggression . --ropers
Re: Google employment opportunity
On Sat, Oct 13, 2007 at 09:08:39AM -0500, Jacob Yocom-Piatt wrote: > >Be gentle with them, they read your mail. Yup, because it is a "free" service, the data remains thier property to do with as they see fit, without informing you of WHATEVER that is. http://www.google-watch.org/gmail.html > > > > and watch your searches, possibly index files on your computer, have > high-resolution sattelite pictures of your home, control what can and > cannot be advertised, choose what's "newsworthy" and cooperate with > repressive gov'ts to stymie the free flow of information. a fair number > of actually smart people might see a bit of a problem with this... or or realise that they are just being typical j3uu!sh monopolistict businessmen like d3ll & m$: http://www.jewwatch.com/jew-capitalists-high-technology.html http://www.google-watch.org/ http://www.google-watch.org/krane.html "We are moving to a Google that knows more about you." "their new policy makes it clear that they will be pooling all the information they collect on you from all of their various services. Moreover, they may keep this information indefinitely, and give this information to whomever they wish." Fu<| But those mine enemies, which would not that I should reign over them, bring hither, and slay them before me. Yahweh speed the day. bible(KJV) [Jn8:31]> Then said Yahushua to those j3uu5... ... ... bible(KJV) [Jn8:44]> Ye are of your father the devil, and the lusts of your father ye will do. He was a murderer from the beginning, and abode not in the truth, because there is no truth in him. When he speaketh a lie, he speaketh of his own: for he is a liar, and the father of it. ... ... bible(KJV) [Jn8:48]> Then answered the j3uu5, and said