date:20170323

Re: Encryption

2017-03-23 Thread I love BSDs

>planning to install -current on my Thinkpad T450s (SSD).
>
>I need to have several data directories encrypted, however would not mind
>whole-disk encryption. Which method would be more supported / recommended?
>Whole-disk encryption or creating a container file, loop device and then
>virtual device with the encryption layer on it?

You would need to encrypt directories with secret data, but also make sure
other places like /tmp and swap are encrypted. /tmp can be mounted in ram
and swap is encrypted by default, but keep in mind that you need
to know every place your files could be copied by system and program working
on that file.

I would use FDE. Actually I am using it and works great (BIOS-compatible
UEFI's mode). Especially if you use SSD. Often you don't know how 
firmware inside SSD works, but we know that there commonly is large
reserved space for reallocating data on most intensive used cells.
You can't be sure overwriting data inside file would actually destroy data.
The best software only way to destroy data is to never let SSD
see plaintext data. Just encrypt, use and when you would want to sell
laptop, SSD to somebody - just destroy key.

https://www.backblaze.com/blog/how-to-securely-recycle-or-dispose-of-your-ssd/
Shorter link:
https://tinyurl.com/zo4d7yc

Modern HDDs contains microcontrollers powerful enough to run Linux:
http://spritesmods.com/?art=hddhack=7
Shorter:
https://tinyurl.com/mubtdhe

May I use switch(4) instead of bridge(4) ?

2017-03-23 Thread Atanas Vladimirov


Hi,
Does any one use switch(4) to merge two or more Ethernet ports?
Can you share a working example?

I have the following config:

em0: flags=8b43 
mtu 1500

lladdr 00:15:17:bc:a9:65
index 1 priority 0 llprio 3
media: Ethernet autoselect (100baseTX full-duplex)
status: active
em1: flags=8b43 
mtu 1500

lladdr 00:15:17:bc:a9:64
index 2 priority 0 llprio 3
media: Ethernet autoselect (100baseTX full-duplex)
status: active
vether0: flags=141 mtu 1500
lladdr fe:e1:ba:d6:0d:cc
index 27 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 172.16.2.1 netmask 0xff00
switch0: flags=41
index 28 llprio 3
groups: switch
datapath 0x60d948957e032d5f maxflow 1 maxgroup 1000
em0 flags=0<>
port 1 ifpriority 0 ifcost 0
em1 flags=0<>
port 2 ifpriority 0 ifcost 0
vether0 flags=0<>
port 27 ifpriority 0 ifcost 0

There are two directly attached devices to em0 and em1 with IP 
172.16.2.31 and 172.16.2.32
In pf.conf I have skip on {em0, em1, vether, switch}. But when I try to 
ping:


[hodor]~$ ping 172.16.2.32
PING 172.16.2.32 (172.16.2.32): 56 data bytes
ping: sendmsg: No route to host
ping: wrote 172.16.2.32 64 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote 172.16.2.32 64 chars, ret=-1
^C
--- 172.16.2.32 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[hodor]~$ ping 172.16.2.31
PING 172.16.2.31 (172.16.2.31): 56 data bytes
ping: sendmsg: No route to host
ping: wrote 172.16.2.31 64 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote 172.16.2.31 64 chars, ret=-1
^C
--- 172.16.2.31 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

[hodor]~$ arp -an
Host Ethernet AddressNetif Expire
Flags
172.16.2.1   fe:e1:ba:d6:0d:cc vether0 permanent 
l

172.16.2.31  (incomplete)  vether0 expired
172.16.2.32  (incomplete)  vether0 expired

Thanks for your time,
Atanas

OpenBSD 6.1-beta (GENERIC.MP) #20: Wed Mar 15 01:49:05 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34313936896 (32724MB)
avail mem = 33269313536 (31728MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb5a0 (56 entries)
bios0: vendor American Megatrends Inc. version "2.2" date 02/20/2015
bios0: Supermicro X9SCL/X9SCM
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SPMI SSDT SSDT DMAR 
EINJ ERST HEST BERT
acpi0: wakeup devices UAR1(S4) UAR2(S4) P0P1(S4) USB1(S4) USB2(S4) 
USB3(S4) USB4(S4) USB5(S4) USB6(S4) USB7(S4) PXSX(S4) RP01

(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz, 3300.50 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,

SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,
F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 3300502120 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz, 3300.02 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,

SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,
F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz, 3300.02 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,

SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,
F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz, 3300.02 MHz
cpu3:

Re: 802.11n hostap - latency and timeouts

2017-03-23 Thread Kevin Chadwick

On 23 Mar 2017 12:30 am, "Stefan Sperling"  wrote:

On Wed, Mar 22, 2017 at 02:42:19PM +, Kevin Chadwick wrote:
> In case it is of any help to anyone. I tried 11n on a ar9271 a few weeks
> ago and also an ar2133. Both would give athn0: device timeouts but the usb
> ar9271 needed a ifconfig down up to recover whereas the card recovered by
> itself. Using 11g made them far less likely and whilst I have hardly used
> the 11b ssid, I haven't had any with 11b on the 9271 so far.
>
> Also after using 11n and getting multiple resets I had to plug the card
> into another laptop to get the firmware to load again without saying could
> not read ROM, even after reboots. So maybe some state is kept on OpenBSD
or
> more likely perhaps it was unplugged for long enough to clear the cards
> memory or something.

There is a known issue which looks like ehci(4) on some USB host controllers
does not feed sufficient power to athn(4) devices and then they won't work
reliably.



It is indeed an ehci hub, :)

Re: Encryption

May I use switch(4) instead of bridge(4) ?

Re: 802.11n hostap - latency and timeouts

3 matches

Site Navigation

Mail list logo

Footer information