Live OpenBSD Bootable i386 CD
I'm interested in building a live, bootable OpenBSD CD for forensics, cloning and data recovery. Basically, boot and try to automatically bring up any existing network interface. I'm not interesated in a GUI or play things... only good, old-fashioned Unix tools like dd, netcat, md5, etc. I've googled and found some older info about building live CDs from OpenBSD, but I wanted to ask misc to see what folks think... good idea or bad? If it seems a reasonable task and I am able to do it, I'd like to do it so that it is easy to follow -current. So when -current get's new hardware support, I can redo my live CD to take advantage of that. I think OpenBSD is a good choice for something like this as it is very simple and straight-forward, but again, I wanted to ask here for other's opinions before doing much. Thanks, -- View this message in context: http://www.nabble.com/Live-OpenBSD-Bootable-i386-CD-tp23125011p23125011.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Easiest Way to Encrypt /home
I've begun using OpenBSD on portable computers/laptops. I want to guard against theft. I can't stand the thought of some crook pawing my laptop and someone looking over my personal files... pictures of my family, my taxes, etc... it keeps me awake at night. I set the option to configure swap in sysctl.conf and I'd like to now encrypt /home (where I keep all of my personal files). I've googled, but nothing clear comes up. I'm using 4.5 current on an Asus eeepc 701 (the original one). I can reinstall and re-partition if necessary, but I'd rather not compile a custom kernel... any tips? -- View this message in context: http://www.nabble.com/Easiest-Way-to-Encrypt--home-tp23047778p23047778.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Low power OpenBSD machine
Tim Hume wrote: > > Hi, > > My current PC is not very healthy. I am considering building a new low > power consumption machine. I want something a bit more powerful than a > Soekris, but it doesn't have to be the fastest machine around. I will > be using the machine for web browsing, Email, managing my digital > photos and so on. The main requirement is that the machine is quiet > and has a low power consumption so I can leave it on all the time. > I highly recommend the newer Intel Celeron processors. They only use about 30 watts and that's when they are working hard. They stay cool and are very quiet. I use Asus or Gigabyte mother boards. If you dislike Intel, then try AMD Semprons. They are not quite as power efficent (45 watts), but they are just as quiet and a bit cooler IMO. I have several of these systems, they work really well and can be built for less than 200 dollars in the United States of America ;) (case, mobo, power supply, ram, cpu, hdd, etc) < $200.00 USD -- View this message in context: http://www.nabble.com/Low-power-OpenBSD-machine-tp23022564p23040201.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: European orders
I'm sure everything will work out in the end. I'm in the US and I've bought CDs, t-shirts and made a few donations. I give the t-shirts to friends and family. Not much. I'm just one guy, but I like OpenBSD and I enjoy doing my small part (when I'm able) to keep it going. It is the gateway to my home network and I use it in my day job as an IT security analyst. I recommend it to others. I'll never forget the first time I installed it. It reminded me of the C64 I used when I was a child. It was so simple, so straight-forward. Anyone could use it. I just could not believe that no one had turned me on to OpenBSD sooner. OpenBSD is the *only* project I have ever given my hard-earned money to although I use other operating systems... I enjoy FreeBSD just as much, but I can't say it is as simple and elegant as OpenBSD. I plan to continue buying CDs on occasion. The software we all use, love and rely on just would not be the same were it not for OpenBSD! Keep up the good work guys. And I think it's a good thing that Theo and other OpenBSD devs are straight-forward and open. I know they take a lot of flak for that at times, but to me it's just like the OS they continually improve... what you see is what you get. They don't pull punches, pretend or try to make things into something they are not. They are open and honest and at times that offends folks, but it's the right thing to do. Just a 'user' in the US. -- View this message in context: http://www.nabble.com/European-orders-tp22691694p22837499.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Where is "Secure by default" ?
L. V. Lammert wrote: > > PMFJI, but isn't the issue simpler than that? If he has a MiTM attack via > arp, doesn't that mean the attacker has access to the local subnet? > Remote access to a machine on that subnet would do. It does not have to be physical. Probably a compromised Windows box that got the ball rolling (that's been my experience anyway). Once a machine on your net is infected, the cracker may as well be physically in the building. -- View this message in context: http://www.nabble.com/Where-is-%22Secure-by-default%22---tp22414975p22426601.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Apache & PHP
Vadim Zhukov wrote: > > 1. You need shell to run shell_exec(). > > 2. You should specify path _inside_ chroot: "/test/hello". > Thanks guys. Because of your tips, I got it working. I've never dealt with a chrooted Apache before. Off to read the docs. -- View this message in context: http://www.nabble.com/Apache---PHP-tp22395513p22401565.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Apache & PHP
I compile some c code and link it statically. It's the simple 'hello world' program. I name it 'hello' and put it in /var/www/test/ I then try to execute it through php using the shell_exec function like so: $output = shell_exec("/var/www/test/hello"); echo $output; I get no output at all. Same program runs fine via shell_exec on other Apache PHP setups. Being this is statically linked and ldd shows no shared libs (the chroot should not impact it, right?) and the php.ini files does not exclude shell_exec from running... what else might be wrong? -- View this message in context: http://www.nabble.com/Apache---PHP-tp22395513p22395513.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Intel Quad Core with bsd kernel
Does anyone run regular OpenBSD (bsd instead of bsd.mp) on quad core devices? I have a few quad core processors and I do not care to or need to do SMP stuff. I'm assuming this is an OK practice? Probably a dumb question, but I wanted to ask just to make sure. -- View this message in context: http://www.nabble.com/Intel-Quad-Core-with-bsd-kernel-tp22355476p22355476.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Pre-Order Prizes
Theo de Raadt wrote: > > Or how about we skip the prizes, and Theo gets to do a bit of > development once in a while, instead of making coffee mugs and signing > CDs that are not even shipped out of the city where he lives? > > I thought the software and the ideas behind the software were enough > "juice", or should I just give up even trying? > > Is trying to make good stuff oh so 1970? > > You know, like manufacturing stuff people want... or need... locally? > > Sorry, but I am not going to spend my time making coffee mugs. > Just a suggestion. The quality and simplicity of OpenBSD speaks for itself. That's why I buy it instead of just downloading isos. You could make the prize(s) whatever you want. Coffee mug was just a dumb example. I just thought the idea might increase pre-orders. Humans will be humans. And the chance to get a prize on top of the high-quality software appeals to folks. I'll pre-order either way. -- View this message in context: http://www.nabble.com/Pre-Order-Prizes-tp22298403p22298976.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Pre-Order Prizes
I mentioned this when I pre-ordered 4.4... I think folks thought that I was joking. Do prizes for pre-orders. Nothing fancy just something like this: 1. First 50 pre-orders win a T-Shirt and Theo signs the CD case. 2. The 100th pre-order wins a coffee mug. 3. 200th " 4. 300th " 5. Do something special for the 1000th. 6. etc. Those are just suggestions. The prizes could be anything. Just an idea to juice things up and hopefully sell more CDs. I find OpenBSD extremely useful and I want to see it grow and prosper... even in hard economic times. That's why I bring this up again. -- View this message in context: http://www.nabble.com/Pre-Order-Prizes-tp22298403p22298403.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Wireless USB Adapters For OpenBSD
STeve Andre' wrote: > > You might want to try -current--it just might fix your problem. Lately > I've been doing a trick that annoys my Linux friends--I take their USB > wifi stick and stuff it into my thinkpad and use it. With very few > exceptions, it just works. > At the same time, there are chipsets to avoid entirely. RealTek 8185 for example and many times you have *no idea* what some of the less expensive cards are using this week. I've bought identical Encore cards two months apart. They had different chipsets. -- View this message in context: http://www.nabble.com/Wireless-USB-Adapters-For-OpenBSD-tp22293528p22295583.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: dm...@openbsd.org Question
J.C. Roberts-3 wrote: > > When running -CURRENT snapshots, should we send in a new dmesg every > time we install a new snapshot? > I sent one today. I seldom do, but an on board Ethernet device using (lii) that had not worked in 4.4, worked in the latest snapshot (I had not ran a snapshot since installing 4.4 release), so I thought it was worthwhile to send a dmesg... otherwise I would not have sent the email as I don't want to be a nuisance. -- View this message in context: http://www.nabble.com/dmesg%40openbsd.org-Question-tp22277561p22280624.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: tcpdump and IPv6 on OpenBSD 4.4 possible bug
I tried loading the most recent snapshot (2-28-2009) and running the tests again. Same results. I loaded some screenshots and other information here: http://filebox.vt.edu/users/rtilley/public/tcpdump It could be I'm doing something incorrectly with syntax as I don't dp this often. The exact commands I used are located there too along with the tcpdump packet capture files should someone want to have a look. BTW, the 4.5 snapshot worked great. Very smooth install and all the ports worked great too. Thanks -- View this message in context: http://www.nabble.com/tcpdump-and-IPv6-on-OpenBSD-4.4-possible-bug-tp22262234p22279791.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
tcpdump and IPv6 on OpenBSD 4.4 possible bug
While doing some testing of a commercial IDS device, we were attempting to verify the vendor's claim that the device is IPv6 capable and would detect any IPv6 attack. So, we tested both an IPv4 attack and an IPv6 attack. OpenBSD 4.4 i386 running nmap was the source of the attacks. Debian Linux was the target. The source and target ran tcpdump during the attack. The packet captures worked fine, with one exception. The IPv6 capture that occurred on the OpenBSD attacking machine, can only be read (or played back) on an OpenBSD machine. The vendor tried opening the capture on a Linux PC and a Windows PC using tcpdump and wireshark. I tried reading it myself using tcpdump on a Linux box... it did not work. I have OpenBSD 4.3 installed on another i386 and a 4.2 install on a Sparc64. Both of these machines could playback the IPv6 tcpdump captures. We ended up asking the vendor to load OpenBSD so that they could read the tcpdump file, but I wanted to post here and ask if others have seen this problem? Perhaps it's a small bug of some sort with tcpdump in OpenBSD? The tcpdump IPv4 captures worked fine and could be read on any computer using tcpdump. I can post exactly how I used tcpdump and nmap and links to test tcpdump files if that would be helpful. We carefully record the methodoly of the test. We chose OpenBSD as the source for these attacks because it was the only IPv6 machine we had that was outside of our test network and we knew it did IPv6 very well. Thanks for any advice. -- View this message in context: http://www.nabble.com/tcpdump-and-IPv6-on-OpenBSD-4.4-possible-bug-tp22262234p22262234.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Install 4.4 Sparc64 on SunFire V120
Brian Keefer wrote: > > That's weird. I have a nearly identical machine with almost the same > configuration. The only difference without checking dmesg line-by- > line is that mine has one disk drive rather than two. I'll check my > dmesg when I get home. > Thanks for the help guys. We pulled one of the drives, and after that the install worked fine. No issues at all. My friend is content with only using one drive. I would have bet money that one or two drives would not have mattered, but I would have lost... we tired to re-initialization tip before pulling a drive. That did not seem to help. We're OK now. Thanks again. -- View this message in context: http://www.nabble.com/Install-4.4-Sparc64-on-SunFire-V120-tp22210882p22212849.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Install 4.4 Sparc64 on SunFire V120
Hi guys. I'm helping a friend install 4.4 (Sparc64) on this SunFire V120 he got for free :) It's a very nice box with a working Solaris install. It boots the install.iso and proceeds to install, but when we get to the point of selecting a root disk... the only option we have is [done]. OpenBSD seems to detect both drives (sd0 and sd1) but not place them in the list to select from. My friend heard that I got OpenBSD setup on an older, similar Netra T105 so he thought I was an OpenBSD magician and could fix his issue... I am not a magician, just persistent and love using OpenBSD and not afraid to ask the experts here. I do installs on these devices very seldom... that is part of the porblem. You guys need to make a less reliable OS so that I can more practice re-installing ;) Here is the dmesg we see (sorry for the spaces... had to cut and paste it from a Hyper Terminal Window)... any advice will be much appreciated: Box = Sunfire v120 console is /p...@1f,0/p...@1,1/i...@7/ser...@0,3f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2008 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.4 (RAMDISK) #379: Mon Aug 11 18:30:02 MDT 2008 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/RAMDISK real mem = 1073741824 (1024MB) avail mem = 1030004736 (982MB) mainbus0 at root: Sun Fire V120 (UltraSPARC-IIe 648MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIe (rev 3.3) @ 648 MHz cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 512K external (64 b/ l) psycho0 at mainbus0: SUNW,sabre, impl 0, version 0, ign 7c0 psycho0: bus range 0-2, PCI bus 0 psycho0: dvma map c000-dfff, iotdb 126c000-12ec000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13 pci1 at ppb0 bus 1 ebus0 at pci1 dev 12 function 0 "Sun RIO EBus" rev 0x01 "flashprom" at ebus0 addr 0-f not configured clock1 at ebus0 addr 0-1fff: mk48t59 "SUNW,lomh" at ebus0 addr 20-23 ivec 0x2a not configured "Acer Labs M7101 Power" rev 0x00 at pci1 dev 3 function 0 not configured ebus1 at pci1 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 "power" at ebus1 addr 800-82f ivec 0x25 not configured com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo com0: console com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo gem0 at pci1 dev 12 function 1 "Sun ERI Ether" rev 0x01: ivec 0x7c6, address 00: 03:ba:27:1f:61 ukphy0 at gem0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 0x0010dd, model 0x0002 ohci0 at pci1 dev 12 function 3 "Sun USB" rev 0x01: ivec 0x7e4, version 1.0, leg acy support pciide0 at pci1 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3: DMA, chan nel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0x7cc for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 disabled (no drives) gem1 at pci1 dev 5 function 1 "Sun ERI Ether" rev 0x01: ivec 0x7dc, address 00:0 3:ba:27:1f:62 ukphy1 at gem1 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 0x0010dd, model 0x0002 ohci1 at pci1 dev 5 function 3 "Sun USB" rev 0x01: ivec 0x7e6, version 1.0, lega cy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 "Sun OHCI root hub" rev 1.00/1.00 addr 1 usb1 at ohci1: USB revision 1.0 uhub1 at usb1 "Sun OHCI root hub" rev 1.00/1.00 addr 1 ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13 pci2 at ppb1 bus 2 siop0 at pci2 dev 8 function 0 "Symbios Logic 53c896" rev 0x07: ivec 0x7e0, usin g 8K of on-board RAM scsibus1 at siop0: 16 targets, initiator 7 sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed sd0: 34732MB, 26302 cyl, 4 head, 676 sec, 512 bytes/sec, 71132959 sec total sd1 at scsibus1 targ 1 lun 0: SCSI3 0/direct fixed sd1: 34732MB, 29550 cyl, 4 head, 601 sec, 512 bytes/sec, 71132959 sec total siop1 at pci2 dev 8 function 1 "Symbios Logic 53c896" rev 0x07: ivec 0x7e0, usin g 8K of on-board RAM scsibus2 at siop1: 16 targets, initiator 7 rd0: fixed, 6144 blocks bootpath: /p...@1f,0/p...@1,1/i...@d,0/cd...@0,0:f root on rd0a swap on rd0b dump on rd0b console is /p...@1f,0/p...@1,1/i...@7/ser...@0,3f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2008 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.4 (RAMDISK) #379: Mon Aug 11 18:30:02 MDT 2008 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/RAMDISK real mem = 1073741824 (1024MB) avail mem = 1030004736 (982MB) mainbus0 at root: Sun Fire V120 (UltraSPARC-IIe 648MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIe (rev 3.3) @ 648 MHz cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 512K external (64 b/ l) psycho0 at main
packer for C++ Executbales
Hi guys, I searched the packages list, but did not see any. Does anyone use a packer such as UPX on OpenBSD? Thanks for any info, -- View this message in context: http://www.nabble.com/packer-for-C%2B%2B-Executbales-tp21715777p21715777.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Missing security announcements
Martin SchrC6der wrote: > > Why do you maintain stable by issuing security patches for it if you > don't care if anybody installs them (by not telling them about the > patches through one of the designated channels)? Don't you want > people installing them? > > Is it so hard to write a mail to the list once every few months? The > content is already there... > I just check the errata web page every now and then. When/if anything huge is discovered (very seldom) then it's slashdotted or something. So in the end, I always seem to find out somehow. -- View this message in context: http://www.nabble.com/Missing-security-announcements-tp20465932p20760480.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD 4.4 released, Nov 1. Enjoy!
David Schulz-5 wrote: > > yes, its awesome this time ! > That's like telling your wife, "You look beautiful... today." It's better to leave off the last part. "It's awesome" will suffice. -- View this message in context: http://www.nabble.com/OpenBSD-4.4-released%2C-Nov-1.--Enjoy%21-tp20269800p20448423.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: 4.4 recently installed
T D wrote: > > Hi all, > > I have installed 4.4 on a machine (ibm aptiva) with the below dmesg > output. > As I am somewhat new to this os, I would like some sugestions as to what I > could/should do with this box and no I will not rm -rf / > Any ideas/suggestions greatly apreciated. > Thanks > Tom > Are you serious? Let's see... we use OpenBSD for subversion repositories, web servers, dhcp servers, smtp servers, firewall, Gmail backup, development workstations, etc. The sky is the limit. If you have no idea what to do with this operating system, then you have no reason to install it. The least you could do is take this opportunity (as you already have OpenBSD installed) to learn a bit about Unix. Read man pages, write shell scripts, learn how to accomplish common admin tasks, apply patches, etc. -- View this message in context: http://www.nabble.com/4.4-recently-installed-tp20412765p20413019.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Oddly high load average
deraadt wrote: > > And if you really are worried, use the patch I mailed out earlier, > and the load will always be zero. Then there are no more worries! > That's both cruel and funny at the same time. -- View this message in context: http://www.nabble.com/Oddly-high-load-average-tp20384695p20388358.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: USB CD-ROM support
Tom-100 wrote: > > When (if ever) will support for installing OpenBSD with a USB CD-ROM > be added? > I use it all the time. Have for quite some time. In fact, I just installed 4.4 using a very old Iomega 2x USB cd writer. No problems at all... just slow b/c of the age of the drive. -- View this message in context: http://www.nabble.com/USB-CD-ROM-support-tp20302017p20326370.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Longest Uptime?
Lori Barfield wrote: > > SunOS 2.6 was released in 1999. if someone can really run a 9-yr-old > release of *anything* exposed to the internet without "doing much to it," > and still avoid compromise, that would be a pretty good trick. > > ...lori > Yes, I agree. But I have seen systems that old online in the year 2008. The latest one was running on 15 year old Sun hardware. SunOS 2.6. It had been hacked. I found it because it was infected with stacheldracht... remember that? One of the first DDOS tools. And it was phoning home to a handler (they did not refer to them as 'controllers' back in 1999). You'd be surprised... especially in higher-ed IT environments. Research professors with Nobel Peace prizes in science have dusty, old research labs full of systems like this... and yes, they are online :) -- View this message in context: http://www.nabble.com/Longest-Uptime--tp20219082p20306106.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: new home box for secure data storage
Douglas A. Tutty-2 wrote: > > If the box is running but no users are logged-in, why can't the data be > encrypted and therefore private? > It can be. Use OpenSSL or GnuPG or PGP symmetrically (only store the passphrase in your head) in addition to volume/disk level encryption. Tar up your secret files, encrypt the tar file and then remove the secret files. When you need to read the secret files, decrypt the tar and then extract what you need. Wash, rinse and repeat. Cron a sh script to dd /dev/zero onto the home partition until it's full (don't want sophisticated guys viewing your unallocated space)... know what I mean? Man, this is getting a bit paranoid. -- View this message in context: http://www.nabble.com/new-home-box-for-secure-data-storage-tp20235167p20275760.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Longest Uptime?
I know. Longest uptime is silly, macho, pointless stuff... but I ran across an old SunOS 2.6 box that had been up for 387 days. It had been hacked. The only reason it was not an open mail relay is that /var was full. So, I thought to myself, "I bet I could run an OpenBSD box for that amount of time or longer without getting hacked and without doing much to it." Just wondering what's the longest OpenBSD uptime some folks on misc have seen? Thanks -- View this message in context: http://www.nabble.com/Longest-Uptime--tp20219082p20219082.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
4.4 is Awesome
Pre-orders are worth the money, save up 50 bucks (that's just 8 dollars and 33 cents a month over 6 months time). I've only been a dedicated user since 4.2 release, but once you go OpenBSD, you can't use anything else. This has got to be the simplest, most straight-forward, most logical operating system available today. OpenBSD reminds me of the fun I had on my Dad's C64 back in 1982. Thanks to all the devs who make it possible. -- View this message in context: http://www.nabble.com/4.4-is-Awesome-tp20191655p20191655.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Switch License From GPL to BSD/ISC
Has anyone on misc every written source code, released it under the GPL and then later switched the license to BSD or a similar license? This is something I am considering. I understand that GPL cannot be revoked, etc. However, as I hold the copyright, I should be able to do a new release and from that point forward use BSD license, right? I will still keep a copy of 1.5 under the GPL, but no longer maintain it. While 2.0 and forward will be BSD and actively developed. I've been researching this some, and I wanted to ask those on misc who may have already done something such as this for their advice. Thanks -- View this message in context: http://www.nabble.com/Switch-License-From-GPL-to-BSD-ISC-tp20094789p20094789.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: New cpuid code to test
Tobias Weingartner-2 wrote: > > make cpuid && ./cpuid | mail -s 'cpuid output' [EMAIL PROTECTED] > Perhaps this is implied by 'make', but for the sake of clarity, I did it like this: gcc cpuid.c -o cpuid | ... And it worked OK. -- View this message in context: http://www.nabble.com/New-cpuid-code-to-test-tp20060609p20067491.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
4.4 Packages
First time I've pre-ordered. Wondering when the 4.4 PKG_PATHs will be available so that I can add packages? -- View this message in context: http://www.nabble.com/4.4-Packages-tp20049487p20049487.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: 4.4 arriving in the U.S.
4.4 CDs arrived in Virginia (east coast USA). Thanks... the T-Shirt is cool too. -- View this message in context: http://www.nabble.com/4.4-arriving-in-the-U.S.-tp19978347p19985423.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: BSD Port from OpenJDK
Kurt Miller-3 wrote: > > Your negativity sucks. Porting Java to OpenBSD was and is not > a trivial effort. It also serves as an excellent test bed for > threads, the runtime linker and large memory applications. > > That was meant as a joke. I got 4.4 today and it had a sticker poking fun > at Java. (Java wants you to sell out Solo! NDA, etc.) My comment was meant > in the same spirit. But really... for some folks... Java just sucks, but > at the same time, I appreciate folks (like you) who make it suck less. > Nothing personal, OK? > -- View this message in context: http://www.nabble.com/BSD-Port-from-OpenJDK-tp19884864p19984974.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: BSD Port from OpenJDK
Ben Adams-3 wrote: > > Just wondering if this will effect OpenBSD with java: > Per the interim governance guidelines for Projects [1] I'm pleased > to announce the creation of the BSD Port Project > Java is nasty. There... I said it and it is true. The goopy OOP of Java will tarnish anything it touches. Personally, I hope Java (in all of its virtual glory) never makes it into OpenBSD at all. Real men will cry man tears when OpenBSD ships with Java. -- View this message in context: http://www.nabble.com/BSD-Port-from-OpenJDK-tp19884864p19975609.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Best Way to get OpenBSD installed on Sun Blade 1000/2000
Vivek Ayer wrote: > > Do you get to see anything before you press Ctrl+Break. > Yep... looks like this: Netra t1 (UltraSPARC-IIi 440MHz), No Keyboard OpenBoot 3.10.27 ME, 1024 MB memory installed, Serial #14272968. Ethernet address 8:0:20:d9:c9:c8, Host ID: 80d9c9c8. Boot device: disk File and args: OpenBSD IEEE 1275 Bootblock 1.1 ..>> OpenBSD BOOT 1.2 Trying bsd... -- View this message in context: http://www.nabble.com/Best-Way-to-get-OpenBSD-installed-on-Sun-Blade-1000-2000-tp19946248p19947474.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Best Way to get OpenBSD installed on Sun Blade 1000/2000
Vivek Ayer wrote: > > Well...i have the install43.iso cd. I don't think choosing the media > is my problem. What's the quickest way to see a OpenPROM ok prompt on > a foreign machine? What commands do I use (e.g., cu, tip, etc.)? If I > can get an "ok" prompt, I'm golden. > I normally connect via a Windows hyper terminal to my Sun boxes... To get an ok prompt from a Windows hyper terminal press: 'Ctrl'+'Break' That's equivalent to 'Stop-A' on a Solaris keyboard. -- View this message in context: http://www.nabble.com/Best-Way-to-get-OpenBSD-installed-on-Sun-Blade-1000-2000-tp19946248p19947124.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Best Way to get OpenBSD installed on Sun Blade 1000/2000
Vivek Ayer wrote: > > So assuming the cable is the right cable, in short, what would I have > to do to install OpenBSD on a sparc64 from a i386 console? > I've used the miniroot method on Sun Netra's with good results. See this URL: http://openbsd.org/sparc.html -- View this message in context: http://www.nabble.com/Best-Way-to-get-OpenBSD-installed-on-Sun-Blade-1000-2000-tp19946248p19946644.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Rosetta Stone for Unix
Steve Shockley wrote: > > OpenBSD users can't shut down the system, either... > Hmmm... `shutdown -ph now` works OK for me. Is this an inside joke or something? I don't get it. -- View this message in context: http://www.nabble.com/Rosetta-Stone-for-Unix-tp19890925p19903293.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Question about cpu temp in sysctl hw.sensors
I get this output: hw.sensors.cpu0.temp0=39.00 degC hw.sensors.lm1.temp0=45.00 degC hw.sensors.lm1.temp1=22.00 degC hw.sensors.lm1.temp2=31.50 degC hw.sensors.lm1.fan1=2070 RPM But, I'm rather certain that the third line (22.00 degC) is the actual temp of the CPU as this is what the BIOS reports as well as other operating systems (I quad boot this box). This is an under-clocked Intel Celeron cpu under very little load with good fans, so while low, that temp of 22 degC is most likely correct. How does OpenBSD gather this temp? cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Celeron(R) CPU 430 @ 1.80GHz, 907.57 MHz -- View this message in context: http://www.nabble.com/Question-about-cpu-temp-in-sysctl-hw.sensors-tp19868637p19868637.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD 4.4 pre-orders
Theo de Raadt wrote: > > Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at > > http://www.openbsd.org/orders.html > > Do the first X number of pre-orders get autographed... or something :) -- View this message in context: http://www.nabble.com/OpenBSD-4.4-pre-orders-tp19318881p19320510.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Shuttle K-4500-N Celeron
I was considering buying one of these (cheap, small and quiet) to be used as an OpenBSD firewall. It has one free slot for an additional NIC. Has anyone ran OpenBSD on one of these before? I can't try before buying. Here are the hardware details: http://www.newegg.com/Product/Product.aspx?Item=N82E16883104035 Thanks, Brad -- View this message in context: http://www.nabble.com/Shuttle-K-4500-N-Celeron-tp19309013p19309013.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Pre-Order 4.4
When can 4.4 be pre-ordered? Thanks, Brad -- View this message in context: http://www.nabble.com/Pre-Order-4.4-tp19253902p19253902.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
new_guy wrote: > > > > Marco S Hyman wrote: >> >> "Brad Tilley" writes: >> > performed from the OpenBSD 4.2 install CD. I'll send it to the one >> > 'ISO Certified' company that agreed to examine it. If they cannot >> >> You keep throwing around the 'ISO Certified' tag as if it had some >> special meaning. Certified to what standard? >> > > I'm just parroting the *one* data recover company's marketing hype that > agreed to take the drive. They make this claim: > > "ISO 9001 - 2000 certified" > > I'm working on putting a website up now where I'll fully disclose the > details. Lots of pictures and details. I will attribute the dd used to > OpenBSD (the best OS on the planet bar none... although the dd on the > install CD did not support the conv option... I would have liked to have > done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to > put this myth to rest... where it belongs. > The Great Zero Challenge - "It is noble and just to dispel myths, falsehoods and untruths." http://16systems.com/zero/index.html -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p15058799.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: WAY OT:Re: delete deleted data
Diana Eichert wrote: > > Eric if you were in MI (I really want to make a joke, but I won't) > then you know that techniques related to data recovery from hard > drives would be classified. The intelligence community is not > prone to publicaly publish whitepapers on their operations. > > diana > I know how they do it. I have a friend who knows a guy that once worked for some government agency. Once my friend's friend had a bit too much to drink at a dinner party and he spilled the beans. He said that they divide the hard disk platters by zero and the data just automatically reassembles itself. He never actually saw it done, but he's positive that is the method used. Apparently only God and Governments actually know how to divide by zero :) -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14619902.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
Marco S Hyman wrote: > > "Brad Tilley" writes: > > performed from the OpenBSD 4.2 install CD. I'll send it to the one > > 'ISO Certified' company that agreed to examine it. If they cannot > > You keep throwing around the 'ISO Certified' tag as if it had some > special meaning. Certified to what standard? > I'm just parroting the *one* data recover company's marketing hype that agreed to take the drive. They make this claim: "ISO 9001 - 2000 certified" I'm working on putting a website up now where I'll fully disclose the details. Lots of pictures and details. I will attribute the dd used to OpenBSD (the best OS on the planet bar none... although the dd on the install CD did not support the conv option... I would have liked to have done conv=noerror,sync). I plan to ship the drive off tomorrow. I plan to put this myth to rest... where it belongs. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14608861.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
Marco Peereboom wrote: > > bullshit. > I decided to put my money where my mouth is :) I bought a 80GB, Western Digital IDE hard drive. $60 USD. Attached it to a Windows XP laptop (usb-ide bridge), initialized it, created one (1) primary partition, formatted it NTFS and copied an older subversion repository to it. I documented and screen-shot the entire process. I then booted the laptop with an OpenBSD 4.2 install CD and selected the 's' option and ran dd like this on the hard drive: dd if=/dev/zero of=/dev/rsd0c I called three (3) well-known data recovery companies. Two of them said recovery was not possible after the dd procedure, one of them said they'd be willing to try so long as no other data recovery company had opened the HDD case and offered to do a free analysis in one of their ISO certified labs. I'm sending the drive off tomorrow, I'll let you know in a few weeks how it turns out. Brad -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14604134.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
Marco Peereboom wrote: > > Grind them up. There is nothing else you can do to "permanently" wipe > disks. Residual magnetism is always there provided good enough > equipment. If your data is that sensitive there is nothing else but the > grinder. > Be sure that you do this yourself or personally witness the act. I just experienced this myself where a contractor was *paid* money to grind up hard drives in a bunch of old Sun hardware before the equipment was auctioned off online. The contractor even issued 'certificates of destruction' for the drives... long story short, the drives had not been destroyed. They were intact, untouched, not even a software wipe. The drives booted and worked fine. A simple 'boot cdrom -s' to change the root passwd was all it took to view the hard drive's content. -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14562122.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
xSAPPYx wrote: > > Someone linked me this article a couple calling into question the > ability to actually read overwritten data: > http://www.nber.org/sys-admin/overwritten-data-guttman.html > > I'de love to read something from the other side, showing real examples > of getting usable data off of a disk that has been overwritten / wiped > / etc > > any links or info? > Not possible on today's drives. In fact, according to NIST, one overwrite with only zeros is sufficient. See The National Institute of Standards and Technology (NIST) Special Publication 800-88, "Guidelines for Media Sanitation." -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561973.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: delete deleted data
Jon-113 wrote: > > Is there any program for OpenBSD that will clean up the disks so that > deleted files cannot be recovered. > /dev/zero or /dev/urandom either will work fine (the first being quicker than the last) -- View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561483.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: sparc64 on Sun Netra T1 with external CD Drive
Darrin Chandler wrote: > > It's been a while, but iirc you can just do "boot cd" instead of all the > other happy horseshit. > There was no internal IDE CD drive. So boot cd would not work... "failed to find boot device" So that extra horse shit (and I agree 100% that it is horse shit) was, unfortunately required. I ended-up RTFM and dd'ing floppy42.fs (which could not see the SCSI drives) but miniroot42.fs could. I got OpenBSD installed and it was *so* sane compared to Solaris. God I love this OS. Thanks for all the hard work guys! My apologies again for being so verbose! -- View this message in context: http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14534622.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: sparc64 on Sun Netra T1 with external CD Drive
Sorry for all the posts. I figured it out. I dd'ed floppy42.fs to one of the unused drives and booted that way. -- View this message in context: http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14526801.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: sparc64 on Sun Netra T1 with external CD Drive
Still no go. However, it doesn't appear to be a OpenBSD specific issue. FreeBSD and Debian CD installers won't boot from the external CD drive either. Currently, I can boot the machine with a Solaris install CD or from Solaris that had been installed on the HDD prior to me receiving the computer. Can I copy bsd.rd onto one of the drives and then boot from that to install? I also applied Sun's latest firmware to OBP, just to make sure things were current. Thanks again, Brad -- View this message in context: http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14526293.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
sparc64 on Sun Netra T1 with external CD Drive
Hi again, >From the ok> prompt, I'm doing this: boot /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL PROTECTED],0:f This boots the Solaris install CD OK, but not OpenBSD 4.2 CD. Any tips? Thanks, Brad -- View this message in context: http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14518767.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Perpetually Current
I would like to install OpenBSD *once* and keep it patched and secured for many years there after (5 - 7 years) in a production environment. Would it be feasible to get a snapshot today and follow -current for many years w/o having to reinstall? Basically, this approach would skip -stable and -release and always be -current. I understand the implications of being current and that things might change and break and may need re-configuring on occasion. I'm OK with that... I just don't want to reinstall a -release every year... although I'll still buy CDs as they are released to support the project. Thanks, Brad -- View this message in context: http://www.nabble.com/Perpetually-Current-tp14513618p14513618.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
GnuPG2 package or port
I've looked, but can't find it. Before getting the source and compiling, is this somewhere in ports? Thanks, Brad -- View this message in context: http://www.nabble.com/GnuPG2-package-or-port-tp14375855p14375855.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
SunOS 5.9 UFS drives
Hi guys, I just received an old Sun Netra T1 (105) that has an older version of Solaris (SunOS 5.9). It has two 18GB SCSI drives, no cd or floppy drives. There is a serial/LOM port that I can access and dual Ethernet ports. I can get the ok prompt (Stop-A), the LOM prompt and boot SunOS in various modes... just can't log on. I plan to install OpenBSD onto it by doing a net boot/install, but before doing so, I'd like to attempt to mount the current drives or at least dd them to files. The Solaris install has a root password that I do not know. boot -s works, but it still prompts for root password. Will a net boot with a bsd.rd kernel allow me to dd the drives before installing OpenBSD? Thanks, Brad -- View this message in context: http://www.nabble.com/SunOS-5.9-UFS-drives-tp14362206p14362206.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: freeBSD7.0 advertised.
badeguruji wrote: > > Hello, > > Is there anything on OpenBSD like the one below for > FreeBSD. It presents material very clearly and > cleanly, makes look freebsd very attractive. > > http://people.freebsd.org/~kris/scaling/7.0 Preview.pdf > > Thank you. > > -BG > > > ~~Kalyan-mastu~~ > > > All the BSDs have strong points. If I needed a box with 8 dual core CPUs for heavy computation, I'd probably use FreeBSD. If I needed an ultra-secure DNS box, a VPN or a world-class firewall, I'd use OpenBSD. The old, "right tool for the job" approach. -- View this message in context: http://www.nabble.com/freeBSD7.0-advertised.-tp14236191p14244508.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: [OT] Signing messages: S/MIME vs OpenPGP ?
Benjamin M. A'Lee-2 wrote: > > Also I assume you mean MUA, not MTA, since I don't know of any MTAs that > directly support either PGP or S/MIME... > > Ben > Yes, sorry, it was late, I was tired, but at least I was consistently wrong ;) -- View this message in context: http://www.nabble.com/-OT--Signing-messages%3A-S-MIME-vs-OpenPGP---tf4965442.html#a14228844 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: [OT] Signing messages: S/MIME vs OpenPGP ?
viq-2 wrote: > > > Q: Why bother signing messages at all? > A: Because I feel like it. > > Yes, I know inline signing is frowned upon, and MIME won't make it do > the list, but that's besides the point as well. > > > So, having gotten that out of the way, do you have any opinions on > either? The architecture behind it, the technology being used, social > implications, and so on. Which one would you choose, and why? Who would > you get your keys signed by? > > I just thought I'd ask, seeing as there seem to be at least a few people > with knowledge backing up opinions on similiar subjects. > -- > viq > > > S/MIME is much more complex (IMO), but you'll find that more MTA's support it. One can also get free Thawte certs for signing/encrypting (but I think they are mostly intended for sigs as they expire yearly). Lots of organization set-up their own CAs (colleges do this often) downside to this is that the certs/sigs are only recognized internally so outside the institution the sigs are useless... that's where something like the Thawte certs come into play. But, then you have the Web of Trust (WOT) and need to find WOT notaries to confirm your ID so that you can get so many points... enough to actually attach a name to the email, national ID, etc. Is your head spinning yet? S/MIME *is* complex! Personally, I like PGP much better as it's much simpler (IMO). It's been around awhile (1991) as has been thoroughly tested. Gnupg has come a long way too... works just as well on Windows as it does on OpenBSD and Linux now. More problems with MTA's. Initial setup can be awkward for non-technical users. Backup the private keys, gen revoke certs, etc. It seems that most companies use PGP to sign stuff, while individuals may be more inclined to use S/MIME for MTA reasons. I use both, but prefer PGP for the simplicity. Just my 2 cents, Brad -- View this message in context: http://www.nabble.com/-OT--Signing-messages%3A-S-MIME-vs-OpenPGP---tf4965442.html#a14225222 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: rouge IPs / user
badeguruji wrote: > > I am getting constant hacking attempt into my computer > from following IPs. Although, I have configured my ssh... > This is so common that we ignore it at Virginia Tech. Some days, we log 20k - 30k ssh brute force attempts... I'd like to track 'em down and string 'em up too, but I've got better things to do and really, it's quite harmless :) -- View this message in context: http://www.nabble.com/rouge-IPs---user-tf4963521.html#a14225107 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
Daniel Bosk wrote: > > Brad, you really did start some thread. Starting with a rather > innocent question. Interesting reading though. > > My best to all of you, > > Daniel > Thanks, I love OpenBSD. I see the lack of signed code and signed communication as a potential security issue. It *has* happened to other projects and I'd hate to see it happen to OpenBSD. I'd love to see PKI (specifically developer key pairs) incorporated into OpenBSD at some point... it's such a great project that produces a great product! Whatever happens, I will continue buying the CDs, T-shirts and telling my IT buddies to use it!!! All the best, A guy who claims to be Brad Tilley :) -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14204037 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
Bob Beck-2 wrote: > > If you want a secure binary. buy an official CD.. This is > what most people do. PKI requires infrastructure that would cost OpenBSD > money and developer time. Official CD's keep OpenBSD alive. > > Oh wait, we should devote resources to people who care about > security, just not enough to spend $50 on it.. Yeah. I'll get right > on that. > > -Bob > One last thought. You insinuate in this post that I do not buy CDs or support OpenBSD. I claim that I do. There is a person listed by my name on the donations page... but since I was not given the opportunity to digitally sign my donation ;) I could just be impersonating that person. How is that for irony? I'll go away now. Thanks, Brad -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
BOFH-5 wrote: > > Would you consider Bruce Schneier to be knowledgeable about PKI? Have you > read: > http://www.schneier.com/paper-pki.html > Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys as you seem to. In fact, he has a few of his own: Bruce Schneier <[EMAIL PROTECTED]> 0x4C92D93D 20481997/10/16 Never Bruce Schneier <[EMAIL PROTECTED]> 0x7EDE4C65 10241995/09/26 Never Look him and his company Counterpane up yourself: http://keyserver.veridis.com:11371/ -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176573 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
Nick Guenther wrote: > > Well, there's the MD5 files (e.g. > http://openbsd.arcticnetwork.ca/pub/OpenBSD/4.2/i386/MD5). > but yeah, for the most part OpenBSD doesn't need it. > -Nick > Could you explain in more detail? Why doesn't OpenBSD need to use pgp keys? Really, I'm not trying to start anything, I just want to understand. Especially since everyone else seems to do it. FreeBSD, NetBSD, Linux Kernel, etc... they all employ some sort of PKI mechanism... so how does OpenBSD handle these sort of things? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
Harpalus a Como wrote: > > What is the benefit of doing so? What's the point? Is the website so > likely > to be hacked into, that the developers need to sign all communication just > to ensure that it comes from them? There's absolutely no need to signing > errata or official communications. Name one justifiable use for them. If > the > OpenBSD developers didn't care about "secure communications", then OpenSSH > would not exist. > Can you dismiss PKI and the benefits that OpenPGP signatures provide to your user community? Knowing that xyz binary is signed by OpenBSD for distribution or abc email came from an official OpenBSD source is a good thing. Trojaned binaries and forged emails happen. PKI can help mitigate this. The benefit of PKI is widely known and accepted and does not need to be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of) does not use it, that's all I'm saying. I also thought there would be a real reason for not doing so and there may in fact be and I may just be unaware of it. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Code signing in OpenBSD
Lars Hansson-5 wrote: > > No. OpenBSD doesn't sign code. > > --- > Lars Hansson > Oh that surprises me, are OpenPGP signatures used for anything? Errata, official communication, etc... maybe this is a stupid question, by it seems everyone does it these days... even small software projects. Not being critical of OpenBSD (I love it and buy CDs) just curious as to the reasoning for not using pgp/gpg keys to sign stuff, secure communication, etc. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Code signing in OpenBSD
I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process described someplace? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14164451 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD version / build question
> 375, 410, 468: > Are these build numbers? Yes. So, the current stable kernel is 0? OpenBSD amdthunder.home.local 4.2 GENERIC#0 i386 OpenBSD black.cirt.vt.edu 4.2 GENERIC#0 i386 -- View this message in context: http://www.nabble.com/OpenBSD-version---build-question-tf4923181.html#a14163491 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: License Violation - ksh
Pedro de Oliveira wrote: > > Hello, > Someone on IRC just posted this link http://www.delilinux.de/oksh/ , seems > like someone ported OpenBSD ksh to Linux and licensed it under GPLv3. > Isn't > this a license violation? > > The ksh in OpenBSD is the pdksh (Public Domain). Slap a license on it if > you like, it matters not. > > > -- View this message in context: http://www.nabble.com/License-Violation---ksh-tf4932920.html#a14163439 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Port compile and package install problem for vim and bash
Do you have xbase42.tgz installed ? http://www.openbsd.org/faq/faq1.html#WhatsNew Yup, that fixed my pkg_add errors as well. IMO, it seems best to specify 'all' when installing... even if you don't use any X components. -- View this message in context: http://www.nabble.com/Port-compile-and-package-install-problem-for-vim-and-bash-tf4892015.html#a14011333 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Question about AnonCVS Instructions
What is the difference between these two cvs commands? I know what the first one does... checks out the source code to stable and assumes a CVSROOT is around... but is the second command not the same? I understand all the options... except for 'get'... how is that different from checkout? cvs checkout -P -rOPENBSD_4_2 src cvs -qd [EMAIL PROTECTED]:/cvs get -rOPENBSD_4_2 -P src Also, if one has the source tar files, neither of those commands are needed, right? Won't this alone do (assuming the tar files have been extracted to the appropriate areas): # Do this for /usr/src /usr/ports and /usr/src/xenocara cvs -q up -rOPENBSD_4_2 -Pd OpenBSD docs are rather good, but IMO, "http://openbsd.org/anoncvs.html"; could be simplified somewhat. -- View this message in context: http://www.nabble.com/Question-about-AnonCVS-Instructions-tf4886332.html#a13985918 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD in the webcomic XKCD
Richard Wilson-5 wrote: > > http://www.xkcd.com/349/ > In response to the comic after recently coming back to OpenBSD after many years of not using it often, I found it refreshingly simple and easy to install compared to the average Linux stuff out today! Dual-boot, single-boot, etc... it's all very straight-forward with some of the best man pages anywhere! Quickest install of any Unix-like OS... I can do it in 2 - 5 minutes with my eyes closed... how the comic strip dude ended-up ruining two systems and being threatened by sharks is beyond me... I think the chick needs to get a new boyfriend :) -- View this message in context: http://www.nabble.com/OpenBSD-in-the-webcomic-XKCD-tf4874348.html#a13962015 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: ssh session died during 'make build'
Hey guys, I got whacked off-line with a clue stick about using screen or nohup to prevent this sort of thing in the future... OK, will do but, since 'make build' was interrupted, does anything 'special' need to be done like a make clean, etc? Or do I just redo the initial commands to build the binaries: rm -rf /usr/obj/* cd /usr/src make obj cd /usr/src/etc && env DESTDIR=/ make distrib-dirs cd /usr/src make build Thanks, Brad -- View this message in context: http://www.nabble.com/ssh-session-died-during-%27make-build%27-tf480.html#a13962081 Sent from the openbsd user - misc mailing list archive at Nabble.com.
ssh session died during 'make build'
Hi guys, While updating 4.2-release to 4.2-stable remotely over a SSH session, the SSH session died during the 'make build' stage of rebuilding the binaries... I think make build had almost completed. I was following the instructions located here: http://openbsd.org/stable.html Question, will this screw things up? I can SSH in again now that the network is back up and things seem fine. Is there anything to do to make sure 'make build' completed properly, or should it be redone? Thanks, Brad -- View this message in context: http://www.nabble.com/ssh-session-died-during-%27make-build%27-tf480.html#a13958135 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Connectivity Issues with Linksys 802.11 USB Adapter
Girish Venkatachalam-2 wrote: > > > Can't you bridge them or create separate subnets and route them? > > Is trunking the purpose here? > > Just wondering > It was just an experiment. I was trying to do some funky routing through the wireless interface. I'll play with it some more. Thanks to all for the tips! Brad -- View this message in context: http://www.nabble.com/Connectivity-Issues-with-Linksys-802.11-USB-Adapter-tf4802127.html#a13747739 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Connectivity Issues with Linksys 802.11 USB Adapter
Hi guys, I have a Linksys WUSB11 v2.8 802.11 USB wireless adapter on a fresh OpenBSD 4.2 install. It is recognized as an atu0 device. Internally it works great. I can ping all of the IPs inside the gateway (and ping the gateway) and browse to internal web sites, etc. Externally, I have no connectivity on atu0, but I can get outside on my wired (fxp0) interface. Here's the relevant portion of my ifconfig with the wired (fxp0) interface down: fxp0: flags=8843 mtu 1500 lladdr 00:50:8b:67:04:60 groups: egress media: Ethernet autoselect (none) status: no carrier inet 192.168.0.254 netmask 0xff00 broadcast 192.168.0.255 inet6 fe80::250:8bff:fe67:460%fxp0 prefixlen 64 scopeid 0x1 atu0: flags=8843 mtu 1500 lladdr 00:0c:41:56:f4:30 groups: wlan egress media: IEEE802.11 autoselect (DS1 mode 11b) status: active ieee80211: nwid NETGEAR chan 11 bssid 00:0f:b5:c5:31:7e 87% inet 192.168.0.127 netmask 0xff00 broadcast 192.168.0.255 inet6 fe80::20c:41ff:fe56:f430%atu0 prefixlen 64 scopeid 0x4 I've tried adding atu0 to the 'egress' group, but still no go. Any ideas? Thanks, Brad -- View this message in context: http://www.nabble.com/Connectivity-Issues-with-Linksys-802.11-USB-Adapter-tf4802127.html#a13739799 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Security Comparisons
Darren Spruell wrote: > > > Sadly, justifying the obvious through these means is often a requirement. > > Here's an approach you might consider. Take a best practice / > standards guide such as from NIST: > > http://www.itl.nist.gov/lab/bulletns/bltndec02.htm > http://csrc.nist.gov/publications/drafts/800-44-Version2/Draft-SP800-44v2.pdf > > And for the points your organization feels are important (like what > you've listed above), map how OpenBSD's implementation and OS approach > addresses those points. > Thanks... that's a good suggestion. I found the Secunia OS advisories very telling as well. Comparing OpenBSD 3.x (85 Advisories) to Debian 3.x (577). http://secunia.com/product/ -- View this message in context: http://www.nabble.com/Security-Comparisons-tf4779123.html#a13676309 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Security Comparisons
If this is off-topic, I apologize. Just tell me and I'll go away ;) I'm having discussions with a coworkers about moving to OpenBSD for Apache/PHP web hosting. Right now, we use various Linux distros. I have no problem with that. Linux is cool... but it's takes more time to secure and manage. I like the Suhosin (Hardened PHP patch in OpenBSD's PHP package) and the fact that Apache is chrooted by default. We even uploaded some php exploit code onto a test OpenBSD box (r57shell) to see how well it contained the exploit. It worked well. All of these demos and discussions are informal. So here's the question: Are there any formal/corporate comparisons that demonstrate the enhanced security of OpenBSD when compared to other solutions in this space that we can provide to upper management? I know this seems odd, but our managers ask for these types of things... even when the solution speaks for itself and has a strong history of security. IMO, OpenBSD doesn't need to be 'sold' as as security solution as it sells itself, but others feel differently. Many thanks to any who can offer advice, Brad -- View this message in context: http://www.nabble.com/Security-Comparisons-tf4779123.html#a13671831 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: I've done something stupid
Aaron Martinez wrote: > > > can you log in using single user mode? > > boot> boot -s > > then change it? > > Aaron > > I forgot to mention the box was headless. I had to return to the site. I > was hoping there was some other way to make the fix... not matter now. I > visited the site this morning and made the change. Thanks again, Brad > > > -- View this message in context: http://www.nabble.com/I%27ve-done-something-stupid-tf4775501.html#a13671503 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: I've done something stupid
Aaron Martinez wrote: > > > can you log in using single user mode? > > boot> boot -s > > then change it? > > Aaron > > Thanks to all! I'm back up and running. I just feel like an idiot :) > > > -- View this message in context: http://www.nabble.com/I%27ve-done-something-stupid-tf4775501.html#a13667702 Sent from the openbsd user - misc mailing list archive at Nabble.com.
I've done something stupid
Somehow as root, I changed my shell to a non-existent shell '/bin/tcsh' on OpenBSD 4.2 When I try to su, I get this error: su: /bin/tcsh: No such file or directory I can't login as root, ssh in as root or su to root. I'm not in the sudoers file (but I am in the wheel group) so I can't sudo chsh for root. Any suggestions. I just set the box up today. It's been years since I used OpenBSD. I'm a bit rusty and duller than I once was :) Thanks, Brad -- View this message in context: http://www.nabble.com/I%27ve-done-something-stupid-tf4775501.html#a13660801 Sent from the openbsd user - misc mailing list archive at Nabble.com.