Darrin Chandler wrote:
> On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote:
>> Make sure you have restarted Firefox after making changes to
>> /etc/resolv.conf. Specifically, the application-level DNS cache will
>> contain old data if you have not restarted it. This bit me for 3
>> minutes st
Since some time ago it became impossible to run JVMs on my 4.1 box. I can't
seem to figure out what's wrong, probably something easy and stupid...
[EMAIL PROTECTED] /usr/local/jdk-1.5.0/bin/java&
[1] 28689
[EMAIL PROTECTED] #
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#
Matthieu Herrb wrote:
> David H. Lynch Jr. wrote:
>
>> I have tried to install Gnome on two different machines running
>> OpenBSD 4.2.
>> The first machine ran Gnome fine under OpenBSD 4.1 (though there
>> were other problems)
>>
>> One both machines - fresh installs gdm starts I
Hi,
I'm currently trying to configure small home network:
ADSL > Server / Firewall > Desktop
Now I'm working on building a proper firewall to my server. So far the
situation is following:
- Servers internet connection works
- Desktop receives IP, nameserver and default route from server'
Peter Hessler wrote:
> try enabling acpi at the bootloader prompt..
>
> boot -c
> enable acpi
> exit
>
Thanks !
that did the trick.
> On 2007 Oct 24 (Wed) at 13:58:29 -0400 (-0400), David H. Lynch Jr. wrote:
> :I am trying to complete a new install of OpenBSD 4.2 on an HP
> :Pavillion dv8000
Kevin Stam wrote:
> ... failed to satisfactorily explain why running a specific application
> in a VM is more secure then running it in a standard OS. It's nonsense that
> you think it's more secure that way. It saves a lot of money, yes -- you
> don't necessarily want a separate box just to run an
On 10/24/07, Jonathan Gray <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 24, 2007 at 12:32:19PM -0600, Daniel Melameth wrote:
> > I have, what appears to be, v1 of this card, but I get the following from
> > dmesg--even when booting from the latest snapshot of cd42.iso:
> >
> > Intersil, ISL3890, -, - (
On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote:
> Virtualization provides near absolute security - DOM0 is not visible to
> the user at all, only passing network traffic and handling kernel calls.
> The security comes about in that each DOMU is totally isolated from the
> the others, while th
On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote:
> I have no clue what you're trying to say??? The original comment was the
> the number of vulnerabilities is a inverse measure of the security risk
> associated with a given OS.
Please stop feeding this trolling. LV you should know better --
i
On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote:
> Make sure you have restarted Firefox after making changes to
> /etc/resolv.conf. Specifically, the application-level DNS cache will
> contain old data if you have not restarted it. This bit me for 3
> minutes straight after needing to redir
On Wed, Oct 24, 2007 at 12:32:19PM -0600, Daniel Melameth wrote:
> I have, what appears to be, v1 of this card, but I get the following from
> dmesg--even when booting from the latest snapshot of cd42.iso:
>
>
>
> Intersil, ISL3890, -, - (manufacturer 0xb, product 0x3890) "Intersil Prism
> GT/D
Make sure you have restarted Firefox after making changes to
/etc/resolv.conf. Specifically, the application-level DNS cache will
contain old data if you have not restarted it. This bit me for 3
minutes straight after needing to redirect an address.
Karel Kulhavy wrote:
> I want to make my OS re
thanks for the response. I'll give that a read, and a try.
where are you getting 4.2? the web site only shows 4.1 as being released.
metajunkie
On 10/24/07, Nick Holland <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > all,
> >
> > I'm happy to read whatever I need to, in order to get
> only an idiot would think that separatey
> physical machines would NOT increase security
Many IBM PCs vs IBM mainframe
Many mailboxes vs Fort Knox.
Many avenues of attack vs few.
People learn to count in kindergarden.
On Wed, Oct 24, 2007 at 08:55:14PM -0400, Nick Holland wrote:
> [EMAIL PROTECTED] wrote:
> > I have a new Dell Optiplex 745 with an Intel Core 2 Duo.
> >
> > this system completed the install. Now on boot it hangs after:
> > wskbd1: connecting to wsdisplay0
> >
> > the only issue I had during i
On Wed, 24 Oct 2007, Brian wrote:
> All of the theoretical attack vectors are exactly that: theoretical.
> But by adding complex layers does not guarantee any increase in security.
They aren't theoretical, they have been demonstrated. Read the paper:
http://taviso.decsystem.org/virtsec.pdf
On Wed, Oct 24, 2007 at 08:20:59PM -0500, L. V. Lammert wrote:
> On Wed, 24 Oct 2007, Darrin Chandler wrote:
> > On Wed, Oct 24, 2007 at 05:44:37PM -0500, L. V. Lammert wrote:
> > > At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote:
> > >> L. V. Lammert wrote:
> > >>
> > >
> > > Wow, such intelli
On Wed, 24 Oct 2007, L. V. Lammert wrote:
> I still stand by my original statement. Running application 'domains' in
> VMs instead of on a single server increases security.
It no worse security-wise to run applications on VMs rather than on the
one OS, but that isn't the only choice - is it?
You
> The entire point is this: You cannot increase security by putting more
> things on one physical server. You can run your different 'Application
> Domains' on different physical servers. That is much closer to security
> than through obscurity.
And when physical servers cost less than some vmw
On Oct 24, 2007, at 9:20 PM, L. V. Lammert wrote:
On Wed, 24 Oct 2007, Darrin Chandler wrote:
Looking at what you've written, you seem to consider OpenBSD to be
pretty secure. By extension, let's assume the developers, and Theo in
particular, have some darned good knowledge about security and
L. V. Lammert wrote:
The more discrete the security model (i.e. File/Print users are not
valid on the httpd server) the better.
There's something I think you don't see here. Let's assume, for a
moment, that you have a VM host running two guests, one OpenBSD, one
Windows.
Now, the OpenBSD b
L. V. Lammert wrote:
> On Wed, 24 Oct 2007, Brian wrote:
>
>> Hi!
>>
>> I think you are missing the point about x86 hardware being a mess. Theo
>> made an excellent point about the architecture itself having so many
>> filthy quirks. If a VM is compromised through any means, that attacker
>> can
On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote:
> Sorry, it's YOU that missed the point! I never said or made any comparison
> to physical machines - the entirety of that I said is:
>
> "Running services/application domains in VMs increases security." As I
> said in a previous email, only an
On 10/24/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> * Darren Spruell <[EMAIL PROTECTED]> [2007-10-24 21:48]:
> > Remember back 10-ish years ago when VLANs were being touted as the
> > ultimate network segmentation technology by marketers of managed
> > switches? And now everyone hopefully real
On Wed, 24 Oct 2007, Jeremy Huiskamp wrote:
> On 24-Oct-07, at 5:59 PM, L. V. Lammert wrote:
> > At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote:
> >> You must be more qualified with regards to the actual code than I am
> >> because I flat out don't believe this at all.
> >
> > Believe what? OBS
On Wed, 24 Oct 2007, Darrin Chandler wrote:
> On Wed, Oct 24, 2007 at 05:44:37PM -0500, L. V. Lammert wrote:
> > At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote:
> >> L. V. Lammert wrote:
> >>
> >
> > Wow, such intelligence Now we get crap instead of ostrich logic.
> > Sheesh.
>
> Actually
On Wed, 24 Oct 2007, Brian wrote:
> Hi!
>
> I think you are missing the point about x86 hardware being a mess. Theo
> made an excellent point about the architecture itself having so many
> filthy quirks. If a VM is compromised through any means, that attacker
> can now leverage the dirty archite
Josi Christian Rodrmguez wrote:
> Hi list,
> My system was freeze and when reboot show:
>
> /dev/rsd0a: file system is clean;not checking
> /dev/rsd0d: file system is clean;not checking
> /dev/rsd0e: file system is clean;not checking
> /dev/rsd0g: INCORRECT BLOCK COUNT I=2699655 (20 should be 16)
L. V. Lammert <[EMAIL PROTECTED]> wrote:
>> > If not, then security issues compound due to multiple guest OSs and
>> each set
>> > of inherent vulnerabilities.
>>
>>security issues and protections do not add up like numbers.
>
> Sure they do. If I'm running Windoze as a guest OS, there are hundre
[EMAIL PROTECTED] wrote:
> all,
>
> I'm happy to read whatever I need to, in order to get this system
> running. I come before this list humbly. Please don't flame my ass
> with RTFMs :)
>
> I have a new Dell Optiplex 745 with an Intel Core 2 Duo.
>
> this system completed the install. Now on
Jon Sjvstedt wrote:
> Hello all!
>
> I have an OpenBSD-box with two 250G drives inside (and some SCSI). Trying
> to use one of the drives as a whole gave this from disklabel
>
>
> $ sudo disklabel -p g wd0
> [snip]
don't snip.
> 16 partitions:
> # sizeoffset fstype [fsize
On Wed, Oct 24, 2007 at 05:44:37PM -0500, L. V. Lammert wrote:
> At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote:
>> L. V. Lammert wrote:
>>
>
> Wow, such intelligence Now we get crap instead of ostrich logic.
> Sheesh.
Actually, that's a fair assessment at this point.
Looking at what yo
Hi!
I think you are missing the point about x86 hardware being a mess. Theo
made an excellent point about the architecture itself having so many
filthy quirks. If a VM is compromised through any means, that attacker
can now leverage the dirty architecture to bypass the hypervisors
(supposed) iso
After enjoying the Xen thread, and the comments about the horrid mess
that is x86 hardware design, I'm wondering what hardware on which
OpenBSD will run _is_ well designed.
Who makes a hardware architecture that is open (enough) that OpenBSD can
run fully on it, that has good performance. I'm ass
On 24-Oct-07, at 5:59 PM, L. V. Lammert wrote:
At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote:
You must be more qualified with regards to the actual code than I am
because I flat out don't believe this at all.
Believe what? OBSD is secure? I thought you were proud of the
project? Sheesh!
Christopher Bianchi skrev:
Hello everyone. My situation is this:
i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without
cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot
from USB.
So i've thinked to boot the bsd.rd , but how ? The faq explain the
procedure fr
Hello all!
I have an OpenBSD-box with two 250G drives inside (and some SCSI). Trying
to use one of the drives as a whole gave this from disklabel
$ sudo disklabel -p g wd0
[snip]
16 partitions:
# sizeoffset fstype [fsize bsize cpg]
c:233.8G 0.0G unused
On Oct 24, 2007, at 3:41 PM, Theo de Raadt wrote:
> We know what a VM operating system has to do to deal with the PC
> architecture. It is too complex to get perfectly right.
I concur with this assessment and the discussion of actual x86 PC
implementation vs. 390 architecture which led up to it.
all,
I'm happy to read whatever I need to, in order to get this system
running. I come before this list humbly. Please don't flame my ass
with RTFMs :)
I have a new Dell Optiplex 745 with an Intel Core 2 Duo.
this system completed the install. Now on boot it hangs after:
wskbd1: connecting t
At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote:
L. V. Lammert wrote:
Wow, such intelligence Now we get crap instead of ostrich logic. Sheesh.
Lee
Paul de Weerd wrote:
> Why compare this to all departments on one machine, all on the same
> OS ? That's not a fair comparison.
"Why"? Because that's what happens *anyway*.
--
Matthew Weigel
hacker
[EMAIL PROTECTED]
L. V. Lammert wrote:
* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-25 00:11]:
> At 11:26 PM 10/24/2007 +0200, Henning Brauer wrote:
>> * L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 23:22]:
>> > Running
>> > different application domains on separate VMs provides isolation BETWEEN
>> > those application domains.
>>
>> n
At 11:26 PM 10/24/2007 +0200, Henning Brauer wrote:
* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 23:22]:
> Running
> different application domains on separate VMs provides isolation BETWEEN
> those application domains.
no, it does not.
Is that your ostrich response?
Lee
At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote:
> Certainly there is a small, compount risk increase due to multiple OS
> images involved, but the OS images must be analyzed independently FIRST,
> and THOSE risks addressed.
Certainly you pulled that assesment out of your ass.
I thought it w
> You have failed to satisfactorily explain why running a specific application
> in a VM is more secure then running it in a standard OS. It's nonsense that
> you think it's more secure that way. It saves a lot of money, yes -- you
> don't necessarily want a separate box just to run an application
knitti wrote:
On 10/19/07, Stephen Bosch <[EMAIL PROTECTED]> wrote:
Other things I've tried:
- moving the Jetdirect to a different port on the same physical switch
- a variety of static and dynamic IPs in the subnet
I also forwarded the external port 9100 to this print server and tried
to acce
On Wed, Oct 24, 2007 at 10:25:32PM +0200, Henning Brauer wrote:
> * N.J. Thomas <[EMAIL PROTECTED]> [2007-10-24 19:28]:
> > I have two servers that I would like to setup to run OpenBGPD for our
> > border routers.
> >
> > I need to find a supported PCIe (not PCI-X) fiber card that runs
> > multi-m
> Certainly there is a small, compount risk increase due to multiple OS
> images involved, but the OS images must be analyzed independently FIRST,
> and THOSE risks addressed.
Certainly you pulled that assesment out of your ass.
> **IF** OBSD were available as a host OS, that would be good securi
* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 23:22]:
> Running
> different application domains on separate VMs provides isolation BETWEEN
> those application domains.
no, it does not.
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Se
Theo de Raadt wrote:
The security benefits are at the "ability to buy a steak for dinner"
level.
I vote to add it to theo.c.
Thanks
Daniel
Index: src/usr.bin/mg/theo.c
===
RCS file: /cvs/src/usr.bin/mg/theo.c,v
retrieving revisi
On Wed, 24 Oct 2007, Theo de Raadt wrote:
> > At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:
> >
> > > > Anything we can do to increase security, *including* setting up VMs (of
> > > any
> > > > flavor) is an improvement [that also increased hardware utilization].
> > >
> > >This last sentence
You have failed to satisfactorily explain why running a specific application
in a VM is more secure then running it in a standard OS. It's nonsense that
you think it's more secure that way. It saves a lot of money, yes -- you
don't necessarily want a separate box just to run an application - but
th
On Oct 24, 2007, at 4:16 PM, Henning Brauer <[EMAIL PROTECTED]>
wrote:
* Darren Spruell <[EMAIL PROTECTED]> [2007-10-24 21:48]:
Remember back 10-ish years ago when VLANs were being touted as the
ultimate network segmentation technology by marketers of managed
switches? And now everyone hopefu
On 10/24/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> without bad config errors (that are getting harder to make, except on
> cisco, they got the semantics completely wrong and stupid defaults) and
> usedcorrectly, yes, VLANs perfectly isolate network segments.
I'm curious about this. Do you h
Boris Goldberg wrote:
[snip]
> There are pros and cons in the "demon" and in the "cron" schema. I
> decided to use cron and I know why. Every sysadmin/architect should make
> that decision for *his* systems (and know why). "Home users" should
> probably stay with the default (
On Wed, 24 Oct 2007, Theo de Raadt wrote:
> > The security benefits are at the application level, *NOT* at the OS level.
>
> What hogwash.
>
> The security benefits are at the "ability to buy a steak for dinner"
> level.
>
Nah, I like steak, I hate enterprise computing.
> You've already made the
It's a very simple concept.
There is *nothing* in any virtualization software that makes having it
*more secure* than not having it at all.
Period.
---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
* Darren Spruell <[EMAIL PROTECTED]> [2007-10-24 21:48]:
> Remember back 10-ish years ago when VLANs were being touted as the
> ultimate network segmentation technology by marketers of managed
> switches? And now everyone hopefully realizes that while VLANs
> technically do offer network segmentati
* N.J. Thomas <[EMAIL PROTECTED]> [2007-10-24 19:28]:
> I have two servers that I would like to setup to run OpenBGPD for our
> border routers.
>
> I need to find a supported PCIe (not PCI-X) fiber card that runs
> multi-mode and a supported PCIe (not PCI-X) fiber card that runs
> single-mode. (On
On 10/24/07, Jack J. Woehr <[EMAIL PROTECTED]> wrote:
> All things being equal, the safest base installations in the universe
> would be those whose user instances were encased in some kind of
> solid VM and whose base instance administrators were provided
> with and followed best practices.
My VM
Linus SwCFCB$las schrieb:
OpenBSD doesn't include an LDAP module though so you'd have to write
your own, details for how to do so is in the login.conf(5) man page.
Or perhaps you can google something, someone else has probably built
one already.
login_ldap no longer in ports?
> The security benefits are at the application level, *NOT* at the OS level.
What hogwash.
The security benefits are at the "ability to buy a steak for dinner"
level.
You've already made the decision to decrease security by
de-compartmentalizing onto one physical box, so you are just thrilled
wi
On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote:
> At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:
>
> > > Anything we can do to increase security, *including* setting up VMs (of
> > any
> > > flavor) is an improvement [that also increased hardware utilization].
> >
> >This last sentence is
Hello Marc,
Wednesday, October 24, 2007, 1:13:23 PM, you wrote:
>> May be it makes sense to set "-ncv" as a default behavior of rdate, but
>> there is should be a way to synchronize time without running a demon (don't
>> understand why are people so aggressive about that) if you don't n
Can Erkin Acar wrote:
> L. V. Lammert wrote:
>> At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote:
>>> * L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]:
Virtualization provides near absolute security - DOM0 is not visible to
the user at all, only passing network traffic and handlin
* Marc Balmer <[EMAIL PROTECTED]> [2007-10-24 20:25]:
> Boris Goldberg wrote:
>
>> May be it makes sense to set "-ncv" as a default behavior of rdate,
>> but
>> there is should be a way to synchronize time without running a demon
>> (don't
>> understand why are people so aggressive abou
On Wed, Oct 24, 2007 at 01:41:38PM -0500, L. V. Lammert wrote:
| For example, say you have three departments within a company: Marketing,
| Development, Production. Allowing each department to maintain their own
| server instance allows each department to have their own users, home
| directory c
* Paul de Weerd <[EMAIL PROTECTED]> [2007-10-24 19:28]:
> On Wed, Oct 24, 2007 at 10:47:45AM -0500, Boris Goldberg wrote:
> | May be it makes sense to set "-ncv" as a default behavior of rdate, but
> | there is should be a way to synchronize time without running a demon (don't
> | understand w
> At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:
>
> > > Anything we can do to increase security, *including* setting up VMs (of
> > any
> > > flavor) is an improvement [that also increased hardware utilization].
> >
> >This last sentence is such a lie.
>
> That depends on your viewpoint. Th
L. V. Lammert wrote:
> At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote:
>>* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]:
>> > Virtualization provides near absolute security - DOM0 is not visible to
>> > the user at all, only passing network traffic and handling kernel calls.
>> > The se
Hello evo,
Wednesday, October 24, 2007, 12:51:13 AM, you wrote:
e> I'm choosing firewall/proxy/mail-gateway hardware running (of course)
e> OpenBSD for medium office and my shortlist is:
e> (a) HP ProLiant DL320 and (b) Sun Fire V125
I'm upgrading my servers/firewalls to HP ProLiant DL32
At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote:
> Anything we can do to increase security, *including* setting up VMs (of
any
> flavor) is an improvement [that also increased hardware utilization].
This last sentence is such a lie.
That depends on your viewpoint. There certainly may be so
I have, what appears to be, v1 of this card, but I get the following from
dmesg--even when booting from the latest snapshot of cd42.iso:
Intersil, ISL3890, -, - (manufacturer 0xb, product 0x3890) "Intersil Prism
GT/Duette" rev 0x01 at cardbus1 dev 0 function 0 not configured
I'm not certain
Hi Joe,
> If I've installed OpenBSD 4.2 and I need a specific package (in this
> case, net-smpd) which is not available on the CD, I must wait until
> 4.2 is officially released. Then I can get the packages I need from
> the ftp site.
Yes.
(Or you build it from ports. Still, 4.2 is very much unr
Boris Goldberg wrote:
May be it makes sense to set "-ncv" as a default behavior of rdate, but
there is should be a way to synchronize time without running a demon (don't
understand why are people so aggressive about that) if you don't need
up-to-second synchronization (in my case mod
I just wanted to confirm the following:
If I've installed OpenBSD 4.2 and I need a specific package (in this
case, net-smpd) which is not available on the CD, I must wait until
4.2 is officially released. Then I can get the packages I need from
the ftp site.
On 10/24/07, Christoph Egger <[EMAIL PROTECTED]> wrote:
> - aio(2) support
creaking along.
> - POSIX ptsname() (this is used in a python binding module)
dunno.
> - newer gcc version due to a structure padding bug with
> an alignment attribute hidden in a typedef (this is fixed in gcc 3.4)
>
> At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote:
> >* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]:
> > > Virtualization provides near absolute security - DOM0 is not visible to
> > > the user at all, only passing network traffic and handling kernel calls.
> > > The security comes abou
I am just astounded by how some people who love "virtualization"
keep making the same mistakes. Are you even listening?
> Practice also. XEN is a great tool for 'duplicating' a machine in an
> entererprise environment (IME running 'user level' tools for hundreds or
> thousands of users). Separati
At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote:
* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]:
> Virtualization provides near absolute security - DOM0 is not visible to
> the user at all, only passing network traffic and handling kernel calls.
> The security comes about in that each
Bottom-line is, the more complicated your setup gets, the more chances
you get to fuck-up.
All that stuff about extra permissions, extra layers. Each thingie you
add you need to configure. And you won't be 100%, not all the time.
So, Xen is just another opportunity to get fucked.
Instead of desi
On Wed, 24 Oct 2007, Paul de Weerd wrote:
> On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote:
> | On Wed, 24 Oct 2007, Henning Brauer wrote:
> |
> | > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-10-24 03:03]:
> | > > Virtualization seems to have a lot of security benefits
> | >
> |
On Wed, Oct 24, 2007 at 10:47:45AM -0500, Boris Goldberg wrote:
| May be it makes sense to set "-ncv" as a default behavior of rdate, but
| there is should be a way to synchronize time without running a demon (don't
| understand why are people so aggressive about that) if you don't need
|
I have two servers that I would like to setup to run OpenBGPD for our
border routers.
I need to find a supported PCIe (not PCI-X) fiber card that runs
multi-mode and a supported PCIe (not PCI-X) fiber card that runs
single-mode. (One of our providers is coming to us with mm, the other
with sm.)
A
On Oct 24, 2007, at 10:59 AM, Theo de Raadt wrote:
> You don't
> build better security by building another gigantic layer. That
> is obvious to anyone who actually works in the field.
Having worked in REAL VM :-) (IBM VM/ESA now z/VM) it isn't per se
about security like we mean security ... prev
> In the scientific cluster computing and enterprise spaces, it's
> already well demonstrated, by many, many practitioners in those fields
> [3], that virtualization is a very, very good tool.
So what? Someone showed up here and said it is actually all about
security.
That is obviously false to
On 10/24/07, Paul de Weerd <[EMAIL PROTECTED]> wrote:
> This is the theory. In theory, there's no bugs in OpenBSD. In
> practice, many of the commits to the tree are not new features/drivers
> but actual bugfixes. Read the paper by Tavis Ormandy, referenced by
> Theo. There is a real problem with
David,
I would take a look at adding synproxy to your rules before worrying about
max-src-states. Synproxy will allow max-src-conn-rate to work more
reliably.
By default, pf(4) passes packets that are part of a tcp(4) handshake be-
tween the endpoints. The synproxy state option can be used to c
Hello Clint,
Tuesday, October 23, 2007, 5:36:15 PM, you wrote:
CP> From what I have read in this thread, it looks like only one guy
CP> prefers the old timed and rdate tools. A few are even telling him he is
CP> giving bad advice when promoting the usage of these tools. Henning
CP> mentioned t
Christoph Egger wrote:
On Wednesday 24 October 2007 17:25:25 Artur Grabowski wrote:
Christoph Egger <[EMAIL PROTECTED]> writes:
So I'm going to guess the answer is "No, integrating xen
paravirtualization is not a project priority at this time. Also, where
are your diffs?"
The OpenBSD/Xen sourc
Hi,
When testing greylisting with synchronizing we noticed the following
strange behavior:
Machine A (10.100.64.234) is the machine we receive mail through.
Machine B (10.100.64.233) is synced through spamd
Check out the expire value on machine A after the state have gone from
Grey to White!
It h
On Wed, 24 Oct 2007, L. V. Lammert wrote:
>Virtualization provides near absolute security - DOM0 is not visible to
>the user at all, only passing network traffic and handling kernel calls.
>The security comes about in that each DOMU is totally isolated from the
>the others, while the core DOM0 is
On Wednesday 24 October 2007 17:25:25 Artur Grabowski wrote:
> Christoph Egger <[EMAIL PROTECTED]> writes:
> > > So I'm going to guess the answer is "No, integrating xen
> > > paravirtualization is not a project priority at this time. Also, where
> > > are your diffs?"
> >
> > The OpenBSD/Xen sourc
I'm noticing some strangeness in conjunction with WOL(*), which seems
not to be working and am not sure where the problem lies(**).
The machine launching the packets has two interfaces, re0 and em0, with
the receiving machine connected to re0. The machine does not wake up
either using port 9 or p
Christoph Egger <[EMAIL PROTECTED]> writes:
> > So I'm going to guess the answer is "No, integrating xen
> > paravirtualization is not a project priority at this time. Also, where
> > are your diffs?"
>
> The OpenBSD/Xen source is at http://hg.recoil.org/openbsd-xen-sys.hg
> Unfortunately, Anil h
* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]:
> Virtualization provides near absolute security - DOM0 is not visible to
> the user at all, only passing network traffic and handling kernel calls.
> The security comes about in that each DOMU is totally isolated from the
> the others, while
On Wednesday 24 October 2007 16:14:19 Chris Kuethe wrote:
> On 10/24/07, carlopmart <[EMAIL PROTECTED]> wrote:
> > Dear sirs please: I will return to my original question. I just wondered
> > if xen will be included into the OpenBSD's kernel to act as a
> > para-virtualized DomU or not. Nothing mor
On Tuesday 23 October 2007 18:22:00 ropers wrote:
> Hi Christoph,
>
> Right now, on the OpenBSD misc mailing list, there is this discussion:
> http://www.sigmasoft.com/~openbsd/archives/html/openbsd-misc/2007-10/thread
>s.html#01149 about OpenBSD/Xen.
>
> We last spoke last year, when I put your BS
On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote:
| On Wed, 24 Oct 2007, Henning Brauer wrote:
|
| > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-10-24 03:03]:
| > > Virtualization seems to have a lot of security benefits
| >
| > seems?
| > to whom?
| >
| Virtualization provides near
1 - 100 of 127 matches
Mail list logo