Re: lookup option in /etc/resolv.conf ignored

Darrin Chandler wrote: > On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote: >> Make sure you have restarted Firefox after making changes to >> /etc/resolv.conf. Specifically, the application-level DNS cache will >> contain old data if you have not restarted it. This bit me for 3 >> minutes st

Java problems on 4.1

Since some time ago it became impossible to run JVMs on my 4.1 box. I can't seem to figure out what's wrong, probably something easy and stupid... [EMAIL PROTECTED] /usr/local/jdk-1.5.0/bin/java& [1] 28689 [EMAIL PROTECTED] # # An unexpected error has been detected by HotSpot Virtual Machine: # #

Re: Failure starting Gnome - OpenBSD 4.2

Matthieu Herrb wrote: > David H. Lynch Jr. wrote: > >> I have tried to install Gnome on two different machines running >> OpenBSD 4.2. >> The first machine ran Gnome fine under OpenBSD 4.1 (though there >> were other problems) >> >> One both machines - fresh installs gdm starts I

Help needed to get PF working

Hi, I'm currently trying to configure small home network: ADSL > Server / Firewall > Desktop Now I'm working on building a proper firewall to my server. So far the situation is following: - Servers internet connection works - Desktop receives IP, nameserver and default route from server'

Re: Keyboard/Mouse problem OpenBSD 4.2

Peter Hessler wrote: > try enabling acpi at the bootloader prompt.. > > boot -c > enable acpi > exit > Thanks ! that did the trick. > On 2007 Oct 24 (Wed) at 13:58:29 -0400 (-0400), David H. Lynch Jr. wrote: > :I am trying to complete a new install of OpenBSD 4.2 on an HP > :Pavillion dv8000

Re: About Xen: maybe a reiterative question but ..

Kevin Stam wrote: > ... failed to satisfactorily explain why running a specific application > in a VM is more secure then running it in a standard OS. It's nonsense that > you think it's more secure that way. It saves a lot of money, yes -- you > don't necessarily want a separate box just to run an

Re: pgt/Netgear WG511

On 10/24/07, Jonathan Gray <[EMAIL PROTECTED]> wrote: > On Wed, Oct 24, 2007 at 12:32:19PM -0600, Daniel Melameth wrote: > > I have, what appears to be, v1 of this card, but I get the following from > > dmesg--even when booting from the latest snapshot of cd42.iso: > > > > Intersil, ISL3890, -, - (

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote: > Virtualization provides near absolute security - DOM0 is not visible to > the user at all, only passing network traffic and handling kernel calls. > The security comes about in that each DOMU is totally isolated from the > the others, while th

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote: > I have no clue what you're trying to say??? The original comment was the > the number of vulnerabilities is a inverse measure of the security risk > associated with a given OS. Please stop feeding this trolling. LV you should know better -- i

Re: lookup option in /etc/resolv.conf ignored

On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote: > Make sure you have restarted Firefox after making changes to > /etc/resolv.conf. Specifically, the application-level DNS cache will > contain old data if you have not restarted it. This bit me for 3 > minutes straight after needing to redir

Re: pgt/Netgear WG511

On Wed, Oct 24, 2007 at 12:32:19PM -0600, Daniel Melameth wrote: > I have, what appears to be, v1 of this card, but I get the following from > dmesg--even when booting from the latest snapshot of cd42.iso: > > > > Intersil, ISL3890, -, - (manufacturer 0xb, product 0x3890) "Intersil Prism > GT/D

Re: lookup option in /etc/resolv.conf ignored

Make sure you have restarted Firefox after making changes to /etc/resolv.conf. Specifically, the application-level DNS cache will contain old data if you have not restarted it. This bit me for 3 minutes straight after needing to redirect an address. Karel Kulhavy wrote: > I want to make my OS re

Re: new dell install completed, but...

thanks for the response. I'll give that a read, and a try. where are you getting 4.2? the web site only shows 4.1 as being released. metajunkie On 10/24/07, Nick Holland <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > all, > > > > I'm happy to read whatever I need to, in order to get

Re: About Xen: maybe a reiterative question but ..

> only an idiot would think that separatey > physical machines would NOT increase security Many IBM PCs vs IBM mainframe Many mailboxes vs Fort Knox. Many avenues of attack vs few. People learn to count in kindergarden.

Re: new dell install completed, but...

On Wed, Oct 24, 2007 at 08:55:14PM -0400, Nick Holland wrote: > [EMAIL PROTECTED] wrote: > > I have a new Dell Optiplex 745 with an Intel Core 2 Duo. > > > > this system completed the install. Now on boot it hangs after: > > wskbd1: connecting to wsdisplay0 > > > > the only issue I had during i

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Brian wrote: > All of the theoretical attack vectors are exactly that: theoretical. > But by adding complex layers does not guarantee any increase in security. They aren't theoretical, they have been demonstrated. Read the paper: http://taviso.decsystem.org/virtsec.pdf

Re: About Xen: maybe a reiterative question but ..

On Wed, Oct 24, 2007 at 08:20:59PM -0500, L. V. Lammert wrote: > On Wed, 24 Oct 2007, Darrin Chandler wrote: > > On Wed, Oct 24, 2007 at 05:44:37PM -0500, L. V. Lammert wrote: > > > At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote: > > >> L. V. Lammert wrote: > > >> > > > > > > Wow, such intelli

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, L. V. Lammert wrote: > I still stand by my original statement. Running application 'domains' in > VMs instead of on a single server increases security. It no worse security-wise to run applications on VMs rather than on the one OS, but that isn't the only choice - is it? You

Re: About Xen: maybe a reiterative question but ..

> The entire point is this: You cannot increase security by putting more > things on one physical server. You can run your different 'Application > Domains' on different physical servers. That is much closer to security > than through obscurity. And when physical servers cost less than some vmw

Re: About Xen: maybe a reiterative question but ..

On Oct 24, 2007, at 9:20 PM, L. V. Lammert wrote: On Wed, 24 Oct 2007, Darrin Chandler wrote: Looking at what you've written, you seem to consider OpenBSD to be pretty secure. By extension, let's assume the developers, and Theo in particular, have some darned good knowledge about security and

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert wrote: The more discrete the security model (i.e. File/Print users are not valid on the httpd server) the better. There's something I think you don't see here. Let's assume, for a moment, that you have a VM host running two guests, one OpenBSD, one Windows. Now, the OpenBSD b

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert wrote: > On Wed, 24 Oct 2007, Brian wrote: > >> Hi! >> >> I think you are missing the point about x86 hardware being a mess. Theo >> made an excellent point about the architecture itself having so many >> filthy quirks. If a VM is compromised through any means, that attacker >> can

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote: > Sorry, it's YOU that missed the point! I never said or made any comparison > to physical machines - the entirety of that I said is: > > "Running services/application domains in VMs increases security." As I > said in a previous email, only an

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > * Darren Spruell <[EMAIL PROTECTED]> [2007-10-24 21:48]: > > Remember back 10-ish years ago when VLANs were being touted as the > > ultimate network segmentation technology by marketers of managed > > switches? And now everyone hopefully real

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Jeremy Huiskamp wrote: > On 24-Oct-07, at 5:59 PM, L. V. Lammert wrote: > > At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote: > >> You must be more qualified with regards to the actual code than I am > >> because I flat out don't believe this at all. > > > > Believe what? OBS

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Darrin Chandler wrote: > On Wed, Oct 24, 2007 at 05:44:37PM -0500, L. V. Lammert wrote: > > At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote: > >> L. V. Lammert wrote: > >> > > > > Wow, such intelligence Now we get crap instead of ostrich logic. > > Sheesh. > > Actually

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Brian wrote: > Hi! > > I think you are missing the point about x86 hardware being a mess. Theo > made an excellent point about the architecture itself having so many > filthy quirks. If a VM is compromised through any means, that attacker > can now leverage the dirty archite

Re: Problem with raid 1 in server dell

Josi Christian Rodrmguez wrote: > Hi list, > My system was freeze and when reboot show: > > /dev/rsd0a: file system is clean;not checking > /dev/rsd0d: file system is clean;not checking > /dev/rsd0e: file system is clean;not checking > /dev/rsd0g: INCORRECT BLOCK COUNT I=2699655 (20 should be 16)

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert <[EMAIL PROTECTED]> wrote: >> > If not, then security issues compound due to multiple guest OSs and >> each set >> > of inherent vulnerabilities. >> >>security issues and protections do not add up like numbers. > > Sure they do. If I'm running Windoze as a guest OS, there are hundre

Re: new dell install completed, but...

[EMAIL PROTECTED] wrote: > all, > > I'm happy to read whatever I need to, in order to get this system > running. I come before this list humbly. Please don't flame my ass > with RTFMs :) > > I have a new Dell Optiplex 745 with an Intel Core 2 Duo. > > this system completed the install. Now on

Re: Problem with disk size

Jon Sjvstedt wrote: > Hello all! > > I have an OpenBSD-box with two 250G drives inside (and some SCSI). Trying > to use one of the drives as a whole gave this from disklabel > > > $ sudo disklabel -p g wd0 > [snip] don't snip. > 16 partitions: > # sizeoffset fstype [fsize

Re: About Xen: maybe a reiterative question but ..

On Wed, Oct 24, 2007 at 05:44:37PM -0500, L. V. Lammert wrote: > At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote: >> L. V. Lammert wrote: >> > > Wow, such intelligence Now we get crap instead of ostrich logic. > Sheesh. Actually, that's a fair assessment at this point. Looking at what yo

Re: About Xen: maybe a reiterative question but ..

Hi! I think you are missing the point about x86 hardware being a mess. Theo made an excellent point about the architecture itself having so many filthy quirks. If a VM is compromised through any means, that attacker can now leverage the dirty architecture to bypass the hypervisors (supposed) iso

sanely designed hardware?

After enjoying the Xen thread, and the comments about the horrid mess that is x86 hardware design, I'm wondering what hardware on which OpenBSD will run _is_ well designed. Who makes a hardware architecture that is open (enough) that OpenBSD can run fully on it, that has good performance. I'm ass

Re: About Xen: maybe a reiterative question but ..

On 24-Oct-07, at 5:59 PM, L. V. Lammert wrote: At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote: You must be more qualified with regards to the actual code than I am because I flat out don't believe this at all. Believe what? OBSD is secure? I thought you were proud of the project? Sheesh!

Re: How can i boot a bsd.rd from windows 2000 ?

Christopher Bianchi skrev: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure fr

Problem with disk size

Hello all! I have an OpenBSD-box with two 250G drives inside (and some SCSI). Trying to use one of the drives as a whole gave this from disklabel $ sudo disklabel -p g wd0 [snip] 16 partitions: # sizeoffset fstype [fsize bsize cpg] c:233.8G 0.0G unused

Re: About Xen: maybe a reiterative question but ..

On Oct 24, 2007, at 3:41 PM, Theo de Raadt wrote: > We know what a VM operating system has to do to deal with the PC > architecture. It is too complex to get perfectly right. I concur with this assessment and the discussion of actual x86 PC implementation vs. 390 architecture which led up to it.

new dell install completed, but...

all, I'm happy to read whatever I need to, in order to get this system running. I come before this list humbly. Please don't flame my ass with RTFMs :) I have a new Dell Optiplex 745 with an Intel Core 2 Duo. this system completed the install. Now on boot it hangs after: wskbd1: connecting t

Re: About Xen: maybe a reiterative question but ..

At 05:27 PM 10/24/2007 -0500, Tony Abernethy wrote: L. V. Lammert wrote: Wow, such intelligence Now we get crap instead of ostrich logic. Sheesh. Lee

Re: About Xen: maybe a reiterative question but ..

Paul de Weerd wrote: > Why compare this to all departments on one machine, all on the same > OS ? That's not a fair comparison. "Why"? Because that's what happens *anyway*. -- Matthew Weigel hacker [EMAIL PROTECTED]

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert wrote:

Re: About Xen: maybe a reiterative question but ..

* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-25 00:11]: > At 11:26 PM 10/24/2007 +0200, Henning Brauer wrote: >> * L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 23:22]: >> > Running >> > different application domains on separate VMs provides isolation BETWEEN >> > those application domains. >> >> n

Re: About Xen: maybe a reiterative question but ..

At 11:26 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 23:22]: > Running > different application domains on separate VMs provides isolation BETWEEN > those application domains. no, it does not. Is that your ostrich response? Lee

Re: About Xen: maybe a reiterative question but ..

At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote: > Certainly there is a small, compount risk increase due to multiple OS > images involved, but the OS images must be analyzed independently FIRST, > and THOSE risks addressed. Certainly you pulled that assesment out of your ass. I thought it w

Re: About Xen: maybe a reiterative question but ..

> You have failed to satisfactorily explain why running a specific application > in a VM is more secure then running it in a standard OS. It's nonsense that > you think it's more secure that way. It saves a lot of money, yes -- you > don't necessarily want a separate box just to run an application

Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel

knitti wrote: On 10/19/07, Stephen Bosch <[EMAIL PROTECTED]> wrote: Other things I've tried: - moving the Jetdirect to a different port on the same physical switch - a variety of static and dynamic IPs in the subnet I also forwarded the external port 9100 to this print server and tried to acce

Re: multimode fiber card recs for OpenBGPD

On Wed, Oct 24, 2007 at 10:25:32PM +0200, Henning Brauer wrote: > * N.J. Thomas <[EMAIL PROTECTED]> [2007-10-24 19:28]: > > I have two servers that I would like to setup to run OpenBGPD for our > > border routers. > > > > I need to find a supported PCIe (not PCI-X) fiber card that runs > > multi-m

Re: About Xen: maybe a reiterative question but ..

> Certainly there is a small, compount risk increase due to multiple OS > images involved, but the OS images must be analyzed independently FIRST, > and THOSE risks addressed. Certainly you pulled that assesment out of your ass. > **IF** OBSD were available as a host OS, that would be good securi

Re: About Xen: maybe a reiterative question but ..

* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 23:22]: > Running > different application domains on separate VMs provides isolation BETWEEN > those application domains. no, it does not. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Se

Re: About Xen: maybe a reiterative question but ..

Theo de Raadt wrote: The security benefits are at the "ability to buy a steak for dinner" level. I vote to add it to theo.c. Thanks Daniel Index: src/usr.bin/mg/theo.c === RCS file: /cvs/src/usr.bin/mg/theo.c,v retrieving revisi

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Theo de Raadt wrote: > > At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: > > > > > > Anything we can do to increase security, *including* setting up VMs (of > > > any > > > > flavor) is an improvement [that also increased hardware utilization]. > > > > > >This last sentence

Re: About Xen: maybe a reiterative question but ..

You have failed to satisfactorily explain why running a specific application in a VM is more secure then running it in a standard OS. It's nonsense that you think it's more secure that way. It saves a lot of money, yes -- you don't necessarily want a separate box just to run an application - but th

Re: About Xen: maybe a reiterative question but ..

On Oct 24, 2007, at 4:16 PM, Henning Brauer <[EMAIL PROTECTED]> wrote: * Darren Spruell <[EMAIL PROTECTED]> [2007-10-24 21:48]: Remember back 10-ish years ago when VLANs were being touted as the ultimate network segmentation technology by marketers of managed switches? And now everyone hopefu

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > without bad config errors (that are getting harder to make, except on > cisco, they got the semantics completely wrong and stupid defaults) and > usedcorrectly, yes, VLANs perfectly isolate network segments. I'm curious about this. Do you h

Re: Network Time Synchronization using timed or ntpd or a Combination?

Boris Goldberg wrote: [snip] > There are pros and cons in the "demon" and in the "cron" schema. I > decided to use cron and I know why. Every sysadmin/architect should make > that decision for *his* systems (and know why). "Home users" should > probably stay with the default (

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Theo de Raadt wrote: > > The security benefits are at the application level, *NOT* at the OS level. > > What hogwash. > > The security benefits are at the "ability to buy a steak for dinner" > level. > Nah, I like steak, I hate enterprise computing. > You've already made the

Re: About Xen: maybe a reiterative question but ..

It's a very simple concept. There is *nothing* in any virtualization software that makes having it *more secure* than not having it at all. Period. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net

Re: About Xen: maybe a reiterative question but ..

* Darren Spruell <[EMAIL PROTECTED]> [2007-10-24 21:48]: > Remember back 10-ish years ago when VLANs were being touted as the > ultimate network segmentation technology by marketers of managed > switches? And now everyone hopefully realizes that while VLANs > technically do offer network segmentati

Re: multimode fiber card recs for OpenBGPD

* N.J. Thomas <[EMAIL PROTECTED]> [2007-10-24 19:28]: > I have two servers that I would like to setup to run OpenBGPD for our > border routers. > > I need to find a supported PCIe (not PCI-X) fiber card that runs > multi-mode and a supported PCIe (not PCI-X) fiber card that runs > single-mode. (On

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Jack J. Woehr <[EMAIL PROTECTED]> wrote: > All things being equal, the safest base installations in the universe > would be those whose user instances were encased in some kind of > solid VM and whose base instance administrators were provided > with and followed best practices. My VM

Re: LDAP users

Linus SwCFCB$las schrieb: OpenBSD doesn't include an LDAP module though so you'd have to write your own, details for how to do so is in the login.conf(5) man page. Or perhaps you can google something, someone else has probably built one already. login_ldap no longer in ports?

Re: About Xen: maybe a reiterative question but ..

> The security benefits are at the application level, *NOT* at the OS level. What hogwash. The security benefits are at the "ability to buy a steak for dinner" level. You've already made the decision to decrease security by de-compartmentalizing onto one physical box, so you are just thrilled wi

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote: > At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: > > > > Anything we can do to increase security, *including* setting up VMs (of > > any > > > flavor) is an improvement [that also increased hardware utilization]. > > > >This last sentence is

Re: Network Time Synchronization using timed or ntpd or a Combination?

Hello Marc, Wednesday, October 24, 2007, 1:13:23 PM, you wrote: >> May be it makes sense to set "-ncv" as a default behavior of rdate, but >> there is should be a way to synchronize time without running a demon (don't >> understand why are people so aggressive about that) if you don't n

Re: About Xen: maybe a reiterative question but ..

Can Erkin Acar wrote: > L. V. Lammert wrote: >> At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: >>> * L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]: Virtualization provides near absolute security - DOM0 is not visible to the user at all, only passing network traffic and handlin

Re: Network Time Synchronization using timed or ntpd or a Combination?

* Marc Balmer <[EMAIL PROTECTED]> [2007-10-24 20:25]: > Boris Goldberg wrote: > >> May be it makes sense to set "-ncv" as a default behavior of rdate, >> but >> there is should be a way to synchronize time without running a demon >> (don't >> understand why are people so aggressive abou

Re: About Xen: maybe a reiterative question but ..

On Wed, Oct 24, 2007 at 01:41:38PM -0500, L. V. Lammert wrote: | For example, say you have three departments within a company: Marketing, | Development, Production. Allowing each department to maintain their own | server instance allows each department to have their own users, home | directory c

Re: Network Time Synchronization using timed or ntpd or a Combination?

* Paul de Weerd <[EMAIL PROTECTED]> [2007-10-24 19:28]: > On Wed, Oct 24, 2007 at 10:47:45AM -0500, Boris Goldberg wrote: > | May be it makes sense to set "-ncv" as a default behavior of rdate, but > | there is should be a way to synchronize time without running a demon (don't > | understand w

Re: About Xen: maybe a reiterative question but ..

> At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: > > > > Anything we can do to increase security, *including* setting up VMs (of > > any > > > flavor) is an improvement [that also increased hardware utilization]. > > > >This last sentence is such a lie. > > That depends on your viewpoint. Th

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert wrote: > At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: >>* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]: >> > Virtualization provides near absolute security - DOM0 is not visible to >> > the user at all, only passing network traffic and handling kernel calls. >> > The se

Re: HP ProLiant DL320 v. Sun Fire V125

Hello evo, Wednesday, October 24, 2007, 12:51:13 AM, you wrote: e> I'm choosing firewall/proxy/mail-gateway hardware running (of course) e> OpenBSD for medium office and my shortlist is: e> (a) HP ProLiant DL320 and (b) Sun Fire V125 I'm upgrading my servers/firewalls to HP ProLiant DL32

Re: About Xen: maybe a reiterative question but ..

At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: > Anything we can do to increase security, *including* setting up VMs (of any > flavor) is an improvement [that also increased hardware utilization]. This last sentence is such a lie. That depends on your viewpoint. There certainly may be so

pgt/Netgear WG511

I have, what appears to be, v1 of this card, but I get the following from dmesg--even when booting from the latest snapshot of cd42.iso: Intersil, ISL3890, -, - (manufacturer 0xb, product 0x3890) "Intersil Prism GT/Duette" rev 0x01 at cardbus1 dev 0 function 0 not configured I'm not certain

Re: Question about 4.2 Package availability

Hi Joe, > If I've installed OpenBSD 4.2 and I need a specific package (in this > case, net-smpd) which is not available on the CD, I must wait until > 4.2 is officially released. Then I can get the packages I need from > the ftp site. Yes. (Or you build it from ports. Still, 4.2 is very much unr

Re: Network Time Synchronization using timed or ntpd or a Combination?

Boris Goldberg wrote: May be it makes sense to set "-ncv" as a default behavior of rdate, but there is should be a way to synchronize time without running a demon (don't understand why are people so aggressive about that) if you don't need up-to-second synchronization (in my case mod

Question about 4.2 Package availability

I just wanted to confirm the following: If I've installed OpenBSD 4.2 and I need a specific package (in this case, net-smpd) which is not available on the CD, I must wait until 4.2 is officially released. Then I can get the packages I need from the ftp site.

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Christoph Egger <[EMAIL PROTECTED]> wrote: > - aio(2) support creaking along. > - POSIX ptsname() (this is used in a python binding module) dunno. > - newer gcc version due to a structure padding bug with > an alignment attribute hidden in a typedef (this is fixed in gcc 3.4) >

Re: About Xen: maybe a reiterative question but ..

> At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: > >* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]: > > > Virtualization provides near absolute security - DOM0 is not visible to > > > the user at all, only passing network traffic and handling kernel calls. > > > The security comes abou

Re: About Xen: maybe a reiterative question but ..

I am just astounded by how some people who love "virtualization" keep making the same mistakes. Are you even listening? > Practice also. XEN is a great tool for 'duplicating' a machine in an > entererprise environment (IME running 'user level' tools for hundreds or > thousands of users). Separati

Re: About Xen: maybe a reiterative question but ..

At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: * L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]: > Virtualization provides near absolute security - DOM0 is not visible to > the user at all, only passing network traffic and handling kernel calls. > The security comes about in that each

Re: About Xen: maybe a reiterative question but ..

Bottom-line is, the more complicated your setup gets, the more chances you get to fuck-up. All that stuff about extra permissions, extra layers. Each thingie you add you need to configure. And you won't be 100%, not all the time. So, Xen is just another opportunity to get fucked. Instead of desi

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, Paul de Weerd wrote: > On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote: > | On Wed, 24 Oct 2007, Henning Brauer wrote: > | > | > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-10-24 03:03]: > | > > Virtualization seems to have a lot of security benefits > | > > |

Re: Network Time Synchronization using timed or ntpd or a Combination?

On Wed, Oct 24, 2007 at 10:47:45AM -0500, Boris Goldberg wrote: | May be it makes sense to set "-ncv" as a default behavior of rdate, but | there is should be a way to synchronize time without running a demon (don't | understand why are people so aggressive about that) if you don't need |

multimode fiber card recs for OpenBGPD

I have two servers that I would like to setup to run OpenBGPD for our border routers. I need to find a supported PCIe (not PCI-X) fiber card that runs multi-mode and a supported PCIe (not PCI-X) fiber card that runs single-mode. (One of our providers is coming to us with mm, the other with sm.) A

Re: About Xen: maybe a reiterative question but ..

On Oct 24, 2007, at 10:59 AM, Theo de Raadt wrote: > You don't > build better security by building another gigantic layer. That > is obvious to anyone who actually works in the field. Having worked in REAL VM :-) (IBM VM/ESA now z/VM) it isn't per se about security like we mean security ... prev

Re: About Xen: maybe a reiterative question but ..

> In the scientific cluster computing and enterprise spaces, it's > already well demonstrated, by many, many practitioners in those fields > [3], that virtualization is a very, very good tool. So what? Someone showed up here and said it is actually all about security. That is obviously false to

Re: About Xen: maybe a reiterative question but ..

On 10/24/07, Paul de Weerd <[EMAIL PROTECTED]> wrote: > This is the theory. In theory, there's no bugs in OpenBSD. In > practice, many of the commits to the tree are not new features/drivers > but actual bugfixes. Read the paper by Tavis Ormandy, referenced by > Theo. There is a real problem with

Re: max-src-conn-rate rule question

David, I would take a look at adding synproxy to your rules before worrying about max-src-states. Synproxy will allow max-src-conn-rate to work more reliably. By default, pf(4) passes packets that are part of a tcp(4) handshake be- tween the endpoints. The synproxy state option can be used to c

Re: Network Time Synchronization using timed or ntpd or a Combination?

Hello Clint, Tuesday, October 23, 2007, 5:36:15 PM, you wrote: CP> From what I have read in this thread, it looks like only one guy CP> prefers the old timed and rdate tools. A few are even telling him he is CP> giving bad advice when promoting the usage of these tools. Henning CP> mentioned t

Re: About Xen: maybe a reiterative question but ..

Christoph Egger wrote: On Wednesday 24 October 2007 17:25:25 Artur Grabowski wrote: Christoph Egger <[EMAIL PROTECTED]> writes: So I'm going to guess the answer is "No, integrating xen paravirtualization is not a project priority at this time. Also, where are your diffs?" The OpenBSD/Xen sourc

spamdb expire value gets default value instead of spamd_flag value (-G)

Hi, When testing greylisting with synchronizing we noticed the following strange behavior: Machine A (10.100.64.234) is the machine we receive mail through. Machine B (10.100.64.233) is synced through spamd Check out the expire value on machine A after the state have gone from Grey to White! It h

Re: About Xen: maybe a reiterative question but ..

On Wed, 24 Oct 2007, L. V. Lammert wrote: >Virtualization provides near absolute security - DOM0 is not visible to >the user at all, only passing network traffic and handling kernel calls. >The security comes about in that each DOMU is totally isolated from the >the others, while the core DOM0 is

Re: About Xen: maybe a reiterative question but ..

On Wednesday 24 October 2007 17:25:25 Artur Grabowski wrote: > Christoph Egger <[EMAIL PROTECTED]> writes: > > > So I'm going to guess the answer is "No, integrating xen > > > paravirtualization is not a project priority at this time. Also, where > > > are your diffs?" > > > > The OpenBSD/Xen sourc

Wake on LAN, tcpdump weirdness with two ethernet interfaces

I'm noticing some strangeness in conjunction with WOL(*), which seems not to be working and am not sure where the problem lies(**). The machine launching the packets has two interfaces, re0 and em0, with the receiving machine connected to re0. The machine does not wake up either using port 9 or p

Re: About Xen: maybe a reiterative question but ..

Christoph Egger <[EMAIL PROTECTED]> writes: > > So I'm going to guess the answer is "No, integrating xen > > paravirtualization is not a project priority at this time. Also, where > > are your diffs?" > > The OpenBSD/Xen source is at http://hg.recoil.org/openbsd-xen-sys.hg > Unfortunately, Anil h

Re: About Xen: maybe a reiterative question but ..

* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]: > Virtualization provides near absolute security - DOM0 is not visible to > the user at all, only passing network traffic and handling kernel calls. > The security comes about in that each DOMU is totally isolated from the > the others, while

Re: About Xen: maybe a reiterative question but ..

On Wednesday 24 October 2007 16:14:19 Chris Kuethe wrote: > On 10/24/07, carlopmart <[EMAIL PROTECTED]> wrote: > > Dear sirs please: I will return to my original question. I just wondered > > if xen will be included into the OpenBSD's kernel to act as a > > para-virtualized DomU or not. Nothing mor

Re: About Xen: maybe a reiterative question but ..

On Tuesday 23 October 2007 18:22:00 ropers wrote: > Hi Christoph, > > Right now, on the OpenBSD misc mailing list, there is this discussion: > http://www.sigmasoft.com/~openbsd/archives/html/openbsd-misc/2007-10/thread >s.html#01149 about OpenBSD/Xen. > > We last spoke last year, when I put your BS

Re: About Xen: maybe a reiterative question but ..

On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote: | On Wed, 24 Oct 2007, Henning Brauer wrote: | | > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-10-24 03:03]: | > > Virtualization seems to have a lot of security benefits | > | > seems? | > to whom? | > | Virtualization provides near

  1   2   >