2007/12/5, Marco Peereboom [EMAIL PROTECTED]:
have you ever wondered why openbsd doesn't do binary updates?
And what are package updates?
Does pkg_add -u even check an e.g. md5 or does it trust the server?
Best
Martin
[sent to wrong list]
Also hoststatectl reload does not work for me.
[EMAIL PROTECTED] root# hoststatectl reload
command failed
Expected behavior?
Unfortunately, yes.
reload currently does not work for layer7 (relay) configurations.
it should be available before 4.3 though.
On Thu, Dec 06, 2007 at 12:37:19PM +0800, Lars Hansson wrote:
On Dec 6, 2007 2:46 AM, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote:
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the
On Wed, Dec 05, 2007 at 02:23:41PM -0600, Marco Peereboom wrote:
blah blah blah
have you ever wondered why openbsd doesn't do binary updates?
I'm not talking about updates, I can read C.
maybe you are now going to be able to figure out why we don't need
complex signing mechanisms.
You're
Hi!
On Wed, Dec 05, 2007 at 12:15:01PM -0500, bofh wrote:
On Dec 5, 2007 11:46 AM, new_guy [EMAIL PROTECTED] wrote:
Can you dismiss PKI and the benefits that OpenPGP signatures provide to your
user community? Knowing that xyz binary is signed by OpenBSD for
distribution or abc email came from
Hi!
On Wed, Dec 05, 2007 at 01:24:49PM -0700, Bob Beck wrote:
If you want a secure binary. buy an official CD.. This is
what most people do. PKI requires infrastructure that would cost OpenBSD
money and developer time. Official CD's keep OpenBSD alive.
Doesn't help you if you want fixes
Hi!
On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote:
[...]
You know, you're descending into a recursive loop of if, if, if... and
it never ends. OF COURSE if someone breaks into the site they could
do things--once you've lost control of your site all bets are off. I dare
say that
Hannah Schroeter wrote:
...
As the talk about those online surveillance plans includes talk about
tailored attacks for each victim, they could investigate which OS one
uses and which ways of updating, so they could tailor their attack
vector appropriately.
...
Some of this is mitigated in
On 2007/12/06 13:12, Lars Noodin wrote:
If the installation process (from the purchased CDs) had a list of the
public keys for the official mirror sites, then that would go a long
way.
That would make it rather hard to revoke a key if there ever
was a problem.
Hi!
On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote:
On 2007/12/06 13:12, Lars Noodin wrote:
If the installation process (from the purchased CDs) had a list of the
public keys for the official mirror sites, then that would go a long
way.
That would make it rather hard to
Hi!
On Thu, Dec 06, 2007 at 01:12:02PM +0200, Lars Noodin wrote:
Hannah Schroeter wrote:
...
As the talk about those online surveillance plans includes talk about
tailored attacks for each victim, they could investigate which OS one
uses and which ways of updating, so they could tailor their
Douglas A. Tutty wrote:
On Tue, Dec 04, 2007 at 02:30:28PM -0800, Bryan Irvine wrote:
What would be the rationale for 640? ;)
Well according to cvs log:
it can be easily changed if you like it another way. millert,
So I guess one rationale might be as simple as because ;)
Does
Hi,
Currently I am facing a small problem in OpenBSD. I want to get the
information about the total physical Storage and the partition table
(mounted and unmounted). Please let me know if there is any way out for
getting this information.
--
View this message in context:
hey,
I have a question on how to best limit traffic with pf. The main
goal is not so much to limit bandwidth to a lower point all the
time but more to prevent a runaway process (or user) from
drowning the rest.
Since i do not have the means for extensive testing i hope to
get some pointers
Hi!
On Thu, Dec 06, 2007 at 05:21:08AM -0800, Shachi Rai wrote:
Currently I am facing a small problem in OpenBSD. I want to get the
information about the total physical Storage and the partition table
(mounted and unmounted). Please let me know if there is any way out for
getting this
On Thu, 6 Dec 2007 05:21:08 -0800 (PST), Shachi Rai wrote
Hi,
Currently I am facing a small problem in OpenBSD. I want to get the
information about the total physical Storage and the partition table
(mounted and unmounted). Please let me know if there is any way out
for getting this
Hi,
Great to see your reply,
I would like to explain you in detail,
I am currently writing a java code which tries to find out the total
physical storage of an OpenBSD machine. Infact I would like to know the
complete partition table in an OPenBSD machine.
I have gone through the disklabel
Shachi Rai wrote:
Hi,
Great to see your reply,
I would like to explain you in detail,
I am currently writing a java code which tries to find out the total
physical storage of an OpenBSD machine. Infact I would like to know the
complete partition table in an OPenBSD machine.
I have gone
On Thu, 6 Dec 2007 05:57:17 -0800 (PST), Shachi Rai wrote
...So my first question would be
to know all the devices which are attached...
$ sysctl hw.disknames
.. and may or may not be
mounted
$ df
Hannah Schroeter wrote:
...
AFS is also encrypted, but unless its used to
get all the tarballs and make them accessible locally (e.g. make a cd)
it's not a help during the installation.
I don't know enough about AFS to say anything about how to secure it
from the beginning on.
I'm not
On 2007/12/06 05:57, Shachi Rai wrote:
I have gone through the disklabel and fdisk command but both these command
take the device name as a parameter. So my first question would be to know
all the devices which are attached and may or may not be mounted.
sysctl hw.disknames
At this point, it's probably a good idea to point out there's a paper
called Trusting Trust about your everyday C compiler...
On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote:
Hannah Schroeter wrote:
...
AFS is also encrypted, but unless its used to
get all the tarballs and make them
On Thu, Dec 06, 2007 at 11:48:55AM +0100, Hannah Schroeter wrote:
One risk would be the plans of online surveillance of computers e.g.
in Germany. One way to install surveillance even on OpenBSD would be to
actively interfere with the internet connection with the surveilled
person, in the
bofh wrote:
At this point, it's probably a good idea to point out there's a paper
called Trusting Trust about your everyday C compiler...
Yeah. It recently disappeared from the ACM's web site after 11+ years
of availability:
http://www.acm.org/classics/oct95/
There is, fortunately, the
On Thu, Dec 06, 2007 at 07:05:07AM -0500, Nick Holland wrote:
Douglas A. Tutty wrote:
On Tue, Dec 04, 2007 at 02:30:28PM -0800, Bryan Irvine wrote:
What would be the rationale for 640? ;)
Well according to cvs log:
it can be easily changed if you like it another way. millert,
So
Douglas A. Tutty wrote:
Using software from any source without interference from an
all-pervasive government is a very special,...
It's not all about governments. Corporate espionage is probably a
larger, more active threat, especially to OpenBSD.
cui bono?
If we assume for the sake
We've got similar problems about a year ago, when we deployed a
massive installation of vpn/ipsec clients based on isakmpd.
When testing the client robustness to a series of events, like physically
disconnecting network cables, simulating power failures and such, we
saw the same pattern.
Our
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
Just need to make sure there're some mountains around for Theo to go
climb. If you live on a flatland, then, sorry, you're doomed.
On 12/6/07, Douglas A. Tutty
Hi,
sorry for the late response, the mail just got marked as junk :(
KM enabling acpi
How exactly do you do it?
Mine acpi-related lines are
its already in the default kernel, not sure if its enabled by default.
# config -ef /bsd.mp
...
ukc enable acpi
414 acpi0 enabled
KM enabling
That's why I always hand enter, in binary, by toggling switches on the
front of my box[1] when I start a new system.
[1]. What, you never pressed the power button
On 12/6/07, Lars Noodin [EMAIL PROTECTED] wrote:
bofh wrote:
At this point, it's probably a good idea to point out there's a
hitler already
On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote:
Douglas A. Tutty wrote:
Using software from any source without interference from an
all-pervasive government is a very special,...
It's not all about governments. Corporate espionage is probably a
larger, more
Several people have asked me about what the softraid todo is. I
published such a list at: http://www.peereboom.us/softraid_todo.txt
It isn't 100% complete but has most major and minor items.
On Thu, Dec 06, 2007 at 09:08:56AM -0600, Marco Peereboom wrote:
hitler already
Here is yours :
++
| 1 Godwin point |
++
Bye
--
unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ;
yes ; fsck ; umount ; sleep
Come on... twice a year and get the benefit of not being excluded from
company policies which require digital signature of software downloaded
through the internet.
It's not really OpenBSD's problem that some companies implement pointless
security policies.
I'm not discussing wether its
On 06 NN5N: 2007, at 5:39 NN, bofh wrote:
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
And how would you know that it is indeed Theo and not someone that
looks like him? I think that blood samples and
On Wed, 05 Dec 2007 22:32:45 +0700, Jason George [EMAIL PROTECTED]
wrote:
Hi!
I just imported snmpd(8) and snmpctl(8), an initial attempt to
implement a new SNMP daemon for OpenBSD. SNMP is the Simple Network
Management Protocol and it is still very commonly used in corporate
networks, by
Code signing by blood. ISAGN.
Sorry marc - had to do it
On 12/6/07, Jeff I. Ragland [EMAIL PROTECTED] wrote:
On 06 Dej 2007, at 5:39 LL, bofh wrote:
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
And
Hey All,
I was wondering is it possible to use pf + max-src-conn-rate + overload with
hoststated? In manual there is nothing about that, but maybe if you define
tables in hoststated, but not a service and in PF you use just rdr with
hoststated tables (something similar to spamd tables?). Anyone
On Thu, Dec 06, 2007 at 09:39:35AM -0600, bofh wrote:
You forgot one option. Invite Theo to give a talk, and ask him to
bring the CDs. If you can't trust Theo's CDs, all hope is lost.
He doesn't have to bring the CDs, just in the speach give the MD5 (or
other more secure [sha?} sum for an
On Thu, Dec 06, 2007 at 05:24:40PM +0200, Lars Nood??n wrote:
Douglas A. Tutty wrote:
Using software from any source without interference from an
all-pervasive government is a very special,...
It's not all about governments. Corporate espionage is probably a
larger, more active threat,
Hi!
On Thu, Dec 06, 2007 at 11:23:37AM +, Stuart Henderson wrote:
On 2007/12/06 13:12, Lars Noodin wrote:
If the installation process (from the purchased CDs) had a list of the
public keys for the official mirror sites, then that would go a long
way.
That would make it rather hard to
bofh wrote:
Code signing by blood. ISAGN.
Sorry marc - had to do it
what if theo is a person of interest, has his endpoint surveilled and
his key and passphrase are compromised? if somebody stole a pint of
blood, that could go a long way in your proposed plan...
short of having a
Ted Unangst wrote:
give it a rest guys.
Ted says everything is ok. We can pack up and call it a day, knowing
that everything's settled once and for all.
Seriously, if the process has been already worked out, then point to
where it is written up. Maybe we're not looking in the right part of
give it a rest guys.
has anyone ever actually been the victim of some
government/corporate/the man attack where they slipped trojan
openbsd binaries to you?
do you have any idea how hard it really is to mount such an attack?
without being detected? and what's the trojan going to do? copy all
Since this thread is both TOP and BOTTOM posted, I am going UPPER MIDDLE post.
bofh wrote:
Code signing by blood. ISAGN.
Sorry marc - had to do it
what if theo is a person of interest, has his endpoint surveilled and
his key and passphrase are compromised? if somebody stole a pint
On Thu, 6 Dec 2007 09:51:16 -0500, Douglas A. Tutty
[EMAIL PROTECTED] said:
Personally, if this thread is to continue, I would like to see it move
from a Why doesn't OpenBSD do things this way? to a What are the
threat models for OpenBSD identity theft and how can we protect
ourselves?.
do you have any idea how hard it really is to mount such an attack?
without being detected? and what's the trojan going to do? copy all
your secrets to their national citizen oppression center? how do they
get their nefarious packets through your firewall without notice?
Of course
HITLER AND MORE HITLER
On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote:
Ted Unangst wrote:
give it a rest guys.
Ted says everything is ok. We can pack up and call it a day, knowing
that everything's settled once and for all.
Seriously, if the process has been already
there seems to be a fine, pink mist in the air. some time ago
the matter comprising this mist was a live and healthy horse.
On Thu, Dec 06, 2007 at 12:39:39PM -0600, Marco Peereboom wrote:
HITLER AND MORE HITLER
On Thu, Dec 06, 2007 at 08:28:21PM +0200, Lars Nood??n wrote:
Ted Unangst
Ok. So Christopher, Marco, and Ted have spoken up to inform the list
that they do not know an answer.
Christopher Linn wrote:
there seems to be a fine, pink mist in the air. ...
To be sure the topic has been covered earlier, but
just where are there relevant message archives, presentations or
On Thursday 06 December 2007 05:52:46 Hannah Schroeter wrote:
Hi!
On Wed, Dec 05, 2007 at 06:46:15PM -0500, STeve Andre' wrote:
[...]
You know, you're descending into a recursive loop of if, if, if... and
it never ends. OF COURSE if someone breaks into the site they could
do things--once
Lars NoodC)n [EMAIL PROTECTED] wrote:
http://forum.skype.com/index.php?showtopic=95261
I have no intention of refueling this debate but I found this an
interesting read some time ago:
paper by Garfinkel
http://skypetips.internetvisitation.org/files/VoIP%20and%20Skype.pdf
your link
On Thu, Dec 06, 2007 at 09:39:59PM +0200, Lars Nood??n wrote:
Ok. So Christopher, Marco, and Ted have spoken up to inform the list
that they do not know an answer.
You can't possibly be this dense. Let me try to spell it out. YOU see
an issue WE don't. That makes YOU responsible for fixing
Does anyone have recommendations on server hardware for setting up a
redundant OpenBSD firewall? Right now our network handles several
million HTTP requests per day, and we expect that to continue growing.
I expect a simple pair of Dell rackmounted servers should handle this
easily, but I thought
Hi Folks,
I'm back again.
I have two AS1200 (AlphaServers) to donate. They're nice machines, but I
don't use them. One has two 400MHz CPUs (B3007-AA) and 512MB RAM, the other
has one 533MHz CPU (B3007-CA) and 256MB RAM.
They have lots of disks internally (2 and 4GB drives). They have several
On 06/12/2007, Benoit Chesneau [EMAIL PROTECTED] wrote:
Hi all,
HAve currently problem with a server based on Intel(R) Core(TM)2 Duo CPU
E6550
with a Realtek 8168 ( re(4) ). It freeze after some random time. I
don't know why.
No log about it. I tried to :
- enable acpi
- force the carde
Daniel Bosk wrote:
Brad, you really did start some thread. Starting with a rather
innocent question. Interesting reading though.
My best to all of you,
Daniel
Thanks, I love OpenBSD. I see the lack of signed code and signed
communication as a potential security issue. It *has*
Hi Folks,
I have an ancient, but fully functional pizza-box like device from Pan
Dacom (V.24 Umschalter), which has 9 DB25 female connectors on the back,
and 8 toggle pushbuttons on the front. One of the DB25 connectors is the
input, and is connected to one or more of the other eight DB25
hi list,
i'm looking for a reporting tool that can read the
output of /var/log/flowd or the ascii data of flowd-reader.
has anyone an idea ?
thanks
thomas
I'm running spamd in blacklist mode, and it started running out of
memory today. It turns out the lists are getting close to the default
limit:
# /usr/libexec/spamd-setup -b -d
Getting http://www.openbsd.org/spamd/traplist.gz
blacklist uatraps 157348 entries
Getting
Paranoia is a disease... it distorts your thinking and your logical
faculty. I'd be more concerned about THAT if I were in your position.
It's stupid to rework the infrastructure to support signing,
especially considering the benefits (none.) Plus, you have to trust
the OpenBSD developers
I'm running wengo 2.1.2, and under the security tab on the
configuration page there is an option for call encryption -
WengoPhone can encrypt calls using the AES 128-bits encryption system
and Diffie-Hellman for key exchange.
would like to lock random users out of the services that are hosted on
machines here and remember LLNL, etc, using a RSA secureID to effect
this back in the day: you had to enter your secureID string before being
able to ssh into your user account through the firewall. i am aware that
the
Here's what we're offering for this week:
Current Doctors in the USA
788,217 in total * 17,132 emails
34 primary and secondary specialties
16 different sortable fields
Pharmaceutical Companies in the US
47,000 personal emails and names of decision makers
American Hospital Directory
Full
64 matches
Mail list logo