Re: How to use /dev/srandom

On Mon, 4 Oct 2010 13:33:00 +0200 Janne Johansson wrote: > 2010/10/4 Kevin Chadwick > > > > I do love all this considerations. Just wondering by on earth entropy > > > doesn't get much attention in a world where people seems so worried > > > about security and privacy. > > > > Do you mean the w

Re: Router components

On Sun, Oct 3, 2010 at 11:02 PM, Nick Holland wrote: > On 10/03/10 22:11, David Higgs wrote: >> I am building a replacement router/firewall for home use > > stop there. > > You aren't General Motors, Yahoo, or Google. > You are looking to spend a lot of time and money trying to optimize > performa

Re: smtpd and spamd, with antivirus

On Fri, 1 Oct 2010 08:42:04 -0400 "Michael W. Lucas" wrote: > Hi, > > I have to build a new mail relay host, and would like to use spamd and > smtpd on OpenBSD. I'm required to provide antivirus scanning of mail > contents, however. Has anyone attached any antivirus software to this > combinat

Re: How to use /dev/srandom

On Thu, 30 Sep 2010 11:37:14 +0200 Daniel Gracia wrote: > I do love all this considerations. Just wondering by on earth entropy > doesn't get much attention in a world where people seems so worried > about security and privacy. Do you mean the world in general or the OpenBSD world. I presume

Re: Router components

On 2010-10-04, David Higgs wrote: > I am building a replacement router/firewall for home use and am > soliciting suggestions/commentary/alternatives on the components > below. What sort of internet connection and what will be running over it? Will you be doing crypto on the firewall (ipsec/some o

Re: Kerberos: Server not found in database: krbtgt/ualberta...@realm

On Mon, 4 Oct 2010, Clint Pachl wrote: > In the KDC log file, I get the following errors: > > 2010-10-04T02:40:11 TGS-REQ pa...@mokaz.com from IPv4:10.0.9.15 for > afs/ualberta...@mokaz.com > 2010-10-04T02:40:11 Server not found in database: afs/ualberta...@mokaz.com: > No such entry in the datab

Re: Incorrect FAQ entry about "ksh(1) does not appear to read my .profile"

On Oct 3, 2010, at 2:52 PM, Amit Kulkarni wrote: > Then why is it placed there in the FAQ entry? Somebody thought there's a > relation there. It's there because when you start an X terminal (xterm), you can tell xterm (via X resource DB) if you want shells it starts to be "login shells", and that

Descanso doble

Muy buenos dias, en esta oportunidad estamos ofreciendo la segunda estadia gratuita, puede ver mas acerca de la propuesta en, http://www.fullallotment.com/barcelo.htm en plan todo inlcuido, la mejor ubicacion de Cancun frente al mar, desde ya le agradezco su tiempo y atencion, saludos cordiale

举国同欢庆

f6e0h?e0
i.d;6o<f/e f(efd;,gd:e (e3g3;o<
f,"h?f(o<misc e&f f3f>g$:h/7g9e;h?i>> e=e: --- g=g;h%ie$'e8--e8&ffh!!igg=g;h%ih=/d;6 g=eo<www.xidengke.com ee$ fh'
>> ef6h."i>>

Kerberos: Server not found in database: krbtgt/ualberta...@realm

In the KDC log file, I get the following errors: 2010-10-04T02:40:11 TGS-REQ pa...@mokaz.com from IPv4:10.0.9.15 for afs/ualberta...@mokaz.com 2010-10-04T02:40:11 Server not found in database: afs/ualberta...@mokaz.com: No such entry in the database 2010-10-04T02:40:11 TGS-REQ pa...@mokaz.com f

Re: How to use /dev/srandom

2010/10/4 Kevin Chadwick > > I do love all this considerations. Just wondering by on earth entropy > > doesn't get much attention in a world where people seems so worried > > about security and privacy. > > Do you mean the world in general or the OpenBSD world. > > I presume you've read the OpenB

Re: route-to and divert-packet

> The code says it well - after your divert(4) client reinjects the > packet back into the kernel, it bypasses any pf checks and goes > straight to the {ip_,ip6_}output function because of possible loops. That's all perfectly sensible, and I feel more likely to hurt myself if I could get a packet

Re: Router components

Stuart Henderson wrote: On 2010-10-04, David Higgs wrote: I am building a replacement router/firewall for home use and am soliciting suggestions/commentary/alternatives on the components below. What sort of internet connection and what will be running over it? Will you be doing crypto on the

BIOCTL Rebuild: invalid argument

I tried to rebuild a single disk in a 4 disk raid-10 array using the following command: # bioctl -R 0:3 sd0 bioctl: BIOCSETSTATE: invalid argument What does this mean exactly? I did rebuild the array via the MegaRAID BIOS utility. Are we able to rebuild arrays via bioctl? # bioctl sd0 Volum

Re: Router components

On Mon, Oct 4, 2010 at 3:51 PM, russell wrote: > Stuart Henderson wrote: >> >> On 2010-10-04, David Higgs wrote: >>> >>> I am building a replacement router/firewall for home use and am >>> soliciting suggestions/commentary/alternatives on the components >>> below. >> >> What sort of internet conn

PF OS fingerprint update

If you use the pf OS fingerprinting feature you want to apply the following diff to your system or -current OpenBSD boxes will not be identified as beeing OpenBSD. To apply the patch just use: cd /etc patch < this_mail pfctl -f /etc/pf.conf -- :wq Claudio Index: pf.os ===

pflogd dying silently?

Hi, on a machine running something close to what should be OpenBSD 4.8, I'm seeing pflogd "disapearing" every few days whithout any message in log files. Not to say that it's an annoying issue from the security point of view... Is this a known problem with a fix in -current ? Should I try to gat

Re: Mobile VPN

On Sat, 2010-10-02 at 11:56 +0300, Evgeniy Sudyr wrote: > I was able to get it working with 4.6/4.7 and E60/E65/E52 it works as > expected :) > > Nokia VPN config tool will save hours instead trial by error. > > On Fri, Oct 1, 2010 at 10:29 PM, Claudiu Pruna > wrote: > > On Fri,

Re: How to use /dev/srandom

I do love all this considerations. Just wondering by on earth entropy doesn't get much attention in a world where people seems so worried about security and privacy. Have you ever used any specific method to measure the randomness quality of the numbers generated by the kernel when randomness

Re: carp + client avahi-daemon = OpenBSD kernel hang

On 2010-10-03, Devin Reade wrote: So basically there are untrusted machines on the interface on which you also run pfsync. This is an unsupported configuration, as per pfsync(4): It is important that the pfsync traffic be well secured as there is no authentication on the protocol and

No Livelock on 2 Oct 2010 current

Hi Misc@, On this machine; OpenBSD 4.8-current (GENERIC.MP) #5: Sat Oct 2 21:06:09 WIT 2010 r...@border-rf.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error f cpu0: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz ("GenuineIntel" 686-class) 2.41 GHz cpu0: FPU,V86,D

Re: Router components

On Oct 3, 2010, at 11:15 PM, David Higgs wrote: >> NONE OF IT WILL MATTER TO YOU. > > I'll google up some smaller systems (Soekris, ALIX, etc?) > and see how they strike me. Pointers here are even more welcome, as I > am not as familiar with this end of the spectrum and want to avoid the > af

Re: route-to and divert-packet

2010/10/3, Daniel Browning-Weber : > Okay, and the divert (4) man page says that outbound packets, > after being reinjected, "are processed directly by the relevant > IP/IPv6 output function," so I probably can't get pf to take > another look at them so that "route-to" will apply. > > If I were fee

Re: BIOCTL Rebuild: invalid argument

On Mon, Oct 04, 2010 at 06:34:03AM -0700, Clint Pachl wrote: > I tried to rebuild a single disk in a 4 disk raid-10 array using the > following command: > > # bioctl -R 0:3 sd0 > bioctl: BIOCSETSTATE: invalid argument > > What does this mean exactly? > > I did rebuild the array via the MegaRAID

Re: route-to and divert-packet

Il giorno lun, 04/10/2010 alle 10.03 -0400, Daniel Browning-Weber ha scritto: > Those work great, without the divert-packet. And the divert-packet > works great, if I only have one internet connection. But I'm trying > to get them to both be applied. I'll look into that in the next few days, i'm

Re: Router components

On Mon, Oct 4, 2010 at 2:28 AM, Sean Kamath wrote: > I just bought a Alix 2d13 board. Then ended up buying about 7 of them for > work for OOB back-channel machines. > > Insanely straightforward, and they Just Work(tm). > I did exactly what Sean did myself several months ago. Purchased a 2d13 bo

Re: Router components

David Higgs wrote: > I know SSDs don't require TRIM, but most benchmarks are made by > knob-twiddlers that are presumably overemphasizing the performance > degradation you get without it. Is this even noticeable in practice? I've used an inexpensive SSD (cheapest one I could find at the time)

Re: How to use /dev/srandom

Kevin Chadwick writes: > First I'd ask how well can anyone prove that the NIST statistical test > suite can reliably judge randomness? It can't; it can only weed out weak generators but could not distinguish an entropic generator from, say, MD5. See http://lcamtuf.coredump.cx/soft/stompy.tgz for

Re: How to use /dev/srandom

>Then of course the tiiiny tiiiny problem of defining in code how to >_prove_ that the input >is random. Proving some input is skewed in one of 123 ways is easy and >relatively fast, >but proving that the input data will never fail a statistical test is.. >Hard. If a situation is possible where a

Re: Mobile VPN

Does anyone knows any OpenVPN client for S60 mobile phones? Thanks Claudiu Pruna wrote: On Sat, 2010-10-02 at 11:56 +0300, Evgeniy Sudyr wrote: I was able to get it working with 4.6/4.7 and E60/E65/E52 it works as expected :) Nokia VPN config tool will save hours instead trial by error. O

OpenBGP Filter - Selectively Announcing by Peer.

Hello, I want to selectively announce what I get from my peers (whom I am transit for) for a certain upstream peer. I decided to use community to do so, like that: # Add what I get from my transit peers to communyt $myasn:1010 match from $peer_t1 set community $myasn:1010 match from $peer_t2 set

Re: How to use /dev/srandom

2010/10/4 Kevin Chadwick > >Then of course the tiiiny tiiiny problem of defining in code how to > >_prove_ that the input > >is random. Proving some input is skewed in one of 123 ways is easy and > >relatively fast, > >but proving that the input data will never fail a statistical test is.. > >Har

Re: How to use /dev/srandom

Janne Johansson wrote: > What I meant was that one can complain of that the NIST programs (diehard > and > dieharder springs to mind) only do certain tests, but that is just because > noone > can make a short program that _proves_ a certain stream is random. The only > thing available seems to be

Re: How to use /dev/srandom

2010/10/4 Brad Tilley > Janne Johansson wrote: > > > What I meant was that one can complain of that the NIST programs (diehard > > and > > dieharder springs to mind) only do certain tests, > > Check out ent (it's in ports) it does chi-square, entropy, and a few > other tests to grade the data s

Re: Incorrect FAQ entry about "ksh(1) does not appear to read my .profile"

Sean, Sorry my bad. Thanks for enlightening me. Abel, ksh -l works for me and will use both of your suggestions. Thanks On Mon, Oct 4, 2010 at 1:24 AM, Sean Kamath wrote: > > On Oct 3, 2010, at 2:52 PM, Amit Kulkarni wrote: > > > Then why is it placed there in the FAQ entry? Somebody thought t

Re: How to use /dev/srandom

Janne Johansson wrote: > List of the CURRENT fully implemented tests (as of the 08/18/08 snapshot): > > #=# > # dieharder version 3.29.4beta Copyright 2003 Robert G. Brown > # > #=

Re: How to use /dev/srandom

> > -d 1 Diehard OPERM5 Test Suspect > > -d 14Diehard Sums TestDo Not Use And from the site: Note that a few tests appear to have stubborn bugs. In particular, the diehard operm5 test seems to fail all gen

Re: carp + client avahi-daemon = OpenBSD kernel hang

--On Monday, October 04, 2010 12:11:01 PM + Stuart Henderson wrote: > On 2010-10-03, Devin Reade wrote: > if only all problem reports were this good!> Thanks. I'm also a developer, just not in the OpenBSD kernel. > Until you can move to a dedicated nic, I would > suggest switching to usi

Re: OpenBGP Filter - Selectively Announcing by Peer.

On Mon, Oct 04, 2010 at 02:20:55PM -0300, Eduardo Meyer wrote: > Hello, > > I want to selectively announce what I get from my peers (whom I am > transit for) for a certain upstream peer. I decided to use community > to do so, like that: > > # Add what I get from my transit peers to communyt $myas

masquerade in smtpd?

Can smtpd do masquerading of outgoing email? Something like what is described here http://www.postfix.org/STANDARD_CONFIGURATION_README.html#fantasy hostname doesn't seem to do the trick. /Markus

Re: OpenBSD Vim Programming FAQ

After 2 months I have to announce that I am unable to finish the guide. I am too busy at the moment and unfortunately I will be still busy for a long time. Anyway, there has been a lot of people interested in this guide, so I suppose someone could use my work/ideas and make it come true. Document

Re: No Livelock on 2 Oct 2010 current

On 2010-10-04, Insan Praja SW wrote: > I can't see any livelocks. I'm aware of new algorithm on mclgeti got > something to do with this, I just want to confirm this. If this systat > output tells me the truth, well that just a huge achievement. # pstat -d u mcllivelocks You will probbaly see

Re: OpenBGP Filter - Selectively Announcing by Peer.

On Mon, Oct 4, 2010 at 6:12 PM, Claudio Jeker wrote: > On Mon, Oct 04, 2010 at 02:20:55PM -0300, Eduardo Meyer wrote: >> Hello, >> >> I want to selectively announce what I get from my peers (whom I am >> transit for) for a certain upstream peer. I decided to use community >> to do so, like that: >

upgrade to 4.7

Hello misc, I've a little doubt, In my old firewall I wrote the rdr rules thus: rdr pass on egress -> ip port 3030 block log all pass out on $dmz ... to port 3030 It's fine now I wrote rules thus: match in on egress ... rdr-to ip port 3030 block log all pass in on egress .. to port

Re: No Livelock on 2 Oct 2010 current

On Mon, Oct 04, 2010 at 10:41:15PM +, Stuart Henderson wrote: > On 2010-10-04, Insan Praja SW wrote: > > I can't see any livelocks. I'm aware of new algorithm on mclgeti got > > something to do with this, I just want to confirm this. If this systat > > output tells me the truth, well that

Re: OpenBSD Vim Programming FAQ

It asks for a password and shit. Not sure how I could use this. On Mon, Oct 04, 2010 at 11:32:10PM +0200, Tomas Vavrys wrote: > After 2 months I have to announce that I am unable to finish the > guide. I am too busy at the moment and unfortunately I will be still > busy for a long time. Anyway, t

Re: masquerade in smtpd?

On 10/4/2010 11:28 PM, Markus Bergkvist wrote: Can smtpd do masquerading of outgoing email? Something like what is described here http://www.postfix.org/STANDARD_CONFIGURATION_README.html#fantasy hostname doesn't seem to do the trick. /Markus It currently can't I have a diff somewhere which

Re: Mobile VPN

On Mon, 2010-10-04 at 10:10 -0600, Shiu Lam wrote: > Does anyone knows any OpenVPN client for S60 mobile phones? > > Thanks > > Claudiu Pruna wrote: > > On Sat, 2010-10-02 at 11:56 +0300, Evgeniy Sudyr wrote: > > > >> I was able to get it working with 4.6/4.7 and E60/E65/E52 it works as > >> e

ASISTENTES EJECUTIVAS: ÚNICA PRESENTACIÓN OCTUBRE 29 EN PUERTO VALLARTA.

[IMAGE] Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 885