On Apr 08 09:24:09, br...@coiloptic.org wrote:
| http://www.openbsd.org/faq/faq14.html#flashmemLive
|
| That route would indeed work (I quoted both of those links in my original
| email), but both require a pre-existing OpenBSD installation in order
| to create the bootable full install on
On Thu, 3 Apr 2014 12:21:59 + (UTC), Stuart Henderson wrote:
I should be getting a supermicro A1SAi-2550F box from a system builder to
test in a week or so, which covers most of this while using less power.
4 ports onboard and a PCIe slot so you could add a quad nic (though for
my intended
On Thu, 3 Apr 2014 18:51:58 + (UTC), Doros Eracledes wrote:
We had very good results with SuperMicro machines with the X9SCi-LN4
motherboard. It comes with 4 x Integrated Intel 82574 L Gigabit LAN Ports so
with an additional Intel Quad card we get 8 ports in total.
the CPU we get is the
To clarify, there are no ~/. shell dot files.
$PATH umask are set in /etc/login.conf
$MAIL is the default set by login(1)
/etc/profile sources /etc/ksh.kshrc, which just sets $PS1,
window decor some aliases, nothing major.
This arrangement works fine when logging in directly,
or via sudo su
On 2014-04-07, Christophe t...@stuxnet.org wrote:
The goal is to accept every SIP device from inside the LAN to register
to SIP provider without any outbound proxy configuration, and let
siproxd acting as a masquerading server.
Do you really need it? Most user-facing SIP providers run SBCs to
On 2014-04-07, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote:
previously on this list Stuart Henderson contributed:
If a port is considered dangerous like wireshark was it
is removed to avoid encouraging it but users can still build it of
course.
There's a problem with
Hi Simon,
Le 07/04/2014 20:20, Simon Perreault a écrit :
I don't know the direct answer to your question, but taking a step back...
Any reason you want a transparent SIP proxy rather than an
explicitly-configured SIP B2BUA? The latter is usually much easier to
set up and maintain.
SIP
Hi Stuart,
Le 08/04/2014 10:41, Stuart Henderson a écrit :
On 2014-04-07, Christophe t...@stuxnet.org wrote:
The goal is to accept every SIP device from inside the LAN to register
to SIP provider without any outbound proxy configuration, and let
siproxd acting as a masquerading server.
Do
On Fri, Apr 4, 2014 at 6:00 AM, Craig R. Skinner
skin...@britvault.co.uk wrote:
Hi,
When sudo'ing to another user, how can I obtain all of their environment
settings as they receive when logging in themselves?
When I use sudo in this manner, settings such as $PATH, $MAIL umask
aren't being
So, Martin, what is your point ?
On Tue, Apr 8, 2014 at 7:17 AM, Andres Perera andre...@zoho.com wrote:
On Fri, Apr 4, 2014 at 6:00 AM, Craig R. Skinner
skin...@britvault.co.uk wrote:
Hi,
When sudo'ing to another user, how can I obtain all of their environment
settings as they receive when logging in themselves?
When I
On 2014-04-08 Tue 07:17 AM |, Andres Perera wrote:
You do that with `sudo -c - -l`:
$ sudo -c - -i 'ulimit -a; env' eb
$ diff -u ea e
--- ea Tue Apr 8 07:13:11 2014
+++ eb Tue Apr 8 07:14:22 2014
@@ -1,29 +1,24 @@
-LOGNAME=a
+LOGNAME=root
Also see `use_loginclass` in sudoers(5).
On 02/02/14 07:39, howard eisenberger wrote:
I just got back to this and, to be fair, with Debian Linux USB pen
drive is detected, but not USB/IDE external laptop drive with APIC
enabled or disabled in BIOS. The same external drive with the same
USB/IDE adapter is detected and works with 5.4 on
On 2014-04-08, Christophe t...@stuxnet.org wrote:
Hi Stuart,
Le 08/04/2014 10:41, Stuart Henderson a écrit :
On 2014-04-07, Christophe t...@stuxnet.org wrote:
The goal is to accept every SIP device from inside the LAN to register
to SIP provider without any outbound proxy configuration, and
On 2014-04-07, Christophe t...@stuxnet.org wrote:
[..]
Let's ignore the siproxd side of things and just look at the ruleset.
set skip on lo
set loginterface pflog0
block in on ! lo0 proto tcp to port 6000:6010
match out log on em0 inet from 172.18.160.0/24 to any nat-to em0
pass in on
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
accurate w/r/t 5.3?
--
Jack Woehr # We commonly say we have no time when,
Box 51, Golden CO 80402 # of course, we have all that there is.
http://www.softwoehr.com # - James Mason, _The Art
Hi Stuart,
Le 08/04/2014 18:31, Stuart Henderson a écrit :
On 2014-04-07, Christophe t...@stuxnet.org wrote:
[..]
Let's ignore the siproxd side of things and just look at the ruleset.
You have no pass or block rules for any outbound traffic so the implicit
default is used for outbound
Hello,
I'm not a developer but more of an openbsd hobbyist.
I'm using current with current packages that are a few days old.
I patched my openbsd servers and revoked all my ssl keys, generated
new ones and changed every possible password.
Even though, as far as I understood, you can't be sure
On 2014-04-08 13:19, Jack Woehr wrote:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
accurate w/r/t 5.3?
Jack,
Please read: http://www.openbsd.org/errata53.html and note item #14.
You may download
the patch from there or for your convenience:
On Tue, Apr 08, 2014 at 11:19, Jack Woehr wrote:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
accurate w/r/t 5.3?
5.3, 5.4, and 5.5 are all affected. only 5.2 and earlier are not.
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May
2012)
how surprising..
but doesn't ASLR suppose to protect from this?
http://undeadly.org/cgi?action=articlesid=20140408063423
On 8 April 2014, Jack Woehr jwo...@softwoehr.com wrote:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
accurate w/r/t 5.3?
A few popular testers:
https://github.com/titanous/heartbleeder
https://github.com/FiloSottile/Heartbleed
Hello,
We'd like to deploy OpenBSD on some Dell C5220 and Dell C6220 servers,
for a high-traffic website.
However, the C5220 has some unconfigured components in dmesg [1], and
the C6220 has even more of them [2].
Are they crucial for the machines to operate accurately? By 'accurately',
I mean
read overrun, so ASLR won't save you
- any pro-active thoughts to prevent this in the future? (I'm not a
programmer, so.. pardon if my question is idiotic)
Thanks!
On Tue, Apr 8, 2014 at 7:34 PM, nobody openbsd.as.a.desk...@gmail.comwrote:
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4
On Tue, Apr 08, 2014 at 07:26:06PM +0200, Didier Wiroth wrote:
F.ex. I use dovecot:
# ldd `which dovecot`
/usr/local/sbin/dovecot:
StartEnd Type Open Ref GrpRef Name
04f81c50 04f81c913000 exe 10 0 /usr/local/sbin/dovecot
04fa2152c000
Didier Wiroth dwir...@gmail.com writes:
Hello,
I'm not a developer but more of an openbsd hobbyist.
I'm using current with current packages that are a few days old.
I patched my openbsd servers and revoked all my ssl keys, generated
new ones and changed every possible password.
Even
Ok, thank you very much!
Didier
On 8 April 2014 19:44, Stefan Sperling s...@openbsd.org wrote:
On Tue, Apr 08, 2014 at 07:26:06PM +0200, Didier Wiroth wrote:
F.ex. I use dovecot:
# ldd `which dovecot`
/usr/local/sbin/dovecot:
StartEnd Type Open Ref GrpRef Name
Josh Grosse wrote:
Please read: http://www.openbsd.org/errata53.html and note item #14. You may
download
the patch from there or for your convenience:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/014_openssl.patch
You may also want to read the article published by the OpenBSD
You should at least be able to know which of your packages have access to an
SSL private key, and speak SSL.
You also need to recursively check each library dovecot links to... That
libdovecot looks like a likely candidate for linking ssl.so.
That said, For dovecot, I THINK it uses dlopen at
nobody openbsd.as.a.desk...@gmail.com writes:
read overrun, so ASLR won't save you
What if malloc's G option were turned on? You know, assuming the
subset of the worlds' programs you use is good enough to run with that.
On Tue, Apr 08, 2014 at 15:09, Mike Small wrote:
nobody openbsd.as.a.desk...@gmail.com writes:
read overrun, so ASLR won't save you
What if malloc's G option were turned on? You know, assuming the
subset of the worlds' programs you use is good enough to run with that.
No. OpenSSL has
On Tue, Apr 08, 2014 at 15:09, Mike Small wrote:
nobody openbsd.as.a.desk...@gmail.com writes:
read overrun, so ASLR won't save you
What if malloc's G option were turned on? You know, assuming the
subset of the worlds' programs you use is good enough to run with that.
No. OpenSSL
Seems to be fixed in the 7 April snapshot.
Thanks, Peter
Hi misc@,
I'm trying to achieve something similar to Cisco's firewall contexts or
Juniper's virtual systems with PF and OpenBSD.
Currently I run an OpenBSD box as a firewalling device for multiple
environments, most of them independent of each other. My main problem
with this arrangement is that
Hi guys,
here is a simple patch to replace /etc/crontab by /etc/cron.d/.
You need to manually mkdir /etc/cron.d.
--- pathnames_original.hMon Apr 7 22:31:53 2014
+++ pathnames.h Tue Apr 8 16:12:30 2014
@@ -92,8 +92,8 @@
#define PIDFILEcron.pid
#define _PATH_CRON_PID
In your dreams.
here is a simple patch to replace /etc/crontab by /etc/cron.d/.
You need to manually mkdir /etc/cron.d.
--- pathnames_original.hMon Apr 7 22:31:53 2014
+++ pathnames.h Tue Apr 8 16:12:30 2014
@@ -92,8 +92,8 @@
#define PIDFILEcron.pid
Hi,
I'm wondering if anyone has had any experience with VPN and Android 4.4??
I used to use OpenVPN with versions 4.1 through 4.3 however, 4.4
apparently broke the tun interface so the app doesn't work now.
As I need vpn access I configured ipsec and npppd however, I keep
getting these errors
Hi there,
here the requested output. The machine was just installed a few days ago
with 5.4 and smokeping was added with pkg_add.
ldconfig -r | head -2
/var/run/ld.so.hints:
search directories: /usr/lib:/usr/local/lib
env LD_DEBUG=1 smokeping --help
rtld loading: '/usr/bin/perl'
Dear list members,
i have just configured my system (yp) to retrive information on groups and
users. It's working 100% ok.
Now, i would like to set some netgroups. How does netgroup works with
ypldap ?
Thanks.
fried.
On Tue, Apr 8, 2014 at 12:47 PM, Wiesław Kielas
wieslaw.kie...@bluemedia.pl wrote:
I'm trying to achieve something similar to Cisco's firewall contexts or
Juniper's virtual systems with PF and OpenBSD.
Currently I run an OpenBSD box as a firewalling device for multiple
environments, most of
No Theo I don't think understand, if you accept the patch then you will
be more like Ubuntu and other MODERN operating systems.
Why put everything in a single easily readable file, when you can split
it up in to multiple directories.
Which reminds me when are you going to ditch /etc for a
On Tue, Apr 8, 2014 at 2:35 PM, Thorleif Wiik [BCIX]
thorleif.w...@bcix.de wrote:
here the requested output. The machine was just installed a few days ago
with 5.4 and smokeping was added with pkg_add.
...
examining: '/usr/local/lib/librrd.so.3.0'
loading: libfreetype.so.20.0 required by
On 2014-04-08, Thorleif Wiik [BCIX] thorleif.w...@bcix.de wrote:
Hi there,
here the requested output. The machine was just installed a few days ago
with 5.4 and smokeping was added with pkg_add.
OK - this matches my guess. You must have untarred xbase on
the system after installing the OS
Hi Wiesław,
Definitely support your desire to try to add more structure to your PF writing!
:)
We use git to version control PF and many other files (over 60 files across an
OBSD system now come to think of it).
For PF, I wouldn't recommend using anchors as I *think* their slower and
On Tue, Apr 08, 2014 at 03:39:54PM -0600, Daniel Melameth wrote:
On Tue, Apr 8, 2014 at 12:47 PM, Wies??aw Kielas
wieslaw.kie...@bluemedia.pl wrote:
I'm trying to achieve something similar to Cisco's firewall contexts or
Juniper's virtual systems with PF and OpenBSD.
Currently I run an
On 04/08/14 16:35, Remy wrote:
Hi guys,
here is a simple patch to replace /etc/crontab by /etc/cron.d/.
You need to manually mkdir /etc/cron.d.
um. eight days late. I look forward to your contribution next year, but
try to hit the right date next time.
Nick.
Em 08-04-2014 19:13, Andy Lemin escreveu:
Hi Wiesław,
Definitely support your desire to try to add more structure to your PF
writing! :)
We use git to version control PF and many other files (over 60 files across
an OBSD system now come to think of it).
For PF, I wouldn't recommend
Remy said:
here is a simple patch to replace /etc/crontab by /etc/cron.d/.
FWIW why?
--
Dmitrij D. Czarkoff
On 04/08/2014 10:31 AM, Ted Unangst wrote:
On Tue, Apr 08, 2014 at 11:19, Jack Woehr wrote:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
accurate w/r/t 5.3?
5.3, 5.4, and 5.5 are all affected. only 5.2 and earlier are not.
Hello Ted, are you
On 08/04/14 6:53 PM, consultor wrote:
On 04/08/2014 10:31 AM, Ted Unangst wrote:
On Tue, Apr 08, 2014 at 11:19, Jack Woehr wrote:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
accurate w/r/t 5.3?
5.3, 5.4, and 5.5 are all affected. only 5.2 and
On Tue, Apr 08, 2014 at 03:53:06PM -0700, consultor wrote:
On 04/08/2014 10:31 AM, Ted Unangst wrote:
On Tue, Apr 08, 2014 at 11:19, Jack Woehr wrote:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
accurate w/r/t 5.3?
5.3, 5.4, and 5.5 are all
Look what linux are accepting now : stuff like systemd, how modern ! and so
nicely done !
Maybe having a .d looks .damned cool but does it really solve something ?
New is not better, modern surely isn't.
If there is a way for OpenBSD to move to a cron.d it probably needs a nice
explanation :
hello misc,
can anyone please help me with a pointer:
two hosts have one interface each configured on the same subnet (.1 and .2),
and also have a carp interface (.3) using the interfaces as carpdev. No load
balancing is configured.
Is there more than one way to make the traffic originating
On Tue, Apr 8, 2014 at 12:40 PM, Theo de Raadt dera...@cvs.openbsd.orgwrote:
On Tue, Apr 08, 2014 at 15:09, Mike Small wrote:
nobody openbsd.as.a.desk...@gmail.com writes:
read overrun, so ASLR won't save you
What if malloc's G option were turned on? You know, assuming the
On Tue, Apr 8, 2014 at 9:05 PM, noah pugsley noah.pugs...@gmail.com wrote:
On Tue, Apr 8, 2014 at 12:40 PM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
On Tue, Apr 08, 2014 at 15:09, Mike Small wrote:
nobody openbsd.as.a.desk...@gmail.com writes:
read overrun, so ASLR won't
all sarcasm on my part.
hate the whole /etc/hourly /etc/daily /etc/whim-time cron crap
was happy to see Theo's reaction. Was jerking the list's chain.
sven falempin wrote:
Look what linux are accepting now : stuff like systemd, how modern ! and so
nicely done !
Maybe having a .d looks
wasn't the registry database a dead giveaway???
On 8 Apr 2014 at 17:22, Dag Richards wrote:
all sarcasm on my part.
hate the whole /etc/hourly /etc/daily /etc/whim-time cron crap
was happy to see Theo's reaction. Was jerking the list's chain.
sven falempin wrote:
Look what linux are
On 04/08/2014 04:31 PM, Friedrich Locke wrote:
Dear list members,
i have just configured my system (yp) to retrive information on groups and
users. It's working 100% ok.
Now, i would like to set some netgroups. How does netgroup works with
ypldap ?
Per ypldap.conf(5): The currently
I'm used to generate RSA certificates for httpd(8) simply by following
the GENERATING RSA SERVER CERTIFICATES FOR WEB SERVERS section in the
manpage for ssl(8) and then setting httpd_flags=-DSSL in
/etc/rc.conf.local. A few changes in /var/www/conf/httpd.conf and I'm
done. Up and go.
But how to
On Wed, Apr 09, 2014 at 03:25:25AM BST, Erling Westenvik wrote:
SSL received a record that exceeded the maximum permissible
length. (Error code: ssl_error_rx_record_too_long) (Firefox)
That may have something to do with the way you have configured TLS (i.e.
version) either under
On Tue, Apr 8, 2014 at 7:35 PM, Donovan Watteau tso...@gmail.com wrote:
Hello,
We'd like to deploy OpenBSD on some Dell C5220 and Dell C6220 servers,
for a high-traffic website.
However, the C5220 has some unconfigured components in dmesg [1], and
the C6220 has even more of them [2].
Are
61 matches
Mail list logo