..and a way to have it revert in 2 minutes unless the operator does
, for the times when you cut off the branch you are sitting on.
2014-04-09 23:55 GMT+02:00 Adam Thompson :
> I should add that once using source control abs a script to manage edits
> to pf.conf, it is easy to use at(1) to simu
On Wed, Apr 9, 2014 at 10:25 PM, Theo de Raadt wrote:
> > The problem with that as I see it is that people will complain about
> > not being able to donate to a specific subset of the project. As
> > with OpenSSH in the past and probably present. The same way many
> > complained before the foundat
> The problem with that as I see it is that people will complain about
> not being able to donate to a specific subset of the project. As
> with OpenSSH in the past and probably present. The same way many
> complained before the foundation existed about paying Theo's power
> bill and humble salary.
On Wed, Apr 9, 2014 at 8:44 PM, Ralph W Siegler wrote:
> Stuart Henderson spacehopper.org> writes:
>
> >
> > On 2014-04-09, sven falempin gmail.com> wrote:
> > > i which this : https://polarssl.org was open and inside the base
> >
> > You can wish, but that is commercial+GPL code so OpenBSD can'
On 2014-04-10 01:16, Giancarlo Razzolini wrote:
> Em 10-04-2014 00:43, Hugo Osvaldo Barrera escreveu:
> > Hi,
> >
> > I've having this extremely wierd issue.
> > My hostname is elysion.barrera.io. When I try to ping, curl, or something
> > alike aDomainIReallySureDoeNotExist.com, it pings/curls/wha
Em 10-04-2014 00:43, Hugo Osvaldo Barrera escreveu:
> Hi,
>
> I've having this extremely wierd issue.
> My hostname is elysion.barrera.io. When I try to ping, curl, or something
> alike aDomainIReallySureDoeNotExist.com, it pings/curls/whatever
> my local domain. Maybe an example can me clearer:
>
Stuart Henderson spacehopper.org> writes:
>
> On 2014-04-09, sven falempin gmail.com> wrote:
> > i which this : https://polarssl.org was open and inside the base
>
> You can wish, but that is commercial+GPL code so OpenBSD can't use it in base.
What I would wish for is the OpenSSH project to
Hi,
I've having this extremely wierd issue.
My hostname is elysion.barrera.io. When I try to ping, curl, or something
alike aDomainIReallySureDoeNotExist.com, it pings/curls/whatever
my local domain. Maybe an example can me clearer:
# ping adsfsdgasdadsfasfsdfasdf.net
PING elysion.barrera.io
>> Maybe the OpenSSH community needs to get involved, so that we can
>> get work done :-) ?
>
>I think "getting involved" will be a matter of us acting unilaterally
>and just committing support for the new SSHFP code point.
If that is what it takes to reserve a number these days...
It has been do
On Wed, 9 Apr 2014, Loganaden Velvindron wrote:
> Maybe the OpenSSH community needs to get involved, so that we can
> get work done :-) ?
I think "getting involved" will be a matter of us acting unilaterally
and just committing support for the new SSHFP code point.
-d
The server is back online syncing, sorry the delay.
--
Sending from my pocket toaster...
Hi folks
I have been recently playing with OpenBSD.
I am very impressed with the whole experience, great job people !!
I am using an HP nc6320 Laptop.
Quite often, I get an error similar to this with amd64 5.4 and 5.5
acpitz3: critical temperature exceeded 3786C, shutting down
For me it was a n
I should add that once using source control abs a script to manage edits to
pf.conf, it is easy to use at(1) to simulate Juniper's "commit confirmed"
feature, adding another level of safety.
-Adam
On April 9, 2014 7:50:14 AM CDT, Giancarlo Razzolini
wrote:
>Em 09-04-2014 06:31, Stuart Henderso
On 2014-04-09, Theo de Raadt wrote:
>>Is there any special reason why there is no /etc/malloc.conf by
>>default (linking to, say, 'S') then?
>
> Yes, there's a real good reason -- too much portable software
> breaks.
No, the performance impact of the stricter malloc options means
that developers
Em 09-04-2014 14:29, Theo de Raadt escreveu:
> Alternatively, come to a realization that SSH is not controlled by the
> IETF.
Let's be honest. Although SSHFP records are a great thing, very few
system administrators use it. I use it myself. But only in my internal
network and in my own resolver (u
> Le 2014-04-09 12:47, Loganaden Velvindron a écrit :
> > This situation is rather unusual, and that makes me wonder what's
> > exactly going on there, as I believe that we've done our homework
> > correctly.
>
> UNUSUAL??? The IETF is notorious for its incredible delays. The
> situation is typic
Le 2014-04-09 12:47, Loganaden Velvindron a écrit :
> This situation is rather unusual, and that makes me wonder what's
> exactly going on there, as I believe that we've done our homework
> correctly.
UNUSUAL??? The IETF is notorious for its incredible delays. The
situation is typical IMHO.
Nobo
Hi All,
I've been working on a diff to get SSHFP support for ed25519 in OpenSSH.
SM has been working through the IETF process to obtain the SSHFP RR Type
number.
Despite getting "rough consensus", we still haven't heard anything from the
IETF Security Directors for the draft. SM sent a mail aski
On 9 April 2014 12:24, Fil Di Noto wrote:
> Is there any hope of OpenBSD running on IBM Power hardware (System P,
> LPAR) in the future?
>
> I've recently been working with this hardware and it's pretty amazing.
> I can't speak to its future market share but there seems to be a lot
> of propaganda
Is there any hope of OpenBSD running on IBM Power hardware (System P,
LPAR) in the future?
I've recently been working with this hardware and it’s pretty amazing.
I can't speak to its future market share but there seems to be a lot
of propaganda from IBM regarding “Linux on Power” which suggests to
>Theo de Raadt wrote:
>>Some other debugging toolkits get them too. To a large extent these
>>come with almost no performance cost.
>
>Is there any special reason why there is no /etc/malloc.conf by
>default (linking to, say, 'S') then?
Yes, there's a real good reason -- too much portable softwar
On Wed, Apr 09, 2014 at 11:49:56AM -0400, Philippe Meunier wrote:
> Theo de Raadt wrote:
> >Some other debugging toolkits get them too. To a large extent these
> >come with almost no performance cost.
>
> Is there any special reason why there is no /etc/malloc.conf by
> default (linking to, say,
Theo de Raadt wrote:
>Some other debugging toolkits get them too. To a large extent these
>come with almost no performance cost.
Is there any special reason why there is no /etc/malloc.conf by
default (linking to, say, 'S') then?
Philippe
> I took the heartbleed bug as a pretext to redo my entire PKI, and
> while reading openssl's man page, I have a couple of doubts regarding
> the sample configuration file on the CA EXAMPLE section:
>
> RANDFILE = $dir/private/.rand
> ...
> default_md = md5
>
> I don't know enough about SSL to be
Hi folks,
i am trying to get my ypldap working with a single user entry in passwd
comeing from the ldap directory.
I changed the passwd file (using vipw) and add the following line:
+grios:*
When i issue a "id grios" on command line, i get:
obsd# id grios
uid=2000(grios) gid=2000(ord)
Em 09-04-2014 05:02, nobody escreveu:
> Perfect Forward Secrecy by default? Is it on in OpenBSD?
I use httpd and with the default configuration it uses PFS by default,
if you just enable ssl and setup the cert and key. But it allows any
cipher, so an old browser or a client that does not support it
Em 09-04-2014 06:31, Stuart Henderson escreveu:
> On 2014-04-08, Giancarlo Razzolini wrote:
> If you're going to script this, you could have it make a copy of the
> file and work on that, so an unexpected reboot won't leave you with a
> pf.conf that may have errors.
>
> For even more safety, you c
Hi folks,
I have implemented ypldap and it is working quite well. But i am having a
hard time getting netgroups to work locally.
In my user database i have adding the following entry using vipw:
+@we:*/bin/ksh
My netgroup file is:
we (,grios,mojave)
When i issue a finger command, it w
On Wed, Apr 09, 2014 at 04:01:07AM +0100, Raf Czlonka wrote:
> That may have something to do with the way you have configured TLS (i.e.
> version) either under 'nginx' or 'Firefox'[0].
Thanks. I should probably have mentioned that I got the same error (ssl
handshake failed) in xombrero and luakit
Hi all
I took the heartbleed bug as a pretext to redo my entire PKI, and
while reading openssl's man page, I have a couple of doubts regarding
the sample configuration file on the CA EXAMPLE section:
RANDFILE = $dir/private/.rand
...
default_md = md5
I don't know enough about SSL to be sure abou
2014-04-09 11:31 GMT+02:00 Stuart Henderson :
>
>
> Hmm.. It is often fairly quick to pick up rules which over-block (though
> problems with jobs which only occur weekly or monthly can take a while to
> track down, and also there are situations where you won't notice a
> problem until all firewall
On 2014-04-08, Giancarlo Razzolini wrote:
> I find it very useful using a very simple script I created that:
> 1) Opens up /etc/pf.conf using whatever editor is in $EDITOR
> 2) After you save it, it uses pfctl -nf to check pf.conf syntax
> 3) If you made a mistake, it warns you and
On 2014-04-09, Florenz Kley wrote:
> hello misc,
>
> can anyone please help me with a pointer:
>
> two hosts have one interface each configured on the same subnet (.1 and .2),
> and also have a carp interface (.3) using the interfaces as carpdev. No load
> balancing is configured.
>
> Is there m
On 2014-04-09, sven falempin wrote:
> i which this : https://polarssl.org was open and inside the base
You can wish, but that is commercial+GPL code so OpenBSD can't use it in base.
https://en.wikipedia.org/wiki/Secure_Transport#Overview
Though I wonder how many OpenSSL premium support customer
On Apr 9, 2014, at 08:39, Janne Johansson wrote:
> If you want the slave machine (the one currently not winning the carp
> elections) to be able to send traffic (logs, mail, respond to monitoring and
> so on), you want local traffic to be originating from the interface IP and
> not the carp ip.
Perfect Forward Secrecy by default? Is it on in OpenBSD?
On Wed, Apr 9, 2014 at 9:07 AM, David Coppa wrote:
> On Tue, Apr 8, 2014 at 9:40 PM, Theo de Raadt
> wrote:
>
> > OpenSSL is not developed by a responsible team.
>
> And on twitter and google+ I've seen a lot of people who believe that
>
* Chris Cappuccio [2014-01-18 21:25]:
> Mike, [...], You were henning's roommate
err, no.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Co
On Tue, Apr 8, 2014 at 9:40 PM, Theo de Raadt wrote:
> OpenSSL is not developed by a responsible team.
And on twitter and google+ I've seen a lot of people who believe that
OpenSSL is an OpenBSD project :(
38 matches
Mail list logo