On December 11, 2015 1:27:52 AM GMT+01:00, Stuart Henderson
wrote:
>On 2015-12-10, Stefan Wollny wrote:
>> YES: I did 'bioctl -C force -c C -l /dev/sd0d -k /dev/sd1d softraid0'
>> YES: I did again 'sh ./MAKEDEV all' to catch the newly created sd2
>
>In the above step, you have run yourself out
On Thu, Dec 10, 2015 at 07:33:57PM -0500, trondd wrote:
On Thu, December 10, 2015 6:35 pm, Stefan Wollny wrote:
YES: I did 'disklabel -E sd0' and 'disklabel -E sd1' accordingly,
setting every partition to type RAID
How many partitions are you making on sd0? For FDE, typically you make
one par
On Fri, Dec 11, 2015 at 09:53:48AM +0100, Alexander Hall wrote:
> On December 11, 2015 1:27:52 AM GMT+01:00, Stuart Henderson
> wrote:
> >On 2015-12-10, Stefan Wollny wrote:
>
> >> YES: I did 'bioctl -C force -c C -l /dev/sd0d -k /dev/sd1d softraid0'
> >> YES: I did again 'sh ./MAKEDEV all' to
On 8 December 2015 at 19:26, Anthony J. Bentley wrote:
> Giancarlo Razzolini writes:
>> One of the main benefits of the TLS wouldn't only be to render
>> impossible for anyone to know which pages you're accessing on the site,
>> but also the fact that we would get a little more security getting th
On 11 December 2015 at 05:51, Andy Bradford
wrote:
> If one wants privacy on a website then more is required than just HTTPS.
>
Right. *I* just want a reasonable (256-bit) guarantee that the signify keys
on my screen are the ones the OpenBSD authors intended me to see.
I currently just assume t
On Fri, Dec 11, 2015 at 11:58:17AM +0100, Thijs van Dijk wrote:
> On 11 December 2015 at 05:51, Andy Bradford
> wrote:
>
> > If one wants privacy on a website then more is required than just HTTPS.
> >
>
> Right. *I* just want a reasonable (256-bit) guarantee that the signify keys
> on my screen
On Fri, Dec 11, 2015 at 11:58:17AM +0100, Thijs van Dijk wrote:
On 11 December 2015 at 05:51, Andy Bradford
wrote:
If one wants privacy on a website then more is required than just HTTPS.
Right. *I* just want a reasonable (256-bit) guarantee that the signify keys
on my screen are the ones t
On Thu, Dec 10, 2015 at 07:33:57PM -0500, trondd wrote:
On Thu, December 10, 2015 6:35 pm, Stefan Wollny wrote:
YES: I did 'disklabel -E sd0' and 'disklabel -E sd1' accordingly,
setting every partition to type RAID
How many partitions are you making on sd0? For FDE, typically you make
one par
"Constantine A. Murenin" writes:
> On 8 December 2015 at 19:26, Anthony J. Bentley wrote:
> > Giancarlo Razzolini writes:
> >> One of the main benefits of the TLS wouldn't only be to render
> >> impossible for anyone to know which pages you're accessing on the site,
> >> but also the fact that we
> The official CD set contains the signify keys for that release and the
> next one. Once you have a known good copy of one set, you can always obtain
> future ones securely.
>
> You don't even need to use the CD set to install, just as a way of obtaining
> the signify keys with a high degree of c
On 11 December 2015 at 12:28, Stefan Sperling wrote:
> I would consider signify keys printed on CDs and copied across several
> web sites safer than trusting the hundreds of CA certs shipped with a
> standard web browser.
On 11 December 2015 at 12:35, Tati Chevron wrote:
> The official CD set
On Fri, Dec 11, 2015 at 12:58:38PM +0100, Kamil Cholewi??ski wrote:
This is the real thing bothering me. I don't even have a CD drive
available, and I was about to ask if it would be possible to get the
signify keys via paper mail in exchange for a donation.
The official CDs have the signify ke
On Fri, Dec 11, 2015 at 04:37:39AM -0700, Anthony J. Bentley wrote:
Why even bring up OpenBSD 2.3? Anyone running that 19 years after its
release has much bigger problems than not being able to connect to
www.openbsd.org.
I must admit that since gopher://openbsd.org shut down, and tenex support
On 11 December 2015 at 13:10, Tati Chevron wrote:
> In either case, I'd be willing to put my money where my mouth is.
>> Whom do I contact about running a site mirror?
>>
>
> Why would we trust your mirror?
Touché.
On Fri, Dec 11, 2015 at 12:48:19PM +0100, Thijs van Dijk wrote:
I'm saying I shouldn't *have* to rely on snail-mailed physical media. We,
as a species, have thought of a solution to this problem long ago.
I agree in principle that we shouldn't have to rely in physical media to
obtain the keys w
Hello,
I just upgraded amd64 via bsd.rd snapshot to 5.8 GENERIC.MP#1737 amd64
after sysmerge
during pkg_add -ui -F update -F updatedepends
I got quirks-2.167 signed on 2015-12-10T00:43:20Z
Can't install dovecot-2.2.19p0 because of libraries
|library crypto.36.1 not found
| /usr/lib/libcrypto.so.
> The official CDs have the signify key physically printed on them.
You press a new CD, print a new cover, etc.
> If you want to rely on third parties, I can send you a copy of the
> signify keys, signed by my PGP key. How would that help you at all?
Sounds reasonable to me.
On Fri, Dec 11, 2015 at 01:28:04PM +0100, Kamil Cholewi??ski wrote:
The official CDs have the signify key physically printed on them.
You press a new CD, print a new cover, etc.
...and intercept the package being delivered to you?
Yes, it's possible, but somebody who had the resources to go
On 11 December 2015 at 13:17, Tati Chevron wrote:
> Would you really trust HTTPS more than a physical CD being mailed to
> you???
Yes.
Both provide some level of accountability, however with PKI you explicitly
trust a limited (though big) numer of third parties to do their job
properly, and in
> Gesendet: Freitag, 11. Dezember 2015 um 11:33 Uhr
> Von: "Stefan Sperling"
> An: "Alexander Hall"
> Cc: "Stuart Henderson" , misc@openbsd.org
> Betreff: Re: NOT POSSIBLE: Fully encrypted system with keydisk
>
> On Fri, Dec 11, 2015 at 09:53:48AM +0100, Alexander Hall wrote:
> > On December 11,
On 11 December 2015 at 13:51, Tati Chevron wrote:
> ...and intercept the package being delivered to you?
>
> Yes, it's possible, but somebody who had the resources to go to that
> extreme, and a motive to single you out as a target, would presumably
> have other ways to invade your privacy and in
On Fri, Dec 11, 2015 at 01:53:04PM +0100, Thijs van Dijk wrote:
On 11 December 2015 at 13:17, Tati Chevron wrote:
Would you really trust HTTPS more than a physical CD being mailed to
you???
Yes.
Both provide some level of accountability, however with PKI you explicitly
trust a limited (tho
On 11 December 2015 at 05:37, Anthony J. Bentley wrote:
> "Constantine A. Murenin" writes:
>> On 8 December 2015 at 19:26, Anthony J. Bentley wrote:
>> > Giancarlo Razzolini writes:
>> >> One of the main benefits of the TLS wouldn't only be to render
>> >> impossible for anyone to know which page
On 11 December 2015 at 14:16, Tati Chevron wrote:
> But even if PKI were actively on fire at the moment (which it is not),
>> what's wrong with doing both?
>>
>
> Basically the gain verses the effort and resources expended.
>
> I agree that there is a value in distributing keys and source code in
On 11 December 2015 at 02:58, Thijs van Dijk wrote:
> On 11 December 2015 at 05:51, Andy Bradford
> wrote:
>
>> If one wants privacy on a website then more is required than just HTTPS.
>>
>
> Right. *I* just want a reasonable (256-bit) guarantee that the signify keys
> on my screen are the ones t
It was the root cause of problem.
When I downloaded release tarball instead of something from
git.gnome.org it compiled successfully.
Thanks for help.
Od: "Callum Davies"
Do: "Lampshade" ;
Wysłane: 17:31 Niedziela 2015-12-06
Temat: Re: I have problem compiling libgdamm
> I'm running current amd6
On Fri, Dec 11, 2015 at 01:18:55PM +0100, Stefan Wollny wrote:
> OK - follow up problem: After the installation on /dev/sd3 (plus setting up
> /dev/sd4 for /home) I did not reboot but run installboot(8) like so:
> # /usr/sbin/installboot sd3
>
> This last produced an error message about /usr/mdec
Em 10-12-2015 20:03, Christian Weisgerber escreveu:
> The true elephant in the room is that I can't get the current OpenBSD
> source tree securely. (Well, _I_ can if push comes to shove, but
> the general user community can't.) CVSync? No integrity or
> authenticity. AnonCVS over SSH? Nope, no
> Gesendet: Freitag, 11. Dezember 2015 um 14:52 Uhr
> Von: "Stefan Sperling"
> An: "Stefan Wollny"
> Cc: misc@openbsd.org
> Betreff: Re: NOT POSSIBLE: Fully encrypted system with keydisk
>
> On Fri, Dec 11, 2015 at 01:18:55PM +0100, Stefan Wollny wrote:
> > OK - follow up problem: After the insta
On Fri, Dec 11, 2015 at 7:10 AM, Tati Chevron wrote:
> Why would we trust your mirror?
A couple things to keep in mind here:
(1) Security can never be perfect.
(2) Security does not have to be perfect.
(That said... sometimes traditional computer security seems like
people are trying to put ban
Hi,
On Fri, Dec 11, 2015, at 23:39, Raul Miller wrote:
> On Fri, Dec 11, 2015 at 7:10 AM, Tati Chevron
> wrote:
> > Why would we trust your mirror?
>
> A couple things to keep in mind here:
>
> (1) Security can never be perfect.
> (2) Security does not have to be perfect.
>
And here's a kind
Em 11-12-2015 09:28, Stefan Sperling escreveu:
> I would consider signify keys printed on CDs and copied across several
> web sites safer than trusting the hundreds of CA certs shipped with a
> standard web browser.
Didn't we just established that with HPKP you can disregard the CA
completely? At
On Fri, Dec 11, 2015 at 03:30:04PM +0100, Stefan Wollny wrote:
Gesendet: Freitag, 11. Dezember 2015 um 14:52 Uhr
Von: "Stefan Sperling"
An: "Stefan Wollny"
Cc: misc@openbsd.org
Betreff: Re: NOT POSSIBLE: Fully encrypted system with keydisk
On Fri, Dec 11, 2015 at 01:18:55PM +0100, Stefan Wolln
On Fri, Dec 11, 2015 at 03:30:04PM +0100, Stefan Wollny wrote:
> I run the command like you adviced and no error message showed up.
>
> So far, so good - unfortunatelly the system still does not boot after the
> 'reboot'. Still stops at the manufacturers splash screen not recognizing any
> stora
Hi Everyone,
Im a Linux user (Slackware) and now i decided to try OpenBSD as my main
OS on my laptop, the only thing that i couldn't solve is to make my Wifi
card works on OpenBSD.
It's a Realtek RTL8191SE PCI. I tried to compile Linux Driver with no
success and there is no ndiswrapper sub
On 2015-12-11, Constantine A. Murenin wrote:
> On 11 December 2015 at 02:58, Thijs van Dijk wrote:
>> On 11 December 2015 at 05:51, Andy Bradford
>> wrote:
>>
>>> If one wants privacy on a website then more is required than just HTTPS.
>>>
>>
>> Right. *I* just want a reasonable (256-bit) guaran
Wait and try again, or build it yourself from ports. If you want to avoid this
happening, watch out for commits to shlib_version files and hold off on updating
for a couple of days.
On 2015-12-11, Jiri Navratil wrote:
> Hello,
>
> I just upgraded amd64 via bsd.rd snapshot to 5.8 GENERIC.MP#1737
On 2015-12-11, Stefan Wollny wrote:
> @stuart: dd fails with "file system ist full \ dd: /dev/rsd3c: No space left
> on device"
Guessing that you didn't create the sd3 device nodes before doing the dd.
At this point you probably have a file (not device node) named /dev/rsd3c.
Hello,
I have troubles understanding the interpretation of $ORIGIN on
OpenBSD. I'm switching to OpenBSD from Linux, so I may be biased in my
assumptions.
I built a program (python in this example) with the following ld parameters:
-Wl,origin,z
-Wl,rpath,'$ORIGIN/../lib'
I can then check that th
On Fri, Dec 11, 2015 at 01:38:24PM -0200, Luiz Moraes wrote:
> Hi Everyone,
> Im a Linux user (Slackware) and now i decided to try OpenBSD as my main
> OS on my laptop, the only thing that i couldn't solve is to make my Wifi
> card works on OpenBSD.
> It's a Realtek RTL8191SE PCI. I tried
Hi Stefan,
I already downloaded from http://firmware.openbsd.org/firmware/5.8/ the
firmwares *rtwn*, *rsu and* u*rtwn *and installed them all with *fw_update*,
later i restarted the laptop but the status on *dmesg *is the same.
I really would like to can keep OpenBSD as the main OS, but ma
Hi Everybody,
After upgraded from snapshots/amd64 12/09/2015 (previous was
12/04/2015), Puffy is blurred on xdm login screen (like [1]).
Puffy (/etc/X11/xdm/pixmaps/OpenBSD_15bpp.xpm) displayed in feh is fine
[2], while in eog is blurred [1].
Pictures/thumbnails displayed and all icon butto
Just found I can set LD_DEBUG to see the full translation process of ld.so.
This seems to confirm what I've seen in the source: ld.so uses cwd
instead of process file location for $ORIGIN interpolation.
$ mkdir -p /tmp/dummy/working/directory
$ cd /tmp/dummy/working/directory
$ which python
/hom
One question. Is it the only way to re-key the iked process when it
reach it's 3 hours usage and/or the 500 Mb data exchange to restart a
new process?
Isn't it possible to kill the old one then that is not use anymore and
stop having some routing problem that may be cause by it.
I collect a HUGE
On 12/11/15 12:11 PM, Daniel Ouellet wrote:
> One question. Is it the only way to re-key the iked process when it
> reach it's 3 hours usage and/or the 500 Mb data exchange to restart a
> new process?
>
> Isn't it possible to kill the old one then that is not use anymore and
> stop having some rou
On Fri, Dec 11, 2015 at 02:37:54PM -0200, Luiz Moraes wrote:
> Hi Stefan,
> I already downloaded from http://firmware.openbsd.org/firmware/5.8/ the
> firmwares *rtwn*, *rsu and* u*rtwn *and installed them all with *fw_update*,
> later i restarted the laptop but the status on *dmesg *is the same
On Fri, Dec 11, 2015 at 05:44:36PM +0100, Stefan Wollny wrote:
> fdisk(25692): syscall 54 "ioctl"
> Abort trap
> > disklabel sd3
> disklabel(3120): syscall 54 "ioctl"
> Abort trap
This is obviously not quite right.
It looks like you're using a snapshot with a pledge(2) bug.
What snapshot are yo
Stefan,
Thank you very very much for your attention. When i grow up, i would
like to be like you =P. Unfortunatelly I don't program anymore, to get the
knowledge to do this i'll spend a lot of time, but it's my intention to
come back to study computer programming and maybe in a future helps the
I agree, but no one mentioned DANE, I think that's the future and the
way to go. With DANE in theory you wouldn't need a CA. I think it's an
excellent way to establish authenticity of your content. Problem is that
no browser supports it by default, and DNSsec use is marginal.
Regards,
Giancarlo R
> Just found I can set LD_DEBUG to see the full translation process of ld.so.
> This seems to confirm what I've seen in the source: ld.so uses cwd
> instead of process file location for $ORIGIN interpolation.
^
What is that? Generally Unix has no way of doing this
Hello !
As workaround you could look - for example - at the following USB WiFi
adapter.
TP-LINK WN725NN (should be that model but I am not 100% sure)
Edimax EW-7811Un
Booth work (not perfect) with urtwn. I had to many WiFi networks
around me so, I switched back to a Android tablet and use USB
te
I have been an Emac user for 20 plus years, and I often look at mg to replace
it.
The functionality of mg is getting close.
To get some degree of programmability, I suggest that you could implement
Emac's "name-last-kbd-macro"
then allow one to bind that named-kbd-macro to a key.
To be really use
> Kevin Chadwick writes:
> > The cvs page fingerprint page could be https enabled, however you can
> > use googles cache over https, also buy a CD to help the project greatly
> > would do far more for world security than TLS everywhere and even look
> > at mailing list archives over https as a web
On Fri, Dec 11, 2015 at 10:18 AM, Theo de Raadt wrote:
>> Just found I can set LD_DEBUG to see the full translation process of ld.so.
>> This seems to confirm what I've seen in the source: ld.so uses cwd
>> instead of process file location for $ORIGIN interpolation.
>
> glibc on
> Linux does readlink("/proc/self/exe") and if that fails and the
> process trusts its environment** then it falls back to the
> LD_ORIGIN_PATH environment variable. $ORIGIN then expands to
> dirname() of that.
This is also what musl-libc do, except that it does not bother trying
somet
Kevin Chadwick writes:
> What is your problem with it, there are many VPN services promoted
> precisely for this issue as it completely rather than partially stops
> ISP's monitoring traffic like TalkTalks homesafe service that is
> likely hackable itself.
Why encrypt anything? Just run it through
Am 12/11/15 um 18:34 schrieb Stefan Sperling:
On Fri, Dec 11, 2015 at 05:44:36PM +0100, Stefan Wollny wrote:
fdisk(25692): syscall 54 "ioctl"
Abort trap
disklabel sd3
disklabel(3120): syscall 54 "ioctl"
Abort trap
This is obviously not quite right.
It looks like you're using a snapshot wit
> > It would be that or
> > have the kernel store the whole path for the life of the process for
> > obtaining with sysctl()
>
> That would be great. ps and top would be able to display the path too,
> pretty handy.
How did people get by without needing this in the last three decades?
> On Fri, Dec 11, 2015 at 10:18 AM, Theo de Raadt
> wrote:
> >> Just found I can set LD_DEBUG to see the full translation process of ld.so.
> >> This seems to confirm what I've seen in the source: ld.so uses cwd
> >> instead of process file location for $ORIGIN interpolation.
> > ^^^
Gesendet von meinem BlackBerry 10-Smartphone.
Originalnachricht
On Sat, Dec 12, 2015 at 12:27:46AM +0100, Stefan Wollny wrote:
> Am 12/11/15 um 18:34 schrieb Stefan Sperling:
> >On Fri, Dec 11, 2015 at 05:44:36PM +0100, Stefan Wollny wrote:
> >>fdisk(25692): syscall 54 "ioctl"
> >>Abort trap
>
On Sat, Dec 12, 2015 at 12:27:46AM +0100, Stefan Wollny wrote:
> Am 12/11/15 um 18:34 schrieb Stefan Sperling:
> >On Fri, Dec 11, 2015 at 05:44:36PM +0100, Stefan Wollny wrote:
> >>fdisk(25692): syscall 54 "ioctl"
> >>Abort trap
> >>> disklabel sd3
> >>disklabel(3120): syscall 54 "ioctl"
> >>Abor
On Sat, Dec 12, 2015 at 12:51:33AM +0100, Stefan Wollny wrote:
>
>
> Gesendet??von??meinem??BlackBerry??10-Smartphone.
> ?? Originalnachricht ??
> ???On Sat, Dec 12, 2015 at 12:27:46AM +0100, Stefan Wollny wrote:
> > Am 12/11/15 um 18:34 schrieb Stefan Sperling:
> > >On Fri, Dec 11, 2015 at 05:44
When you remove code, it's easy to forget function declarations.
That made me wonder how many orphan prototypes there are that refer
to functions that no longer exist.
There is an intriguing gcc option. I'll quote its description in
full, from the info manual:
`-aux-info FILENAME'
Output to
On Sat, Dec 12, 2015 at 12:27:46AM +0100, Stefan Wollny wrote:
> Am 12/11/15 um 18:34 schrieb Stefan Sperling:
> >On Fri, Dec 11, 2015 at 05:44:36PM +0100, Stefan Wollny wrote:
> >>fdisk(25692): syscall 54 "ioctl"
> >>Abort trap
> >>> disklabel sd3
> >>disklabel(3120): syscall 54 "ioctl"
> >>Abor
I recently picked up a few PCI serial port cards from the junk pile at
work. My intent is to put one in my soon-to-be-retired Soekris net5501
and install OpenBSD on it to turn it into an 8 port terminal switch.
I tried the cards in a different PC just to see if they would work.
Unfortunately, no
Hello !
If the message is not correct formated, I am sorry (SquirrelMail from my
provider is not available at the moment).
I tried the latest snapshot #1740 from today on a MacBook Pro 9,1 (mid
2012, the last one with optical drive and without Retina display).
Boot from USB worked, installe
I sure hope this will help.
***Setup***
Two server on 5.8. Establish VPN with IKEDv2. One side active, one side
passive. Use rsa keys, or pass phrase if you like.
Active side:
# cat /etc/iked.conf
ikev2 Ouellet active from re0 to 66.63.5.250 from 66.63.50.16/28 to
0.0.0.0/0 peer 66.63.5.250
Pass
67 matches
Mail list logo
