shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Thanks.
Le 2016-10-18 10:35, Peter Janos a écrit :
shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.
On 10/18/2016 10:41 AM, Solène Rapenne wrote:
> Le 2016-10-18 10:35, Peter Janos a écrit :
>> shouldn't the default be "no" for the AllowTcpForwarding? Why is an
>> insecure option "yes" by default?
>>
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshow
down-exploitation
sometimes I send mails in HTML format, sorry for that, mail.com has this by
default..
so the PDF also states that the "admin" user had /sbin/nologin for shell
--
http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5
AllowTcpForwarding
Specifies whether TCP forwarding is p
On 10/18/2016 10:56 AM, Peter Janos wrote:
> sometimes I send mails in HTML format, sorry for that, mail.com has this by
> default..
>
> so the PDF also states that the "admin" user had /sbin/nologin for shell
>
> --
> http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5
...
having the username for password is yes, almost the biggest retarded idiotism
in 2016, but disabling AllowTcpForwarding by default could help a little and a
little in this case is big.
I hope this admin user doesn't have permission to change shell, etc.. And in
this general case (iot) , they have
Have you tried disabling USB3 in the BIOS?
Forcing USB2.0 helped with similar problems on my Thinkpad.
> On 18 Oct 2016, at 07:18, Daniel Cavanagh
wrote:
>
> Hiya
>
> I'm having trouble getting my USB mouse to work in the latest snapshots.
> Unless my memory is faulty, this mouse used to work on
Thanks for your remarks Anton (below).
What Anton said leads to an interesting question, which is, what
characteristics does a program have to have to be sink-proof?
This is interesting to know for the design of a "supervisory program"
whose only function is to check that another program is
On 2016-10-17, Karel Gardas wrote:
> 1) use machine with proper ECC support
> 2) man sendbug -- and following it report your OpenBSD kernel misbehavior
This can be a hard thing to report.
When the machine totally locks up, it is very difficult to get the information
needed to make a bug report,
> This is an ARM SBC, it has no BMC and AFAIK no watchdog or other timer
> that can be programmed to cause a reboot, if you are aware of anything
> like that on ARM SBC:s let me know?
Watchdog timers are a somewhat common feature for SoCs designed for embedded
use. Look up the reference manual for
> shouldn't the default be "no" for the AllowTcpForwarding? Why is an
> insecure option "yes" by default?
> https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
> Thanks.
>
this comes up post-au
On 2016-10-18, "Peter Janos" wrote:
> so having AllowTcpForwarding=NO would help.
>
> Why is it yes by default? someone requested it to be yes? does anybody know?
It has always been like this. OpenSSH inherited it from Ylønen-SSH.
In the beginning, OpenSSH didn't even have a configuration opti
wow, thanks for the reply!
"At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server."
was this fixed meanwhile?
Sent: Tuesday, October 18, 2016 at 5:01 PM
From: "Christian Weisg
I bought this 128GB flash about two months ago.
I installed i386 -current on it, but had horribly slow everything.
The i386 machine was very old, so I wrote it off ass maybe the machine.
Here I have a "newer" amd64. So I installed a much newer version of
amd64 -current.
Same issues.
I also get a m
Hi everyone,
I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for
adding support for this arch. After 6 months this got all the way to their
Director of the Power(8) Ecosystem & Alliances, that is the highest
executive for the whole arch. Just right now, she's asking for a moti
On 18/10/16 19:35, Mikael wrote:
Hi everyone,
I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for
adding support for this arch. After 6 months this got all the way to their
Director of the Power(8) Ecosystem & Alliances, that is the highest
executive for the whole arch. Just
2016-10-19 0:48 GMT+08:00 Kapetanakis Giannis :
>
> pf, relayd, bgpd ;)
>
> G
>
> ps. after the unlocking
>
Giannis, this is too little info to be useful.
Please describe the practical and technical utility and value, the
organization/social context, scope, duration, anything that is relevant to
Well personally I don't think the matter concern me since I don't handle any
server.
But I would love to use power8 PC as a desktop or laptop with OpenBSD. (If that
becomes a possibility in the future)
The main reason is security. I don't trust Intel close source firmware etc
On Oct 18, 2016 7:3
misc never fails to deliver
> Well personally I don't think the matter concern me since I don't handle any
> server.
> But I would love to use power8 PC as a desktop or laptop with OpenBSD. (If
> that becomes a possibility in the future)
> The main reason is security. I don't trust Intel close
Hello,
I post here following the advice of jggimi, from
http://daemonforums.org.
I bought a small PC Engines APU2C4 [1][2] with the wle200nx wireless
module [3][4]. I installed OpenBSD 6.0 without any problems but I have
an issue with the wireless module : the "link" is very slow when I
successf
On Wed, Oct 19, 2016 at 12:35:13AM +0800, Mikael wrote:
> Hi everyone,
>
> I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for
> adding support for this arch. After 6 months this got all the way to their
> Director of the Power(8) Ecosystem & Alliances, that is the highest
> e
Mikael wrote:
Please describe the practical and technical utility and value, the
organization/social context, scope, duration, anything that is relevant to
motivate them.
Mikael, thanks for urging IBM to support OpenBSD. I've been urging them to do
so for about 15 years, good luck!
OpenBSD p
Chris Bennett wrote:
Does anyone need a Power8?
Chris, this is the hottest high-end server in the IBM universe today.
It runs Linux, AIX and IBM i (OS/400). They are very widely in use deep under
many organizations.
IBM is currently energetically supporting Open Source development (as their
On 10/17/2016 22:47, Tinker wrote:
[...]
If you have any thought about how make that happen feel free to share.
Anyhow in the absence of any such logic, just doing a
hardware reset is fine, it's just a bit constrained as
it comes without automated reporting&recording that
could be used to dist
Chris Bennett wrote:
Asking about what apps someone would run is a legitimate question.
Mikael, most Linux apps port to most OpenBSD flavors. Probably much of the
OpenBSD ports
tree could easily be converted to a prospective little-endian Power8 OpenBSD.
The very popular
(in the IBM i world)
On 2016-10-18 12:43, Jack J. Woehr wrote:
Routing, firewalling, DMZing, net address translation, OpenSSL,
LibreSSL. :-)
--
Matthew Weigel
hacker
unique & idempot . ent
Matthew Weigel wrote:
On 2016-10-18 12:43, Jack J. Woehr wrote:
Routing, firewalling, DMZing, net address translation, OpenSSL,
LibreSSL. :-)
My apologies, I sit corrected.
--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way o
On Tue, Oct 18, 2016 at 11:48:04AM -0600, Jack J. Woehr wrote:
> Chris Bennett wrote:
> >Does anyone need a Power8?
>
> Chris, this is the hottest high-end server in the IBM universe today.
>
> It runs Linux, AIX and IBM i (OS/400). They are very widely in use deep under
> many organizations.
>
Hi all,
thanks for all the suggestions. However it turned out that all I needed to do
was to add
domain-insecure: "my.domain"
to unbound.conf so that unbound would ignore the lack of DNSSEC of my internal
domain. I have not paid much attention to DNSSEC until now, but it seems I may
need to.
Today I found some hardware I forgot to rma a few months ago.
I'd be happy to donate it to the project if anyone can use it. Nothing
special.
2 x Intel Xeon X5570 Quad-Core Nehalem EP Processor 2.93GHz 6.4GT/s 8MB LGA
1366 CPU, OEM. New in package.
4 x Super Talent DDR3-1333 8GB/512Mx8 ECC/REG C
Hello Anton,
On Mon, Oct 17, 2016 at 11:25 PM, wrote:
> Mon, 17 Oct 2016 18:00:39 +0200 Karel Gardas
>> 1) use machine with proper ECC support
>
> Hello Karel,
>
> Please explain this "proper ECC support" for every laptop user out there?
> I am not sure my system implements "proper ECC support"
Because Theo de Raadt said that the buttons are for idiots?
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/Attic/theo.c?rev=1.125
Peoples that participate in IRC of openbsd-br suggested for me ask this
here in openbsd misc and for the Theo de Raadt.
On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote:
> Chris Bennett wrote:
>> Does anyone need a Power8?
>
> Chris, this is the hottest high-end server in the IBM universe today.
> The Power8 *needs* OpenBSD because they don't have a really good
> firewalling regimen at that level.
>
Ya k
I've tried that and it doesn't help at all unfortunately. Although I
wouldn't have considered it a great solution since I actually want to use
USB 3 in Windows! And it would be a massive pain to toggle it every time I
switched between OSes
Thanks anyway for the suggestion
On Tue, 18 Oct 2016 at 2
On Tue, Oct 18, 2016 at 10:51:56PM +, Ralph Siegler wrote:
> On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote:
>
> > Chris Bennett wrote:
> >> Does anyone need a Power8?
> >
> > Chris, this is the hottest high-end server in the IBM universe today.
>
> > The Power8 *needs* OpenBSD beca
Perhaps if OpenBSD were regularly used on more powerful machines, it would
acquire abilities beyond what a 486 is capable of?
And I hear it's got a hypervisor now.
Matthew
> On Oct 18, 2016, at 10:48 AM, Jack J. Woehr wrote:
>
> The Power8 *needs* OpenBSD because they don't have a really good firewalling
regimen at that level.
I suspect anyone running Power8 gear is doing so behind dedicated firewall
hardware, e.g. Juniper SRX.
--lyndon
On Tue, 18 Oct 2016 18:28:58 -0500, Chris Bennett wrote:
> On Tue, Oct 18, 2016 at 10:51:56PM +, Ralph Siegler wrote:
>> On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote:
>>
>> > Chris Bennett wrote:
>> >> Does anyone need a Power8?
>> >
>> > Chris, this is the hottest high-end server
On Wed, Oct 19, 2016 at 02:06:51AM +, Ralph Siegler wrote:
>
> Linux on Power8 provides a way to run certain closed source softwares
> that are certified to run on Linux on PowerPC. Of course, those
> softwares generally run even faster on AIX with less "loose ends" and
> bugs because the
Happy Birthday to OpenBSD.
Hey, it's 21. It can drink in Michigan now!
2016-10-19 6:51 GMT+08:00 Ralph Siegler :
..
> no one is going to buy box from product line that starts at $11,000 (non-
>
Power8 machine offers start at USD 2,850:
http://www.tyan.com/campaign/openpower/index.html
And their standard prices are USD 5,530 and up, that is
http://www.tyan.com/Bare
On Tue, 18 Oct 2016 21:42:13 -0500, Chris Bennett wrote:
> On Wed, Oct 19, 2016 at 02:06:51AM +, Ralph Siegler wrote:
>>
>> Linux on Power8 provides a way to run certain closed source softwares
>> that are certified to run on Linux on PowerPC. Of course, those
>> softwares generally run eve
On Wed, 19 Oct 2016 12:29:21 +0800, Mikael wrote:
> 2016-10-19 6:51 GMT+08:00 Ralph Siegler :
> ..
>
>> no one is going to buy box from product line that starts at $11,000
>> (non-
>>
>>
> Power8 machine offers start at USD 2,850:
> http://www.tyan.com/campaign/openpower/index.html
>
> And thei
2016-10-19 12:59 GMT+08:00 Ralph Siegler :
..
> too expensive to have for development, too expensive to run, to
> expensive for a userbase while businesses waited for a mature version, no
> compelling use case in the open source world that couldn't be done with
> Xeon drawing half to a third the
On Wed, Oct 19, 2016 at 7:23 AM, Mikael wrote:
>
> Oracle have been talking about making a low-end server model of their new
> Sparc64 chip, I guess that one will sell at around 5000 USD too.
I guess you talk about so called Sonoma/scale-out SPARCs, well those
were already unveiled and the prices
IBM is a storied company with a history of innovation and progress. They
have contributed to computing as a discipline in various ways.
And if you want to know what one totally unqualified OpenBSD user thinks,
the best way they could contribute to OpenBSD is funding. 10,000 USD is an
IBM i series
There's no technical reason that I know of, just as far as I know, nobody
has written the code.
On 19 October 2016 07:42:54 Mik J wrote:
Hello Everyone,
Thank you for your answers and new ideas.
Stuart, why is it not possible. Is it a real limitation or because openbsd
is just not coded to
Splitting this to a separate thread just not to pollute the Power8 thread.
This relates to OpenBSD in the way that it's on the topic of what server
hardware exists that we possibly could run it on. So bordering to off-topic.
2016-10-19 14:34 GMT+08:00 Karel Gardas :
> On Wed, Oct 19, 2016 at 7:2
48 matches
Mail list logo
