Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

Kevin Chadwick writes: > What is your problem with it, there are many VPN services promoted > precisely for this issue as it completely rather than partially stops > ISP's monitoring traffic like TalkTalks homesafe service that is > likely hackable itself. Why encrypt anything? Just run it

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

Kevin Chadwick writes: > The cvs page fingerprint page could be https enabled, however you can > use googles cache over https, also buy a CD to help the project greatly > would do far more for world security than TLS everywhere and even look > at mailing list archives over https as a web of trust.

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

Giancarlo Razzolini writes: > One of the main benefits of the TLS wouldn't only be to render > impossible for anyone to know which pages you're accessing on the site, > but also the fact that we would get a little more security getting the > SSH fingerprints for the anoncvs servers. Having them in

Re: home keys in tmux

like I'm used to. Maybe I could figure this out with a hour of study but maybe somebody on the list knows ;) -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine

Re: home keys in tmux

Johan Mellberg wrote: Anyway, screen steals C-a so to jump to the start of a line, hit C-a, then a again. Doesn't work :( -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe

Re: home keys in tmux

Philip Guenther wrote: My crystal ball says that you changed the prefix but didn't change the binding of 'a'. I would verify my crystal ball against your config...but you didn't show your config... I only made the change I noted, and thank you for some helpful advice! -- Jack J. Woehr

Re: A branded USB stick as an alternative to the CD set?

On 12/01/15 10:20, Anthony Campbell wrote: > On 30 Nov 2015, Bryan Vyhmeister wrote: >> Let's not waste any more of Theo's time. USB sticks are not the magic >> device that some seem to think. Some are not very reliable and prone to >> failure. I've had very mixed results with budget USB sticks in

Re: A branded USB stick as an alternative to the CD set?

Software development. :D More importantly, what can users do to make it easier for developers to write code? That is the important question to ask when a thought like this comes up. Is it more efficient of developer time for me to purchase my own usb stick and deal with it myself, or request

Re: Is it possible to use pledge(2) to make something similar to firejail?

set of potential Firefox exploits right away with nothing but Unix filesystem permissions. http://lists.dragonflybsd.org/pipermail/users/2015-August/228324.html -- Anthony J. Bentley

Re: Paypal donation in Euros, not $US

Gerald Hanuer wrote: Workaround http://www.openbsdfoundation.org/donations.html I solved it ... I sent donations to both! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe

Paypal donation in Euros, not $US

When I click PayPal on http://www.openbsd.org/donations.html PayPal wants me to donate in Euros. Is there any way to make it offer me a $US option? I'm not sure I want to donate to PayPal itself whatever margin it claims on exchanges :) -- Jack J. Woehr # Science is more than a body

Sony Vaio OBSD 5.8 screen blanking forever

I've done xset s off. KDE is set not to blank. But on my Sony Vaio OBSD 5.8 in Xwindows with any manager after about 10 minutes of inactivity the screen blanks and won't come back, forcing me to kill the session (ctl-alt-bkspc). Must be something in the card's VGA graphics mode? Any tips or

Re: Sony Vaio OBSD 5.8 screen blanking forever

Dutch Ingraham wrote: xset -dpms Bingo. Thanks! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: Linus Torvalds thoughts on Linux Security

require undoing a lot of what Linus and Linux has struggled to achieve. Linux can never return to the simplicity of OpenBSD, and simplicity is the key to security. He has his space, and his clarity in defining that space is a boost to the entrepreneurial opportunities for OpenBSD. -- Jack J

Networking Menu option during boot

ions could include open wireless access points and static/dynamic NICs. The bsd.rd install option already pauses the kernel and displays a network configuration script. Would it be possible to provide a similiar option in OpenBSD? -- J. Scott Heppler

Re: Networking Menu option during boot

On Nov 04, 2015: 11:35, Jiri B wrote: On Wed, Nov 04, 2015 at 07:08:54AM -0800, J. Scott Heppler wrote: [...] The bsd.rd install option already pauses the kernel and displays a network configuration script. Would it be possible to provide a similiar option in OpenBSD? bsd.rd doesn't pause

Re: no connectiion to phone's AP

Hi, could it be that you need to 'sh /etc/netstart iwn0' for it to negotiate DHCP? That, or do a dhclient iwn0. It's not apparent by your series of commands if you left out dhclient.. Regards, -peter On 11/03/15 13:59, misc nick wrote: > I can't connect my Thinkpad x220 to my phone's hotspot

Re: The OpenBSD developers approve “optimizing assembler” and compilers?

ssion groups, esp. mainframe groups, these same stories are told over and over again. Maybe we're just attracting an older crowd these days :) -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating

Re: Mount ISO as read write

écrit : On Wed, 28 Oct 2015 07:45:05 + (UTC) Mik J <mikyde...@yahoo.fr> wrote: > Hello everyone, > I asked this question on another list a long time ago. > * I would like to mount an iso in order to add some files# ls -l /mnt > drwxr-xr-x  2 root  wheel    512 May

Re: Any opinion, policy or conclusion about easy and accessible MAC implementations like tomoyo or SMACK?

Hi, There is IPC between the seperated parts though. Which makes me wonder if someone gets the protocol right on the compromised part they would be able to pull the certificates no? What would need to be done to get the protocol right then? Regards, -peter On 10/29/15 11:34, ludovic coues

Mount ISO as read write

Hello everyone, I asked this question on another list a long time ago. * I would like to mount an iso in order to add some files# ls -l /mnt drwxr-xr-x 2 root wheel 512 May 3 15:31 iso# vnconfig svnd0 Image.iso # mount_cd9660 -o rw /dev/svnd0c /mnt/isoAfter the mount, it's read only# ls -l

How is the NSA breaking so much crypto?

https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding

Re: OS X 10.11 'El Capitan' IKEv2

> On 2015-10-03, at 0040h, matthew j weaver <m...@ice-nine.org> wrote: > > I’ve not yet surfaced where the ikev2 proposal/policy configs hide in OS X. For anyone still playing the home game: You’ll find the proposal configs for both phases of your VPN interface hiding in /Libr

Re: OpenBSD <> Commercial VPNs

Predrag Punosevac wrote: The only time I ever had problems connecting to third party commercial VPN from OpenBSD was connecting to Have you connected to a Fortinet SSL VPN? How did you do it? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax

Re: OpenBSD <> Commercial VPNs

Pedro Tender wrote: They also have a Linux client. I've looked for it, any tips where it might be found? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com

Re: OpenBSD <> Commercial VPNs

too. Seems to work. But no traffic goes through. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: OpenBSD <> Commercial VPNs

. And then no traffic comes through. 'route show' looks correct but nothing seems to be going back and forth. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding

Re: OpenBSD <> Commercial VPNs

Dimitris Papastamos wrote: Dimitris Papastamos wrote: On Sun, Oct 11, 2015 at 01:06:58PM -0600, Jack J. Woehr wrote: I am not sure what's wrong. I guess you see traffic leaving your external interface but not getting any replies? I've got it, thanks! I forgot to do the sysctls necessary

Re: who(XXXXX): syscall 54 in the last few snapshots

Atanas Vladimirov wrote: I think that I found it - Nagios. Now the question is how to debug it further? lsof? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com

Re: OpenBSD <> Commercial VPNs

Jack J. Woehr wrote: Steve Shockley wrote: A quick search found https://github.com/adrienverge/openfortivpn, but I haven't tested it. It's clearly the right product. However. I've been trying to build it for an hour now. It requires Much Work for OpenBSD, it's somewhat wed to the Linux

Re: OpenBSD <> Commercial VPNs

Joel Wirāmu Pauling wrote: > I am unsure if Fortinet have a linux client, I imagine they must. I think just Windows and Mac, thanks. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the unive

Re: OpenBSD <> Commercial VPNs

Jack J. Woehr wrote: I'm sort of stuck at the moment on these macros where "rt" is an instance of struct rtentry : #define route_dest(route) \ I meant "route" is an instance of struct rtentry. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way

OpenBSD <> Commercial VPNs

Googled and not found much on connecting OpenBSD to proprietary VPN offerings. I looked at OpenVPN which conceptually resembles Fortinet but doesn't seem to have any way to connect to Fortinet SSL VPN. Any pointers or tips? -- Jack J. Woehr # Science is more than a body of knowledge

Re: OpenBSD <> Commercial VPNs

don't administer. I'm forced off OpenBSD in the workplace when I the connection is thru a VPN. I don't understand the minutiae of VPN's enough to figure this out and I find no useful examples on the web. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com

Re: OpenBSD <> Commercial VPNs

Much Work for OpenBSD, it's somewhat wed to the Linux stack. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: OS X 10.11 'El Capitan' IKEv2

> On Oct 3, 2015, at 5:32 AM, Reyk Floeter wrote: > In summary, the GUI part is very easy but certificate configuration is > a bit difficult. It's the same complexity as in Windows. But much > better compared to earlier IPsec configurations. Agreed, thanks for the update. I

signify: signature verification failed

I downloaded the jumbo patches from ftp://ftp.eu.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz which includes the latest opensmtpd patch, only it doesn't check out against signify. # signify -Vep /etc/signify/openbsd-57-base.pub -x 017_smtpd.patch.sig \ > -m - | (cd /usr/src && patch -p0)

Re: OS X 10.11 'El Capitan' IKEv2

> On Aug 17, 2015, at 5:39 AM, Reyk Floeter wrote: > > On Sun, Aug 16, 2015 at 11:28:24PM +0300, Or Elimelech wrote: >> Hello misc, >> >> Has anyone connected successfully between the new OS X ikev2 impl. >> To an OpenBSD box? >> > > No, we don't have the beta. > > Reyk

Re: APU re(4) how can I debug this further?

, -peter On 09/30/15 11:10, Peter J. Philipp wrote: > On Wed, Sep 30, 2015 at 10:36:21AM +0200, Benny Lofgren wrote: >>> Thanks for your help, >> I assume you are not able to ping the other way around either when the >> network goes down, i e from gamma to fritzbox? > Si

APU re(4) how can I debug this further?

I have a network that occasionally goes down. I have isolated the fault between a PC Engines APU router running OpenBSD and an AVM Fritzbox that does backup LTE and mainly 5 Ghz AP. I drew a map to further illustrate my network: to LTE network [gaia]--

Re: APU re(4) how can I debug this further?

On Wed, Sep 30, 2015 at 10:36:21AM +0200, Benny Lofgren wrote: > > Thanks for your help, > > I assume you are not able to ping the other way around either when the > network goes down, i e from gamma to fritzbox? Since everything in that part of the apartment is headless (fritzbox, gamma and

Re: OT: Exists some problem with dnscrypt-proxy package?

With dnscrypt-proxy running, can you resolve hostnames? dig @127.0.0.1 -p 4553 somehostname.com If you can, do you have "do-not-query-localhost" set to "no" in your unbound configuration? On Sun, Sep 20, 2015 at 10:04 AM, C.L. Martinez wrote: > Hi all, > > I have

Re: spamdb

<pe...@bsdly.net> escribió: > >> On Thu, Sep 10, 2015 at 03:04:26PM +0200, Fran. J Ballesteros wrote: >> >> with 5.7 our spamdb becomes corrupt after a while. Are we the only ones with >> this problem? Anyone else using it? > > using spamd with related tools includin

Re: LIST_PREV?

Actually never mind, I think I'm gonna switch to TAILQ instead. Cheers, -peter On 09/13/15 09:56, Peter J. Philipp wrote: > Hi, > > I'm programming with queue(3) and noticed there is no LIST_PREV. LIST > is a doubly linked list, no? > FreeBSD's LIST_PREV (from an older 11-curr

LIST_PREV?

Hi, I'm programming with queue(3) and noticed there is no LIST_PREV. LIST is a doubly linked list, no? FreeBSD's LIST_PREV (from an older 11-current) looks like this: #define LIST_PREV(elm, head, type, field) \ ((elm)->field.le_prev == _FIRST((head)) ? NULL : \

Re: Question about quotation rules

and in troff's PDF output. Everywhere else (such as the xterm and firefox defaults) has displayed this unbalanced for years. " looks better and is easier to type. -- Anthony J. Bentley

spamdb

hi with 5.7 our spamdb becomes corrupt after a while. Are we the only ones with this problem? Anyone else using it?

Re: /etc/pkg.conf when installing from snapshots

Joel Rees writes: Is it unusual/unreasonable to install, not update, from a snapshot bsd.rd? If installing from a snapshot bsd.rd is not too unreasonable, does everyone doing that edit /etc/pkg.conf by hand to point to the local mirror's snapshots before re-booting, to pick up the firmware

Re: OpenBSD machine was hacked

On 07/29/15 03:33, Wong Peter wrote: Q:why do you believe that your machine was hacked? A: My pf rules was flushed.This can prove using pfctl -sr. The whoe firewall was not usable anymore. NO NAT nor packet filtering. Hi Peter, Can you let us know the version and architecture of OpenBSD you

watchdog timeouts on re(4) Realtek 8168

Hi, I recently built a new machine. Occasionally (meaning a couple of times a day), the network dies in the following fashion: First, the system slows down (mouse becomes jerky and unresponsive). Shortly after, dmesg prints: Jul 15 20:38:23 cathet re0: watchdog timeout Once the watchdog

Acer Aspire V3-112 was Re: which netbook not to buy?

On Sun, Jul 12, 2015 at 02:39:50PM +, Peter J. Philipp wrote: Hi, I'm considering buying a new netbook (currently I have an October 2012 Acer Aspire One). If at all I'd like to stay with Acer but not necessarily. I'm worried about UEFI secure boot on these netbooks. Is there any Acer

Re: Acer Aspire V3-112 was Re: which netbook not to buy?

On 07/15/15 18:28, li...@wrant.com wrote: I'm considering buying a new netbook... So you asked what not to buy. You got some good and solid advice from knowledgeable people here regarding what works great including OpenBSD coverage. I'm really happy with my old netbook though. Guess what

which netbook not to buy?

Hi, I'm considering buying a new netbook (currently I have an October 2012 Acer Aspire One). If at all I'd like to stay with Acer but not necessarily. I'm worried about UEFI secure boot on these netbooks. Is there any Acer models that I definitely should not buy? Regards, -peter

Re: cvs files from attic show up in update

On 07/03/15 09:33, n.reu...@hxgn.net wrote: Dear misc, i have a script running every night on my openbsd 5.7 -stable box to fetch the latest sources from cvs. If some files changed, it will send a mail. This morning i got the following output from last nights run: ?

Re: Cannot run Snort

On 06/27/15 09:12, Wong Peter wrote: Dear All, I had installed Snort but cannot run it. Error Message: Can't load library liblzma.s0.2.0 What need to install? I had install the lzlib but still cannot solved it. Which packages need to install or how to tell snort to look up the shared

dnssec-signzone and NSEC3

Hi, I'm a developer of an authoritative nameserver (delphinusdnsd) and I've always developed this on OpenBSD. Lately I've been putting DNSSEC functionality into this daemon and almost completed RFC 4034 which includes NSEC,DS,RRSIG and DNSKEY RR's. I'd like to go further and put in RFC 5155

Re: dnssec-signzone and NSEC3

On 06/26/15 10:10, David Dahlberg wrote: Am Freitag, den 26.06.2015, 09:53 +0200 schrieb Peter J. Philipp: I can't find the -3 - option to generate NSEC3 RR's with dnssec-signzone. Am I reading the manual page wrong or is this a missing feature? If it is I'll probably leave NSEC3 out

route-to looking for better ways

Hi, I have set up 2 tunnels to my VPS's from a OpenBSD pppoe gateway. Today I wanted to switch a source route from one tunnel to the other tunnel (at hetzner) and was dumbfounded after applying new rulesets [1], and killing the individual states of traffic on tun0. It didn't work so I'm left

Re: usbhidctl(1) and usbhidaction(1)

outputs.master.mute=off Consumer:Volume_Decrement 1 mixerctl outputs.master=-8 mixerctl outputs.master.mute=off Consumer:Mute 1 mixerctl outputs.master.mute=toggle -- Anthony J. Bentley

Re: Random PID implementation and security

Don't use PID for seeding ever, in fact don't use seeding. If you want a random integer use arc4random(), if you want a random buffer use arc4random_buf(). There is more even to arc4random(3) which is up to you to read in the manpage system. Sincerely, -peter

Re: openbsd 5.7 libs bad major

On 05/02/15 08:57, Joseph Oficre wrote: Hi @misc! Trying to build opennx through ports and catch this === Installing wxWidgets-gtk2-2.8.12p9 from /usr/packages/amd64/all/ Can't install wxWidgets-gtk2-2.8.12p9 because of libraries |library atk-1.0.21209.1 not found |

Syntax errors in 005-007 5.7 patches

Just a minor problem with patches 004 - 007 in 5.7 Apply by doing: cd /usr/src signify -Vep /etc/signify/openbsd-57-base.pub -x 005_httpd.patch.sig -m - | \ patch -p0 -- J. Scott Heppler

Re: best armv7 device for fw

etc. / J Sent using GuerrillaMail.com Block or report abuse: https://www.guerrillamail.com/abuse/?a=TEhnBi0PU7Ebih2wvnENdQ%3D%3D The PandaBoard has built-in wifi, but the ethernet is 10/100 and singular. Same with the Cubieboard. Some models of the Wandboard seem to meet your

Re: a few questions to httpd

On Wed, Apr 01, 2015 at 05:21:47PM +0200, Markus Rosjat wrote: I'm a german , extremly lazy and a dummy by default (ask arround you'll see ) but like my previous mail said I just found a pdf that provides most of the answers I have ;) I'm a german too, but ask around we've been upgraded,

questions to the security of softraid_crypto

int mycmp(const void *, const void*); void uniq(char *addr, u_int64_t size); int main(void) { int fd; uint64_t i, j; uint64_t count; struct stat sb; char *addr; printf(opening file\n); fd = open(/tmp/EFS2, O_RDWR, 0600); if (fd 0

Re: questions to the security of softraid_crypto

On 03/01/15 23:17, Ted Unangst wrote: Peter J. Philipp wrote: Hi, I am not the best C reader and programmer out there so I try to make myself tools that may seem useless in order to better understand. I see this in /sys/dev/softraid_crypto.c int sr_crypto_encrypt(u_char *p, u_char

Re: Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=` in rc.conf.local?

On Wed, Jan 28, 2015 at 4:05 PM, openda...@hushmail.com wrote: Indeed, `daemon_flags=YES` wouldn't make any sense at all. What I'd like to see is: ntpd_enable=YES ntpd_flags=-s Considering we're talking about two different things here (one for enabling it and one for configuring

mpd.conf libao mixer_control options

to be configurable. Thanks -- J. Scott Heppler

Re: openhttpd

OpenHTTPD is under active development and not part of the OpenBSD Project. I could be mistaken, but it would seem this is the wrong list? On Sat, Dec 20, 2014 at 6:33 PM, Edgar Pettijohn pettijo...@hotmail.com wrote: Is there a mailing list for openhttpd? Also all the links on openhttpd.net

Re: null checks before free()

to free? Double free is absolutely unsafe. Null checks are unnecessary. I *think* you're assuming that freeing a pointer sets it to null. This is not the case. -- Anthony J. Bentley

Re: OpenBSD 5.6/current on Soekris 6501-70

On Mon, Dec 08, 2014 at 12:53:32AM +0100, Martin Hanson wrote: Hi, Anyone running OpenBSD 5.6 or current on Soekris 6501-70 who wouldn't mind sharing some through-put data for gigabit performance. Regards, MH Hi, I can't tell you how much the Soekris 6501-70 does with plaintext

Re: ffs and utf8

aliased according to the current locale. For instance, the user's music directory was shown as 「音楽」 when the locale was set to ja_JP.UTF-8. IMO this is totally crazy behavior and unrelated to the Unicode issue. -- Anthony J. Bentley

Re: ffs and utf8

handle those restrictions? If not optimally, then how can they be made better? If it already handles them with aplomb, then is it applicable to the above scenarios? -- Anthony J. Bentley

Re: ffs and utf8

advocating doing that in OpenBSD). Spaces are bad enough. How many shell scripts handle *newlines* correctly? What about VT100 escape sequences? This whole thing is a security nightmare already. I happily use UTF-8 filenames on OpenBSD, and have done so for years. -- Anthony J. Bentley

Re: ffs and utf8

? Yes, these have been possible in Unix since time immemorial. And the fact that to this day there's no way for me to sanitize them terrifies me. -- Anthony J. Bentley

Re: Packet Filter router i368 vs 64bit

). Juan J. Fernandez On 11/25/14 16:52, Motty Cruz wrote: Hello all, I am searching for hardware to build a router with OpenBSD. I have found mixed signals as to fastest system with i386 or 64bit. I know in the past i386 OpenBSD used to perform a lot better than 64bit system. Any suggestions

Re: Packet Filter router i368 vs 64bit

Thank you for your advice Philip. Can you please give your advice then ? Thank you :) Juan J. Fernandez On 11/25/14 21:06, Philip Guenther wrote: On Tue, Nov 25, 2014 at 3:01 PM, Juan J. Fernandez j...@tcpapplication.com wrote: In general, you could achieve performance by configuring your

Re: Packet Filter router i368 vs 64bit

Thank you Brad. Juan J. Fernandez On 11/25/14 21:20, Brad Smith wrote: On 11/25/14 18:18, motty cruz wrote: Thank you Juan, I appreciate your suggestions and advice. I am planning on using Dual socket B2 (LGA 1356) supports Intel® Xeon® processor E5-2400 v2, I suppose i386 would perform

Version 2 of 007_pfctl.patch.sig missing untrusted

comment/signature Reply-To: J. Scott Heppler shep...@earthlink.net Organization: Innovations Per subject line -- J. Scott Heppler

Re: contributing

of a manual page may have considered not to include examples since it could mislead from the main documentation. In that case, the author should point to further and/or more detailed resources. Juan J. Fernandez

Re: iked without psk

On Mon, Nov 10, 2014 at 02:06:33PM +0100, Mike Belopuhov wrote: hi, psk is now fixed in current. there are two other ways to authenticate hosts: rsa pubkeys (a recent addition - works the same way as in isakmpd) and x.509 certificates. both these options do not require any special config

iked without psk

Hi, Since my upgrade on saturday to 5.6 my iked stopped working with psk. I've disabled it by now but the config was something of the order of: ikev2 active esp from 192.168.179.1 to 192.168.179.10 psk icutwithanulu! ikev2 active esp from 192.168.179.10 to 192.168.179.1 psk icutwithanulu! And

Re: Panic on intensive browsing of WWW.

On 11/06/14 16:48, Otto Moerbeek wrote: If userland activity causes kernel panics there's more trouble than just userland ocnfiguration issues. -Otto I had a panic the other day with a 5.6-stable box, unfortunately my computer didn't save the panic, trace and ps in its dmesg buffer

Re: still loosing connections

On Sun, Nov 02, 2014 at 08:41:44PM +0100, Stefan Wollny wrote: I think so. Your message is a million lines long, but I have no idea what the problem is. Hi Ted, thank you for taking your time to reply. Long story short: Sometimes (=not deliberately repeatable) when fetching a

Re: Logging Password change attempts

On 10/30/14 13:56, Vijay Sankar wrote: Quoting Alexander Hall alexan...@beard.se: On October 30, 2014 1:26:25 PM CET, Vijay Sankar vsan...@foretell.ca wrote: I have been using a simple script # mypasswd.sh /usr/bin/passwd -l if [[ $? != 0 ]]; then /usr/bin/logger Unsuccessful

Re: Logging Password change attempts

On 10/30/14 17:19, Peter J. Philipp wrote: I think I found something and Vijay found it but is being modest. Let me show you: your script didn't work for me with /bin/sh so I modified it, and changed the logger's to echos so that I don't pollute my logs. I have found a small race in your

weird problem in Germany / TCP related

I'm looking for people who may have the same problem as I. Let me describe it. When I'm at my parents house using the OpenBSD laptop, my TCP connections from there experience degragations, lost and dropped packets somewhere in the Internet, this causes retransmissions in TCP which I have

Re: weird problem in Germany / TCP related

On 10/29/14 13:15, Henrik Friedrichsen wrote: Hey, On Wed, Oct 29, 2014 at 09:42:21AM +0100, Peter J. Philipp wrote: So I'm looking for more people who use DTAG who have experienced degragations (mostly noticed in running screen or tmux and having switched windows and it's doggedly slow due

Re: 5.6 arrived

On 10/29/14 18:04, ian kremlin wrote: 5.6 arrived today in syracuse, new york. right on time, just as usual. :) It arrived yesterday in Schweinfurt, Germany. This time the seal was not broken :-). -peter

is this normal or problematic?

I have a tcpdump set in the background on OpenBSD 5.5-current from: mercury$ sysctl kern.version kern.version=OpenBSD 5.5-current (MERCURY.MP) #2: Sat Jun 21 08:24:41 CEST 2014 r...@mercury.centroid.eu:/usr/src/sys/arch/amd64/compile/MERCURY.MP late June (waiting for 5.6). Now my problem is

Re: is this normal or problematic?

On 10/23/14 18:55, Peter J. Philipp wrote: I have a tcpdump set in the background on OpenBSD 5.5-current from: mercury$ sysctl kern.version kern.version=OpenBSD 5.5-current (MERCURY.MP) #2: Sat Jun 21 08:24:41 CEST 2014 r...@mercury.centroid.eu:/usr/src/sys/arch/amd64/compile/MERCURY.MP

Re: is this normal or problematic?

On 10/23/14 21:10, Mike Larkin wrote: On Thu, Oct 23, 2014 at 06:55:11PM +0200, Peter J. Philipp wrote: I have a tcpdump set in the background on OpenBSD 5.5-current from: mercury$ sysctl kern.version kern.version=OpenBSD 5.5-current (MERCURY.MP) #2: Sat Jun 21 08:24:41 What (and why) did

Re: Shadow TCP stacks

On Fri, Oct 17, 2014 at 9:13 AM, Ian Grant ian.a.n.gr...@googlemail.com wrote: On Fri, Oct 17, 2014 at 4:24 AM, Bret Lambert bret.lamb...@gmail.com wrote: On Thu, Oct 16, 2014 at 02:48:22PM +0200, Martin Schr??der wrote: 2014-10-16 13:16 GMT+02:00 Kevin Chadwick ma1l1i...@yahoo.co.uk: The

looking for coding hints with ptrace(2)

I'm trying to read the stack of another process that has the same user credentials. Here is my program, I am stuck with this, it doesn't work for me. Printing 0's is rewrapped to '.' and you should use this program with hexdump like so: ./memtest [pid] | hexdump -C | less Sometimes I get a bit

Re: looking for coding hints with ptrace(2)

On 10/17/14 22:38, Theo de Raadt wrote: I'm trying to read the stack of another process that has the same user credentials. Here is my program, I am stuck with this, it doesn't work for me. Printing 0's is rewrapped to '.' and you should use this program with hexdump like so: ./memtest

pf matching the ttl of a packet

My DNS server is being used in a reflection attack. I can tell its a reflection attack by the incoming ttl of the DNS packet and the ping ttl as returned with ping. They differ, meaning it's spoofed from another site. While the system it's on is FreeBSD and it's pf is outdated, I didn't see an

Re: recommended input methods?

needs a true IME. yasuoka@ has suggested uim/anthy in the past (http://yasuoka.net/~yasuoka/openbsd-desktop.html), and I haven't seen anyone suggest an alternate method for Japanese input. It beats typing romaji into Google Translate. -- Anthony J. Bentley

Re: openbsdstore: enable javascript and buy something or gtfo

On Fri, Oct 3, 2014 at 9:53 AM, ludovic coues cou...@gmail.com wrote: 2014-10-03 16:09 GMT+02:00 david...@ling.ohio-state.edu: In my browser of choice, configured sensibly, this is all that can be seen at openbsdstore.com and openbsdeurope.com: | The OpenBSD Store | If you have JavaScript

Re: openbsdstore: enable javascript and buy something or gtfo

On Fri, Oct 3, 2014 at 12:01 PM, Matti Karnaattu mkarnaa...@gmail.com wrote: No, you choosed that web page to visit. http://www.w3schools.com/xml/xml_http.asp If the javascript contains an XMLHTTPRequest object, it can call out to a different server (than the one you are visiting) without your

Re: OpenBSD 5.6 pre-orders in Germany possible

On 09/27/14 20:15, Stefan Berger wrote: On Sat, Sep 27, 2014 at 07:30:45AM +0100, OpenBSD Europe wrote: Hi folks, I just noticed that in Germany Lehmanns (see OpenBSD's order-site) already accepts pre-orders for OpenBSD 5.6-release. Guess what I just did :-) My little contribution to the

<    2   3   4   5   6   7   8   9   10   11   >