Maybe this time mail will be encoded properly.
>Chrome and Safari both derive from Apple WebKit which itself is a fork
>of the KHTML rendering engine developed by the KDE project, and has
>*always* been, LGPL licensed code since its first release in 1998.
>Yet today, Firefox is held up as the
Chrome and Safari both derive from Apple WebKit which itself is a
forkof the KHTML rendering engine developed by the KDE project, and
has*always* been, LGPL licensed code since its first release in
1998.Yet today, Firefox is held up as the open-source darling
andChrome/Safari is seen as the
>At the end of a "pass" rule in pf.conf, the author adds:
>
> max‐src‐conn 3, max‐src‐conn‐rate 2/5, overload flush global
>
>which means:
>
> "any source can only have a total of three connections,
> and they may not create them at a rate faster than two
> every five minutes. If
> Hi!
>
> If I understand mount(8) (http://man.openbsd.org/mount) right, FFS
> mounts have a metadata I/O mode and a data I/O mode. By default,
> metadata is accessed synchronously and data is accessed
> asynchronously.
>
> "-o sync" will force both to synchronous mode, and "-o softdep" would
>
Intel provided stable microcode for Skylake mitigating Spectre variant 2.
Current status
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf
When it comes to Meltdown:
Does OpenBSD is going to release patches for 6.2? I don't see anything related
to
There are some claims about Raspberry Pi:
Here you go:
We do not believe any generation of Raspberry Pi hardware
is susceptible to either the Spectre or Meltdown vulnerabilities.
https://twitter.com/EbenUpton/status/948999181309530116
Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
Intel is probably waiting for Microsoft, Red Hat,
Apple and major cloud companies to update
OSes until release of Intel Security Advisory.
I am also curious does OpenBSD also maps
kernel to userspace memory of processes?
Could pledge protect against some scenarios
exploiting these kinds of bugs?
Hello,
I would like to know whether is possible to execute GUI app
based on JavaFX using OpenBSD's package for JRE.
I had tried to compile and run but Maven says it can't find JavaFX
classes.
I also tried to compile on Windows and then copy target directory to
OpenBSD, but again I see something
News from Reddit:
"AMD Listened to us, and added a PSP disable option in their new AGESA version!"
Not my picture (Credit to u/repo_code), but
https://drive.google.com/file/d/1b4p3d-gtHbFvkUbHYC8HSIviL-1ssC7V/view
My Gigabyte AB350 Gaming 3 also has a bios based on the new
agesa version,
Intel's firmware bugs:
Intel SA-00086
Intel ID: INTEL-SA-00086
Product family: Various
Impact of vulnerability:Elevation of Privilege
Severity rating:Important
Original release: Nov 20, 2017
Last revised: Nov 21, 2017
Happy birthday and live long OpenBSD!
Stefan Sperling:
> Also this was *NOT* a protocol bug.
> arstechnica claimed such nonesense without any basis in fact and
> now everybody keeps repeating it :(
Actually, the researcher claimed that are in the standard itself.
https://www.krackattacks.com/
The weaknesses are in the Wi-Fi standard
Hello
During recent update from older -current amd64 to newest -current amd64 kernel
printed softraid/CRYPTO error.
This error message was printed after re-linking of kernel which failed.
What does this mean?
Small part of dmesg:
sd1 at scsibus1 targ 1 lun 0: SCSI2
> if you read the paper, you will notice that they only tested on Ubuntu and
> OSX,
> neither of which actually ship with ASLR enabled by default if I remember
> correctly.
https://wiki.ubuntu.com/Security/Features
>> Hi Everybody,
>>
>> I would like to give a try to vmm. If I do so, which os can I expect
>> to make it work? openbsd ok I guess. Linux? Windows?
>OpenBSD only, as of now.
Does it support both i386 and amd64 OpenBSDs guests?
> > This is just one mechanism on tty, there are others. On other
> > descriptors there are other abilities.
> >
>
> Would you mind explaining this a little bit. I don't really mean the
> sudo/doas part.
>
> How to do operations without retaining access to a tty?
>
> What other descriptors?
dhill () mindcry ! org also posted message to bugs mailing
list probably about this issue.
Title/subject:
KASSERT((sk->inp == NULL) || (sk->inp->inp_pf_sk == NULL));
http://marc.info/?l=openbsd-bugs=147472138723508=2
I also can confirm that relayd is triggering this kernel panic
on my system by
>Thank you all for your asnwers. I cannot use grub or lilo as some of
>you pointed out beaceuse grub is i386 only and lilo isn't even in
>ports, and I don't have linux installed.
Neither do I, but I have Grub2 (from Debian amd64)
and OpenBSD amd64 ;)
You don't need to install any Gnu/Linux system
I have installed OpenBSD before it had UEFI support,
so I installed in Legacy Boot mode (I have UEFI capable
laptop).
I personally use Grub2 installed via
debian live amd64 standard image.
I don't have Gnu/Linux installed.
I only have bootloader from Debian.
I have Windows 8.1 and OpenBSD
I think that actual, real job is done by:
aml_evalname(sc, node, "_OFF", 0, NULL,
)
or
aml_evalinteger(sc, node, "_OFF", 0,
NULL, )
inside acpi.c file.
The only good thing about this patch is
that it works for me.
> > +filedev/pci/nvdsbl.c
>
> can you include this file? and any new .h files as well?
I think that this was just for registering a dummy driver
for that Nvidia device. It does nothing useful itself.
# cat /usr/src/sys/dev/pci/nvdsbl.c
/* $OpenBSD: nvdsbl.c,v 0.1 2015/07/28 12:00:01
This is totally fucked up code, but if you like hazard...
I mean that I really just called some random ACPI (aml) methods
not knowing what they should do.
Additionally this code is for my laptop. I have GEFORCE 620M
GPU, so I added this to pcidevs. Another thing is that patched
code recognizes my
I have trimmed lspci output, but actually it was important.
I have not only Intel GPU but also Nvidia GPU.
A year ago I have written ugly hack to disable Nvidia GPU year ago
for power saving.
I am sure that is too ugly to commit to repository and
I am not programming professional so I need a lot
Hello
I have:
$ sysctl kern.version
kern.version=OpenBSD 6.0-current (GENERIC.MP) #2353: Sat Aug 13 11:34:33 MDT
2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
# sysctl hw.model
hw.model=Intel(R) Pentium(R) CPU B960 @ 2.20GHz
# lspci -nn | grep VGA
00:02.0 VGA
I have upgraded base system.
I am going to update ports when mirror will be in sync with main.
wxallowed on /usr works as expected
$ mount | grep /usr
/dev/sd2e on /usr type ffs (local, noatime, nodev, wxallowed, softdep)
$ grep wxallowed /etc/fstab
Hello,I have non-standard partitioned OpenBSD-current installation dated before
05/27.I don't have separate filesystem/disklabel partition for /usr/local/.I
have /usr/ on separate ffs filesystem. Can I add wxallowed to /usr/ filesystem
or I must repartition/reinstall OpenBSD?
Theoretical breakthrough in distributed random number generation.David
Zuckerman, a computer science professor, and Eshan Chattopadhyay, a graduate
student, published a paper in March that will be presented in June at the
Symposium on Theory of Computing.âWe show that if you have two low-quality
And what about performance?
Is tmpfs or mfs faster? Is one or another more resource hungry?
--
Furthermore, I consider that systemd must be destroyed
Latin oratorical phrase
What exactly is version of base system?
$ sysctl kern.version
Have you also updated packages/ports?
On: http://www.openbsd.org/faq/current.html
is info about recent ABI break.
>I don't know what "MRA" means, but for fetching:
According to Wikipedia's "Email agent" there are:
Mail user agent (MUA)
Mail submission agent (MSA)
Mail access agent (MAA)
Mail transfer agent (MTA)
Mail delivery agent (MDA)
Mail retrieval agent (MRA)
Hello,
I am casual OpenBSD user. I use it on laptop. I don't have servers and do
*not* want to create my own mail service. I use what crowd uses:
I have Yahoo, Gmail, Yandex mail accounts.
I would like to use mutt and shell scripts for mail notification etc.
To accomplish this I want to have
I have reported problem to bugs mailing list.
Thanks for checking that and response.
When it works fine, but without certificate verification:
$ cat /etc/relayd.conf
tcp protocol proto_wp {
#tls ca file "/etc/ssl/cert.pem"
tls tlsv1.1
pass
}
relay connect_to_mail_wp {
protocol proto_wp
listen on 127.0.0.1 port
forward with tls to imap.wp.pl port 993
Maybe I will post example of what I am doing.
OpenBSD-current amd64 March 16th, 2016.
Getmail and imap over TLS.
$ cat /etc/relayd.conf
tcp protocol proto_wp {
tls ca file "/etc/ssl/cert.pem"
pass
}
relay connect_to_mail_wp {
protocol proto_wp
listen on
Hello,
OpenBSD current amd64 march 16 snapshot.
I am using relayd as client for encrypted https connections.
I would like to make relayd verification of CA.
Now I have without verification:
web browser encrypted stream -> 1 relayd in server mode -> unencrypted stream ->
privoxy and divert using
I have rdomain 1 and default rdomain
pair1 is in rdomain 1
pair2 is in default rdomain
Inside rdomain1 there is not loopback interface
network is 172.10.0.2/24
In /etc/resolv.conf I have nameserver 127.0.0.1
so all DNS (UDP 53) packets should go to 127.0.0.1
Default route in rdomain1 is pair2
Hello
Given that one could change options for filesystem such as sync to async
without remounting using mount -u -o options /what /where
is this possible to disable softdep on the fly (without unmounting)?
Second question:
Does mounting fs with softdep *and* sync options is secure?
For example
About X.Org isolation I have heard of
Xpra - "screen for X11"
but haven't used this yet.
What you see in ifconfig?
I have line like that:
ifconfig pair1
pair1: flags=8843 rdomain 1 mtu 1500
and the content of config file for interface:
cat /etc/hostname.pair1
Hello
I am using OpenBSD amd64 with FDE. I wonder if there is possibility of
making backup of header/key used by softraid crypto like in
LUKS/dm-crypt solution for Gnu/Linux?
I know that backup is relevant and do backup, but if there is possibility
for add one more additional easy step to be more
Do you also sandbox the browser with some sort of remote desktop, or run
under a separate X session? AFAIK X allows any program to meddle with
any other program under the same display.
No, I don't.
Setup is easy. In the easiest scenario just create user, add to /etc/sudoers
line which lets you
Does original Firefox compiled by Mozilla running on Windows
have W^X? I bet: no, it doesn't.
I run browsers on the other user account in OpenBSD.
It seems it is starting to work.
Server command:
/usr/local/bin/sudo -u user /usr/bin/nc -4 -k -l 172.10.0.2 9191
Commands for programs I would like to intercept/redirect:
#!/bin/sh
/usr/local/bin/sudo /sbin/route -T1 exec /usr/local/bin/sudo \
-u user /usr/bin/nc -4 -n -v 172.10.0.2 9191
012345678901234567890123456789012345678901234567890123456789
Hello,
OpenBSD current amd64
I would like to isolate application from network and also
to make sure that every packet goes to certain port at
certain IP address.
On Linux I achieved that using network namespace, veth,
iptables
012345678901234567890123456789012345678901234567890123456789
It is probably just aesthetics.
When I have clock not synchronized and differs a few seconds,
I have following output:
grep ntpd /var/log/daemon | tail -n 30
Feb 6 17:57:00 host ntpd[7585]: constraint reply from ip: offset 8.928573
Feb
d: "Christian Weisgerber" <na...@mips.inka.de>
Do: "Lampshade" <lampsh...@poczta.fm>;
Wysłane: 16:25 Sobota 2016-01-30
Temat: Re: xz: (stdin): Cannot allocate memory
> Lampshade:
>
> > I have following error:
> > cat archive.tar | xz -zf --format=xz -9e
This xz command worked in past so I think something must
have been changed in past. Indeed, this command worked
when I had 4G of DDR3@1333Mhz RAM. Now I have 6GB DDR3
on the same laptop so I have even more.
I will look at ulimit -d this evening. I didn't changed them manually, so they
must have
Hello
I have this OS with packages as of yesterday (Jan 29):
kern.version=OpenBSD 5.9-beta (GENERIC.MP) #1865: Thu Jan 28 20:18:15 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
and also tested on with packages around Jan 17:
kern.version=OpenBSD 5.9-beta
Hello,
I am from Poland.
I am using Windows 8.1 64-bit and OpenBSD-current amd64.
When I used Gnu/Linux I mounted fat32 partitions
with these options:
iocharset=iso8859-2,codepage=852
However OpenBSD's mount tells me:
mount -t msdos -o codepage=852 /dev/sd0f /mnt/partycjaFat/
mount_msdos: -o
I have posted this message
also to bugs mailing lists with subject
Relayd in TlsClient mode accepts TLSv1 and TLSv1.1
today, January 10, 2016
Hi,
I am using following configuration to connect to TLS websites:
Chromium <-> relayd as a server <-> privo-
xy <-> relayd as a client <-> hostile Internet
I want to focus on relayd as a client in this mailing list thread.
I want to instruct relayd as a client to only connect using TLS versions
Similar problem:
Upgrade history:
Dec 18 2015 - ok
Dec 19 2015 - ok
Dec 23 2015 - can not boot after that
partial outputs from commands:
disklabel sd0
size offset fstype
a: 146805807 829967361 RAID
other not related to OpenBSD
disklabel sd1
size
Topic should go to tech.. and is actually solved.
Hello,
I would like to know if there are others browsers using W^X
except Firefox, which I know to have this enabled.
I am especially interested in Chromium package.
Hello,
I would like to learn programming in C# using Mono on OpenBSD.
Is it possible to easily use GtkSharp GTK# to prepare environment
to create Hello World program using GTK?
It was the root cause of problem.
When I downloaded release tarball instead of something from
git.gnome.org it compiled successfully.
Thanks for help.
Od: "Callum Davies" <calrog...@gmail.com>
Do: "Lampshade" <lampsh...@poczta.fm>;
Wysłane: 17:31 Niedziela 2015
Hello,
I want to compile libgdamm from source.
I have tried with 3 releases and I have the same error
after I type: gmake.
libgdamm have been extracted to:
/home/open/kompilacje/libgdamm/kod/
gmake[1]: Entering directory
'/home/open/kompilacje/libgdamm/kod/libgdamm-4.99.8/libgda/src'
Thanks for answers.
@dan mclaughlin. But how to prevent attacker going out of chroot?
Do you think that this is possible to prevent this using pledge(2)?
Thanks for links. Especially Jonathan's "Re: making firefox less
insecure"
mail dated 2014-11-23 is worth reading for me. I wonder if
Is it possible, in theory, to use pledge(2) to make something similar to
firejail?
https://packages.debian.org/sid/main/firejail
Firejail is a Gnu/Linux's program which executes Firefox as it's descendant
with reduced privilages.
For example I would like to restrict Firefox to not write and read
match out on bge0 inet proto tcp to any port 80 user "_relayd" tag
przekierujNaPort443
pass out quick log (all, to pflog0) inet proto tcp tagged przekierujNaPort443
rdr-to 0.0.0.0/0 port 443 bitmask
Indeed it works. Thank you very much.
Does anything changed during these years?
I would like to do the same thing the author of topic wanted.
I want it because I am playing with relayd, privoxy and pf.
I have done chain Firefox -> relayd1-> privoxy -> relayd2, but
relayd2 seems to try estabilish tls connection to 80 port rather
than
Thanks Uwe Werler!
I have not yet estabilished chain described in first message, but it is due to
lack of time
I didn't tried.
Firefox runs as firefox user.
I have actually MitM on relayd *using divert* with this pf-magic:
cat /etc/pf_kop.conf
Ok, I know that relayd can decrypt traffic, then log, then encrypt. The thing
is that I want to
send decrypted traffic to another process (privoxy), and then re-encrypt it.
I have also problem with Reyk's config because I can not divert outgoing
traffic using pf.
I have tried with rdr-to and
Hello,
I would like to use privoxy to scrub/delete
some informations in application layer (HTTP) going out from my PC.
Problem is that a lot of connections are secured with TLS, so privoxy can not
filter them.
Is there any way to do something like that:
Firefox -> decrypt [MitM] -> privoxy ->
Hi,
I would like sometimes experiment with some options/custom config in kernel.
On the other hand that is not supported by OpenBSD. Suppose I need to reproduce
problem with original kernel. I think good solution for me would be to have
two directories for OpenBSD's code. Instead of
Hello
May 15 2015 have been a release date for Rust 1.0. What is your opinion on Rust?
Does it have any chances to be some day popular programming language?
Do you think that learning Rust can be good for educational purposes?
What software you use for this purposes?
Hello
I haven't know that Raspberry Pi is so closed that it requires closed source
blob to even boot. Thanks for responses. I am not going to buy Raspberry Pi 2
any more (or at least when blob will be open source).
Have a good day.
Hi
New version of Raspberry Pi is announced. Its SoC have four cores in Cortex-A7
microarchitecture so it is compatible with ARMv7. It also have 1 GB of RAM.
Have the same GPU as its predecessor: VideoCore IV 3d. For some time GPU have
open documentation and open (BSD licence) driver in Linux
Hello,
I am a student from Poland (country in Central Europe) and I would love to
use OpenBSD everyday. I must have Windows operating system too. I must
have it because of Autodesk's Inventor and Autocad software (in future
probably also SolidWorks) and Ansys and so on. For that software I need
Hello,
I am a student from Poland (country in Central Europe) and I would love to
use OpenBSD everyday. I must have Windows operating system too. I must
have it because of Autodesk's Inventor and Autocad software (in future
probably also SolidWorks) and Ansys and so on. For that software I need
Hello
I have in laptop many devices that I don't use. For example DVD writer. But my
greates problem is the unability to turn off under OpenBSD Nvidia GPU.
Unfortunately I have Optimus laptop, so I don't have normal, independent
hardware multiplexer. I have Intel and Nvidia GPUs, and Intel GPU
72 matches
Mail list logo