Re: Qubes-OS is "fake" security

, such that it is not possible to host these services on the same OS. Whilst there may be some security benefits to whatever isolation is provided by virtual machines, the real advantage here is the savings on physical resources. On Sat, 13 May 2017 00:12:35 +0300 valerij zaporogeci <vlrzpr...@gmail.com> wrote: &

Re: Qubes-OS is "fake" security

2017 5:57:11 PM GMT+02:00, I love OpenBSD >>> <lampsh...@poczta.fm> wrote: >>> >>> Both OpenBSD and Qubes OS don't guarantee >>> perfect security. >>> Qubes OS has a different take on security >>> than OpenBSD. Both have different >&g

Re: Qubes-OS is "fake" security

s is just linux with a gui for some kvm vms(it sux) > >> On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD <lampsh...@poczta.fm> >> wrote: >> >> Both OpenBSD and Qubes OS don't guarantee >> perfect security. >> Qubes OS has a different take on

Re: Qubes-OS is "fake" security

Qubes os is just linux with a gui for some kvm vms(it sux) On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD <lampsh...@poczta.fm> wrote: > >Both OpenBSD and Qubes OS don't guarantee >perfect security. >Qubes OS has a different take on security >than OpenBSD. Both have

Re: Qubes-OS is "fake" security

Both OpenBSD and Qubes OS don't guarantee perfect security. Qubes OS has a different take on security than OpenBSD. Both have different advantages and disadvantages. Physical separation is more expensive and you need to transport more devices from place to place. Qubes OS lets you run mainstream

Re: Qubes-OS is "fake" security

;bluechildcry...@yandex.com>: >Hi, > >I am at novice level of security, studying and trying to understand >some of the different aspects of running an OS and applications as >securely as possible. > >I have been running OpenBSD for years and understand a little of what's >b

Qubes-OS is "fake" security

Hi, I am at novice level of security, studying and trying to understand some of the different aspects of running an OS and applications as securely as possible. I have been running OpenBSD for years and understand a little of what's being done to make it more secure, albeit not the technical

Re: Qubes-OS is "fake" security

il [ http://yandex.ru ] 5.0 From: Kim Blackwood <bluechildcry...@yandex.com> To: misc@openbsd.org Subject: Qubes-OS is "fake" security Date: Fri, 12 May 2017 03:41:05 +0200 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Is it the holidays or something?

Re: WPA2 dhcp fails on iwi after 3/1/17 security fix (#018)

On Wed, 29 Mar 2017, Stefan Sperling wrote: On Wed, Mar 29, 2017 at 04:10:15PM +0200, Stefan Sperling wrote: New diff which fixes another problem where the iwi(4) firmware won't receive data frames which are protected with RTS frames. This diff makes iwi(4) work against WPA2 11n athn(4)

Re: WPA2 dhcp fails on iwi after 3/1/17 security fix (#018)

On Wed, Mar 29, 2017 at 04:10:15PM +0200, Stefan Sperling wrote: > New diff which fixes another problem where the iwi(4) firmware won't > receive data frames which are protected with RTS frames. This diff > makes iwi(4) work against WPA2 11n athn(4) hostap. Committed. This fix will be in 6.1.

Re: WPA2 dhcp fails on iwi after 3/1/17 security fix (#018)

On Wed, Mar 29, 2017 at 12:22:32PM +0200, Stefan Sperling wrote: > On Wed, Mar 29, 2017 at 10:50:07AM +0200, Stefan Sperling wrote: > > iwi(4) is being stupid and does not forward state changes to the > > net80211 stack. It is a wonder this driver even works at all. > > Please ignore the previous

Re: WPA2 dhcp fails on iwi after 3/1/17 security fix (#018)

On Wed, Mar 29, 2017 at 10:50:07AM +0200, Stefan Sperling wrote: > iwi(4) is being stupid and does not forward state changes to the > net80211 stack. It is a wonder this driver even works at all. Please ignore the previous diff. I misunderstood how iwi(4) implements state transitions. It is a bit

Re: WPA2 dhcp fails on iwi after 3/1/17 security fix (#018)

On Tue, Mar 28, 2017 at 11:22:17PM -0500, bg2...@jamesjerkinscomputer.com wrote: > I follow i386 stable and after applying the WPA1/WPA2 MITM fix to 6.0 (#018) > I can no longer obtain an IP address via dhclient when WPA2 is in use. This > happens with both PSK and enterprise modes (via

WPA2 dhcp fails on iwi after 3/1/17 security fix (#018)

I follow i386 stable and after applying the WPA1/WPA2 MITM fix to 6.0 (#018) I can no longer obtain an IP address via dhclient when WPA2 is in use. This happens with both PSK and enterprise modes (via wpa_supplicant). Wireless (iwi0) connections without encryption work fine. I tried the

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

On Thu, 19 Jan 2017 15:51:53 +0100, Nicolas Schmidt wrote: > Am 19.01.2017 um 12:21 schrieb Theo de Raadt : > >>> Then may I suggest to add an option to disable this behaviour for specific >>> mounts? >> >> No. >> >> NFS always required reserved ports. > > Do you mean that

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

Am 19.01.2017 um 12:21 schrieb Theo de Raadt : >> Then may I suggest to add an option to disable this behaviour for specific mounts >> ounts? > > No. > > NFS always required reserved ports. Do you mean that the "reserved ports restriction" is required as part of the NFS

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

he NetBSD man for exports: "The -noresvport option specifies that NFS RPC calls for the filesystem do not have to come from reserved ports. Normally, clients are required to use reserved ports for operations. Using this option decreases the security of your system."

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

right place to make this suggestion. > >Currently (at least on 5.8, I haven't upgraded yet), the nfs daemon refuses to >accept a mount request if it comes from a non-privileged port (>= >IPPORT_RESERVED). As I understand, this was once a 'security feature' in the >time of mainframes,

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

Nicolas Schmidt wrote: > Currently (at least on 5.8, I haven't upgraded yet), the nfs daemon refuses to > accept a mount request if it comes from a non-privileged port (>= > IPPORT_RESERVED). As I understand, this was once a 'security feature' in the > time of mainframes, when acc

IPPORT_RESERVED 'security' check in nfsd obsolete?

(>= IPPORT_RESERVED). As I understand, this was once a 'security feature' in the time of mainframes, when access to computer was restricted. In any case, I believe this behaviour should be changed as it does not provide security, and also leads to problems: for example, it means one has to

OpenIKED client DHCP issue (endpoint to security gateway tunnel; psk auth)

Hi, I am experimenting with the following setup, which allows me to establish a connection from OpenBSD client to OpenIKED server on OpenBSD. Both machines run OpenBSD-stable. --- // Server config $ cat /etc/iked.conf ikev2 "vpnserver at aa.bb.cc.dd" passive esp \  from 0.0.0.0/0 to 0.0.0.0/0 \

Re: What is the difference between the security of HardenedBSD, security of FreeBSD, security of NetBSD, security of OpenBSD and security of DragonflyBSD?

The rank would be probably (if only counting the OS itself, no ports, no custom things, responsible admin): 1. OpenBSD 2. HardenedBSD the remaining are not security oriented. From what are you trying to defend? > Sent: Monday, November 07, 2016 at 1:32 PM > From: "SOUL_OF_ROOT 55&

Re: What is the difference between the security of HardenedBSD, security of FreeBSD, security of NetBSD, security of OpenBSD and security of DragonflyBSD?

Make your homework and come back to this list to ask questions when you have real ones.

Re: What is the difference between the security of HardenedBSD, security of FreeBSD, security of NetBSD, security of OpenBSD and security of DragonflyBSD?

On 2016-11-07 20:32, SOUL_OF_ROOT 55 wrote: Sorry for this question: What is the difference between the security of HardenedBSD, security of FreeBSD, security of NetBSD, security of OpenBSD and security of DragonflyBSD? Thank you Mate, your questions come off as very general, maybe too

What is the difference between the security of HardenedBSD, security of FreeBSD, security of NetBSD, security of OpenBSD and security of DragonflyBSD?

Sorry for this question: What is the difference between the security of HardenedBSD, security of FreeBSD, security of NetBSD, security of OpenBSD and security of DragonflyBSD? Thank you

Re: security(8) doesn't know about mailbox locks

> itself temporarily creates a lock file in /var/mail: > > -rw--- 1 root wheel 0 Oct 21 23:55 meunier.lock > > At the same time, /etc/daily runs /usr/libexec/security. The > check_mailboxes function in that file loops over all the files in > /var/mail and checks whether

Re: security(8) doesn't know about mailbox locks

Kamil Cholewiński wrote: >Try using aliases(5) instead Okay, but still, security(8) ought not to generate bogus warnings regardless of the method used to forward emails (and there are also probably other ways that a lock file might end up in /var/mail, using a .forward file just happ

Re: security(8) doesn't know about mailbox locks

On Fri, 21 Oct 2016, Philippe Meunier wrote: > When cron runs /etc/daily, that script runs df and netstat and the > output is sent by email to root. On my system, emails to root are > forwarded to local user meunier using /root/.forward. The forwarding > itself temporarily

security(8) doesn't know about mailbox locks

0 Oct 21 23:55 meunier.lock At the same time, /etc/daily runs /usr/libexec/security. The check_mailboxes function in that file loops over all the files in /var/mail and checks whether the owner of the file matches the name of the file. If check_mailboxes happens to be running exactly at the same

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

presence of Intel AMT... It's not just Intel either: https://www.amd.com/en-us/innovations/software-technologies/security Catering to low-level laziness at the expense of everyone who dares use these chips. There appears to be a niche market possibly emerging in Russia as a result of this kind of t

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On 14.10.16 22:48, Raul Miller wrote: On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com wrote: " The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Sun, Oct 16, 2016 at 08:37:54PM +0200, Peter Janos wrote: > use S for extras security at the expense of performance. Use other options > only if you know what you are doing and have specific needs. > BTW, ssh and sshd enable S by themselves. >   > -Otto Some background on th

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Sun, Oct 16, 2016 at 07:10:54PM -0500, Patrick Dohman wrote: > > > nonsense. daily security is mailed *if it is non-empty*. Same goes for > > weekly and mothly. > > > > -Otto > > i guess that’s explains why the output of who was omitted from the inse

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

There needs to be a new law like Godwin's Law that states that any technical discussion will eventually and inevitably lead to Hitchhiker's Guide references. But to follow on from what Raul said, it may be impossible to make your system 100% secure without violating part 15 of the FCC rules,

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

> nonsense. daily security is mailed *if it is non-empty*. Same goes for > weekly and mothly. > > -Otto i guess that’s explains why the output of who was omitted from the insecurity out

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

use S for extras security at the expense of performance. Use other options only if you know what you are doing and have specific needs. BTW, ssh and sshd enable S by themselves.   -Otto   -> so "S" is the best way, Thanks! :)   Sent: Friday, October 14, 2016 at 12:20 PM From: "

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

... Still nothing about NSA or other conspiracies in security field?

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Sat, Oct 15, 2016 at 03:57:57PM -0500, Patrick Dohman wrote: > The daily security out being emailed is also default disabled ;) > > The monthly & weekly outs never seem to work either. nonsense. daily security is mailed *if it is non-empty*. Same goes for weekly and mothly. -Otto

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Fri, 14 Oct 2016 20:50:20 +0200 "thrph.i...@gmail.com" wrote: > or this kind... > > " The only truly secure system is one that is powered off, cast in a > block of concrete and sealed in a lead-lined room with armed guards - > and even then I have my doubts. " > It

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

The daily security out being emailed is also default disabled ;) The monthly & weekly outs never seem to work either. Regards Patrick > On Oct 15, 2016, at 11:20 AM, Peter Janos <peterjan...@mail.com> wrote: > > remote supervisor/console solutions are still turned on while

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

i...@gmail.com> > Cc: "OpenBSD general usage list" <misc@openbsd.org> > Subject: Re: What are the security features in OpenBSD 6.0 that are by > default disabled? > On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com > <thrph.i...@gmail.com> wrote: >>

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

gt; To: "thrph.i...@gmail.com" <thrph.i...@gmail.com> Cc: "OpenBSD general usage list" <misc@openbsd.org> Subject: Re: What are the security features in OpenBSD 6.0 that are by default disabled?On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com <thrph.i...@gmail.

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On 2016-10-15 02:03:54, Joel Sing wrote: > > The number of rounds specified for bcrypt_pbdkf(3) is linear, not logarithmic > (unlike bcrypt(3)). That said, the processing required for each round is > significantly higher than that of pkcs5_pbkdf2(3) (using `bioctl -r auto

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com wrote: > " The only truly secure system is one that is powered off, cast in a block of > concrete and sealed in a lead-lined room with armed guards - and even then I > have my doubts. " Powered off works surprisingly

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Fri, 14 Oct 2016 21:20:23 +0300 Mihai Popescu <mih...@gmail.com> wrote: > > ... > > Prepare now for posts on this thread showing that if he/she runs a > proper OS, everybody can be a security expert. > > Have fun! > or this kind... " The only truly secur

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

> ... Prepare now for posts on this thread showing that if he/she runs a proper OS, everybody can be a security expert. Have fun!

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Friday 14 October 2016 18:19:21 Bryan Linton wrote: > On 2016-10-14 09:21:24, Peter Janos wrote: > > Hello, > > > > [snip] > > > > ps.: it would be nice to have a feature in the default installer to > > install > > with full disc encryption :) we still have to escape to

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On Fri, Oct 14, 2016 at 09:21:24AM +0200, Peter Janos wrote: > Hello, > > I know some features that can give additional security isn't turned on due to > because of the bad quality of the code in ports and some also decreases > performance (or disables a feature, ex.: screenlo

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On 2016-10-14, Peter Janos <peterjan...@mail.com> wrote: > Make as many files immutable with "chflags schg filenamehere" as you can. This could be seen as an *in*security feature because now it's an utter pain to update software that has bugs.

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

On 2016-10-14 09:21:24, Peter Janos wrote: > Hello, > > [snip] > > ps.: it would be nice to have a feature in the default installer to install > with full disc encryption :) we still have to escape to shell during install > and ex.: > > install60.iso > (S)hell > dmesg |

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

Hi, i just want to say that those security messures you describe here don't improve the security for every user or use case. Everybody should know exactly what he is doing bevore enabling or changing them. I think if you use such security messures you better should be able to help yourself if you

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

hat can give additional security isn't turned on due to > because of the bad quality of the code in ports and some also decreases > performance (or disables a feature, ex.: screenlock doesn't work if nosuid > set, but if feature not used, nousid can be used). > > I only know

What are the security features in OpenBSD 6.0 that are by default disabled?

Hello, I know some features that can give additional security isn't turned on due to because of the bad quality of the code in ports and some also decreases performance (or disables a feature, ex.: screenlock doesn't work if nosuid set, but if feature not used, nousid can be used). I only know

Re: security(8) question - how to skip a single file?

Thanks, Vijay. That’s exactly what I couldn’t find in the documentation. (Now that I know what to look for, I see the line in security(8)’s manpage that I overlooked.) CC’ing list to help the next person with this question… -Aadm From: Vijay Sankar [mailto:vsan...@foretell.ca] Sent

security(8) question - how to skip a single file?

I have RTFMed and googled, but I still can’t figure out how to do one simple thing: make security(8) ignore a single file that changes on a daily basis, where that file is otherwise monitored due to /etc/mtree/4.4BSD.dist. The file in question is /var/unbound/db/root.key, which I have auto

Re: security(8) question - how to skip a single file?

On Thu, Oct 06, 2016 at 08:17:02AM -0500, Adam Thompson wrote: > I have RTFMed and googled, but I still can???t figure out how to do one simple > thing: make security(8) ignore a single file that changes on a daily basis, > where that file is otherwise monitored due to /etc/mtree/4.

Re: Security updates and packages

Hi, on a lighter note, 'cause i usually (with exceptions :) like doing what i like to do better than arguing with people who happen to misunderstand it... Theo de Raadt screamed on Fri, Aug 19, 2016 at 08:25:40AM -0600: > AND WHERE IS THE PONY. Right here:

Re: Security updates and packages

> OK I have done a lot of cutting and I may have put your words out of context, > this isn't intended of course, however I feel when you say "OpenBSD isn't a > PRODUCT" that this just can't be. By that I mean, that I buy every CD that > comes out, a) it has an ISBN number so it's a book (but not

Re: Security updates and packages

> > You never purchased an agreement for it to be serviced. > > I'm not expecting that. But the "hint" that this will not be serviced > should be there. The lack of a promise is enough. > > Then, you stand here and demand things? You sir, are just wastewater. > > I simply suggested a line to

Re: Security updates and packages

> Not "purely" but in common parlance and practice I do regard prompt > installation of fixes for "security flaws" as part of "security" in its > usual sense, yes. Then hire some people to do it. Our crew who cares about a subset of that is at their

Re: Security updates and packages

ucing confusion. > You are labelling "security" as purely "dealing with yesterday's bugs" > essentially for "customers" -- and we don't have customers. Not "purely" but in common parlance and practice I do regard prompt installation of fixes for "sec

Re: Security updates and packages

On 08/19/16 17:43, Theo de Raadt wrote: >>> You even come to the conclusion that such work isn't going to happen >>> for free, but leave the result dangling. Especially since OpenBSD >>> isn't a PRODUCT. If product-servicing is a requirement, first of all >>> choose something which is a PRODUCT,

Re: Security updates and packages

> > You even come to the conclusion that such work isn't going to happen > > for free, but leave the result dangling. Especially since OpenBSD > > isn't a PRODUCT. If product-servicing is a requirement, first of all > > choose something which is a PRODUCT, then choose a PRODUCT VENDOR who > >

Re: Security updates and packages

> You even come to the conclusion that such work isn't going to happen > for free, but leave the result dangling. Especially since OpenBSD > isn't a PRODUCT. If product-servicing is a requirement, first of all > choose something which is a PRODUCT, then choose a PRODUCT VENDOR who > actually

Re: Security updates and packages

Theo de Raadt wrote: Especially since OpenBSD isn't a PRODUCT. If product-servicing is a requirement, first of all choose something which is a PRODUCT, then choose a PRODUCT VENDOR who actually does SERVICING. Nicely put. My open source Ublu (https://github.com/jwoehr/ublu) is currently

Re: Security updates and packages

> > I was wondering if packages for -release would be fixed if a security > > issue is found in one of these third party programs, which could be > > updated with pkg_add -u. > > It's a good question. I was quite amused to notice the juxtaposition of: > > ] Our

Re: Security updates and packages

On 2016-08-19, Thuban <thu...@yeuxdelibad.net> wrote: > I was wondering if packages for -release would be fixed if a security > issue is found in one of these third party programs, which could be > updated with pkg_add -u. No, they're not, they're fixed for release and not furthe

Re: Security updates and packages

Hi, haveva look at this: https://stable.mtier.org/ Regards Am 19.08.2016 08:59 schrieb "Thuban" <thu...@yeuxdelibad.net>: > Hello, > I was wondering if packages for -release would be fixed if a security > issue is found in one of these third party programs,

Re: Security updates and packages

On Fri, Aug 19, 2016 at 8:58 AM, Thuban <thu...@yeuxdelibad.net> wrote: > Hello, > I was wondering if packages for -release would be fixed if a security > issue is found in one of these third party programs, which could be > updated with pkg_add -u. > Officiall

Re: Security updates and packages

is a bit weird, since updates do get published, its just that you also need to chip in with a bit of effort if your particular port got a security update in -stable. So the project can still be about security if it does updates, even if you can't just lean back and open your mouth and get spoonfed

Re: Security updates and packages

On 19 Aug 2016, thu...@yeuxdelibad.net wrote: > I was wondering if packages for -release would be fixed if a security > issue is found in one of these third party programs, which could be > updated with pkg_add -u. It's a good question. I was quite amused to notice the juxtaposition o

Security updates and packages

Hello, I was wondering if packages for -release would be fixed if a security issue is found in one of these third party programs, which could be updated with pkg_add -u. Or does someone has to stay up to date and usr ports to upgrade each single package on his system to follow -stable

Apple security bounties

https://techcrunch.com/2016/08/04/apple-announces-long-awaited-bug-bounty-program/ Any security researchers on the list? If you're interested in supporting OpenBSD, Apple might match the bug bounty toward a certain Canadian not-for-profit foundation.

Re: [Job] Security Architect, Edinburgh, Scotland - £50k+

At first I though it was spam, then I notice it was addressed to misc. Oh, okay.

[Job] Security Architect, Edinburgh, Scotland - ?50k+

Hello, This has been repeatedly advertised over the last few weeks;- http://www.JobServe.Co.UK/Eo4Sa I've no connection with it, or the agency, but it might be somebody's cup of tea. Usual British hours are 37.5/week, ~30 days paid holiday & monthly pay.

Re: httpd. chroot, security and user homepage

irectories follow the same pattern as the directories, I'd say so. > > Johan > > > > 30 juni 2016 kl. 19:54 skrev Alexander Hall <alexan...@beard.se>: > > > > On Wed, Jun 29, 2016 at 09:37:36PM +0200, Stefan Sperling wrote: > >> On Wed, Jun 29, 2016

Re: httpd. chroot, security and user homepage

Johan > 30 juni 2016 kl. 19:54 skrev Alexander Hall <alexan...@beard.se>: > > On Wed, Jun 29, 2016 at 09:37:36PM +0200, Stefan Sperling wrote: >> On Wed, Jun 29, 2016 at 08:15:35PM +0200, Johan Tärnklint wrote: >>> Seeking advice / security tips. >>> >>

Re: httpd. chroot, security and user homepage

On Wed, Jun 29, 2016 at 09:37:36PM +0200, Stefan Sperling wrote: > On Wed, Jun 29, 2016 at 08:15:35PM +0200, Johan Tärnklint wrote: > > Seeking advice / security tips. > > > > Is it safe to create /var/www/htdocs/user1 and symlink to their home > > folder? > >

Re: httpd. chroot, security and user homepage

On Wed, Jun 29, 2016 at 08:15:35PM +0200, Johan Tärnklint wrote: > Seeking advice / security tips. > > Is it safe to create /var/www/htdocs/user1 and symlink to their home folder? > > Then set permissions to user1:www on /var/www/htdocs/user1 ? > > Does it break the chroo

httpd. chroot, security and user homepage

Seeking advice / security tips. Is it safe to create /var/www/htdocs/user1 and symlink to their home folder? Then set permissions to user1:www on /var/www/htdocs/user1 ? Does it break the chroot? Is it safe? Better solution? New OpenBSD user and very happy. Thanks in advance. Johan

Re: Creating a blog using OpenBSD: technology choices and security considerations

ystems as they often require many PHP functions and often think of security as an after thought. -- KISSIS - Keep It Simple So It's Securable

Re: Creating a blog using OpenBSD: technology choices and security considerations

Hi David, On 2016-04-27 Wed 00:54 AM |, David Lou wrote: > > a blog. Honestly, for now I just want a piece of the web that I own, > where I can just post whatever I want. It could just be that I have > something I want to share with friends or colleagues, and I can > direct them to a URL that

Re: Creating a blog using OpenBSD: technology choices and security considerations

Hi David, On 2016-04-27 Wed 00:54 AM |, David Lou wrote: > Instead of a comment section, which seems > like a headache, I'll just replace it with an email address so a > reader can reach me if he/she really wanted to. Though I'm not sure > what's the best way to prevent spam (or other ways in

Re: Creating a blog using OpenBSD: technology choices and security considerations

Folks, move the cheap chat bazar to somewhere else, please. I am pretty sure anyone is a blog expert those days. I damn hope you will not bring in the Google Ad Sense program or other crazy thing related. Thank you.

Re: Creating a blog using OpenBSD: technology choices and security considerations

> So, given all the feedback I got, I'm gonna adjust my proposed > project a bit. It's just gonna be a web server, and a bunch of static > content pages. You guys proposed many different solutions for these-- > I haven't had the chance yet but I'll need to assess which one I'm > going to use I

Re: Creating a blog using OpenBSD: technology choices and security considerations

On 04/26/2016 04:47 AM, Erling Westenvik wrote: $ pkg_info blogsum I use(d) Blogsum, but last I looked it pulled in Apache 1.3. I tried and failed to get it working under the new httpd chroot (too many Perl dependencies). I have a better understanding of httpd now, but I've lost

Re: Creating a blog using OpenBSD: technology choices and security considerations

David Lou wrote: > (btw, isn't the "built-in" httpd webserver just Apache? Google seems > to tell me that they're synonyms) Nope, Apache was bundled a long time ago and was replaced with Nginx, which was replaced with httpd in July 2014. httpd is an HTTP server that is developed in the OpenBSD

Re: Creating a blog using OpenBSD: technology choices and security considerations

Hello, Wow, thank you for all responses. I did not expect this many. You guys are really helpful! I had a feeling my original plan was too complicated. I appreciate that you guys are pointing it out. Honest feedback is good feedback. No need to spare any feelings if I'm doing something wrong. :)

Re: Fwd: Creating a blog using OpenBSD: technology choices and security considerations

> Anyway, if you wnat to add comments to a static site, you can host it yourself instead of using Disqus. Disqus is unfortunately Linux only due to Docker. There's an effort to port Docker to FreeBSD but I haven't tested it yet. Disqus, being Ruby on Rails, could be deployed like a conventional

Fwd: Re: Creating a blog using OpenBSD: technology choices and security considerations

On 2016-04-26 14:24, Kamil Cholewiński wrote: On Tue, 26 Apr 2016, ra...@openmailbox.org wrote: If you want to make a dynamic "web application" then consider using ur/web [1]. The programming language itself protects against SQL injection, XSS attacks, CSRF attacks. I hate to bring the bad

Re: Creating a blog using OpenBSD: technology choices and security considerations

set of requirements for a 1 man show. You can abandon reading now & order it from a commercial support vendor. > > I'm shying away from popular solutions such as WordPress because > > (1) I'm not sure if it even installs on OpenBSD and more importantly > > (2) I'm not convinced tha

Re: Creating a blog using OpenBSD: technology choices and security considerations

Tue, 26 Apr 2016 12:36:32 +0200 Kamil Cholewiński > On Tue, 26 Apr 2016, li...@wrant.com wrote: > > Reality check, structured text presentation beats any sort of generator: > > > > [https://en.wikipedia.org/wiki/Lightweight_markup_language] > > I agree with using an LML, but

Re: Creating a blog using OpenBSD: technology choices and security considerations

On 04/26, David Lou wrote: When I say 'blog', I'm referring to a website that contains essentially many pages of content. Each content page has attributes such as title, date, category, tags, and so on. When a user browsers this website, the content pages are served in a visually attractive

Re: Fwd: Creating a blog using OpenBSD: technology choices and security considerations

The thing you should ask yourself is "what do I really need?" before installing a huge and useless CMS. +1 for a static site generator. I use swx [1] on my own, its just a markdown converter with some script to add rss feed, sitemap and so. But there are so many. There is also many small blog

Re: Creating a blog using OpenBSD: technology choices and security considerations

On Tue, 26 Apr 2016, ra...@openmailbox.org wrote: > If you want to make a dynamic "web application" then consider using > ur/web [1]. The programming language itself protects against SQL > injection, XSS attacks, CSRF attacks. I hate to bring the bad news, but this language / framework has

Re: Creating a blog using OpenBSD: technology choices and security considerations

because (1) I'm not sure if it even installs on OpenBSD and more importantly (2) I'm not convinced that it adheres to the OpenBSD principles of correctness and proactive security. Hello, and welcome. A static website generator is a safe bet. You can use bashblog or any similar alternative

Fwd: Creating a blog using OpenBSD: technology choices and security considerations

If I'm not mistaken Obama used Jekyll (https://jekyllrb.com/) for his campaign. --Murk -- Forwarded message -- From: Kristaps Dzonsons <krist...@bsd.lv> Date: Tue, Apr 26, 2016 at 2:10 PM Subject: Re: Creating a blog using OpenBSD: technology choices and security consider

Re: Creating a blog using OpenBSD: technology choices and security considerations

FWIW, I use my own http://kristaps.bsd.lv/sblg all the time. It just knits together HTML (XML style) articles via a Makefile. No python or markdown or any crap. Not sure if it's in ports yet. (I think A. Bentley had one?)

Re: Creating a blog using OpenBSD: technology choices and security considerations

Hi David: I'd recommend you using a static content generator like pelikan (which is in ports). The generator is written in python but the content is static. Regards. Pablo On Tue, Apr 26, 2016 at 12:54 PM, Murk Fletcher wrote: > Hi! > > Both Perl and PHP are dying

Re: Creating a blog using OpenBSD: technology choices and security considerations

> This is infantile, and stupid beyond acceptable. [...snip...] Bullshit. Usually when people get this emotional it's because they either a) spent their entire lifes learning one of these obsolete languages and are now getting defensive, b) never actually built anything that people want to use.

<    1   2   3   4   5   6   7   8   9   10   >