Haters please go off-list, identity is not relevant on a discussion list, I do
not need attention nor personal implication. I'd be delighted to speak about
privacy and stuff with my detractors, off-list.
SELinux is another debate, I don't want to waste your time with it. Thanks for
your participat
* pourl...@hushmail.com [2010-06-22 21:31]:
> Their official explanation
sorry, but we have vacancies in our PR department, expect no
"official" explanations anytime soon
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
pourl...@hushmail.com wrote:
There will always be OpenBSD haters, I want to be able to have a
constructive, fact based discussion with them.
If someone HAS valuable information, they can reply directly,
without replying to misc. Thank you.
fact: you are some douchebag who is late to
The PaX guys got their panties in a knot because they wanted credit for
being first or something which they can have all day long.
The OpenBSD code was developed in oblivion to PaX.
So that guy still has an axe to grind because he wants something out of
it. Not sure what though.
I'll declare hi
2010/6/24 STeve Andre'
>
> On Thursday 24 June 2010 12:52:35 pourl...@hushmail.com wrote:
> > On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn
> >
> > wrote:
> > >On Tue, Jun 22, 2010 at 7:26 PM, wrote:
> > >> I do not wish to begin a troll-like thread, I just want the
> > >
> > >truth.
> > >
> >
On Thursday 24 June 2010 12:52:35 pourl...@hushmail.com wrote:
> On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn
>
> wrote:
> >On Tue, Jun 22, 2010 at 7:26 PM, wrote:
> >> I do not wish to begin a troll-like thread, I just want the
> >
> >truth.
> >
> >yes you do; no you don't.
> >no one cares; p
On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn
wrote:
>On Tue, Jun 22, 2010 at 7:26 PM, wrote:
>>
>> I do not wish to begin a troll-like thread, I just want the
>truth.
>
>yes you do; no you don't.
>no one cares; please go away.
You are wrong, if you are unable to reply properly to my request
pourl...@hushmail.com wrote:
...rehashed old crap...
Anyone can say, "I want a car that flies" or "I want a non-polluting
power source". There is no skill in this, by itself.
The first bit of magic is coming up with a demonstration doing it.
The next bit of magic is actually making it practi
Quote from theo :
- " our kernels have no bugs "
On Tue, 22 Jun 2010 21:26:18 +0200, pourl...@hushmail.com wrote:
> Hello misc,
>
> I was wondering if these accusations against OpenBSD were true,
> I doubt he is lying, maybe he is just not telling the whole truth.
>
> http://www.uaoug.org.ua/
On Tue, Jun 22, 2010 at 7:26 PM, wrote:
>
> I do not wish to begin a troll-like thread, I just want the truth.
yes you do; no you don't.
no one cares; please go away.
Hello misc,
I was wondering if these accusations against OpenBSD were true,
I doubt he is lying, maybe he is just not telling the whole truth.
http://www.uaoug.org.ua/archive/msg01088.html
The first part is irrelevant, Linux may have implemented the sysctl
switch before OpenBSD.
However, thei
On 11/9/2009 11:38 AM, Dale Rahn wrote:
I would love to see a decent (cortex based?) arm laptop/netbook.
But this one isn't: 64MB ram, 800x480 resolution, unmentioned arm processor
at unmentioned MHz, WindowsCE instead of linux?
There's also no evidence of its existence on the manufacturer's w
On Mon, Nov 09, 2009 at 08:59:55PM +0100, Martin Schr?der wrote:
> 2009/11/9 Laurens Vets :
> > Tbh, I was just replying to Dale's comment: "I would love to see a decent
> > (cortex based?) arm laptop/netbook."
>
> Anybody tried porting OBSD to the Nokia N800++?
>
I wanted to try at one point in
2009/11/9 Laurens Vets :
> Tbh, I was just replying to Dale's comment: "I would love to see a decent
> (cortex based?) arm laptop/netbook."
Anybody tried porting OBSD to the Nokia N800++?
Best
Martin
Ted Unangst wrote:
On Mon, Nov 9, 2009 at 12:40 PM, Laurens Vets wrote:
Dale Rahn wrote:
But this one isn't: 64MB ram, 800x480 resolution, unmentioned arm
processor
at unmentioned MHz, WindowsCE instead of linux?
The Always Innovating Touch Book maybe?
http://www.alwaysinnovating.com/home/in
Dave Wilson wrote:
Toni Mueller wrote:
It's not like I was in love with x86/amd64, but it's *really*hard* to
go for something else.
Further to this, if anyone is aware of any non-x86/x64 machines which
are of similar bang-for-buck as off-the-shelf PCs, I for one would be
*very* interested to k
On Mon, Nov 9, 2009 at 12:40 PM, Laurens Vets wrote:
> Dale Rahn wrote:
>> But this one isn't: 64MB ram, 800x480 resolution, unmentioned arm
>> processor
>> at unmentioned MHz, WindowsCE instead of linux?
>
> The Always Innovating Touch Book maybe?
>
> http://www.alwaysinnovating.com/home/index.ht
Dale Rahn wrote:
On Sun, Nov 08, 2009 at 11:19:39PM -0500, Steve Shockley wrote:
On 11/8/2009 1:17 PM, Dave Wilson wrote:
An ARM laptop would be especially win :-)
http://www.6ave.com/shop/Product.aspx?sku=VSLVL760-4GB
Was on sale recently for $150 shipped. No clue if it sucks.
I would lov
On Sun, Nov 08, 2009 at 11:19:39PM -0500, Steve Shockley wrote:
> On 11/8/2009 1:17 PM, Dave Wilson wrote:
> >An ARM laptop would be especially win :-)
>
> http://www.6ave.com/shop/Product.aspx?sku=VSLVL760-4GB
>
> Was on sale recently for $150 shipped. No clue if it sucks.
>
I would love to se
On 11/8/2009 1:17 PM, Dave Wilson wrote:
An ARM laptop would be especially win :-)
http://www.6ave.com/shop/Product.aspx?sku=VSLVL760-4GB
Was on sale recently for $150 shipped. No clue if it sucks.
Then here it is http://www.alwaysinnovating.com/touchbook/
On Sun, Nov 8, 2009 at 7:17 PM, Dave Wilson wrote:
> Toni Mueller wrote:
>>
>> now you only need to educate "us" about how such machines can be used
>> in an economic fashion.
>>
>> Blaming people for not running PDA cpus for core routers
Toni Mueller wrote:
>
> now you only need to educate "us" about how such machines can be used
> in an economic fashion.
>
> Blaming people for not running PDA cpus for core routers or not
> shelling out $40k for Niagara machines (supported by OpenBSD???) when
> these are even outperformed by $4k
Hi,
On Fri, 06.11.2009 at 13:41:13 +0200, Lars Nooden
wrote:
> Unless you aren't running shit-for-architecture x86 systems still.
> It is 2009 and there are sparc, mips, freescale and arm on the market.
now you only need to educate "us" about how such machines can be used
in an economic fashion
2009/11/5 Justin Smith :
> "By default, Ubuntu 8.04 and later with a non-zero
> /proc/sys/vm/mmap_min_addr setting were not vulnerable."
>
> Ubuntu 8.04 released in 2008 april.
They've moved on from this then...
http://ubuntuforums.org/showthread.php?t=143334
2009/11/5 Tobias Ulmer :
> Dear sweetheart,
>
> On Thu, Nov 05, 2009 at 01:12:58AM +0100, Claire beuserie wrote:
>> Yes, I know, I was present in the room when Illja gave the talk in 2006 at
>> the CCC Kongress and the two OpenBSD developers in the room decided to
>> completely ignore the exploit h
Dear sweetheart,
On Thu, Nov 05, 2009 at 01:12:58AM +0100, Claire beuserie wrote:
> Yes, I know, I was present in the room when Illja gave the talk in 2006 at
> the CCC Kongress and the two OpenBSD developers in the room decided to
> completely ignore the exploit he showed until Miod reproduced it
Ok to add more idiotic ideas to debate about Linux/MS and
interoperability and so on why not add this one?
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2620&blogid=
14
EU Wants to Re-define bClosedb as bNearly Openb
'.While there is a correlation between openness
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason wrote:
> Wine is a good idea, but it's stifling an even better idea - making
> applications compatible across multiple OSes, something that hasn't
> needed to be done in the M$ world because of the stranglehold they
> had/have over the consumer market
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason wrote:
> Wine is a good idea, but it's stifling an even better idea - making
> applications compatible across multiple OSes, something that hasn't
> needed to be done in the M$ world because of the stranglehold they
> had/have over the consumer market
On Wed, Nov 4, 2009 at 1:48 PM, Henry Sieff wrote:
> On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen wrote:
>
> [SNIP]
>
>> I realize that I'm preaching to the choir -- you know all this. But I
>> think it's a mistake for (especially) the OpenBSD community to speak
>> of OpenBSD as just about securi
On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen wrote:
[SNIP]
> I realize that I'm preaching to the choir -- you know all this. But I
> think it's a mistake for (especially) the OpenBSD community to speak
> of OpenBSD as just about security, when it's so much more than that.
I think I would rephra
Matthias Kilian wrote:
> And if you install something like wine, the knob is set back to 0,
> probably without any notice (at least in ubuntu-8.10).
That can explain why it's off on my system (karmic koala).
By the way, this is from the debian wiki:
Debian 5.0.3 ships with a default mmap_min_add
Ross Cameron wrote:
> Actually no it was turned on.
This is from the commit to the Linux kernel:
"The amount of space protected is indicated by the new proc tunable
proc/sys/vm/mmap_min_addr and defaults to 0, preserving existing behavior."
It was turned off, 0 means no protection.
And it is totally on on *all* 90239490234873984 distros right?
On Wed, Nov 04, 2009 at 06:43:14PM +0200, Ross Cameron wrote:
> On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt
> wrote:
> >> > For the record, this particular problem was resolved in OpenBSD a
> >> while back, in 2008.
> >>
> >> Nice,
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote:
> On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries wrote:
> > Penned by Justin Smith on 20091104 15:45.33, we have:
> > | Theo wrote:
> > |
> > | > For the record, this particular problem was resolved in OpenBSD a
> > | while back, in 2008
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote:
> > And now we get into the fun stuff.
> >
> > Ever heard of 'secure by default' ?
> >
> > This knob is set to '0' by default.
> >
> > How many Linux installations actually read the above paragraph, understood
> > what value it could hav
On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt
wrote:
>> > For the record, this particular problem was resolved in OpenBSD a
>> while back, in 2008.
>>
>> Nice, but:
>>
>> "Since 2.6.23, it has been possible to prevent applications from
>> mapping low pages (to prevent null pointer dereferencing in
On Wed, Nov 4, 2009 at 10:55 AM, Justin Smith wrote:
> "By default, Ubuntu 8.04 and later with a non-zero
> /proc/sys/vm/mmap_min_addr setting were not vulnerable."
>
> Ubuntu 8.04 released in 2008 april.
Ubuntu 8 also ships with a setuid pulseaudio by default, which renders
the mmap_min_addr pro
> -Urspr|ngliche Nachricht-
> Von: "Donald Allen"
> Gesendet: 04.11.09 14:23:04
> An: misc@openbsd.org
> Betreff: Re:
http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
...
> I realize that I'm preaching to the choir -- you know all t
On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries wrote:
> Penned by Justin Smith on 20091104 15:45.33, we have:
> | Theo wrote:
> |
> | > For the record, this particular problem was resolved in OpenBSD a
> | while back, in 2008.
> |
> | Nice, but:
> |
> | "Since 2.6.23, it has been possible to preven
> > For the record, this particular problem was resolved in OpenBSD a
> while back, in 2008.
>
> Nice, but:
>
> "Since 2.6.23, it has been possible to prevent applications from
> mapping low pages (to prevent null pointer dereferencing in the
> kernel) via the /proc/sys/vm/mmap_min_addr sysctl, w
Penned by Justin Smith on 20091104 15:45.33, we have:
| Theo wrote:
|
| > For the record, this particular problem was resolved in OpenBSD a
| while back, in 2008.
|
| Nice, but:
|
| "Since 2.6.23, it has been possible to prevent applications from
| mapping low pages (to prevent null pointer dere
Otto Moerbeek wrote:
On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote:
Theo wrote:
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
"Since 2.6.23, it has been possible to prevent applications from
mapping low pages
On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote:
> Theo wrote:
>
> > For the record, this particular problem was resolved in OpenBSD a
> while back, in 2008.
>
> Nice, but:
>
> "Since 2.6.23, it has been possible to prevent applications from
> mapping low pages (to prevent null poi
Theo wrote:
> For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
"Since 2.6.23, it has been possible to prevent applications from
mapping low pages (to prevent null pointer dereferencing in the
kernel) via the /proc/sys/vm/mmap_min_addr sysctl, whic
On Wed, 4 Nov 2009 at 1:46 PM, Aaron Mason
wrote:
>On Wed, Nov 4, 2009 at 1:04 PM, Gonzalo Lionel Rodriguez
> wrote:
>> 2009/11/3 Claire beuserie :
>>> Hi,
>>>
>>> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt
>> wrote:
>>>
2) At least three of our developers were aware of this exploitation
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote:
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote:
>
> > 2) At least three of our developers were aware of this exploitation
> > method going back perhaps two years before than the commit, but we
> > gnashed our te
Claire beuserie writes:
> That came out a bit weird: are you saying you knew about the bug for 2 years
> but did not fix it?
Yes. Because the solution sucks. And all others we tried were just not
workable.
Just like we knew that executable stacks can be used for exploits and
didn't fix that for
>From http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ :
> or desktop environments such as Wine
For some definitions of "desktop environments".
2009/11/3 Gilles Chehade :
> On Tue, Nov 03, 2009 at 04:58:25PM -0700, Theo de Raadt wrote:
>> [bcc'd to Dan Goodin @ theregister]
>>
>> If anyone wants a choice quote from me about the recent Linux holes,
>> this is what I have to say:
>>
>> Linus is too busy thinking about masturabating monke
> Theo de Raadt wrote:
> >http://article.gmane.org/gmane.linux.kernel/706950
> >
> >
> >
> I replaced Linux around '01 or '02 with OpenBSD both at companies I've
> worked for since and at home. I don't really care what other people use
> for their needs, and I've been neutral in my opinio
Theo de Raadt wrote:
http://article.gmane.org/gmane.linux.kernel/706950
I replaced Linux around '01 or '02 with OpenBSD both at companies I've
worked for since and at home. I don't really care what other people use
for their needs, and I've been neutral in my opinion about Torvalds and
On Wed, Nov 4, 2009 at 1:04 PM, Gonzalo Lionel Rodriguez
wrote:
> 2009/11/3 Claire beuserie :
>> Hi,
>>
>> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt
> wrote:
>>
>>> 2) At least three of our developers were aware of this exploitation
>>> method going back perhaps two years before than the co
My interpretation is that yes, they identified it as a possibility, but
due to limitations of the Intel platform, there wasn't an obvious,
clean, "correct" way to fix it.
I don't think this is a "primary" exploit, however. You would have to
have a buffer overflow or something in some other ap
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote:
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote:
>
> > 2) At least three of our developers were aware of this exploitation
> > method going back perhaps two years before than the commit, but we
> > gnashed our tee
[bcc'd to Dan Goodin @ theregister]
If anyone wants a choice quote from me about the recent Linux holes,
this is what I have to say:
Linus is too busy thinking about masturabating monkeys, he doesn't
have time to care about Linux security.
For the record, this particular problem was reso
On Tue, Nov 03, 2009 at 04:58:25PM -0700, Theo de Raadt wrote:
> [bcc'd to Dan Goodin @ theregister]
>
> If anyone wants a choice quote from me about the recent Linux holes,
> this is what I have to say:
>
> Linus is too busy thinking about masturabating monkeys, he doesn't
> have time to
2009/11/3 Claire beuserie :
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt
wrote:
>
>> 2) At least three of our developers were aware of this exploitation
>> method going back perhaps two years before than the commit, but we
>> gnashed our teeth a lot to try to find other solutions.
Hi,
On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote:
> 2) At least three of our developers were aware of this exploitation
> method going back perhaps two years before than the commit, but we
> gnashed our teeth a lot to try to find other solutions. Clever
> cpu architectures don't ha
59 matches
Mail list logo