The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=4ad443a106d3201453dc4ce0412431df2c0d1a47
commit 4ad443a106d3201453dc4ce0412431df2c0d1a47
Author: John-Mark Gurney
AuthorDate: 2024-10-19 04:52:51 +
Commit: John-Mark Gurney
CommitDate: 2024-10-19
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=4ad443a106d3201453dc4ce0412431df2c0d1a47
commit 4ad443a106d3201453dc4ce0412431df2c0d1a47
Author: John-Mark Gurney
AuthorDate: 2024-10-19 04:52:51 +
Commit: John-Mark Gurney
CommitDate: 2024-10-19
reencrypts the
key w/ a larger number of rounds (and overwrites the backup)... This
would also make it easier to upgrade KDFs if a newer/better one is
added.
[1]
https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure
--
John-Mark Gurney
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=144661f941453e57b1e183bcf3a19633ef242070
commit 144661f941453e57b1e183bcf3a19633ef242070
Author: John-Mark Gurney
AuthorDate: 2023-03-03 09:54:07 +
Commit: John-Mark Gurney
CommitDate: 2023-03-03
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=144661f941453e57b1e183bcf3a19633ef242070
commit 144661f941453e57b1e183bcf3a19633ef242070
Author: John-Mark Gurney
AuthorDate: 2023-03-03 09:54:07 +
Commit: John-Mark Gurney
CommitDate: 2023-03-03
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=13597be965b7bcc7ff2c3c0bc240f3e0acc255cf
commit 13597be965b7bcc7ff2c3c0bc240f3e0acc255cf
Author: John-Mark Gurney
AuthorDate: 2023-03-03 01:03:57 +
Commit: John-Mark Gurney
CommitDate: 2023-03-03
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=13597be965b7bcc7ff2c3c0bc240f3e0acc255cf
commit 13597be965b7bcc7ff2c3c0bc240f3e0acc255cf
Author: John-Mark Gurney
AuthorDate: 2023-03-03 01:03:57 +
Commit: John-Mark Gurney
CommitDate: 2023-03-03
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=2fee8756294820ff9ec6f8d17324e7d8a0a45040
commit 2fee8756294820ff9ec6f8d17324e7d8a0a45040
Author: John-Mark Gurney
AuthorDate: 2023-02-23 20:59:50 +
Commit: John-Mark Gurney
CommitDate: 2023-03-03
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=2fee8756294820ff9ec6f8d17324e7d8a0a45040
commit 2fee8756294820ff9ec6f8d17324e7d8a0a45040
Author: John-Mark Gurney
AuthorDate: 2023-02-23 20:59:50 +
Commit: John-Mark Gurney
CommitDate: 2023-03-03
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=eb81dd8404e55c8e048acfb1cd4f4c3c021afaf4
commit eb81dd8404e55c8e048acfb1cd4f4c3c021afaf4
Author: John-Mark Gurney
AuthorDate: 2023-02-24 05:47:03 +
Commit: John-Mark Gurney
CommitDate: 2023-02-24
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=eb81dd8404e55c8e048acfb1cd4f4c3c021afaf4
commit eb81dd8404e55c8e048acfb1cd4f4c3c021afaf4
Author: John-Mark Gurney
AuthorDate: 2023-02-24 05:47:03 +
Commit: John-Mark Gurney
CommitDate: 2023-02-24
Warner Losh wrote this message on Tue, Feb 21, 2023 at 22:04 -0700:
> On Tue, Feb 21, 2023, 9:37 PM John-Mark Gurney wrote:
>
> > John-Mark Gurney wrote this message on Wed, Feb 22, 2023 at 04:31 +:
> > > The branch main has been updated by jmg:
> > >
> >
Warner Losh wrote this message on Tue, Feb 21, 2023 at 22:04 -0700:
> On Tue, Feb 21, 2023, 9:37 PM John-Mark Gurney wrote:
>
> > John-Mark Gurney wrote this message on Wed, Feb 22, 2023 at 04:31 +:
> > > The branch main has been updated by jmg:
> > >
> >
John-Mark Gurney wrote this message on Wed, Feb 22, 2023 at 04:31 +:
> The branch main has been updated by jmg:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=ee97f198b42d50437f87aa4111d478eca2a5be16
>
> commit ee97f198b42d50437f87aa4111d478eca2a5be16
> Author:
John-Mark Gurney wrote this message on Wed, Feb 22, 2023 at 04:31 +:
> The branch main has been updated by jmg:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=ee97f198b42d50437f87aa4111d478eca2a5be16
>
> commit ee97f198b42d50437f87aa4111d478eca2a5be16
> Author:
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=ee97f198b42d50437f87aa4111d478eca2a5be16
commit ee97f198b42d50437f87aa4111d478eca2a5be16
Author: John-Mark Gurney
AuthorDate: 2023-02-22 02:27:37 +
Commit: John-Mark Gurney
CommitDate: 2023-02-22
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=ee97f198b42d50437f87aa4111d478eca2a5be16
commit ee97f198b42d50437f87aa4111d478eca2a5be16
Author: John-Mark Gurney
AuthorDate: 2023-02-22 02:27:37 +
Commit: John-Mark Gurney
CommitDate: 2023-02-22
s running
> on bare metal, under a hypervisor, or under emulated QEMU,
> except to the extent that it wants to use specific features,
> in which case the question is more "how do I query for the
> existence of feature X?".
Thanks for your help.
--
John-Mark Gurney
ners-for-freebsd-512a6df2bc85
which should get you what you need, ask podman is OCI compliant and
mostly compatible w/ docker, see:
https://soc.crashed.org/objects/2d51da12-7262-4576-bf53-0ea6a61d0da0
The last message is on the dev version of FreeBSD, I'm not sure if it
will run on 13 if you
your help.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
those to
a frequency and necessary delay.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
doesn't work since the tunnel interface needs to see the interface
with the IP to route it to, and since it's in another jail/vnet, it can't
get there.
The closes thing I can think of is putting an epair in w/ the tunnel
interface, and routing the tunnel out of the vnet via the ep
also:
https://cgit.freebsd.org/src/commit/?id=64cbf7cebc3b80a971e1d15124831d84604b9370
FreeBSD just merged in OpenSSL 1.1.1q
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
n] MUA
should tag the post appropriately and each MUA be able to convert as
needed between them.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
signature.asc
Description: PGP signature
n] MUA
should tag the post appropriately and each MUA be able to convert as
needed between them.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
signature.asc
Description: PGP signature
> > receiver
>
>
> Increasing MTU on the Virtio interface and on the TAP interface to 9000 helps
> a little bit:
> getting 8.38Gbit/s guest->host and 10.3Gbit/s host->guest.
>
> Increasing TCP windows size to 1024k only produces more retries and
Rick Macklem wrote this message on Thu, Jun 02, 2022 at 14:44 +:
> John-Mark Gurney wrote:
> > I just booted FreeBSD-current diskless, using NFS root, and I ended
> > up having issues because by default, NFS root is only v2.
> >
> > One of things that happened w
sibly be a way via mount options, but I can't
see where it's documented to set them.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=35dc7f8f5dcd6a061b53b7c526d200320f41c014
commit 35dc7f8f5dcd6a061b53b7c526d200320f41c014
Author: John-Mark Gurney
AuthorDate: 2022-05-12 00:04:14 +
Commit: John-Mark Gurney
CommitDate: 2022-05-26
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=35dc7f8f5dcd6a061b53b7c526d200320f41c014
commit 35dc7f8f5dcd6a061b53b7c526d200320f41c014
Author: John-Mark Gurney
AuthorDate: 2022-05-12 00:04:14 +
Commit: John-Mark Gurney
CommitDate: 2022-05-26
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=50dd2ceaea44d3e5b7aa676c4a6ca3c9dca79a72
commit 50dd2ceaea44d3e5b7aa676c4a6ca3c9dca79a72
Author: John-Mark Gurney
AuthorDate: 2022-05-11 03:14:20 +
Commit: John-Mark Gurney
CommitDate: 2022-05-11
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=50dd2ceaea44d3e5b7aa676c4a6ca3c9dca79a72
commit 50dd2ceaea44d3e5b7aa676c4a6ca3c9dca79a72
Author: John-Mark Gurney
AuthorDate: 2022-05-11 03:14:20 +
Commit: John-Mark Gurney
CommitDate: 2022-05-11
, I'd try to use the example I provided which was putting the
following line in loader.conf:
exec load_geli da0 disk1p3:/path/to/key.file
But update disk1p3 to what ever lsdev from loader tells you to use...
> Am 17.02.22 um 02:24 schrieb John-Mark Gurney:
> > Georg Bege wrote this mes
Andriy Gapon wrote this message on Tue, Feb 15, 2022 at 08:44 +0200:
> On 15/02/2022 01:17, John-Mark Gurney wrote:
> > Andriy Gapon wrote this message on Mon, Feb 07, 2022 at 14:15 +0200:
> >> I've got a problem where fsck behaves differently from my expectations.
> >
Andriy Gapon wrote this message on Tue, Feb 15, 2022 at 08:44 +0200:
> On 15/02/2022 01:17, John-Mark Gurney wrote:
> > Andriy Gapon wrote this message on Mon, Feb 07, 2022 at 14:15 +0200:
> >> I've got a problem where fsck behaves differently from my expectations.
> >
t now, the ggate protocol (from what I remember) doesn't have
a way to know when the remote kernel has received notification that an
IO is complete.
I guess this situation isn't any worse than it is right now w/o passing
the _ORDERED flag down though.
> I've done some exp
Do not use a passphrase as a component
of the User Key. Cannot be combined
with the -j option.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
. I'm not
sure how to do this though, as tunefs and fsdb don't seem to have options
to do this, and likely you'll want to update all the superblocks w/ this
new value.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
. I'm not
sure how to do this though, as tunefs and fsdb don't seem to have options
to do this, and likely you'll want to update all the superblocks w/ this
new value.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
me to update my
> system beyond version 11.4.
>
> https://en.wikipedia.org/wiki/Thunderbolt_(interface)
Last bit of info that I know about it the 2020 presentation on it:
https://papers.freebsd.org/2020/bsdcan/long-thunderbolt_on_freebsd/
--
John-Mark Gurney
;s the reason why I did not automate grabbing
> new releases and verifying them, and still leave that as a manual human
> step.
Yeah, I recently updated snapaid.sh to point to the new location.
https://funkthat.com/gitea/jmg/snapaid
I do wish there was better guidence on this as well. Because if/when
the existing signing key is compromised, there is not a documented way
(that I know of) to handle updating all the past release's signatures
to the new, uncompromised key. Because if/when the existing key is
compromised, it's easy to sign a new announcement that verifies w/
hashes of compromised images.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
signature.asc
Description: PGP signature
John-Mark Gurney wrote this message on Thu, Dec 02, 2021 at 15:43 -0800:
> David Chisnall wrote this message on Thu, Dec 02, 2021 at 10:34 +:
> > On 02/12/2021 09:51, Dimitry Andric wrote:
> > > Apparently the "block runtime" is supposed to provide the actual objec
link.
I can't seem to find any docs on clang about how to properly compile
code that uses blocks, so, unless someone points me to docs on how to
compile blocks enable programs, I'll just patch libpru to not use
blocks since it seems like blocks is well supported. I don't want
to f
mand failed with exit code 1 (use -v to see invocation)
What is the correct fix? It seems like atexit.c or the linker should
be fixed, as pructl doesn't use atexit_b at all.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
just the only measure of
benchmarking, but the amount of CPU time used to get the work done..
Another option that has been discussed, but I don't think has made any
headway is only running all the VM's vCPUs at once, but that would
require a lot of scheduler work.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
New submission from John-Mark Gurney :
The documentation for Traversable.name says it is a method, not a property:
https://docs.python.org/3/library/importlib.html#importlib.abc.Traversable.name
The issue is that with Python 3.9.7 (default, Nov 1 2021, 11:26:33), using a
standard posix
te, even via power_off/power_on
commands.
Sorry that I don't have a solution for you. The closest that I could
suggest is to try to drop the USB id from the ure driver or switch it's
mode to try the ucdce driver instead. I've seen that it's been
te, even via power_off/power_on
commands.
Sorry that I don't have a solution for you. The closest that I could
suggest is to try to drop the USB id from the ure driver or switch it's
mode to try the ucdce driver instead. I've seen that it's been
ave to be updated to support it, and this method
can be done via an update to the ca_root_nss package which is less
invasive than the above patch.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have,
Johannes Totz wrote this message on Sun, Sep 19, 2021 at 17:27 +0100:
> On 14/09/2021 22:21, John-Mark Gurney wrote:
> > Johannes Totz wrote this message on Mon, Sep 13, 2021 at 02:00 +0100:
> >> On 09/09/2021 23:33, John-Mark Gurney wrote:
> >>> Johannes Totz via f
Johannes Totz wrote this message on Mon, Sep 13, 2021 at 02:00 +0100:
> On 09/09/2021 23:33, John-Mark Gurney wrote:
> > Johannes Totz via freebsd-geom wrote this message on Thu, Sep 02, 2021 at
> > 21:55 +0100:
> >> (looks like gmane swallowed my 1st message, trying ag
d security)
allowing for better security..
The ssh branch does have an rc.d script for that. I'll look at which one
should be used, and adapting the man page that I've written for that one
as well.
Thanks for the help/work!
--
John-Mark Gurney Voice: +1 41
Eric Joyner wrote this message on Sun, Aug 01, 2021 at 21:10 -0700:
> On Sun, Aug 1, 2021 at 6:59 PM John-Mark Gurney wrote:
>
> > I have a dual port igb card:
> > igb0: port 0x2020-0x203f mem
> > 0xd102-0xd103,0xd0c0-0xd0ff,0xd1044000-0xd1047fff irq 17 a
3
+Process and send pause frames.
+.It 4
+No software override, use EEPROM configuration.
+.El
+.El
+Note: That the variable is available for igb as well.
.Sh FILES
.Bl -tag -width /dev/led/em*
.It Pa /dev/led/em*
--
John-Mark Gurney Voice: +1 415 225 5579
&
Kubilay Kocak wrote this message on Sun, Aug 01, 2021 at 11:28 +1000:
> On 1/08/2021 4:45 am, John-Mark Gurney wrote:
> > pkt-gen by default compiles against headers that it ships with. This is
> > likely to deal w/ Linux, but now that FreeBSD has rev'd the API a few
> &g
a
++CFLAGS += -Wunused-function
++CFLAGS += -I $(SRCDIR)/apps/include
LDLIBS += -lpthread -lm
ifeq ($(shell uname),Linux)
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
diff --git a/net/pkt
John-Mark Gurney added the comment:
So, just looked at the patch, but it's missing the documentation part of it.
Also, yes, you can add the doc as another line, but now that's two lines (yes,
you can add semicolons to make it one line, but that might surprise some
people).
I
John-Mark Gurney added the comment:
Though this suggestion does work, I am not a fan of this solution.
The issue is that it separates the doc from the definition. This works well if
you have only a field fields in the class, But if you get 10-20+ fields, it
moves away the docs and makes it
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=3d5104182c2eb4336905e89aa0d089b67aa746e3
commit 3d5104182c2eb4336905e89aa0d089b67aa746e3
Author: John-Mark Gurney
AuthorDate: 2021-06-29 01:09:14 +
Commit: John-Mark Gurney
CommitDate: 2021-06-29
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=3d5104182c2eb4336905e89aa0d089b67aa746e3
commit 3d5104182c2eb4336905e89aa0d089b67aa746e3
Author: John-Mark Gurney
AuthorDate: 2021-06-29 01:09:14 +
Commit: John-Mark Gurney
CommitDate: 2021-06-29
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b43d600c839a9a4d66139c93506e26128370ed7c
commit b43d600c839a9a4d66139c93506e26128370ed7c
Author: John-Mark Gurney
AuthorDate: 2021-06-26 00:47:02 +
Commit: John-Mark Gurney
CommitDate: 2021-06-26
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b43d600c839a9a4d66139c93506e26128370ed7c
commit b43d600c839a9a4d66139c93506e26128370ed7c
Author: John-Mark Gurney
AuthorDate: 2021-06-26 00:47:02 +
Commit: John-Mark Gurney
CommitDate: 2021-06-26
2.5G device. So, other
non-RealTek devices would be great to test with.
Let me know if you have any issues with the change!
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I hav
2.5G device. So, other
non-RealTek devices would be great to test with.
Let me know if you have any issues with the change!
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
2.5G device. So, other
non-RealTek devices would be great to test with.
Let me know if you have any issues with the change!
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
you should just create a new dataset
for the database instead of reuse /var's dataset, that way the fixed
record size does not cause problems for the rest of /var...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
to disable this on -stable or at least
-RELEASEs, but it looks like this didn't happen. This is VERY helpful
for a developer, but not as helpful for most users.
Conrad,
Should this be disabled on -stable now?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b8028f9d3ca0254413e5d42cb86f1a7fb2daeebf
commit b8028f9d3ca0254413e5d42cb86f1a7fb2daeebf
Author: John-Mark Gurney
AuthorDate: 2021-04-06 23:32:57 +
Commit: John-Mark Gurney
CommitDate: 2021-04-06
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b8028f9d3ca0254413e5d42cb86f1a7fb2daeebf
commit b8028f9d3ca0254413e5d42cb86f1a7fb2daeebf
Author: John-Mark Gurney
AuthorDate: 2021-04-06 23:32:57 +
Commit: John-Mark Gurney
CommitDate: 2021-04-06
ntioned. The growfs(7) rc script is run at first boot to size
up the root fs as needed. It can always be run manually later via:
service growfs onestart
if/when the size of the disk changes...
Hmm, just noticed that growfs(7) isn't linked from growfs(8), guess
I need to fix that.
tion
growfs md1p3# grow ufs
Note that mdconfig may output a different md device than md1, use
that instead.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
sig
ailable for amd64.
HPS might have some more insight as to why it's amd64 only.
I have cc'd him.
It could be as simple as moving the qlnxe lines from files.amd64 to files,
but it does appear that qnlxe depends upon the Linux compat layer, which
may not be complete for arm64..
--
Joh
if the necessary binaries are installed, and skip them if not
present.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@freebsd.org mai
say that IMO, I really dislike a command line argument having
an optional argument. It can cause parsing confusion and possibly
security issues... Copying this behavior, IMO, is not good... So my
vote is against this misfeature..
How is the program suppose to tell when the extension is "-e&q
Dan Lukes wrote this message on Fri, Feb 26, 2021 at 08:41 +0100:
> On 26.2.2021 2:07, John-Mark Gurney wrote:
> >> Third party CA's are an untrusted automagical nightmare of global and
> >> local MITM risk...
> >
> > Do you delete all the CA's from your
arch web for howtos.
>
> At minimum require user / install to ack before use...
> mv /etc/ssl/certs.shipped_disabled /etc/ssl/certs
Last I checked no browser requires users to ack to install those CA's
have you attempted to pressure them to?
I'm personally much happier to have the
Willem Jan Withagen wrote this message on Thu, Jan 28, 2021 at 01:42 +0100:
> On 25-1-2021 19:42, John-Mark Gurney wrote:
> > Matt Churchyard wrote this message on Mon, Jan 25, 2021 at 10:46 +:
> >> -Original Message-----
> >> From: John-Mark Gurney
>
Matt Churchyard wrote this message on Mon, Jan 25, 2021 at 10:46 +:
> -Original Message-
> From: John-Mark Gurney
> Sent: 25 January 2021 06:21
> To: Matt Churchyard
> Cc: Elena Mihailescu ;
> freebsd-virtualization@freebsd.org
> Subject: Re: Warm Migrat
use the guest on host1
> * send a new snapshot
> * initiate the migration of memory/device data
> * start guest on host2
>
> Are there any major complications here I'm not aware of other than the
> requirement to pause the guest and kick off the state migration as two
> sep
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=fd11270509f26e9ebde11ef7d3c3c34497f29124
commit fd11270509f26e9ebde11ef7d3c3c34497f29124
Author: John-Mark Gurney
AuthorDate: 2021-01-19 22:18:55 +
Commit: John-Mark Gurney
CommitDate: 2021-01-19
The branch main has been updated by jmg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=fd11270509f26e9ebde11ef7d3c3c34497f29124
commit fd11270509f26e9ebde11ef7d3c3c34497f29124
Author: John-Mark Gurney
AuthorDate: 2021-01-19 22:18:55 +
Commit: John-Mark Gurney
CommitDate: 2021-01-19
on the
inbound, and despite the current docs both...
There are a large number of flags that have been added over the years...
and it'd be good to catch up with that work...
Yes, I could spend hours reading the code, but it'd be much easier to
just ask the people who did the work
John-Mark Gurney wrote this message on Wed, Jan 13, 2021 at 17:59 -0800:
> Andrey V. Elsukov wrote this message on Wed, Jan 13, 2021 at 11:42 +0300:
> > On 13.01.2021 00:37, John-Mark Gurney wrote:
> > >> when this will happen again, it would be nice to make sure that NS
>
Andrey V. Elsukov wrote this message on Wed, Jan 13, 2021 at 11:42 +0300:
> On 13.01.2021 00:37, John-Mark Gurney wrote:
> >> when this will happen again, it would be nice to make sure that NS
> >> packets hit the IP stack. E.g. with attached dtrace script.
> >
>
Andrey V. Elsukov wrote this message on Tue, Jan 12, 2021 at 16:33 +0300:
> On 12.01.2021 05:25, John-Mark Gurney wrote:
> >> The device, where the capture was taken does not respond tot he NS packet.
> >> This might be caused by:
> >> a) the device has a differe
t, tgt is fc00:b5d:41c:7e37::c43c, length 32
05:08:32.215624 IP6 fc00:b5d:41c:7e37::7e37 > fc00:b5d:41c:7e37::c43c: ICMP6,
echo request, seq 0, length 16
05:08:32.215646 IP6 fc00:b5d:41c:7e37::c43c > fc00:b5d:41c:7e37::7e37: ICMP6,
echo reply, seq 0, length 16
--
John-Mar
r-Collision_Attack_%E2%80%93_first_practical_chosen-prefix_attack
[3]
https://en.wikipedia.org/wiki/Collision_attack#Chosen-prefix_collision_attack
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
__
th old weak /dev/random, etc.
>
> One cannot sign or verify anything without knowing gpg first :)
snapaid was designed to make it even easier...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have
27;ve been pushing
for better security like this IS because of the actions of the NSA...
I used to get lunch on a weekly basis across the street from one
of the early revealed NSA wiretap rooms.
--
John-Mark Gurney Voice: +1 415 225 5579
will not handle
that gracefully... (Just realized that'd be a useful mode for geli
to have, to return zeros for failed authentication.)
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
w attack...
Also, the cost of the attack is not great ($45k), considering the recent
SolarWinds supply chain attack, being able to smuggle a modified file
into a git repo, say an OS's build server, such that the tools don't
know the tree is modified is a real problem...
--
John
be verified?
Then you have the job of verifying the doc repo to make sure that the
keys you have is valid, where does the root of trust come from there?
Not saying it isn't possible, it's just a LOT of work to make it
useful...
--
John-Mark Gurney
> >\ \ \ local modifications
> > \ \hash
> > \ commit count
> >branch
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_
faddrs (in libc)
looks like it returns all the info you want in the ifa_data for
any entry that is of type AF_LINE...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
private key should NOT be used, and even if you did, it
would not work...
> Would it function if I placed the private key in the authorized_keys file
> on the server, and used the public key on the client?
No, it would not.
Hope this helps.
--
John-Mark Gurney
ple's keys change over time, and now you need to know
what time period each key was valid for, otherwise a compromised key
could be used to insert malicious changes into your/the tree...
Then there's also the point that the repo is (looks like it) using
SHA-1 hashes, which are effectively
Benjamin Kaduk wrote this message on Sat, Dec 12, 2020 at 18:07 -0800:
> On Sat, Dec 12, 2020 at 04:57:08PM -0800, John-Mark Gurney wrote:
> >
> > If FreeBSD is going to continue to use OpenSSL, better testing needs to
> > be done to figure out such breakage earliers, and
John Baldwin wrote this message on Sat, Dec 12, 2020 at 11:40 -0800:
> On 12/10/20 10:46 PM, John-Mark Gurney wrote:
> > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > 23:03 +:
> >> versions included in FreeBSD 12.x. This vulnerability is a
Benjamin Kaduk wrote this message on Fri, Dec 11, 2020 at 12:38 -0800:
> On Thu, Dec 10, 2020 at 10:46:28PM -0800, John-Mark Gurney wrote:
> > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > 23:03 +:
> > > versions included in FreeBSD 12.x
Robert Schulze wrote this message on Fri, Dec 11, 2020 at 10:14 +0100:
> Hi,
>
> Am 11.12.20 um 07:46 schrieb John-Mark Gurney:
> >
> > Assuming 13 releases w/ OpenSSL, we'll be even in a worse situation
> > than we are now. OpenSSL 3.0.0 has no support c
1 - 100 of 2344 matches
Mail list logo
