On Wed, Aug 23, 2023, 02:02 grarpamp wrote:
> On 8/22/23, i...@tutanota.com wrote:
> > There seems to be a bit of open (and rather old) ZFS native encryption
> > bugs which still haven't been fixed and it doesn't look like it is
> > something that is being working on.
> >
> > Last night I was go
On Sun, Sep 12, 2021, 2:45 PM Christian Weisgerber
wrote:
> On 2021-09-12, Leif Pedersen wrote:
>
> > Management ports for power strips, switches, UPSs, generators,
> thermostats,
> > radios, etc should already be isolated on a separate vlan or whatever.
>
> In
I agree with Karl. To further the point:
"Secure by default" is a good idea, so removing ssh-rsa from the default
list makes sense to alert people if its still in use.
Management ports for power strips, switches, UPSs, generators, thermostats,
radios, etc should already be isolated on a separate
On Thu, Oct 17, 2019 at 5:06 AM Eugene Grosbein wrote:
> 15.10.2019 0:00, Fernando Gont wrote:
>
> >>> Since FreeBSD ships with IPv6 support enabled by default, aren't all
> >>> systems affected, one way or another?
> >>
> >> No, you have to configure IPv6, otherwise processing is not done.
> >
>
On Sat, Oct 12, 2019 at 6:28 PM Garrett Wollman
wrote:
> <
> said:
>
> > Trond Endrestøl wrote:
> >>
> >> #minute hourmdaymonth wdaywho command
> >>
> >> 52 4 1 * * rootcertbot renew --quiet
> --pre-hook "service apache24 stop" --post-hook "ser
On Wed, Nov 11, 2015 at 4:29 PM, Robert Simmons wrote:
> I don't think there is such a thing as a trusted network. That is a unicorn
> these days.
>
> No networks should be considered trusted.
>
oh baloney. That's just a clever way to say you want to stop thinking about
trust.
If I've connected
On Wed, Jul 1, 2015 at 3:27 PM, Peter Jeremy wrote:
>
> On 2015-Jul-01 12:46:21 -0500, Leif Pedersen wrote:
> >Is there a reasonable way to enable awareness of leap-seconds while
syncing
> >with ntpd? That is to say, how can I get the system to include
leap-seconds
> >
On Wed, Jul 1, 2015 at 4:01 PM, John-Mark Gurney wrote:
> Though from my reading of the code, you need to have TZ files compiled
> w/ leap seconds which FreeBSD doesn't do by default...
>
I did an equivalent, see my note [2]...and afaict ntp doesn't use tzdata.
--
As implied by email protoco
Is there a reasonable way to enable awareness of leap-seconds while syncing
with ntpd? That is to say, how can I get the system to include leap-seconds
in calculating `date +%s`, without having `date` be off by 26[1] seconds?
The default configuration produces incorrect results when computing
hist
On May 17, 2015 4:49 PM, "Roger Marquis" wrote:
> Leif Pedersen wrote:
>>>
>>> ... more easily remediated (than installworld) and so 'pkg audit' could
>>
>> report on those.
>>
>> Exactly how would that differ from using freebs
On Sun, May 17, 2015 at 3:50 PM, Roger Marquis wrote:
> I recommended an openssl_base port so that
> security vulnerabilities (not necessarily protocol weaknesses) could be
> more easily remediated (than installworld) and so 'pkg audit' could
> report on those.
>
Exactly how would that differ fr
I have a suggestion. As a simpler measure, would it be possible to
implement a test at boot time to determine whether the system is
vulnerable? I guess such a test would have to run in the kernel to get the
particular memory mapping required. The result would naturally emit a
kernel message, but it
I wonder if your computer's clock is off by a lot. Python might insist on
rebuilding .pyc files if their timestamps are in the future.
On Fri, Jan 23, 2015 at 3:57 PM, Brian Reichert
wrote:
> On Fri, Jan 23, 2015 at 11:59:12AM -0500, Garrett Wollman wrote:
> > On some of my machines, I've been
On Wed, Jan 7, 2015 at 12:50 PM, Dag-Erling Smørgrav wrote:
> Leif Pedersen writes:
> > # env UNAME_r=10.1-RELEASE freebsd-update -b /j/test upgrade
> > freebsd-update: Release target must be specified via -r option.
>
> This doesn't work because you
On Fri, Jan 2, 2015 at 11:59 AM, Dag-Erling Smørgrav wrote:
> $ sudo env UNAME_r=X.Y-RELEASE freebsd-update -b /path/to/jail fetch
> install
I use freebsd-update enthusiastically, but I hadn't noticed the -b option
before. I'm glad you mentioned it. I've always run freebsd-update inside of
each
On Tue, Sep 16, 2014 at 8:49 AM, Mark Felder wrote:
>
> How many AS are out there don't implement BCP38? Spoofing these days
> without MITM should be considered hard, and TCP even harder, no? I'd
> find it more believable that it's easier to hijack BGP than to target
> someone and successfully sp
On Fri, Jul 18, 2014 at 1:28 PM, Paul Hoffman wrote:
> On Jul 18, 2014, at 11:19 AM, Leif Pedersen wrote:
>
> > The extra readers interrupt the position of the stream, so that it is
> harder to predict the next value. This only works if one instance of the
> PRNG is shared b
On Fri, Jul 18, 2014 at 9:26 AM, Paul Hoffman wrote:
> On Jul 17, 2014, at 4:41 PM, Steven Chamberlain
> wrote:
>
> > * after seeding, some arc4random implementations completely forget to
> > reseed after the process forks - the same 'random' stream of bytes could
> > occur twice, with security
stall
script to put them back. It's kind of like how having multiple versions of
perl installed works.
This would also fix the problem that if you have both installed then which
openssl executables you get depends on $PATH.
Thoughts?
On 2014-04-27 11:36 AM, "Leif Pedersen" wrote:
>
With respect that there are valid reasons to have port build options, I
kind of hate them. You can't choose them with pkg, and if you pick the
wrong one changing it later is a fragile process, and there's no indication
if a dependency needs options set a particular way.
I'm not bashing the necessa
The vulnerability is contained by the process's memory space, since one
process cannot read another's memory by merely referencing it (although
with exec priv a process can inspect another ...doesn't apply here).
OpenSSH doesn't use OpenSSL, nor does su, so passwords aren't vulnerable
when typed i
Joe,
Just thinking about this practically, I don't think you were compromised.
It seems more like you goofed the upgrade in the same way on each VM. Also,
if I were attacking, I wouldn't leave such overt traces that one would
immediately notice. And if the attacker were goofing up that badly, he'd
22 matches
Mail list logo
