On Tue, Dec 8, 2015 at 11:22 PM, Nick Holland
wrote:
> https is a joke. IF and WHEN it works properly, it's too complex for
> the real world to understand (ahem...and even recognize).
That's not the joke, though - that's the punchline.
(1) "Secure" and "Security" mean different (and often confl
On Wed, Dec 9, 2015 at 12:22 PM, Nick Holland
wrote:
> HAHAHHAHAHA...
> you think adding a certificate changes this?
> https is a joke.
"Some people implement HTTPS poorly sometimes, so we shouldn't try."
The amount of effort "wasted" on Let's Encrypting the OpenBSD website
is so small compared
On 12/08/15 20:26, Anthony J. Bentley wrote:
> Giancarlo Razzolini writes:
>> One of the main benefits of the TLS wouldn't only be to render
>> impossible for anyone to know which pages you're accessing on the site,
>> but also the fact that we would get a little more security getting the
>> SSH fi
Hi,
A heads-up for users of the University of Toronto mirror
(openbsd.cs.toronto.edu):
The University will be doing some power systems maintenance this week
and next, and anticipate two planned outages:
* Thursday, December 10 11:00p EST to Friday December 11, 7:00am EST
* Wednesday, December 16
On 2015-12-09, Giancarlo Razzolini wrote:
> Also, now that we have two free TLS certs providers, one can use HPKP
> and completely disregard the CA's, which is a security benefit.
Also wosign (and, sort-of, cloudflare). btw, HPKP doesn't work too well
with letsencrypt as-is (which wants to genera
Giancarlo Razzolini writes:
> One of the main benefits of the TLS wouldn't only be to render
> impossible for anyone to know which pages you're accessing on the site,
> but also the fact that we would get a little more security getting the
> SSH fingerprints for the anoncvs servers. Having them in
I have a few questions that I really need to clarify fro myself and I
would very much appreciate some input.
Reason is that I am having problem to keep the session up for a long
time and just doing /etc/rc.d/iked stop and the start on the client side
will bring the session back up, even if I see w
Em 08-12-2015 16:24, Michael McConville escreveu:
> There are still some privacy benefits to using HTTPS. It will confound a
> lot of simple filtering and monitoring software, and what you're reading
> on the site is pretty obfuscated. It also helps security on sketchy
> networks.
>
> HTTPS isn't a
On 2015-12-08, Michael McConville wrote:
> Jason Barbier wrote:
>> szs wrote:
>> > Not for security.
>> > For privacy.
>>
>> It is a read only site, the privacy you seek is breached as soon as
>> you make a DNS call to openbsd.org
>
> There are still some privacy benefits to using HTTPS. It will
> >It would actually reduce the security and potential for DDOS against
> >openbsd.org despite the heroic efforts that have gone into LibreSSL. So
> >where's the benefit to risk analysis for OpenBSD?
>
> Don't you mean reduce the securiry and _increase_ the potential for
> DDOS against openbsd.o
On Tue, Dec 08, 2015 at 10:11:34PM +, Kevin Chadwick wrote:
It would actually reduce the security and potential for DDOS against
openbsd.org despite the heroic efforts that have gone into LibreSSL. So
where's the benefit to risk analysis for OpenBSD?
Don't you mean reduce the securiry and _
> > So with letsencrypt here, how about making the main site
> > default to https? Is this a good idea or is this a great idea?
>
> Don't mistake encryption for security.
It would actually reduce the security and potential for DDOS against
openbsd.org despite the heroic efforts that have gone i
On Tue, Dec 8, 2015 at 3:23 PM, Ted Unangst wrote:
> Michael McConville wrote:
>> Yes, but it is certainly "Websense" difficult, "Verizon traffic
>> monetization dept." difficult, "nosy VPN/exit node operator" difficult,
>> and "guy in cafe with Wireshark" difficult.
>
> But we don't care about an
Ted Unangst wrote:
> Michael McConville wrote:
> > Jason Barbier wrote:
> > > szs wrote:
> > > > Not for security.
> > > > For privacy.
> > >
> > > It is a read only site, the privacy you seek is breached as soon as
> > > you make a DNS call to openbsd.org
> >
> > There are still some privacy ben
Michael McConville wrote:
> Yes, but it is certainly "Websense" difficult, "Verizon traffic
> monetization dept." difficult, "nosy VPN/exit node operator" difficult,
> and "guy in cafe with Wireshark" difficult.
But we don't care about any of those people anymore. The NSA is the only bad
guy worth
On December 8, 2015 4:21:16 PM GMT+01:00, Otto Moerbeek wrote:
>On Tue, Dec 08, 2015 at 03:03:14PM +, Tati Chevron wrote:
>
>> Currently, it's possible, (as root), to do something like:
>>
>> # mount_mfs -s 1g swap /
>>
>> which succeeds, and mounts the empty filesystem as the root
>filesyst
Michael McConville wrote:
> Jason Barbier wrote:
> > szs wrote:
> > > Not for security.
> > > For privacy.
> >
> > It is a read only site, the privacy you seek is breached as soon as
> > you make a DNS call to openbsd.org
>
> There are still some privacy benefits to using HTTPS. It will confound
On 08/12/15 19:39, Chris Cappuccio wrote:
Kapetanakis Giannis [bil...@edu.physics.uoc.gr] wrote:
On 20/11/15 15:12, Martin Pieuchot wrote:
I just committed a revert to 1.305 keeping the API changes needed for
the driver to build.
This should bring your stability back, please let us know if tha
On Tue, 8 Dec 2015 18:04:13 +0100
Torsten wrote:
> Hi!
>
> man httpd.conf says:
> [tls option]
> "Set the TLS configuration for the server."
>
> I assumed that "the server" would mean that every (virtual) server can
> have its own tls options (and certificates). Otherwise it would have
> said "
Jason Barbier wrote:
> szs wrote:
> > Not for security.
> > For privacy.
>
> It is a read only site, the privacy you seek is breached as soon as
> you make a DNS call to openbsd.org
There are still some privacy benefits to using HTTPS. It will confound a
lot of simple filtering and monitoring sof
It is a read only site, the privacy you seek is breached as soon as you
make a DNS call to openbsd.org
--
Jason Barbier | E: jab...@serversave.us
GPG Key-ID: B5F75B47(http://kusuriya.devio.us/pubkey.asc)
On Tue, Dec 8, 2015, at 09:58 AM, szs wrote:
> Not for security.
> For privacy.
>
>
>
Hi!
man httpd.conf says:
[tls option]
"Set the TLS configuration for the server."
I assumed that "the server" would mean that every (virtual) server can
have its own tls options (and certificates). Otherwise it would have
said "Set the TLS configuration for httpd and all virtual servers."
Is tha
Hi!
On 2015-12-08 10:50, Stuart Henderson wrote:
On 2015-12-08, Imre Oolberg wrote:
Hi!
I have used pflow 5 successfully before but now on OpenBSD v. 5.8 it
seems to refuse working. Config looks like this
# cat /etc/hostname.pflow0
flowsrc 192.168.10.125 flowdst 192.168.10.250:9784 pflowprot
Not for security.
For privacy.
Original Message
Subject: Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/
Local Time: December 8 2015 5:36 pm
UTC Time: December 8 2015 5:36 pm
From: s...@spacehopper.org
To: misc@openbsd.org
On 2015-12-08, szs wrote:
> So with
Stuart Henderson wrote:
>
> Besides, who is going to agree to the Subscriber Agreement and indemnify ISRG?
Huh? You don't trust robots to perform surgery correctly?
oh, wrong ISRG.
Kapetanakis Giannis [bil...@edu.physics.uoc.gr] wrote:
> On 20/11/15 15:12, Martin Pieuchot wrote:
> >I just committed a revert to 1.305 keeping the API changes needed for
> >the driver to build.
> >
> >This should bring your stability back, please let us know if that's not
> >the case.
> >
> >I'm
On Tue, Dec 08, 2015 at 12:06:52PM -0500, szs wrote:
> Fb jvgu yrgfrapelcg urer, ubj nobhg znxvat gur znva fvgr
> qrsnhyg gb uggcf? Vf guvf n tbbq vqrn be vf guvf n terng vqrn?
I'm sorry, I couldn't read your message because it was encrypted.
How about you sign your messages instead? That way, eve
On 2015-12-08, szs wrote:
> So with letsencrypt here, how about making the main site
> default to https? Is this a good idea or is this a great idea?
Don't mistake encryption for security.
Besides, who is going to agree to the Subscriber Agreement and indemnify ISRG?
So with letsencrypt here, how about making the main site
default to https? Is this a good idea or is this a great idea?
Tati Chevron wrote:
> On Tue, Dec 08, 2015 at 08:09:47AM -0700, Theo de Raadt wrote:
> >> Currently, it's possible, (as root), to do something like:
> >>
> >> # mount_mfs -s 1g swap /
> >>
> >> which succeeds, and mounts the empty filesystem as the root filesystem.
> >>
> >> This makes the machine
On Tue, Dec 08, 2015 at 08:09:47AM -0700, Theo de Raadt wrote:
Currently, it's possible, (as root), to do something like:
# mount_mfs -s 1g swap /
which succeeds, and mounts the empty filesystem as the root filesystem.
This makes the machine inoperable and requires a physical reset, without a
On 20/11/15 15:12, Martin Pieuchot wrote:
I just committed a revert to 1.305 keeping the API changes needed for
the driver to build.
This should bring your stability back, please let us know if that's not
the case.
I'm sorry for your troubles.
Hi,
I've upgraded yesterday to Dec 6 snapshot an
Am 08.12.2015 16:03:14, schrieb Tati Chevron:
> Currently, it's possible, (as
root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which
succeeds, and mounts the empty filesystem as the root filesystem.
>
> This
makes the machine inoperable and requires a physical reset, without a clean
On Tue, Dec 08, 2015 at 03:03:14PM +, Tati Chevron wrote:
> Currently, it's possible, (as root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which succeeds, and mounts the empty filesystem as the root filesystem.
>
> This makes the machine inoperable and requires a physical reset
Tati Chevron wrote:
> Currently, it's possible, (as root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which succeeds, and mounts the empty filesystem as the root filesystem.
>
> This makes the machine inoperable and requires a physical reset, without a
> clean shutdown, as no system
Currently, it's possible, (as root), to do something like:
# mount_mfs -s 1g swap /
which succeeds, and mounts the empty filesystem as the root filesystem.
This makes the machine inoperable and requires a physical reset, without a
clean shutdown, as no system binaries are available.
Shouldn't
> Currently, it's possible, (as root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which succeeds, and mounts the empty filesystem as the root filesystem.
>
> This makes the machine inoperable and requires a physical reset, without a
> clean shutdown, as no system binaries are availa
HI there,
is this issue known or should I file a bug report?
Best,
STEFAN
OpenBSD 5.8-current (GENERIC.MP) #1726: Mon Dec 7 22:06:49 MST 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17082359808 (16291MB)
avail mem = 16560525312 (15793MB)
mpath0 at ro
On 2015-12-07, luke...@onemodel.org wrote:
> On 11/28/15 15:15, Jiri B wrote:
>> On Sat, Nov 28, 2015 at 03:07:15PM -0700, luke...@onemodel.org wrote:
>>> I'd like to get an internet connection via my android phone (on
>>> tmobile). After connecting the phone via usb and turning on its
>>> tether
On 2015-12-08, Imre Oolberg wrote:
> Hi!
>
> I have used pflow 5 successfully before but now on OpenBSD v. 5.8 it
> seems to refuse working. Config looks like this
>
> # cat /etc/hostname.pflow0
> flowsrc 192.168.10.125 flowdst 192.168.10.250:9784 pflowproto 5
> description "pflow"
>
> and i sta
40 matches
Mail list logo
