On 6/3/22 10:11, Andreas Bartelt wrote:
Hi,
I've just noticed that at least the snapshots on the artfiles.org mirror
haven't been updated since May, 15th. The mirror is still listed at
PKG_PATH=https://mirror.hs-esslingen.de/pub/OpenBSD/snapshots/packages/amd64/
Best regar
Hi,
I've just noticed that at least the snapshots on the artfiles.org mirror
haven't been updated since May, 15th. The mirror is still listed at
PKG_PATH=https://mirror.hs-esslingen.de/pub/OpenBSD/snapshots/packages/amd64/
Best regards
Andreas
In case an ECDSA based server certificate with ECDHE based key exchange
is used, I've notice that the ServerKeyExchange message (always?)
signals that this message has been signed with ecdsa-secp521r1-sha512
(0x0603) [tested on current with TLS 1.2 with P-256 as well as with
P-521 server certif
On 03/01/18 00:30, David Gwynne wrote:
On 1 Mar 2018, at 02:22, Andreas Bartelt wrote:
On 02/27/18 22:35, Pavel Korovin wrote:
On 02/28, David Gwynne wrote:
what is the status of sysctl net.inet.ipip ?
David, thank you! That was easy :)
Sorry for the noise.
$ sysctl net.inet.ipip.allow
On 02/27/18 22:35, Pavel Korovin wrote:
On 02/28, David Gwynne wrote:
what is the status of sysctl net.inet.ipip ?
David, thank you! That was easy :)
Sorry for the noise.
$ sysctl net.inet.ipip.allow
net.inet.ipip.allow=0
# sysctl -w net.inet.ipip.allow=1
net.inet.ipip.allow: 0 -> 1
$ ping6 w
On 08/15/17 09:54, Andreas Thulin wrote:
Hi!
I run httpd on 6.1-stable (thanks to all of you who make that possible!),
with a pretty vanilla tls setup. When testing the server on ssllabs.com,
results say that
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
is considered weak. How should I interpret that i
On 07/24/16 15:28, Stefan Sperling wrote:
> On Sun, Jul 24, 2016 at 01:09:26PM +0200, Andreas Bartelt wrote:
>> However, the wireless link via iwm(4) is currently almost unusable.
>> Overall throughput for multiple tcp connections typically between 0 and
>> 1 Mbit/s but mo
On 07/22/16 11:36, Stefan Sperling wrote:
> On Thu, Jul 21, 2016 at 08:25:11PM +0200, Andreas Bartelt wrote:
>> sorry, my response was not precise - the "fatal" error is gone now but the
>> observed performance problems are still there.
>
...
> In the best iwm per
sorry, my response was not precise - the "fatal" error is gone now but
the observed performance problems are still there.
On 07/21/16 10:34, Stefan Sperling wrote:
> On Thu, Jul 14, 2016 at 01:13:21PM +0800, Miles Keaton wrote:
>> iwm0: hw rev 0x140, fw ver 25.228 (API ver 9), address 5b:51:4f:a1:16:d9
>> iwm0: fatal firmware error
>
> You got some answers already but they were all misleading.
> I believe I've already
On 09/19/14 17:35, Chris Cappuccio wrote:
Andreas Bartelt [o...@bartula.de] wrote:
is anybody else using this recent BIOS snapshot on the APU.1c: Build
9/8/2014 (beta, reduced "spew level")
The first re(4) interface isn't always recognized after reboot. I don't
know if
On 09/19/14 01:42, Steve Litt wrote:
...
> Very, very nice! Two questions:
>
> 1) Can I safely assume that the Realtek RTL8111E works well with
> OpenBSD?
>
> 2) Where's the best place to buy it if you live in the US? I saw this,
> which looks pretty good, given that they give you the enclo
On 05/03/14 20:22, Kenneth Westerback wrote:
On 3 May 2014 10:13, Andreas Bartelt wrote:
On 05/03/14 15:01, Kenneth Westerback wrote:
On 3 May 2014 08:49, Andreas Bartelt wrote:
On 05/03/14 14:10, Kenneth Westerback wrote:
On 3 May 2014 06:27, Martijn Rijkeboer wrote:
So marking a
On 05/03/14 15:01, Kenneth Westerback wrote:
On 3 May 2014 08:49, Andreas Bartelt wrote:
On 05/03/14 14:10, Kenneth Westerback wrote:
On 3 May 2014 06:27, Martijn Rijkeboer wrote:
So marking a partition as 'Active/Bootable', (the 00 -> 80 change)
causes your system to han
On 05/03/14 14:10, Kenneth Westerback wrote:
On 3 May 2014 06:27, Martijn Rijkeboer wrote:
So marking a partition as 'Active/Bootable', (the 00 -> 80 change)
causes your system to hang. Apparently Linux does this when you
'Label' it. The OpenBSD installer does it for you when you
select 'Whole
Hi,
I have problems booting OpenBSD from SATA hard drives with the ASUS P9D
WS mainboard.
I've successfully verified that OpenBSD can boot with this mainboard
since booting OpenBSD works without problems via USB (see dmesg).
However, OpenBSD doesn't boot from SATA hard drives at all (I've test
The reported problems are gone in CURRENT:
# dmesg|head -n2
OpenBSD 5.4 (GENERIC.MP) #0: Sat Jul 20 17:56:10 CEST 2013
root@test:/usr/src/sys/arch/amd64/compile/GENERIC.MP
time buildsrc.sh takes 31 minutes.
measured directly after building src (which was slow before):
# time tar -xzpf /usr/
On 07/03/13 05:45, Andreas Bartelt wrote:
I made a new build of current and the problem with tar performance seems
to be resolved now.
before:
# time tar -xzpf /usr/releasedir/comp53.tgz
3m17.81s real 0m2.14s user 0m2.22s system
# time tar -xzpf /usr/releasedir/base53.tgz
I made a new build of current and the problem with tar performance seems
to be resolved now.
before:
# time tar -xzpf /usr/releasedir/comp53.tgz
3m17.81s real 0m2.14s user 0m2.22s system
# time tar -xzpf /usr/releasedir/base53.tgz
3m39.33s real 0m2.23s user 0m2.23s
On 06/29/13 11:18, Ville Valkonen wrote:
On 29 June 2013 09:51, Andreas Bartelt wrote:
time ./buildsrc.sh took about 41 minutes at 5.3 release, then went down
to 32 minutes at some point afterwards. At some point after June 7th,
build time doubled to 64 minutes.
Hi Andreas,
story doesn&#
On 06/29/13 08:15, Philip Guenther wrote:
> On Fri, Jun 28, 2013 at 10:25 PM, Andreas Bartelt wrote:
>> I also noticed that tar performance got much worse on current, and time for
>> building release doubled somewhere around the first half of June.
>
> Hmm, please excuse my
On 06/26/13 12:35, Tori Mus wrote:
Hi,
I'm running current snapshot of OpenBSD on amd64 architecture, MP kernel
(Lenovo Thinkpad to be concrete). Based on the official docs tried to tune
disk performance by adding `softdep' mounting option for ffs slices.
After updating of /etc/fstab and clean
On 12/06/12 00:22, Alexander Hall wrote:
On 12/02/12 14:31, Andreas Bartelt wrote:
Hello,
I've set up yubikey OTP authentication and also want to use it for
xlock(1) authentication.
/var/db/yubikey has permissions 770 for root:auth.
In case no `user`.ctr file exists in /var/db/yubik
Hello,
I've set up yubikey OTP authentication and also want to use it for
xlock(1) authentication.
/var/db/yubikey has permissions 770 for root:auth.
In case no `user`.ctr file exists in /var/db/yubikey at first login via
yubikey, it is created automatically with permissions 644.
This fail
Hello,
On 05/29/12 17:28, Kenneth R Westerback wrote:
On Tue, May 29, 2012 at 03:48:02PM +0200, csszep wrote:
Hi!
So i tested the ciss performance with Openbsd 5.1 and Netbsd 5.1.2 and
the numbers are the same. :(
approx 13Mbyte/s write with dd if=/dev/zero of=/dev/rsd1c bs=1m count=500
But
Hello Norman,
On 11/05/11 20:13, Norman Golisz wrote:
...
since 5.0, xenocara uses xkeyboard-config instead of the old
/etc/X11/xkb. In the last couple of days, some code has been changed in
xkeyboard-config, however, and made keyboards in X non-functional, when
the /usr/X11R6/share/X11/xkb/symb
On 11/05/11 15:39, tkdchen wrote:
Hi all,
My keyboard does not work in fvwm, GNOME or KDE after the most recent
update. No key response except the Fn+brightness-up and down.
I run 5.0-current on Thinkpad x201i. Thanks a lot for your help.
I've noticed that the keyboard of an Asus EEE 701 also
On 06/19/11 12:09, Claudio Jeker wrote:
On Sun, Jun 19, 2011 at 11:30:19AM +0200, Andreas Bartelt wrote:
...
What surprises me is that although the correct outgoing (wireless)
interface is used, an IPv6 packet to 2001:db8:10:20::1 has the
source address of the wired interface 2001:db8:10:10
Hello,
one of my hosts has one wired and one wireless interface, and both
interfaces have /64 IPv6 addresses in different subnets. I've noticed
that this host doesn't use the IPv6 address of the outgoing interface
(i.e., the wireless interface) as its source address, but, instead, the
IPv6 ad
Hello Brett,
On 05/22/11 09:02, Brett Mahar wrote:
Hi misc,
I have been playing around with pf lately, and have noticed a bunch of
packets going from 0.0.0.0.0 to 0.0.0.0.0. I know 0.0.0.0 sometimes
means the network address, but am not sure why these packets are getting
through the firewall, o
Hello,
I'm able to use the following configuration for gif0 via ifconfig(8):
# ifconfig gif0 inet6 tunnel 2002:db8::1 2002:db8::2
# ifconfig gif0 192.168.1.1 192.168.1.2 netmask 255.255.255.0
The following version of /etc/hostname.gif0 doesn't work:
# cat /etc/hostname.gif0
inet6 tunnel 2002:db
Tamas TEVESZ wrote:
> ok, so i'm not *entirely* sure it's with pppoe(4), but as far as i can
> put bits and pieces together, it's always happening after "ifconfig
> pppoe0 down; ifconfig pppoe0 destroy" and then either "sh
> /etc/netstart pppoe0" or (the second case) starting ppp(8).
>
...
>
>
Hi all,
after reading the recent CORE advisory about the mbuf handling bug, I
was wondering if some of OpenBSD's exploit mitigation strategies could
also be applied to the kernel in order to prevent exploitation of kernel
bugs. Theo's presentation about exploit mitigation (
http://openbsd.org
John Fiore wrote:
is there any documentation about using pkg_add over ssh available yet?
Can this feature be used with some of the official mirrors?
Just out of curiosity, why would you want to do this? pkg_add verifies the
packages after downloading them. Is this some kind of firewalling is
Will Maier wrote:
On Wed, Nov 01, 2006 at 07:45:16PM +0100, Andreas Bartelt wrote:
is there any documentation about using pkg_add over ssh available
yet?
pkg_add(1); look for 'scp://'...
thanks, I didn't see it.
Can this feature be used with some of the official mirrors
Hi,
is there any documentation about using pkg_add over ssh available yet?
Can this feature be used with some of the official mirrors?
regards,
Andreas
Andreas Bartelt wrote:
> ...
sorry, I forgot a add dmesg output...
OpenBSD 4.0-beta (GENERIC) #0: Sat Aug 26 05:17:41 CEST 2006
[EMAIL PROTECTED]:/home/a/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) XP 2600+ ("AuthenticAMD" 686-class, 512KB L2 cache) 1.93
GHz
cpu0:
F
Andreas Bartelt wrote:
...
thanks, you made me look at my BIOS and (at least I think) I found the
cause. There's an option called "Video Off method", which was set to
"DPMS support". I just switched it to "blank screen" and didn't
experience the usual
Hi,
is there a simple way to efficiently mirror packages solely based on
package filenames in order to reduce bandwidth overhead?
I've tried to do this with rsync but as packages are constantly rebuilt,
file size of packages changes regularly, and, therefore, the rsync
option '--size-only' (
Hi,
Nick Holland wrote:
...
OpenBSD does not blank the console screen after booting without you
deliberately setting things to do so. This is clearly not OpenBSD at
work. Don't try to fix broken hardware configuration through OpenBSD,
fix the hardware.
You apparently have some strange "fea
Hi,
Bachman Kharazmi wrote:
xorg.conf has a DPMS option which turns the monitor in powersave after a
while.
Check if that option appear in your xorg.conf.
"xset q" also know if it's enabled or not.
thanks for the hint. I suppose, I didn't describe the problem clearly.
My Xorg screensafer wo
Hi,
is there a way to disable to console screensafer in OpenBSD?
Problem description: after about 60 seconds after booting, the console
screen blanks and my monitor turns off (disabling power management on my
monitor doesn't help). Sometimes, shortly after starting Xorg, my
monitor also turns
Hi,
I'm still using the binary snapshot from July, 25th.
maybe this strange problem is related to the other problem:
>tar -czvpf folder.tar.gz folder/
tar: Failed write to archive volume: 1: Broken pipe
'tar -cvpf ...' (without compression) works without problems.
Could this problem be related
Hi,
as nobody seems to be interested in this problem, this will be my last
post and then I'll stop digging.
I've tried a _binary_ snapshot from ftp.openbsd.org (from July, 25th)
and it also gives me this "short write" error while using pkg_add per
ftp. dmesg is attached to this mail (I don't k
Hi,
I've compiled some older snapshots of CURRENT and the last time it
worked for me was July, 12th 00:00 (the build failed at texinfo, but
"pkg_add -ui -F update -F updatedepends" worked afterwards).
A build from July, 14th 00:00 didn't work anymore, so I suppose the
breakage was introduced
Hi,
I accidentally posted some tcpdump output to misc@ that was obviously
too large (and also incomplete). These are the last lines (pkg_add from
the CURRENT box to ftp.openbsd.org) while the error occurs:
...
17:13:18.323541 192.168.1.5.17816 > 129.128.5.191.43034: R [tcp sum ok]
1512118968
Hi,
as nobody answers, I conclude I'm the only one experiencing this problem
on CURRENT. I've rebuilt CURRENT today and the problem persists. I don't
experience this problem on my OPENBSD_3_9 boxes (kernel from June, 17th).
What exactly does this "short write" error message mean and what coul
Hi all,
there was a similar thread on misc@ a few days ago. I'm using current
and can't update packages anymore.
#export
PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/
#pkg_add -ui -F update -F updatedepends
Error from ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packag
Hi all,
after upgrading one of my boxes to OpenBSD 3.9, I couldn't log in with
tcsh any more. It looks like malloc options 'AFGJP' trigger a core dump
with tcsh.
I recompiled tcsh with debug symbols and ran gdb, which gives me the
following output:
# gdb /usr/local/bin/tcsh tcsh.core
GNU gd
Hi,
Bob Bostwick (Lists) wrote:
> Anyone else get these errors with the nfe driver? Not really sure what
> to do to troubleshoot the problem. This seems to happen during heavy
> traffic times.
>
> nfe0: tx v1 error 0x6001
> nfe0: watchdog timeout
> nfe0: tx v1 error 0x6001
> nfe0: tx v1 error 0
Andreas Bartelt wrote:
...
Bruce Schneier recommends using 256 bit keys in order to achieve 128 bit
overall strength for a symmetric cipher. You can read it in 'applied
cryptography'. The reason for this recommendation is related to
collision attacks.
oops, typo. It's in
Hi,
knitti wrote:
...
At least if there some quant. computers 128Bit will not save ya day
anymore.
quantum computers are the real big buzzword to scare people into
irrational behaviour. nobody knows whether or when quantum computer
will be able to brute force 128 bit keys. and whether twofish
Hi,
James Strandboge wrote:
On Thu, 2005-12-15 at 03:02 +0100, Andreas Bartelt wrote:
...
Apache forks children with reduced priviledges (user www) while, at the
same time, there's always an Apache process running as root. Therefore,
a useful systrace policy for Apache probably won'
Hi,
James Strandboge wrote:
...
While we're at systrace, I was wondering - could systrace reduce the risks
associated with running apache with PHP?
Default apache is already chrooted, so systracing it won't be as much of
a win as systracing processes not in a chroot. That said, you can
defin
Hi,
Matthias Kilian wrote:
...
You could (ab)use the checkflist script in /usr/src/distrib sets,
as mentioned in release(8):
# cd /usr/src/distrib/sets
# DESTDIR=/ sh checkflist > foo
Thanks for pointing me to release(8). In the end, I followed the steps
described in release(8) and replaced
Hi all,
according to http://www.openbsd.org/faq/faq4.html#SpaceNeeded 250 MB for
/usr is sufficient, in case X isn't installed on an OpenBSD system. My
/usr partition (located on a 512 MB CompactFlash drive) recently has
reached its limits after living through multiple releases (3.4 - 3.8).
Hi,
Tobias Weingartner wrote:
On Thursday, November 17, Andreas Bartelt wrote:
As much better algorithms for error detection are known and PC
performance (and also Internet traffic) has increased a lot since the
introduction of TCP - do you think that the original checksum algorithm
is
Hi,
Damien Miller wrote:
...
[EMAIL PROTECTED] djm]$ netstat -sp ip | grep -E '(bad.*checksum|total packets)'
61092730 total packets received
0 bad header checksums
wouldn't netstat -sp tcp | grep -E '(bad.*checksum|total packets)' give
the output of interest?
(uptime 10 da
Hi,
Ted Unangst wrote:
...
good luck communicating with other tcp devices after you change your
checksum to md5. the point is to be fast and catch some errors.
also, type end-to-end into google.
thanks for the interesting paper. I now understand why it makes sense to
use a checksum at lin
Hi all,
I was wondering why such a simple checksum algorithm is implemented in
TCP. I suppose, it's because of the slow CPU performance many years ago.
This algorithm looks so unreliable to me that it even can't protect
against some pretty simple errors, which (I suppose) also could occur
ran
Hi,
Matt Garman wrote:
...
Has anyone else out there been brave enough to go rw on their CF
cards? Results?
I'm using a 512 MB Sandisk Ultra II "24/7" in a home server for about 2
years now. No problems.
I suppose power failures can be a problem with CompactFlash cards (don't
know if it
[EMAIL PROTECTED] wrote:
[very long...]
I haven't followed this thread thoroughly, but systrace(1) is part of
the base system.
regards,
Andreas
Hi,
Neta wrote:
...
If your conclusion is right. Why so many internet banking used it?
Do you have any real experiences with your box?
you probably confuse JavaScript with Java. Java's sandbox model is much
more consistent than JavaScript's security policies are. For example,
have a look at
63 matches
Mail list logo
