On Wed, Sep 28, 2022 at 11:05:35AM +0300, Kapetanakis Giannis wrote:
> Hi,
>
> Looking for upgrading our firewall/router and thinking about switching
> from Xeon to EPYC (73F3 - 16C @ 3.5 GHz).
>
> Anyone running on EPYC? Any problems?
>
> Alternative would be something like dual Intel Xeon Gold
On Fri, May 13, 2022 at 11:10:41PM +0200, n18fu...@tutanota.com wrote:
> Hi,
>
> I've set up an OpenBSD server on the Cloud, set up a Wireguard tunnel, and
> configured default route through that server. I've noticed that I can't
> access some websites: my browser was not able to complete TLS hand
On Wed, May 11, 2022 at 04:54:02PM +0100, james palmer wrote:
> i have a local dhcp server running which gives out three nameservers:
>
> - 192.168.0.2 (resolves some local machine names)
> - 9.9.9.9
> - 149.112.112.112
>
> on linux, android, and windows the local nameserver takes priority over t
On Fri, Apr 01, 2022 at 03:45:13PM -0500, Luke Small wrote:
> So if it’s a potential vulnerability for the kernel to be linked the same
> without KARL (I presume because if the source code is known and ASLR and
> PIE can potentially be randomly overcome) then can there be a KARL type
> extension fo
On Thu, Mar 17, 2022 at 06:34:28PM -, Stuart Henderson wrote:
> On 2022-03-16, Marc Espie wrote:
> > On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote:
> >> Since Go has support for pledge and unveil, I was thinking about
> >> "imitating" the setup for httpd.
> >>
> >> I basic
On Thu, Mar 17, 2022 at 09:41:13PM +0100, i...@tutanota.com wrote:
> >> I assume go has bindings for setuid() and friends.
>
> > Go software doesn't usually like to do this because of some issue
> > with doing so on Linux that I don't _think_ apply to OpenBSD. And
> > they have the "allow binding
I recently installed Prosody after a few years hiatus from XMPP. Previously
I used ejabberd, but that was removed from ports. Given the ease of writing
modules in Lua generally, and Prosody specifically, I figured it would be
relatively simple to add pledge(2) and unveil(2) support.
https://gith
On Mon, Sep 13, 2021 at 12:28:04PM +0200, Simon Hoffmann wrote:
> > do you have "lookup file bind" record in your /etc/resolv.conf file?
>
> This option is not available in the current debian version.
FWIW, the equivalent setting on glibc-based Linux systems would be the
`hosts` line in /etc/nss
On Sat, Jan 09, 2021 at 12:05:31AM -0800, William Ahern wrote:
> Interestingly, DragonflyBSD and FreeBSD already do it this way[3][4], yet I
> can confirm FreeBSD still has the problem. (DragonflyBSD has nearly
> identical code.) But that implementation duplicates the short-circuit, alo
On Fri, Jan 08, 2021 at 07:09:01PM -0800, Jordan Geoghegan wrote:
> Hey folks,
>
> I've noticed some surprising behaviour from cmp(1) when using the '-s'
> flag.
>
> It appears that cmp -s is ignoring the byte offset arguments I'm giving
> it.
> Not sure what to make of this, I noticed this same
On Tue, Apr 21, 2020 at 02:01:10PM +0200, Otto Moerbeek wrote:
> On Tue, Apr 21, 2020 at 10:51:54AM +, Roderick wrote:
>
> >
> > Acording to the man page: "timegm() is a deprecated interface that
> > converts [...]"
> >
> > O.K., deprecated. And what is the alternative?
> >
> > Thanks for a
On Thu, Apr 16, 2020 at 10:28:55AM +0200, Ben wrote:
> > AFAIU, ENOBUFS happens when the NIC transmit queue is full. Have you looked
> > at the interface statistics to see if there are many dropped packets? Try,
> > e.g.,
> >
> > $ netstat -ni
>
> NameMtu Network Address I
On Wed, Apr 15, 2020 at 10:53:49PM +0200, Ben wrote:
> I have exactly one device - an Apple smartphone - within one of the
> subnets, that Unbound is not able to send "some" data. The log tells us
> "sendto failed: No buffer space available". Beside the error message,
> the device seems to work wi
On Thu, Jan 16, 2020 at 01:16:47PM +0100, Otto Moerbeek wrote:
> On Thu, Jan 16, 2020 at 11:20:10AM +, gritzmann wrote:
>
> > Hi,
> >
> > How do I change the birth time of a file? `touch -acm -d "1980-01-01
> > 00:00:00" myfile` changes only the access, modify and change times.
> >
> > `sta
On Fri, Jan 10, 2020 at 03:58:16AM +, Joseph Mayer wrote:
> Maybe this topic is better suited for tech@, you tell:
>
> Is there some way I can implement PCI drivers in userland in OpenBSD?
In light of the other responses I think the best you could expect is PCI
passthrough to a virtual machin
On Fri, Dec 13, 2019 at 10:52:03PM +0100, Alexander Pluhar wrote:
>
> > Just upgraded my APU2 to the latest -current and it seems to hang on the
> > disk.
> > It was fine running on -current #512.
>
> I encountered this problem on 6.6 stable with the latest syspatches installed
> after
> updati
On Wed, Mar 13, 2019 at 06:53:43PM -0700, William Ahern wrote:
> The real issue here is that the EJBCA specification wasn't just a failure in
> language precision, but was and remains entirely ill considered on this
> score. If ASN.1 INTEGERs must now be 65 bits, it's a go
On Wed, Mar 13, 2019 at 11:32:50PM +0100, Ingo Schwarze wrote:
> Hi Tom,
>
> Tom Smyth wrote on Wed, Mar 13, 2019 at 08:32:20PM +:
>
> > Just saw the following article and i was wondering if libressl
> > Might be affected by the bug also
> > Top bit being set to 0 always making an effective 6
On Mon, Feb 25, 2019 at 03:44:10PM +, Michael Lam wrote:
> Hi,
>
> I have a very straight forward setup use case that I want to use my
> OpenBSD router as a VPN gateway, which will accept IKEv2 road warrior
> connections from the Internet and route all traffics through my
> router.
>
> I am u
On Fri, Feb 08, 2019 at 12:02:50PM -0600, Mike Coddington wrote:
> Last night I screwed up my /tmp directory's permissions. I fixed it by
> looking at another machine's permissions and editing the directory with
> chmod(1). Is there a tool in OpenBSD which would work better than this?
> I'm fortuna
On Thu, Jan 24, 2019 at 04:55:50PM -0600, John Page wrote:
> This is my first attempt at a router. Liberally borrowing from tutorials
> and reading Absolute OpenBSD, 2nd Edition and Building Linux and OpenBSD
> Firewalls, I decided on installing OpenBSD 6.4 on a PC Engines apu4. I
> had previously
On Thu, Jan 17, 2019 at 10:41:37AM +, kolargol wrote:
> regarding TPM there were this patches:
>
> http://bsssd.sourceforge.net/download.html
>
> but looks like quite abandoned as diff dates back to OpenBSD 4.7, looks like
> lack of interest in TPM...
>
I'd love to use the TPM for private
On Sat, Dec 15, 2018 at 06:18:39PM -0600, Theodore Wynnychenko wrote:
> On the local gateway:
>
> 17:37:00.199269 (authentic,confidential): SPI 0x7b90f84c: 172.30.1.20.20692 >
> 172.30.6.201.443: S 3823001077:3823001077(0) win 16384 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 48604571 0
On Sun, Nov 04, 2018 at 02:49:44PM -0800, Misc User wrote:
> On 11/4/2018 2:25 PM, Mik J wrote:
> > Hello Peter,
> >
> > Thank you for this article.
> > Do you know why, and particularly Microsoft, use very random IPs to send
> > mails.
> > In that way, they make greylisting not as reliable as
On Wed, Oct 04, 2017 at 04:17:32PM +0800, Nan Xiao wrote:
> Hi all,
>
> I find the type of executable file format on OpenBSD is "DYN", not
> "EXEC":
> Is there any special consideration for it? Thanks very much in advance!
>
Because it was built as a position-independent executable (PIE). See
h
On Fri, Jan 17, 2014 at 08:38:05PM -0700, Theo de Raadt wrote:
> > I do use emulators, specifically for ARM, because it's just easier for me.
> > And one of my co-workers is a contributor to the Hercules emulator.
>
> Then you know it is not sufficient for our needs, yet we keep getting
> the same
On Fri, Jan 17, 2014 at 07:33:01PM -0700, Theo de Raadt wrote:
> > > You may argue that, since the kernel has a workaround for this issue,
> > > this is a moot point. But if some developer has a better idea for the
> > > kernel heuristic, how can the new code be tested, if not on the real
> > > har
On Fri, Jan 17, 2014 at 11:32:41PM +, Miod Vallat wrote:
> >And it's not full emulator if it doesn't emulate the
> > bugs.
>
> It's almost bedtime in Europe. Do you mind if I tell you a bedtime
> story?
>
> Years ago, a (back then) successful company selling high-end Unix-base
On Tue, Oct 29, 2013 at 02:06:48PM -0400, Gabriel Guzman wrote:
> On 10/29, Theo de Raadt wrote:
> > The /dev/*random nodes are not specified in any standard, furthermore
> > once you get into chroot all bets are off (like you discovered).
> >
> > >This allows the program to work, but I'm wonderi
On Sat, Sep 14, 2013 at 07:42:46PM -0400, Jeffrey Walton wrote:
> And 'usermod -G sudo jwalton' does not work, either. It errors with
> "Can't append group sudo for user jwalton".
>
> This stuff really should not be this hard...
>
I'm going to go out on a limb here and guess that you really wan
On Sun, Sep 15, 2013 at 01:08:05AM +0200, Martin Schröder wrote:
> 2013/9/15 Jeffrey Walton :
> > I wanted to add myself to the sudo group.
>
> man sudo
> man visudo
> man adduser
> man group
>
Are any of those directly useful for adding a group to a user's
supplementary groups? I'd suggest user
TL;DR http://25thandclement.com/~william/YubiKey_NEO.html
This is slightly off-topic, but perhaps some people on this list would be
interested in this.
I've been waiting over a decade, and tonight I've finally found the
smartcard promise land. By gods, I'll never have to d*ck around with OpenSC
e
On Fri, Aug 09, 2013 at 06:50:19PM -0500, Francisco Valladolid H. wrote:
> On Fri, Aug 9, 2013 at 5:22 PM, Hermes Ojeda Ruiz
> wrote:
> > I've used the Soekris brand. http://soekris.com/, but they are a little
> > expensive. (In M?xico taxes are a big problem).
>
> Yes, taxes and import duties a
On Thu, May 30, 2013 at 03:26:07PM +0200, Xianwen Chen wrote:
> Hi folks,
>
> I like the versioning feature in Google Docs a lot. There I can review
> past revisions of a document, which were generated automatically. In
> LibreOffice Writer, such a feature can be improvised if I change the
> user
On Wed, May 15, 2013 at 01:52:45PM +0200, Peter J. Philipp wrote:
> On 05/15/13 13:41, Jérémie Courrèges-Anglas wrote:
> >Doesn't kqueue() fit your needs?
> >
>
> Thank you for your reply,
>
> I've never used kqueue before, does this only report events on
> descriptors that have been opened?
Ye
On Mon, Jan 07, 2013 at 12:53:01PM +1000, David Diggles wrote:
> > > Maybe the following will help.
> > >
> > > See "Tuning for More"
> > > http://wiki.squid-cache.org/BestOsForSquid
> > >
> > > I use mount options: noatime and async.
> > > I don't use softdep for squid cache either.
> >
> > that
On Thu, Dec 20, 2012 at 03:53:44AM -0500, Jean-Philippe Ouellet wrote:
> Hello,
>
> I'm trying to learn about writing high performance servers, and I have a
> few questions not clearly answered by any documentation I can find. I'm
> comfortable with select(), poll(), and kqueue(), but that only go
On Tue, Nov 27, 2012 at 04:13:47PM -0200, Friedrich Locke wrote:
> Hi folks,
>
> i have seen, some minutes ago, a message about cloud with BSD!
> I have seen announcements on cloud computing every where. What is the
> difference between a BSD cloud and a linux cloud ? A windows cloud and a
> linux
On Sat, Nov 10, 2012 at 09:47:58PM +0100, rustyBSD wrote:
> Hi,
> is there a wayto useauth_userokay()without setgid
> to "auth" ?
>
> So it seems that I have to setgid to "auth", and my binary
> must be setuid.
>
> Am I wrong ? Is there a way of authenticatingwithout being
> setuid ?
There's al
On Thu, Nov 08, 2012 at 08:08:05PM +0200, Dan Shechter wrote:
> For unrelated reasons, I can't directly receive the TCP stream.
>
> I must copy the TCP data from a running stream to another server. I
> can use tap or just port-mirroring on the switch. So I can't use any
> network stack or leverage
On Thu, Nov 01, 2012 at 08:11:26AM +, Jamie Paul Griffin wrote:
> / Tyler Morgan wrote on Wed 31.Oct'12 at 20:04:11 -0700 /
>
> > Don't do it! Seriously, the upgrade process is easy, and is worth
> > becoming familiar with. At least give it a shot since you're
> > planning on reinstalling anyw
>From /usr/src/lib/libc/gen/auth_subr.c. When using auth_userokay(3) I keep
getting the message "dup of backchannel: Bad file descriptor". Yet, I'm
puzzled how the condition could even occur (the last line is the only place
this message exists in the entire source tree):
if (socketpair(PF_
I've just released the first version of mod_auth_bsd which supports
authentication of system accounts from a chrooted Apache. You can download
version 0.8.0 of mod_auth_bsd from
http://25thandclement.com/~william/projects/bsdauth.html
This release was supported by Barracuda Networks.
lib
43 matches
Mail list logo
