| Chris Cappuccio | touch screens
Does anyone have any recommendations on 7" or smaller touch screens that
have a USB input ?
I want something preferrably under or around $100... I want to mount it
on a car dash.
| Sep 24, 7:15 pm 2007 |
| Ed | OpenCON 2007 // Call for Papers
Dear ladies and gentlemen,
OpenCON is the only conference fully dedicated to OpenBSD. Last year edition
was a great success and featured also the party for OpenBSD 10th birthday,
with project leader Theo de Raadt and a lot of developers. More info here:
http://2006.opencon.org/
The OpenCON program committee is inviting speakers to submit innovative,
original, and interesting talks on apps, architecture, implementation,
performance and security of OpenBSD. Speeches and slides must be in englis...
| Sep 24, 4:55 pm 2007 |
| Eric Johnson |
| Sep 24, 6:19 pm 2007 |
| ArabianBusiness.com ... | 5
[IMAGE]Having trouble reading this email? See it in your browser
ArabianBusiness.com Daily News Alert
GHMK ]m Gacf^Z:
GaCMO ,24 SHJcHQ 2007
------------------------------------------------------------------------
[IMAGE]
GaCNHGQ GaQFmSmI
5 caGmmd edOm mZcafd ]m Ofa "GaJZGfd"
6 ]m GacGFI cd GaZcGa GaedfO cfLfOfd ]m GaSZfOmI mZcafd ]m Ga^XGZ GaQScm
faG JTcaec ^fGdmd GaZca
eGamHmQJfd JSZl aTQGA MUU HTQ_GJ d]X NamLmI
d^aJ UMm]I GaTQ^ GaCfSX Zd eGamHQJfd GaCcQm_mI CdeG JOQS TQGA MUU HT...
| Sep 24, 9:05 am 2007 |
| Can E. Acar | Re: OBSD's perspective on SELinux
People running arbitrary binary software requiring root on their systems
You do not to do it everywhere, just protect what is needed (logs, data
whatever)
Most daemons in OpenBSD run isolated (chroot) in their own space without
access
to anything at all, without resorting to magic solutions, and any additional
We have also systrace, which allows to create SELinux like policies.
Disregard its vulnerabilities for a moment and think about it.
What happened? (even before the vulnerabilities we...
| Sep 24, 2:49 pm 2007 |
| Rui Miguel Silva Seabra | Re: OBSD's perspective on SELinux
Yes, which is one of the reasons I personally believe Visa's PCI is an
extortion sham.
However, some hugely influential entities happen to require those
complexities, and no reason on the world will convince anyone (who doesn't
know but decides) on the virtues of the KISS principle.
Rui
--
Frink!
Today is Boomtime, the 48th day of Bureaucracy in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important ...
| Sep 24, 4:52 pm 2007 |
| ttw+bsd | Re: OBSD's perspective on SELinux
On 24.09-11:49, Can E. Acar wrote:
that is not the case and is, in fact, the entire point of defining
policy. to define what the applications on the system can and
cannot do, irrespective of how "stupid" they (or their programmer),
or how malicious they (or their programmer) is / was.
| Sep 24, 4:13 pm 2007 |
| Luke Bakken |
| Sep 24, 5:28 pm 2007 |
| ttw+bsd | Re: OBSD's perspective on SELinux
On 24.09-14:28, Luke Bakken wrote:
you'll forgive me if this does not sound "intelligent" to me. a
consiencous sysadmin looks at the requirements and picks the best
tools to match. in the vast majority of cases best results can be
achieved with simplicity and an intelligent use of basic tools.
complex policy systems have diminising returns but there is no question
that they bring additional tools to the toolkit.
| Sep 24, 8:40 pm 2007 |
| Darren Spruell | Re: OBSD's perspective on SELinux
Oh, that sounds like a recipe for success.
- Run _arbitrary_ _binary_ application on system. Intend to use policy
wrapper to restrict to allowed operations.
- Can't figure out how to get a working policy (made harder because
you can't debug the damn blob well anyway). (made harder because the
ppl who sold you that application aren't going to be able to help you
when you ask them "why is this app doing X Y and Z?" when X Y and Z
are system calls they've never heard of.)
- So, disable policy stuff...
| Sep 24, 4:48 pm 2007 |
| ttw+bsd | Re: OBSD's perspective on SELinux
On 24.09-13:48, Darren Spruell wrote:
exactly, if the application cannot run within the defined policies it
will not be allowed to run, this is precisely the assurance that some
businesses look for. it is, in fact, a process that helps identify
poor applications. whether the system is opened up or not depends on
indeed, i am one of them. and probably as painfully aware of it as
any. that is not the point, writing them off wholesale is folly, and
suggesting the same can be achieved with curren...
| Sep 24, 8:34 pm 2007 |
| Tony Abernethy | Re: OBSD's perspective on SELinux
... Whether or not the business wants to stay in business.
Security policy seems like a very effective tool for Denial of Service.
Burroughs Computers essentially went out of business because their
computers refused to do illegal operations while IBM's computers
very happily did all sorts of illegal stuff.
The problem is that if you must wait for perfection, you're dead.
It is always a case of what can be achieved with how much effort.
There are many cases where people fix what they can fix,
ind...
| Sep 24, 9:06 pm 2007 |
| Marco S Hyman | Re: OBSD's perspective on SELinux
> Burroughs Computers essentially went out of business because their
> computers refused to do illegal operations while IBM's computers
> very happily did all sorts of illegal stuff.
Way off topic here... Burroughs became part of Unisys and the
architecture that "refused to do illegal operations" still exists
in products sold today. Well, its emulated on intel hardware
these days, so perhaps that doesn't count.
I miss coding in algol :-)
// marc
| Sep 24, 11:26 pm 2007 |
| Todd Alan Smith | Re: OBSD's perspective on SELinux
On 9/24/07, Tony Abernethy <tony@servacorp.com> wrote:
This is ironic considering that Burroughs Corp was founded by William
S. Burroughs' grandfather ;-)
| Sep 24, 9:32 pm 2007 |
| rwaite1 | Re: Unable to map phys mem on Intel D945G motherboard
Your message header seems to point to an issue that has come up a few times.
However.. your message body doesn't really give any good clues.
I would suggest looking at a past post with the subject "OpenBSD 4.1 install issue??"
from early May of this year.
If my guess is correct.. when you use the boot cd.. it flashes text by very quickly
and then halts? If it is indeed the same problem (I have the same motherboard)
then you need to recompile the kernel. This is all detailed in the previously mentione...
| Sep 24, 11:51 am 2007 |
| Wade, Daniel |
| Sep 24, 11:32 am 2007 |
| Martin Schröder |
| Sep 24, 11:46 am 2007 |
| Diana Eichert | OpenBSD on decTOP?
Howdy all,
Anyone tried OpenBSD on a decTOP?
http://store.dataevolution.com/ProductDetails.asp?ProductCode=DT%2D7001&...
Small, little, Geode system. The downside is there's no serial console,
until of course you take a look at a picture of the system board,
http://www.enicomms.com/decTOP/DSCF1159.JPG , where you'll find an
unpopulated location for a pin header that has 5V,GND,RX,TX labelled,
sounds like a serial port to me. :-) Oh, yeah, no onboard ethernet and
USB 1.1 only, but ...
| Sep 24, 9:43 am 2007 |
| Maurice Janssen |
| Sep 24, 10:57 am 2007 |
| Diana Eichert |
| Sep 24, 1:50 pm 2007 |
| Maurice Janssen | Re: OpenBSD on decTOP?
Sorry, it was a bit short. What I meant to say: "5V,GND,RX,TX" sounds a
bit like USB, instead of a good old RS-232 serial port that can be used
as a serial console.
Maurice
| Sep 24, 2:04 pm 2007 |
| Andrew Dyer | Re: OpenBSD on decTOP?
typically the USB lines are called VBUS, D+, D-, and GND. I would guess
that is a serial port. Send me one and I'll put a 'scope on it and see :-)
| Sep 24, 2:30 pm 2007 |
| Diana Eichert | Re: OpenBSD on decTOP?
nah, it sounds like a lot of embedded systems that have a serial port but
left off the RS232 level shifter chip. Obviously you're only going to get
XON/XOFF type flow control with our the h/w flow control lines.
but US$99 seems like something I can take a risk on,
diana
| Sep 24, 2:25 pm 2007 |
| Jonathan Gray | Re: OpenBSD on decTOP?
There has been at least one dmesg submitted for these,
audio/modem is currently not yet supported and I'm looking for someone
who replies to mail to test a diff to support DMA on the CS5535 IDE
controller which is designed somewhat strangely.
| Sep 24, 10:13 am 2007 |
| Diana Eichert | Re: OpenBSD on decTOP?
Well, shoot, with this info I'll get one and try the diff to support IDE
DMA if no one gets back to you before then.
diana
| Sep 24, 1:51 pm 2007 |
| Markus Wernig | pf tag from ipsec in nat rules
Hi all
Can tags from ipsec (defined in ipsec.conf) be referenced in pf nat
rules (OBSD 4.1)?
The idea is:
ipsec.conf:
ike esp from A to B tag "mytag"
pf.conf:
nat on $int_if tagged "mytag" -> ($int_if:1)
nat on $int_if from !($int_if) -> ($int_if:0)
If I use the "tagged" keyword, the second nat rule is used even for
packets coming out of the ipsec tunnel. Replacing the "tagged" keyword
with the actual IPs works:
nat on $int_if from A to B -> ($int_if:1)
Shouldn't this be...
| Sep 24, 9:08 am 2007 |
| Markus Friedl |
| Sep 24, 10:53 am 2007 |
| Douglas A. Tutty | minimum hard-drive space to compile patches?
I currently have OBSD running on my P-II with an 850 MB drive and 64 MB
ram. On install, I chose not to include the compiler set over concern
re drive space. The FAQ says how much space is required to minimally
run OBSD and it says how much to be able to comfortably compile ("4G is
not a bad size").
It may not be "bad" but what is the absolute minimum size of hard drive
for an i386 to be able to recompile any necessary patches itself?
Thanks,
Doug.
| Sep 24, 8:49 am 2007 |
| Nick Holland | Re: minimum hard-drive space to compile patches?
Thou shall start at Four Gig, perhaps more, no less.
Four gig shall be the number thou shall need to be able to store, and
the number of the Gig be Four.
More thou mayest have, but three gig thou shall not store, excepting
that thou then proceed to fill four.
Two Gig is right out.
4G.
If you want to build X, better make that 6G.
COULD you do it in less? Probably. But not much less.
Last weekend, I saw brand-new 8G IDE disks for sale for $9US ea.
The ONLY excuse trying to cram into sm...
| Sep 24, 8:28 pm 2007 |
| Stephan F Andre | Re: minimum hard-drive space to compile patches?
I do not want to sound mean or snide here, but you are playing
a somewhat foolish game trying to do things on an 850M drive
and having to worry about every K of disk. This reminds me
of something that Ted Nelson of Xanadu fame once said about
people who dealt with inadequate systems: "Look what I did
with 16K and a Bowie knife!"
I think you could get away with 2.5G of disk if you aren't
using X. /usr/src is around 1G, /usr/obj is I think a little
under that, so 2.5G should give you slop room...
| Sep 24, 1:00 pm 2007 |
| Woodchuck | Re: minimum hard-drive space to compile patches?
4G is not a bad size. ;-)
(Longer and detailed reply sent offlist -- bottom line, there is
no definite minimum. 250MB for comp41.tgz installed, about 120MB
more to rebuild a kernel, unknowable amounts for rebuilding parts
of userland, ranging from near zero to near 2GB).
Solutions: a second fleabay disk, NFS or use a second box.
Dave
--
Dude, Dave's not here!
| Sep 24, 12:05 pm 2007 |
| Christian Weisgerber | Re: Does OpenBSD support Hebrew?
Well, do you consider, say, ksh and vi as part of the system or as
"common applications"?
What about wscons? Does a Hebrew VT220 change writing direction?
I know that adding full POSIX i18n support requires changes to lots
of text processing tools under /usr/bin. Languages like Hebrew or
Arabic are likely to add further complications, but I don't know
if their needs are covered by POSIX.
At least I'm aware that I know approximately nothing about this
topic. I sure hope people who make con...
| Sep 24, 6:55 am 2007 |
| Gregg Reynolds | Re: Does OpenBSD support Hebrew?
http://mlterm.sourceforge.net/
vim supports right to left layout and Arabic shaping, but without
Unicode semantics for number strings, so you kinda have to know what
you're doing if you're going to use it to edit text with number
strings.
emacs has had an implementation of r-t-l for years, waiting for
somebody to test/debug.
A good resource for this sort of thing is arabeyes.org. Their focus
is Arabic but they try to accomodate any r-t-l language, including
Hebrew (in general, if it suppor...
| Sep 24, 2:58 pm 2007 |
| Peter N. M. Hansteen | Re: SMTP flood + spamdb
Then it sounds almost like you were running with a too short passtime,
We've been seeing a lot of that here, too. Mostly it's a few (maybe
20) a day to the most widely known domain here, then occasionally
somebody pushes the "generate" button for too long and one domain
almost nobody actually uses gets the bouces for 700+ fake
addresses[1]. Bob Beck's greyscanner is rather effective, as is the
more manual methods I've blogged about the observations quite a bit,
starting with [2].
Short summa...
| Sep 24, 1:34 am 2007 |
| Stuart Henderson |
| Sep 24, 6:47 am 2007 |
| patrick keshishian | Re: SMTP flood + spamdb
It wouldn't be a problem if it didn't mimic a DDOS attack.
Getting bombarded by many dozen SMTP connection in a very
short time-span iss a bit alarming (at least was to me).
Other than that, I agree, sendmail would drop them as "User
unknown" and that's the end of story.
Btw, your "reply-to" field contains my e-mail address. Is that
intended?
Cheers,
--patrick
| Sep 24, 11:01 pm 2007 |
| David |
| Sep 24, 1:10 am 2007 |
| Richard Toohey | Re: Package Dependency Problem with glitz and X
The command you used works for me (well, no errors) on i386 - 4.1
installed off CD. X installed at install time, and definitely
working on the machine.
What is your PKG_PATH / where are the packages that you are
installing from?
# PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/
# export PKG_PATH
# echo $PKG_PATH
ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/
# pkg_add -nv xfwm4
parsing xfwm4-4.2.3.2p1
Dependencies for xfwm4-4.2.3.2p1 resolve to: libxfce4mcs-4.2.3p...
| Sep 24, 4:47 am 2007 |
| Darren Spruell | Re: lock(1) to lock all virtual terminals?
It's not necessarily a different version; all BSDs document in the
lock(1) manual page that the implementation came from the 3.0BSD
release. Indeed, all of them implement similar options with slight
variance in the additional command line switches:
FreeBSD adds a -v option to prevent switching virtual terminals during
a lock. It notes that only syscons(4) terminals are supported here.
(Note it's not saying that all other terminals are locked, just that
you can't switch to them. So under OpenBSD y...
| Sep 24, 2:27 pm 2007 |
| Todd Alan Smith |
| Sep 24, 8:55 pm 2007 |
| Damien Miller | Re: OBSD's perspective on SELinux
In terms of mandatory access controls, OpenBSD only has systrace.
Every medium to large Linux deployment that I am aware off has switched
SELinux off. Once you stray from the default configurations that the
system distributors ship with the default policies no longer work and
things start to break. In my admittedly limited experience, this happens
very quickly.
If the policy language was halfway sane then this wouldn't be so bad -
a skilled administrator could adjust the policy. Unfortunately:...
| Sep 24, 11:09 pm 2007 |
| Chris Kuethe | Re: OBSD's perspective on SELinux
A capsule summary of the situation is:
OpenBSD aims to improve security by taking advantage of easy-to-use,
hard-to-disable, low-overhead technologies.
yes, you can disable propolice if you need to, but you have to know how.
yes, you can disable random library mappings, but you have to know how.
yes, you can disable W^X, but you have to try.
you could turn off the security features, but why would you, since
they don't get in your way, and they don't slow you down all that
much. i've not seen...
| Sep 24, 10:52 am 2007 |
| Ted Unangst |
| Sep 24, 1:29 pm 2007 |
| Jacob Yocom-Piatt |
| Sep 24, 2:17 pm 2007 |
| Ted Unangst |
| Sep 24, 3:14 pm 2007 |
| Brian Candler | Re: OBSD's perspective on SELinux
You solve the problem a different way:
- You don't give the guy root access, but their own userid
- You set file permissions so this userid can read only the file of interest
- You use pf rules so that this user ID cannot send network packets
- If this guy needs root for something (e.g. to bind to port 80), then you
write a three-line setuid root wrapper which binds to port 80 for them.
If you have a lot of this to do, then consider an 'open server' which
returns the open file descrip...
| Sep 24, 11:31 am 2007 |
| Rui Miguel Silva Seabra | Re: OBSD's perspective on SELinux
Hi,
All in all, forms of doing it all, but doing all you described creates a lot
more work than creating an SELinux policy :)
Best,
Rui
--
Umlaut Zebra o?=ber alles!
Today is Boomtime, the 48th day of Bureaucracy in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
| Sep 24, 11:59 am 2007 |
| Martin Schröder |
| Sep 24, 11:18 am 2007 |
| Gilles Chehade |
| Sep 24, 5:40 am 2007 |
| Martin Schröder | Re: digitally signed distribution (was: OBSD's perspective o...
I can.
But can we agree that packages are not digitally signed, patches are
not digitally signed and the methods used to distribute sources online
also don't use digital signatures? And that md5/sha1 and pgp are older
than OBSD?
And to further the flamefest: This is one area where most Linux
distros are better.
Best
Martin
| Sep 24, 12:02 pm 2007 |
