> On 11 Feb 2015, at 8:12 am, Alexander Bluhm wrote:
>
> On Tue, Feb 10, 2015 at 04:01:19PM +1000, David Gwynne wrote:
>> i want to remove the congestion stuff in ifqueue, but i dont want
>> to remove the pf functionality. my attempt at this below.
>
> I like that you replaced the malloc and ti
On Tue, Feb 10, 2015 at 11:19 PM, Reyk Floeter wrote:
> On Tue, Feb 10, 2015 at 10:51:12PM -0700, Theo de Raadt wrote:
>> So I gave Reyk some beer, and he did the impossible :-)
>>
>
> I sense a pattern here.
>
> Reyk
Not enough samples to be a pattern yet.. You shouldn't worry..
It's too bad su
On Tue, Feb 10, 2015 at 10:51:12PM -0700, Theo de Raadt wrote:
> So I gave Reyk some beer, and he did the impossible :-)
>
I sense a pattern here.
Reyk
> * Henning Brauer [2015-02-10 13:21]:
> > * Kevin Chadwick [2015-02-10 13:14]:
> > > On Tue, 10 Feb 2015 10:55:53 +0100
> > > Reyk Floeter wrote:
> > > > The standardized attempts to add authentication to NTP are a) fairly
> > > > horrible (ASN.1 etc.) and b) rarely deployed.
> > > When ntpd act
* Henning Brauer [2015-02-10 13:21]:
> * Kevin Chadwick [2015-02-10 13:14]:
> > On Tue, 10 Feb 2015 10:55:53 +0100
> > Reyk Floeter wrote:
> > > The standardized attempts to add authentication to NTP are a) fairly
> > > horrible (ASN.1 etc.) and b) rarely deployed.
> > When ntpd acts as a server,
I already talked to dlg here, but that obviously cuts you out which
isn't good :/
* Alexander Bluhm [2015-02-10 23:12]:
> We do not use the pf congestion feature, we have disabled it with
> an #ifdef. Prefering states over rules means that you cannot login
> into a congested box. There are case
> Brent Cook wrote:
> >
> > > On Feb 10, 2015, at 9:37 AM, Todd C. Miller
> > > wrote:
> > >
> > > On Mon, 09 Feb 2015 22:32:55 -0600, Brent Cook wrote:
> > >
> > >> Pretty trivial conversion. ok?
> > >
> > > OK but size_t should be printed %zu (%zd is ssize_t).
> > >
> > > - todd
> > >
> >
Brent Cook wrote:
>
> > On Feb 10, 2015, at 9:37 AM, Todd C. Miller
> > wrote:
> >
> > On Mon, 09 Feb 2015 22:32:55 -0600, Brent Cook wrote:
> >
> >> Pretty trivial conversion. ok?
> >
> > OK but size_t should be printed %zu (%zd is ssize_t).
> >
> > - todd
> >
>
> If I had known I would g
On Tue, Feb 10, 2015 at 04:01:19PM +1000, David Gwynne wrote:
> i want to remove the congestion stuff in ifqueue, but i dont want
> to remove the pf functionality. my attempt at this below.
I like that you replaced the malloc and timeout with a ticks
comparison as it makes the code simpler. The s
> On Feb 10, 2015, at 9:37 AM, Todd C. Miller wrote:
>
> On Mon, 09 Feb 2015 22:32:55 -0600, Brent Cook wrote:
>
>> Pretty trivial conversion. ok?
>
> OK but size_t should be printed %zu (%zd is ssize_t).
>
> - todd
>
If I had known I would get so many emails over this, I would have just do
On Mon, 09 Feb 2015 22:34:20 -0600, Brent Cook wrote:
> This makes it easier for a sysadmin to diagnose a privilege separation
> path problem without looking at the source code for why 'stat' failed.
OK but when printing stb.st_mode you should AND it with ALLPERMS
so you don't print non-user bits
On Mon, 09 Feb 2015 22:32:55 -0600, Brent Cook wrote:
> Pretty trivial conversion. ok?
OK but size_t should be printed %zu (%zd is ssize_t).
- todd
Obviously not that trivial: The return type of sizeof() is size_t, which
is unsigned, thus the second conversion specification should be "%zu".
(The printf manpage notes that the "%zd" conversion "indicates that the
argument is of a signed type equivalent in size to a size_t.").
natano
On Mon, Fe
On Mon, Feb 09, 2015 at 10:32:55PM -0600, Brent Cook wrote:
> Pretty trivial conversion. ok?
Well, if it is size_t, it should be %zu.
Joerg
On Tue, 10 Feb 2015 13:03:27 +
David Dahlberg wrote:
> > > The standardized attempts to add authentication to NTP are a) fairly
> > > horrible (ASN.1 etc.) and b) rarely deployed.
> >
> > When ntpd acts as a server, could the package signing code be of use
> > with ntpd keys?
>
> How exa
Am Dienstag, den 10.02.2015, 12:35 + schrieb Kevin Chadwick:
> On Tue, 10 Feb 2015 10:55:53 +0100
> Reyk Floeter wrote:
>
> > The standardized attempts to add authentication to NTP are a) fairly
> > horrible (ASN.1 etc.) and b) rarely deployed.
>
> When ntpd acts as a server, could the packag
* Kevin Chadwick [2015-02-10 13:14]:
> On Tue, 10 Feb 2015 10:55:53 +0100
> Reyk Floeter wrote:
> > The standardized attempts to add authentication to NTP are a) fairly
> > horrible (ASN.1 etc.) and b) rarely deployed.
> When ntpd acts as a server, could the package signing code be of use
> with n
On Tue, 10 Feb 2015 10:55:53 +0100
Reyk Floeter wrote:
> The standardized attempts to add authentication to NTP are a) fairly
> horrible (ASN.1 etc.) and b) rarely deployed.
When ntpd acts as a server, could the package signing code be of use
with ntpd keys?
On 2015/02/10 12:32, Reyk Floeter wrote:
> Let me share the answer to a question that I got in a private mail:
>
> > On Tue, Feb 10, 2015 at 10:55:53AM +0100, Reyk Floeter wrote:
> >> ---snip---
> >> servers pool.ntp.org
> >> constraints from "https://www.google.com/search?q=openntpd";
Cue google
Let me share the answer to a question that I got in a private mail:
> On Tue, Feb 10, 2015 at 10:55:53AM +0100, Reyk Floeter wrote:
>> ---snip---
>> servers pool.ntp.org
>> constraints from "https://www.google.com/search?q=openntpd";
>> constraints from www.twitter.com
>> constraint from www.apple
Well.. there are issues with that both if you require libraries, and
are not certain how the other stuff works. In short, we
have to be a lot more careful than this and we can't depend on
external libraries.
Ideally, for us to deal with this we'd need an decent AIX running
machine with OS and comp
On 2015-02-10 9:55 AM, Bob Beck wrote:
The way to get attention around here is show diffs :)
On Tue, Feb 10, 2015 at 12:51 AM, aixtools wrote:
L.S.,
Trying for a bit over a week to gt a response re: libressl.
1) If you have a established mailing-list for libressl - I did not find it.
That of
Hi!
Theo, Henning, and me developed an idea to utilize TLS in some way for
authenticated time in ntpd(8). We are not intending to use it as a
direct time source, but as a "constraint" to verify the NTP responses.
I came up with an implementation that has been designed to be an
optional, non-intru
On Tue, Feb 10, 2015 at 5:05 AM, Ted Unangst wrote:
> Sebastian's emails don't make it to the list, but in the interest of
> transparency and not hiding any secrets about OpenBSD's security, I'm
> forwarding it along as requested.
Uff. Another one who forgot to get his meds...
Ciao!
David
> Seb
The way to get attention around here is show diffs :)
On Tue, Feb 10, 2015 at 12:51 AM, aixtools wrote:
> L.S.,
>
> Trying for a bit over a week to gt a response re: libressl.
>
> 1) If you have a established mailing-list for libressl - I did not find it.
> That of course says something about me
25 matches
Mail list logo
