On Sat, Dec 23, 2006 at 10:12:19AM -0500, Steven M. Bellovin wrote:
>
> Hmm -- ok.  There's a fair chance I'm going to stick with the fdisk
> partition anyway, to let me boot FreeBSD in native mode, but I'll see.
> (FreeBSD has better IPMI support; if I need to get at it at that level,
> I'd need FreeBSD.  Hmm -- I wonder.  I can assign the PCI ports to the
> FreeBSD domU; maybe that would work.  Hmm...  (The right solution is
> for me to port the FreeBSD driver to NetBSD, but I'm not sure I'll have
> time to do that before putting the machine into production.))

I've said it before, and I'll say it again: the right solution, as
regards IPMI, is to *not use it*.  The litany of security holes in IPMI
implementations has been truly scary and I expect to see more as it is
used more.

-- 
Thor Lancelot Simon	                               tls@rek.tjls.com
  "All of my opinions are consistent, but I cannot present them all
   at once."	-Jean-Jacques Rousseau, On The Social Contract