Re: man.openbsd.org failure?

On Thu, 21 Dec 2023 21:22:49 -0500, Dave Anderson wrote: > Safari isn’t providing much useful information, but starting today > I’m consistently getting a “server stopped responding” error when > trying to access the online man pages at man.openbsd.org. > www.openbsd.org is working fine. Yes,

Re: non-hardware 2fa options for openssh

On Tue, 29 Aug 2023 13:18:53 -0400, Dave Voutila wrote: > > You can also want to look at sysutils/login_oath (which I've been > > using for years), but maybe for new setups, the login_totp from > > base makes more sense. > > > > login_totp is in base? Wow, I was sure

Re: non-hardware 2fa options for openssh

On Tue, 29 Aug 2023 10:07:18 -0500, "myml...@gmx.com" wrote: > Hi All, > > I want to secure an openssh server with two factor authentication and > have seen the hardware token methods, most recently i've been seeing > yubi/FIDO methods. > > Ideally I would like to avoid having to depend on a

Re: Recommended place to store static arp entries

On Tue, 28 Feb 2023 14:35:18 +0100, Claudio Jeker wrote: > To be honest I never had the need to store static arp entries. So for > me the best place is /dev/null. Not op, but I have such a need: I own an wifi AP which tends to not being able to let arp pass, in one direction. All the rest is

Re: hostnames in syslogd

On Mon, 25 Apr 2022 14:27:19 -0400, "Sven F." wrote: > Moreover just like -h send the hostname , in a SSL setup it would be > useful to log the CN of the client certificat , with -i maybe, > since it is a strong ID sorting logs with that feels more reliable > than ip, or modified hostnames. > >

Re: time drift in OpenBSD in proxmox (qemu-kvm) guest

On Thu, 14 Apr 2022 23:47:42 +0200, Stefan Sperling wrote: > > $ sysctl kern.timecounter > > kern.timecounter.tick=1 > > kern.timecounter.timestepwarnings=0 > > kern.timecounter.hardware=pvclock0 > > kern.timecounter.choice=i8254(0) pvclock0(1500) acpihpet0(1000) > > acpitimer0(1000) > > > >

Re: Must interface unit numbers start with 0?

On Fri, 22 Oct 2021 19:13:18 -0400, "Allan Streib" wrote: > can I name the interface vlan101 Yes you can. I've a machine where there's only vlan206. Cheers, Daniel

Re: 7.0 upgrade dmesg confusion

On Fri, 15 Oct 2021 20:09:16 -0400, Jon Fineman wrote: > I was preparing the dmesg to send off and I noticed it looks like the > old message from 6.9. How could that occur? What did I miss? >From dmesg(8): On some systems the message buffer can survive reboot and be retained (in the hope

Re: IPv6: how to trigger script when address prefix changes?

On Thu, 7 Oct 2021 02:52:13 +0200, Mike Fischer wrote: > Would a IPv6 address prefix change be something the hotplug(4) / > hotplugd(8) mechanism would see? It would rather be ifstated(8), but I don't think so. I've never looked into this, but if I were, I would check the route(8) monitor

Re: ssh authlog: Failed none for invalid user

On Mon, 9 Aug 2021 14:52:40 -0700, Jordan Geoghegan wrote: > Hello, > > I was hoping somebody could set me straight here. On one of my > machines I have a number of entries in my /var/log/authlog file that > look like this: > >     Failed none for invalid user admin from 14.239.50.255 port

Re: SSL issue on 6.8 arm64 when upgrading to 6.9

On Fri, 18 Jun 2021 23:21:40 -0300, "Nenhum_de_Nos" wrote: > TLS handshake failure: handshake failed: error:1404B410:SSL > routines:ST_CONNECT:sslv3 alert handshake failure > > is also present when I try to install any package on 6.8. I looked > for it over google and found no clues, just one

Re: nc(1) fails the tls handshake when destination ends with a full stop

On Sun, 30 May 2021 19:55:42 +0200, Theo Buehler wrote: > On Sun, May 30, 2021 at 01:43:54PM -0400, Daniel Jakots wrote: > > On Sun, 30 May 2021 17:45:22 +0200, Theo Buehler > > wrote: > > > > > Unsure. If people really think this is useful and necessary, I >

Re: nc(1) fails the tls handshake when destination ends with a full stop

On Sun, 30 May 2021 17:45:22 +0200, Theo Buehler wrote: > Unsure. If people really think this is useful and necessary, I can be > convinced. It's easy enough to do. And you're right, curl strips the > trailing dot after resolving a host name for SNI and HTTP host header. Given the current error

nc(1) fails the tls handshake when destination ends with a full stop

Hi, $ nc -zvc openbsd.org 443 # works as expected Connection to openbsd.org (129.128.5.194) 443 port [tcp/https] succeeded! TLS handshake negotiated TLSv1.3/AEAD-AES256-GCM-SHA384 with host openbsd.org [...] $ nc -zvc openbsd.org. 443 # fails Connection to openbsd.org. (129.128.5.194) 443 port

Re: Openbsd 6.9 Default gateway

On Sat, 8 May 2021 02:37:41 +0300, Irshad Sulaiman wrote: > Thank you for the reply > > > I could do by > Delete and adding route with route command manually > But is there any better way to do this If you used the same network both on wired and wireless, you could use a

Re: blacklistd analogue

On Thu, 25 Mar 2021 19:00:52 +0200, Kapetanakis Giannis wrote: > How about a distributed setup? > > Has anyone thought of a way getting IPs from various servers (say > linux & fail2ban) to the central OpenBSD (pf) firewall? > > Ideally with history in order to punish more the frequent abusers.

Re: Protecting entire LAN subnet with Wiregaurd

On Sun, 21 Mar 2021 23:49:37 -0400, Daniel Jakots wrote: > On Mon, 22 Mar 2021 14:34:00 +1100, Antonino Sidoti > wrote: > > > I am confused on how to force all lan clients in my home network to > > use wireguard tunnel via local firewall. Do I need to add routes and

Re: Protecting entire LAN subnet with Wiregaurd

On Mon, 22 Mar 2021 14:34:00 +1100, Antonino Sidoti wrote: > I am confused on how to force all lan clients in my home network to > use wireguard tunnel via local firewall. Do I need to add routes and > if so how do I do this on my local firewall if the public IP is > dynamic and the default

Re: What determines source IP of traffic from OpenBSD box ?

On Fri, 26 Feb 2021 11:53:40 +0100 (CET), Rachel Roch wrote: > Let's say I'm running "pkg_add -u" on a OpenBSD-based router with > multiple interfaces. > > What determines the source IP ? On -current there is route [-T rtable] sourceaddr [-inet|-inet6] [address] route [-T rtable]

Re: rdsetroot and gzip'd bsd.rd

On Tue, 2 Feb 2021 15:29:12 +0100, Sebastien Marie wrote: > On Mon, Feb 01, 2021 at 08:30:17PM -0500, Daniel Jakots wrote: > > On Mon, 01 Feb 2021 18:18:43 -0700, "Theo de Raadt" > > wrote: > > > > > Should rdsetroot be able to edit

Re: rdsetroot and gzip'd bsd.rd

On Mon, 01 Feb 2021 18:18:43 -0700, "Theo de Raadt" wrote: > Should rdsetroot be able to edit gzip'd files? I am not sure about > that. Yeah, I don't think so either. gzip(1) can be easily used to uncompress it beforehand. But the result is still that rdsetroot on -current is not able to

rdsetroot and gzip'd bsd.rd

Hi, Running -current amd64, I fetched a -current amd64 bsd.rd, then run $ rdsetroot -x bsd.rd ramdisk rdsetroot: bsd.rd: not an elf I didn't expect that, so I run file on it which said bsd.rd: gzip compressed data, max compression, from Unix I naively tried to gunzip it: $ mv bsd.rd bsd.rd.gz

SIOCSIFPARENT SIOCAIFADDR SIOCSIFFLAGS in bsd.rd

Hi, I upgraded my APU2 on 2021-01-16 and I have this in the upgrade log email: Terminal type? [vt220] vt220 Available disks are: sd0. Which disk is the root disk? ('?' for details) [sd0] sd0 Checking root filesystem (fsck -fp /dev/sd0a)... OK. Mounting root filesystem (mount -o ro /dev/sd0a

Re: Managed to mess up the system encrypted disk. I can no longer boot.

On Wed, 27 Jan 2021 11:31:13 -0500, Ashton Fagg wrote: > Do you want "rm -rf /" to hold your hand also? As a matter of fact, it does :) https://github.com/openbsd/src/commit/c11d908c7069eb03d103482ce1d0227f3d47b349

Re: Website - Missing kstat man page

On Sat, 2 Jan 2021 22:57:06 -0500, tiredtech wrote: > I came across a broken link during some pre-install research. > > While browsing URL https://www.openbsd.org/68.html, > I noticed URL link on the webpage for kstat(1) generates > a "No results found." message when pointing to its man page: >

Re: Wireguard

On Mon, 28 Dec 2020 21:17:42 +, Peter Fraser wrote: > This is my first attempt to set up wireguard, and of course I can't > get it to work. > > The wg man page shows "ifconfig wgN debug" as an option to help > debugging. The man page for ifconfig does document the option. > Nor does the man

Re: Enhancing Privacy in 2020 attached screenshot

On Wed, 16 Dec 2020 22:55:17 +, pipus wrote: > haha Stuart. > Always there to make a low IQ entrance :) > Would you be more receptive if it was made by Linus and used Linux I > wonder... ? Try not to be to childish was just a bit of excitement > over something we have been waiting for for

Re: Switching from trunk(4) to aggr(4)

On Wed, 16 Dec 2020 15:04:36 +1000, David Gwynne wrote: > By default LACP only sends packets every 30 seconds. Did you run > tcpdump for long enough to make sure you saw at least one? If you get > rid of "-D in" do you see the LACP packets that OpenBSD is > transmitting? You were right, I

Re: Switching from trunk(4) to aggr(4)

On Tue, 15 Dec 2020 14:30:16 +1000, David Gwynne wrote: > Can you try tcpdump -p -veni em0 -D in and see if any LACP packets > appear to come in on the port? If not, can you remove the -p and see > if em0 starts to work? > > There are two main differences between how aggr(4) and trunk(4) >

Re: Switching from trunk(4) to aggr(4)

On Mon, 14 Dec 2020 09:26:36 - (UTC), Stuart Henderson wrote: > >> What does the lacp status look like on the switch? (or does it just > >> say 'up' or something and not really have any status?) > > > > It doesn't say anything about the lacp, it just says the individual > > ports are going

Re: Switching from trunk(4) to aggr(4)

On Mon, 14 Dec 2020 08:23:15 +0100, Hrvoje Popovski wrote: > maybe to put debug in hostname.aggr0 then destroy it and then sh > netstart aggr0 ? Indeed, making hostname.aggr0: debug trunkport em0 trunkport em1 trunkport em2 up made the debug appear, thanks! Daniel

Re: Switching from trunk(4) to aggr(4)

On Sun, 13 Dec 2020 20:34:35 - (UTC), Stuart Henderson wrote: > On 2020-12-12, Daniel Jakots wrote: > > I've been using a LACP trunk on my apu (with the three em(4)). On > > top of which I have some vlans. I've been doing that for years and > > it's working fin

Re: Switching from trunk(4) to aggr(4)

On Sun, 13 Dec 2020 11:00:32 +0100, livio wrote: > # cat /etc/hostname.aggr0 > trunkport em1 trunkport em2 trunkport em3 lacpmode active lacptimeout > slow description "i_data" > up I just tried adding "lacpmode active lacptimeout slow" in case ifconfig(8) was lying and they were not the

Switching from trunk(4) to aggr(4)

Hi, I've been using a LACP trunk on my apu (with the three em(4)). On top of which I have some vlans. I've been doing that for years and it's working fine. I thought about using aggr(4) instead (for no real reason). But the aggr interface stays in "status: no carrier". What I did is, I replaced

Re: Following the upgrade to 6.8, sshguard is reporting that it fails to start

On Wed, 28 Oct 2020 16:53:03 -0500, Todd wrote: > Following the upgrade to 6.8, rcctl is reporting that sshguard fails > to start. > > rcctl check sshguard > sshguard(failed) > [...] > apu$ rcctl get sshguard > > > sshguard_class=daemon > sshguard_flags=-l

Re: ssl/libssl certificate validation broken?

On Thu, 22 Oct 2020 21:49:20 -0500, "Rafael Possamai" wrote: > >Hi Bob, it was in the middle of the night and I got quite kinda > >stressed because all services depending on our ldap proxy stopped > >working after the upgrade and it took me a while to figure the > >problem out. > > Perhaps

Re: Approved way to update installed ports after system upgrade?

On Tue, 20 Oct 2020 17:32:48 -0700, Andrew Robertson wrote: > What's the standard way to upgrade installed ports after a system > upgrade? > > > I've been trying to figure out how to do this properly, and it > doesn't seem to > > have any mention in the FAQ. Thanks in advance. > "Finish up

Re: ideas needed for password management

On Thu, 24 Sep 2020 09:29:37 -0400 (EDT), ben wrote: > You don't. Pass is a password manager. It stores passwords for later > use. Indeed. So how is pass relevant to OP's problem?

Re: ideas needed for password management

On Thu, 24 Sep 2020 08:56:01 -0400 (EDT), ben wrote: > The pass program for most UNIX based operating systems > should be available. I'm pretty sure on OpenBSD it's > under a different name, so query for package names > with 'pass' in them. Out of curiosity, how do you interface

Re: pf, send(2) and EACCES

On Fri, 28 Aug 2020 22:33:30 +0200, Claudio Jeker wrote: > Have a look at the pf(4) stats. especially check if the congestion > counter increases when you see the error. If pf(4) detects a network > congestion then ruleset evaluation is skipped and only state matching > happens. In that case you

Re: pf, send(2) and EACCES

On Fri, 28 Aug 2020 16:06:48 +0200, Sebastien Marie wrote: > - generate lot of postgresql access. from postgresql thread, the > statement seems to be a SELECT, so it would be fine to ran in loop > (hopping no cache and real traffic generated). > > - run pfctl -Treplace in a loop (with a set of

Re: pf, send(2) and EACCES

On Fri, 28 Aug 2020 08:32:59 +0200, Sebastien Marie wrote: > On Thu, Aug 27, 2020 at 03:27:58PM -0400, Daniel Jakots wrote: > > Hi, > > > > I'm chasing a weird behavior with postgresql. Sometimes (it's very > > infrequent) a sql request fails with "could not sen

Re: pf, send(2) and EACCES

On Thu, 27 Aug 2020 16:16:17 -0400, "Sven F." wrote: > pflog0 will tell you what is block if you log it, and can tell you if > it is I would have been surprised otherwise (since normally packets pass) but I looked and there was no log about blocked packet at that time.

pf, send(2) and EACCES

Hi, I'm chasing a weird behavior with postgresql. Sometimes (it's very infrequent) a sql request fails with "could not send data to client: Permission denied". I reported the problem on pgsql-general@ [0] and if I understood correctly, this happens when pgsql uses send(2) and gets EACCES.

Re: gcc not on new OpenBSD 6.7 machine, clang problems

On Mon, 17 Aug 2020 12:05:05 -0700, "Whiskey T." wrote: > Incidentally, I need it to compile opendkim. I couldn't make clang > compile it: Why don't you use the port/package?

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

On Tue, 21 Jul 2020 19:35:17 +0200, Peter Nicolai Mathias Hansteen wrote: > pfctl -vnf pf.conf oh indeed it says pass out log on vlan10 proto tcp all flags S/SA modulate state (if-bound) but I understood why my pflow setup still works: it takes the flow from the internal interfaces :)

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

On Tue, 21 Jul 2020 18:52:40 +0200, Peter Nicolai Mathias Hansteen wrote: > > 21. jul. 2020 kl. 17:42 skrev marfabastewart > > : > > > > pf.conf set state-defaults pflow seemingly not exporting traffic > > > > My money is on state-defaults working and I just am doing something > > wrong, but I

Re: Unbound Configuration

On Fri, 10 Jul 2020 21:21:00 +, wrote: > Can anybody help me out with the *simplest possible* unbound.conf > file, just to get it working??? The default config should be fine. Also posting to multiple mailing lists at the same time is considered a bad practice. Cheers, Daniel

Re: Hardware Random Number Generators (RNG)

On Thu, 09 Jul 2020 16:35:13 -0600, "Theo de Raadt" wrote: > > PS I think the USB devices are probably a pretty good source of > > true entropy. > > Why do I bother explaining? I'm the maintainer of the openbsd > kernel's randomness code. I say I don't see the point in 1 line of > code to

Re: SSL error wth dovecot + roundcube

On Wed, 8 Jul 2020 23:02:40 -0400, Aisha Tammy wrote: > I can send a diff later but hopefully the maintainer can just add a > small note? Then mailing the maintainer (with or without cc'ing ports@) will increase your chance (vs just mailing misc@) ;)

Re: Relayd with TLS and non-TLS backends - bug

On Fri, 3 Jul 2020 20:25:12 -0400, Brian Brombacher wrote: > My subjective net gain is simplicity, security, performance, and > flexibility. I don't think adding ipsec (or a mesh vpn) into the mix achieve that but ymmv.

Re: Relayd with TLS and non-TLS backends - bug

On Fri, 3 Jul 2020 19:14:17 -0400, Henry Bonath wrote: > Daniel, > > Thanks for taking the time to test this out. > I just reloaded a test machine from scratch with -current and > installed the HAProxy 2.0.15-4f39279 package. > I loaded a very basic config file, and am also seeing the same

Re: Relayd with TLS and non-TLS backends - bug

On Thu, 2 Jul 2020 14:00:48 -0400, Henry Bonath wrote: > Note the missing Client Hello on the 6.7 machine as it jumps to > Application Data straight away. > Configuration files for HAProxy are identical on both systems. > > I'm currently spinning up a machine on -CURRENT just to see if there >

Re: New tool to (quickly) check for available package upgrades

On Tue, 16 Jun 2020 16:59:07 -0400, "Jeremy O'Brien" wrote: > I wrote a quick little tool here: > https://github.com/neutralinsomniac/obsdpkgup in Go to show available > package upgrades from your configured mirror. > > It takes no more than a few seconds (the time it takes to download >

Re: OpenBSD alternatives to Pi-Hole

On Fri, 12 Jun 2020 17:00:56 -0400, George wrote: > On 2020-06-12 3:57 p.m., Daniel Jakots wrote: > > > > I have only one file and it's 4.6M/111246 lines. It takes a while to > > It runs on a APU2C2 (iirc, but it has for sure 2G of ram). > > Wow that seems

Re: OpenBSD alternatives to Pi-Hole

On Fri, 12 Jun 2020 21:51:50 +0200, fRANz wrote: > On Fri, Jun 12, 2020 at 9:35 PM Daniel Jakots wrote: > > > I have a script that fetches the block list and put it in a unbound > > format. It's in a special unbound config file that I include in my > > unbound.conf. Thi

Re: OpenBSD alternatives to Pi-Hole

On Fri, 12 Jun 2020 15:24:46 -0400, George wrote: > Hi guys, > > I am trying to setup a Pi-Hole service, i.e. add blocking based on > empty DNS records zones files, for my local LAN and would like to ask > what people are using on OpenBSD in this role? I have a script that fetches the block

Re: How do I get a list of the files of only installed packages?

On Sun, 7 Jun 2020 21:11:57 +0100, Ottavio Caruso wrote: > Hi, > > "pkg_info -L PACKAGE-NAME" > > will give me a list of all the files within each package, regardless > of whether the package is installed or not. > > How can I restrict the output to only installed packages, making it > fail

Re: Filling a 4TB Disk with Random Data

On Mon, 1 Jun 2020 14:33:44 - (UTC), Christian Weisgerber wrote: > Take care to pick the proper device corresponding to the drive you > want to overwrite. Don't make people miss a good opportunity to test their backups!

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

On Mon, 11 May 2020 17:27:24 +, slackwaree wrote: > I wish if the someone who took the time to make this page at least > would make an antisystemD page instead. I doubt anyone asked you how they should spend their time. > Let's face it how much time that old fart linus has, maybe > COVID

Re: @OpenBSD_CVS Twitter 140char limit?

On Sat, 09 May 2020 19:17:29 +0200, Tommy Nevtelen wrote: > Hi there! > > Does anybody on this list manage @OpenBSD_CVS? Would be nice to lift > the message truncation from the old 140char limit to the new 280char > limit. Super annoying when I can't read an interesting commit message > that is

Re: pf rules vs late pppoe0 setup

On Sun, 26 Apr 2020 13:54:27 +0200, Jan Stary wrote: > Is there a recommended way to deal with this? If I correctly understood your problem, the solution: (from pf.conf(5)) > Host name resolution and interface to address translation are > done at ruleset load-time. When the address of an

Re: Porting Jitsi to OpenBSD

On Fri, 24 Apr 2020 08:25:51 -0400, Aisha Tammy wrote: > Hey all, > I'm hoping to port jitsi and wanted to know if anyone else is already > working on a port so that I don't do work that might be unnecessary. This kind of email should go on ports@. Since misc@ has a very low SNR [1] don't

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

On Tue, 14 Apr 2020 16:05:56 -0400, Raul Miller wrote: > Got any good docs on how to debug (or monitor) D-Bus issues? You're asking help to debug D-Bus on an OpenBSD mailing list? Why don't you bring this sooo interesting discussion off-list?

Re: openbsd.org down?

On Sun, 12 Apr 2020 11:28:21 +0200, Salvatore Cuzzilla wrote: > Can’t reach openbsd.org - planned maintenance? Until the problem is solved (which is known and being worked on), I just forked openbsd/www on github and enabled github pages. You can reach the website at

Re: opensmtpd updates not in OPENBSD_6_6 branch?

On Wed, 08 Apr 2020 20:29:27 + (UTC), Chris Ross wrote: > I updated usr.sbin/smtpd to HEAD, and now get 6.6.4. You're lagging, it's been bumped to 6.7.0 13 hours ago :) https://github.com/openbsd/src/commit/3b6172845ca039729e3ac02040d787f83f9c7250 > If I diff that > dir against the same in

Re: Ports: how to install dependencies from binaries?

On Wed, 8 Apr 2020 13:12:54 +1000, Stuart Longland wrote: > Silly question… how do you install the dependencies of a port from > binaries automatically? https://man.openbsd.org/bsd.port.mk#FETCH_PACKAGES but it doesn't work very reliably, sadly. Cheers, Daniel

Re: opensmtpd updates not in OPENBSD_6_6 branch?

On Tue, 07 Apr 2020 19:05:31 + (UTC), Chris Ross wrote: > Hello all. I am running a OpenBSD 6.6 that I installed late last > year. I was recently trying to make sure I'd updated my smtpd to > 6.6.4, based on earlier security announcement. As I'm running on a > sparc64, syspatch doesn't

Re: error on xfce4 ports build

On Sun, 16 Feb 2020 15:55:51 -0800, Justin Muir wrote: > Any ideas for this error?? It looks like upstream deleted the project. You can still fetch the source code there: https://ftp.osuosl.org/pub/blfs/conglomeration/gtk-xfce-engine/gtk-xfce-engine-3.2.0.tar.bz2 if you put it in

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

On Thu, 2 Jan 2020 19:49:28 +0100, Marc Chantreux wrote: > some endless sterile debates Like this thread, or worse?

sysmerge at scale

Hi, I run a bunch of -current VM and I manage them with ansible. When there's a file that gets updated in src/etc, I check if it matters for me and if it doesn't, I ignore it. Then, eventually I sync the file in my ansible repo with upstream's one. But even then sysmerge keeps nagging me with:

Re: s.th. strange happening?

On Fri, 9 Aug 2019 17:01:13 +0200, Stefan Wollny wrote: > As I never did any changes to 'www/squid/Makefile' the following > irritates me: > > /usr/ports $ doas cvs -q up -Pd -A don't use doas > cvs server: conflict: INDEX is modified but no longer in the > repository > C INDEX rm INDEX >

Re: Host Header Redirection on openbsd.org

On Mon, 5 Aug 2019 05:38:46 -0700, Claus Assmann wrote: > On Mon, Aug 05, 2019, Marc Espie wrote: > > [[...]] the same useless mp4 video. > > Maybe it is/contains an (attempt of an) exploit? > Unlikely since their signature says "Certified Ethical Hacker"

Re: [www] faq/ports/testing.html - adding link for portslogger(1)'s man

On Mon, 29 Jul 2019 22:22:01 +0200, Alex Naumov wrote: > just a small update for the port testing guide ;-) Thanks committed! Daniel

Re: Ansible install Re: Reboot and re-link

On Fri, 21 Jun 2019 20:02:48 +0200, Frank Beuth wrote: > On Wed, Jun 19, 2019 at 11:29:32PM +0200, Maxim Bourmistrov wrote: > >Installing via NOT RECOMMENDED WAY(following upgrade65.html) - > >scripting on steroides (ansible). > > I don't want to re-open the hostilities, but installing

Re: When will be created a great desktop experience for OpenBSD?

On Thu, 23 May 2019 19:51:45 +, "Patrick Harper" wrote: > Our ideas of the setup process aren't equal so I disagree. Can you please stop answering to this useless thread?

Re: influxdb goes "panic:runtime error: index out of range"

On Mon, 8 Apr 2019 13:58:27 +0200, Joel Carnat wrote: > On a fresh influxdb instance in an OpenBSD VM: same issue. On a > fresh influxdb instance in a Linux Ubuntu VM: the error disappears and > the query gets the correct answers. Did you install the exact same influxdb version on Linux? I

Re: authentication methods: how do they work?

On Wed, 27 Mar 2019 12:31:51 -0400, Boris Epstein wrote: > This is a nice piece of code indeed: > > https://github.com/WIZARDISHUNGRY/totp-util > > But I don't see the login_ code there - which would be > helpful if I were to write a login plugin. Do you know where that > code would be? Not

Re: authentication methods: how do they work?

On Wed, 27 Mar 2019 05:34:49 -0400, Boris Epstein wrote: > It is interesting because some people mention combined methods - like > SSL hostkey + some second factor being used just in that fashion: > > https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html > > But based on my experience thus far it

Re: authentication methods: how do they work?

On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein wrote: > Hello listmates, > > Let's say I have the following configured in my /etc/login.conf > > auth-defaults:auth=password,skey,yubikey > > Would that mean either password, or skey, or Yubikey, or should they > all be satisifed? Either.

Re: I am sorry

On Mon, 4 Feb 2019 12:52:48 -0800, Chris Cappuccio wrote: > Leonid Bobrov [mazoc...@disroot.org] wrote: > > Hi, dear OpenBSD community. > > > > Please forgive me for drama I made earlier at mailing list and > > IRC channel. I am not a troll, I promise, I want to contribute to > > OpenBSD in any

Re: Keepassx without gtk

On Mon, 4 Feb 2019 14:39:28 +0300, Isimsiz wrote: > Good day, sirs > Is it possible to install keepassx without gtk+? > For some reason keepassx depends on qt4 and gtk+3 > I use packages. Maybe i need to compile to exclude gtk support or its > impossible at all? I'm not sure what problem you're

Re: does this affect acme-client?

On Mon, 21 Jan 2019 15:18:04 +0100, "Peter J. Philipp" wrote: > Does this affect the acme-client? > > https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 > > Regards, > -peter > To quote the man page "acme-client only implements the

Re: Blocking "shodan.io" - What are my options?

On Tue, 8 Jan 2019 16:07:43 -0800, Misc User wrote: > Doing some work on it the other day, I noticed it opens a pretty big > command injection hole if pfctl doesn't kill the connection before > the connecting source gets a chance to send data. An attacker could > connect to the port and send

Re: install portslist?

On Fri, 14 Dec 2018 15:40:05 +0100, Rudolf Sykora wrote: > Is this expected? What am I doing wrong? You probably have a recent ports tree with old packages. Does `cd /usr/ports/databases/sqlports && make update` help? Cheers, Daniel

Re: cloudflare.cdn.openbsd.org Certificate expired.

If you're not able to refrain from giving your judgment on a situation you don't know the details, please go open a blog or something. misc@ is not the place for it. Thanks, Daniel On Sat, 20 Oct 2018 12:56:21 -0600, "Constantine A. Murenin" wrote: > This is pretty hilarious! > > Apparently,

Re: Rate limiting on UDP with PF

On Wed, 17 Oct 2018 17:59:08 +0200, cont...@jdubois.me wrote: > I am trying to rate limit UDP with Packet Filter. I know there are > rules to rate limit on TCP such as "max number" or "max-src-conn-rate > number / interval" but I did not find anything for UDP. > > I still tried the options with

Re: CVE-2018-15473 ssh user enumeration vulnerability in OpenBSD 6.3

On Tue, 4 Sep 2018 12:05:01 -0500, "Karl O. Pinc" wrote: > Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable > to username existance checking by remote systems. It was already discussed on the list: https://marc.info/?l=openbsd-misc=153512055014488=2 Cheers, Daniel

Re: network connectivity problem (ifconfig, arp, ...)

On Mon, 03 Sep 2018 22:58:49 +0200, Vincent wrote: > I've found an article It's always better to rely on the FAQ rather than on a third party article who may have not kept the information up to date. It's not always possible because not everything is in the FAQ but in this case, it is:

Re: Cloud-Storage & OpenBSD

On Sun, 02 Sep 2018 15:38:40 -0400, Predrag Punosevac wrote: > Dain Bentley wrote: > > > Rclone and a storage provider of choice > > I don't see it in ports. > > https://rclone.org/downloads/ > > seems to be the link to binary blob. Could you give me the link to > source code? It's

Re: Cannot make update on updated ports on a fresh install

On Thu, 16 Aug 2018 23:41:52 +0200 (CEST), wrote: Probably not helping much but > lea@openbsd:/usr/ports/net/curl $ doas make update You shouldn't run this as root if you don't have PORTS_PRIVSEP > On my /etc/mk.conf i have: > SUDO=/usr/bin/doas > WRKOBJDIR=/usr/ports/build/wrkobjdir >

Re: xconsole keeps dieing

On Tue, 17 Jul 2018 17:53:14 -0500, Edgar Pettijohn III wrote: > For some reason xconsole has decided to start seg faulting regularly. > I can't remember how to build X with debugging symbols. Could anyone > give me a quick rundown so I can provide more information. /usr/xenocara/README should

Re: Employers, Jobs and OpenBSD

On Fri, 13 Jul 2018 23:05:09 -0300, Man Hobby wrote: > Hi, > > What is the opinion of employers about OpenBSD? Best Operating System. > There is reason for to learn use OpenBSD to find job? > > If not, why? Learning OpenBSD will make you learn many many many things about Unix systems. > If

Re: /etc/services for MQTT protocol

On Sun, 17 Jun 2018 17:59:56 +0200, gro...@grompf.net wrote: > Hello, > > Here's a tiny diff i used during my MQTT exploration while coupling > some Dyson(tm) stuff with my openbsd homeserver. > > a203 1 > mqtt1883/tcp# MQTT protocol > a285 1 > secure-mqtt

Re: OpenBSD logo on my private hompage. It is allowed?

On Thu, 07 Jun 2018 15:51:24 -0800, justina colmena wrote: > The no-profit clause is new. That's not true. It was added with revision 1.8 date: 2005/03/24 01:31:13; author: deraadt; state: Exp; lines: +4 -3; note do not sell (on github:

Re: py3-qt5

On Thu, 1 Mar 2018 21:40:57 -0500, Z Ero wrote: > Not showing in pip3 --list after installed with pkg_add. Not available > module. Why? > pip and pkg_add are two different package manager. If you run pkg_info, you should see the package list which would mean it's

Re: 5-button wheeled mouse and X

On Sun, 29 Oct 2017 11:37:45 -0400, gwes wrote: > On 10/25/17 07:20, Cág wrote: > > Natasha Kerensikova wrote: > > > >> it started as a bug report: it have a 5-button mouse with a wheel, > >> even though I don't use much the buttons 4 and 5 (I think only for > >> previous and

Re: Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?

On Tue, 24 Oct 2017 16:25:08 -0400, "tec...@protonmail.com" wrote: > It's currently a bit tricky for me getting into the box physically. > If only I had SSH access ha! > > I'm almost 100% certain that returning packets are being routed over > the tun0 (new default route)

Re: regarding the default path for pkg_add in -current

On Wed, 27 Sep 2017 20:57:10 -0600, and...@quickstick.net wrote: > Also, after login, pkg_add is very determined to use to the same > ../6.2/.. directory path. For the benefit of others who might find > themselves in the same spot, the workaround is to use the full path > while using pkg_add.

Re: Packages security updates in -stable

On Sat, 9 Sep 2017 21:16:36 +0200, Lukasz Jendrysik wrote: > Similar situation with Chromium etc. All of those packages exists in > newer versions in -current, but it's not an option in my case. > > I understand that -stable is not place for the latest packages > available

  1   2   >