Re: Adding encryption support to vi(1)
I live in NJ. Should I be this paranoid, that every file I edit should be encrypted? Who has time for this type of craziness? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: andrew fabbro Sent: Friday, December 26, 2014 1:25 AM To: misc@openbsd.org Subject: Adding encryption support to vi(1) vim (in ports) offers an encryption option ( http://vimdoc.sourceforge.net/htmldoc/editing.html#encryption) Invoking vim with -x prompts for a key and then encrypts the file on save. It appears to do the right thing as far as encrypting the .swp (temporary recovery) file as well. If you later edit the file (without the -x option) it will detect the file is encrypted based on a magic it prepends and prompt for a key. Unfortunately, by default vim uses the 'zip' algorithm which is quite insecure, though you can optionally specify blowfish as your preferred algorithm. The nice thing about this versus a gpg decrypt/edit/re-encrypt cycle is that you don't have an unencrypted file temporarily lying around (or an unencrypted vi-recover file for that matter). I'm wondering if there is any interest in adding this feature to vi(1) given OpenBSD's interest in integrated crypto? Unfortunately, as a US citizen/resident, it's not clear to me that I would be able to contribute code (beyond an implementation that uses the zip algorithm) so it is probably a moot point unless one of the devs is interested but...I figured there was no harm in mentioning it. -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Re: OT:Password strength
I get why network admins and CIO types live and breath security and hardened passwords, but the average user has gone mad. I like leading alpha characters in combination with an old phone number, with a few non-alpha characters, leading and trailing. Thus a password that I can remember, but not something easy to guess. Example: I worked at Empire Blue Cross 20 years ago. My phone was x3699. 212 476 3699. Thus say, =EmpBC3699& would be fairly good, and I could recall it without writing it down. One could say that 3699 is too easy, perhaps, buts its a quick example of a easy analog way to create a password which is ok, and easy to remember. Original Message From: Ted Unangst Sent: Sunday, November 30, 2014 4:21 PM To: thornton.rich...@gmail.com Cc: Eric Furman; OpenBSD Misc Subject: Re: OT:Password strength On Sun, Nov 30, 2014 at 15:37, thornton.rich...@gmail.com wrote: > Where do you store these passwords? On a napkin? Wherever you like. A shorter password with all the o's turned into 0's is hardly more secure.
Re: OT:Password strength
Where do you store these passwords? On a napkin? Original Message From: Ted Unangst Sent: Sunday, November 30, 2014 3:21 PM To: Eric Furman Cc: OpenBSD Misc Subject: Re: OT:Password strength On Sat, Nov 29, 2014 at 22:07, Eric Furman wrote: > OFF TOPIC. This has nothing to do with OpenBSD, > but a lot of guys here know about this stuff. > I've done some reading, but still not sure. > OK, at the risk of looking stupid,which of these passwords is better; > kMH65?&3 > or > mylittlelambjumpedovertenredbarns I think it's a mistake to reverse a password into entropy. If your pool of possible passwords is sentences from common nursery rhymes, for example, they may look awesome but in reality there are only a few thousand possibilities. Instead, pick a generating algorithm. It can be random letters, random symbols, whatever. Random words. Random fake words consisting of alternating consonants and vowels. You know how big the search space is for each "atom". Divide desired password strength (e.g. 64 bits) by bits per atom to determine required number of atoms. For the consonant/vowel example, here's a luajit script that makes passwords. Even though they are all lower case, they are at least 64 bits "hard". local letters = { "c", "k", "t", "tr", "rt", "p", "pr", "d", "v", "n", "l", "nd", "z", "g", "th", "s" } local vowels = { "a", "e", "i", "o", "u", "y", "oo", "ee" } local letterbits = 4 local vowelbits = 3 local wantedbits = 64 local bits = 0 local ffi = require "ffi" ffi.cdef[[uint32_t arc4random_uniform(uint32_t);]] local function rand(max) return ffi.C.arc4random_uniform(max) + 1 end local atoms = { } while bits < wantedbits do table.insert(atoms, letters[rand(16)]) table.insert(atoms, vowels[rand(8)]) bits = bits + letterbits + vowelbits end print(table.concat(atoms)) Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka
Re: Sorry OpenBSD people, been a bit busy
I love OpenBSD, seriously, and developers of it are clearly geniuses. And any chance I get I promote it. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Scott McEachernSent: Tuesday, October 8, 2013 7:17 PMTo: misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been a bit busy On 10/08/13 17:38, Richard Thornton wrote: > I am not flippant enough to say that the NSA revelations do not matter, > but what are we supposed to do? The Middle Eastern terrorism threat is > real and we need to be able to stop them anyway necessary. > > All it takes is one of them to hit every Walmart in the neighborhood, > buy every pay-as-you-go phone they have, then pass them out to their > friends in every Mosque. Now you have a new terrorism threat. So, > welcome to the real world my friend, and wake up. Seriously, after everything I've said so far (I see you just replied privately to my most recent post), you're suggesting that *I* wake up to the real world? I suggest you take that message to the ignorant, complacent, apathetic masses. Please. Take a look at the prime-time TV lineup on the major US networks, and the "cable" stations like Showcase, HBO, etc. What are their plots mostly focussed on? Terrorism. Top-rated shows like NCIS, NCIS: LA, and the like: Terrorism. My point is that the media is feeding the viewers a non-stop diet of potential terrorist plots. It's ridiculously pervasive, and the fear is taking over peoples' minds. Why do you think Bruce Schneier calls the TSA's actions "security theatre"? They're reactive, not proactive. Maybe the NSA/CIA/FBI are trying to be proactive, but what's their track record? The intelligence agencies each had a piece of the 9/11 puzzle. Due to infighting and protecting their respective turf, they didn't share information, and 9/11 happened. Hindsight is 20/20, but it was revealed that if they had only cooperated, 9/11 could have been prevented. Look at the Boston bombings. The FBI received intel from the Russians, of all people, beforehand that the two brothers were up to something. How did that work out for them? The Times Square bomber was stopped by a curious NYPD cop, not an three-letter agency. How about those US soldiers that converted to Islam, raising red flags with their unusual behaviour and behavioural changes, going on shooting rampages? How did the FBI do there? Maybe they have foiled attacks, but you'd think they'd be shouting that from the rooftops saying, "Look! We're doing good! Our Billion dollar budgets are justified!" People know about PRISM now, but even if they wanted to keep the source of their intel under wraps, I'm sure they could find a way to "parallel construct" a plausible explanation without revealing too much. Like you said in a fresh post, maybe the NSA was helpful in stopping the potential attacks on Toronto and various rail lines. Who knows. Read my previous paragraph again. And for the record, both you and Ze Loff should stick to facts and rational discussion. Bigots and morons are best defeated with those, and they'll show their true colours, debasing their own opinions. There's no need for insults and ad hominem attacks. You feel that Snowden is "quite the jerk"? You're entitled to that opinion, but there are a great many people, myself included, that think he is a hero for exposing blantant lies and violations of the law and constitution. Snowden, and some other previous NSA employees, saw the insanity of this, and the future of it. They were appalled, and went public. They are heroes. Privately, you casually dismissed Wolf as "another blow hard", "the liberal version of Ann Coulter". Maybe so, but attacking her personally does not negate the validity of her points. Watch the video, and think about it with an open mind, if you can. You asked, "What are we supposed to do?" There are no easy answers here. I fully realize that there are shades of grey involved. But you aren't looking at the thin end of the wedge; we've long passed that point, and you are ceding your rights to allow it to not only continue, but to expand. Remeber what Ben Franklin said: "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." His point in that quote speaks directly to the nature of government. It hasn't changed since then. Government will take a mile when you give them an inch. You've probably heard the glib comments that more people in the US have died from choking on fishbones/car accidents/etc. in the last 12 years than have died from terrorism. But at what price, both financially (military spending) and in terms of rights in a growing surveillance state? Where does it end, and what is the logical conclusion? I just don't have the answers, but I can repeat the suggestions of Bruce Schneier: Trust the math. Trust the crypto. Be careful with the implementation. The NSA isn't so much working on breaking the crypto (for now), as they are attacking the e
Re: Sorry OpenBSD people, been a bit busy
I used to work at empire blue cross. I had many friends who worked in the Trade Towers.I lived for a time in Battery Park nearby.So go to hell asshole, the USA will neverLet another 9/11 happen again, And Snowden is quite the jerk. These guys were recently planning attacks on Toronto as a matter of fact and were discovered in time, maybe thanks to the NSA. So sit in your tea house pouring over your netbook,Fuckin around, and hide. And go to hell. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Zé LoffSent: Tuesday, October 8, 2013 6:08 PMTo: Richard ThorntonCc: Scott McEachern; misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been a bit busy > The Middle Eastern terrorism threat is > real and we need to be able to stop them anyway necessary. > > All it takes is one of them to hit every Walmart in the neighborhood, > buy every pay-as-you-go phone they have, then pass them out to their > friends in every Mosque. Well fuck you and your fucking stereotypes, you fucking bigot. And thank you for validating the quote on Scott's signature, btw.
Re: Claws-mail frequently dumps core on 5.3R
I have experienced same behaviour, on sparc, openbsd, version 5.3, kernel #40. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Stefan WollnySent: Saturday, September 28, 2013 6:20 PMTo: Stefan WollnyCc: Erwin Geerdink; OpenBSDSubject: Re: Claws-mail frequently dumps core on 5.3R -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Sun, 5 May 2013 15:12:07 +0200 schrieb Stefan Wollny : > On Sat, 4 May 2013 21:18:35 +0200 > Erwin Geerdink wrote: > > > Hi, > > > > Since I upgraded to OpenBSD 5.3 Release (following the upgrade guide > > on the website), I have experienced the following problem with > > claws-mail v3.8.1: Every time I try to fetch mail, a dialog 'Changed > > SSL certificate' pops up, for each of my mailboxes. No matter if I > > choose 'Cancel connection' or 'Accept and Save certificates', both > > frequently result in a core dump. > > Even when claws does not crash, the certs are not properly saved, > > for the dialog shows up every subsequent fetch. The SSL certs are > > stored to disk (~/.claws-mail/certs/), but information about owner > > and signer is ''. > > > > Core dumps also occur when sending mail. > > As you understand, this makes usage quite a pain. > > > > Does anyone experience this issue as well? > Hi Erwin, > Hi misc@! > > I do experience this behaviour as well - as of this morning I use the > latest 5.3-current (#148) and claws-mail hasn't crashed for an hour. > Yet it keeps complaining about the SSL certs being changed. > > I just did a fresh install of my system based on 5.3-current (#147). > > The ./claws-mail/certs folder has permissions 700 while the certs > within have 644 - I have no idea if this has an effect on claws-mail. > > If I can help with any other info or testing just drop me a line. > > Cheers, > STEFAN > > OpenBSD 5.3-current (GENERIC.MP) #148: Tue Apr 30 11:41:58 MDT 2013 > t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP > cpu0: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz ("GenuineIntel" > 686-class) 1.83 GHz cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI, MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,PERF > real mem = 3219517440 (3070MB) avail mem = 3155484672 (3009MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 08/27/09, BIOS32 rev. 0 @ > 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO > version "79ETE5WW (2.25 )" date 08/27/2009 bios0: LENOVO 200855G > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT > SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) > DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) > USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, > 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT > compat cpu0 at mainbus0: apid 0 (boot processor) > cpu0: apic clock running at 166MHz > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz ("GenuineIntel" > 686-class) 1.83 GHz cpu1: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI, MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,PERF > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins > ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at > acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (AGP_) > acpiprt2 at acpi0: bus 2 (EXP0) > acpiprt3 at acpi0: bus 3 (EXP1) > acpiprt4 at acpi0: bus 4 (EXP2) > acpiprt5 at acpi0: bus 12 (EXP3) > acpiprt6 at acpi0: bus 21 (PCI1) > acpicpu0 at acpi0: C2, C1, PSS > acpicpu1 at acpi0: C2, C1, PSS > acpipwrres0 at acpi0: PUBS > acpitz0 at acpi0: critical temperature is 127 degC > acpitz1 at acpi0: critical temperature is 99 degC > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > acpibat0 at acpi0: BAT0 model "92P1139" serial 6480 type LION oem > "Panasonic" acpibat1 at acpi0: BAT1 not present > acpiac0 at acpi0: AC unit online > acpithinkpad0 at acpi0 > acpidock0 at acpi0: GDCK not docked (0) > bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 > 0xdc000/0x4000! 0xe/0x1! cpu0: Enhanced SpeedStep 1829 MHz: > speeds: 1833, 1333, 1000 MHz pci0 at mainbus0 bus 0: configuration > mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev > 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: > apic 1 int 16 pci1 at ppb0 bus 1 > vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility X1300 M52-64" rev > 0x00 radeondrm0 at vga1: apic 1 int 16 > drm0 at radeondrm0 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: > msi azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using > Analog Devices AD1981HD audio0 at azal
Re: Verified OS concerns
Interesting thread... Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: josef.winger@email.deSent: Thursday, September 19, 2013 4:30 PMTo: misc@openbsd.orgSubject: Verified OS concerns Does OpenBSD plan to varify its (main) components, to reach the level of zero-bug software? If not, isn't there any concern that (future) varified OS will render OBSD redundant one day? /jo
Re: general ports question
Ok, thanks for the help. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Marc EspieSent: Wednesday, September 18, 2013 6:24 PMTo: Richard ThorntonReply To: espie@nerim.netCc: OpenBSD general usage listSubject: Re: general ports question On Wed, Sep 18, 2013 at 06:16:20PM -0400, Richard Thornton wrote: > So if one has a 5.3 release system running, but finds a desired package in > say 5.1, will pkg_add work on this, assuming I adjust the PKG_PATH to point > to a 5.1 package folder? Or will doing this cause other instabilities? The dependency mechanisms in pkg_add apply to the library of the base system. Meaning that if you manage to install a package from 5.1 on a "pure" 5.3 machine, your package has *no* dependency at all on any shared library whatsoever from the base system. So, yeah, you can install the books from 5.1. And some of the fonts. That's about it.
Re: Feedback about Desktop Environments
Definitely XFCE 4.10. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: James GriffinSent: Monday, September 16, 2013 6:20 AMTo: misc@openbsd.orgSubject: Feedback about Desktop Environments I need to install a Dektop Environment for my partner. I thought about KDE or xfce, i've tried neither on OpenBSD before. Which of the 3 main main DE's (gnome, KDE, XFCE) do you feel work best on OpenBSD. I would need things like removable media mounting from within the graphical environment, good sound support and multimedia applications. Any advice would be helpful from those using any of these Desktop's. I thought i'd ask on this list before installing loads of packages. Cheers, Jamie.
Re: Compiling BOINC/Seti Home for OpenBSD 5.3 Sparc64
You are right. I am using a virtual installation right now until I figure it all out. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Daniel OuelletSent: Thursday, August 29, 2013 6:19 PMTo: misc@openbsd.orgSubject: Re: Compiling BOINC/Seti Home for OpenBSD 5.3 Sparc64 On 8/29/2013 4:15 PM, Alexey E. Suslikov wrote: > Christian Weisgerber mips.inka.de> writes: > >> Richard Thornton gmail.com> wrote: >> >>> My Sun Blade 100, has a fresh install of 5.3, and its very good, much >>> better than 5.1; XFCE is very stable and R is much better than prior >>> ports. you guys did a great job! Now this computer sits running actively, >>> with nothing to do! >> >> Use apm -L or -C and save 10 W. > > Wonder why keep running something doing nothing ;) > Still happily married I see. (:>
Re: user can not shutdown PC in xfce
When I want to shut down, I use on/off switch. No permissions needed. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: James GriffinSent: Friday, August 30, 2013 6:00 AMTo: misc@openbsd.orgSubject: Re: user can not shutdown PC in xfce !-- On Fri 30.Aug'13 at 9:08:05 BST, Fung (fungm...@qq.com), wrote: > -- Original -- > From: "Tomas Bodzar"; > > On Tue, Aug 27, 2013 at 2:34 PM, Fung wrote: > > > 1. root login xfce can shutdown the pc smoothly using mouse. > > 2. other user in xfce can not shutdown the pc, why? > > > > # visudo > > ... > > %wheel ALL=(ALL) SETENV: ALL > > share ALL=NOPASSWD: /usr/local/lib/xfce4/session/xfsm-shutdown-helper > > ... > > > > # id share > > uid=1000(share) gid=1000(share) groups=1000(share), 0(wheel) > > > > > > # sysctl kern.version > > kern.version=OpenBSD 5.4-current (GENERIC.MP) #48: Sat Aug 24 20:31:41 > > MDT 2013 > > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP > > > > > > # cat /usr/local/share/doc/pkg-readmes/xfce-4.10p0 > > said > > Logging out and shutting down the computer > > == > > If your installation supports complete shutdown, clicking on the logout > > button on panel will permit you to either logout, rebooting or halt > > the computer, provided you have the needed sudo credentials. > > If you don't want to have to enter your password, simply add this line > > to the /etc/sudoers file using visudo: > > $your_username ALL=NOPASSWD: > > /usr/local/lib/xfce4/session/xfsm-shutdown-helper > > == > > > > are you in operator group? ;-) > > $ ls -l /sbin/shutdown > -r-sr-x--- 1 root operator 222416 Aug 20 00:46 /sbin/shutdown > $ > > . > > > hi, tomas, > > Shutdown in xfce not work with operator group . > > BTW, from terminal , user share can halt -p/ shutdown the system. > You could use a better Window Manager/Desktop. The cwm in base is excellent. Also, fvwm2 in packages is excellent (I use that one), so are some tiling WM's, like dwm and spectrwm. -- James Griffin: jmz at kontrol.kode5.net A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38