Re: From the military propaganda department

[Justin Lindberg]

Richard Thornton: Not sorry, not a dude, I do not drink alcohol, and I do not
associate with people like you.  Take your dude problems elsewhere, because
I am not interested.  OpenBSD is the only reason I am here, and I do not like
rubber hoses or the people who try to shove them up my butt.  I don't care what
Theo thinks, either.  It's his operating system, and he can take it or leave it 
or
ignore the spam.  And anyone else can use it under the BSD license.  That's
what he did to NetBSD anyway.  I am going to use whatever software I want
to use as long as it is legal.  Same as anyone else on the mailing list, unless
I get B for some reason, in which case I will find a different mailing list.  
I don't
run the show here, so don't act like I do or I am trying to, because I am not.
I'm not interesting in forkingan operating system or going back to Net- or
FreeBSD, either.  I don't like Linux, either, because the kernel is far too 
bloated,
and I don't like all the spyware, adware, and malware that goes along with it.
I just use OpenBSD as an operating system.  It does not put me in the mood
to party, nor, do I think, is it intended to.  Yet another defense to 
rubber-hose
cryptanalysis is to slice those rubber hoses to ribbons with a sharp razor, and
install a decent burglar alarm with a secure OS.


From: Richard Thornton rich...@thornton.net
To: zx5...@yahoo.com; misc@openbsd.org 
Sent: Monday, May 27, 2013 7:51 PM
Subject: Re: From the military propaganda department



Time to drink a beer and chill out, dude!

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
From: Justin Lindberg
Sent: Saturday, May 25, 2013 2:01 PM
To: misc@openbsd.org
Reply To: Justin Lindberg
Subject: From the military propaganda department 

Excuse the Yahoo address.  That's the best I can do here in the United States
of Amerikkka.  How is life in OpenBSD-land?  The gummint dont trust me when
I use OpenBSD because they don't have a clue what I'm doing when I'm at my
computer.  Even after they've read my code, and obtained all my passwords via
rubber-hose cryptanalysis, and they're sitting at my keyboard staring at the 
hash
prompt, they still don't have a clue what I am doing, and they think the problem
can be solved by the more liberal use of rubber hoses.

Oh, I was writing a letter to my attorney.  But some people consider that to be
illegal here in Amerikkka.

They don't understand that when I am ready to release my software, I release it,
and when it's released, it's released.  That is my right under our First 
Amendment
guarantee of freedom of speech and of the press.  I think it works pretty 
similarly
over there in Canada.  When you've tested your code and you are ready, you
commit it, and when it's committed, it's committed, and the rest of the team is
free to tear it to shreds.

The best defense to rubber-hose cryptanalysis is small pieces of lead, saboted
and silenced and projected at high speed at anyone and everyone armed with a
rubber hose.  The Penguins over in Linux-land understand this very well.  Do the
Pufferfish?  Because that's my right, too, under our Second Amendment
guarantee of the right to keep and bear arms.

So when I'm ready, I fire a shot, and when it's fired, it's fired, and there is 
no
calling it back.  And that's why I make dead certain that I am ready before I 
fire.

Even if the U.S. Department of Defense considers computer cryptography to be a
munition of war, then the right to use it is still protected, only under the 
Second
Amendment rather than the First.  Some communications are private, confidential,
classified, or privileged and not obtainable with a warrant, and that is why we 
use
cryptography here in the United States of America. 

Re: From the military propaganda department

[Mikhail Krutov]

Not_sure_if_trolling_or_plain_schizo.jpg
On Sat, May 25, 2013 at 11:01:45AM -0700, Justin Lindberg wrote:
 Excuse the Yahoo address.  That's the best I can do here in the United States
 of Amerikkka.  How is life in OpenBSD-land?  The gummint dont trust me when
 I use OpenBSD because they don't have a clue what I'm doing when I'm at my
 computer.  Even after they've read my code, and obtained all my passwords via
 rubber-hose cryptanalysis, and they're sitting at my keyboard staring at the 
 hash
 prompt, they still don't have a clue what I am doing, and they think the 
 problem
 can be solved by the more liberal use of rubber hoses.
  
 Oh, I was writing a letter to my attorney.  But some people consider that to 
 be
 illegal here in Amerikkka.
  
 They don't understand that when I am ready to release my software, I release 
 it,
 and when it's released, it's released.  That is my right under our First 
 Amendment
 guarantee of freedom of speech and of the press.  I think it works pretty 
 similarly
 over there in Canada.  When you've tested your code and you are ready, you
 commit it, and when it's committed, it's committed, and the rest of the team 
 is
 free to tear it to shreds.
  
 The best defense to rubber-hose cryptanalysis is small pieces of lead, saboted
 and silenced and projected at high speed at anyone and everyone armed with a
 rubber hose.  The Penguins over in Linux-land understand this very well.  Do 
 the
 Pufferfish?  Because that's my right, too, under our Second Amendment
 guarantee of the right to keep and bear arms.
  
 So when I'm ready, I fire a shot, and when it's fired, it's fired, and there 
 is no
 calling it back.  And that's why I make dead certain that I am ready before I 
 fire.
  
 Even if the U.S. Department of Defense considers computer cryptography to be a
 munition of war, then the right to use it is still protected, only under the 
 Second
 Amendment rather than the First.  Some communications are private, 
 confidential,
 classified, or privileged and not obtainable with a warrant, and that is why 
 we use
 cryptography here in the United States of America.

Re: From the military propaganda department

[Alexander Hall]

This ain't a blog nor your personal diary. What's the point and purpose 
of these rants, really? Saying OpenBSD rules? Sucks? What?


/Alexander

On 05/28/13 07:14, Justin Lindberg wrote:

Richard Thornton: Not sorry, not a dude, I do not drink alcohol, and I do not
associate with people like you.  Take your dude problems elsewhere, because
I am not interested.  OpenBSD is the only reason I am here, and I do not like
rubber hoses or the people who try to shove them up my butt.  I don't care what
Theo thinks, either.  It's his operating system, and he can take it or leave it 
or
ignore the spam.  And anyone else can use it under the BSD license.  That's
what he did to NetBSD anyway.  I am going to use whatever software I want
to use as long as it is legal.  Same as anyone else on the mailing list, unless
I get B for some reason, in which case I will find a different mailing list.  
I don't
run the show here, so don't act like I do or I am trying to, because I am not.
I'm not interesting in forkingan operating system or going back to Net- or
FreeBSD, either.  I don't like Linux, either, because the kernel is far too 
bloated,
and I don't like all the spyware, adware, and malware that goes along with it.
I just use OpenBSD as an operating system.  It does not put me in the mood
to party, nor, do I think, is it intended to.  Yet another defense to 
rubber-hose
cryptanalysis is to slice those rubber hoses to ribbons with a sharp razor, and
install a decent burglar alarm with a secure OS.


From: Richard Thornton rich...@thornton.net
To: zx5...@yahoo.com; misc@openbsd.org
Sent: Monday, May 27, 2013 7:51 PM
Subject: Re: From the military propaganda department



Time to drink a beer and chill out, dude!

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
From: Justin Lindberg
Sent: Saturday, May 25, 2013 2:01 PM
To: misc@openbsd.org
Reply To: Justin Lindberg
Subject: From the military propaganda department

Excuse the Yahoo address.  That's the best I can do here in the United States
of Amerikkka.  How is life in OpenBSD-land?  The gummint dont trust me when
I use OpenBSD because they don't have a clue what I'm doing when I'm at my
computer.  Even after they've read my code, and obtained all my passwords via
rubber-hose cryptanalysis, and they're sitting at my keyboard staring at the 
hash
prompt, they still don't have a clue what I am doing, and they think the problem
can be solved by the more liberal use of rubber hoses.

Oh, I was writing a letter to my attorney.  But some people consider that to be
illegal here in Amerikkka.

They don't understand that when I am ready to release my software, I release it,
and when it's released, it's released.  That is my right under our First 
Amendment
guarantee of freedom of speech and of the press.  I think it works pretty 
similarly
over there in Canada.  When you've tested your code and you are ready, you
commit it, and when it's committed, it's committed, and the rest of the team is
free to tear it to shreds.

The best defense to rubber-hose cryptanalysis is small pieces of lead, saboted
and silenced and projected at high speed at anyone and everyone armed with a
rubber hose.  The Penguins over in Linux-land understand this very well.  Do the
Pufferfish?  Because that's my right, too, under our Second Amendment
guarantee of the right to keep and bear arms.

So when I'm ready, I fire a shot, and when it's fired, it's fired, and there is 
no
calling it back.  And that's why I make dead certain that I am ready before I 
fire.

Even if the U.S. Department of Defense considers computer cryptography to be a
munition of war, then the right to use it is still protected, only under the 
Second
Amendment rather than the First.  Some communications are private, confidential,
classified, or privileged and not obtainable with a warrant, and that is why we 
use
cryptography here in the United States of America.

Working on suspend/resume

[Jean Lucas]

Hi all,

How does one begin diagnosing sleep/suspend for a particular machine? In 
this case, a Lenovo Yoga 13. The ACPI states are frozen (frozen battery 
meter and lying reports about my AC adapter being plugged  in when it's 
not). If someone could help me add signals for my machine, it'd be 
easier to work on other problems without restarting all the time and/or 
shutting down for overheating purposes.


Installed FreeBSD to see if suspend/resume worked; telling sysctl that 
the lid switch state is S3 worked, and successfully suspended. Resuming 
was an entirely different issue. Adding the reset video parameter, 
however, booted me into my first operating system on resume. Weird.


hw.acpi.lid_switch_state=s3
hw.acpi.reset_video=1

(http://forums.freebsd.org/showthread.php?t=6942)

Thanks,
Jean

Re: From the military propaganda department

[Justin Lindberg]

You need to be shot to death.


- Original Message -
From: Richard Thornton rich...@thornton.net
To: Justin Lindberg zx5...@yahoo.com
Cc: 
Sent: Tuesday, May 28, 2013 4:09 AM
Subject: Re: From the military propaganda department

If you dont drink, then take a valium

boot panic: aml_die aml_store:2690

[Heptas Torres]

I am trying to install OBSD on an ASUS netbook but the system panics
at boot. I am thrown in ddb and with show panic I get aml_die
aml_store:2690.
As I haven't figured out a way to get the dmesg out, I took the
attached pictures with the dmesg, trace and ps.
Is this a bug or problems with unsupported hardware?
thanks
-h

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
1.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
2.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
3.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
4.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
5.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
6.jpg]

Re: boot panic: aml_die aml_store:2690

[staticsafe]

On Tue, May 28, 2013 at 03:35:42PM +, Heptas Torres wrote:
 I am trying to install OBSD on an ASUS netbook but the system panics
 at boot. I am thrown in ddb and with show panic I get aml_die
 aml_store:2690.
 As I haven't figured out a way to get the dmesg out, I took the
 attached pictures with the dmesg, trace and ps.
 Is this a bug or problems with unsupported hardware?
 thanks
 -h
 
 [demime 1.01d removed an attachment of type image/jpeg which had a name of 
 1.jpg]
 
 [demime 1.01d removed an attachment of type image/jpeg which had a name of 
 2.jpg]
 
 [demime 1.01d removed an attachment of type image/jpeg which had a name of 
 3.jpg]
 
 [demime 1.01d removed an attachment of type image/jpeg which had a name of 
 4.jpg]
 
 [demime 1.01d removed an attachment of type image/jpeg which had a name of 
 5.jpg]
 
 [demime 1.01d removed an attachment of type image/jpeg which had a name of 
 6.jpg]
 
demime stripped your attached images btw, might want to upload somewhere
and provide HTTP links (imgur is good).
-- 
staticsafe
O ascii ribbon campaign - stop html mail - www.asciiribbon.org
Please don't top post - http://goo.gl/YrmAb
Don't CC me! I'm subscribed to whatever list I just posted on.

Re: how can I get a dmesg (without a floppy or serial console port)?

[Heptas Torres]

On 5/28/13, Josh Grosse j...@jggimi.homeip.net wrote:
 On Tue, May 28, 2013 at 12:06:10AM +, Heptas Torres wrote:
 On 5/27/13, Shane Lazarus shane.laza...@pobox.com wrote:
  Heya
 
  Any network connectivity at all?

 nope - that would be easy through ssh.

  Otherwise, mount a USB stick and dmesg  file...

 well if the system crashes there is now way I could mount a USB and
 copy the dmesg. I was wondering whether there are some hacks with
 network cables or some physical hacks to connect two machines directly
 to get the dmesg from one to another.

 If the crash is able to dump core to swap,

Is there any way I can figure out if that's the case?

 on reboot, savecore(8) runs, and

The problem is that the system panics at reboot and I am thrown into
ddb, so I guess rebooting does not even get to run savecore. See my
previous email to the list (separate thread) on where the system
panics.For now I took some pictures with the dmesg, but would still
like to figure out if there would be a way to get the dmesg without
needing a camera :)
thanks
-h

 your dmesg will be within the stored dump.  Refer to crash(8) and the -M
 and
 -N options of dmesg(8).

Re: From the military propaganda department

[Steven]

We're honestly giving this guy way too much attention.

--
W. Steven Schneider  w.steven.schnei...@ualberta.net

uvm_mapent_alloc: out of static map entries

[carlos albino garcia grijalba]

i have read on archives but too many opinions on this subject since 4 and many
of them are saying to restart server, restart process, wait to be fixed a big
diff but the problem its that the diff its for 4.3 and i have 4.8 and of
course i have the problem any new info about this and i havent found the
solution to this.

P.D.
Oh lord listen to my prays i hope the folks on openbsd misc can please
enlighten me as i am a dummy and leave me a message at least whatever message
will be well something

Re: boot panic: aml_die aml_store:2690

[Heptas Torres]

On 5/28/13, Heptas Torres hepta...@gmail.com wrote:
 I am trying to install OBSD on an ASUS netbook but the system panics
 at boot. I am thrown in ddb and with show panic I get aml_die
 aml_store:2690.
 As I haven't figured out a way to get the dmesg out, I took the
 attached pictures with the dmesg, trace and ps.
 Is this a bug or problems with unsupported hardware?
 thanks
 -h


these are the links to the dmesg/trace/ps pictures:
http://d.pictureupload.us/128838031051a4d52535419.jpg
http://d.pictureupload.us/205859644551a4d5253fb58.jpg
http://d.pictureupload.us/84483466051a4d52547810.jpg
http://d.pictureupload.us/100239268251a4d5254f0fc.jpg
http://d.pictureupload.us/130656027151a4d5255d48a.jpg
http://d.pictureupload.us/198052637951a4d52564b16.jpg

Re: From the military propaganda department

[David Walker]

Hi.

If I understand correctly, this is off topic here, as much as generic
hardware or networking issues or whatever. General cryptology and
associated legal issues in this sense (again as I understand you) are
not specific to OpenBSD being vendor neutral issues.
That said I'm all for this discussion.
Not to pre-empt others (disregarding the initial negative responses),
I think you should be aware there's a valid and consistent case to be
made that this might be one of those cases where you'll get little
traction.
My advice, if this thread doesn't get the traction you like; go elsewhere.
Insert quotes from Ben Franklin et al. ... choose your audience.

Regardless.

While there's a lot of commonality between the US and some of the rest
of us, we have constitutions of our own (except england of course).
Please don't fall into the trap that any of this stuff is
transferrable. That's a point of law and it stands.
I don't have freedom of speech, the right to keep and bear arms and so on.
FYI, I live in a democracy, not a republic. We're transitive. There's
a real world difference.

Nevertheless, Aristotle nailed this.
http://en.wikipedia.org/wiki/Modes_of_persuasion

Those ideas are somewhat intertwined but you've failed.

You've failed on logos - the facts - give some context. Clear context.
Why do I or anyone else here care about rights violations?
Without that, prima facie this comes off as a rant without relevance
... uname(1) or tread lightly.

You've failed on your pathos - my sympathy or empathy - this is why
this is definitely in the off topic decisions to be made grey area.
I don't see a clear connection between LEO and OpenBSD here. See
previous ... uname(1) or tread lightly.

You've failed to clarify your ethos - I don't believe you. Your
constitution is enough authority but I'm not seeing it presented
appropriately. I admire your conjunction of munitions and the second.
May I use that?
In this case though, open sauce, crypto, second, etcetera are an
entirely different issue to the fourth amendment question - protection
against unreasonable search and seizure.
You've muddied the waters and failed to convince on either account.
That's the big deal here. The fourth ...

The right of the people to be secure in their persons, houses,
papers, and effects, against unreasonable searches and seizures, shall
not be violated ...
http://www.archives.gov/exhibits/charters/bill_of_rights_transcript.html#4

First? Sure. Publish, done. Matter of course. No infringements. Right?
Second? Sure. Sidebar. Again off topic but trivially interesting.

Rubber hose cryptanalysis, the browbeating or otherwise of citizens to
gain passwords so DHS inter alia, i.e. Border Patrol, can look at your
stuff is strictly a fourth amendment issue (obliquely a fifth).
That's where you should be thinking.
You live in a common law country with a written constitution - not
something to be assumed.
There's a trodden path. Stand your ground - no officer ... unless you
provide a warrant based on probable cause I won't be giving you my
key.
Go read the fourth ...
The key is standing your ground.
Get arrested or worse or combinations of whatever and go from there.
To paraphrase a founding father:
They that can give up essential liberty to purchase a little
temporary safety, deserve neither liberty nor safety.
Trees need iron. Blood serves fine. Ask Thomas Jefferson ...
Good on you for taking an hour out of your life. Give me something
more than a hypothesis of how bad things are happening that might be
violations and how people that I care about are affected on the ground
...
Get arrested or GTFO ...

I'm not Armorican. I read your constitution and your bill of rights
and study your law and your country.
I've stood up to LEO here. Describe your experience.
Light on the hill. Get the fuck up there.

Re: From the military propaganda department

[Tim Nelson]

- Original Message -
 Hi.
 
 If I understand correctly, this is off topic here, as much as generic
 hardware or networking issues or whatever. General cryptology and
 associated legal issues in this sense (again as I understand you) are
 not specific to OpenBSD being vendor neutral issues.
 That said I'm all for this discussion.
 Not to pre-empt others (disregarding the initial negative responses),
 I think you should be aware there's a valid and consistent case to be
 made that this might be one of those cases where you'll get little
 traction.
 My advice, if this thread doesn't get the traction you like; go
 elsewhere.
 Insert quotes from Ben Franklin et al. ... choose your audience.
 
 Regardless.
 
 While there's a lot of commonality between the US and some of the
 rest
 of us, we have constitutions of our own (except england of course).
 Please don't fall into the trap that any of this stuff is
 transferrable. That's a point of law and it stands.
 I don't have freedom of speech, the right to keep and bear arms and
 so on.
 FYI, I live in a democracy, not a republic. We're transitive. There's
 a real world difference.
 
 Nevertheless, Aristotle nailed this.
 http://en.wikipedia.org/wiki/Modes_of_persuasion
 
 Those ideas are somewhat intertwined but you've failed.
 
 You've failed on logos - the facts - give some context. Clear
 context.
 Why do I or anyone else here care about rights violations?
 Without that, prima facie this comes off as a rant without relevance
 ... uname(1) or tread lightly.
 
 You've failed on your pathos - my sympathy or empathy - this is why
 this is definitely in the off topic decisions to be made grey area.
 I don't see a clear connection between LEO and OpenBSD here. See
 previous ... uname(1) or tread lightly.
 
 You've failed to clarify your ethos - I don't believe you. Your
 constitution is enough authority but I'm not seeing it presented
 appropriately. I admire your conjunction of munitions and the second.
 May I use that?
 In this case though, open sauce, crypto, second, etcetera are an
 entirely different issue to the fourth amendment question -
 protection
 against unreasonable search and seizure.
 You've muddied the waters and failed to convince on either account.
 That's the big deal here. The fourth ...
 
 The right of the people to be secure in their persons, houses,
 papers, and effects, against unreasonable searches and seizures,
 shall
 not be violated ...
 http://www.archives.gov/exhibits/charters/bill_of_rights_transcript.html#4
 
 First? Sure. Publish, done. Matter of course. No infringements.
 Right?
 Second? Sure. Sidebar. Again off topic but trivially interesting.
 
 Rubber hose cryptanalysis, the browbeating or otherwise of citizens
 to
 gain passwords so DHS inter alia, i.e. Border Patrol, can look at
 your
 stuff is strictly a fourth amendment issue (obliquely a fifth).
 That's where you should be thinking.
 You live in a common law country with a written constitution - not
 something to be assumed.
 There's a trodden path. Stand your ground - no officer ... unless
 you
 provide a warrant based on probable cause I won't be giving you my
 key.
 Go read the fourth ...
 The key is standing your ground.
 Get arrested or worse or combinations of whatever and go from there.
 To paraphrase a founding father:
 They that can give up essential liberty to purchase a little
 temporary safety, deserve neither liberty nor safety.
 Trees need iron. Blood serves fine. Ask Thomas Jefferson ...
 Good on you for taking an hour out of your life. Give me something
 more than a hypothesis of how bad things are happening that might be
 violations and how people that I care about are affected on the
 ground
 ...
 Get arrested or GTFO ...
 
 I'm not Armorican. I read your constitution and your bill of rights
 and study your law and your country.
 I've stood up to LEO here. Describe your experience.
 Light on the hill. Get the fuck up there.
 
 

Fantastic points, I'd love to hear more, from both sides.

--Tim

Re: uvm_mapent_alloc: out of static map entries

[Chris Cappuccio]

Carlos,

We are now on OpenBSD 5.3 and going forward. Please try that first.

carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
 i have read on archives but too many opinions on this subject since 4 and many
 of them are saying to restart server, restart process, wait to be fixed a big
 diff but the problem its that the diff its for 4.3 and i have 4.8 and of
 course i have the problem any new info about this and i havent found the
 solution to this.
 
 P.D.
 Oh lord listen to my prays i hope the folks on openbsd misc can please
 enlighten me as i am a dummy and leave me a message at least whatever message
 will be well something

-- 
I'm not being defensive. Maybe you're the one
that's being defensive. Maybe you should look
at yourself once in awhile.

Re: From the military propaganda department

[Chris Cappuccio]

Drugs are not good for your brain.

Justin Lindberg [zx5...@yahoo.com] wrote:
 You need to be shot to death.
 
 
 - Original Message -
 From: Richard Thornton rich...@thornton.net
 To: Justin Lindberg zx5...@yahoo.com
 Cc: 
 Sent: Tuesday, May 28, 2013 4:09 AM
 Subject: Re: From the military propaganda department
 
 If you dont drink, then take a valium

softdep flag lost when updating mountpoint

[Patrik Lundin]

Hello,

I have a simple fileserver that performs a nightly backup to an extra
disk mounted at /backup using rsync with --link-dest.

The backup disk is normally mounted read-only except when rsync is
running.

A few days ago i figured it would be interesting to enable softdeps on
the backup disk to make the rsync go faster, I then noticed that the
softdep option had been removed after the next backup job had completed.

I recreated it on my laptop running a recent snapshot like this:

/etc/fstab:
76510836242844b3.i /usr/src ffs rw,nodev,nosuid,softdep,ro 1 2 

After boot mount reports this:
/dev/sd0i on /usr/src type ffs (local, nodev, nosuid, read-only, softdep)

Then I update it to read/write which works as I expect:
# mount -uw /usr/src
/dev/sd0i on /usr/src type ffs (local, nodev, nosuid, softdep)

However, once I update it to read-only again the softdep flag is
removed:
# mount -ur /usr/src
/dev/sd0i on /usr/src type ffs (local, nodev, nosuid, read-only)

I realize mount(8) states that the softdep option is ignored when
using -u and the filesystem is mounted read/write, but is this
applicable when the filesystem is already mounted with softdep prior to
the update?

I can of course work around this by just doing a proper umount/mount of
the filesystem at the end of the backup job but I was wondering if this
was the expected behaviour or not.

Finally, while browsing the lists for clues i ran across this post by
Stuart:
http://marc.info/?l=openbsd-miscm=132511441117536w=2

Since rsync with --link-dest is pretty much creating a hardlink tree,
maby I shouldn't be using softdeps at all for this?

Regards,
Patrik Lundin

Re: From the military propaganda department

[David Walker]

Tim Nelson tnelson () rockbochs ! com
 Fantastic points, I'd love to hear more, from both sides.

I'll blink.
This is a big deal ... but it's not specific to OpenBSD and further,
this is not news.

http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
This discussion is pertinent on any forum. Hence here where the focus
is tight and anecdotally anti-turbo-legal ... it's bound to be off
topic.

Still, it's about the fourth and perhaps the fifth but not the first
and definitely not the second ...
While I don't have the protection afforded by the bill of rights (the
US one not the englsh one), the fourth is understood where habeus
corpus rules, i.e. those of us in free societies.
This is relevant but, ranting about the amendments to a global
crowd, while allowed by the first, is hot air. I have no first nor
second sir ...
So, relevant but poorly phrased. Anything else?
Sure. Where we have the rule of law, the plan is to stand up for
yourself, in law (i.e. the fourth if that's what you've got) and get
some case law under your belt.
You've got to stand up for yourself ...
Everything else is hot air or text (i.e. hot air).

The US is the light on the hill. Stand up for yourself. Use the law.
The constitution if that's all you've got. Talking about it is one thing.

DHS told me I had to hand over my password and I did ...
I'm angry they violated my rights.
That's neither precedent nor threadworthy.

Re: softdep flag lost when updating mountpoint

[Ted Unangst]

On Tue, May 28, 2013 at 19:37, Patrik Lundin wrote:
 
 However, once I update it to read-only again the softdep flag is
 removed:
 # mount -ur /usr/src
 /dev/sd0i on /usr/src type ffs (local, nodev, nosuid, read-only)

The softdep flag is cleared when you change a mount to read only. What
would a read only softdep filesystem do?

[no subject]

[David Walker]

Tim Nelson tnelson () rockbochs ! com
 Fantastic points, I'd love to hear more, from both sides.

I'll blink.
This is a big deal ... but it's not specific to OpenBSD and further,
this is not news.

http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
This discussion is pertinent on any forum. Hence here where the focus
is tight and anecdotally anti-turbo-legal ... it's bound to be off
topic.

Still, it's about the fourth and perhaps the fifth but not the first
and definitely not the second ...
While I don't have the protection afforded by the bill of rights (the
US one not the englsh one), the fourth is understood where habeus
corpus rules, i.e. those of us in free societies.
This is relevant but, ranting about the amendments to a global
crowd, while allowed by the first, is hot air. I have no first nor
second sir ...
So, relevant but poorly phrased. Anything else?
Sure. Where we have the rule of law, the plan is to stand up for
yourself, in law (i.e. the fourth if that's what you've got) and get
some case law under your belt.
You've got to stand up for yourself ...
Everything else is hot air or text (i.e. hot air).

The US is the light on the hill. Stand up for yourself. Use the law.
The constitution if that's all you've got. Talking about it is one
thing.

DHS told me I had to hand over my password and I did ...
I'm so angry they violated my rights. That's neither precedent nor threadworthy.

Re: softdep flag lost when updating mountpoint

[Patrik Lundin]

On Tue, May 28, 2013 at 01:54:50PM -0400, Ted Unangst wrote:
 
 The softdep flag is cleared when you change a mount to read only. What
 would a read only softdep filesystem do?


I was only surprised that updating a filesystem to read-only and back to
read/write would result in another state then what I had to begin with.

Re: uvm_mapent_alloc: out of static map entries

[Chris Cappuccio]

carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
 ok problem of mine again i run again on a fast solution since i have just 
 seen that there have been a lot of changes on uvm lets go 4.8 - 4.9 - 5.0 
 - 5.1 - 5.2 - 5.3 ant thanks this is actually an aswer will do that and 
 let folks know what happen
 
 

Just install 5.3. You don't need to upgrade to each version.

Re: uvm_mapent_alloc: out of static map entries

[Chris Cappuccio]

carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
 it is a server on production m a  little concerned about fail after upgrade 
 from 4.8 to 5.3 has some services on it

Just upgrade to 5.3, pkg_add -r, and fix the fallout from ports changes. Read 
the faq/current.html too

Re: uvm_mapent_alloc: out of static map entries

[Ville Valkonen]

On 28 May 2013 21:39, Chris Cappuccio ch...@nmedia.net wrote:
 carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
 it is a server on production m a  little concerned about fail after upgrade 
 from 4.8 to 5.3 has some services on it

 Just upgrade to 5.3, pkg_add -r, and fix the fallout from ports changes. Read 
 the faq/current.html too


If he is upgrading to 5.3, he should read faq/upgrade53.html instead :)

--
Sincerely,
Ville Valkonen

Re: uvm_mapent_alloc: out of static map entries

[carlos albino garcia grijalba]

ok problem of mine again i run again on a fast solution since i have just seen
that there have been a lot of changes on uvm lets go 4.8 - 4.9 - 5.0 - 5.1
- 5.2 - 5.3 ant thanks this is actually an aswer will do that and let folks
know what happen

 Date: Tue, 28 May 2013 09:54:00 -0700
 From: ch...@nmedia.net
 To: genesi...@hotmail.com
 CC: misc@openbsd.org
 Subject: Re: uvm_mapent_alloc: out of static map entries

 Carlos,

 We are now on OpenBSD 5.3 and going forward. Please try that first.

 carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
  i have read on archives but too many opinions on this subject since 4 and
many
  of them are saying to restart server, restart process, wait to be fixed a
big
  diff but the problem its that the diff its for 4.3 and i have 4.8 and of
  course i have the problem any new info about this and i havent found the
  solution to this.
 
  P.D.
  Oh lord listen to my prays i hope the folks on openbsd misc can please
  enlighten me as i am a dummy and leave me a message at least whatever
message
  will be well something

 --
 I'm not being defensive. Maybe you're the one
 that's being defensive. Maybe you should look
 at yourself once in awhile.

Re: uvm_mapent_alloc: out of static map entries

[carlos albino garcia grijalba]

ok let u know what happen thank u very much actually u are the only folk that
answer all my other mails have been kicked by the way where do i have to send
mail to know why my laptop has to be rebooted so that the fan work on the
first boot i just never work

 Date: Tue, 28 May 2013 11:39:53 -0700
 From: ch...@nmedia.net
 To: genesi...@hotmail.com
 CC: misc@openbsd.org
 Subject: Re: uvm_mapent_alloc: out of static map entries

 carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
  it is a server on production m a  little concerned about fail after
upgrade from 4.8 to 5.3 has some services on it

 Just upgrade to 5.3, pkg_add -r, and fix the fallout from ports changes.
Read the faq/current.html too

Re: softdep flag lost when updating mountpoint

[Alexander Hall]

On 05/28/13 19:54, Ted Unangst wrote:

On Tue, May 28, 2013 at 19:37, Patrik Lundin wrote:


However, once I update it to read-only again the softdep flag is
removed:
# mount -ur /usr/src
/dev/sd0i on /usr/src type ffs (local, nodev, nosuid, read-only)


The softdep flag is cleared when you change a mount to read only. What
would a read only softdep filesystem do?


Well, obviously not much regarding softdep, but I can understand the 
concern.


I do the 'mount -uw / do_stuff / mount -ur' dance as part of my backup 
system in order to minimize fsck time and disk corruption in case of 
unexpected power outages etc. I don't have softdep on those, but that's 
not really the point.


I can see situations where having to unmount and remount of a filesystem 
would be a nuisance. Are there any known problems with preserving the 
softdep bits (and even allow, albeit at that time ignore, them if 
present at 'mount -r')?


/Alexander

Re: uvm_mapent_alloc: out of static map entries

[Chris Cappuccio]

carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
 ok let u know what happen thank u very much actually u are the only folk that 
 answer all my other mails have been kicked by the way where do i have to send 
 mail to know why my laptop has to be rebooted so that the fan work on the 
 first boot i just never work 
 

I don't know about your laptop and its fan, but if you think the problem is 
specific
to OpenBSD, you may want to try a 5.3-current snapshot on it.

(see ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/ )

ACPI parsing had a significant fix committed last week, one that affects
many different implementations.

Re: uvm_mapent_alloc: out of static map entries

[carlos albino garcia grijalba]

it is a server on production m a  little concerned about fail after upgrade
from 4.8 to 5.3 has some services on it

 Date: Tue, 28 May 2013 11:19:18 -0700
 From: ch...@nmedia.net
 To: genesi...@hotmail.com
 CC: misc@openbsd.org
 Subject: Re: uvm_mapent_alloc: out of static map entries

 carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
  ok problem of mine again i run again on a fast solution since i have just
seen that there have been a lot of changes on uvm lets go 4.8 - 4.9 - 5.0 -
5.1 - 5.2 - 5.3 ant thanks this is actually an aswer will do that and let
folks know what happen
 
 

 Just install 5.3. You don't need to upgrade to each version.

Is it possible to do with pf?

[jV]

 Hi *,

Linux has a very nice feature, and I was wondering does OpenBSD has it too.

There is a module in linux kernel which helps to manage traffic using 
iptables by setting appropriate rules for users. For example, allow www 
user sending traffic to gateway at port 80 and disable the rest, or 
completely disable traffic for user root etc. Is it possible to do 
something similar with openbsd's pf ?


Thanks,

Re: Is it possible to do with pf?

[Mark Felder]

Yes, it's in the man page for pf.conf. Search for user.

Re: Is it possible to do with pf?

[jV]

On 5/28/2013 22:11 PM, Mark Felder wrote:

Yes, it's in the man page for pf.conf. Search for user.



Thanks.

Sendmail not working on 5.3

[John Tate]

I upgraded to OpenBSD 5.3 on the release day, I've since updated to the
latest patch branch (not that there is any related errata to this
question). I can't seem to send mail out with a server, it is not my pf
rules. It was indicated by phpmailer not working. I can't find my sendmail
logs.

John

-- 
www.johntate.org

Re: Sendmail not working on 5.3

[John Tate]

Ignore this, I made a silly mistake.


On Wed, May 29, 2013 at 6:07 AM, John Tate j...@johntate.org wrote:

 I upgraded to OpenBSD 5.3 on the release day, I've since updated to the
 latest patch branch (not that there is any related errata to this
 question). I can't seem to send mail out with a server, it is not my pf
 rules. It was indicated by phpmailer not working. I can't find my sendmail
 logs.

 John

 --
 www.johntate.org




-- 
www.johntate.org

Re: softdep flag lost when updating mountpoint

[Ted Unangst]

On Tue, May 28, 2013 at 20:54, Alexander Hall wrote:

 I do the 'mount -uw / do_stuff / mount -ur' dance as part of my backup
 system in order to minimize fsck time and disk corruption in case of
 unexpected power outages etc. I don't have softdep on those, but that's
 not really the point.
 
 I can see situations where having to unmount and remount of a filesystem
 would be a nuisance. Are there any known problems with preserving the
 softdep bits (and even allow, albeit at that time ignore, them if
 present at 'mount -r')?

Indeed, I think maybe this is ok.

Index: ffs_vfsops.c
===
RCS file: /cvs/src/sys/ufs/ffs/ffs_vfsops.c,v
retrieving revision 1.136
diff -u -p -r1.136 ffs_vfsops.c
--- ffs_vfsops.c15 Apr 2013 15:32:19 -  1.136
+++ ffs_vfsops.c28 May 2013 20:50:42 -
@@ -221,7 +221,6 @@ ffs_mount(struct mount *mp, const char *
flags |= FORCECLOSE;
if (fs-fs_flags  FS_DOSOFTDEP) {
error = softdep_flushfiles(mp, flags, p);
-   mp-mnt_flag = ~MNT_SOFTDEP;
} else
error = ffs_flushfiles(mp, flags, p);
ronly = 1;

Re: From the military propaganda department

[Chris Bennett]

Talking about current issues, whether for you or others, is useful.
But for me, ultimately I am only concerned with how these things effect
myself and any family and important friends.

But what have you actually done, besides talk?

Want to talk about OpenBSD? When Theo had a problem with NetBSD, he left
and founded OpenBSD.
He did something.

When I found Windows and Linux to suck, I joined OpenBSD a user. I even
do a little bit of contributing to ports. Not a lot but some. That is
what I am doing.

Many years ago, when I found myself undervalued as an employee, instead
of whining. I left, starting my own business. As one friend said to me
later, Chris, you jumped off the boat into the middle of the ocean and
you can't even swim! But I didn't sink either.
That is what I did.

When I found myself not getting paid on time as a subcontractor for
big companies, I didn't complain, I left. I started working directly
for the general public. No more problems with getting paid on time and
the work was more interesting.

Once again I did something.

Now I find myself deeply concerned about the economic and abusive
behaviour of both the government policies and corporate methods.

Crying over my beer won't do anything useful, will it?

So now, I am setting up foreign addresses for myself and my father in
Guatemala and Mexico. I am also planning on opening small branches of my
business in both countries. This will allow me the freedom to make a
choice in the future as needed. It will also, right now, give my father
a home where his pensions are big enough to live well.

Well, I am busy DOING things. You??

Please go DO something. We got your message. Now close you mouth and get
on with DOING your own things quietly. If you are this concerned about
these issues, then you sure as hell better spend your time DOING
something for yourself.

As a side note:
There is no such thing as a Government. That is just a model. There
are only people who individually decide to do things. If you want to
change the way these things are done, you will need to directly deal
with this group of people, AS PEOPLE, not as some mythical magic word
such as the all powerful government.

openbsd hosting

[Friedrich Locke]

Dear list members,

i am in need to host my web stuff oversea. Is any aware about any hosting
services with the following features:

OpenBSD Shell access (as also mysql client program)
MySQL database option;
Java support on apache, and
MySQL java support.

Thanks in advance.

Re: openbsd hosting

[Otto Moerbeek]

On Tue, May 28, 2013 at 06:20:39PM -0300, Friedrich Locke wrote:

 Dear list members,
 
 i am in need to host my web stuff oversea. Is any aware about any hosting
 services with the following features:

My oversea might not be your oversea. Try to be more specific.

-Otto

 
 OpenBSD Shell access (as also mysql client program)
 MySQL database option;
 Java support on apache, and
 MySQL java support.
 
 Thanks in advance.

PF: nat-to from real IP to real IP is possible?

[Raimundo Santos]

Hello folks!

I have this PF config (for whom could not see Web things, this config is
also at the end of the message):

http://pastebin.com/KZgzRJ6B

running well in OpenBSD 5.3 over a Core i5 Ivy Bridge, 16GB of RAM, 120GB
SSD, one 3Com 10/100 (driver xl), two Agere (driver et) 10/100/1000, one
Atthansic (alc) on-board Gigabit, and one Quad Port Intel (em). All things
going fine! :) - but there is Akamai...

My needs are: put through an internet emergencial link all Akamai CDN
traffic (and all the like we can track). This link is an ADSL, not so
reliable as our other two links (2x10Mbps, opticals, symmetric). And is not
intended to do routing for us, so I can not just drop my packets as
src:187.72.K.L over that ISP's line and expect them coming back through it.

In other words, there is no RIPv2 as we have in the other links.

So my thought was: why not do NAT through this emergencial link? Put a lot
of known IPs from Akamai and their friends in a PF table, and every packet
with destiny to any IP from that table go through this emergencial link.

How can I solve this? Our two best links are from one ISP, this emergencial
is from another.

Thank you all for the spent time!


An as promised, the configuration (sorry about formatation, I dunno how
GMail will treat this):

RFC1918 = { 172.16/12, 192.168/16, 10/8, 127/8 }
INT_NET  = { internal real IPs }

ext_if_1 = em0
ext_gw_1 = 187.72.A.X
ext_ip_1 = 187.72.A.Y

ext_if_2 = em1
ext_gw_2 = 187.72.B.X
ext_ip_2 = 187.72.B.Y

ext_if_3 = alc0
ext_gw_3 = 187.72.C.X
ext_ip_3 = 187.72.C.Y

int_if_1 = em2
int_gw_1 = 187.72.D.X
int_ip_1 = 187.72.D.Y

squid_master_if = em3
squid_master_gw = 187.72.E.X
squid_master_ip = 187.72.E.Y

#all_ifs = { $ext_if_1, $ext_if_2, $ext_if_3, $int_if_1, $squid_master_if
}

# increase default state limit from 10'000 states on busy systems
set limit states 6304000
set limit tables 5000
set limit src-nodes 20
set limit frags 3000
set optimization normal
set state-defaults pflow, no-sync

set skip on lo

#block private nets
block in log quick on {  \
 $ext_if_1,\
 $ext_if_2,\
 $ext_if_3,\
 $squid_master_if, \
 $int_if_1 } from $RFC1918 label blocking RFC1918

# test nat-to IP_REAL - IP_REAL:
pass  in  on $int_if_1 from 187.72.W.A route-to pppoe0# can these...
pass  out quick on pppoe0 from 187.72.W.A nat-to (pppoe0) # two rules work?
there is a way?

#pass on lo0 all flags S/SA
pass all flags any allow-opts # establish keep-state

# route to squid_master
pass in quick on $int_if_1 proto tcp from { $INT_NET, $int_gw_1 } to port
http \
 route-to ($squid_master_if $squid_master_gw)
pass in quick on $ext_if_1 proto tcp from port http to { $INT_NET,
$int_gw_1 } \
 route-to ($squid_master_if $squid_master_gw)
pass in quick on $ext_if_2 proto tcp from port http to { $INT_NET,
$int_gw_1 } \
 route-to ($squid_master_if $squid_master_gw)
pass in quick on $ext_if_3 proto tcp from port http to { $INT_NET,
$int_gw_1 } \
 route-to ($squid_master_if $squid_master_gw)
# route from squid_master
pass in quick on $squid_master_if proto tcp from { $INT_NET, $int_gw_1 } to
\
 port http route-to \
{ \
  ($ext_if_1 $ext_gw_1) weight 1, \
  ($ext_if_2 $ext_gw_2) weight 50 \
} least-states label cahce outbound balancing

pass in quick on $squid_master_if proto tcp from port http to { $INT_NET,
$int_gw_1 } route-to ($int_if_1 $int_gw_1)

# let traffic in!
#pass in quick on $int_if_1 from { $INT_NET, $int_gw_1 } to {\
 #$ext_if_1:network, \
 #$ext_if_2:network, \
 #$ext_if_3:network, \
 #$squid_master_if:network }

pass in quick to {  \
 $ext_if_1:network, \
 $ext_if_2:network, \
 $ext_if_3:network, \
 $squid_master_if:network } label passing in to myself nets

# outbound balancing
pass in quick on $int_if_1 from $int_gw_1 route-to \
{ \
  ($ext_if_1 $ext_gw_1) weight 1, \
  ($ext_if_2 $ext_gw_2) weight 10 \
} least-states label outbound balancing NATed
pass in quick on $int_if_1 from $INT_NET route-to \
{ \
  ($ext_if_1 $ext_gw_1) weight 10, \
  ($ext_if_2 $ext_gw_2) weight 1 \
} least-states label outbound balancing all but NATed

#pass in quick on $int_if_1 from $int_gw_1 route-to ($ext_if_2 $ext_gw_2) \
# label outbinding NATed to the best link

# symetric routing? may be not... ask someone else
pass out on $ext_if_1 from $ext_if_2 route-to ($ext_if_2 $ext_gw_2)
pass out on $ext_if_1 from $ext_if_3 route-to ($ext_if_3 $ext_gw_3)
pass out on $ext_if_2 from $ext_if_1 route-to ($ext_if_1 $ext_gw_1)
pass out on $ext_if_2 from $ext_if_3 route-to ($ext_if_3 $ext_gw_3)
pass out on $ext_if_3 from $ext_if_1 route-to ($ext_if_1 $ext_gw_1)
pass out on $ext_if_3 from $ext_if_2 route-to ($ext_if_2 $ext_gw_2)

Re: Working on suspend/resume

[Jean Lucas]

Theo,

Thanks for the info, very much appreciated!

Theo de Raadt dera...@cvs.openbsd.org wrote:

 How does one begin diagnosing sleep/suspend for a particular machine? In 
 this case, a Lenovo Yoga 13. The ACPI states are frozen (frozen battery 
 meter and lying reports about my AC adapter being plugged  in when it's 
 not). If someone could help me add signals for my machine, it'd be 
 easier to work on other problems without restarting all the time and/or 
 shutting down for overheating purposes.

I thikn your laptop is one of those relying on something we still
don't do, which is the processing of acpipwrres _ON and _OFF events.
There is some effort to get that supported.

 Installed FreeBSD to see if suspend/resume worked; telling sysctl that 
 the lid switch state is S3 worked, and successfully suspended. Resuming 
 was an entirely different issue. Adding the reset video parameter, 
 however, booted me into my first operating system on resume. Weird.
 
 hw.acpi.lid_switch_state=s3
 hw.acpi.reset_video=1
 
 (http://forums.freebsd.org/showthread.php?t=6942)

Discussing freebsd to us doesn't make you any real friends.  Anyways,
their suspend/resume isn't even something they try hard at.  They have
simply failed to put as much effort into suspend/resume.

We've put thousands of manhours in, and it's pretty good, except for
corner case laptops which require some rarely used part of the
specification..

Look for commits in the next few months that talk about power management
resources.

Re: boot panic: aml_die aml_store:2690

[Kyle Milz]

On Tue, May 28, 2013 at 03:35:42PM +, Heptas Torres wrote:
 I am trying to install OBSD on an ASUS netbook but the system panics
 at boot. I am thrown in ddb and with show panic I get aml_die
 aml_store:2690.
 As I haven't figured out a way to get the dmesg out, I took the
 attached pictures with the dmesg, trace and ps.
 Is this a bug or problems with unsupported hardware?
 thanks
 -h

Asus UX31E netbook here, a recent dsdt.c patch fixed a panic on boot for
me, maybe try using a -current snapshot.

Re: boot panic: aml_die aml_store:2690

[Heptas Torres]

On 5/29/13, Kyle Milz k...@getaddrinfo.net wrote:
 On Tue, May 28, 2013 at 03:35:42PM +, Heptas Torres wrote:
 I am trying to install OBSD on an ASUS netbook but the system panics
 at boot. I am thrown in ddb and with show panic I get aml_die
 aml_store:2690.
 As I haven't figured out a way to get the dmesg out, I took the
 attached pictures with the dmesg, trace and ps.
 Is this a bug or problems with unsupported hardware?
 thanks
 -h

 Asus UX31E netbook here, a recent dsdt.c patch fixed a panic on boot for
 me, maybe try using a -current snapshot.

Thanks for the reply - I am running the -current snapshot from May 27
(1-2 days old) so I assume this is pretty recent. Tried first with the
release version but was the same problem. Do you get the same panic or
something else?
-h

Re: Problem with a startup script

[C. L. Martinez]

On Tue, May 21, 2013 at 6:27 PM, russell russ...@dotplan.dyndns.org wrote:
 Because pexp uses pkill to do its work and pkill matches on command name
 only(like ps -c).


 sorry for the noise I just revisited this and I am wrong.
 the pkill bits in rc.subr are using pkill -f
 and that does match agianst the full arg list.

 as said before make a better pexp and it should work.



Buf .. I have tried to insert in this rc.d script these options:

rc_read_runfile=NO
rc_reload=NO
rc_usercheck=NO
rc_check=NO

and I have added a rc_stop option to send kill command to the process
... but nothing works ...

Any other idea??