Re: autoselect wireless network at boottime
Hello misc, I don't know if anyone used my previous patch, if there's even any interest for it or if there are any plans on for another aproach, but today I found a minor bug where nwid's with spaces resulted in errors in the script because of a changed IFS. So here's an updated diff. Furthermore a quick overview in the concept: Use ifscandir to make sure netstart without arguements wont rescan an interface multiple times. Don't use sed and grep because /usr might not be mounted yet. To make it work /etc/hostname.$if must not exist or be a symlink and /etc/hostname.$nwid.$if should exist. Index: netstart === RCS file: /cvs/src/etc/netstart,v retrieving revision 1.139 diff -u -p -u -r1.139 netstart --- netstart22 Aug 2013 07:53:11 - 1.139 +++ netstart17 Mar 2014 09:34:16 - @@ -12,6 +12,8 @@ stripcom() { done$1 } +ifscandir=`mktemp -d` + # Start the $1 interface ifstart() { if=$1 @@ -20,6 +22,46 @@ ifstart() { [[ $if != +([[:alpha:]])+([[:digit:]]) ]] return file=/etc/hostname.$if + + # Check for ifconfig'able interface. + (ifconfig $if || ifconfig $if create) /dev/null 21 || return + + # Test if we already configured the interface + test -f $ifscandir/$if.scan return + touch $ifscandir/$if.scan + + if [ -h $file ]; then + rm -f $file + fi + if ! [ -f $file ]; then + ifconfig $if scan $ifscandir/$if.scan + IFS_OLD=$IFS + IFS=' +' + # Test if any of the nwids has a config file + while read line; do + line=$line nwid + line=${line#*nwid } + test -z $line continue; + + if [[ $line = \* ]]; then + IFS='' + set -A scan -- $line + nwid=${scan[1]} + else + IFS=' ' + set -A scan -- $line + nwid=${scan[0]} + fi + + if [ -f /etc/hostname.$nwid.$if ]; then + ln -s /etc/hostname.$nwid.$if $file + break + fi + done $ifscandir/$if.scan + IFS=$IFS_OLD + fi + if ! [ -f $file ]; then echo netstart: $file: No such file or directory return @@ -31,8 +73,6 @@ ifstart() { chmod -LR o-rwx $file chown -LR root.wheel $file fi - # Check for ifconfig'able interface. - (ifconfig $if || ifconfig $if create) /dev/null 21 || return # Now parse the hostname.* file while :; do @@ -131,6 +171,8 @@ ifmstart() { for hn in /etc/hostname.*; do # Strip off /etc/hostname. prefix if=${hn#/etc/hostname.} + # Strip off potential nwid information + if=${if##*.} test $if = * continue # Skip unwanted ifs @@ -146,6 +188,7 @@ ifmstart() { ifstart $if done done + rm -rf $ifscandir } # Re-read /etc/rc.conf @@ -161,6 +204,7 @@ if [ $# -gt 0 ]; then ifstart $1 shift done + rm -rf $ifscandir return fi
Re: current/macppc on a Powerbook6,1
On 15/03/14(Sat) 14:07, Jan Stary wrote: This is an old 12 Powerbook G4 hw.model=7455 (Revision 0x303) with a freshly installed current/macppc. See full dmesg below. I can't switch consoles with ctrl+alt+Fx - is that expected? Or is there another way to do that on a Powerbook? It should work if you don't need to press Fn to generate a Fx keycode, otherwise it should be ctrl+alt+Fn+Fx. X doesn't work (NVIDIA GeForce4 440). I got the machine for peanuts so didn't bother checking http://marc.info/?l=openbsd-ppcm=136178209416987w=2 Trying `startx' without any configuration segfaults like this: This is strange; I have a similar machine here with a similar nvidia card, could you send me the output of eeprom -p for your machine? M.
raid
Good afternoon folks. I wonder if OBSD supports DELL RAID controller like H710/H310/etc. I am using OBSD 5.4. []s gustavo.
Re: current/macppc on a Powerbook6,1
Has the information in FAQ7.4 changed? That indicates that virtual terminals are only supported on amd64, i386, Alpha. Zaurus has limited support, but with a different keystroke patterns. On Mon, Mar 17, 2014 at 1:16 PM, Martin Pieuchot mpieuc...@nolizard.orgwrote: On 15/03/14(Sat) 14:07, Jan Stary wrote: This is an old 12 Powerbook G4 hw.model=7455 (Revision 0x303) with a freshly installed current/macppc. See full dmesg below. I can't switch consoles with ctrl+alt+Fx - is that expected? Or is there another way to do that on a Powerbook? It should work if you don't need to press Fn to generate a Fx keycode, otherwise it should be ctrl+alt+Fn+Fx. X doesn't work (NVIDIA GeForce4 440). I got the machine for peanuts so didn't bother checking http://marc.info/?l=openbsd-ppcm=136178209416987w=2 Trying `startx' without any configuration segfaults like this: This is strange; I have a similar machine here with a similar nvidia card, could you send me the output of eeprom -p for your machine? M.
Re: OpenBSD email provider
Hello Some answers in your mail. Thanks. Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. Regards Le 17/03/2014 02:51, Jean-Philippe Ouellet a écrit : On 3/15/14 12:54 PM, Jean-Francois Simon jfsimon1...@gmail.com wrote: I'm looking for a secure mail provider, i fpossible using OpenBSD, also wondering if OpenBSD itself provides it for interested people. If anybody has informations thanks would be interesting to share. https://github.com/mailserv/mailserv comes to mind, although I've never tried it or read its source. I think a better question might be what qualities you're actually looking for in your mail provider as your question seems to indicate a misguided approach towards some notion of secure email. I'm also using own server today, essentially, I have'nt check deeply, but seems gmail does use automated bots who check the mail content for purpose I don't know about. As far as I'm concerned, the only difference between 3rd party email services is reliability. I wouldn't trust any of them anyway. I see you have a pgp key on the keyservers, but it seems somewhat neglected since all your sigs have expired and dsa/elgamal (especially with 1024 bit keys) hasn't been recommended for quite some time. I think revisiting that would be a more productive use of your time than abandoning your gmail account. Indeed, I'm not using the keys anymore. They're not updated. Although, don't read the above as pgp solves your problems, you haven't explained your problems, and pgp has its issues too, some of which are unavoidable because of problems inherent to email to begin with. If what you're after is something more along the lines of private communication, I'd say email probably isn't what you're looking for to begin with. Maybe something more like OTR [1], or pond once it gets reviewed more. Not so much private as hidden but as private. [1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination.
Re: OpenBSD email provider
[1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination. So, you know you still can run your own mail server, encrypted your email if that's what you want and still relay via your gmail as well. There is nothing wrong to run your mail server, but instead of relay from it, you can relay from it to your ISP, or to GMail as well so your point of a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination wouldn't apply. If that's what you want, this doesn't stop you from doing exactly what you say you want to do. Having you authenticate to GMail to send out or your server authenticate on your behalf to GMail is not different. You may want to check it out if that's what you want and you would have what you say you want. Best regards, Daniel
Re: current/macppc on a Powerbook6,1
On Mar 17 19:16:09, mpieuc...@nolizard.org wrote: X doesn't work (NVIDIA GeForce4 440). I got the machine for peanuts so didn't bother checking http://marc.info/?l=openbsd-ppcm=136178209416987w=2 Trying `startx' without any configuration segfaults like this: This is strange; I have a similar machine here with a similar nvidia card, could you send me the output of eeprom -p for your machine? http://stare.cz/dmesg/powerbook6,1-eeprom Thanks for looking into this. Jan
Randall strikes again!
http://xkcd.com/1343/ NB xkcd newbies: There is a message that pops up if you place the mouse pointer inside the frame. Enjoy! *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: unreliable connections
I think the source of this reported problem has been found, and happily fixed (the preliminary results are promising). Basically I needed to find some way to get the backups to complete reliably so I started a 20 count ping job a minute before the rsync job (actually an rsnapshot job which connected twice) which did allow the backup both backup connections to work (where previously just the second one connected reliably). In checking the logs for the backup status, the stats from the ping job were also there and these logs showed some dup ping packets on a fairly regular basis as well as some non-answers. As I was then able to get the same inconsistent ping results from the gateway itself (the inside address of the cable modem) I asked the ISP (Comcast) to replace the cable modem. They were fine with that suggestion and the replacement went in today, and I am so far not able to reproduce the inconsistent ping results to any of the /29 address, including the gateway. I'll know for sure once I stop the ping job and the backups still run reliably. Thanks to all, Chris
Re: OpenBSD email provider
On 17/03/2014, at 20:21, Daniel Ouellet dan...@presscom.net wrote: [1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I have tried some time ago third solution, however I think since I have a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination. So, you know you still can run your own mail server, encrypted your email if that's what you want and still relay via your gmail as well. There is nothing wrong to run your mail server, but instead of relay from it, you can relay from it to your ISP, or to GMail as well so your point of a local dynamic IP, I got soon identified as spam mail server and mails would'nt reach their destination wouldn't apply. If that's what you want, this doesn't stop you from doing exactly what you say you want to do. Having you authenticate to GMail to send out or your server authenticate on your behalf to GMail is not different. You may want to check it out if that's what you want and you would have what you say you want. Best regards, Daniel The last time I checked (and it was a long time ago), GMail rewrote either the sender or the reply-to address with the one you use to authenticate the connection. Again, it might not be true now, but it has happened to me in the past.
Re: OpenBSD email provider
On 3/17/14 3:25 PM, Jean-Francois Simon wrote: Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. Not necessarily a safe assumption. I'm also using own server today, essentially, I have'nt check deeply, but seems gmail does use automated bots who check the mail content for purpose I don't know about. That will continue to happen, whether in your mailbox, or the mailboxes of the people you are communicating with. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I don't see a way to interpret that statement such that it doesn't contradict itself. Do you want privacy? or not... Sounds like maybe you want privacy by entrusting all your data to others that you can't even audit, all without any crypto??? Yeah... good luck with that :P Also, absolutely sure privacy is totally respected??? Let me know when you find a jurisdiction in which you can reasonably expect that to even be possible to begin with. Absolute and totally are pretty strong words, especially in this era of mass-infrastructure- sabotage and involuntary key disclosure, not to mention the difficulties of implementing a reasonably secure system to begin with.
obsd pf
Hi folks. I am studying obsd pf and saw there are no more nat rules and rdr rules the old way. Now it is nat-to and rdr-to. What is the motivation for match rule ? Time ago, the last match for a filter rule was the winner, for the nat and rdr the first match is the winner. And now, what is it the policy ? Thanks once more. [] Fried
CDs, T shirts and other goodies at BSDCan
I asked the following on OpenBSD G+ but I suppose it is more appropriate to ask here... Having never been to BSDCan before, I am wondering if CDs will be available for sale during the event. Assuming 5.5 is out at the time. And also other goodies like T shirt... Mario
Re: CDs, T shirts and other goodies at BSDCan
On March 17, 2014 7:54:19 PM CDT, marst mario@videotron.ca wrote: I asked the following on OpenBSD G+ but I suppose it is more appropriate to ask here... Having never been to BSDCan before, I am wondering if CDs will be available for sale during the event. Assuming 5.5 is out at the time. And also other goodies like T shirt... Mario Historically, no. However, there's a substantial OpenBSD presence this year... Which still won't mean much, in all likelihood, unless someone volunteers to man a table and sell them. Not me, I'll be too busy listening to the talks! -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: obsd pf
On Mon, Mar 17, 2014 at 09:53:43PM -0300, Friedrich Locke wrote: Hi folks. I am studying obsd pf and saw there are no more nat rules and rdr rules the old way. Yes, this changed with OpenBSD 4.7, in 2010. The change is documented in the 4.7 Upgrade Guide: http://www.openbsd.org/faq/upgrade47.html This will help you understand how to migrate your older systems to 2010 and later implementations of PF. Now it is nat-to and rdr-to. What is the motivation for match rule ? This allows global options to be set. From pf.conf(5): match The packet is matched. This mechanism is used to provide fine grained filtering without altering the block/pass state of a packet. match rules differ from block and pass rules in that parameters are set every time a packet matches the rule, not only on the last matching rule. For the following parameters, this means that the parameter effectively becomes ``sticky'' until explicitly overridden: nat-to, binat-to, rdr-to, queue, rtable, and scrub.
Re: obsd pf
On 2014-03-18, Friedrich Locke friedrich.lo...@gmail.com wrote: Hi folks. I am studying obsd pf and saw there are no more nat rules and rdr rules the old way. old - note that this is something from nearly 5 years ago. See http://marc.info/?l=openbsd-miscm=125181847818600w=2 for a quick introduction. I'm sure it has been covered in some of Henning's presentations as well. Now it is nat-to and rdr-to. What is the motivation for match rule ? Time ago, the last match for a filter rule was the winner, for the nat and rdr the first match is the winner. And now, what is it the policy ? Thanks once more. [] Fried The policy is as document in pf.conf(5). The ruleset is now traversed in order, changes made in match rules are sticky and affect rules lower down in the ruleset. More predictable, no more oh this 'nat pass' rule which you included halfway down the ruleset actually takes effect before the 'block quick' rule right at the top... so besides allowing for cleaner rulesets, you could say it's a security fix too.
Re: raid
On 2014-03-17, Friedrich Locke friedrich.lo...@gmail.com wrote: Good afternoon folks. I wonder if OBSD supports DELL RAID controller like H710/H310/etc. I am using OBSD 5.4. []s gustavo. SAS5/PERC5/SAS6/PERC6/H200/H310/H700/H800/H710P: yes. S100/S300 winraid: no.
Re: ffs2
On 2014-03-17, Nick Holland n...@holland-consulting.net wrote: (Exception: when you make a partition small enough to be ffs, but plan to growfs it later to a bigger size -- growfs works on ffs and ffs2, but doesn't convert from one to the other. Oh poo. Just realized I forgot to do this recently... ) But you have another similar system in a carp cluster so you can rebuild without downtime, right? :)
Re: ffs2
On 03/17/14 21:24, Stuart Henderson wrote: On 2014-03-17, Nick Holland n...@holland-consulting.net wrote: (Exception: when you make a partition small enough to be ffs, but plan to growfs it later to a bigger size -- growfs works on ffs and ffs2, but doesn't convert from one to the other. Oh poo. Just realized I forgot to do this recently... ) But you have another similar system in a carp cluster so you can rebuild without downtime, right? :) Actually, yes. ;) (I was wondering who would figure out what I was refering to... Stuart wasn't my first guess, but he was my third. :) Nick.
Re: OpenBSD email provider
The last time I checked (and it was a long time ago), GMail rewrote either the sender or the reply-to address with the one you use to authenticate the connection. Again, it might not be true now, but it has happened to me in the past. Look to me that you should do some research before asking. simple google search gmail relay email and second link from the answer. https://support.google.com/a/answer/2956491?hl=en Start there and see where you want to go next. But please help yourself. Hopefully this will help you some. Best Daniel
Re: OpenBSD email provider
I think this give you plenty of example to do what you are asking about: https://www.google.com/search?q=gmail+relay+emailie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-achannel=sb On 3/17/14, 10:02 PM, Daniel Ouellet wrote: The last time I checked (and it was a long time ago), GMail rewrote either the sender or the reply-to address with the one you use to authenticate the connection. Again, it might not be true now, but it has happened to me in the past. Look to me that you should do some research before asking. simple google search gmail relay email and second link from the answer. https://support.google.com/a/answer/2956491?hl=en Start there and see where you want to go next. But please help yourself. Hopefully this will help you some. Best Daniel
Re: ffs2
OK, obviously I missed something. How do you resize ffs filesystems without a dump/restore step? -Adam On March 17, 2014 8:40:34 PM CDT, Nick Holland n...@holland-consulting.net wrote: On 03/17/14 21:24, Stuart Henderson wrote: On 2014-03-17, Nick Holland n...@holland-consulting.net wrote: (Exception: when you make a partition small enough to be ffs, but plan to growfs it later to a bigger size -- growfs works on ffs and ffs2, but doesn't convert from one to the other. Oh poo. Just realized I forgot to do this recently... ) But you have another similar system in a carp cluster so you can rebuild without downtime, right? :) Actually, yes. ;) (I was wondering who would figure out what I was refering to... Stuart wasn't my first guess, but he was my third. :) Nick. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: ffs2
On 3/17/14 10:19 PM, Adam Thompson wrote: OK, obviously I missed something. How do you resize ffs filesystems without a dump/restore step? -Adam http://www.openbsd.org/cgi-bin/man.cgi?query=growfs
Re: ffs2
On 03/17/14 22:19, Adam Thompson wrote: OK, obviously I missed something. How do you resize ffs filesystems without a dump/restore step? -Adam man growfs short version: * check your backup. * dismount partition in question * enlarge the disklabel partition by changing the endpoint * run growfs on that partition * fsck * mount * grin. It is really easy, very fast. It isn't a fancy volume management system, but if you design and plan your systems right, it is more than you probably need. You can only enlarge partitions, and only by changing the endpoint. I firmly believe that most uses of volume managers is more an excuse to poorly design systems from the beginning and hide the foolishness later, and pat yourself on the back for having something else to put on your resume. Of course, if you have two machines which hold the same data on them in a CARP pair (as I do), you just rebuild the second (standby) one the way you want it, copy your data back to it, promote it to master, and do the same for the other machine. Nick. On March 17, 2014 8:40:34 PM CDT, Nick Holland n...@holland-consulting.net wrote: On 03/17/14 21:24, Stuart Henderson wrote: On 2014-03-17, Nick Holland n...@holland-consulting.net wrote: (Exception: when you make a partition small enough to be ffs, but plan to growfs it later to a bigger size -- growfs works on ffs and ffs2, but doesn't convert from one to the other. Oh poo. Just realized I forgot to do this recently... ) But you have another similar system in a carp cluster so you can rebuild without downtime, right? :) Actually, yes. ;) (I was wondering who would figure out what I was refering to... Stuart wasn't my first guess, but he was my third. :) Nick.