Re: autoselect wireless network at boottime

[Martijn van Duren]

Hello misc,

I don't know if anyone used my previous patch, if there's even any 
interest for it or if there are any plans on for another aproach, but 
today I found a minor bug where nwid's with spaces resulted in errors in 
the script because of a changed IFS. So here's an updated diff.


Furthermore a quick overview in the concept:
Use ifscandir to make sure netstart without arguements wont rescan an 
interface multiple times.

Don't use sed and grep because /usr might not be mounted yet.

To make it work /etc/hostname.$if must not exist or be a symlink and 
/etc/hostname.$nwid.$if should exist.


Index: netstart
===
RCS file: /cvs/src/etc/netstart,v
retrieving revision 1.139
diff -u -p -u -r1.139 netstart
--- netstart22 Aug 2013 07:53:11 -  1.139
+++ netstart17 Mar 2014 09:34:16 -
@@ -12,6 +12,8 @@ stripcom() {
done$1
 }

+ifscandir=`mktemp -d`
+
 # Start the $1 interface
 ifstart() {
if=$1
@@ -20,6 +22,46 @@ ifstart() {
[[ $if != +([[:alpha:]])+([[:digit:]]) ]]  return

file=/etc/hostname.$if
+
+   # Check for ifconfig'able interface.
+   (ifconfig $if || ifconfig $if create) /dev/null 21 || return
+
+   # Test if we already configured the interface
+   test -f $ifscandir/$if.scan  return
+   touch $ifscandir/$if.scan
+
+   if [ -h $file ]; then
+   rm -f $file
+   fi
+   if ! [ -f $file ]; then
+   ifconfig $if scan  $ifscandir/$if.scan
+   IFS_OLD=$IFS
+   IFS='
+'
+   # Test if any of the nwids has a config file
+   while read line; do
+   line=$line nwid 
+   line=${line#*nwid }
+   test -z $line  continue;
+
+   if [[ $line = \* ]]; then
+   IFS=''
+   set -A scan -- $line
+   nwid=${scan[1]}
+   else
+   IFS=' '
+   set -A scan -- $line
+   nwid=${scan[0]}
+   fi
+
+   if [ -f /etc/hostname.$nwid.$if ]; then
+   ln -s /etc/hostname.$nwid.$if $file
+   break
+   fi
+   done  $ifscandir/$if.scan
+   IFS=$IFS_OLD
+   fi
+
if ! [ -f $file ]; then
echo netstart: $file: No such file or directory
return
@@ -31,8 +73,6 @@ ifstart() {
chmod -LR o-rwx $file
chown -LR root.wheel $file
fi
-   # Check for ifconfig'able interface.
-   (ifconfig $if || ifconfig $if create) /dev/null 21 || return

# Now parse the hostname.* file
while :; do
@@ -131,6 +171,8 @@ ifmstart() {
for hn in /etc/hostname.*; do
# Strip off /etc/hostname. prefix
if=${hn#/etc/hostname.}
+   # Strip off potential nwid information
+   if=${if##*.}
test $if = *  continue

# Skip unwanted ifs
@@ -146,6 +188,7 @@ ifmstart() {
 ifstart $if
done
done
+   rm -rf $ifscandir
 }

 # Re-read /etc/rc.conf
@@ -161,6 +204,7 @@ if [ $# -gt 0 ]; then
ifstart $1
shift
done
+   rm -rf $ifscandir
return
 fi

Re: current/macppc on a Powerbook6,1

[Martin Pieuchot]

On 15/03/14(Sat) 14:07, Jan Stary wrote:
 This is an old 12 Powerbook G4 hw.model=7455 (Revision 0x303)
 with a freshly installed current/macppc. See full dmesg below.
 
 I can't switch consoles with ctrl+alt+Fx - is that expected?
 Or is there another way to do that on a Powerbook?

It should work if you don't need to press Fn to generate a Fx
keycode, otherwise it should be ctrl+alt+Fn+Fx.

 X doesn't work (NVIDIA GeForce4 440).
 I got the machine for peanuts so didn't bother checking
 http://marc.info/?l=openbsd-ppcm=136178209416987w=2
 Trying `startx' without any configuration segfaults like this:

This is strange; I have a similar machine here with a similar nvidia
card, could you send me the output of eeprom -p for your machine?

M.

raid

[Friedrich Locke]

Good afternoon folks.

I wonder if OBSD supports DELL RAID controller like H710/H310/etc.
I am using OBSD 5.4.

[]s gustavo.

Re: current/macppc on a Powerbook6,1

[James Hartley]

Has the information in FAQ7.4 changed?  That indicates that virtual
terminals are only supported on amd64, i386,  Alpha.  Zaurus has limited
support, but with a different keystroke patterns.


On Mon, Mar 17, 2014 at 1:16 PM, Martin Pieuchot mpieuc...@nolizard.orgwrote:

 On 15/03/14(Sat) 14:07, Jan Stary wrote:
  This is an old 12 Powerbook G4 hw.model=7455 (Revision 0x303)
  with a freshly installed current/macppc. See full dmesg below.
 
  I can't switch consoles with ctrl+alt+Fx - is that expected?
  Or is there another way to do that on a Powerbook?

 It should work if you don't need to press Fn to generate a Fx
 keycode, otherwise it should be ctrl+alt+Fn+Fx.

  X doesn't work (NVIDIA GeForce4 440).
  I got the machine for peanuts so didn't bother checking
  http://marc.info/?l=openbsd-ppcm=136178209416987w=2
  Trying `startx' without any configuration segfaults like this:

 This is strange; I have a similar machine here with a similar nvidia
 card, could you send me the output of eeprom -p for your machine?

 M.

Re: OpenBSD email provider

[Jean-Francois Simon]

Hello

Some answers in your mail. Thanks.

Just to mention, I'm looking for a more private ESP. As I know that 
OpenBSD conveys an idea of security, I tend to trust a provider relying 
on this OS.


Regards

Le 17/03/2014 02:51, Jean-Philippe Ouellet a écrit :

On 3/15/14 12:54 PM, Jean-Francois Simon jfsimon1...@gmail.com wrote:

I'm looking for a secure mail provider, i fpossible using OpenBSD,
also wondering if OpenBSD itself provides it for interested people.
If anybody has informations thanks would be interesting to share.

https://github.com/mailserv/mailserv comes to mind, although I've
never tried it or read its source.

I think a better question might be what qualities you're actually
looking for in your mail provider as your question seems to
indicate a misguided approach towards some notion of secure email.
I'm also using own server today, essentially, I have'nt check deeply, 
but seems gmail does use automated bots who check the mail content for 
purpose I don't know about.

As far as I'm concerned, the only difference between 3rd party email
services is reliability. I wouldn't trust any of them anyway.

I see you have a pgp key on the keyservers, but it seems somewhat
neglected since all your sigs have expired and dsa/elgamal (especially
with 1024 bit keys) hasn't been recommended for quite some time. I
think revisiting that would be a more productive use of your time
than abandoning your gmail account.

Indeed, I'm not using the keys anymore. They're not updated.

Although, don't read the above as pgp solves your problems, you
haven't explained your problems, and pgp has its issues too, some of
which are unavoidable because of problems inherent to email to begin
with.

If what you're after is something more along the lines of private
communication, I'd say email probably isn't what you're looking
for to begin with. Maybe something more like OTR [1], or pond once
it gets reviewed more.

Not so much private as hidden but as private.

[1] https://otr.cypherpunks.ca/
[2] https://github.com/agl/pond

If you want absolute privacy, don't use computers.
If you want to get things done, keep your gmail.
If you want to read documentation, become your own mail provider
using OpenBSD.
No I don't need absolute privacy about this topic, I mean that needs 
encryption etc ...
Yes I want things done, I keep the gmail account, yet I'm interested in 
a more private solution where I can be absolutely sure that privacy is 
totally respected.
I have tried some time ago third solution, however I think since I have 
a local dynamic IP, I got soon identified as spam mail server and mails 
would'nt reach their destination.

Re: OpenBSD email provider

[Daniel Ouellet]

 [1] https://otr.cypherpunks.ca/
 [2] https://github.com/agl/pond

 If you want absolute privacy, don't use computers.
 If you want to get things done, keep your gmail.
 If you want to read documentation, become your own mail provider
 using OpenBSD.
 No I don't need absolute privacy about this topic, I mean that needs
 encryption etc ...
 Yes I want things done, I keep the gmail account, yet I'm interested in
 a more private solution where I can be absolutely sure that privacy is
 totally respected.
 I have tried some time ago third solution, however I think since I have
 a local dynamic IP, I got soon identified as spam mail server and mails
 would'nt reach their destination.

So, you know you still can run your own mail server, encrypted your
email if that's what you want and still relay via your gmail as well.

There is nothing wrong to run your mail server, but instead of relay
from it, you can relay from it to your ISP, or to GMail as well so your
point of a local dynamic IP, I got soon identified as spam mail server
and mails would'nt reach their destination wouldn't apply.

If that's what you want, this doesn't stop you from doing exactly what
you say you want to do.

Having you authenticate to GMail to send out or your server authenticate
on your behalf to GMail is not different.

You may want to check it out if that's what you want and you would have
what you say you want.

Best regards,

Daniel

Re: current/macppc on a Powerbook6,1

[Jan Stary]

On Mar 17 19:16:09, mpieuc...@nolizard.org wrote:
  X doesn't work (NVIDIA GeForce4 440).
  I got the machine for peanuts so didn't bother checking
  http://marc.info/?l=openbsd-ppcm=136178209416987w=2
  Trying `startx' without any configuration segfaults like this:
 
 This is strange; I have a similar machine here with a similar nvidia
 card, could you send me the output of eeprom -p for your machine?

http://stare.cz/dmesg/powerbook6,1-eeprom
Thanks for looking into this.

Jan

Randall strikes again!

[Rod Whitworth]

 http://xkcd.com/1343/

NB xkcd newbies: There is a message that pops up if you place the mouse
pointer inside the frame.

Enjoy!


*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: unreliable connections

[Chris Smith]

I think the source of this reported problem has been found, and
happily fixed (the preliminary results are promising).

Basically I needed to find some way to get the backups to complete
reliably so I started a 20 count ping job a minute before the rsync
job (actually an rsnapshot job which connected twice) which did allow
the backup both backup connections to work (where previously just the
second one connected reliably). In checking the logs for the backup
status, the stats from the ping job were also there and these logs
showed some dup ping packets on a fairly regular basis as well as some
non-answers. As I was then able to get the same inconsistent ping
results from the gateway itself (the inside address of the cable
modem) I asked the ISP (Comcast) to replace the cable modem. They were
fine with that suggestion and the replacement went in today, and I am
so far not able to reproduce the inconsistent ping results to any of
the /29 address, including the gateway. I'll know for sure once I stop
the ping job and the backups still run reliably.

Thanks to all,

Chris

Re: OpenBSD email provider

[Zé Loff]

On 17/03/2014, at 20:21, Daniel Ouellet dan...@presscom.net wrote:

 [1] https://otr.cypherpunks.ca/
 [2] https://github.com/agl/pond
 
 If you want absolute privacy, don't use computers.
 If you want to get things done, keep your gmail.
 If you want to read documentation, become your own mail provider
 using OpenBSD.
 No I don't need absolute privacy about this topic, I mean that needs
 encryption etc ...
 Yes I want things done, I keep the gmail account, yet I'm interested in
 a more private solution where I can be absolutely sure that privacy is
 totally respected.
 I have tried some time ago third solution, however I think since I have
 a local dynamic IP, I got soon identified as spam mail server and mails
 would'nt reach their destination.
 
 So, you know you still can run your own mail server, encrypted your
 email if that's what you want and still relay via your gmail as well.
 
 There is nothing wrong to run your mail server, but instead of relay
 from it, you can relay from it to your ISP, or to GMail as well so your
 point of a local dynamic IP, I got soon identified as spam mail server
 and mails would'nt reach their destination wouldn't apply.
 
 If that's what you want, this doesn't stop you from doing exactly what
 you say you want to do.
 
 Having you authenticate to GMail to send out or your server authenticate
 on your behalf to GMail is not different.
 
 You may want to check it out if that's what you want and you would have
 what you say you want.
 
 Best regards,
 
 Daniel

The last time I checked (and it was a long time ago), GMail rewrote either the 
sender or the reply-to address with the one you use to authenticate the 
connection. Again, it might not be true now, but it has happened to me in the 
past.

Re: OpenBSD email provider

[Jean-Philippe Ouellet]

On 3/17/14 3:25 PM, Jean-Francois Simon wrote:
 Just to mention, I'm looking for a more private ESP. As I know that
 OpenBSD conveys an idea of security, I tend to trust a provider
 relying on this OS.

Not necessarily a safe assumption.

 I'm also using own server today, essentially, I have'nt check deeply,
 but seems gmail does use automated bots who check the mail content for
 purpose I don't know about.

That will continue to happen, whether in your mailbox, or the mailboxes
of the people you are communicating with.

 No I don't need absolute privacy about this topic, I mean that needs
 encryption etc ...
 Yes I want things done, I keep the gmail account, yet I'm interested
 in a more private solution where I can be absolutely sure that
 privacy is totally respected.

I don't see a way to interpret that statement such that it doesn't
contradict itself. Do you want privacy? or not...

Sounds like maybe you want privacy by entrusting all your data
to others that you can't even audit, all without any crypto???
Yeah... good luck with that :P

Also, absolutely sure privacy is totally respected???
Let me know when you find a jurisdiction in which you can reasonably
expect that to even be possible to begin with. Absolute and totally
are pretty strong words, especially in this era of mass-infrastructure-
sabotage and involuntary key disclosure, not to mention the difficulties
of implementing a reasonably secure system to begin with.

obsd pf

[Friedrich Locke]

Hi folks.

I am studying obsd pf and saw there are no more nat rules and rdr rules the
old way.

Now it is nat-to and rdr-to. What is the motivation for match rule ?
Time ago, the last match for a filter rule was the winner, for the nat and
rdr the first match is the winner.

And now, what is it the policy ?

Thanks once more.

[] Fried

CDs, T shirts and other goodies at BSDCan

[marst]

I asked the following on OpenBSD G+ but I suppose it is more appropriate to
ask here...

Having never been to BSDCan before, I am wondering if CDs will be available
for sale during the event. Assuming 5.5 is out at the time. And also other
goodies like T shirt...

Mario

Re: CDs, T shirts and other goodies at BSDCan

[Adam Thompson]

On March 17, 2014 7:54:19 PM CDT, marst mario@videotron.ca wrote:
I asked the following on OpenBSD G+ but I suppose it is more
appropriate to
ask here...

Having never been to BSDCan before, I am wondering if CDs will be
available
for sale during the event. Assuming 5.5 is out at the time. And also
other
goodies like T shirt...

Mario

Historically, no.  However, there's a substantial OpenBSD presence this year... 
Which still won't mean much, in all likelihood, unless someone volunteers to 
man a table and sell them.  Not me, I'll be too busy listening to the talks!
-Adam

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: obsd pf

[Josh Grosse]

On Mon, Mar 17, 2014 at 09:53:43PM -0300, Friedrich Locke wrote:
 Hi folks.
 
 I am studying obsd pf and saw there are no more nat rules and rdr rules the
 old way.

Yes, this changed with OpenBSD 4.7, in 2010.  The change is documented
in the 4.7 Upgrade Guide:  http://www.openbsd.org/faq/upgrade47.html

This will help you understand how to migrate your older systems to 2010 and
later implementations of PF.
 
 Now it is nat-to and rdr-to. What is the motivation for match rule ?

This allows global options to be set.  From pf.conf(5):

 match
   The packet is matched.  This mechanism is used to provide fine
   grained filtering without altering the block/pass state of a
   packet.  match rules differ from block and pass rules in that
   parameters are set every time a packet matches the rule, not only
   on the last matching rule.  For the following parameters, this
   means that the parameter effectively becomes ``sticky'' until
   explicitly overridden: nat-to, binat-to, rdr-to, queue, rtable, and
   scrub.

Re: obsd pf

[Stuart Henderson]

On 2014-03-18, Friedrich Locke friedrich.lo...@gmail.com wrote:
 Hi folks.

 I am studying obsd pf and saw there are no more nat rules and rdr rules the
 old way.

old - note that this is something from nearly 5 years ago.
See http://marc.info/?l=openbsd-miscm=125181847818600w=2 for a
quick introduction. I'm sure it has been covered in some of
Henning's presentations as well.

 Now it is nat-to and rdr-to. What is the motivation for match rule ?
 Time ago, the last match for a filter rule was the winner, for the nat and
 rdr the first match is the winner.

 And now, what is it the policy ?

 Thanks once more.

 [] Fried

The policy is as document in pf.conf(5).

The ruleset is now traversed in order, changes made in match rules
are sticky and affect rules lower down in the ruleset. More
predictable, no more oh this 'nat pass' rule which you included
halfway down the ruleset actually takes effect before the
'block quick' rule right at the top... so besides allowing for
cleaner rulesets, you could say it's a security fix too.

Re: raid

[Stuart Henderson]

On 2014-03-17, Friedrich Locke friedrich.lo...@gmail.com wrote:
 Good afternoon folks.

 I wonder if OBSD supports DELL RAID controller like H710/H310/etc.
 I am using OBSD 5.4.

 []s gustavo.



SAS5/PERC5/SAS6/PERC6/H200/H310/H700/H800/H710P: yes.

S100/S300 winraid: no.

Re: ffs2

[Stuart Henderson]

On 2014-03-17, Nick Holland n...@holland-consulting.net wrote:
 (Exception: when you make a partition small enough to be ffs, but plan
 to growfs it later to a bigger size -- growfs works on ffs and ffs2, but
 doesn't convert from one to the other.  Oh poo.  Just realized I forgot
 to do this recently... )

But you have another similar system in a carp cluster so you can
rebuild without downtime, right? :)

Re: ffs2

[Nick Holland]

On 03/17/14 21:24, Stuart Henderson wrote:
 On 2014-03-17, Nick Holland n...@holland-consulting.net wrote:
 (Exception: when you make a partition small enough to be ffs, but plan
 to growfs it later to a bigger size -- growfs works on ffs and ffs2, but
 doesn't convert from one to the other.  Oh poo.  Just realized I forgot
 to do this recently... )
 
 But you have another similar system in a carp cluster so you can
 rebuild without downtime, right? :)

Actually, yes. ;)

(I was wondering who would figure out what I was refering to...  Stuart
wasn't my first guess, but he was my third. :)

Nick.

Re: OpenBSD email provider

[Daniel Ouellet]

 The last time I checked (and it was a long time ago), GMail rewrote either 
 the sender or the reply-to address with the one you use to authenticate the 
 connection. Again, it might not be true now, but it has happened to me in the 
 past.

Look to me that you should do some research before asking.

simple google search gmail relay email

and second link from the answer.

https://support.google.com/a/answer/2956491?hl=en

Start there and see where you want to go next. But please help yourself.

Hopefully this will help you some.

Best

Daniel

Re: OpenBSD email provider

[Daniel Ouellet]

I think this give you plenty of example to do what you are asking about:

https://www.google.com/search?q=gmail+relay+emailie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-achannel=sb


On 3/17/14, 10:02 PM, Daniel Ouellet wrote:
 The last time I checked (and it was a long time ago), GMail rewrote either 
 the sender or the reply-to address with the one you use to authenticate the 
 connection. Again, it might not be true now, but it has happened to me in 
 the past.
 
 Look to me that you should do some research before asking.
 
 simple google search gmail relay email
 
 and second link from the answer.
 
 https://support.google.com/a/answer/2956491?hl=en
 
 Start there and see where you want to go next. But please help yourself.
 
 Hopefully this will help you some.
 
 Best
 
 Daniel

Re: ffs2

[Adam Thompson]

OK, obviously I missed something.  How do you resize ffs filesystems without a 
dump/restore step?
-Adam

On March 17, 2014 8:40:34 PM CDT, Nick Holland n...@holland-consulting.net 
wrote:
On 03/17/14 21:24, Stuart Henderson wrote:
 On 2014-03-17, Nick Holland n...@holland-consulting.net wrote:
 (Exception: when you make a partition small enough to be ffs, but
plan
 to growfs it later to a bigger size -- growfs works on ffs and ffs2,
but
 doesn't convert from one to the other.  Oh poo.  Just realized I
forgot
 to do this recently... )
 
 But you have another similar system in a carp cluster so you can
 rebuild without downtime, right? :)

Actually, yes. ;)

(I was wondering who would figure out what I was refering to...  Stuart
wasn't my first guess, but he was my third. :)

Nick.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: ffs2

[Jean-Philippe Ouellet]

On 3/17/14 10:19 PM, Adam Thompson wrote:
 OK, obviously I missed something.  How do you resize ffs filesystems without 
 a dump/restore step?
 -Adam

http://www.openbsd.org/cgi-bin/man.cgi?query=growfs

Re: ffs2

[Nick Holland]

On 03/17/14 22:19, Adam Thompson wrote:
 OK, obviously I missed something.  How do you resize ffs filesystems without 
 a dump/restore step?
 -Adam

man growfs

short version:
 * check your backup.
 * dismount partition in question
 * enlarge the disklabel partition by changing the endpoint
 * run growfs on that partition
 * fsck
 * mount
 * grin.

It is really easy, very fast.

It isn't a fancy volume management system, but if you design and plan
your systems right, it is more than you probably need.  You can only
enlarge partitions, and only by changing the endpoint.  I firmly believe
that most uses of volume managers is more an excuse to poorly design
systems from the beginning and hide the foolishness later, and pat
yourself on the back for having something else to put on your resume.

Of course, if you have two machines which hold the same data on them in
a CARP pair (as I do), you just rebuild the second (standby) one the way
you want it, copy your data back to it, promote it to master, and do the
same for the other machine.

Nick.

 On March 17, 2014 8:40:34 PM CDT, Nick Holland n...@holland-consulting.net 
 wrote:
On 03/17/14 21:24, Stuart Henderson wrote:
 On 2014-03-17, Nick Holland n...@holland-consulting.net wrote:
 (Exception: when you make a partition small enough to be ffs, but
plan
 to growfs it later to a bigger size -- growfs works on ffs and ffs2,
but
 doesn't convert from one to the other.  Oh poo.  Just realized I
forgot
 to do this recently... )
 
 But you have another similar system in a carp cluster so you can
 rebuild without downtime, right? :)

Actually, yes. ;)

(I was wondering who would figure out what I was refering to...  Stuart
wasn't my first guess, but he was my third. :)

Nick.