Re: PF rules loading bug on OpenBSD 5.6
Am Mittwoch, den 03.12.2014, 11:08 +0800 schrieb Cosmo Wu: and it parsed correctly using command pfctl -nf /etc/pf.conf.test when I loaded it from the command pfctl -f /etc/pf.conf.test it grumbled: pfctl: DIOCXCOMMIT: Invalid argument Happens usually, if the pf.conf is indeed correct if read on it's own, but something else in the current state of pf leads to a different result of a line than you might expect. In my case, usually flushing the queues before reloading them from pf.conf helps. -dd -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277
Re: ffs and utf8
Dmitrij had some questions about my intent, I'll try to clarify. 2014/12/02 18:57 Joel Rees joel.r...@gmail.com: (apologies for the html.) 2014/12/02 9:52 Dmitrij D. Czarkoff czark...@gmail.com: [ ... and others Snipped context: There was some discussion of what kind of file names should be allowed to be stored. There was something I read as a suggestion for using a normal form based in Unicode as a target for enforced file name conversion. There were some attempts to discuss reasons why file names should not be forceably converted. And then communication seemed to really break down when I tried to present a semi-obvious example of why seemingly innocuous conversions turn out to be not so innocuous after all.] And, since that didn't work, I tried with an example closer to the suggested normal form: Joel Rees said: Now, what would you do with this? ã¸ã§ã¨ã« Why not decompose it to the following? ï½¼ï¾ï½®ï½´ï¾ Which didn't communicate the problem, either. Because it is not what Unicode normalization is. Well, it definitely isn't Unicode normalization. And there is a reason, it isn't, even though there were many who thought the Unicode standard shouldn't include code points for wide form glyphs. Let's try one more. I think you have said enough that I can infer that your preferred normal form is the decomposit form. So, given that your normalization has resulted in a file named ã·ãã§ã¨ã«ã®æ and given the necessity to send it back where it came from, how do you know whether or not it should be restored to ã¸ã§ã¨ã«ã®æ before you send it back? [...] But normalization is a red herring in this context. You may personally have no problems with filename conversions improperly done, but I am not willing to take them lightly where my data is concerned. I may have a NAS device that I'm using for backup without compression/amalgamation (i. e., tar/zip), and If I have a file with a decomposit name backed up on the NAS, I don't want it automatically converted to composit when it is restored, the existence of normal forms notwithstanding. Unix file names can handle UTF-8 encoded Unicode file names without losing data because no conversion is necessary. There may be issues with displaying them, but the file name itself is safe, because '/' is always '/' and '\0' is always '\0'. You can even handle broken UTF-8 and unconverted UTF-16/32 of whatever byte order spit into the file name as a sequence of bytes if and only if you escape NUL, slash, and your escape character properly, restoring the escaped characters when putting the file names on the network. Normalization alone does not know how to restore a potentially normalized name. It needs some sort of flag character that says this name was normalized, and a way to choose between de-normalized forms when more than one denormalized form maps to one particular normal form. The last time I looked, the Unicode standard itself stated that this was the case, and that normalized forms were not recomended for such purposes. The craziness currently infecting the entire industry leaves me with no confidence that such is still the case. I haven't used Apple OSses since around 10.4, but Mac OS X was doing a thing where certain well-known directory names were aliased according to the current locale. For instance, the user's music directory was shown as ãé³æ¥½ã when the locale was set to ja_JP.UTF-8. This is useful to desktop users, but is sometimes confusing when you log in via ssh from a terminal that does not display Japanese and fails to declare itself as such. It's convenient, but even this can cause problems when backing up the entire home or user directory, if the backup software doesn't know to ask for the OS canonical name. Again, apologies for using my (erk) Android device and spitting html at the list. Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.
Re: ffs and utf8
Joel Rees writes: You can even handle broken UTF-8 and unconverted UTF-16/32 of whatever byte order spit into the file name as a sequence of bytes if and only if you escape NUL, slash, and your escape character properly, restoring the escaped characters when putting the file names on the network. This is just asking for security issues. It's the same kind of thinking that caused the designers of Java to allow embedding NUL in strings as 0xc0 0x80, or CESU-8 where you can encode astral characters with surrogate pairs instead of just writing the character directly. The kinds of things that make people think Unicode is complex and prone to security issues, even though neither of them are allowed by the UTF-8 spec! Normalization alone does not know how to restore a potentially normalized name. It needs some sort of flag character that says this name was normalized, and a way to choose between de-normalized forms when more than one denormalized form maps to one particular normal form. Once you start stacking multiple accents this becomes unworkable. I haven't used Apple OSses since around 10.4, but Mac OS X was doing a thing where certain well-known directory names were aliased according to the current locale. For instance, the user's music directory was shown as 「音楽」 when the locale was set to ja_JP.UTF-8. IMO this is totally crazy behavior and unrelated to the Unicode issue. -- Anthony J. Bentley
Re: Squid configuration
echo max_filedescriptors 4096” /etc/squid/squid.conf
On 3 dec 2014, at 04:07, Einfach Jemand rru@gmail.com wrote:
Am 03.12.2014 03:55, schrieb Steve Shockley:
On 12/2/2014 8:49 PM, Einfach Jemand wrote:
Hmm, I checked on one of my boxen and there /etc/passwd has
_squid
^! Note the underline.
as account for this package, so you probably want
According to the package README:
When started by rc.d(8) (i.e. via pkg_scripts in rc.conf.local or from
${RCDIR}/squid start) the appropriately-named login class is used
automatically.
So, the underline shouldn't be necessary.
Yes, I have rechecked and that is correct, no underline/underscore needed.
Directing someone looking for a solution into the wrong direction is no
good, please accept my apologies.
Bye,
rru
KDE4 crashes in 5.6
Hi! I'd like to know if I'm the only one that have experiences crashes with KDE4 under 5.6-release amd64. Often, during the startup or shutdown of KDE4, the bug report window appears saying that Plasma Desktop Shell closed unexpectedly (Executable plasma-desktop, Signal Segmentation fault(11)). Moreover, once every 3-4 times the startup of KDE get stuck after the final big KDE logo appears in the startup page (maybe this is related to the first problem). It happens in both my PCs where I installed KDE. I'd like to know if this happens only to me (to my hardware/software configuration), or is a common and known problem (and if there is any solution). Thanks.
Re: KDE4 crashes in 5.6
It looks like a KDE bug. Exactly the same happens on recent Debian sid, odds are it could be something tied to system tray, i.e. when items in system tray get added/changed. If you wipe .kde/ away the desktop restarts, but it is clearly unacceptable. This bug is still under investigation, dunno if it has been uploaded upstream to KDE developers. Il 03/dic/2014 11:13 Federico Giannici giann...@neomedia.it ha scritto: Hi! I'd like to know if I'm the only one that have experiences crashes with KDE4 under 5.6-release amd64. Often, during the startup or shutdown of KDE4, the bug report window appears saying that Plasma Desktop Shell closed unexpectedly (Executable plasma-desktop, Signal Segmentation fault(11)). Moreover, once every 3-4 times the startup of KDE get stuck after the final big KDE logo appears in the startup page (maybe this is related to the first problem). It happens in both my PCs where I installed KDE. I'd like to know if this happens only to me (to my hardware/software configuration), or is a common and known problem (and if there is any solution). Thanks.
Re: Squid configuration
On Tue, Dec 2, 2014 at 8:49 PM, Einfach Jemand rru@gmail.com wrote:
Hi,
Am 02.12.2014 22:46, schrieb sven falempin:
Hello,
I am more or less forced to test Squid.
OpenBSD test.my.domain 5.6 GENERIC.MP#333 amd64
I have two problems:
WARNING! Your cache is running out of filedescriptors
And probably have to read more about ICAP
suspending ICAP service for too many failures
My question is about the fds,
i tried to add
squid:\
:openfiles-cur=4096:\
:tc=daemon:
into login.conf and did not forget to 'push' it
# cap_mkdb /etc/login.conf
# echo $?
0
Hmm, I checked on one of my boxen and there /etc/passwd has
_squid
^! Note the underline.
as account for this package, so you probably want
_squid:\
:openfiles-cur=4096:\
:tc=daemon:
in /etc/login.conf
It looks like it has no effect. Is this the way to go ? have I to change a
limit somewhere else ?
Best regards,
Sven
HTH
rru
about _ :
$ grep bgpd /etc/passwd /etc/login.conf
/etc/passwd:_bgpd:*:75:75:BGP Daemon:/var/empty:/sbin/nologin
/etc/login.conf:bgpd:\
Other test:
Using ulimit -n 4096
my perl script open 1025 file
# cat /root/fds.pl #!/usr/bin/perl
use warnings;
use strict;
use v5.10;
use POSIX;
use File::Temp qw/tempfile/;
if (defined $ARGV[0] and $ARGV[0] =~ /^\d+$/) {
setuid ($ARGV[0]);
} else {
setuid ( 515 );
}
system('id');
my @fds = ();
while (0xBAD) {
my($fh, $filename) = tempfile();
last unless $fh; #but tempfile croak
push @fds, { fd=$fh,n=$filename};
}
END{
say 'Count:'.($#fds+1);
foreach my $fd (@fds) {
close $fd-{fd};
unlink $fd-{n};
}
}
Re: Squid configuration
On Wed, Dec 3, 2014 at 4:56 AM, mxb m...@alumni.chalmers.se wrote:
echo max_filedescriptors 4096” /etc/squid/squid.conf
Thanks mxb, but squid got that by default , squidclient mgr:cache
answer 4096 to me
On 3 dec 2014, at 04:07, Einfach Jemand rru@gmail.com wrote:
Am 03.12.2014 03:55, schrieb Steve Shockley:
On 12/2/2014 8:49 PM, Einfach Jemand wrote:
Hmm, I checked on one of my boxen and there /etc/passwd has
_squid
^! Note the underline.
as account for this package, so you probably want
According to the package README:
When started by rc.d(8) (i.e. via pkg_scripts in rc.conf.local or from
${RCDIR}/squid start) the appropriately-named login class is used
automatically.
So, the underline shouldn't be necessary.
Yes, I have rechecked and that is correct, no underline/underscore needed.
Directing someone looking for a solution into the wrong direction is no
good, please accept my apologies.
Bye,
rru
--
-
() ascii ribbon campaign - against html e-mail
/\
Re: KDE4 crashes in 5.6
It looks that the problem lays in systray when items get added to it: http://forum.siduction.org/index.php?topic=5203.msg42603#msg42603
USB printer not working with CUPS 2.0.1 (in -current)
Dear @misc reader, my HP Deskjet F4280 USB printer is (again!) not working after CUPS update to v2.0.1 in current. ulpt* is of course disabled, devices' permissions seem ok and the printer is correctly recognized: Console log for poseidon.atlantide.net ugen1 at uhub8 port 4 HP Deskjet F4200 series rev 2.00/1.00 addr 7 just22@poseidon:[~] ls -la /dev/ugen1.* crw-rw 1 _cups _saned 63, 16 Nov 28 22:22 /dev/ugen1.00 crw-rw 1 _cups _saned 63, 17 Nov 28 22:22 /dev/ugen1.01 crw-rw 1 _cups _saned 63, 18 Nov 28 22:22 /dev/ugen1.02 crw-rw 1 _cups _saned 63, 19 Nov 28 22:22 /dev/ugen1.03 crw-rw 1 _cups _saned 63, 20 Nov 28 22:22 /dev/ugen1.04 crw-rw 1 _cups _saned 63, 21 Nov 28 22:22 /dev/ugen1.05 crw-rw 1 _cups _saned 63, 22 Nov 28 22:22 /dev/ugen1.06 crw-rw 1 _cups _saned 63, 23 Nov 28 22:22 /dev/ugen1.07 crw-rw 1 _cups _saned 63, 24 Nov 28 22:22 /dev/ugen1.08 crw-rw 1 _cups _saned 63, 25 Nov 28 22:22 /dev/ugen1.09 crw-rw 1 _cups _saned 63, 26 Nov 28 22:22 /dev/ugen1.10 crw-rw 1 _cups _saned 63, 27 Nov 28 22:22 /dev/ugen1.11 crw-rw 1 _cups _saned 63, 28 Nov 28 22:22 /dev/ugen1.12 crw-rw 1 _cups _saned 63, 29 Nov 28 22:22 /dev/ugen1.13 crw-rw 1 _cups _saned 63, 30 Nov 28 22:22 /dev/ugen1.14 crw-rw 1 _cups _saned 63, 31 Nov 28 22:22 /dev/ugen1.15 just22@poseidon:[~] ls -la /dev/usb* crw-rw 1 root wheel61, 0 Nov 28 22:22 /dev/usb0 crw-rw 1 _cups _saned 61, 1 Nov 28 22:22 /dev/usb1 crw-rw 1 root wheel61, 2 Nov 28 22:22 /dev/usb2 crw-rw 1 root wheel61, 3 Nov 28 22:22 /dev/usb3 crw-rw 1 root wheel61, 4 Nov 28 22:22 /dev/usb4 crw-rw 1 root wheel61, 5 Nov 28 22:22 /dev/usb5 crw-rw 1 root wheel61, 6 Nov 28 22:22 /dev/usb6 crw-rw 1 root wheel61, 7 Nov 28 22:22 /dev/usb7 just22@poseidon:[~] lsusb Bus 000 Device 001: ID 8086: Intel Corp. Bus 001 Device 001: ID 8086: Intel Corp. Bus 001 Device 002: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB Bus 001 Device 003: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB Bus 001 Device 004: ID 03f0:0024 Hewlett-Packard KU-0316 Keyboard Bus 001 Device 005: ID 046d:c050 Logitech, Inc. RX 250 Optical Mouse Bus 001 Device 006: ID 046d:089d Logitech, Inc. QuickCam E2500 series Bus 001 Device 007: ID 03f0:2504 Hewlett-Packard DeskJet F4200 series Bus 002 Device 001: ID 8086: Intel Corp. Bus 003 Device 001: ID 8086: Intel Corp. Bus 004 Device 001: ID 8086: Intel Corp. Bus 004 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver Bus 005 Device 001: ID 8086: Intel Corp. Bus 006 Device 001: ID 8086: Intel Corp. just22@poseidon:[~] sudo /usr/local/libexec/cups/backend/usb DEBUG: Loading USB quirks from /usr/local/share/cups/usb. DEBUG: Loaded 71 quirks. DEBUG: list_devices DEBUG: libusb_get_device_list=14 DEBUG2: Printer found with device ID: MFG:HP;MDL:Deskjet F4200 series;CMD:MLC,PCL,PML,DW-PCL,DESKJET,DYN;1284.4DL:4d,4e,1;CLS:PRINTER;DES:CB656B;SN:CN8C54F12J05BR;S:038000C486001021002c1f0002ac000;J: ;Z:0102,0503b60800,0600,0c0,0e,0f,100202,12000,147,150; Device URI: usb://HP/Deskjet%20F4200%20series?serial=CN8C54F12J05BRinterface=1 direct usb://HP/Deskjet%20F4200%20series?serial=CN8C54F12J05BRinterface=1 HP Deskjet F4200 series HP Deskjet F4200 series MFG:HP;MDL:Deskjet F4200 series;CMD:MLC,PCL,PML,DW-PCL,DESKJET,DYN;1284.4DL:4d,4e,1;CLS:PRINTER;DES:CB656B;SN:CN8C54F12J05BR;S:038000C486001021002c1f0002ac000;J: ;Z:0102,0503b60800,0600,0c0,0e,0f,100202,12000,147,150; Since I was not able to print, I tried to delete and reinstall the printer from the CUPS web interface (and from HPLIP GUI too), but, even if the operation seems to complete flawlessly and the /etc/cups/printer.conf is written correctly, the printer isn't listed among the available devices in CUPS. After enabling Save debugging information for troubleshooting in CUPS, this is the relevant content of /var/log/cups/error_log D [03/Dec/2014:08:57:49 +0100] CUPS-Add-Modify-Printer ipp://localhost/printers/HP_Deskjet_F4280 D [03/Dec/2014:08:57:49 +0100] cupsdIsAuthorized: username= D [03/Dec/2014:08:57:49 +0100] [Client 84] Returning HTTP Unauthorized for CUPS-Add-Modify-Printer (ipp://localhost/printers/HP_Deskjet_F4280) from localhost D [03/Dec/2014:08:57:49 +0100] [Client 84] cupsdSendHeader: code=401, type=text/html, auth_type=1 D [03/Dec/2014:08:57:49 +0100] [Client 84] WWW-Authenticate: Basic realm=CUPS, trc=y D [03/Dec/2014:08:57:49 +0100] [Client 85] Accepted from localhost (Domain) D [03/Dec/2014:08:57:49 +0100] [Client 85] Waiting for request. D [03/Dec/2014:08:57:49 +0100] [Client 86] Accepted from localhost (Domain) D [03/Dec/2014:08:57:49 +0100] [Client 86] Waiting for request. D [03/Dec/2014:08:57:49 +0100] [Client 85] HTTP_STATE_WAITING Closing for error
Re: KDE4 crashes in 5.6
Also, make sure that you have your openfiles (for user) and kern.maxfiles (sysctl) limits bumped. -- Vadim Zhukov 03 дек. 2014 г. 13:14 полÑзоваÑÐµÐ»Ñ Federico Giannici giann...@neomedia.it напиÑал: Hi! I'd like to know if I'm the only one that have experiences crashes with KDE4 under 5.6-release amd64. Often, during the startup or shutdown of KDE4, the bug report window appears saying that Plasma Desktop Shell closed unexpectedly (Executable plasma-desktop, Signal Segmentation fault(11)). Moreover, once every 3-4 times the startup of KDE get stuck after the final big KDE logo appears in the startup page (maybe this is related to the first problem). It happens in both my PCs where I installed KDE. I'd like to know if this happens only to me (to my hardware/software configuration), or is a common and known problem (and if there is any solution). Thanks.
Re: Squid configuration
On Tue, Dec 2, 2014 at 9:55 PM, Steve Shockley
steve.shock...@shockley.net wrote:
On 12/2/2014 8:49 PM, Einfach Jemand wrote:
Hmm, I checked on one of my boxen and there /etc/passwd has
_squid
^! Note the underline.
as account for this package, so you probably want
According to the package README:
When started by rc.d(8) (i.e. via pkg_scripts in rc.conf.local or from
${RCDIR}/squid start) the appropriately-named login class is used
automatically.
So, the underline shouldn't be necessary.
The login would be apply in a rc script ? I looked into that :
is that why the _ goes away ?
_name=$(basename $0)
[.. so name of the rc script is sed to get compiled login.conf info..]
getcap -f /etc/login.conf ${_name} 1/dev/null 21
[ but this only print stuff according to man page ]
There is a rcexec that force the usage of the login class
grep rcexec /etc/rc.d/*
unbound use it, but not squid.
I guess my perl script would have to do a strlimit after dropping
privilege to open 4096 files.
On the other hand, the class is supposed to be in master.passwd or be
to default:
name User's login name.
password User's encrypted password.
uid User's login user ID.
gid User's login group ID.
class User's general classification (see login.conf(5)).
change Password change time.
expire Account expiration time.
gecos General information about the user.
home_dir User's home directory.
shell User's login shell.
_squid:*:515:515:daemon:0:0:Squid Account:
_bgpd:*:75:75::0:0:BGP Daemon:/var/empty:/sbin/nologin
bgpd class is blank, squid is set to daemon.
Is bgpd correctly configured ? is squid using the daemon class ? am I
forced to use BSD::resources to strlimit in the perl script to
validate this ? is getcap doing something else than printing ?
--
-
() ascii ribbon campaign - against html e-mail
/\
Re: KDE4 crashes in 5.6
Of course, I had already done that. Thanks. On 12/03/14 12:58, Vadim Zhukov wrote: Also, make sure that you have your openfiles (for user) and kern.maxfiles (sysctl) limits bumped. -- Vadim Zhukov 03 дек. 2014 г. 13:14 пользователь Federico Giannici giann...@neomedia.it mailto:giann...@neomedia.it написал: Hi! I'd like to know if I'm the only one that have experiences crashes with KDE4 under 5.6-release amd64. Often, during the startup or shutdown of KDE4, the bug report window appears saying that Plasma Desktop Shell closed unexpectedly (Executable plasma-desktop, Signal Segmentation fault(11)). Moreover, once every 3-4 times the startup of KDE get stuck after the final big KDE logo appears in the startup page (maybe this is related to the first problem). It happens in both my PCs where I installed KDE. I'd like to know if this happens only to me (to my hardware/software configuration), or is a common and known problem (and if there is any solution). Thanks.
Re: USB printer not working with CUPS 2.0.1 (in -current)
Alessandro DE LAURENZIS just22@gmail.com writes: Dear @misc reader, my HP Deskjet F4280 USB printer is (again!) not working after CUPS update to v2.0.1 in current. ulpt* is of course disabled, devices' permissions seem ok and the printer is correctly recognized: Console log for poseidon.atlantide.net ugen1 at uhub8 port 4 HP Deskjet F4200 series rev 2.00/1.00 addr 7 just22@poseidon:[~] ls -la /dev/ugen1.* crw-rw 1 _cups _saned 63, 16 Nov 28 22:22 /dev/ugen1.00 crw-rw 1 _cups _saned 63, 17 Nov 28 22:22 /dev/ugen1.01 crw-rw 1 _cups _saned 63, 18 Nov 28 22:22 /dev/ugen1.02 crw-rw 1 _cups _saned 63, 19 Nov 28 22:22 /dev/ugen1.03 crw-rw 1 _cups _saned 63, 20 Nov 28 22:22 /dev/ugen1.04 crw-rw 1 _cups _saned 63, 21 Nov 28 22:22 /dev/ugen1.05 crw-rw 1 _cups _saned 63, 22 Nov 28 22:22 /dev/ugen1.06 crw-rw 1 _cups _saned 63, 23 Nov 28 22:22 /dev/ugen1.07 crw-rw 1 _cups _saned 63, 24 Nov 28 22:22 /dev/ugen1.08 crw-rw 1 _cups _saned 63, 25 Nov 28 22:22 /dev/ugen1.09 crw-rw 1 _cups _saned 63, 26 Nov 28 22:22 /dev/ugen1.10 crw-rw 1 _cups _saned 63, 27 Nov 28 22:22 /dev/ugen1.11 crw-rw 1 _cups _saned 63, 28 Nov 28 22:22 /dev/ugen1.12 crw-rw 1 _cups _saned 63, 29 Nov 28 22:22 /dev/ugen1.13 crw-rw 1 _cups _saned 63, 30 Nov 28 22:22 /dev/ugen1.14 crw-rw 1 _cups _saned 63, 31 Nov 28 22:22 /dev/ugen1.15 just22@poseidon:[~] ls -la /dev/usb* crw-rw 1 root wheel61, 0 Nov 28 22:22 /dev/usb0 crw-rw 1 _cups _saned 61, 1 Nov 28 22:22 /dev/usb1 crw-rw 1 root wheel61, 2 Nov 28 22:22 /dev/usb2 crw-rw 1 root wheel61, 3 Nov 28 22:22 /dev/usb3 crw-rw 1 root wheel61, 4 Nov 28 22:22 /dev/usb4 crw-rw 1 root wheel61, 5 Nov 28 22:22 /dev/usb5 crw-rw 1 root wheel61, 6 Nov 28 22:22 /dev/usb6 crw-rw 1 root wheel61, 7 Nov 28 22:22 /dev/usb7 just22@poseidon:[~] lsusb Bus 000 Device 001: ID 8086: Intel Corp. Bus 001 Device 001: ID 8086: Intel Corp. Bus 001 Device 002: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB Bus 001 Device 003: ID 05e3:0608 Genesys Logic, Inc. USB-2.0 4-Port HUB Bus 001 Device 004: ID 03f0:0024 Hewlett-Packard KU-0316 Keyboard Bus 001 Device 005: ID 046d:c050 Logitech, Inc. RX 250 Optical Mouse Bus 001 Device 006: ID 046d:089d Logitech, Inc. QuickCam E2500 series Bus 001 Device 007: ID 03f0:2504 Hewlett-Packard DeskJet F4200 series Bus 002 Device 001: ID 8086: Intel Corp. Bus 003 Device 001: ID 8086: Intel Corp. Bus 004 Device 001: ID 8086: Intel Corp. Bus 004 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver Bus 005 Device 001: ID 8086: Intel Corp. Bus 006 Device 001: ID 8086: Intel Corp. just22@poseidon:[~] sudo /usr/local/libexec/cups/backend/usb DEBUG: Loading USB quirks from /usr/local/share/cups/usb. DEBUG: Loaded 71 quirks. DEBUG: list_devices DEBUG: libusb_get_device_list=14 DEBUG2: Printer found with device ID: MFG:HP;MDL:Deskjet F4200 series;CMD:MLC,PCL,PML,DW-PCL,DESKJET,DYN;1284.4DL:4d,4e,1;CLS:PRINTER;DES:CB656B;SN:CN8C54F12J05BR;S:038000C486001021002c1f0002ac000;J: ;Z:0102,0503b60800,0600,0c0,0e,0f,100202,12000,147,150; Device URI: usb://HP/Deskjet%20F4200%20series?serial=CN8C54F12J05BRinterface=1 direct usb://HP/Deskjet%20F4200%20series?serial=CN8C54F12J05BRinterface=1 HP Deskjet F4200 series HP Deskjet F4200 series MFG:HP;MDL:Deskjet F4200 series;CMD:MLC,PCL,PML,DW-PCL,DESKJET,DYN;1284.4DL:4d,4e,1;CLS:PRINTER;DES:CB656B;SN:CN8C54F12J05BR;S:038000C486001021002c1f0002ac000;J: ;Z:0102,0503b60800,0600,0c0,0e,0f,100202,12000,147,150; Since I was not able to print, I tried to delete and reinstall the printer from the CUPS web interface (and from HPLIP GUI too), but, even if the operation seems to complete flawlessly and the /etc/cups/printer.conf is written correctly, the printer isn't listed among the available devices in CUPS. After enabling Save debugging information for troubleshooting in CUPS, this is the relevant content of /var/log/cups/error_log D [03/Dec/2014:08:57:49 +0100] CUPS-Add-Modify-Printer ipp://localhost/printers/HP_Deskjet_F4280 D [03/Dec/2014:08:57:49 +0100] cupsdIsAuthorized: username= D [03/Dec/2014:08:57:49 +0100] [Client 84] Returning HTTP Unauthorized for CUPS-Add-Modify-Printer (ipp://localhost/printers/HP_Deskjet_F4280) from localhost D [03/Dec/2014:08:57:49 +0100] [Client 84] cupsdSendHeader: code=401, type=text/html, auth_type=1 D [03/Dec/2014:08:57:49 +0100] [Client 84] WWW-Authenticate: Basic realm=CUPS, trc=y D [03/Dec/2014:08:57:49 +0100] [Client 85] Accepted from localhost (Domain) D [03/Dec/2014:08:57:49 +0100] [Client 85] Waiting for request. D [03/Dec/2014:08:57:49 +0100] [Client 86] Accepted from localhost (Domain) D
Re: ffs and utf8
Anthony J. Bentley said: I haven't used Apple OSses since around 10.4, but Mac OS X was doing a thing where certain well-known directory names were aliased according to the current locale. For instance, the user's music directory was shown as 「音楽」 when the locale was set to ja_JP.UTF-8. IMO this is totally crazy behavior and unrelated to the Unicode issue. GNOME does this too. It goes even further - proposes to rename XDG directories if locale changes. Most amusingly, if you happen run GNOME and Firefox with English locale and then switch to non-English locale, your GNOME will rename XDG directories to new locale defaults, and Firefox will re-create ~/Desktop. I rarely have to deal with systems with non-English locales, but each and every time I have to, I get terrified with the changes since the last time. -- Dmitrij D. Czarkoff
Re: ffs and utf8
On Wed, Dec 3, 2014 at 9:09 PM, Dmitrij D. Czarkoff czark...@gmail.com wrote: Anthony J. Bentley said: I haven't used Apple OSses since around 10.4, but Mac OS X was doing a thing where certain well-known directory names were aliased according to the current locale. For instance, the user's music directory was shown as 「音楽」 when the locale was set to ja_JP.UTF-8. IMO this is totally crazy behavior and unrelated to the Unicode issue. GNOME does this too. It goes even further - proposes to rename XDG directories if locale changes. Most amusingly, if you happen run GNOME and Firefox with English locale and then switch to non-English locale, your GNOME will rename XDG directories to new locale defaults, and Firefox will re-create ~/Desktop. I rarely have to deal with systems with non-English locales, but each and every time I have to, I get terrified with the changes since the last time. 8-/ One of the reasons I quit using gnome. If there were a way of specifying the initial locale when you create a new login id, that locale could specify the language to create these directory names in, and then they should never change. My memory is that you have to log in once to do that, however. Maybe it would be better just to not make those directories until they are needed by an application, and then ask the user to name them instead of providing standard names. -- Joel Rees Be careful when you look at conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself, as well.
Re: OT:Password strength
On Sun, Nov 30, 2014 at 04:21:50PM -0500, Ted Unangst wrote: On Sun, Nov 30, 2014 at 15:37, thornton.rich...@gmail.com wrote: Where do you store these passwords? On a napkin? Wherever you like. A shorter password with all the o's turned into 0's is hardly more secure. I'd say on a napkin until you remember it; which doesn't take long if you use it several times a day. Tor
Re: ffs and utf8
First of all, I really don't believe that preservation of non-canonical form should be a consideration for any software. There is no single reason to allow non-canonical forms to exist at all, while there are several reasons to avoid them. More so for foreign encodings in filenames - if you are trying to store UTF-16 names on a system with UTF-8 locale, you should be converting, not escaping. Doing otherwise is just asking for troubles. Next, I assume that ability to enter filenames trumps ability to preserve original filename on Unix-like systems. In most cases right now these two values don't clash, because user input is normalized from the very beginning in IME. That said, there may be exceptions. Eg. several mail clients won't normalize filename if input encoding matches encoding of attachement. Thus, having recieved a file with non-ASCII filename from Mac, you'll end up being unable to address it from shell even if it was typed using exactly the same keyboard layout you use. I don't see how this situation may be justified. The rare cases when original filenames must be preserved byte to byte warrant some special handling (eg. storing filenames elsewhere separately or preserving the whole files with names and attributes in some archive or other form of special database). Finally, provided that both ends of network communication use canonical forms for Unicode, the matter of storing file remotely and then recieving it back with filename intact is simply a matter of normalization on reciever's side. That is: if you prefer your local files in NFD, and your NAS uses NFC, you should simply normalize filenames when you recieve files back. The only potential problem here is compatibility normalizations, but these are already problematic enough to be avoided in all cases where NFD or NFC do the job. -- Dmitrij D. Czarkoff
Re: OT:Password strength
On 11/30/14 15:20, Ted Unangst wrote: Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka That defeats the purpose of the second example in the OPs question. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
isakmpd quits out after running ipsec on CURRENT
Hi, for some reason, this seems to have been for a while now; isakmpd will simply quit running after initiating: ipsecctl -f /etc/ipsec.conf Starting isakmpd manually with flags -Kdv doesn't give any indication as to what might be causing the service to crash or segfault and nothing is reported in the logs - I checked both daemon and messages. ipsec.conf consists of standard config: ike passive esp transport \ proto udp from 212.159.80.17 to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Sclr11XP99 ike passive esp transport \ proto udp from IP to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Some_crazy_pass Basically the setup used to work fine a few upgrades ago while I was on 5.5 but then something seems to have changed and it stopped. Along with the above I'm running npppd for ipsec/l2tp so I can run the native Android VPN client. I do run OpenVPN in addition but their seems to be some issue with routing on some apps so to get round that the choice is either: add default route manually when using OpenVPN / or use native client. I managed to find this thread from the list: http://comments.gmane.org/gmane.os.openbsd.misc/209636 and managed to pretty much validate my config in comparison but for some reason I cannot work this one out. System is up to date as per last night and build is: 5.6 GENERIC.MP#633 amd64 5.6 GENERIC.MP#633 amd64 Would anyone be able to suggest anything? Thanks. Kaya
Re: isakmpd quits out after running ipsec on CURRENT
On Wed, Dec 03, 2014 at 02:00:59PM +, Kaya Saman wrote: Hi, for some reason, this seems to have been for a while now; isakmpd will simply quit running after initiating: ipsecctl -f /etc/ipsec.conf Starting isakmpd manually with flags -Kdv doesn't give any indication as to what might be causing the service to crash or segfault and nothing is reported in the logs - I checked both daemon and messages. ipsec.conf consists of standard config: ike passive esp transport \ proto udp from 212.159.80.17 to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Sclr11XP99 ike passive esp transport \ proto udp from IP to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Some_crazy_pass Basically the setup used to work fine a few upgrades ago while I was on 5.5 but then something seems to have changed and it stopped. Along with the above I'm running npppd for ipsec/l2tp so I can run the native Android VPN client. I do run OpenVPN in addition but their seems to be some issue with routing on some apps so to get round that the choice is either: add default route manually when using OpenVPN / or use native client. I managed to find this thread from the list: http://comments.gmane.org/gmane.os.openbsd.misc/209636 and managed to pretty much validate my config in comparison but for some reason I cannot work this one out. System is up to date as per last night and build is: 5.6 GENERIC.MP#633 amd64 5.6 GENERIC.MP#633 amd64 Would anyone be able to suggest anything? Thanks. Kaya I am seeing the same behaviour (apparently a clean exit, no message whatsoever nor core file) on -current, with an ipsec.conf as simple as this: ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \ peer vpn.foo.bar \ srcid peer1.foo.bar dstid vpn.foo.bar I have upgraded -current several times since I last used IPSec, so I can't tell for sure when it started... OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec 1 10:11:11 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8357658624 (7970MB) avail mem = 8131330048 (7754MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version 6QET70WW (1.40 ) date 10/11/2012 bios0: LENOVO 3680WE9 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 13 (EXP1) acpiprt3 at acpi0: bus -1
Re: isakmpd quits out after running ipsec on CURRENT
I run this kernel from beginning of November: OpenBSD 5.6-current (GENERIC) #492: Fri Nov 7 10:21:36 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX on my soekris box. Isakmpd is just started with: -4 -K my ipsec.conf looks similar to this one (only IP addresses changed): localip=1.1.1.1 peerip=2.2.2.2 ike esp from 3.3.3.0/24 to 4.4.0.0/16 \ local $localip peer $peerip \ main auth hmac-sha1 enc aes-128 group modp1024 \ quick auth hmac-sha1 enc aes-128 group modp1024 \ psk top secret and it just works. does a higher debug level i.e. -D A=90 show something, or logging the packets isakmpd sees with -L give more hints? cheers, Sebastian On Wednesday, December 3, 2014 15:53 CET, Zé Loff zel...@zeloff.org wrote: On Wed, Dec 03, 2014 at 02:00:59PM +, Kaya Saman wrote: Hi, for some reason, this seems to have been for a while now; isakmpd will simply quit running after initiating: ipsecctl -f /etc/ipsec.conf Starting isakmpd manually with flags -Kdv doesn't give any indication as to what might be causing the service to crash or segfault and nothing is reported in the logs - I checked both daemon and messages. ipsec.conf consists of standard config: ike passive esp transport \ proto udp from 212.159.80.17 to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Sclr11XP99 ike passive esp transport \ proto udp from IP to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Some_crazy_pass Basically the setup used to work fine a few upgrades ago while I was on 5.5 but then something seems to have changed and it stopped. Along with the above I'm running npppd for ipsec/l2tp so I can run the native Android VPN client. I do run OpenVPN in addition but their seems to be some issue with routing on some apps so to get round that the choice is either: add default route manually when using OpenVPN / or use native client. I managed to find this thread from the list: http://comments.gmane.org/gmane.os.openbsd.misc/209636 and managed to pretty much validate my config in comparison but for some reason I cannot work this one out. System is up to date as per last night and build is: 5.6 GENERIC.MP#633 amd64 5.6 GENERIC.MP#633 amd64 Would anyone be able to suggest anything? Thanks. Kaya I am seeing the same behaviour (apparently a clean exit, no message whatsoever nor core file) on -current, with an ipsec.conf as simple as this: ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \ peer vpn.foo.bar \ srcid peer1.foo.bar dstid vpn.foo.bar I have upgraded -current several times since I last used IPSec, so I can't tell for sure when it started... OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec 1 10:11:11 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8357658624 (7970MB) avail mem = 8131330048 (7754MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version 6QET70WW (1.40 ) date 10/11/2012 bios0: LENOVO 3680WE9 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu2:
Re: isakmpd quits out after running ipsec on CURRENT
On Wed, Dec 03, 2014 at 04:09:02PM +0100, Sebastian Reitenbach wrote: I run this kernel from beginning of November: OpenBSD 5.6-current (GENERIC) #492: Fri Nov 7 10:21:36 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX on my soekris box. Isakmpd is just started with: -4 -K my ipsec.conf looks similar to this one (only IP addresses changed): localip=1.1.1.1 peerip=2.2.2.2 ike esp from 3.3.3.0/24 to 4.4.0.0/16 \ local $localip peer $peerip \ main auth hmac-sha1 enc aes-128 group modp1024 \ quick auth hmac-sha1 enc aes-128 group modp1024 \ psk top secret and it just works. does a higher debug level i.e. -D A=90 show something, or logging the packets isakmpd sees with -L give more hints? No packets are transferred, AFAICT. Running isakmpd -Kdv -D A=90 yields a single line after ipsecctl is run: uiconfig: C set [General]:Check-interval=30 force isakmpd then quits with exit code 0. cheers, Sebastian On Wednesday, December 3, 2014 15:53 CET, Zé Loff zel...@zeloff.org wrote: On Wed, Dec 03, 2014 at 02:00:59PM +, Kaya Saman wrote: Hi, for some reason, this seems to have been for a while now; isakmpd will simply quit running after initiating: ipsecctl -f /etc/ipsec.conf Starting isakmpd manually with flags -Kdv doesn't give any indication as to what might be causing the service to crash or segfault and nothing is reported in the logs - I checked both daemon and messages. ipsec.conf consists of standard config: ike passive esp transport \ proto udp from 212.159.80.17 to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Sclr11XP99 ike passive esp transport \ proto udp from IP to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Some_crazy_pass Basically the setup used to work fine a few upgrades ago while I was on 5.5 but then something seems to have changed and it stopped. Along with the above I'm running npppd for ipsec/l2tp so I can run the native Android VPN client. I do run OpenVPN in addition but their seems to be some issue with routing on some apps so to get round that the choice is either: add default route manually when using OpenVPN / or use native client. I managed to find this thread from the list: http://comments.gmane.org/gmane.os.openbsd.misc/209636 and managed to pretty much validate my config in comparison but for some reason I cannot work this one out. System is up to date as per last night and build is: 5.6 GENERIC.MP#633 amd64 5.6 GENERIC.MP#633 amd64 Would anyone be able to suggest anything? Thanks. Kaya I am seeing the same behaviour (apparently a clean exit, no message whatsoever nor core file) on -current, with an ipsec.conf as simple as this: ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \ peer vpn.foo.bar \ srcid peer1.foo.bar dstid vpn.foo.bar I have upgraded -current several times since I last used IPSec, so I can't tell for sure when it started... OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec 1 10:11:11 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8357658624 (7970MB) avail mem = 8131330048 (7754MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version 6QET70WW (1.40 ) date 10/11/2012 bios0: LENOVO 3680WE9 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu1:
Re: ffs and utf8
2014/12/03 22:23 Dmitrij D. Czarkoff czark...@gmail.com: First of all, I really don't believe that preservation of non-canonical form should be a consideration for any software. There is no particular canonical form for some kinds of software. Unix, in particular, happens to have file name limitations that are compatible with all versions of Unicode past 2.0, at least, in UTF-8, but it has no native encoding. Most of the tools support ASCII, many now support Unicode. But there is no native encoding. That's one of the strengths of Unix. There is no single reason to allow non-canonical forms to exist at all, non-canonical forms in what context? while there are several reasons to avoid them. Which non-canonical forms? More so for foreign encodings in filenames - Define foreign encoding, too. Make sure your definition works for my context. Now, if you don't mind keeping my data away from your machine, maybe it's okay if your definition doesn't work for my context. For some 7 billion definitons of me. if you are trying to store UTF-16 names on a system with UTF-8 locale, you should be converting, not escaping. Not much argument with that. Many things that can be done should not necessarily be done. Most of the time, anyway. There may be some special cases, but you are talking about file names, and I don't think of any, right off the bat. Doing otherwise is just asking for troubles. Oh, I just thought of a couple of exceptions. Theoretical at this point, but definitely exceptions. There's no rule that an OS has to use byte-string file names. (And you don't have to do the stupid things a certain well-known OS does, that uses UCS-16 as its native transform and Unicode as its native encoding.) But you know that. Next, I assume that ability to enter filenames trumps ability to preserve original filename on Unix-like systems. Entering file names is a function of the tools, not of the OS. And if you want tools that are limited to NFD, you are free to build and use them. In most cases right now these two values don't clash, because user input is normalized from the very beginning in IME. Choice, function, and construction of the input stack (and output stack) is nearly completely independent of the OS (for any decent OS). That said, there may be exceptions. Eg. several mail clients won't normalize filename if input encoding matches encoding of attachement. Mail clients are also pretty independent of the OS. Thus, having recieved a file with non-ASCII filename from Mac, you'll end up being unable to address it from shell even if it was typed using exactly the same keyboard layout you use. Keyboard layout is independent of the OS. And it is actually possible to set up an openbsd keyboard and input method that closely mimics a Macintosh. I don't see how this situation may be justified. Doesn't need to be. Only needs to be worked around. The rare cases when original filenames must be preserved byte to byte warrant some special handling (eg. storing filenames elsewhere separately or preserving the whole files with names and attributes in some archive or other form of special database). Actually, the contexts in which data handling should be orthogonal to filename encodings are the more common contexts. The OS has to do a lot that the user never sees, and those internal functions just start fighting each other when they start making assumptions like encodings. Finally, provided that both ends of network communication use canonical forms for Unicode, the matter of storing file remotely and then recieving it back with filename intact is simply a matter of normalization on reciever's side. As long as you don't drop bytes somehow on the way from here to there. That is: if you prefer your local files in NFD, and your NAS uses NFC, you should simply normalize filenames when you recieve files back. Not OS issues. Application issues. Maybe tool issues, for a limited subset of tools. The only potential problem here is compatibility normalizations, but these are already problematic enough to be avoided in all cases where NFD or NFC do the job. Broken compatibility normalizations get invented precisely because OS architects think an OS needs a native encoding. Remember, the Universal TransForms were invented independently of Unicode. They were adopted by the Unicode Consortium about the time the Consortium finally became convinced that there really are more than 65,536 character-like objects that need a code point in a modern information encoding scheme. UTF-8 and Unicode are not equivalent. Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.
Re: isakmpd quits out after running ipsec on CURRENT
On Wed, Dec 03, 2014 at 03:24:06PM +, Zé Loff wrote: On Wed, Dec 03, 2014 at 04:09:02PM +0100, Sebastian Reitenbach wrote: I run this kernel from beginning of November: OpenBSD 5.6-current (GENERIC) #492: Fri Nov 7 10:21:36 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX on my soekris box. Isakmpd is just started with: -4 -K my ipsec.conf looks similar to this one (only IP addresses changed): localip=1.1.1.1 peerip=2.2.2.2 ike esp from 3.3.3.0/24 to 4.4.0.0/16 \ local $localip peer $peerip \ main auth hmac-sha1 enc aes-128 group modp1024 \ quick auth hmac-sha1 enc aes-128 group modp1024 \ psk top secret and it just works. does a higher debug level i.e. -D A=90 show something, or logging the packets isakmpd sees with -L give more hints? No packets are transferred, AFAICT. Running isakmpd -Kdv -D A=90 yields a single line after ipsecctl is run: uiconfig: C set [General]:Check-interval=30 force isakmpd then quits with exit code 0. Actually, A=99 yields an extra line: Misc 95 conf_set_now: [General]:Check-interval-30 cheers, Sebastian On Wednesday, December 3, 2014 15:53 CET, Zé Loff zel...@zeloff.org wrote: On Wed, Dec 03, 2014 at 02:00:59PM +, Kaya Saman wrote: Hi, for some reason, this seems to have been for a while now; isakmpd will simply quit running after initiating: ipsecctl -f /etc/ipsec.conf Starting isakmpd manually with flags -Kdv doesn't give any indication as to what might be causing the service to crash or segfault and nothing is reported in the logs - I checked both daemon and messages. ipsec.conf consists of standard config: ike passive esp transport \ proto udp from 212.159.80.17 to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Sclr11XP99 ike passive esp transport \ proto udp from IP to any port 1701 \ main auth hmac-sha enc aes group modp1024 \ quick auth hmac-sha enc aes \ psk Some_crazy_pass Basically the setup used to work fine a few upgrades ago while I was on 5.5 but then something seems to have changed and it stopped. Along with the above I'm running npppd for ipsec/l2tp so I can run the native Android VPN client. I do run OpenVPN in addition but their seems to be some issue with routing on some apps so to get round that the choice is either: add default route manually when using OpenVPN / or use native client. I managed to find this thread from the list: http://comments.gmane.org/gmane.os.openbsd.misc/209636 and managed to pretty much validate my config in comparison but for some reason I cannot work this one out. System is up to date as per last night and build is: 5.6 GENERIC.MP#633 amd64 5.6 GENERIC.MP#633 amd64 Would anyone be able to suggest anything? Thanks. Kaya I am seeing the same behaviour (apparently a clean exit, no message whatsoever nor core file) on -current, with an ipsec.conf as simple as this: ike dynamic esp from 10.17.19.3 (egress) to 10.17.16.0/22 \ peer vpn.foo.bar \ srcid peer1.foo.bar dstid vpn.foo.bar I have upgraded -current several times since I last used IPSec, so I can't tell for sure when it started... OpenBSD 5.6-current (GENERIC.MP) #634: Mon Dec 1 10:11:11 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8357658624 (7970MB) avail mem = 8131330048 (7754MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version 6QET70WW (1.40 ) date 10/11/2012 bios0: LENOVO 3680WE9 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB
Re: missing packages for SPARC
On Tue, Dec 02, 2014 at 10:35:43PM +0100, Riccardo Mottola wrote: Hi, I was pkg_add'ing some essential packages on a freshly installed SPARC machine. I noticed that several packages are missing. I thought it was the mirror, but they are missing on the master ftp too. I know that some packages might not build on sparc or do not have sense on that platform, however I was looking for pretty general stuff: libxmsl, libxslt or subversion. It looks like sparc 5.6 package were built without the modf fix :( http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/arch/sparc/gen/modf.S There isn't much that doesn't require python as a build-depends somewhere... You're welcome to help out. There is an open issue with bash and setjmp/longjmp (guessing) that breaks dbus (iirc). I've lost countless hours and gave up on that. Is this a problem? or is it deliberate? Sebastian, I know you used to stress your SPARCs :) Thank you, Riccardo
Re: segmentation fault during package build
On Wed, Dec 03, 2014 at 09:38:17AM +0100, Riccardo Mottola wrote: Hi, I am running OpenBSD 5.6 on Sparc [1] Since I did not find several packages available, I got ports (5.6 tar.gz version), unpacked it and started building. While I attempt to install libxml I get, while installing bzip2 dependency: install -c -o root -g bin -m 555 bzgrep bzmore bzdiff /usr/ports/pobj/bzip2-1.0.6/fake-sparc/usr/local/bin install -c -o root -g bin -m 444 bzip2.1 bzgrep.1 bzmore.1 bzdiff.1 /usr/ports/pobj/bzip2-1.0.6/fake-sparc/usr/local/man/man1 Segmentation fault (core dumped) *** Error 139 in /usr/ports/pobj/bzip2-1.0.6/bzip2-1.0.6 (Makefile:105 'install': @cd /usr/ports/pobj/bzip2-1.0.6/fake-sparc/usr/local/man/m...) *** Error 1 in /usr/ports/archivers/bzip2 (/usr/ports/infrastructure/mk/bsd.port.mk:2807 '/usr/ports/pobj/bzip2-1.0.6/fake-sparc/.fake_done') If I just type make install again, it happens again, thus I would exclude a memory issue which makes thins more random, but it repeats in the same place. Perhaps a bad generated binary or a function call causing problems? I wanted to look for the core file, but can't find it. Where could it be? Cheers, Riccardo [1] OpenBSD 5.6 (GENERIC) #94: Wed Aug 13 13:54:32 GMT 2014 m...@credogne.gentiane.org:/usr/src/sys/arch/sparc/compile/GENERIC full dmesg please
dialog (probably OT)
Hello, I need a little bit of help with 'dialog'. I am working on the script to add a developer to our system: shell= groups= user= home= exec 31 # Store data to $VALUES variable VALUES=$(dialog --ok-label Add \ --backtitle Add a developer \ --title Useradd \ --form Create a new developer \ 15 70 0 \ Username:1 1login name 1 10 20 0 \ Realname: 2 1 real name2 10 30 100 \ E-Mail: 3 1e-mail 3 10 30 100 \ Project: 4 1 project 4 10 30 100 \ GIT Url: 5 1url of git repository 5 10 30 100 \ DB dump: 6 1url of database dump 6 10 40 100 \ Ssh privkey:7 1ssh private key7 10 40 2048 \ Ssh pubkey:8 1ssh public key8 10 40 2048 \ 21 13) # close fd exec 3- echo $VALUES # display values just entered user=$(echo $VALUES |cut -f1 -d' ') rname=$(echo $VALUES |cut -f2 -d' ') email=$(echo $VALUES |cut -f3 -d' ') git=$(echo $VALUES | cut -f4 -d' ') dburl=$(echo $VALUES |cut -f5 -d' ') privkey=$(echo $VALUES |cut -f6 -d' ') pubkey=$(echo $VALUES |cut -f7 -d' ') (it's a test to look at the possibilities offered). now, I want some of the fields (for example the later 2) to be of a different type from just the plain inputfield, for example, inputbox. from what I see, I have to split the form into three steps, like: ask the first 5 fields at once, store values, then have two separate forms for keys. but that is not the way I want it to be like. I know that zenity can easily do what i want, but it is an X application, and I need it to be terminal/(n)curses application. do i have any more options rather then split dialogue into two or more steps? -- With best regards, Gregory Edigarov
Re: missing packages for SPARC
On 2014-12-02, Riccardo Mottola riccardo.mott...@libero.it wrote: I was pkg_add'ing some essential packages on a freshly installed SPARC machine. I noticed that several packages are missing. I thought it was the mirror, but they are missing on the master ftp too. I know that some packages might not build on sparc or do not have sense on that platform, however I was looking for pretty general stuff: libxmsl, libxslt or subversion. They didn't build. I can't tell whether that's due to the package building process (the sparc build machines are very unstable) or problems with the ports themselves. Peter Hessler may be able to comment. Unfortunately, that's the usual course when an architecture becomes less and less common. Build failures pile up, compounded by slowness and general reliability problems, and the set of available packages keeps shrinking. Somebody needs to care. There is no magic bullet. If, say, two hundred ports fail to build and take out thousands more for which they serve as dependencies, then the only way to fix this is for somebody to sit down and examine and fix the failing ports. One by one. If nobody steps up to do this, then it won't happen. We keep having this tail of zombie architectures. Long obsolete hardware, run by few people, with pitiful best effort package builds happening each release and with luck once between. They slowly sink under the accumulating bitrot that nobody cares to fix, but at the same time people can't bring themselves to completely abandon those archs. *shrug* -- Christian naddy Weisgerber na...@mips.inka.de
Re: segmentation fault during package build
On 2014-12-03, Riccardo Mottola riccardo.mott...@libero.it wrote: install -c -o root -g bin -m 555 bzgrep bzmore bzdiff /usr/ports/pobj/bzip2-1.0.6/fake-sparc/usr/local/bin install -c -o root -g bin -m 444 bzip2.1 bzgrep.1 bzmore.1 bzdiff.1 /usr/ports/pobj/bzip2-1.0.6/fake-sparc/usr/local/man/man1 Segmentation fault (core dumped) *** Error 139 in /usr/ports/pobj/bzip2-1.0.6/bzip2-1.0.6 (Makefile:105 'install': @cd /usr/ports/pobj/bzip2-1.0.6/fake-sparc/usr/local/man/m...) I wanted to look for the core file, but can't find it. Where could it be? Somewhere under the work directory. $ find /usr/ports/pobj/bzip2-1.0.6 -name \*.core -- Christian naddy Weisgerber na...@mips.inka.de
Re: -current hangs during boot from xhci controller on MacbookAir6,1
Sorry, I compiled that custom kernel based on stable instead of current. I have now compiled a version based on current @ 2014-12-03. I get the same panic when booting in xhci mode using the kernel based on current as I did with the kernel based on stable. Same behavior with ehci mode as well--it boots fine and I can get a dmesg. Here is the dmesg from my boot to the custom kernel based on *current* using *ehci* mode: OpenBSD 5.6-current (SCOTT.MP) #1: Wed Dec 3 08:23:40 PST 2014 root@foo.localdomain:/usr/src/sys/arch/amd64/compile/SCOTT.MP RTC BIOS diagnostic error ffclock_battery,ROM_cksum,config_unit,memory_size,fixed_disk,invalid_time real mem = 8511332352 (8117MB) avail mem = 8280907776 (7897MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (42 entries) bios0: vendor Apple Inc. version MBA61.88Z.0099.B16.1408291503 date 08/29/2014 bios0: Apple Inc. MacBookAir6,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT MCFG DMAR acpi0: wakeup devices P0P2(S3) EC__(S3) HDEF(S3) RP01(S3) RP02(S3) RP03(S3) ARPT(S4) RP05(S3) RP06(S3) SPIT(S3) XHC1(S3) ADP1(S3) LID0(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.27 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.01 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.01 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpiec0 at acpi0 acpimcfg0 at acpi0 addr 0xe000, bus 0-155 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus 2 (RP02) acpiprt4 at acpi0: bus 3 (RP03) acpiprt5 at acpi0: bus 5 (RP05) acpiprt6 at acpi0: bus 4 (RP06) acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpibat0 at acpi0: BAT0 model 3545797981023400290 type 3545797981528607052 oem 3545797981528608836 acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpivideo0 at acpi0: IGPU acpivout0 at acpivideo0: DD01 cpu0: Enhanced SpeedStep 1600 MHz: speeds: 2301, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200, 1100, 1000, 900, 800, 759 MHz memory map conflict 0xe00f8000/0x1000 memory map conflict 0xfed1c000/0x4000 memory map conflict 0xffe1/0x3 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core 4G Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel HD Graphics 5000 rev 0x09 intagp at vga1 not configured inteldrm0 at vga1 drm0 at inteldrm0 drm: Memory usable by graphics device = 2048M error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before writing to 10 error: [drm:pid0:intel_dp_set_link_train] *ERROR*
OpenBSD 5.6-current on ASUS Chromebox
I'm a fan of the ASUS Chromebox hardware, specifically the M004U with the Celeron 2955U processor. Comes with 2 GB of RAM, and 16GB SSD. It typically retails for $160 USD. I have a couple running Linux (HTPC and a desktop for my kids). I picked up a third one on black friday for $110 just to play with, was specifically interested in loading OpenBSD on it. 5.6-stable doesn't work because of the lack of USB 3.0 (xhci) support, but 5.6-current installed without issue. The wireless adapter wasn't detected, but the Realtek ethernet device works. I have it driving a 1920x1200 display over HDMI. It's been a long time since I've used OpenBSD as a desktop so I've got a bit to figure out, but thus far this little system is running very nicely. Just in case anyone else is interested in it I'm including dmesg output. Also, if you do try just be aware that the Chromebox has to be put into developer mode and the default BIOS will need to be replaced with coreboot. The Kodi (XBMC) wiki has a good document on doing that. http://kodi.wiki/view/ASUS_Chromebox dmesg output: OpenBSD 5.6-current (RAMDISK_CD) #584: Mon Dec 1 00:41:23 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 4215820288 (4020MB) avail mem = 4102762496 (3912MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7f69f020 (7 entries) bios0: vendor coreboot version 4.0-7445-ge0d42b6-dirty date 12/02/2014 bios0: Google Panther acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT MCFG APIC HPET SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) 2955U @ 1.40GHz, 1397.00 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,XSAVE, RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,ERMS,INVPCID cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus -1 (RP05) acpiprt6 at acpi0: bus -1 (RP06) acpiprt7 at acpi0: bus -1 (RP07) acpiprt8 at acpi0: bus -1 (RP08) pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core 4G Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel HD Graphics rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Intel Core 4G HD Audio rev 0x09 at pci0 dev 3 function 0 not configured xhci0 at pci0 dev 20 function 0 Intel 8 Series xHCI rev 0x04: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 Intel xHCI root hub rev 3.00/1.00 addr 1 Intel 8 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured Intel 8 Series HD Audio rev 0x04 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 Intel 8 Series PCIE rev 0xe4 pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 Realtek 8168 rev 0x0c: RTL8168G/8111G (0x4c00), msi, address c4:54:44:4d:be:ab rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0 ppb1 at pci0 dev 28 function 1 Intel 8 Series PCIE rev 0xe4 pci2 at ppb1 bus 2 Atheros AR9462 rev 0x01 at pci2 dev 0 function 0 not configured ppb2 at pci0 dev 28 function 2 Intel 8 Series PCIE rev 0xe4 pci3 at ppb2 bus 3 Intel 8 Series LPC rev 0x04 at pci0 dev 31 function 0 not configured ahci0 at pci0 dev 31 function 2 Intel 8 Series AHCI rev 0x04: msi, AHCI 1.3 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, SanDisk SSD U110, U221 SCSI3 0/direct fixed naa.5001b44bed91e41e sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin Intel 8 Series SMBus rev 0x04 at pci0 dev 31 function 3 not configured vendor Intel, unknown product 0x9c24 (class DASP subclass miscellaneous, rev 0x04) at pci0 dev 31 function 6 not configured isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo uhidev0 at uhub0 port 2 configuration 1 interface 0 Logitech USB Receiver rev 2.00/29.00 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0 wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub0 port 2 configuration 1 interface 1 Logitech USB Receiver rev 2.00/29.00 addr 2 uhidev1: iclass 3/1, 17 report ids uhid at uhidev1 reportid 2 not configured uhid at uhidev1 reportid 3 not configured uhid at uhidev1 reportid 4 not configured uhid at uhidev1 reportid 16 not configured uhid at uhidev1 reportid 17 not configured \M-1???\^D??\^A??\^P??@\^A?? \M-1???\^D??\^A??\^P??@\^A?? rev 1.10/0.01 addr 3 at uhub0 port 4 not configured umass0 at uhub0 port 7 configuration 1 interface 0 Generic USB Storage rev 2.00/2.60 addr 4 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets, initiator 0 sd1 at scsibus1 targ 1 lun 0: Generic, Power Saving USB, 0260 SCSI0 0/direct removable
Re: isakmpd quits out after running ipsec on CURRENT
On 2014-12-03, Zé Loff zel...@zeloff.org wrote: for some reason, this seems to have been for a while now; isakmpd will simply quit running after initiating: ipsecctl -f /etc/ipsec.conf I am seeing the same behaviour (apparently a clean exit, no message whatsoever nor core file) on -current, with an ipsec.conf as simple as this: This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56. Check your system logs for isakmpd: backwards memcpy. -- Christian naddy Weisgerber na...@mips.inka.de
OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ...
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
On Wed, Dec 3, 2014 at 9:49 AM, Alan McKay alan.mc...@gmail.com wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? Look into the PC Engines ALIX and APU system boards. You can get kits for under $200, or sometimes for less on eBay. http://www.pcengines.ch Great hardware. I have a couple of the ALIX boards. The APU series has gigabit NICs and a lot more horse power. If you search the mailing list you'll see several mentions for it. What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ... -Gene (p.s. I'm bad at mailing lists and didn't reply all last time, I apologise for emailing you twice, Alan).
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
The lovable scamp Ted Unangst posted about a box with dual broadcoms, Atom CPU, DDR3 RAM, etc for $129 on his blog: http://www.tedunangst.com/flak/post/new-home-router -Chester Enjoy those tacos now, for in a thousand years they will be illegal! Ha ha ha ha-I think we all know why. - Benjamin Franklin On 12/3/2014 at 11:09 AM, Gene gh5...@gmail.com wrote: On Wed, Dec 3, 2014 at 9:49 AM, Alan McKay alan.mc...@gmail.com wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? Look into the PC Engines ALIX and APU system boards. You can get kits for under $200, or sometimes for less on eBay. http://www.pcengines.ch Great hardware. I have a couple of the ALIX boards. The APU series has gigabit NICs and a lot more horse power. If you search the mailing list you'll see several mentions for it. What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ... -Gene (p.s. I'm bad at mailing lists and didn't reply all last time, I apologise for emailing you twice, Alan).
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
I have one of those. Ran pfSense on it for 9 months and worked great, until one of the built-in NICs died. I've since repurposed the system as a Xen host, the last NIC hasn't died yet, but I can't really recommend it. -Gene On Wed, Dec 3, 2014 at 10:30 AM, Chester T. Field chester.t.fi...@hushmail.com wrote: The lovable scamp Ted Unangst posted about a box with dual broadcoms, Atom CPU, DDR3 RAM, etc for $129 on his blog: http://www.tedunangst.com/flak/post/new-home-router -Chester Enjoy those tacos now, for in a thousand years they will be illegal! Ha ha ha ha-I think we all know why. - Benjamin Franklin On 12/3/2014 at 11:09 AM, Gene gh5...@gmail.com wrote: On Wed, Dec 3, 2014 at 9:49 AM, Alan McKay alan.mc...@gmail.com wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? Look into the PC Engines ALIX and APU system boards. You can get kits for under $200, or sometimes for less on eBay. http://www.pcengines.ch Great hardware. I have a couple of the ALIX boards. The APU series has gigabit NICs and a lot more horse power. If you search the mailing list you'll see several mentions for it. What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ... -Gene (p.s. I'm bad at mailing lists and didn't reply all last time, I apologise for emailing you twice, Alan).
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
Alan McKay [alan.mc...@gmail.com] wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ... A lot of these $40 routers are based on some kind of MIPS CPU. For ones that lack MMU or floating-point, Linux is it. Other ones that have MMU and FP can run OpenBSD, although significant porting effort is required. And they have 8MB to 16MB flash, which means you are running a ramdisk kernel and that's about it. The Octeon port supports the Ubiquiti $99 USD model but you don't get local storage until USB is finished. That is a more ideal platform for a complete OpenBSD environment. Chris
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
On 12/03/2014 09:49 AM, Alan McKay wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ... I've been looking at this one http://amzn.com/B00M8MNF4G Its overkill, because I want it to handle other tasks (email) as well as a firewall. I've not purchased or installed it yet. -- Those who do not understand Unix are condemned to reinvent it, poorly.
Re: isakmpd quits out after running ipsec on CURRENT
On 2014-12-03 12:47, Christian Weisgerber wrote: On 2014-12-03, Zé Loff zel...@zeloff.org wrote: for some reason, this seems to have been for a while now; isakmpd will simply quit running after initiating: ipsecctl -f /etc/ipsec.conf I am seeing the same behaviour (apparently a clean exit, no message whatsoever nor core file) on -current, with an ipsec.conf as simple as this: This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56. Check your system logs for isakmpd: backwards memcpy. It may not be that change, since it was only committed two days ago. I've seen the same symptoms in i386 snapshots from Nov 26 and 30. I had planned to spend a few hours this next weekend trying to isolate the regression, and to date have not done any more than reproduce the problem with older kernels.
Re: isakmpd quits out after running ipsec on CURRENT
On 2014-12-03 13:59, Josh Grosse wrote: On 2014-12-03 12:47, Christian Weisgerber wrote: ... This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56. Check your system logs for isakmpd: backwards memcpy. It may not be that change, since it was only committed two days ago. I've seen the same symptoms in i386 snapshots from Nov 26 and 30. I had planned to spend a few hours this next weekend trying to isolate the regression, and to date have not done any more than reproduce the problem with older kernels. Ack. Never mind. This could be the *fix*. Sorry for the noise. My apologies. I seem to have way too much blood in my caffeine system.
Generic Question: Floating point, MMU
On the thread: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox) ch...@nmedia.net commented: For ones that lack MMU or floating-point, Linux is it. Other ones that have MMU and FP can run OpenBSD, although significant porting effort is required. And they have 8MB to 16MB flash, which means you are running a ramdisk kernel and that's about it. Why is OpenBSD the choice only if you have a floating point? And I would have thought Linux would not do well without a MMU. I know people have ported Linux to all sorts of things, but no MMU? cheers Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) I voted for love
Re: isakmpd quits out after running ipsec on CURRENT
On 2014-12-03, Josh Grosse j...@jggimi.homeip.net wrote: This could be the bug fixed in src/sbin/isakmpd/ui.c rev 1.56. Check your system logs for isakmpd: backwards memcpy. It may not be that change, since it was only committed two days ago. I've seen the same symptoms in i386 snapshots from Nov 26 and 30. Exactly, that change _fixes_ it. In recent snapshots, memcpy() checks for overlap and aborts. For some background, see http://www.tedunangst.com/flak/post/memcpy-vs-memmove -- Christian naddy Weisgerber na...@mips.inka.de
Re: Generic Question: Floating point, MMU
Maybe this helps, http://www.uclinux.org Am 03.12.2014 20:36 schrieb worik worik.stan...@gmail.com: On the thread: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox) ch...@nmedia.net commented: For ones that lack MMU or floating-point, Linux is it. Other ones that have MMU and FP can run OpenBSD, although significant porting effort is required. And they have 8MB to 16MB flash, which means you are running a ramdisk kernel and that's about it. Why is OpenBSD the choice only if you have a floating point? And I would have thought Linux would not do well without a MMU. I know people have ported Linux to all sorts of things, but no MMU? cheers Worik -- Why is the legal status of chardonnay different to that of cannabis? worik.stan...@gmail.com 021-1680650, (03) 4821804 Aotearoa (New Zealand) I voted for love
Re: missing packages for SPARC
On 12/3/14, Christian Weisgerber na...@mips.inka.de wrote: On 2014-12-02, Riccardo Mottola riccardo.mott...@libero.it wrote: I was pkg_add'ing some essential packages on a freshly installed SPARC machine. I noticed that several packages are missing. I thought it was the mirror, but they are missing on the master ftp too. I know that some packages might not build on sparc or do not have sense on that platform, however I was looking for pretty general stuff: libxmsl, libxslt or subversion. They didn't build. I can't tell whether that's due to the package building process (the sparc build machines are very unstable) or problems with the ports themselves. Peter Hessler may be able to comment. Unfortunately, that's the usual course when an architecture becomes less and less common. Build failures pile up, compounded by slowness and general reliability problems, and the set of available packages keeps shrinking. Somebody needs to care. There is no magic bullet. If, say, two hundred ports fail to build and take out thousands more for which they serve as dependencies, then the only way to fix this is for somebody to sit down and examine and fix the failing ports. One by one. If nobody steps up to do this, then it won't happen. We keep having this tail of zombie architectures. Long obsolete hardware, run by few people, with pitiful best effort package builds happening each release and with luck once between. They slowly sink under the accumulating bitrot that nobody cares to fix, but at the same time people can't bring themselves to completely abandon those archs. *shrug* how do you guys deal with disk space with sparc machines? NFS? I will dust off my ss20 this weekend see if it powers up. --patrick
Re: OT:Password strength
On Wed, Dec 03, 2014 at 08:27, Brad Smith wrote: On 11/30/14 15:20, Ted Unangst wrote: Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka That defeats the purpose of the second example in the OPs question. If you want strong, short passwords that look ridiculous: dd if=/dev/random bs=1 count=9 | b64encode password
Re: OT:Password strength
On 12/03/2014 12:04 PM, Ted Unangst wrote: On Wed, Dec 03, 2014 at 08:27, Brad Smith wrote: On 11/30/14 15:20, Ted Unangst wrote: Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka That defeats the purpose of the second example in the OPs question. If you want strong, short passwords that look ridiculous: dd if=/dev/random bs=1 count=9 | b64encode password And then try to remember that mess, or type it, especially into a smartphone. Gaak! 8-O -- Those who do not understand Unix are condemned to reinvent it, poorly.
Re: missing packages for SPARC
patrick keshishian: how do you guys deal with disk space with sparc machines? NFS? Distfiles and packages on NFS, obj on local disk. -- Christian naddy Weisgerber na...@mips.inka.de
Re: Squid configuration
Am 03.12.2014 12:59, schrieb sven falempin:
On Tue, Dec 2, 2014 at 9:55 PM, Steve Shockley
steve.shock...@shockley.net wrote:
On 12/2/2014 8:49 PM, Einfach Jemand wrote:
Hmm, I checked on one of my boxen and there /etc/passwd has
_squid
^! Note the underline.
as account for this package, so you probably want
According to the package README:
When started by rc.d(8) (i.e. via pkg_scripts in rc.conf.local or from
${RCDIR}/squid start) the appropriately-named login class is used
automatically.
So, the underline shouldn't be necessary.
The login would be apply in a rc script ? I looked into that :
is that why the _ goes away ?
_name=$(basename $0)
[.. so name of the rc script is sed to get compiled login.conf info..]
getcap -f /etc/login.conf ${_name} 1/dev/null 21
[ but this only print stuff according to man page ]
There is a rcexec that force the usage of the login class
grep rcexec /etc/rc.d/*
unbound use it, but not squid.
I guess my perl script would have to do a strlimit after dropping
privilege to open 4096 files.
On the other hand, the class is supposed to be in master.passwd or be
to default:
name User's login name.
password User's encrypted password.
uid User's login user ID.
gid User's login group ID.
class User's general classification (see login.conf(5)).
change Password change time.
expire Account expiration time.
gecos General information about the user.
home_dir User's home directory.
shell User's login shell.
_squid:*:515:515:daemon:0:0:Squid Account:
_bgpd:*:75:75::0:0:BGP Daemon:/var/empty:/sbin/nologin
bgpd class is blank, squid is set to daemon.
Is bgpd correctly configured ?
Yes. It has an entry in /etc/login.conf
man rc.subr explains it:
-- quote --
daemon_class Login class to run the daemon with, using su(1). This is
a read only variable that gets set by rc.subr itself. It
searches login.conf(5) for a login class that has the
same name as the rc.d script itself and uses that. If no
such login class exists then ``daemon'' will be used.
-- end quote --
is squid using the daemon class ?
Yes unless you have a stanze for squid in /etc/login.conf .
(And the README for the package advises you to create one)
A test _without_ a stanza for squid in /etc/login.conf and the first
line of /etc/rc.d/squid set to
#!/bin/sh -x
results in
root:/etc/rc.d:28# /etc/rc.d/squid start
+ daemon=/usr/local/sbin/squid
+ daemon_timeout=35
+ . /etc/rc.d/rc.subr
+ [ -n ]
+ [ -n /usr/local/sbin/squid ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ basename /etc/rc.d/squid
+ _name=squid
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/squid
+ _rc_do _rc_parse_conf
+ eval _rcflags=${squid_flags}
+ _rcflags=
+ eval _rcuser=${squid_user}
+ _rcuser=
+ eval _rctimeout=${squid_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf squid
+ /dev/null
+ 21
+ [ -z ]
+ daemon_class=daemon
+ [ -z ]
+ daemon_user=root
+ [ -z 35 ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ readonly daemon_class
+ unset _rcflags _rcuser _rctimeout
+ pexp=/usr/local/sbin/squid
+ rcexec=su -l -c daemon -s /bin/sh root -c
+ rc_cmd start
squid(ok)
The same _with_ a stanza for squid in /etc/login.conf gives
root:/etc/rc.d:34# /etc/rc.d/squid start
+ daemon=/usr/local/sbin/squid
+ daemon_timeout=35
+ . /etc/rc.d/rc.subr
+ [ -n ]
+ [ -n /usr/local/sbin/squid ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ basename /etc/rc.d/squid
+ _name=squid
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/squid
+ _rc_do _rc_parse_conf
+ eval _rcflags=${squid_flags}
+ _rcflags=
+ eval _rcuser=${squid_user}
+ _rcuser=
+ eval _rctimeout=${squid_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf squid
+ /dev/null
+ 21
+ daemon_class=squid
+ [ -z squid ]
+ [ -z ]
+ daemon_user=root
+ [ -z 35 ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ readonly daemon_class
+ unset _rcflags _rcuser _rctimeout
+ pexp=/usr/local/sbin/squid
+ rcexec=su -l -c squid -s /bin/sh root -c
+ rc_cmd start
squid(ok)
am I forced to use BSD::resources to strlimit in the perl script to
validate this ?
is getcap doing something else than printing ?
Yes, it returns $? which is used in rc.subr to set the login-class to
daemon when there is no service-specific stanza in /etc/login.conf
HTH
rru
Disk /dev/X is user root, group wheel, permissions brw-r-----.
Greetings! I'm trying to take care of the warnings I get in my daily insecurity output, and the one persisting is: Disk /dev/X is user root, group wheel, permissions brw-r-. where X is basically all of fd[0-9]*, rd*, sd*, vnd* and wd*. I tried chmod 600, as suggested somewhere on the Internet, but I simply got Disk /dev/X is user root, group wheel, permissions brw---. Any suggestions as to what this message is telling me? More generally, is it normal to get these warnings from a fresh install? I'm on 5.6-release, having simply enabled the nsd, httpd and spamd flags under /etc/rc.local.config. I ran chown root:kmem /dev/mem chown root:kmem /dev/kmem to comply with the warnings Checking special files and directories. Output format is: filename: criteria (shouldbe, reallyis) dev/kmem: gid (2, 0) dev/mem: gid (2, 0) mtree special: exit code 2 I'm using an i386 virtual machine with KVM. Below is my dmesg output. Thanks in advance for any pointers. Best regards, Ezequiel OpenBSD 5.6 (GENERIC) #274: Fri Aug 8 00:05:13 MDT 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: QEMU Virtual CPU version (cpu64-rhel6) (GenuineIntel 686-class) 3.31 GHz cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,LONG,SSE3,CX16,LAHF,PERF real mem = 267927552 (255MB) avail mem = 251097088 (239MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xff046, SMBIOS rev. 2.4 @ 0xec0 (10 entries) bios0: vendor Seabios version 0.5.1 date 01/01/2007 bios0: Red Hat KVM acpi0 at bios0: rev 0 acpi0: sleep states S5 acpi0: tables DSDT FACP SSDT APIC SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 999MHz ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 bios0: ROM list: 0xc/0x8c00 0xc9000/0x800 0xc9800/0x2200 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00 pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: QEMU HARDDISK wd0: 16-sector PIO, LBA48, 8192MB, 16777216 sectors wd0(pciide0:0:0): using PIO mode 0, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: QEMU, QEMU DVD-ROM, 0.12 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 0 uhci0 at pci0 dev 1 function 2 Intel 82371SB USB rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 Intel 82371AB Power rev 0x03: apic 0 int 9 iic0 at piixpm0 iic0: addr 0x1c 0f=00 words 00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 06=2978 07=2978 iic0: addr 0x1d 0f=00 words 00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 06=2978 07=2978 iic0: addr 0x4c 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 06=2978 07=2978 iic0: addr 0x4d 3e=d1 48=d1 4a=d1 4e=d1 fc=d1 fe=d1 words 00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 06=2978 07=2978 iic0: addr 0x4e 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 3e=d1 48=d1 4a=d1 4e=d1 fc=d1 fe=d1 words 00=2978 01=2978 02=2978 03=2978 04=2978 05=2978 06=2978 07=2978 vga1 at pci0 dev 2 function 0 Cirrus Logic CL-GD5446 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 Qumranet Virtio Network rev 0x00: Virtio Network Device vio0 at virtio0: address 00:16:3c:0e:65:13 virtio0: apic 0 int 11 virtio1 at pci0 dev 4 function 0 Qumranet Virtio Memory rev 0x00: Virtio Memory Balloon Device viomb0 at virtio1 virtio1: apic 0 int 11 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: density unknown fd1 at fdc0 drive 1: density unknown usb0 at uhci0: USB revision 1.0 uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1 nvram: invalid checksum uhidev0 at uhub0 port 1 configuration 1 interface 0 QEMU 0.12.1 QEMU USB Tablet rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 uhid0 at uhidev0: input=6, output=0, feature=0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root
Re: Squid configuration
On Wed, Dec 3, 2014 at 4:11 PM, Einfach Jemand rru@gmail.com wrote:
Am 03.12.2014 12:59, schrieb sven falempin:
On Tue, Dec 2, 2014 at 9:55 PM, Steve Shockley
steve.shock...@shockley.net wrote:
On 12/2/2014 8:49 PM, Einfach Jemand wrote:
Hmm, I checked on one of my boxen and there /etc/passwd has
_squid
^! Note the underline.
as account for this package, so you probably want
According to the package README:
When started by rc.d(8) (i.e. via pkg_scripts in rc.conf.local or from
${RCDIR}/squid start) the appropriately-named login class is used
automatically.
So, the underline shouldn't be necessary.
The login would be apply in a rc script ? I looked into that :
is that why the _ goes away ?
_name=$(basename $0)
[.. so name of the rc script is sed to get compiled login.conf info..]
getcap -f /etc/login.conf ${_name} 1/dev/null 21
[ but this only print stuff according to man page ]
There is a rcexec that force the usage of the login class
grep rcexec /etc/rc.d/*
unbound use it, but not squid.
I guess my perl script would have to do a strlimit after dropping
privilege to open 4096 files.
On the other hand, the class is supposed to be in master.passwd or be
to default:
name User's login name.
password User's encrypted password.
uid User's login user ID.
gid User's login group ID.
class User's general classification (see login.conf(5)).
change Password change time.
expire Account expiration time.
gecos General information about the user.
home_dir User's home directory.
shell User's login shell.
_squid:*:515:515:daemon:0:0:Squid Account:
_bgpd:*:75:75::0:0:BGP Daemon:/var/empty:/sbin/nologin
bgpd class is blank, squid is set to daemon.
Is bgpd correctly configured ?
Yes. It has an entry in /etc/login.conf
man rc.subr explains it:
-- quote --
daemon_class Login class to run the daemon with, using su(1). This is
a read only variable that gets set by rc.subr itself. It
searches login.conf(5) for a login class that has the
same name as the rc.d script itself and uses that. If no
such login class exists then ``daemon'' will be used.
-- end quote --
is squid using the daemon class ?
Yes unless you have a stanze for squid in /etc/login.conf .
(And the README for the package advises you to create one)
A test _without_ a stanza for squid in /etc/login.conf and the first
line of /etc/rc.d/squid set to
#!/bin/sh -x
results in
root:/etc/rc.d:28# /etc/rc.d/squid start
+ daemon=/usr/local/sbin/squid
+ daemon_timeout=35
+ . /etc/rc.d/rc.subr
+ [ -n ]
+ [ -n /usr/local/sbin/squid ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ basename /etc/rc.d/squid
+ _name=squid
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/squid
+ _rc_do _rc_parse_conf
+ eval _rcflags=${squid_flags}
+ _rcflags=
+ eval _rcuser=${squid_user}
+ _rcuser=
+ eval _rctimeout=${squid_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf squid
+ /dev/null
+ 21
+ [ -z ]
+ daemon_class=daemon
+ [ -z ]
+ daemon_user=root
+ [ -z 35 ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ readonly daemon_class
+ unset _rcflags _rcuser _rctimeout
+ pexp=/usr/local/sbin/squid
+ rcexec=su -l -c daemon -s /bin/sh root -c
+ rc_cmd start
squid(ok)
The same _with_ a stanza for squid in /etc/login.conf gives
root:/etc/rc.d:34# /etc/rc.d/squid start
+ daemon=/usr/local/sbin/squid
+ daemon_timeout=35
+ . /etc/rc.d/rc.subr
+ [ -n ]
+ [ -n /usr/local/sbin/squid ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ basename /etc/rc.d/squid
+ _name=squid
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/squid
+ _rc_do _rc_parse_conf
+ eval _rcflags=${squid_flags}
+ _rcflags=
+ eval _rcuser=${squid_user}
+ _rcuser=
+ eval _rctimeout=${squid_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf squid
+ /dev/null
+ 21
+ daemon_class=squid
+ [ -z squid ]
+ [ -z ]
+ daemon_user=root
+ [ -z 35 ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ [ -n ]
+ readonly daemon_class
+ unset _rcflags _rcuser _rctimeout
+ pexp=/usr/local/sbin/squid
+ rcexec=su -l -c squid -s /bin/sh root -c
+ rc_cmd start
squid(ok)
am I forced to use BSD::resources to strlimit in the perl script to
validate this ?
is getcap doing something else than printing ?
Yes, it returns $? which is used in rc.subr to set the login-class to
daemon when there is no service-specific stanza in /etc/login.conf
HTH
rru
Ich verstehe jetzt
the answer to the BSD::resources is yes apparently
# su -l -c squid -s /bin/sh root -c perl /root/fds.pl
uid=515(_squid) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
5(operator), 20(staff), 31(guest)
ksh: ulimit: Permission denied
Error in tempfile() using template /tmp/XX: Could not create
temp file /tmp/f7PQGePzoX: Too many open files at /root/fds.pl line
20.
Count:125
--
Re: OT:Password strength
On December 3, 2014 9:10:42 PM CET, Jason Adams adams...@gmail.com wrote: On 12/03/2014 12:04 PM, Ted Unangst wrote: On Wed, Dec 03, 2014 at 08:27, Brad Smith wrote: On 11/30/14 15:20, Ted Unangst wrote: Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka That defeats the purpose of the second example in the OPs question. If you want strong, short passwords that look ridiculous: dd if=/dev/random bs=1 count=9 | b64encode password And then try to remember that mess, or type it, especially into a smartphone. Gaak! 8-O base64 ain't that bad, but might lack those special symbols which we all know makes all the difference between a bad and a good password...
Re: Disk /dev/X is user root, group wheel, permissions brw-r-----.
On 2014-12-03 21.23.13 +, Ezequiel Garzon wrote: Disk /dev/X is user root, group wheel, permissions brw-r-. It must be root.operator and the mode must NOT include user-readable, user-writable, or group-readable. -Mike
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
On Wed, Dec 3, 2014 at 4:54 PM, Mikkel C. Simonsen m...@post5.tele.dk wrote: As I have written many times - used thin clients are available in huge numbers as scrap. Many of them have a PCI or PCIe slot, so adding a second NIC is easy. I often use thin clients with a Compaq 2- or 4-port NIC. Total cost about 15-20 euros. That's interesting - what soft of brand name or product name would I search for? I'm not really familiar with any thin clients -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: [Bulk] Generic Question: Floating point, MMU
On Thu, 04 Dec 2014 08:35:11 +1300 worik wrote: For ones that lack MMU or floating-point, Linux is it. Other ones that have MMU and FP can run OpenBSD, although significant porting effort is required. And they have 8MB to 16MB flash, which means you are running a ramdisk kernel and that's about it. Why is OpenBSD the choice only if you have a floating point? And I would have thought Linux would not do well without a MMU. I know people have ported Linux to all sorts of things, but no MMU? Check out uclinux They have come up with special memory handling to avoid memory fragmentation but It's probably still far wide of the mark for reliable or for that matter secure porting without great care.
Re: Disk /dev/X is user root, group wheel, permissions brw-r-----.
It must be root.operator and the mode must NOT include user-readable, user-writable, or group-readable. Thanks, Mike, but isn't that achieved by chmod 600? And yet I get Disk /dev/X is user root, group wheel, permissions brw---. in the next daily insecurity output. Maybe I don't know what operator means in this context. Does it mean root user? Thanks and cheers, Ezequiel
Re: Disk /dev/X is user root, group wheel, permissions brw-r-----.
On 2014-12-03 22.28.50 +, Ezequiel Garzon wrote: It must be root.operator and the mode must NOT include user-readable, user-writable, or group-readable. Maybe I don't know what operator means in this context. chgrp operator /dev/X -Mike
Re: [Bulk] Re: OT:Password strength
On Wed, 03 Dec 2014 22:53:22 +0100
Alexander Hall wrote:
If you want strong, short passwords that look ridiculous:
dd if=/dev/random bs=1 count=9 | b64encode password
And then try to remember that mess, or type it, especially into
a smartphone. Gaak! 8-O
base64 ain't that bad, but might lack those special symbols which we all know
makes all the difference between a bad and a good password...
This is what I came up with
#!/bin/sh
n=$1
max=500
rn=$(($RANDOM %max + 1 ))
[[ -n $n ]] || n=12
if [[ $n -lt 8 ]]; then
echo Using 12 as the password length, a length of $n would be too weak
fi
rn2=$rn
let rn2=$rn2+$n-1
p=$( /bin/dd if=/dev/urandom bs=2000 count=1 2/dev/null | tr -cd
a-zA-Z0-9?.,!\-()@/:_;+%*=$[]{}/\~^#| | cut -c $rn-$rn2 )
echo ${p}
ftp-proxy pf operation failed: Device busy
Solved problem, but I'm mentioning it here for anyone searching the list archives. If you use ftp-proxy and are having a failure to add rules for the data-channel connections, with accompanying verbose mode log entries like pf operation failed: Device busy, check the ftp-proxy command line and look for queues that no longer exist. (Thanks phessler for a clue on this one :)
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
2014-12-03 18:49 GMT+01:00 Alan McKay alan.mc...@gmail.com: Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? Yes. There are archives of this list.
Re: missing packages for SPARC
We keep having this tail of zombie architectures. Long obsolete hardware, run by few people, with pitiful best effort package builds happening each release and with luck once between. They slowly sink under the accumulating bitrot that nobody cares to fix, but at the same time people can't bring themselves to completely abandon those archs. *shrug* snip I will dust off my ss20 this weekend see if it powers up. A SparcStation 20 is a relic for historical reference only. A cool item and if it powers up I would be surprised. However it won't make any more sense than to have a 1976 Ford truck as a daily driver. It would be a waste of effort to look at anything previous to a Sun Fire V890 or any UltraSPARC IV based server. There are very few out there running Solaris any more and only hobby types have SPARC anywhere else. I ran OpenBSD 5.4 briefly on a small UltraSPARC Netra and it ran very well. However I ran into issues trying to compile things. I may look at OpenBSD again but really anything less than a modern Niagara class UltraSparc would be wasted efforts I think. Dennis
Re: missing packages for SPARC
We keep having this tail of zombie architectures. Long obsolete hardware, run by few people, with pitiful best effort package builds happening each release and with luck once between. They slowly sink under the accumulating bitrot that nobody cares to fix, but at the same time people can't bring themselves to completely abandon those archs. *shrug* snip I will dust off my ss20 this weekend see if it powers up. A SparcStation 20 is a relic for historical reference only. A cool item and if it powers up I would be surprised. However it won't make any more sense than to have a 1976 Ford truck as a daily driver. It would be a waste of effort to look at anything previous to a Sun Fire V890 or any UltraSPARC IV based server. There are very few out there running Solaris any more and only hobby types have SPARC anywhere else. I ran OpenBSD 5.4 briefly on a small UltraSPARC Netra and it ran very well. However I ran into issues trying to compile things. I may look at OpenBSD again but really anything less than a modern Niagara class UltraSparc would be wasted efforts I think. You are speaking out of turn, basically insulting people who want to make sure that older architectures do work. The Sun Fire V890 and Niagara machines are not sparc architecture. They are sparc64.
Re: missing packages for SPARC
I will dust off my ss20 this weekend see if it powers up. A SparcStation 20 is a relic for historical reference only. A cool item and if it powers up I would be surprised. However it won't make any more sense than to have a 1976 Ford truck as a daily driver. It would be a waste of effort to look at anything previous to a Sun Fire V890 or any UltraSPARC IV based server. There are very few out there running Solaris any more and only hobby types have SPARC anywhere else. I ran OpenBSD 5.4 briefly on a small UltraSPARC Netra and it ran very well. However I ran into issues trying to compile things. I may look at OpenBSD again but really anything less than a modern Niagara class UltraSparc would be wasted efforts I think. You are speaking out of turn, basically insulting people who want to make sure that older architectures do work. The Sun Fire V890 and Niagara machines are not sparc architecture. They are sparc64. Not sure where the anger is coming from. Regardless, there may be people that are interested in running OpenBSD on a DEC alphaserver or even a Sun SparcStation 20 from 1996 and that may just be entertainment. I would hope that there was an interest in more modern architectures where OpenBSD may run very very well. Oh just shut up. I would hope you can keep your mouth shut when people talk about the things they love to hack on. Because otherwise, you know, you might come off looking like you are a self-entitled prick who only wants them to work on things you want, you know?
Re: missing packages for SPARC
On Wed, Dec 03, 2014 at 05:54:14PM -0500, dev wrote: We keep having this tail of zombie architectures. Long obsolete hardware, run by few people, with pitiful best effort package builds happening each release and with luck once between. They slowly sink under the accumulating bitrot that nobody cares to fix, but at the same time people can't bring themselves to completely abandon those archs. *shrug* snip I will dust off my ss20 this weekend see if it powers up. A SparcStation 20 is a relic for historical reference only. A cool item and if it powers up I would be surprised. However it won't make any more sense than to have a 1976 Ford truck as a daily driver. What you miss is that running on these architectures expose bugs that would otherwise not be found. Endianness issues, timing differences due to slower CPUs, alignment bugs, etc... And those bugs sometimes turn out to be MI bugs that affect all architectures. It would be a waste of effort to look at anything previous to a Sun Fire V890 or any UltraSPARC IV based server. There are very few out there running Solaris any more and only hobby types have SPARC anywhere else. I ran OpenBSD 5.4 briefly on a small UltraSPARC Netra and it ran very well. However I ran into issues trying to compile things. I may look at OpenBSD again but really anything less than a modern Niagara class UltraSparc would be wasted efforts I think. Dennis
Re: missing packages for SPARC
On Wed, Dec 03, 2014 at 05:54:14PM -0500, dev wrote: We keep having this tail of zombie architectures. Long obsolete hardware, run by few people, with pitiful best effort package builds happening each release and with luck once between. They slowly sink under the accumulating bitrot that nobody cares to fix, but at the same time people can't bring themselves to completely abandon those archs. *shrug* snip I will dust off my ss20 this weekend see if it powers up. A SparcStation 20 is a relic for historical reference only. A cool item and if it powers up I would be surprised. However it won't make any more sense than to have a 1976 Ford truck as a daily driver. What you miss is that running on these architectures expose bugs that would otherwise not be found. Endianness issues, timing differences due to slower CPUs, alignment bugs, etc... And those bugs sometimes turn out to be MI bugs that affect all architectures. Mike, you are talking way over his head...
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
Alan McKay wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? As I have written many times - used thin clients are available in huge numbers as scrap. Many of them have a PCI or PCIe slot, so adding a second NIC is easy. I often use thin clients with a Compaq 2- or 4-port NIC. Total cost about 15-20 euros. Best regards, Mikkel C. Simonsen
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
I see one of these on my local kijiji but can't tell whether or not it has a PCI slot. It is not on the hardware list of that parkytowers site http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/12454-12454-321959-338927-5112717-5295294.html?dnr=2
Re: missing packages for SPARC
You are speaking out of turn, basically insulting people who want to make sure that older architectures do work. The Sun Fire V890 and Niagara machines are not sparc architecture. They are sparc64. Not sure where the anger is coming from. Regardless, there may be people that are interested in running OpenBSD on a DEC alphaserver or even a Sun SparcStation 20 from 1996 and that may just be entertainment. I would hope that there was an interest in more modern architectures where OpenBSD may run very very well. Oh just shut up. I would hope you can keep your mouth shut when people talk about the things they love to hack on. Because otherwise, you know, you might come off looking like you are a self-entitled prick who only wants them to work on things you want, you know? Actually I was closely following the discussion on utf8 issues and found it interesting. OpenBSD is generally looked at as a serious and secure UNIX implementation and I was giving consideration to getting GCC 4.9.2 built ansd tested on it. I don't see results[1] in the GCC project for recent GCC and felt it would be of value to try. With a recent GCC it may have been possible to then build Apache 2.4.x and some other things that would allow an up to date set of tools to exist. These would allow a web site to run with great security and stability. Really that was my entire interest in OpenBSD. Oh, that and the LibreSSL work and OpenSSH of course. You, however, seem to feel a need to crash into a room like a mad man off his meds. Not sure what your intent is. What is it? Really? Dennis [1] https://gcc.gnu.org/gcc-4.9/buildstat.html
OT but reasonable
I noticed this never was delivered to the list. For whats its worth .. this was really what I was thinking. Dennis -- Original Message -- From: dev d...@cor0.com To: Theo de Raadt dera...@cvs.openbsd.org Cc: patrick keshishian pkesh...@gmail.com, Christian Weisgerber na...@mips.inka.de Date: December 3, 2014 at 6:36 PM Subject: Re: missing packages for SPARC You are speaking out of turn, basically insulting people who want to make sure that older architectures do work. The Sun Fire V890 and Niagara machines are not sparc architecture. They are sparc64. Not sure where the anger is coming from. Regardless, there may be people that are interested in running OpenBSD on a DEC alphaserver or even a Sun SparcStation 20 from 1996 and that may just be entertainment. I would hope that there was an interest in more modern architectures where OpenBSD may run very very well. Oh just shut up. I would hope you can keep your mouth shut when people talk about the things they love to hack on. Because otherwise, you know, you might come off looking like you are a self-entitled prick who only wants them to work on things you want, you know? Actually I was closely following the discussion on utf8 issues and found it interesting. OpenBSD is generally looked at as a serious and secure UNIX implementation and I was giving consideration to getting GCC 4.9.2 built ansd tested on it. I don't see results[1] in the GCC project for recent GCC and felt it would be of value to try. With a recent GCC it may have been possible to then build Apache 2.4.x and some other things that would allow an up to date set of tools to exist. These would allow a web site to run with great security and stability. Really that was my entire interest in OpenBSD. Oh, that and the LibreSSL work and OpenSSH of course. You, however, seem to feel a need to crash into a room like a mad man off his meds. Not sure what your intent is. What is it? Really? Dennis [1] https://gcc.gnu.org/gcc-4.9/buildstat.html
Re: missing packages for SPARC
snip I will dust off my ss20 this weekend see if it powers up. A SparcStation 20 is a relic for historical reference only. A cool item and if it powers up I would be surprised. However it won't make any more sense than to have a 1976 Ford truck as a daily driver. It would be a waste of effort to look at anything previous to a Sun Fire V890 or any UltraSPARC IV based server. There are very few out there running Solaris any more and only hobby types have SPARC anywhere else. I ran OpenBSD 5.4 briefly on a small UltraSPARC Netra and it ran very well. However I ran into issues trying to compile things. I may look at OpenBSD again but really anything less than a modern Niagara class UltraSparc would be wasted efforts I think. You are speaking out of turn, basically insulting people who want to make sure that older architectures do work. The Sun Fire V890 and Niagara machines are not sparc architecture. They are sparc64. Not sure where the anger is coming from. Regardless, there may be people that are interested in running OpenBSD on a DEC alphaserver or even a Sun SparcStation 20 from 1996 and that may just be entertainment. I would hope that there was an interest in more modern architectures where OpenBSD may run very very well. Dennis
Re: missing packages for SPARC
On 3 Dec 2014 at 18:36, dev wrote: You are speaking out of turn, basically insulting people who want to make sure that older architectures do work. The Sun Fire V890 and Niagara machines are not sparc architecture. They are sparc64. Not sure where the anger is coming from. Regardless, there may be people that are interested in running OpenBSD on a DEC alphaserver or even a Sun SparcStation 20 from 1996 and that may just be entertainment. I would hope that there was an interest in more modern architectures where OpenBSD may run very very well. Oh just shut up. I would hope you can keep your mouth shut when people talk about the things they love to hack on. Because otherwise, you know, you might come off looking like you are a self-entitled prick who only wants them to work on things you want, you know? Actually I was closely following the discussion on utf8 issues and found it interesting. OpenBSD is generally looked at as a serious and secure UNIX implementation and I was giving consideration to getting GCC 4.9.2 built ansd tested on it. I don't see results[1] in the GCC project for recent GCC and felt it would be of value to try. With a recent GCC it may have been possible to then build Apache 2.4.x and some other things that would allow an up to date set of tools to exist. These would allow a web site to run with great security and stability. Really that was my entire interest in OpenBSD. Oh, that and the LibreSSL work and OpenSSH of course. You, however, seem to feel a need to crash into a room like a mad man off his meds. Not sure what your intent is. What is it? Really? Pot meet kettle. Of course the big difference is that kettle has been running the show (and very successully too) for the past two decades. Now, let this thread die! All entertainment value has long evaporated. Dennis [1] https://gcc.gnu.org/gcc-4.9/buildstat.html
Re: missing packages for SPARC
Hi, dev wrote: It would be a waste of effort to look at anything previous to a Sun Fire V890 or any UltraSPARC IV based server. There are very few out there running Solaris any more and only hobby types have SPARC anywhere else. The first thing you forget is the fun factor. People devote time in open-source also because of fun and other profit from it. If everything was for profit, a lot wouldn't exist. Otherwise just use Windows or RedHat on intel... and suffer with their bugs! You might find fun in driving your 1976 car and even learn how to steer, how to drive without traction control. Perhaps you won't use it for daily commuting, but to go to the lake in the weekends? Also, we are not speaking here of Solaris, but on OpenBSD. It can run on slower stuff even. Last point, I develop (= code) open source software since many years. Not only I take pride that it runs on lesser known architectures and operating systems, but doing so helped me find so many bugs that make my software more robust and reliable than the average program coded for Linux and x86. Buffer overflows, uninitialized variables.. especially structure members are very sensitive on SPARC. My stuff is more desktop oriented, so perhaps of less use for some people here, but still ! Right below my SS20 there is a Fire, so don't worry, I'm working to get my stuff working on Solaris and UltraSPARC too. If it runs on both, it is a gain for the free software world. Riccardo
Re: missing packages for SPARC
On Wed, Dec 03, 2014 at 04:42:52PM +0100, Tobias Ulmer wrote: On Tue, Dec 02, 2014 at 10:35:43PM +0100, Riccardo Mottola wrote: Hi, I was pkg_add'ing some essential packages on a freshly installed SPARC machine. I noticed that several packages are missing. I thought it was the mirror, but they are missing on the master ftp too. I know that some packages might not build on sparc or do not have sense on that platform, however I was looking for pretty general stuff: libxmsl, libxslt or subversion. It looks like sparc 5.6 package were built without the modf fix :( http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/arch/sparc/gen/modf.S There isn't much that doesn't require python as a build-depends somewhere... Ok, that fix made me able to build mutt, phyton 2.7. You're welcome to help out. There is an open issue with bash and setjmp/longjmp (guessing) that breaks dbus (iirc). I've lost countless hours and gave up on that. Yeah, I got blocked with bash dependent ports (ruby-2.0 for subversion). For a limited time, my small untrustworthy local sparc 5.6-stable package collection: http://vent.eintr.net:8040/pub/OpenBSD/5.6/packages/sparc/
Re: missing packages for SPARC
On Wed, Dec 03, 2014 at 09:46:04PM +0100, Christian Weisgerber wrote:
patrick keshishian:
how do you guys deal with disk space with sparc machines?
NFS?
Distfiles and packages on NFS, obj on local disk.
That works well. But I got tired of that especialy since I was down
to a 1G drive and I had to have /usr/{src,ports,obj,xenocara,xobj}
on NFS.
I put a new Seagate 73GB SCA drive in my SparcStation 20 (150MHz/224MB).
It works but I can only use part of it.
After I got a few kmem_map out of space panic inside ufs_readdir.
I reduced my biggest partition from 25GB to 12GB and that seems to
have made them go away.
Although now, under heavy disk load, it cannot keep the clock
in time. I loose about 1 hours over a make build. (better than the
defunct mac68k port, annoying still.)
You may get different results with other SCA compatible Sparcs or
slower systems.
OpenBSD 5.6-stable (GENERIC) #2: Mon Dec 1 16:20:42 EST 2014
r...@ss20.eintr.net:/usr/src/sys/arch/sparc/compile/GENERIC
real mem = 234319872 (223MB)
avail mem = 225472512 (215MB)
mainbus0 at root: SUNW,SPARCstation-20
cpu0 at mainbus0: RT620/625 @ 150 MHz, on-chip FPU
cpu0: 512K byte write-back, 32 bytes/line, sw flush cache enabled
obio0 at mainbus0
clock0 at obio0 addr 0xf120: mk48t08 (eeprom)
timer0 at obio0 addr 0xf130: delay constant 48, frequency 200 Hz
zs0 at obio0 addr 0xf110 pri 12, softpri 6
zstty0 at zs0 channel 0: console
zstty1 at zs0 channel 1
zs1 at obio0 addr 0xf100 pri 12, softpri 6
zskbd0 at zs1 channel 0: no keyboard
zsms0 at zs1 channel 1
wsmouse0 at zsms0 mux 0
fdc0 at obio0 addr 0xf170 pri 11, softpri 4: chip 82077
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
auxreg0 at obio0 addr 0xf180
power0 at obio0 addr 0xf1a01000
cgfourteen0 at obio0 addr 0x9c00 pri 8: 8MB, rev 3.0, 1152x900
wsdisplay0 at cgfourteen0 mux 1
wsdisplay0: screen 0 added (std, sun emulation)
iommu0 at mainbus0 ioaddr 0xe000: version 0x1/0x1, page-size 4096, range
64MB
sbus0 at iommu0: 25 MHz
dma0 at sbus0 slot 15 offset 0x40: rev 2
esp0 at dma0 offset 0x80 pri 4: ESP200, 40MHz
scsibus0 at esp0: 8 targets, initiator 7
sd0 at scsibus0 targ 3 lun 0: SEAGATE, ST373455LC, 0003 SCSI3 0/direct fixed
naa.5000
sd0: 70007MB, 512 bytes/sector, 143374744 sectors
cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-4101TASUNSLCD, 1084 SCSI2 5/cdrom
removable
ledma0 at sbus0 slot 15 offset 0x400010: rev 2
le0 at ledma0 offset 0xc0 pri 6: address 08:00:20:23:6b:8e
le0: 16 receive buffers, 4 transmit buffers
bpp0 at sbus0 slot 15 offset 0x480: DMA2
SUNW,DBRIe at sbus0 slot 14 offset 0x1 not configured
cgsix0 at sbus0 slot 2 offset 0x0 pri 9: SUNW,501-2325, 1152x900, rev 11
wsdisplay1 at cgsix0 mux 1
wsdisplay1: screen 0 added (std, sun emulation)
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
bootpath: /iommu@f,e000/sbus@f,e0001000/espdma@f,40/esp@f,80/sd@3,0
root on sd0a (9794594d03d23d76.a) swap on sd0b dump on sd0b
Re: OT:Password strength
On 12/03/14 15:04, Ted Unangst wrote: On Wed, Dec 03, 2014 at 08:27, Brad Smith wrote: On 11/30/14 15:20, Ted Unangst wrote: Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka That defeats the purpose of the second example in the OPs question. If you want strong, short passwords that look ridiculous: dd if=/dev/random bs=1 count=9 | b64encode password Still not getting it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Staying -current with cvsup or cvsync
On 2014-12-02, Jungle Boogie jungleboog...@gmail.com wrote: Dear Stuart, From: Stuart Henderson s...@spacehopper.org Sent: Tue, 2 Dec 2014 10:40:22 + (UTC) To: misc@openbsd.org Subject: Re: Staying -current with cvsup or cvsync On 2014-11-28, Jungle Boogie jungleboog...@gmail.com wrote: Hello All, For the last several updates I've applied to my system, I've used plain CVS: cvs -q up -Pd This is pretty slow for some reason, but I understand that's just how CVS works. I just timed an update of /usr/ports on my laptop at 63 seconds. That's fetching from a good anoncvs server, with /usr/ports on SSD and mounted like this /dev/sd1j on /usr/ports type ffs (local, noatime, nodev, nosuid, softdep) 63 seconds is quite impressive! I've got a pata drive with only: (local, nodev) softdep can help a lot with big cvs updates, especially on disks which are slower to access. Lots of files involved in a ports or src cvs tree (especially ports) so there are a large number of inode changes that need to be written to disk, How often do you fetch/rebuild? It varies, I probably update the entire ports tree on my laptop once or twice a week, and smaller parts if I'm working on them or if I see an update I want in the commit log. For base, the last full update I did was about 10 days ago, but again I've updated smaller parts more often and I often update the kernel every few days. There will be lots of differences between people (and at different times depending on what they're working on).
Re: OT:Password strength
On Wed, Dec 3, 2014, at 08:27 AM, Brad Smith wrote: On 11/30/14 15:20, Ted Unangst wrote: Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka That defeats the purpose of the second example in the OPs question. I think I like Schneier's scheme: So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like This little piggy went to market might become tlpWENT2m. That nine-character password won't be in anyone's dictionary. Of course, don't use this one, because I've written about it. Choose your own sentence -- something personal. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html This scheme generates long hard passwords that are fairly easy to remember. And if I had read this article first I never would have asked my original question. Thanks to all who contributed, but I think we can kill this thread now.
intermittent problems compiling kdrive in xenocara
So, I am dumb. Problem is, I don't know what it is that I don't know. Every once in a while compiling xenocara, I get a fatal error when dealing with kdrive. I've looked for emails talking about this and haven't found anything. I've gone over release(8) and think I'm OK. What's frustrating is that this error comes and goes. Sometimes for months at a time things are OK. I've resorted to getting a new copy of xenocara when this happens, which is dumb. I'm using the anoncvs server at spacehopper.org. Since others aren't complaining about this it must be me. So then, how am I shooting myself (this time) ? Clue sticks? Error below. tnx, STeve Andre' === kdrive cd /usr/xenocara/kdrive exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/kdrive exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/kdrive exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig:/usr/X11R6/lib/pkgconfig CONFIG_SITE=/usr/xenocara/etc/config.site CFLAGS=-O2 -pipe MAKE=make PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin exec sh /usr/xenocara/kdrive/../xserver/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 --localstatedir=/var --sysconfdir=/etc/X11 --with-xkb-path=/usr/X11R6/share/X11/xkb --with-xkb-output=/var/db/xkb --with-default-xkb-rules=base --disable-xorg --enable-xcsecurity --enable-kdrive --disable-dmx --disable-xnest --disable-xvfb --without-fop --without-xmlto --without-xsltproc --disable-silent-rules configure: loading site script /usr/xenocara/etc/config.site configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/kdrive/../xserver/configure[3569]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory checking for a BSD-compatible install... (cached) /usr/bin/install -p checking whether build environment is sane... yes checking for a thread-safe mkdir -p... (cached) /bin/mkdir -p checking for gawk... (cached) awk checking whether make sets $(MAKE)... (cached) yes configure: error: source directory already configured; run make distclean there first *** Error 1 in kdrive (/usr/X11R6/share/mk/bsd.xorg.mk:179 'config.status') *** Error 1 in kdrive (/usr/X11R6/share/mk/bsd.xorg.mk:211 'build') *** Error 1 in . (bsd.subdir.mk:48 'realbuild') *** Error 1 in /usr/xenocara (Makefile:36 'build')
Re: Is there something seriously wrong ?
Bye Dennis. Not going to be influenced by you. This is one of those rare situations when I post a rebuke towards me from the public. This group does what it does. We provide benefit to you. You have no right to try to turn it around on us, on me. The money and business you talk to is a complete lie, or I would have heard of you before. Admin Name: CLARKE, DENNIS Admin Organization: Corvidae Code Inc. Admin Street: 153 Chatham Street Admin City: Brantford Admin State/Province: ON Admin Postal Code: N3S 4G5 Admin Country: CA Admin Phone: +1.5197717761 From d...@cor0.com Wed Dec 3 17:06:30 2014 Delivered-To: dera...@cvs.openbsd.org Date: Wed, 3 Dec 2014 19:06:16 -0500 (EST) From: dev d...@cor0.com Reply-To: dev d...@cor0.com To: Theo de Raadt dera...@cvs.openbsd.org In-Reply-To: 201412032359.sb3nxg6y026...@atl4mhib38.myregisteredsite.com References: 201412032359.sb3nxg6y026...@atl4mhib38.myregisteredsite.com Subject: Re: Is there something seriously wrong ? MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Medium X-Mailer: Open-Xchange Mailer v7.4.2-Rev27 On December 3, 2014 at 6:59 PM Theo de Raadt dera...@cvs.openbsd.org wrote: Oh thanks for the advice mr businessman! Let's be honest. You aren't going to do anything at the source code level which affects anyone. You won't contribute anything except for words. Get lost. I don't have time for your type, and you don't have time for my type. Actually I generally invest and then support in various ways. Money and marketing go a long way to getting valid work done. Someone who can invest for three years with a project plan that leads to a viable product tends to know what he is doing. Did it before. Am doing it now with other projects. However, for some obscure reason that only you know, you lash out in anger and hated at the drop of a hat. Any hat. That kills interest and drives people away. Interested people. At great risk of telling you something that may not be fully understood by you, source code is not the product or the project. Everything around the source code is the product and the project also. You seem to have a problem. I don't think you fully know the damage that you are doing to yourself, to others and to your project. Dennis Clarke
Re: missing packages for SPARC
You are speaking out of turn, basically insulting people who want to make sure that older architectures do work. The Sun Fire V890 and Niagara machines are not sparc architecture. They are sparc64. Not sure where the anger is coming from. Regardless, there may be people that are interested in running OpenBSD on a DEC alphaserver or even a Sun SparcStation 20 from 1996 and that may just be entertainment. I would hope that there was an interest in more modern architectures where OpenBSD may run very very well. Oh just shut up. I would hope you can keep your mouth shut when people talk about the things they love to hack on. Because otherwise, you know, you might come off looking like you are a self-entitled prick who only wants them to work on things you want, you know? Actually I was closely following the discussion on utf8 issues and found it interesting. OpenBSD is generally looked at as a serious and secure UNIX implementation and I was giving consideration to getting GCC 4.9.2 built ansd tested on it. I don't see results[1] in the GCC project for recent GCC and felt it would be of value to try. With a recent GCC it may have been possible to then build Apache 2.4.x and some other things that would allow an up to date set of tools to exist. These would allow a web site to run with great security and stability. Really that was my entire interest in OpenBSD. Oh, that and the LibreSSL work and OpenSSH of course. You, however, seem to feel a need to crash into a room like a mad man off his meds. Not sure what your intent is. What is it? Really? Let's be quite honest about this Dennis. You aren't going to do shit because you don't have any skills. You are just a business person, not a programmer. Thank you for adding the value of your words.
Re: missing packages for SPARC
dev wrote: It would be a waste of effort to look at anything previous to a Sun Fire V890 or any UltraSPARC IV based server. There are very few out there running Solaris any more and only hobby types have SPARC anywhere else. The first thing you forget is the fun factor. People devote time in open-source also because of fun and other profit from it. If everything was for profit, a lot wouldn't exist. Otherwise just use Windows or RedHat on intel... and suffer with their bugs! You might find fun in driving your 1976 car and even learn how to steer, how to drive without traction control. Perhaps you won't use it for daily commuting, but to go to the lake in the weekends? Also, we are not speaking here of Solaris, but on OpenBSD. It can run on slower stuff even. Last point, I develop (= code) open source software since many years. Not only I take pride that it runs on lesser known architectures and operating systems, but doing so helped me find so many bugs that make my software more robust and reliable than the average program coded for Linux and x86. Buffer overflows, uninitialized variables.. especially structure members are very sensitive on SPARC. My stuff is more desktop oriented, so perhaps of less use for some people here, but still ! Right below my SS20 there is a Fire, so don't worry, I'm working to get my stuff working on Solaris and UltraSPARC too. If it runs on both, it is a gain for the free software world. Sorry Riccardo, but Dennis is a businessman. He does not care if you love doing this. He would prefer that you work on what HE NEEDS. If you want to find out more, you can reach him at: Admin Name: CLARKE, DENNIS Admin Organization: Corvidae Code Inc. Admin Street: 153 Chatham Street Admin City: Brantford Admin State/Province: ON Admin Postal Code: N3S 4G5 Admin Country: CA Admin Phone: +1.5197717761 Not that you need to reach out to him. People like him are very common. You could walk down the street and find a person with his simplistic attitude. They simply don't believe that good things are built by people who love building good things. After all, they are people of business. They will never understand the magic that creates the effects that have paid for their houses. They think it is all build on modern foundations, and that building on the stones of the past provides no benefit. Future, ho. The past is just rubble, right. But do say hi if you call him. Again, I think there is no point in bothering. He is common. You can find people with his simplistic attitude be stepping outside. (Except those people on your street rarely arrive on a mailing list and preach that people should stop loving what they love). Of course I have far more reactionary private mails from him exposing his character. The waste of my time stops here, so should the waste of your time -- work on the wonderful things you want to. We never know the fruits until we try.
Re: ffs and utf8
Joel Rees writes: 2014/12/03 22:23 Dmitrij D. Czarkoff czark...@gmail.com: First of all, I really don't believe that preservation of non-canonical form should be a consideration for any software. There is no particular canonical form for some kinds of software. Unix, in particular, happens to have file name limitations that are compatible with all versions of Unicode past 2.0, at least, in UTF-8, but it has no native encoding. To me, the current state of affairs--where filenames can contain anything and the same filename can and does get interpreted differently by different programs--feels extremely dangerous. Moving to a single, well-defined encoding for filenames would make things simpler and safer. Well, it might. That's why we're discussing this carefully, to figure out if something like this is actually workable. There are two kinds of features being discussed: 1) Unicode normalization. This is analogous to case insensitivity: multiple filenames map to the same (normalized) filename. 2) Disallowing particular characters. 1-31 and invalid UTF-8 sequences are popular examples. Maybe one is workable. Maybe both are, or neither. Say I have a hypothetical machine with the above two features (normalizing to NFC, disallowing 1-31/invalid UTF-8). Now I log into a typical Unix anything but \0 or / machine, via SFTP or whatever. What are the failure modes? The first kind is that I could type get x followed by get y, where x and y are canonically the same in Unicode but represented differently because they're not normalized on the remote host. I would expect this to work smoothly: first I download x to NFC(x), and then b overwrites it. The second kind is that I could type get z, where z contains an invalid character. How should my system handle this? Error as if I had asked for a filename that's too long? Come up with a new errno? I don't know, but in this hypothetical machine it should fail somehow. But creating new files is only part of the problem. If we still allow them in existing files, we lose all the security/robustness benefits and just annoy ourselves by adding restrictions with no point. So say I mount a filesystem containing the same files a, b, and c. What happens? - Fail to mount? (Simultaneously simplest, safest, and least useful) - Hide the files? (Seems potentially unsafe) - Try to escape the filenames? (Seems crazy) Is it currently possible to take a hex editor and add / to a filename (as opposed to a pathname) inside a disk image? If that's possible, how do systems currently deal with it? Because it's the same problem. FAT32 has both case insensitivity and disallowed characters. How well does OpenBSD handle those restrictions? If not optimally, then how can they be made better? If it already handles them with aplomb, then is it applicable to the above scenarios? -- Anthony J. Bentley
Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
Sorry for speaking out of turn and adding a bit of noise. A non-techie mind like mine would like to think, why not have a router which can work both as a home router and work router? We have been using Mikrotik routerboards since 7 years and have been very happy with those. Wouldn't it be good to take a look at similar boards with multiple NICs? Costing ranges from 100 to 200 $ Sent from my BlackBerry 10 smartphone. Original Message From: Gene Sent: Wednesday 3 December 2014 23:39 To: Alan McKay Cc: misc@openbsd.org Subject: Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox) On Wed, Dec 3, 2014 at 9:49 AM, Alan McKay alan.mc...@gmail.com wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? Look into the PC Engines ALIX and APU system boards. You can get kits for under $200, or sometimes for less on eBay. http://www.pcengines.ch Great hardware. I have a couple of the ALIX boards. The APU series has gigabit NICs and a lot more horse power. If you search the mailing list you'll see several mentions for it. What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ... -Gene (p.s. I'm bad at mailing lists and didn't reply all last time, I apologise for emailing you twice, Alan).
Re: OT:Password strength
From owner-misc+M145030=deraadt=cvs.openbsd@openbsd.org Wed Dec 3 20:37:28 2014 Delivered-To: dera...@cvs.openbsd.org DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h= message-id:x-sasl-enc:from:to:cc:mime-version :content-transfer-encoding:content-type:subject:date:in-reply-to :references; s=mesmtp; bh=N05hQ0kRdtamdXiI1uPUYYy4D/4=; b=iA54AY ZyBQ3QX5T6ydBrioyWSy2EirHi4z0WRKUcPO8g1TG5UXqeODEtuA0N/7HR0Vfqpf IxWfA/cECXnW2CRgxfbAuLyM5lC6/aNxeOYMQFWk4lvk2bG5OQ9LlI3YfD8t03aG aGpj4kEdGlfRI82Ol9CYUc2K/x6LeqSGdRLZE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to:cc :mime-version:content-transfer-encoding:content-type:subject :date:in-reply-to:references; s=smtpout; bh=N05hQ0kRdtamdXiI1uPU YYy4D/4=; b=EmDvqWm+BO76xbaxG50X0DaOQVnloAlOTlWNz4FVQpekab134n7N R2VEC9YywqMmdYI2nLDXYQ3eDh5yj0f+ordWvFaWPidz+GxTJ3EM1ZU30ywQVMPJ CSbO/+h4Cw4xQklCxk602nePjo/RtEELvBXDOz1tflZDcDMoy83HG+Y= X-Sasl-Enc: MhT9Z3YiPDIsQoZKvCLrU99Bm5DjpuN8O7iVQLFa843l 1417664177 From: Eric Furman ericfur...@fastmail.net To: Brad Smith b...@comstyle.com Cc: Ted Unangst t...@tedunangst.com, OpenBSD Misc misc@openbsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - html Subject: Re: OT:Password strength Date: Wed, 03 Dec 2014 22:36:17 -0500 In-Reply-To: 547f0fb8.6070...@comstyle.com References: 1417316824.2046833.196840165.39fa2...@webmail.messagingengine.com 9ea3e8f9bed545a68834d6bd42a0a...@tedunangst.com 547f0fb8.6070...@comstyle.com List-Help: mailto:majord...@openbsd.org?body=help List-ID: misc.openbsd.org List-Owner: mailto:owner-m...@openbsd.org List-Post: mailto:misc@openbsd.org List-Subscribe: mailto:majord...@openbsd.org?body=sub%20misc List-Unsubscribe: mailto:majord...@openbsd.org?body=unsub%20misc X-Loop: misc@openbsd.org Precedence: list Sender: owner-m...@openbsd.org On Wed, Dec 3, 2014, at 08:27 AM, Brad Smith wrote: On 11/30/14 15:20, Ted Unangst wrote: Examples: treetykaveprethicooputhedu soonataviceenoopatecoge gootrozapiceelytrithunula preezypeendothanundipeesooka That defeats the purpose of the second example in the OPs question. I think I like Schneier's scheme: So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like This little piggy went to market might become tlpWENT2m. That nine-character password won't be in anyone's dictionary. Of course, don't use this one, because I've written about it. Choose your own sentence -- something personal. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html This scheme generates long hard passwords that are fairly easy to remember. And if I had read this article first I never would have asked my original question. Thanks to all who contributed, but I think we can kill this thread now.
Re: ffs and utf8
Joel Rees writes: 2014/12/03 22:23 Dmitrij D. Czarkoff czark...@gmail.com: First of all, I really don't believe that preservation of non-canonical form should be a consideration for any software. There is no particular canonical form for some kinds of software. Unix, in particular, happens to have file name limitations that are compatible with all versions of Unicode past 2.0, at least, in UTF-8, but it has no native encoding. To me, the current state of affairs--where filenames can contain anything and the same filename can and does get interpreted differently by different programs--feels extremely dangerous. Moving to a single, well-defined encoding for filenames would make things simpler and safer. Well, it might. That's why we're discussing this carefully, to figure out if something like this is actually workable. There are two kinds of features being discussed: 1) Unicode normalization. This is analogous to case insensitivity: multiple filenames map to the same (normalized) filename. 2) Disallowing particular characters. 1-31 and invalid UTF-8 sequences are popular examples. Maybe one is workable. Maybe both are, or neither. Say I have a hypothetical machine with the above two features (normalizing to NFC, disallowing 1-31/invalid UTF-8). Now I log into a typical Unix anything but \0 or / machine, via SFTP or whatever. What are the failure modes? The first kind is that I could type get x followed by get y, where x and y are canonically the same in Unicode but represented differently because they're not normalized on the remote host. I would expect this to work smoothly: first I download x to NFC(x), and then b overwrites it. The second kind is that I could type get z, where z contains an invalid character. How should my system handle this? Error as if I had asked for a filename that's too long? Come up with a new errno? I don't know, but in this hypothetical machine it should fail somehow. But creating new files is only part of the problem. If we still allow them in existing files, we lose all the security/robustness benefits and just annoy ourselves by adding restrictions with no point. So say I mount a filesystem containing the same files a, b, and c. What happens? - Fail to mount? (Simultaneously simplest, safest, and least useful) - Hide the files? (Seems potentially unsafe) - Try to escape the filenames? (Seems crazy) Is it currently possible to take a hex editor and add / to a filename (as opposed to a pathname) inside a disk image? If that's possible, how do systems currently deal with it? Because it's the same problem. FAT32 has both case insensitivity and disallowed characters. How well does OpenBSD handle those restrictions? If not optimally, then how can they be made better? If it already handles them with aplomb, then is it applicable to the above scenarios? http://en.wikipedia.org/wiki/Where%27s_the_beef%3F I mean, where's the diffs for all these issues? Oh. There is no beef. This is idle chatter hoping someone supplies some secret sauce that makes a disparate audience with different demands all happy. Why don't you guys go write some code and prove your points? Maybe this is simply a very hard problem, and not going to be satisfied by people who simply talk about it?
Re: ffs and utf8
Joel Rees said: Maybe it would be better just to not make those directories until they are needed by an application, and then ask the user to name them instead of providing standard names. Actually, it is still workable if you carry your ~/.config/user-dirs.dir around, so that you could install it before you first log into GNOME. I used this approach to sanitize structure of my home directory when I needed a working GNOME desktop. -- Dmitrij D. Czarkoff
