Re: chrome 68 and protonmail

[Leonid Bobrov]

There are webkit-based web browsers, try one of these:
vimb, surf, qutebrowser, luakit, midori, epiphany, otter-browser

chrome 68 and protonmail

[vincent delft]

Hello,

With the last version of Chrome (Chromium 68.0.3440.106) on -current, I can
no more login in protonmail.

In fact after the 2nd login screen chrome complains about an issue.

By looking at the console, I see this message:
"
<--- Last few GCs --->

[13615:0x1b00ec7000]19499 ms: Scavenge 28.5 (34.8) -> 28.0 (34.8) MB,
0.7 / 0.0 ms  (average mu = 1.000, current mu = 1.000) idle task
[13615:0x1b00ec7000]20552 ms: Scavenge 28.9 (34.8) -> 28.2 (34.8) MB,
4.9 / 0.2 ms  (average mu = 1.000, current mu = 1.000) idle task
[13615:0x1b00ec7000]24816 ms: Scavenge 29.1 (34.8) -> 28.3 (33.8) MB,
2.2 / 0.0 ms  (average mu = 1.000, current mu = 1.000) allocation failure


<--- JS stacktrace --->

 JS stack trace =

0: ExitFrame [pc: 0x30a55ec5c33d]
1: InternalFrame [pc: 0x30a55ec1238c]
Security context: 0x2471c02cba29 https://mail.protonmail.com>
2: new constructor(aka u) [0x6ed0e8a85b9] [
https://mail.protonmail.com/openpgp.45fc464591fddb524fc0c8f83f78196594476934.js:2]
[bytecode=0x23c4aa2110b1 offset=84](this=0x17ad66748f99 ,e=0x17ad66748f41 )
3: ConstructFrame [pc: 0x3...

"

I've cleared cache, config, ... but the problem persist.

Am I the only one having such problem ?

Note: Firefox cannot work for protonmail because of javascript issue (I do
not remember the exact problem).
Is there an another browser for protonmail ?

regards

Re: Pkg_add

[Stuart Henderson]

On 2018-09-13, Martijn van Duren  wrote:
> On 09/13/18 07:08, Michael Ayres wrote:
>> New to OpenBSD, which I am newly running as a Parallels VM on my Apple 
>> MacBook Pro. Shell and basic commands working, and have set path variable 
>> PKG_PATH =
>> 
>> On calling PGK_ADD, with -v switch,  I get screen display of
>> 
>> “Update candidates: quits-2.414 -> quirks-2.414
>> quirks-2.414 signed on 2018-03-29T09:01:59Z"

There are some typos here but based on what you're seeing I think you
must have typed "pkg_add -u" to update packages.

>> but then nothing.
>> 
>> Recalling Unix’s reticent personality, I wait, but nothing ever seems to 
>> happen. With a new install, downloaded 6, do I have 29 tons of updates, has 
>> BSD become to bored with me to even acknowledge I exit, or I have I 
>> misspoken to it?
>> 
>> 
>> Michael Ayres
>> 
>> Michael Ayres, MS, CISSP, CSEP, CSM, PMI-ACP, PMP | www.mace-associates.com 
>> 
>> San Francisco, CA. | 415.999.2049   
>> https://www.linkedin.com/in/michaelmaceayres 
>> 
>> michael.ay...@yahoo.com 
>> 
>> 
>> 
> I'm not 100% sure what your question is, but here's my take on things:
> pkg_add only works on 3rd party packages. If you have 3rd party
> packages installed you can update those with `pkg_add -u`, although
> they usually don't get updates on stable releases, which you're
> running based on quirks version.

"3rd party" can be a bit confusing here, the packages installed by
pkg_add are still provided by OpenBSD but aren't part of the base OS.
There are currently no official updates to these packages to work
with a given release for any reason.

There are sometimes updates to *ports* on the -stable branch for
more important problems, these can be used to build packages yourself,
or there is a third-party service that some people use
(https://stable.mtier.org/) which provides binary packags

> If you want updates on your base OS you can run syspatch(8).

Yes (the "openup" tool linked from the above url will run this
automatically).

> Once you feel familiar enough with the system I encourage you to
> run -current, since that's where the cool kids hang out. You can
> update to -current by downloading bsd.rd from your favourite mirror
> and boot it, similar to how you've installed OpenBSD.
> Once you've updated to -current, don't forget to update your packages
> with `pkg_add -u`.

Packages and base os snapshots for -current are built regularly,
they're generally fairly reliable, but 1) you will often need to
update base OS and all installed packages before you can install
a new package, and 2) there will be times when things will be
out of sync and you might not be able to install packages
(usually things get back in-sync within a couple of days).
This works OK for some people but not others and you do really
want to keep an eye on development (i.e. read the source-changes
and ports-changes mailing lists) to ascertain when might be a bad
time to update.

Re: DHCP on several VLANs

[Stuart Henderson]

On 2018-09-13, Kapetanakis Giannis  wrote:
> On 13/09/18 16:25, Allan Streib wrote:
>> I need to set up DHCP for several VLANs. The server has 1 physical
>> interface (bnx1) available for this.
>> 
>> My naive thought is I create the vlans with bnx1 as the "parent", e.g.
>> 
>> /etc/hostname.vlan101:
>> inet 172.16.101.253 255.255.255.0 NONE parent bnx1 vnetid 101
>> 
>> /etc/hostname.vlan102:
>> inet 172.16.102.253 255.255.255.0 NONE parent bnx1 vnetid 102
>> 
>> /etc/hostname.vlan103:
>> inet 172.16.102.253 255.255.255.0 NONE parent bnx1 vnetid 103
>> 
>> bnx1 is connected to switch port with all three VLANs tagged.
>> 
>> Then, rcctl set dhcpd flags vlan101 vlan102 vlan103
>> 
>> Is there a better approach?

That's the standard approach.

> This, or use dhcrelay (dhcp helper address on VLAN gateways)

That's usually done when you want to locate a DHCP server/cluster
on a separate machine than the router, and don't need/want it
to be directly attached to all vlans.

MirageOS on OpenBSD

[Adam Steen]

Hi All

As some of you know i have been working at making MirageOS work on OpenBSD,
It now works.

If you don't know what it is, please see [1],
if you don't care, please stop reading.

I have built and tested all applications, device-usage and tutorials in
mirage-skeleton.

You maybe asking how do i do this myself? The following script works
from a fresh install of OpenBSD current (soon to be 6.4)and builds
the 'static_website_tls'


#!/bin/sh -e

# Please ensure doas is setup for the current user

# tweak the environment, so things can be a little cleaner
PREFIX=$HOME/.local
if [ ! -d "$PREFIX" ]; then
  mkdir $PREFIX
fi
export PATH=$PREFIX/bin:$PATH
export AUTOCONF_VERSION=2.69

# required packages
doas pkg_add autoconf%2.69 bash bzip2 curl git gmake gpatch gtar--\
ocaml pkgconf unzip-- xz

# build opam
# waiting on OPAM PR#3538 - https://github.com/ocaml/opam/pull/3538
ulimit -s 32768
git clone https://github.com/adamsteen/opam.git
cd opam
./configure --prefix $PREFIX
gmake lib-ext
gmake
gmake install
cd ..

# setup the 2.0.0 repository
# there was an issue with the auto conversion process
# opam-repo PR#12605 - https://github.com/ocaml/opam-repository/pull/12605
git clone https://github.com/ocaml/opam-repository.git
cd opam-repository
git checkout 2.0.0
cd ..

# setup opam and mirage
opam init --comp 4.06.1 -n default opam-repository
eval $(opam env)
opam install mirage -y
# waiting on the next release of Solo5
opam pin add solo5-kernel-ukvm git://github.com/Solo5/solo5 -y


# mirage-skeleton tutorials
git clone https://github.com/mirage/mirage-skeleton.git
cd mirage-skeleton/applications/static_website_tls
mirage configure -t ukvm
gmake depends
gmake


the script can also be viewed/downloaded from [2].

If you have a OpenBSD current machine, please test this and let me know how
you go!

Hopefully with time its should be as simple as

doas pkg_add 
opam init
opam install mirage -y
mirage configure -t ukvm
gmake depends
gmake

Cheers
Adam

[1] https://mirage.io/
[2]
github: https://gist.github.com/adamsteen/6bdae8dc93d8f91f9eb6cf1de4b5
raw: 
https://gist.githubusercontent.com/adamsteen/6bdae8dc93d8f91f9eb6cf1de4b5/raw/3619c6f3e42756b11bb3788b2226dc3be67d7913/setup.sh

Re: alien OSPF route

[Remi Locherer]

On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote:
> Hi,
> 
> I saw this in my log for the first time, after adding 'no redistribute
> default':
> 
> ospfd[10921]: alien OSPF route 10.30.1.47/32
> 
> My ospfd.conf is quite minimal:
> 
> router-priority 0
> router-id IP.ADD.RE.SS
> no redistribute default
> area 0.0.0.0 {
> interface bnx0   { metric 100 }
> }
> 
> How to further investigate this? I see this on OpenBSD firewall which
> connects to Cisco router. The address appears to be smartphone on one
> of remote networks.

ospfd logs this message  when it sees a routing entry with priority 32
which it did not originate.

When you see this during the start of ospfd it could be from another ospfd
running in the same rdomain. I had this when I wanted to do a config check
but missed to option "-n" and started a second instance. There is now
a check for this in the startup of ospfd in -current.

You will also see this message when you add a static route with the
"-priority 32". ospfd removes such routes after logging it.

What did you do after adding "no redistribute default" to the config file?
Restart with rcctl, reload with ospfctl?

And why did you add "no redistribute default"? By default your default
route is not redistributed.

Remi

Re: pfctl tables and a mangled ip address

[Klemens Nanni]

On Thu, Sep 13, 2018 at 12:21:28PM -0600, Andrew wrote:
> Try this on a patched 6.3 amd64.
Not sure since when but this is fixed in -current.

$ sysctl -n kern.version
OpenBSD 6.4-beta (GENERIC.MP) #292: Mon Sep 10 18:26:22 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

> $> pfctl -t sample -T add 66.135.216.190.216
> 2/2 addresses added.

$ doas pfctl -t sample -T add 66.135.216.190.216
no IP address found for 66.135.216.190.216

> $> pfctl -t sample -T show

$ doas pfctl -t sample -T show
   176.0.0.0/8
   205.251.192.0/18

Re: Pkg_add

[Martijn van Duren]

On 09/13/18 07:08, Michael Ayres wrote:
> New to OpenBSD, which I am newly running as a Parallels VM on my Apple 
> MacBook Pro. Shell and basic commands working, and have set path variable 
> PKG_PATH =
> 
> On calling PGK_ADD, with -v switch,  I get screen display of
> 
> “Update candidates: quits-2.414 -> quirks-2.414
> quirks-2.414 signed on 2018-03-29T09:01:59Z"
> 
> but then nothing.
> 
> Recalling Unix’s reticent personality, I wait, but nothing ever seems to 
> happen. With a new install, downloaded 6, do I have 29 tons of updates, has 
> BSD become to bored with me to even acknowledge I exit, or I have I misspoken 
> to it?
> 
> 
> Michael Ayres
> 
> Michael Ayres, MS, CISSP, CSEP, CSM, PMI-ACP, PMP | www.mace-associates.com 
> 
> San Francisco, CA. | 415.999.2049   
> https://www.linkedin.com/in/michaelmaceayres 
> 
> michael.ay...@yahoo.com 
> 
> 
> 
I'm not 100% sure what your question is, but here's my take on things:
pkg_add only works on 3rd party packages. If you have 3rd party
packages installed you can update those with `pkg_add -u`, although
they usually don't get updates on stable releases, which you're
running based on quirks version.
If you want updates on your base OS you can run syspatch(8).

Once you feel familiar enough with the system I encourage you to
run -current, since that's where the cool kids hang out. You can
update to -current by downloading bsd.rd from your favourite mirror
and boot it, similar to how you've installed OpenBSD.
Once you've updated to -current, don't forget to update your packages
with `pkg_add -u`.

For further reading I recommend at least:
http://man.openbsd.org/syspatch
http://man.openbsd.org/pkg_add
https://www.openbsd.org/faq/current.html
https://www.openbsd.org/faq/faq15.html
and if you're up to it the rest of the FAQ and after that some
manpages. They're a never ending source of information.

Hope this helps.

martijn@

pfctl tables and a mangled ip address

[Andrew]

I just discovered something unexpected using pfctl and tables. I'm far
from a networking guy and apparantly I can't type either.

Try this on a patched 6.3 amd64.

$> uname -mrsv
OpenBSD 6.3 GENERIC.MP#10 amd64

The following are a couple CIDRs for amazon.

$> pfctl -t sample -T add 176.0.0.0/8
1 table created.
1/1 addresses added.
$> pfctl -t sample -T add 205.251.192.0/18
1/1 addresses added.
$> pfctl -t sample -T show
176.0.0.0/8
205.251.192.0/18

--

Now enter a mangled ip for ebay ...

$> pfctl -t sample -T add 66.135.216.190.216
2/2 addresses added.
$> pfctl -t sample -T show
127.0.0.1
176.0.0.0/8
205.251.192.0/18
::1

I expected this to fail with something like:

$> pfctl -t sample -T add 66.135.216.190.216
0/1 addresses added.

--

I just want to bring this to your attention. As always, big thanks to
Theo for his great leadership and to all the past and present devs for
the gift of OpenBSD !!! Have a great weekend ahead !!!

Re: IPv6 router advertisement rdns not working?

[Mike Coddington]

On Thu, Sep 13, 2018 at 06:15:28AM +0200, Sebastien Marie wrote:
> On Wed, Sep 12, 2018 at 10:26:40PM -0500, Mike Coddington wrote:
> > I've got IPv6 set up and things work great if I also use IPv4. DNS
> > lookups go over IPv4 according to what I have in /etc/resolv.conf and
> >  records are followed. However, if I decide to go with just IPv6 by
> > simplifying my /etc/hostname.if file and using "inet6 autoconf" by
> > itself, I cannot do any DNS lookups.
> > 
> > I'm thinking that somehow the rdns part of the router advertisement
> > isn't working. If it were working correctly, would the provided IPv6 DNS
> > server address show up in /etc/resolv.conf?
> 
> No.
> 
> rad(8) has support for sending rdns information, but currently nothing
> in base has support to get resolv.conf configured with such information.

Good to know. I'll stop spinning my wheels. That might be a nice project
for me to start tinkering with. Thank you!

-- 
Put your Nose to the Grindstone!
-- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Re: DHCP on several VLANs

[Kapetanakis Giannis]

On 13/09/18 16:25, Allan Streib wrote:
> I need to set up DHCP for several VLANs. The server has 1 physical
> interface (bnx1) available for this.
> 
> My naive thought is I create the vlans with bnx1 as the "parent", e.g.
> 
> /etc/hostname.vlan101:
> inet 172.16.101.253 255.255.255.0 NONE parent bnx1 vnetid 101
> 
> /etc/hostname.vlan102:
> inet 172.16.102.253 255.255.255.0 NONE parent bnx1 vnetid 102
> 
> /etc/hostname.vlan103:
> inet 172.16.102.253 255.255.255.0 NONE parent bnx1 vnetid 103
> 
> bnx1 is connected to switch port with all three VLANs tagged.
> 
> Then, rcctl set dhcpd flags vlan101 vlan102 vlan103
> 
> Is there a better approach?
> 
> Allan

This, or use dhcrelay (dhcp helper address on VLAN gateways)

G

alien OSPF route

[Marko Cupać]

Hi,

I saw this in my log for the first time, after adding 'no redistribute
default':

ospfd[10921]: alien OSPF route 10.30.1.47/32

My ospfd.conf is quite minimal:

router-priority 0
router-id IP.ADD.RE.SS
no redistribute default
area 0.0.0.0 {
interface bnx0   { metric 100 }
}

How to further investigate this? I see this on OpenBSD firewall which
connects to Cisco router. The address appears to be smartphone on one
of remote networks.

Thank you in advance,
-- 
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Re: OT: Firmware encryption hacked?

[Kevin Chadwick]

On Thu, 13 Sep 2018 10:23:11 -0400


> > Uhmm … Reality? 
> > https://techcrunch.com/2018/09/12/security-flaw-in-nearly-all-modern-pcs-and-macs-leaks-encrypted-data/?guccounter=1
> >   
> 
> Somewhat better writup from the source:
> 
> https://blog.f-secure.com/cold-boot-attacks/
> 
> The vulnerability seems to be when a computer is running or "sleeping"
> not actually off or hibernating. There are then ways that an attacker
> with physical access might recover encryption keys or other data from
> RAM.

Old news. Also, cold boot attacks go atleast several years before 2008.
In fact, expensive cold boot resistant hdd were around in 2005.

Re: OT: Firmware encryption hacked?

[Allan Streib]

Carlos Lopez  writes:

> Uhmm … Reality? 
> https://techcrunch.com/2018/09/12/security-flaw-in-nearly-all-modern-pcs-and-macs-leaks-encrypted-data/?guccounter=1

Somewhat better writup from the source:

https://blog.f-secure.com/cold-boot-attacks/

The vulnerability seems to be when a computer is running or "sleeping"
not actually off or hibernating. There are then ways that an attacker
with physical access might recover encryption keys or other data from
RAM.

OT: Firmware encryption hacked?

[Carlos Lopez]

Uhmm … Reality? 
https://techcrunch.com/2018/09/12/security-flaw-in-nearly-all-modern-pcs-and-macs-leaks-encrypted-data/?guccounter=1

 Can we consider a risk to encrypt at OS level also?

Re: Integration between CARP and BGPD ?

[Tony Sarendal]

Or re-write next-hop to the carp address, so carp actually decides the
master firewall.

/T


Den tors 13 sep. 2018 kl 00:20 skrev Tim Jones <
b631093f-779b-4d67-9ffe-5f6d5b1d3...@protonmail.ch>:

>
> On Wednesday, 12 September 2018 20:49, Stuart Henderson <
> s...@spacehopper.org> wrote:
>
> > On 2018-09-11, Tim Jones
> b631093f-779b-4d67-9ffe-5f6d5b1d3...@protonmail.ch wrote:
> >
> > > I've had a quick look through the man pages and am still a bit
> unclear, perhaps I'm just overthinking this ?
> > > Let's say I've got two perimeter "firewalls" running OpenBSD, talking
> BGP to upstream routers.
> > > On the "LAN" side I'm thinking about CARP, which is active/passive,
> and the devices on "LAN" side will have the CARP set as their default
> gateway.
> > > If both BGP talkers advertise the "LAN" to the upstreams (i.e.
> "network 192.0.2.0/24" in bgpd.conf), how does that work in terms of
> reachability from the device that is currently CARP passive ?
> > > The man pages mention two CARP related configuration options for
> bgpd.conf but these don't seem to cater for the application I'm thinking of
> ?  (i.e. "demote" is more related to waiting until BGP is established, and
> "depend on" is related to staying in idle if CARP is passive, which is
> obviously not an attractive idea as I'd obviously like both upstreams BGP
> sessions active ? ).
> >
> > If both are advertising the same prefixes, packets could arrive at
> > either router, so to do this you'll need an IP address on the "carpdev
> > interface" i.e. the interface that carp is running over.
> >
> > PF does TCP sequence number checking, so to avoid problems there you'll
> > also need one of the following
> >
> > -   not use PF
> > -   use PF rules with "keep state (sloppy)"
> > -   use pfsync(4) with the "defer" flag
> >
> > Alternatively maybe you could control advertising the network by not
> > listing it in config, but use "bgpctl network" commands from
> ifstated or
> > similar, that way directing traffic towards the correct machine.
> Either
> > advertise with low localpref when you have carp backup and switch to
> > high localpref when you have master. Or (probably only really useful
> > within your own network) advertise the whole lan all the time, but
> also
> > advertise deaggregates from the machine with carp master.
> >
>
> Thank you Stuart !
>
> Based on your comments I've just spent in a bit of time with ifstated and
> it seems that was the missing link.  Fails over nicely now with both BGP
> instances advertising but changing prefs.
>
>

DHCP on several VLANs

[Allan Streib]

I need to set up DHCP for several VLANs. The server has 1 physical
interface (bnx1) available for this.

My naive thought is I create the vlans with bnx1 as the "parent", e.g.

/etc/hostname.vlan101:
inet 172.16.101.253 255.255.255.0 NONE parent bnx1 vnetid 101

/etc/hostname.vlan102:
inet 172.16.102.253 255.255.255.0 NONE parent bnx1 vnetid 102

/etc/hostname.vlan103:
inet 172.16.102.253 255.255.255.0 NONE parent bnx1 vnetid 103

bnx1 is connected to switch port with all three VLANs tagged.

Then, rcctl set dhcpd flags vlan101 vlan102 vlan103

Is there a better approach?

Allan

Re: Pkg_add

[Chris Eidem]

man installurl


On 09/13/2018 12:08 AM, Michael Ayres wrote:

New to OpenBSD, which I am newly running as a Parallels VM on my Apple MacBook 
Pro. Shell and basic commands working, and have set path variable PKG_PATH =

On calling PGK_ADD, with -v switch,  I get screen display of

“Update candidates: quits-2.414 -> quirks-2.414
quirks-2.414 signed on 2018-03-29T09:01:59Z"

but then nothing.

Recalling Unix’s reticent personality, I wait, but nothing ever seems to 
happen. With a new install, downloaded 6, do I have 29 tons of updates, has BSD 
become to bored with me to even acknowledge I exit, or I have I misspoken to it?


Michael Ayres

Michael Ayres, MS, CISSP, CSEP, CSM, PMI-ACP, PMP | www.mace-associates.com 

San Francisco, CA. | 415.999.2049   
https://www.linkedin.com/in/michaelmaceayres 

michael.ay...@yahoo.com 

Pkg_add

[Michael Ayres]

New to OpenBSD, which I am newly running as a Parallels VM on my Apple MacBook 
Pro. Shell and basic commands working, and have set path variable PKG_PATH =

On calling PGK_ADD, with -v switch,  I get screen display of

“Update candidates: quits-2.414 -> quirks-2.414
quirks-2.414 signed on 2018-03-29T09:01:59Z"

but then nothing.

Recalling Unix’s reticent personality, I wait, but nothing ever seems to 
happen. With a new install, downloaded 6, do I have 29 tons of updates, has BSD 
become to bored with me to even acknowledge I exit, or I have I misspoken to it?


Michael Ayres

Michael Ayres, MS, CISSP, CSEP, CSM, PMI-ACP, PMP | www.mace-associates.com 

San Francisco, CA. | 415.999.2049   
https://www.linkedin.com/in/michaelmaceayres 

michael.ay...@yahoo.com 

Re: Running your own mail server

[Peter N. M. Hansteen]

On Wed, Sep 12, 2018 at 11:01:13PM -0600, Austin Hook wrote:
> Have run my own mail server for maybe 20 years of OpenBSD, and apart from 
> getting my ISP to give me a static IP and a correct reverse DNS entry, and 
> a couple of run ins with a few filters that dumb ISPs run, it's worked 
> fine all this time.  

This is very close to my own experience over the years. 

The part about getting a static IP address with correct reverse lookup 
is truly essential. 

You *will* need to actually monitor what happens and keep your systems in trim 
(*patch your shit* for example), and of course over the same 20+ years we've 
seen developments in mail that aren't easily ignored such as SPF+DKIM+DMARC 
but the motivation for running your own mail service most likely includes some 
genuine interest in the topic for its own sake so you will need to take those 
in stride.

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Running your own mail server

[Peter J. Philipp]

On Wed, Sep 12, 2018 at 11:01:13PM -0600, Austin Hook wrote:
> Have run my own mail server for maybe 20 years of OpenBSD, and apart from 
> getting my ISP to give me a static IP and a correct reverse DNS entry, and 
> a couple of run ins with a few filters that dumb ISPs run, it's worked 
> fine all this time.  I have a personal archive of emails that goes back 20 
> years as well, and a few search scripts to parse through it when I need 
> to.

Hi,

So you seem to be a proponent of this.  I too had a mail server 20 years ago
and would have kept this stance had I not switched countries some while back,
which introduced me to use some other mail service for a while.

I think it comes down to choice.  You have the "do it yourself" option and
the "let others do it for you" option.  Isn't choice great?

Regards,
-peter