Re: Advice on Security Cameras
On Wed, Jan 2, 2019, at 04:22, Nick Holland wrote: > Yes, I'd suggest an OpenBSD gateway to a commercial DVR security system > rather than rolling your own, if it is really to be a security system > (as opposed to maybe a, "who's at my front door?" or "what are the local > wildlife doing when I'm asleep?" cameras). The police may need to > extract the video from it without your assistance if you are unavailable > (or worse) as part of whatever they are investigating and maintain a > chain of custody; this won't happen if you roll your own. I'll admit I > hadn't thought of that until a police officer friend of mine started > telling me about the training he was taking on exactly this topic -- > *they* need to be able to get the video out of the device in a timely > manner, and they have to explain to the judge and jury how it was done. > > Nick. > I am intrigued by this consideration. Is it too complicated for them if there is a big, descriptive sign pointing to a microSD card with a vfat partition of videos named by the dates they correspond to? I had a part in setting up a system that saved files like that and also regularly copied them to a remote server. We used Raspberry Pi with the Raspberry Pi camera because configuring the camera was easy and because we already had the parts. I had wanted to set it up so that we would lose at most a few seconds of recordings if someone stole the camera computer. That is, videos would be simultaneously recorded to files and streamed to the remote server, and internet outages would be handled intelligently. I don't remember whether we actually set it up that way; someone else was more enthusiastic about the project, so I was happy to let him take over.
Re: Advice on Security Cameras
On 1/1/19 12:46 PM, Elias M. Mariani wrote: > Hi list, > I'm thinking in installing some cameras in my private home, I have > been looking for solutions, my concern is that I wish to be able to > look the videos from outside the house and I'm a little paranoid about > the quality of the software that the different vendors use. you've seen any sign of quality in those things? :) > I have > seen clusters of camaras that only work over ActiveX... > I know that is a little off-topic but maybe someone knows about a good > brand of cameras. > Of-course one can always set a VPN tunnel trough OpenBSD for the > security matter, OpenVPN works on Android so is easy to access from a > smartphone. But I would prefer to have a single secure service running > that adding a layer of complexity with the VPN. > > I'm looking for: > - Not overpriced cameras. > - They don't need to be "external cameras", they will be covered under a roof. > - I need to set at least 4, so I need them to be accessible from a > single platform. > - Android / Browser friendly (not only IE plz...) > - WiFi is not needed, I have a 12v supply and Ethernet connections for > each camera. > - Good video quality but I'm not looking for anything super great... > - the ability to centralize recording and access to view the cameras is a > must. Bringing it back to OpenBSD, ... just use SSH and port forwarding and an otherwise off-the-shelf solution. No add-on SW needed. Did this with a friend's business. Little OpenBSD box in their office as a gateway, the DVR on one port (don't trust the security of the damn things, so keep it off the business network) and the owner can click on a PuTTY icon on their Windows desktop (or android or ...) to establish the SSH connection (key, no PW to enter, yes I set this up for them, took just a few minutes in their house), and a second click to bring up the bookmarked browser-based app the thing used. Neat thing is you don't have to change the default PWs on the DVR now, so that's one less thing to worry about. Very non-computer-person user friendly -- "Click here to connect to your office, then connect here to view the cameras". Yes, I'd suggest an OpenBSD gateway to a commercial DVR security system rather than rolling your own, if it is really to be a security system (as opposed to maybe a, "who's at my front door?" or "what are the local wildlife doing when I'm asleep?" cameras). The police may need to extract the video from it without your assistance if you are unavailable (or worse) as part of whatever they are investigating and maintain a chain of custody; this won't happen if you roll your own. I'll admit I hadn't thought of that until a police officer friend of mine started telling me about the training he was taking on exactly this topic -- *they* need to be able to get the video out of the device in a timely manner, and they have to explain to the judge and jury how it was done. Nick.
mount_ffs Permission denied as root
I just did a new install of current AMD64 from the 12/31/2018 snapshot and having some permission issues mounting a usb drive, as root. I have been able to mount other usb drives just fine. (Also tried with the 12/29 snapshots as well, same issue) #disklabel sd4 # /dev/rsd4c: type: SCSI disk: SCSI disk label: Survivor 3.0 duid: 70568afde7f5a241 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 15542 total sectors: 249692160 boundstart: 64 boundend: 249682230 drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg] a: 249682144 64 4.2BSD 2048 16384 12958 c: 249692160 0 unused curry:/root:#mount -v /dev/sd4a /mnt/usb0 mount_ffs: /dev/sd4a on /mnt/usb0: Permission denied I don't see any kind of messages in the logs related to the error. dmesg below Thanks, Thomas OpenBSD 6.4-current (RAMDISK_CD) #528: Mon Dec 31 16:22:42 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 8250834944 (7868MB) avail mem = 7996796928 (7626MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x9c7fd000 (65 entries) bios0: vendor LENOVO version "JBET70WW (1.34 )" date 06/15/2018 bios0: LENOVO 20BWS0S900 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM BATB FPDT UEFI DMAR acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2195.21 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpitz at acpi0 not configured "PNP0C0D" at acpi0 not configured "PNP0C0E" at acpi0 not configured "PNP0A08" at acpi0 not configured "PNP0B00" at acpi0 not configured "PNP0C0A" at acpi0 not configured "PNP0C0A" at acpi0 not configured "ACPI0003" at acpi0 not configured "LEN0068" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT340F" at acpi0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 5G Host" rev 0x09 vga1 at pci0 dev 2 function 0 "Intel HD Graphics 5500" rev 0x09 wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) "Intel Core 5G HD Audio" rev 0x09 at pci0 dev 3 function 0 not configured xhci0 at pci0 dev 20 function 0 "Intel 9 Series xHCI" rev 0x03: msi, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 "Intel 9 Series MEI" rev 0x03 at pci0 dev 22 function 0 not configured em0 at pci0 dev 25 function 0 "Intel I218-LM" rev 0x03: msi, address 50:7b:9d:44:b3:4a "Intel 9 Series HD Audio" rev 0x03 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 0xe3: msi pci1 at ppb0 bus 2 rtsx0 at pci1 dev 0 function 0 "Realtek RTS5227 Card Reader" rev 0x01: msi sdmmc0 at rtsx0: 4-bit, dma ppb1 at pci0 dev 28 function 1 "Intel 9 Series PCIE" rev 0xe3: msi pci2 at ppb1 bus 3 iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7265" rev 0x59, msi ehci0 at pci0 dev 29 function 0 "Intel 9 Series USB" rev 0x03: apic 2 int 23 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel 9 Series LPC" rev 0x03 at pci0 dev 31 function 0 not configured ahci0 at pci0 dev 31 function 2 "Intel 9 Series AHCI" rev 0x03: msi, AHCI 1.3 ahci0: port 0: 6.0Gb/s scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed naa.500080d9104c5081 sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin "Intel 9 Series SMBus" rev 0x03 at pci0 dev 31 function 3 not configured "Intel 9 Series Thermal" rev 0x03 at pci0 dev 31 function 6 not configured isa0 at mainbus0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using
Re: Advice on Security Cameras
Thanks all for the help. I will check out Zoneminder and the cameras that you have recommended. > What do you want to do from the Android / browser? Just look at the cameras from outside the house, I don't need any type of functionality besides that.
Re: Advice on Security Cameras
On Tue, Jan 1, 2019, at 17:46, Elias M. Mariani wrote: > I know that is a little off-topic but maybe someone knows about a good > brand of cameras. See uvideo(4). Linux has more options, including cameras of better video quality. I run GNU/Linux on one computer in order to use a Logitech BRIO. On Tue, Jan 1, 2019, at 17:46, Elias M. Mariani wrote: > - Android / Browser friendly (not only IE plz...) What do you want to do from the Android / browser?
OpenMP and llvm-lit?
Why OpenBSD6.4 does not support above? Kenji
Re: Advice on Security Cameras
Hi. For this type of setup Zoneminder is great. I have no experience running it on OpenBSD though. As for cameras have you looked at HikVision? They are very reasonable pricewise when compared with say Axis. They have high quality 4k cameras even which are priced under $150 (US). A good solution here according to many cctv guys is to set them to 5fps though they do reach 25fps/pal or 30fps/ntsc. Regards, Kaya Sent from my Samsung Galaxy smartphone. Original message From: Johan Mellberg Date: 1/1/19 22:15 (GMT+00:00) To: OpenBSD General Misc Subject: Re: Advice on Security Cameras > 1 jan. 2019 kl. 18:46 skrev Elias M. Mariani : > > Hi list, > I'm thinking in installing some cameras in my private home, I have > been looking for solutions, my concern is that I wish to be able to > look the videos from outside the house and I'm a little paranoid about > the quality of the software that the different vendors use. I have > seen clusters of camaras that only work over ActiveX... > I know that is a little off-topic but maybe someone knows about a good > brand of cameras. > Of-course one can always set a VPN tunnel trough OpenBSD for the > security matter, OpenVPN works on Android so is easy to access from a > smartphone. But I would prefer to have a single secure service running > that adding a layer of complexity with the VPN. > > I'm looking for: > - Not overpriced cameras. > - They don't need to be "external cameras", they will be covered under a roof. > - I need to set at least 4, so I need them to be accessible from a > single platform. > - Android / Browser friendly (not only IE plz...) > - WiFi is not needed, I have a 12v supply and Ethernet connections for > each camera. > - Good video quality but I'm not looking for anything super great... > - the ability to centralize recording and access to view the cameras is a > must. > > Again, sorry for the off-topic but were would I find a better place to > ask about surveillance and security ? :D > > Cheers and happy new year. > Elias. > Hi, I don't know much about available options but I personally like the Netatmo Presence cameras although those are WiFi-only and might not be suitable for your requirements (as far as I know you HAVE to use their smartphone app for example, and set up an account to control your camera). I’d otherwise suggest having a look at Zoneminder if you want centralised recording. They seem to support lots of cameras and I think they have some recommendations on supported hardware. Haven’t had time to dig in myself though. /Johan
Re: Advice on Security Cameras
> 1 jan. 2019 kl. 18:46 skrev Elias M. Mariani : > > Hi list, > I'm thinking in installing some cameras in my private home, I have > been looking for solutions, my concern is that I wish to be able to > look the videos from outside the house and I'm a little paranoid about > the quality of the software that the different vendors use. I have > seen clusters of camaras that only work over ActiveX... > I know that is a little off-topic but maybe someone knows about a good > brand of cameras. > Of-course one can always set a VPN tunnel trough OpenBSD for the > security matter, OpenVPN works on Android so is easy to access from a > smartphone. But I would prefer to have a single secure service running > that adding a layer of complexity with the VPN. > > I'm looking for: > - Not overpriced cameras. > - They don't need to be "external cameras", they will be covered under a roof. > - I need to set at least 4, so I need them to be accessible from a > single platform. > - Android / Browser friendly (not only IE plz...) > - WiFi is not needed, I have a 12v supply and Ethernet connections for > each camera. > - Good video quality but I'm not looking for anything super great... > - the ability to centralize recording and access to view the cameras is a > must. > > Again, sorry for the off-topic but were would I find a better place to > ask about surveillance and security ? :D > > Cheers and happy new year. > Elias. > Hi, I don't know much about available options but I personally like the Netatmo Presence cameras although those are WiFi-only and might not be suitable for your requirements (as far as I know you HAVE to use their smartphone app for example, and set up an account to control your camera). I’d otherwise suggest having a look at Zoneminder if you want centralised recording. They seem to support lots of cameras and I think they have some recommendations on supported hardware. Haven’t had time to dig in myself though. /Johan
Advice on Security Cameras
Hi list, I'm thinking in installing some cameras in my private home, I have been looking for solutions, my concern is that I wish to be able to look the videos from outside the house and I'm a little paranoid about the quality of the software that the different vendors use. I have seen clusters of camaras that only work over ActiveX... I know that is a little off-topic but maybe someone knows about a good brand of cameras. Of-course one can always set a VPN tunnel trough OpenBSD for the security matter, OpenVPN works on Android so is easy to access from a smartphone. But I would prefer to have a single secure service running that adding a layer of complexity with the VPN. I'm looking for: - Not overpriced cameras. - They don't need to be "external cameras", they will be covered under a roof. - I need to set at least 4, so I need them to be accessible from a single platform. - Android / Browser friendly (not only IE plz...) - WiFi is not needed, I have a 12v supply and Ethernet connections for each camera. - Good video quality but I'm not looking for anything super great... - the ability to centralize recording and access to view the cameras is a must. Again, sorry for the off-topic but were would I find a better place to ask about surveillance and security ? :D Cheers and happy new year. Elias.
Re: CVS: cvs.openbsd.org: src (maillog simplified)
On Tue, Jan 01, 2019 at 01:14:54PM +0100, Walter Alejandro Iglesias wrote: > On Fri, Dec 21, 2018 at 06:59:58PM +0100, Gilles Chehade wrote: > > On Fri, Dec 21, 2018 at 06:56:57PM +0100, Walter Alejandro Iglesias wrote: > > > Hello Gilles, > > > > > > In article <20181221145201.ga90...@ams-1.poolp.org> Gilles Chehade > > > wrote: > > > > On Fri, Dec 21, 2018 at 07:41:41AM -0700, Gilles Chehade wrote: > > > > > CVSROOT: /cvs > > > > > Module name: src > > > > > Changes by: gil...@cvs.openbsd.org 2018/12/21 07:41:41 > > > > > > > > > > Modified files: > > > > > usr.sbin/smtpd : smtp_session.c > > > > > > > > > > Log message: > > > > > start simplifying log lines, they're no longer intended to be > > > > > parseable, we > > > > > have a reporting API for tools that want to analyze events, maillog > > > > > is just > > > > > for us, hoomans. > > > > > > > > > > > > > that was not the best way to phrase my commit log ... sorry > > > > > > > > i meant they're no longer intended to be friendlier to scripts than to > > > > humans: there will still be in a format that's easy to quickly script, > > > > but they will hold information easily readable by humans, not a lot of > > > > unrelated context infos so tools can generate dashboards out of single > > > > lines. > > > > > > > > logs for humans, event reports for tools. > > > > > > > > > > Since long I've been greping IPs from spammers and attackers from > > > /var/log/maillog, /var/log/authlog and /var/log/daemon using a shell > > > script I wrote that automatically includes them in a file read by a pf > > > table. In the case of maillog, it relies in the address="" and host="" > > > info currently included. > > > > > > Will it appear sender's IP and hostname in /var/log/maillog after this > > > change? > > > > > > > yes, you'll still be able to grep that information from maillog > > You selected carefully the words in your answer. :-) > not really, I don't know what your scripts do and how you wrote them. the sender IP and hostname appear in the log, they are just not repeated on every single log line but that shouldn't prevent scripts from keeping track of them. anyways, as stated in the commit log and my follow up message: "we have a reporting API for tools that want to analyse events, maillog is just for us, hoomans" "logs for humans, event reports for tools" the maillog format is going to go through many changes to simplify it, remove redundant information, add missing information, etc... basing a script on it is not recommended as we'll break them with every change. > Indeed, I still can grep "IP" and "host" in maillog, but they are alone > in a first line and the only way to associate them with the following > lines containing the from= to= and result= (to know what "happened" with > that connection) is by using the connection id, what will *painfully* > overcomplicate my scripts. > As you imagine, I can't take into account individual scripts. Other people have asked that the port or listener tag appear in lines. Should these appear on all lines too ? And the cipher ? and the authenticated user ? Why is the IP/host information more legitimate to be repeated than other information on every single line ? What about the fcrdns check which will appear on connect lines, does the check have to appear on every line now ? What about the spf check when it is added at some point ? maillog is not a context-free format, where each individual line carries all of the information so you don't have to look at previous lines. Line should describe an event and carry informations related to THAT event. The only guarantee I make on the format is that you can always find what you're looking for with at most 2 grep, one to find a session id, one to find the event you're looking for. That being said, there's a new reporting mechanism which is intended for scripts and tools. It comes with a format that's easily parsable, that's going to be stabilized, versionned and which actually provides more info than maillog. It doesn't solve your context-free issue but it can easily be used to script an output that repeats the info you need on all lines, to be fed to your existing scripts. I have such scripts myself. If you describe how your scripts work, I can probably help you. > I don't know what's the opinion of the rest about this change. I'd > highly appreciate you to include again the IP on each line of info as > before. :-) > I didn't put this change to vote :-p A lot of people had a bad opinion about the new config format but I knew it was an improvement and ultimately it has unlocked so many issues that we have had more commits in the last three months than in the last three years. I know you would prefer that I didn't change the log format but what you want is still doable, so I won't revert unless there is a good rationale that I actually made some use-cases undoable and unfixable. Fixing your scripts to not be
support new
0 C Netherlands P T Amsterdam Z 1083 HN O OpenBSD Amsterdam I A Barbara Strozzilaan 251 M myvm@openbsd.amsterdam U https://openbsd.amsterdam/ B X N Running dedicated OpenBSD vmm(4)/vmd(8) servers to host opinionated OpenBSD VMs. For every VM 10 euro is donated to the OpenBSD Foundation every year.
Re: CVS: cvs.openbsd.org: src (maillog simplified)
On Fri, Dec 21, 2018 at 06:59:58PM +0100, Gilles Chehade wrote: > On Fri, Dec 21, 2018 at 06:56:57PM +0100, Walter Alejandro Iglesias wrote: > > Hello Gilles, > > > > In article <20181221145201.ga90...@ams-1.poolp.org> Gilles Chehade > > wrote: > > > On Fri, Dec 21, 2018 at 07:41:41AM -0700, Gilles Chehade wrote: > > > > CVSROOT: /cvs > > > > Module name: src > > > > Changes by: gil...@cvs.openbsd.org 2018/12/21 07:41:41 > > > > > > > > Modified files: > > > > usr.sbin/smtpd : smtp_session.c > > > > > > > > Log message: > > > > start simplifying log lines, they're no longer intended to be > > > > parseable, we > > > > have a reporting API for tools that want to analyze events, maillog is > > > > just > > > > for us, hoomans. > > > > > > > > > > that was not the best way to phrase my commit log ... sorry > > > > > > i meant they're no longer intended to be friendlier to scripts than to > > > humans: there will still be in a format that's easy to quickly script, > > > but they will hold information easily readable by humans, not a lot of > > > unrelated context infos so tools can generate dashboards out of single > > > lines. > > > > > > logs for humans, event reports for tools. > > > > > > > Since long I've been greping IPs from spammers and attackers from > > /var/log/maillog, /var/log/authlog and /var/log/daemon using a shell > > script I wrote that automatically includes them in a file read by a pf > > table. In the case of maillog, it relies in the address="" and host="" > > info currently included. > > > > Will it appear sender's IP and hostname in /var/log/maillog after this > > change? > > > > yes, you'll still be able to grep that information from maillog You selected carefully the words in your answer. :-) Indeed, I still can grep "IP" and "host" in maillog, but they are alone in a first line and the only way to associate them with the following lines containing the from= to= and result= (to know what "happened" with that connection) is by using the connection id, what will *painfully* overcomplicate my scripts. I don't know what's the opinion of the rest about this change. I'd highly appreciate you to include again the IP on each line of info as before. :-) > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.org tip me: https://paypal.me/poolpOrg Walter