Re: Mouse moving on its own, kbd typing on its own

[Eric Furman]

>> On Fri, March 8, 2024 4:43 pm, ofthecentury wrote:
>> > I have a USB mouse that starts to move a little
>> > on its own once in a while when I'm browsing the internet using chromium.
>> > My USB keyboard
>> > is also acting up...it just started typing spaces all of a sudden as I was
>> > typing up this email and wasn't reactive to any input until I unplugged it
>> >  and plugged it back in. Is it Chromium? Or is it OpenBSD? I think it's
>> > Chromium, but how to get to the bottom of it?
>> > I'm on OpenBSD 7.5 right now, but I've seen it
>> > on OpenBSD 7.4. And I've seen this on my Fedora 39 installation before, by
>> > the way. I think it's a major security flaw somewhere.

You don't happen to have an Xbox type controller plugged
into your computer by any chance do you?

Re: Temporary failure when sending emails to this mailing list

[Eric Furman]

Me, personally, I have blocked all email from .us domains.
I know that there are some emails from .us that are legitimate,
but after doing so the amount of Spam I have to deal with
dropped dramatically. In my experience 99.% of
emails from .us are SPAM.
You might want to invest in another email address.

On Mon, Jul 24, 2023, at 4:20 AM, Stuart Henderson wrote:
> On 2023-07-24, Jay F. Shachter  wrote:
>>
>> Centuries ago, Nostradamus predicted that Polarian would write on Sun Jul 23 
>> 21:44:34 2023:
>>> 
>>> I believe I have discussed this before, but when I email any openbsd
>>> mailing list (or email address) I get the "451 Temporary failure,
>>> please try again later."
> ...
>>> Although my emails eventually go through after about 20-40 minutes
>>> of waiting, it is still incredibly annoying about the length of time
>>> I have to wait for them to be delivered.
>
> Once you have successfully sent mail once from an IP, it will be allowed
> straight past the spamd greylisting for a period of time.
>
>> Are you sure that users of gmail and outlook don't have the same
>> problem?  If you're sure that they don't, it is most likely because
>> the SMTP server at mail.openbsd.org has put them in its whitelist.
>
> Either that or mail is sent often enough from their servers to
> openbsd.org that they tend to bypass spamd most of the time.
>
>> You didn't even mention the worst of it.  The first few times you
>> connect to mail.openbsd.org, the system administrator insults you.
>> 
>> Here is a verbatim quote from an early SMTP session between my
>> computer and mail.openbsd.org:
>>
>> 220 mail.openbsd.org ESMTP mail.openbsd.org; Wed Jul 12 12:55:35 2023
>> HELO m5.chicago.il.us
>> 250 Hello, spam sender. Pleased to be wasting your time.
>> MAIL FROM:
>> 250 You are about to try to deliver spam. Your time will be spent, for 
>> nothing.
>> RCPT TO:
>> 250 This is hurting you more than it is hurting me.
>> DATA
>> 451 Temporary failure, please try again later.
>
> Nothing to do with the sysadmin. See /usr/src/libexec/spamd/spamd.c.
>
>> I almost didn't join this mailing list when I saw that.  But then I
>> thought -- Why should I deprive myself of this mailing list, because
>> the system administrator of mail.openbsd.org is an a.e?
>
> I think you should retract that statement.
>
>
>
> -- 
> Please keep replies on the mailing list.

Re: Why is tmpfs not working on OpenBSD?

[Eric Furman]

On Mon, Sep 6, 2021, at 8:44 PM, iio7 wrote:
> On Monday, September 6th, 2021 at 12:50 PM, Marc Espie  
> wrote:
> 
> > On Sun, Sep 05, 2021 at 10:12:33PM +, iio7 wrote:
> >
> > > > On 2021-09-05, iio7 <
> > > >
> > > > i...@protonmail.com
> > > >
> > > > wrote:
> > > >
> > > > > mount -t tmpfs tmpfs /home/foo/tmp/
> > > > > ===
> > > > >
> > > > > mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported
> > >
> > > > It isn't built into the standard kernels, disabled with this commit::
> > >
> > > > revision 1.229
> > > >
> > > > date: 2016/07/25 19:52:56
> > > >
> > > > disable tmpfs because it receives zero maintainance.
> > >
> > > Why isn't it removed? It is kinda "misguiding".
> >
> > There might be hope that someone who has the time would do proper
> >
> > maintenance...
> 
> That's fine. I just naturally assumed that something like this would
> be mentioned in the man page, or on the FAQ or somewhere else, which
> is where I looked. When I didn't find anything I just assumed that
> there where something wrong with my system or setup. I didn't even
> consider searching the mailing list because I would never had guessed
> that OpenBSD was in this state. Over the years I have come to know
> OpenBSD for its prime documentation. Shipping a solution in the base
> that isn't working is not what I normally connect with OpenBSD.
> 
> 

It would be helpful if the mount_tmpfs man page mentioned that it is
no longer supported. Seems like that man page was last updated in
November 16, 2014.

Re: Reinstall to upgrade

[Eric Furman]

On Sat, Nov 28, 2020, at 9:40 AM, Gregory Edigarov wrote:
> 
> 
> On 11/25/20 3:26 PM, Manuel Giraud wrote:
> > Hi,
> >
> > I'd like to upgrade (on -current) and, in the process, remove some cruft
> > accumulated over the years. I usually do sysupgrade and sysclean for
> > system.
> >
> > But for packages, I think I would be better to reinstall everything
> > since "pkg_check -F" does not seems to complain and I can see I have,
> > for example, some firefox-57 files left.
> >
> > I think I could do the following but I don't know if it is safe:
> > - sysupgrade (+ sysclean)
> > - pkg_info -mz > mypkg
> > - umount /usr/local
> > - newfs partition_of_usr_local
> > - mount /usr/local
> > - pkg_add -l mypkg
> >
> > Or maybe, I should dump, do a complete reinstall, pkg_add -l mypkg,
> > restore /home and, tediously, restore some /etc files.
> > How would you do this?
> Here's what I found easy to do periodically on my home computers, when I
> feel it is a time to de-clutter:
> 
> #!/bin/sh
> rm -rf /usr/local/*  /var/db/pkg/* /var/db/pkg/.* /etc/rc.d/*_daemon
> /etc/rc.d/avahi* 
> for i in \
> adobe-source-code-pro \
> ansible \
> borgbackup \
> chromium \
> emacs--gtk3 \
> gnupg-- \
> dmenu \
> firefox \
> thunderbird \
> rsync-- \
> git \
> gpicview \
> go \
> rust \
> inconsolata-font \
> ipcalc \
> mplayer \
> mtr-- \
> nmap \
> ntfs_3g \
> openvpn \
> pidgin-- \
> pv \
> spectrwm \
> splint \
> tcptraceroute \
> telegram-purple \
> terminus-font \
> transmission \
> vim--gtk2 \
> xpdf \
> zsh ; do pkg_add  -v $i; done
> 
> so when I am running it I am easily getting the system which I have most
> essential software installed.
> 
>

If you are going to do all that you might as well just re-install from scratch.

Re: How do I get the man page for a package I haven't installed yet?

[Eric Furman]

Let us say just for example I am running Mono on Windows OS.
If I need to look at docs would I go to Microsoft.com?
Of course I wouldn't. That would be silly. I would go to Mono's
website. So why would people think that all the ports docs should
be at OpenBSD.com?

Re: How do I get the man page for a package I haven't installed yet?

[Eric Furman]

On Tue, Jun 23, 2020, at 2:20 PM, Theo de Raadt wrote:
> Ottavio Caruso  wrote:
> 
> > Hi,
> > 
> > Unless I've got it all wrong,  will only
> > display man pages for programs and commands in base. Is there a way to
> > display the man page for a package/port I haven't installed and/or
> > downloaded yet? (This assumes I haven't downloaded the ports cvs
> > tree).
> 
> Doing that would be very annoying and painful, and very few people
> would want it.  It would also substantially degrade the clarity at
> man.openbsd.org

I think the best option is if the program you want to install has
a web page would be to go there and ask them if they could
put up the docs you want.

Re: Filling a 4TB Disk with Random Data

[Eric Furman]

On Mon, Jun 1, 2020, at 10:28 AM, Paul de Weerd wrote:
> storage medium.  Due to smart disks remapping your data in case of
> 'broken' sectors, some old data can never be properly overwritten.

This is why if you are serious you use a degausser.

Re: Comments in source code

[Eric Furman]

On Thu, Apr 23, 2020, at 5:38 PM, Aisha Tammy wrote:
> > If you aren't already, you should be looking at commit messages from
> > where the relevant code was touched. That is often where you'll find the
> > explanations you seek.
> > 
> I have been reading them, Commit messages don't explain algorithms very 
> clearly.
> I agree this is a very specific use case but definitely something that 
> could be improved.
> Some of the things I've been considering useful (in this specific 
> scenario for diff3)
> - explanation for merge function, what it does
> - in merge function, explain how empty for loop is used, as this is a 
> very big loop
>   with a lot of cases
> 
> IMO, any function with a lot of cases should have a small explanation 
> about what it 
> is doing, so the code is a lot more lit.
> 
> Cheers,
> Aisha

I am no expert on reading code myself, but wouldn't be possible to look at
who wrote that bit of code find their email address and ask them?
There might not be a simple terse explanation that would go well in comments.

Re: More than 16 partitions

[Eric Furman]

On Thu, Apr 23, 2020, at 4:16 PM, Strahil Nikolov wrote:
> So, can I setup  openBSD labels on x86_64 without legacy/GPT partition 
> first ?
> And who the hell needs more than 16 partitions ? Why not we just port  
> ZFS from  FreeBSD, or LVM  from Linux and get over it ?
> 
> P.S.: The last one was not a real  question, but I would like  to hear  
> if  anyone has attempted to port any of these  2  .

ZFS cannot be ported to OBSD. It has an unacceptable license.
If something like it were to be used on OBSD it would have to be
written from scratch with a BSD license and it has already been
discussed at length on this list how hard that is.
Besides it is not really necessary. ZFS is overly complex and not
needed in most cases.

Re: Full disk encryption including /boot, excluding bootloader?

[Eric Furman]

Make sure no one has physical access to you machine!
EVER.
Lock it away.
That way no 'Evil Maid' or any one else can access it!
This is not hard.
Why is this a thing?
If someone has physical access to you box then it is Game Over!
All of these fantasy efforts are BS.
Physically secure your hardware people!
You are deluding yourselves. 

Re: Hyperbola Gnu Linux changing to Bsd

[Eric Furman]

On Thu, Jan 2, 2020, at 3:09 AM, Bodie wrote:
> 
> 
> On 2.1.2020 02:56, SOUL_OF_ROOT 55 wrote:
> > Em seg, 30 de dez de 2019 00:59, SOUL_OF_ROOT 55 
> > 
> > escreveu:
> > 
> >> Hi!
> >> 
> >> It is written in article  Free GNU/Linux distributions:

BLAH BLAH BLAH

When are you people going to learn that  SOUL_OF_ROOT 55 
is nothing but a crank and a troll?

Re: Installing OpenBSD -current snapshots

[Eric Furman]

On Fri, Nov 29, 2019, at 2:26 AM, Clay Daniels wrote:
> Nick, thanks for straightening me out about what is actually going on here
> with the install. I see that there is now a fresh snapshot with today's
> date, not the one I downloaded and ran yesterday. This might tend to keep
> one busy. I'm not sure I would not be better off doing what Bruno & Marc
> suggested and run sysupgrade. Thanks to them for the advice.

BTW, why do you want to run -current?
There are only 2 real reasons to do that
1: You HAVE to (for various reasons)
2: You want to help with development and test things. This is a great reason, 
but
you better be prepared for a lot of work. Know what you are doing and file bug 
reports.
Else you won't be a whole lot of actual help.

If these don't apply then you might be better off just running Release.
Not trying to be an A hole here. Just giving you heads up of what is expected of
you if you run -current.
Good luck

Re: When will be created a great desktop experience for OpenBSD?

[Eric Furman]

On Wed, May 8, 2019, at 7:38 AM, Peter N. M. Hansteen wrote:
> > When will be created a great desktop experience for OpenBSD?
> 
> I think it is important to keep in mind that in order to achieve
> *anything* in the OpenBSD project (or other open source projects for
> that matter) the way forward is to work *with*, not against, the
> developers and their code.
> 
> The short version is, please present your ideas of what you want to do
> with sound reasoning and if at all possible supplement with patches
> posted to tech@.
> 
> The patches stand a better chance of being accepted (perhaps along
> with their developer) if the submitter can take comments and valid
> criticisms from competent people (again mainly the developers) in
> stride and seems willing to stay around as maintainer in the longer
> haul (ie not slink back to the shadows after a release or two).
> 
> For anyone considering taking up the theme of this thread, please
> consider whether this could somehow be made into the package with only
> minimal impact on the base system.
> 
> Such a package could for example leverage all the tools already in the
> base systems to generate something like bsd.graphic.{rd,is,fs} and
> offer a skeleton for a site.tgz for the generated install medium.
> 
> If this sounds a lot like what is very achievable with the tools
> already in the OpenBSD base system and seasoned OpenBSD admins would
> do comfortably with a relatively simple autoinstall, it's because that
> is exactly what it is.
> 
> But if there is an actual use case spot we're missing, this would be
> the way to filling it with the least amount of extra work for everyone
> involved.

Peter, it's not going to happen because it would require someone to do work.
The whole point is to try to get others to do it for you.

Re: rtwn

[Eric Furman]

On Tue, Dec 11, 2018, at 8:56 PM, Stanislav wrote:
> OK. What can I do?
> Could you recommend an action I can make?
> Is it normal if I just wait for new version of rtwn?
> Or does this situation mean that mentioned card probably never will be
> supported? 
> 
> I have searched similar cases. 
> Stefan Sperling's report at EuroBSDcon2017:  "Sometimes just adding a new
> PCI/USB device ID is enough to extend device support of an existing driver".
> 
> Or the problem is more complicated and driver is not ready to work with the
> device. Is it? What can I research?

If you really want support for this card the best thing to do is buy
one and contact Theo DeRaadt for information on who to send
it to so they can work on supporting it. If a developer does not
have one of these cards in their possession they can't work on
the driver to make it supported.

Re: OpenBSD logo on my private hompage. It is allowed?

[Eric Furman]

On Thu, Jun 7, 2018, at 10:10 PM, justina colmena wrote:
> On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III  web.com> wrote:
> >
> >
> >On 06/07/18 18:51, justina colmena wrote:
> >> On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer
> > wrote:
> >>> Hallo,
> >>>
> >>> Thanks! I have read over that.
> >>>
> >>> Best regards,
> >>> Johannes Krottmayer
> >>>
> >>> On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin
> >wrote:
>  On 7 June 2018 at 17:36, Johannes Krottmayer 
> >>> wrote:
> > Can I use the OpenBSD logo on my homepage? It is allowed?
> > I can't find any information about this plan.
>  http://www.openbsd.org/art1.html has all the details.
> 
>  C.
> 
> >> " ... it is our intent that anyone be able to use these images to
> >represent OpenBSD in a positive light -- but do not make profit from
> >them"
> >>
> >> The no-profit clause is new. Sounds like I'd better dump OpenBSD
> >entirely if I want to make a profit at any sort of business or keep any
> >of my private information private or retain any of MY intellectual
> >property for my own use. There's a giant hole in my pocket that needs
> >to be sewn up. Not sure where to go. The lawyers are coming out like
> >alligators from the Florida swamps. This is as bad as SCO and groklaw.
> >>
> >> OpenBSD is for non-profit use only. Thank you for bringing that to my
> >attention.
> >> --
> >> https://www.colmena.biz/~justina/contacto.php
> >>
> >I hope your joking. Obviously they don't want rogue people selling 
> >merchandise with these images since it would detract from legitimate 
> >sales that support the project. The operating system's license info is
> >here:
> >https://www.openbsd.org/policy.html
> 
> Straw that broke the camel's back. There are a few other issues, namely 
> people getting foreign psych degrees and prescribing "benzedrine" and 
> such. I don't do drugs, and no, I am most certainly not joking. I am not 
> happy with that kind of stuff, and  I personally do not want to support 
> it on MY web page.

Just the image itself is copyright deRaadt.
He just doesn't want you selling stickers or t-shirts or mugs or or or...
You can make and sell any product you want using OBSD.
No fee or questions asked. Even Baby-Mulching Machines.
If you want to include the OBSD logo in/on your product just write
and ask Theo's permission. Depending on what it is I'm pretty certain
he will give you permission.
Of course if you did make a profit from something you developed using
OBSD a donation would be greatly appreciated, but not required.
Many Big Corporations do it all the time.
(Use OBSD developed software and not give anything back, that is)
Your tinfoil hat is on too tight.

Re: bug tracking system for OpenBSD

[Eric Furman]

On Fri, Mar 30, 2018, at 4:01 PM, Sergey Bronnikov wrote:
> I have made a first step forward in direction to OpenBSD bugtracker
> and imported bugs@ archive to a Fossil SCM -
> https://bronevichok.ru/cgi-bin/b.cgi/rptview?rn=1
> Let's discuss a next step.
> 

You think I'm going to visit a .ru website?

Re: counting dropped packets for pf

[Eric Furman]

On Wed, Mar 28, 2018, at 7:10 PM, 3 wrote:
> > 3(ba...@yandex.ru) on 2018.03.28 23:03:27 +0300:
> >> > On 03/28/18 15:04, 3 wrote:
> >> >> hi guys. when the pflow option first appeared, i was surprised by the
> >> >> stupidity of those who implemented it- pflow could not be specified
> >> >> for block-rules, i.e. dropped packets were not taken into account. as
> i understand- no kosher ways. im asking for illegal ways. many years
> ago there was no way either, but i found a way out. i dont think you
> are dumber than me
> 

You are asking, "How do I use a wrench as a screwdriver?"

Re: OpenBSD IRQ sharing on ISA

[Eric Furman]

On Thu, Feb 8, 2018, at 7:02 AM, Mihai Popescu wrote:
> > Then i setup only one port using configure command all ports work normally.
> 
> I worked a lot with multiple RS-232 ports boards. They all had some
> hardware jumpers to configure the IRQ and Address for each port ( a
> lot of jumpers!). Maybe this option is integrated in your board BIOS,
> check it.
> 
> How did you manage to find and even install 3.8 ?
> 

The question is not how it is why. :)
I have sitting next to me every CD going back to 3.3.
If I were to dig a bit I am sure I  could find even earlier ones.

Re: Resume fails with connected USB hub

[Eric Furman]

On Tue, Jan 30, 2018, at 8:56 PM, Maximilian Pichler wrote:
> On Tue, Jan 30, 2018 at 5:54 PM, Theo de Raadt  wrote:
> > There are a few people who can debug this.  It is quite hard to debug
> > without having a machine on the desk.  Something about have non-working
> > hardware makes Mike and I and others figure out a strategy for determining
> > where it is locking up.  Providing a list of approaches is too hard.
> 
> Not quite sure I got the point, but am more than happy to help in any way I 
> can.

What he is saying is that for this to be properly fixed he needs to have
actual possession of one of these machines. Some one needs to donate
one so they can fix the problem. 

Re: Problems with inteldrm on ASRock J3455-ITX (Apollo Lake)

[Eric Furman]

On Sun, Jan 14, 2018, at 12:53 PM, Nils Reuße wrote:
> Hi there,
> 
> i got a new board (ASRock J3455-ITX) that's based intels apollo lake 
> SoC.  I've updated the bios to the latest version (1.4) and all things i 
> need are supported by openbsd out of the box on 6.2-current, except for 
> the graphic chip, an integrated Intel HD Graphics 500 chip.
> 
> Unfortunately, when i boot the system, the screen goes black very soon 
> (after the cpu info scrolls by) and then it never fully boots (login via 
> ssh is not possible), so i cannot see or check what's wrong.
> 
> If i disable inteldrm on boot, the system boots, ssh works and i can use 
> the system.  Trying to start X fails however.
> 
> As i intend to use the system as a headless server, i do not really care 
> if the card really works, but i'd like to be able to boot the system 
> without disabling inteldrm every time.
> 
> This is the firmware i've currently installed:
> 
>$ doas fw_update -i
>Installed: intel-firmware-20180108
> 
> The graphics card shows as
> 
>vga1 at pci0 dev 2 function 0 vendor "Intel", unknown product 0x5a85 
> rev 0x0b
> 
> Is anyone else here using this board, or is this error due to some 
> changes in the recent snapshots? Any help is appreciated.

This is not an OBSD specific problem.
Intel integrated graphics is crap.
They cause problems for a lot of people.
Do yourself a favor and disable the integrated graphics
and get yourself any cheap graphics card.
Preferably AMD based.

Re: Options for dealing with DES crypt password file

[Eric Furman]

On Thu, Jan 11, 2018, at 3:42 PM, Consus wrote:
> On 18:27 Thu 11 Jan, Jeff Zimmerman wrote:
> > I've got an old server (OpenBSD 4.7 old) with a mixed bag of password
> > hashes in master.passwd. A majority of the passwords (hundreds) are
> > old salted DES crypt format.
> > 
> > Am I correct in my research that everything but Blowfish was removed
> > from crypt() around OpenBSD 5.7? Are there any workarounds for me
> > using the old DES password hashes, or do we need to 'passwd '
> > for hundreds of users?
> 
> Use LDAP already.
> 

We don't really know his situation.
LDAP could be major overkill...

Fwd: Re: Kernel memory leaking on Intel CPUs?

[Eric Furman]

- Original message -
On 05/01/18 08:51, Eric Furman wrote:
> I always love threads like this. :)
> Doesn't it tell anybody anything that none of the developers have commented?


My point was that this thread was just pointless speculation
by a bunch of people who have no idea of what they write.
The Devs aren't going to add to the noise until they *KNOW*
something. So everybody else should just can it.
I have confidence you guys will handle it properly.
Whether that will make all of us happy, well
I won't speculate. :)

Re: Kernel memory leaking on Intel CPUs?

[Eric Furman]

I always love threads like this. :)
Doesn't it tell anybody anything that none of the developers have commented?

Re: Hellos from.. one nation under Üni

[Eric Furman]

Please go spread crazy somewhere else.
We're all filled up here.

On Tue, Jan 2, 2018, at 9:39 AM, Epost wrote:
> I have rationalized this even futher. Some of the reason for me 
> rejecting GNU was indeed the hallucinogenic element. I hate indeed 
> "psilocybin prophets"and that they supposedly can tell me something 
> about reality.
> 
> So I have dropped the entire adamic lineage of psilocybin prophets, and 
> replaced the deity concept with Üni, which is a rational zén realized 
> concept. Indeed "God" already is far a rationalization of the prophets 
> sayings.
> 
> I hope you´ll come around to understanding my view.
> 
> Peace.
> 
> Racoh Box - An alpha specification for a fair economy on available 
> source. - https://www.youtube.com/watch?v=x8HzSVdBHZU
> 

Re: OpenBSD Puffy Stickers

[Eric Furman]

On Fri, Dec 1, 2017, at 02:50 AM, Rudy Baker wrote:
> Alright guys, he gets it. I wouldn't want to have to read two obligatory
> leaving letters in one week :)
> 
> 
> On Dec 1, 2017 1:31 AM, "Eric Furman" <ericfur...@fastmail.net> wrote:
> 
> On Thu, Nov 30, 2017, at 11:07 PM, Theo de Raadt wrote:
> > > Currently the OpenBSD store has mugs, t-shirts, posters, and CDs. All of
> > > those require more expense than stickers. Stickers are rather
> inexpensive
> > > to produce, can be sold for high markup, and cost very little to ship,
> not
> > > to mention are very popular, especially in the tech industry.
> > >
> > > It wouldn't require any new artwork or commissions. If you were to sell
> > > Puffy stickers or OpenBSD Logo stickers I'm sure they'd be top-sellers.
> > >
> > > Case in point, UnixStickers.com charges $2.69 per sticker and that
> doesn't
> > > include shipping.
> >
> > Why should I do that?  You only thought of yourself.
> >
> > What is in it for me?
> >
> > NOTHING.
> >
> > So why should I do this for you?
> >
> > If you think I should, and you repeatedly send mails saying so I can
> > only conclude one thing:
> >
> > You have a self-entitlement issue.
> >
> 
> This *MIGHT* be a great idea, but...
> WHO IS GOING TO DO IT?
> I don't want Theo or any of the Devs wasting their time doing crap like
> this
> that might just turn out to be a wast of time. They should be coding.
> People are always asking "What can I do to help the Project"?
> What people can do is to DO something and not talk about it.
> So, make a batch of stickers yourself and sell them on ebay.
> Then you can see for yourself just how Big A Seller they can be.
> I'm going to bet that it will turn out to take a lot more time and
> effort than you think and that it will turn very little if any profit.
> But hey, don't let me stop you.
> Good luck.

You misunderstand.
I am genuinely trying to give good advice.
I wish him real Good Luck.


I will freely admit,  I am all talk and no action.
My contributions to Obsd over the last 20 years
are nothing more than monetary and hardware
donations. But I will wager that is more than
most of you F** have done.

Re: OpenBSD Puffy Stickers

[Eric Furman]

On Thu, Nov 30, 2017, at 11:07 PM, Theo de Raadt wrote:
> > Currently the OpenBSD store has mugs, t-shirts, posters, and CDs. All of
> > those require more expense than stickers. Stickers are rather inexpensive
> > to produce, can be sold for high markup, and cost very little to ship, not
> > to mention are very popular, especially in the tech industry.
> > 
> > It wouldn't require any new artwork or commissions. If you were to sell
> > Puffy stickers or OpenBSD Logo stickers I'm sure they'd be top-sellers.
> > 
> > Case in point, UnixStickers.com charges $2.69 per sticker and that doesn't
> > include shipping.
> 
> Why should I do that?  You only thought of yourself.
> 
> What is in it for me?
> 
> NOTHING.
> 
> So why should I do this for you?
> 
> If you think I should, and you repeatedly send mails saying so I can
> only conclude one thing:
> 
> You have a self-entitlement issue.
> 

This *MIGHT* be a great idea, but...
WHO IS GOING TO DO IT?
I don't want Theo or any of the Devs wasting their time doing crap like
this
that might just turn out to be a wast of time. They should be coding.
People are always asking "What can I do to help the Project"?
What people can do is to DO something and not talk about it.
So, make a batch of stickers yourself and sell them on ebay.
Then you can see for yourself just how Big A Seller they can be.
I'm going to bet that it will turn out to take a lot more time and
effort than you think and that it will turn very little if any profit.
But hey, don't let me stop you.
Good luck.

Re: ASLR: How Robust is the Randomness?

[Eric Furman]

How is your fork of netbsd doing these days?

On Tue, Nov 28, 2017, at 11:59 PM, Edgar Pettijohn wrote:
> On Tue, Nov 28, 2017 at 09:40:34PM +0100, leo_...@volny.cz wrote:
> > theo wrote:
> > > It is over your head. Or learn to read. Or learn to not reply before
> > > you think.
> > 
> > You know what? You're full of crap.
> > 
> > I may be inexperienced (as you once correctly pointed out), but I know
> > my theory very, very well. Chances are that in a lot of areas, I know
> > it better than *you*.
> > 
> > Like it or not, you're dealing with an equal here. You'll have to treat
> > me that way.
> 
> https://marc.info/?l=netbsd-users=118832592524888=2
> 
> > 
> > If you cannot handle that, well, I'm sorry for you.
> > 
> > /thread.
> > 
> > --schaafuit.
> > 
> 

Re: Hellos from the Lands of Norway.

[Eric Furman]

On Tue, Nov 7, 2017, at 06:13 AM, mich...@hekeler.com wrote:
> This seems to be a very technically orientated and serious discussion.
> ‎Chapeau, Mr. Ywe Cærlyn!
> 

God Bless Norway!

Re: Hellos from the Lands of Norway.

[Eric Furman]

Oh, one more thing. The joke threads are supposed to
be reserved for Fridays. Since you're new you probably
didn't know that.

On Tue, Nov 7, 2017, at 12:04 AM, Eric Furman wrote:
> OK, my understanding of English must be broken because
> I do not understand any of this.
> I just wanted to warn you off starting any discussions about
> BSD vs GNU licensing schemes. Are minds are closed on
> this topic.
> 
> On Mon, Nov 6, 2017, at 11:44 PM, Ywe Cærlyn wrote:
> > So archaically speaking, that is your biggest security issue right there.
> > For instance, if you eat much kebabs, your stomach sings The Quran, and 
> > unfortunately "Mohammed and the companions".
> > If you eat much pizza, it sings The Bible, and "Jesus died for your
> > sins".
> > Now to equalize this, and get Transcendent Truth, for each 3 pizzas, eat 
> > 1 kebab.
> > And you are archaically correct. - There is just one deity, as all 
> > original monotheism teaches. Then you should be at security with The 
> > Chief, justice prevail, and obtuseness conquered.
> > 
> > Peace.
> > 
> > Den 11/7/2017 05:10, skrev Ywe Cærlyn:
> > > As opposed to say, if you have ever had a moment of Mindful Zen, and 
> > > thought of Transcendent Trueness. It is a "song" a bit more like 
> > > "OpenBSD" and "3-clause licence". In other words, 1:1 reality. ;) That 
> > > is why I got interested in OpenBSD instead.
> > >
> > > Peace.
> > >
> > > Den 11/7/2017 04:49, skrev Ywe Cærlyn:
> > >> Yes. I actually had a look a linux earlier. And found for instance a 
> > >> 10ms filter in cpu measurement. I mean, then you haven´t really 
> > >> understood what available resources in a computer is.. And in for 
> > >> instance the LADSPA plugins, is tons of pointer variables. The real 
> > >> song of the GNU licence is this. And "thou shall make no money". That 
> > >> is why it is really going nowhere. WIth the 2 clause licence, you 
> > >> hear a little bit of that song.. Just a warning, from someone who has 
> > >> seen real obtusity in code.
> > >>
> > >> Den 11/7/2017 02:57, skrev Eric Furman:
> > >>> On Mon, Nov 6, 2017, at 03:28 PM, Ywe Cærlyn wrote:
> > >>>
> > >>>> First contribution: You should focus on the 3-clause licence. The two
> > >>>> 2-clause tries to be GNU, and that is a mistake I think.
> > >>> OK, you had me up till here and then this 'Contribution".
> > >>> Is this an attempt at humor? Last time I checked all of the
> > >>> GNU licenses were about 14 pages long of legalese.
> > >>> How is the simpler shorter 2 clause license more like GNU?
> > >>> Sounds like a troll...
> > >>>
> > >>
> > >
> > 
> 

Re: Hellos from the Lands of Norway.

[Eric Furman]

OK, my understanding of English must be broken because
I do not understand any of this.
I just wanted to warn you off starting any discussions about
BSD vs GNU licensing schemes. Are minds are closed on
this topic.

On Mon, Nov 6, 2017, at 11:44 PM, Ywe Cærlyn wrote:
> So archaically speaking, that is your biggest security issue right there.
> For instance, if you eat much kebabs, your stomach sings The Quran, and 
> unfortunately "Mohammed and the companions".
> If you eat much pizza, it sings The Bible, and "Jesus died for your
> sins".
> Now to equalize this, and get Transcendent Truth, for each 3 pizzas, eat 
> 1 kebab.
> And you are archaically correct. - There is just one deity, as all 
> original monotheism teaches. Then you should be at security with The 
> Chief, justice prevail, and obtuseness conquered.
> 
> Peace.
> 
> Den 11/7/2017 05:10, skrev Ywe Cærlyn:
> > As opposed to say, if you have ever had a moment of Mindful Zen, and 
> > thought of Transcendent Trueness. It is a "song" a bit more like 
> > "OpenBSD" and "3-clause licence". In other words, 1:1 reality. ;) That 
> > is why I got interested in OpenBSD instead.
> >
> > Peace.
> >
> > Den 11/7/2017 04:49, skrev Ywe Cærlyn:
> >> Yes. I actually had a look a linux earlier. And found for instance a 
> >> 10ms filter in cpu measurement. I mean, then you haven´t really 
> >> understood what available resources in a computer is.. And in for 
> >> instance the LADSPA plugins, is tons of pointer variables. The real 
> >> song of the GNU licence is this. And "thou shall make no money". That 
> >> is why it is really going nowhere. WIth the 2 clause licence, you 
> >> hear a little bit of that song.. Just a warning, from someone who has 
> >> seen real obtusity in code.
> >>
> >> Den 11/7/2017 02:57, skrev Eric Furman:
> >>> On Mon, Nov 6, 2017, at 03:28 PM, Ywe Cærlyn wrote:
> >>>
> >>>> First contribution: You should focus on the 3-clause licence. The two
> >>>> 2-clause tries to be GNU, and that is a mistake I think.
> >>> OK, you had me up till here and then this 'Contribution".
> >>> Is this an attempt at humor? Last time I checked all of the
> >>> GNU licenses were about 14 pages long of legalese.
> >>> How is the simpler shorter 2 clause license more like GNU?
> >>> Sounds like a troll...
> >>>
> >>
> >
> 

Re: Hellos from the Lands of Norway.

[Eric Furman]

On Mon, Nov 6, 2017, at 03:28 PM, Ywe Cærlyn wrote:

> First contribution: You should focus on the 3-clause licence. The two 
> 2-clause tries to be GNU, and that is a mistake I think.

OK, you had me up till here and then this 'Contribution".
Is this an attempt at humor? Last time I checked all of the
GNU licenses were about 14 pages long of legalese. 
How is the simpler shorter 2 clause license more like GNU?
Sounds like a troll...

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

[Eric Furman]

I'm posting this because it has as much to do with OBSD as all this
bullshit;

https://www.youtube.com/watch?v=py3u3P9OpBE


On Fri, Oct 20, 2017, at 05:52 AM, x9p wrote:
> 
> > hehe - you don´t know the situation in germany ;-)
> > I have seen many of these letters for "one time users" (even those with
> > only a few seconds connection)
> >
> 
> I do actually. By the time i lived there, a friend got something like EUR
> 800 bill for downloading a movie over torrent. Thats why I dont like
> Germany hosting, and enjoy offshore VPS :)
> 
> >
> >
> >> ...but it is really easy and cheap to write an script, collect IPs via
> >> torrent, and send DMCA takedown notices.
> >
> > professional software exists. So noone hacks his own scripts.
> >
> 
> thats not much difference between "professional software" and a bunch of
> scripts doing the same job. been there.
> 
> >
> >
> >> DMCA free ignores this automatic scripts, but of course need to act upon
> >> receiving a court order.
> >
> > Thanks for the clarification of "DCMA free".
> >
> >
> 
> welcome.
> 
> 
> 
> 

Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode

[Eric Furman]

On Tue, Oct 10, 2017, at 04:29 PM, Rostislav Krasny wrote:
> I think it's worth to be supported. The RAID mode of storage
> controller seems to be a default BIOS configuration in all modern
> desktop computers. I think most desktop users don't configure any real
> RAID and continue to use their disks as separate devices. If at least
> this RAID configuration is supported it would be a great progress.

I disagree, but that's just my opinion.
And just because something is "a default BIOS configuration in all
modern
desktop computers" doesn't mean it's a good thing.

Re: Can I use OpenBSD in a virtual machine, for example, VirtualBox?

[Eric Furman]

Your favorite Internet search engine is your friend.

On Mon, Jun 26, 2017, at 05:18 PM, SOUL_OF_ROOT 55 wrote:
> Can I use OpenBSD in a virtual machine, for example, VirtualBox?

Re: Dual booting - can't boot OpenBSD from Windows 10 bootloader

[Eric Furman]

NO professional dual boots OS's
There is NO REAL  reason to dual boot ANY OS's
This is why OpenBSD has stopped supporting such nonsense.
Sorry.
I AM NOT AN OPENBSD DEVELOPER
NEVER HAVE BEEN
NEVER WILL BE.
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/geo/openbsd-developers/files/OpenBSD


On Fri, Sep 23, 2016, at 06:57 AM, Lampshade wrote:
> I have installed OpenBSD before it had UEFI support,
> so I installed in Legacy Boot mode (I have UEFI capable
> laptop).
> I personally use Grub2 installed via
> debian live amd64 standard  image.
> 
> I don't have Gnu/Linux installed.
> I only have bootloader from Debian.
> 
> I have Windows 8.1 and OpenBSD amd64.
> 
> # cat /mnt/ext2/grub/grub.cfg \ 
> > | grep -v -e ^#  -e ^[:space:]*$
> GRUB_DEFAULT=0
> GRUB_TIMEOUT=5
> GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
> GRUB_CMDLINE_LINUX_DEFAULT="quiet"
> GRUB_CMDLINE_LINUX=""
> menuentry "Windows" --class os {
>   set root=(hd0,2)
>   chainloader (hd0,msdos2)+1
> }
> menuentry "OpenBSD" {
>   set root=(hd0,4)
>   chainloader +1
> }
> 
> Grub2 is faster than Windows bootloader.

Re: can't find fstab entry ?

[Eric Furman]

Troll

Look at his email address; r.a.n.d.o.m.d.e.v.4+openbsdm...@gmail.com
An account setup just so he can troll.
I would be willing to bet "Bob Jones" is not even his real name.
Hey Bob, was John Smith already taken?
And I kept it civil. :)
You're not trying hard enough Bob.

On Sat, Sep 10, 2016, at 10:28 AM, Bob Jones wrote:
> Well Theo ... Perhaps you ought to learn the old saying "if you've got
> nothing constructive to say, keep your trap shut"
> 
> I don't give a toss who you are or how awesome you think your little pet
> project is.   I originally asked a perfectly genuine and fair question, 
> I
> am obviously not a OpenBSD veteran . And yet you took it as an
> opportunity to both slag-off the newbie and Linux with a smart-Alec
> reply.
> 
> Thanks for nothing and you can stick your crocodile tears where the sun
> doesn't shine.
> 
> On Saturday, 10 September 2016, Theo de Raadt 
> wrote:
> 
> > If you cannot work your way through the tiny little problem -- of
> > using options from an incompatible operation system -- there is little
> > hope for you in this field and you should probably go back to familiar
> > ground.
> >
> > you will only receive crocodile tears from me.
> >
> > > Theo said absolutely nothing useful ,  and as I said in my prior reply, I
> > > removed the config item he was moaning about and it had zero effect.
> > >
> > > Thanks a bunch guys.  The openBSD community really sucks.
> > >
> > > On Thursday, 8 September 2016, Raul Miller  > > wrote:
> > >
> > > > Perhaps re-read what Theo said, and do not stop and give up when you
> > > > get to the word "linux"?
> > > >
> > > > Good luck,
> > > >
> > > > --
> > > > Raul
> > > >
> > > > On Thu, Sep 8, 2016 at 9:46 AM, Bob Jones
> > > > 
> > > wrote:
> > > > > Soany one care to give a more sensible suggestion than Theo's
> > > > > unnecessary anti-Linux rant ??
> > > > >
> > > > > On Monday, 5 September 2016, Theo de Raadt  > 
> > > > > wrote:
> > > > >
> > > > >> > OpenBSD 6.0 GENERIC.MP#0 amd64
> > > > >> >
> > > > >> > My fstab entry looks like :
> > > > >> >
> > > > >> > 10.10.10.10:/srv/share /mnt/ops_test nfs
> > > > defaults,noexec,nosuid,nodev,auto
> > > > >> 0 0
> > > > >> >
> > > > >> > However:
> > > > >> >
> > > > >> > $ doas mount /mnt/ops_test
> > > > >> > doas (m...@example.com  
> > ) password:
> > > > >> > mount: can't find fstab entry for /mnt/ops_test
> > > > >> >
> > > > >> >
> > > > >> > Any ideas  ?  That style of fstab entry seems to work fine on my
> > linux
> > > > >> > boxes (albeit with nfs4 instead of nfs, but that makes no
> > difference
> > > > >> > on openbsd).
> > > > >>
> > > > >> Well, openbsd is not linux.
> > > > >>
> > > > >> Have no idea what that word "defaults" in there means.

Re: Installer overwrites partition table

[Eric Furman]

On Wed, Aug 24, 2016, at 09:16 AM, Bertram Scharpf wrote:
> On Wednesday, 24. Aug 2016, 08:24:34 -0400, Nick Holland wrote:
> > On 08/24/16 07:15, Bertram Scharpf wrote:
> > > first of all, I am an experienced OS installer and I did a
> > > heck of partitioning in my life.
> > 
> > claim.  And re-installing windows twenty times counts as one OS.
> > Installing Linux five times counts as another.
> 
> The last time I installed a Windows (if we call it an OS)
> was about 1999. I had no Linux for about 7 years until
> graphics weren't supported by BSD on my notebook for a
> while.
> 
> > > But yet it was too late. The partition table was
> > > overwritten.
> 
> The bug is not a concrete misbehaviour but the trap it is
> setting up.

Troll

Ich denke dass du vielleicht ein Hundepimmel bist.

Re: Support for Intel XL710 NIC

[Eric Furman]

On Wed, Aug 17, 2016, at 01:53 PM, Chris Cappuccio wrote:
> ML mail [mlnos...@yahoo.com] wrote:
> > Hi,
> > 
> > Will OpenBSD 6.0 support the Intel XL710 network interface cards?
> > 
> 
> I think someone was working on the Intel 40Gbps chipset but don't
> remember
> who. In any event, the first releast that might include this code is
> OpenBSD 6.1. The 6.0 release is already set.
> 

It might be available sooner, in -current, if someone were to buy some
and send them to the project. I suggest the OP since he requested
this support. I would, but they are in the $400-$500 range and that
is too pricey for me at the moment.

Re: LibreSSL on old OpenBSD

[Eric Furman]

On Sat, Aug 13, 2016, at 01:36 PM, Roderick wrote:
> On Sat, 13 Aug 2016, Theo de Raadt wrote:
> 
> > We prefer creating a world that is simpler.  That is the practice
> > we follow with our bodies of code.
> >
> > You prefer backwards compat.  Fine, that is your choice. You can
> > apply that principle in your own code.
> >
> > Are we finished here?
> 
> It is not so simple. Of course I like simplicity, perhaps more than
> you. And more standards than backward compatibility: that is why
> I wondered that till now there is no standard. But programming
> is always ponderation, in many dimensions. You must decide for example
> between (run) time or space (memory), between security, performance
> or simplicity. Sure, with absolute goals there is no much to decide and
> no
> much discussion, and we are finished.


When are you going to realize that there are no such things as
standards?
They are and always have been a moving target.
What is standard today almost certainly will not be in the future.

Re: LibreSSL on old OpenBSD

[Eric Furman]

On Fri, Aug 12, 2016, at 10:42 AM, Ted Unangst wrote:
> Roderick wrote:
> > BSD is one of the oldest OS with IP support, and still now / few years
> > ago was not clear from where to take MAXHOSTNAMELEN?
> > 
> > OK, sysconf(_SC_HOST_NAME_MAX) may have a theoretical advantage
> > when compiling one program for different systems. Is it a standard?
> > Why was it not before in OpenBSD?
> 
> Standards change.
> 

My dag nabin' new Blu-ray player has neither RCA jacks nor a Toslink
optical jack.
I thought they were STANDARDS!

Re: tmpfs

[Eric Furman]

On Mon, Aug 1, 2016, at 06:41 AM, Marko Cupać wrote:
> On Sun, 31 Jul 2016 21:48:46 +0300
> Consus  wrote:
>
> > Come on, both you and Theo are such drama queens. Shut up already.
>
> This. But I'd say there's more to it.


The guy was just being a troll and Theo saw right through him.
At the risk of sounding like a troll myself since I don't know the whole
story behind tmpfs, I am going to guess that the tmpfs fiasco was
not one of Theo's finest hours and he doesn't want to be reminded
of it. OpenBSD has moved on from tmpfs and the issue is closed.
Theo didn't need this asshole to bring it up again. He did it for only
one purpose, to "F" with Theo. To be a troll.
His follow up responses just proved Theo to be right.

Re: A patch for cal

[Eric Furman]

On Tue, Jun 21, 2016, at 08:43 AM, li...@wrant.com wrote:
> Tue, 21 Jun 2016 07:04:25 -0500 jsg 
> > On Tue, Jun 21, 2016 at 07:42:14AM -0400, Nick Holland wrote:
> > > On 06/21/16 02:22, Abu Unaysah wrote:  
> > > > Peace,
> > > > 
> > > > This patch does away with the sixth week-row of each calendar month,
> > > > using the empty space in the first row in stead, as is conventional
> > > > in most printed calendars.  
> > > 
> > > we buy different printed calendars, apparently.
> > >   
> > > > e.g.  
> > > ...  
> > > > January 2016
> > > > Su Mo Tu We Th Fr Sa
> > > > 31  1  2
> > > >  3  4  5  6  7  8  9
> > > > 10 11 12 13 14 15 16
> > > > 17 18 19 20 21 22 23
> > > > 24 25 26 27 28 29 30  
> > > 
> > > I really don't see a benefit to this, and I do see a downside: Jan 31
> > > comes after Jan 1...not before.
> > > 
> > > My opinion...add $10 to its value, and you can get a coffee at Starbucks.
> > > 
> > > Nick.
> >
> > My 2 centswhy not if its more in line with industry standards, i.e.
> > printing protocol's etc.
> 
> I think Nick is right, the paper economics would mess week order, check:

Nick is almost always right.

Re: Long life on SSD in a firewall environment

[Eric Furman]

On Tue, Jun 21, 2016, at 10:47 AM, Gregory Edigarov wrote:
> On 21.06.16 16:55, Kenneth Gober wrote:
> > On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov  wrote:
> >> Does anyone know if there exist any list of recommendations about how to
> > make
> >> an SSD disk to live as long as possible when using it for firewall
purpose
> > on
> >> OpenBSD?
> > I don't know of a list, aside from what you find in this thread and
similar
> > threads on this list from the past.
> >
> > My own first recommendation is not to worry about it.
> >
> > My second recommendation is: if you must worry about it, change as little
> > as possible.  you don't want to make updates difficult due to excessive
> > customization.
> >
> > I am running OpenBSD 5.9 on an Internet-facing router, on Soekris
hardware
> > with
> > 4GB mSATA SSD storage.  My only concern about SSD durability relates to
> > /var/log and the potential for Internet traffic to cause constant writes
> > there.
> > So I have made minimal changes to guard against that:

> >
> well, but why not just settup syslogd to fan logs out to some other
> server?
>

+1 this plan. IMHO logs should always be kept locally and separately
on a centralized log server. You are much more likely to retain complete
logs if the first one is compromised. Why keep logs locally if you are
logging them remotely? Because if the box is compromised the attacker
will see local logs and be less inclined to look for more logs
elsewhere.
(true, he would have to be a lazy attacker, but still...)

But what we really need to do is STOP THIS STUPID MEME THAT
SSD'S ARE UNRELIABLE.
All disks should be looked at as unreliable and you make plans from
there.

Re: Fifteen questions

[Eric Furman]

Fore the benefit of people searching the mailing list archives for
answers
to similar questions, please only ask ONE question with an
appropriate Subject. You are also much more likely for some one
to respond with an actual answer. The way you are currently
asking, I doubt you will get much help.
BTW, did YOU search the mailing list archive first for these answers?
I have found they answer nearly any question I have.

http://marc.info/?l=openbsd-misc=1=2

If someone knows of a better resource for searching the OpenBSD
mailing lists please let me know.

On Sat, Jun 11, 2016, at 05:42 AM, danston...@yahoo.com.hk wrote:
> Hi guys!
>
> I am currently thinking of buying a new MacBook Air and setting up a
> dual-boot OpenBSD + MacOSX. Reading the mailing-list, I understood that
> OpenBSD is mostly working well on Mac hardware, but I still have some
> questions:
>  a. I read that the wifi is not working, so I will have to buy a wifi usb
>  stick.
> Which one is the best working with OpenBSD?
>  b. Would it be possible to write a driver for the wifi?
> If I want to write one, where should I look at?
>  c. Some people reported that the SSD drive was working, others reported
>  the opposite.
> I really would like to use a SSD drive instead of a standard hard
> drive. (I am the kind of guy who drops his laptop…)
> Is there a way to determine if the SSD drive gonna work or not? (I
> mean, before buying the MacBook Air.)
>  d. Just to be sure: hibernate/ZZZ can be used over a softraid-crypto
>  disk, huh?
>  e. Some time ago, I read that RAID & encryption cannot be used
>  altogether - Is it still true?
> I am interested in privacy and reliability. So I am thinking of
> combining a mirroring discipline and an encrypting discipline: a RAID
> 1 system, and each disk of the RAID 1 would contains the same
> encrypted data. Can I do that?
>  f. In a RAID 1 system with three disks, what happened if one read byte
>  is not the same on all the disks?
>  g. Is it possible to set up a RAID 1 system on a single physical drive?
>(The physical drive would be split in two equal parts, and the second
>part would be a copy of the first part.)
> When I read
>   https://www.openbsd.org/faq/faq14.html#softraid
>   http://man.openbsd.org/OpenBSD-current/man4/softraid.4
> it does not seem possible.
>  h. For softraid-crypto, are there multiple encrypting algorithms
>  provided? Is it possible to choose?
> I mean something like "ssh -c cipher_spec".
>  i. As RAID is good but not enough, I think of using rsnapshot for
>  backing up data (to a remote server).
> But dump(8) seems good too - Is there any cases in which dump(8)
> should be used instead of rsnapshot?
>  j. Just to be sure: Would it make sense to back up encrypted data? Or is
>  there no other choice but to decrypt, back up, and then encrypt the
>  backed up data?
>  k. Between the i386 and amd64 arch, which one would make more sense to
>  use? As far as I am concerned, I am interested in reliability and
>  simple-ness (not interested in speed nor
>  coffee-and-toasts-making-features).
>  l. I understood that signify(1) only signs a file - It cannot encrypt
>  it. To encrypt a file, a software like gnupg should be used, right?
> Does OpenBSD come up with any in-house software to encrypt a file? Or
> do I have to use gnupg?
>  m. Is it possible to encrypt a disk image file? Replacing 'sd' by 'vnd'
>  in the document
>   http://man.openbsd.org/OpenBSD-current/man4/softraid.4
> should do it, right?
>  n. In reading
>   https://www.openbsd.org/faq/faq14.html#MountImage
> it seems like that mounting a disk image file needs to be root, true?
> Is there a way so that a user could mount a disk image?
>  o. Finally, I am thinking of resizing a disk image file. I understood
>  that it can done in using disklabel(8), then growfs(8), finally fsck(8)
>  - That's it? Any comments that I should be aware of?
>
> Thanks a lot for your help.
>
> Romain

Re: syslog on 5.6

[Eric Furman]

On Wed, May 25, 2016, at 03:47 PM, Jeff Ross wrote:
> Thank you, Theo.
> 
> I know this is true.  I was tempted to jump right to 5.9 but decided to
> heed the directions on
> 
> http://www.openbsd.org/faq/upgrade56.html
> 
> "
> 
> *Note: Upgrades are only supported from one release to the release
> immediately following it. Do not skip releases. If you got lucky skipping
> releases in the past, you may not this time."*

What this means is do not try to UPGRADE from say 5.6 to 5.8.
Doing a clean install of 5.9 and migrating your old data and setup is
supported.

Re:

[Eric Furman]

On Mon, May 16, 2016, at 06:47 AM, 1 9 wrote:
> What editor? vim or emacs? what is the reason?
> 

OpenOffice Writer.

Re: openbsd vs freebsd NAT performance

[Eric Furman]

On Tue, Apr 19, 2016, at 05:34 AM, Uwe Werler wrote:
> On 16. Apr  5:10:56, bluesun08 wrote:
> > Hi,
> > 
> > beside OpenBSD 5.8 i installed FreeBSD 10.3 on my router-pc. For routing i
> > use pf.
> > I noticed that the routing/NAT-performance is in FreeBSD noticeable higher
> > than in OpenBSD. I think that is due to the SMP-support of pf in FreeBSD.
> > 
> > Is there also a SMP support (intended) in OpenBSD?
> > 
> > Regards
> > 
> > Alex
> > 
> > 
> > 
> > --
> > View this message in context: 
> > http://openbsd-archive.7691.n7.nabble.com/openbsd-vs-freebsd-NAT-performance-tp294095.html
> > Sent from the openbsd user - misc mailing list archive at Nabble.com.
> > 
> 
xxx
> 
> -- 
> 
This whole thread is nothing but a troll.
Please never mention cal***.org ANYWHERE!
It is out of date BULLSHIT.

Re: Quick APU2 review

[Eric Furman]

On Sun, Apr 17, 2016, at 08:26 PM, Stuart Henderson wrote:
> On 2016-04-15, Daniel Ouellet  wrote:
> >> That's nice.  I don't have a ferrari, I have a rather basic truck.
> >> 
> >> You are off topic.
> >
> > Sorry Theo,
> >
> > He asked for
> >
> > "real world through put?"
> >
> > I provided some to be helpful.
> 
> From a different machine though. Compared to APU1 the APU2 has 4x the L2
> cache, RAM is clocked a quarter faster, twice the number of cpu cores,
> and a few more cpu features (e.g. AES-NI, RDRAND). On the downside the
> bios is still a bit in flux (note it should be possible to flash from
> OpenBSD, but you need a patched version of pciutils).
> 
> It depends on the workload but in certain cases these changes will make
> a huge difference.
> 

But his point is still valid. He knew he had an inferior machine
but it was still able to saturate a 150Mb/s line. That means
unless the person asking for throughput data is using a 
DS4/NA then he probably will be Okay.
These requests for 'Real World' numbers are almost always
stupid, because the people asking are almost certain to never
need the max amount of bandwidth even a modest machine
can supply. Really? Are you actually considering this box
for use at the telecommunications provider you work for?

Re: how to send email via Mail

[Eric Furman]

On Fri, Feb 26, 2016, at 09:22 AM, Артур Истомин wrote:
> On Thu, Feb 25, 2016 at 07:54:20PM -0500, Nick Holland wrote:
> > On 02/25/16 17:01, Jaap Bosman wrote:
> > > Hallo, I would like to use mail(1) for email client.
> >
> > No, really, you don't.
> >
> > > In man mail(1) I read nothing about configure mail to send and receive
> > > email from outside. I would like to find how to configure mail(1).
> >
> > Step 1: you need to read the first few chapters of the Sendmail book.
> > You can skip all the stuff about sendmail configuration, but you don't
> > seem to understand how mail works.
> >
> > And ... hopefully you realize you don't want to get involved in that
> > side of the mail system.  Just pay someone to do that for you.
>
> With this approach, we will have only one email provider. His name is
> Google.
> Spam and other black sides of today email system is price we pay for
> decentralized system. And it's worth it.
>

What Nick was trying to say was, "If you do not understand internet
e-mail from end-to-end please do not run an e-mail server."
There is a lot more to it than just installing some packages.
When you setup a mis-configured e-mail system you don't just
suffer. Everybody suffers.
An amateur running an e-mail server is MUCH more likely to become
a SPAM bot. And, no it is not worth it.

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Eric Furman]

On Wed, Feb 17, 2016, at 09:10 PM, li...@wrant.com wrote:
> Wed, 17 Feb 2016 19:36:35 -0500 Eric Furman <ericfur...@fastmail.net>
> > Now I'm off to the GNU & Linux lists to spread the gospel of OpenBSD!
^^

Whoa whoa whoa, that is not what I wrote.
I wrote OS400 and it was a joke.
I'm not going to anybody's list and preaching anything.
Just to get that clear.

> 
> Better, influence highly skilled programmers, friends, colleagues,
> partners, clients, the wide public, classmates, coeds, teachers, book
> authors and everyone important of the truly free good licenses:
> 
> http://www.openbsd.org/policy.html
> 
> Most projects out of misinformation pick what some other project did
> before them and get stuffed with the dysfunctional limiting newer and
> older versions of the non-Unix recurring acronym advocates of
> incompatible with freedom politics.  Quality software projects first!
> 
> Then educate the worthy developers of useful programs to benefit from
> and improve their own software products by using correct and free
> standard compliant coding practices and innovation from the OpenBSD
> project:
> 
> http://www.openbsd.org/innovations.html
> 
> Also, popularise to the wide global public that software running
> successfully on OpenBSD and designed to benefit from the modern best
> current practices in OpenBSD is inherently multiple orders of magnitude
> better offset from the start compared to portable incapable slow
> adoption single kernel only platforms targeting mass consumption only.
> 
> And for the business users, let them know that OpenBSD is chosen by
> many more industry leading companies from all over the world for the
> first class quality of example setting software, that is actually in
> active live maintenance for more than 20 years and brought tools and
> solution all of them use without even realising it most of the time.
> 
> http://www.openbsd.org/
> 
> OpenBSD provides the best development platform possible and much much
> more, goals of the project are continuously being met with successful
> continuation with each release and more over in between:
> 
> http://www.openbsd.org/goals.html
> 
> But before all this, why not just help test the upcoming release by
> running latest snapshots and not care for any incoming distractions?
> 
> The example OpenBSD sets is quality, ease of use, best developers, and
> widest adopted true solutions.

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Eric Furman]

> Eric Furman wrote on Tue, Feb 16, 2016 at 10:23:27PM -0500:
> 
> > OS400 people don't come on this list and discuss their operating system.
> > VOS people don't come on this list and discuss their operating system.
> > Hell, even Windows people don't come on this list and discuss their OS.
> > I'm totally confused as to why we constantly get GNU/Linux douche bags
> > on this list wanting to talk about GNU/Linux.
> > Here's a heads up; WE DO NOT CARE.

Sorry if I offended replying to this obvious troll.
It was not my intention to disparage all Linux users.
But that being said, we do get a frustratingly large number
of them on these lists that have no intention of having either
a rational or civil discussion about Linux vs BSD.
Not all Linux users are douche bags, but the Linux trolls
that frequent this list are. If you're not one of them, you know
who you are. ;)
I normally don't like replying to trolls, but this one did hit a
nerve, as someone pointed out. :)

BTW, it can be spelled either way.

Now I'm off to the OS400 lists to spread the gospel of OpenBSD!

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Eric Furman]

OS400 people don't come on this list and discuss their operating system.
VOS people don't come on this list and discuss their operating system.
Hell, even Windows people don't come on this list and discuss their OS.
I'm totally confused as to why we constantly get GNU/Linux douche bags
on this list wanting to talk about GNU/Linux.
Here's a heads up; WE DO NOT CARE.

Re: if I were to make a pkg-add diff

[Eric Furman]

FOR GOD'S SAKE STOP TALKING.
Submit your code to tech@ and it will be considered on its merits.
The OpenBSD team is very open to good code.
If it's shite you will get no response.
If it has potential you will get comments.
But NOTHING will happen until they see CODE.

On Tue, Jan 19, 2016, at 02:26 AM, Luke Small wrote:
> I made a small 500 line program I call pkg_ping that calls uname -rm,
> ftp,
> sed, on openbsd.org/ftp.html. then it changes all the parsed http and ftp
> mirrors into http and ftp downloads and changes them to non redundant
> http
> mirrors (it has to to easily call ftp on it). It takes them and downloads
> SHA256 from the mirrors and the parent times how long it takes. If it
> takes
> too long it kills the ftp call and goes on to the next one. Then it sorts
> the results and puts the winner in /etc/pkg.conf replacing all
> installpath
> instances, while leaving everything else. It doesn't do any network stuff
> directly so it probably wouldn't be much of a security problem, but
> because
> it needs to alter a root owned file, it should need root privileges. I
> don't only run the release, so I don't even really know how to pledge it.
> Is this something somebody would be willing to submit to the project and
> maybe alter it slightly.

Re: sudo and globbing

[Eric Furman]

There are so many differences between Linux and every other flavour of
UNIX;
like OpenBSD, AIX, Solaris, etc, that WTF is your point??
Really?
What about Gnu's Not UNIX don't you get?
This crap is just trolling, IMHO.

On Fri, Jan 8, 2016, at 09:27 AM, Alexander Hall wrote:
> On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B  wrote:
> >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
> >> And what about difference? Explain please.
> >> 
> >> > > I discovered an article about sudo and globbing[1] and
> >> > > there's difference how it does work on Linux and OpenBSD.
> >> >
> >> > http://zurlinux.com/?p=2244
> >> >
> >> > > - openbsd
> >> > >
> >> > > # su -s /usr/local/bin/bash - nobody
> >> > > No home directory /nonexistent!
> >> > > Logging in with home = "/".
> >> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*"
> >> > > -rw---  1 _tor  _tor20442 Dec 10 11:32
> >/var/tor/cached-certs
> >> > > -rw---  1 _tor  _tor  1409287 Jan  7 15:56
> >> > /var/tor/cached-microdesc-consensus
> >> > > -rw---  1 _tor  _tor  5107307 Jan  7 17:23
> >/var/tor/cached-microdescs
> >> > > -rw---  1 _tor  _tor0 Jan  7 17:23
> >> > /var/tor/cached-microdescs.new
> >> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*"
> >> > > .cshrc   .profile altroot  bin  bsd  bsd.rd   bsd.sp  
> >dev
> >> > etc  home mnt  root sbin sys  tftpboot tmp
> >> > usr  var
> >
> >^^^ here '*' gets expanded inside original user's shell.
> 
> I see no way that glob would result in the contents of the root
> directory. 
> 
> Here's my guess: everything after -s is concatenated and whitespace
> separated, effectively turning the example into 
> 
> bash -c ls -l /var/tor/cache*
> 
> Thus, start bash and ask it to run "ls". Also pass "-l" and
> /var/tor/cache* as $0, $1... The latter of which is pretty pointless. 
> 
> Thus could be a matter of different default configurations between $LINUX
> and openbsd. 
> 
> /Alexander 
> 
> >
> >> > > - linux
> >> > >
> >> > > [root@slot-1 ~]# su -s /bin/bash nobody
> >> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*"
> >> > > -rw---. 1 root root 26470 Dec 22 17:52
> >/var/cache/ldconfig/aux-cache
> >> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*"
> >> > > -rw---. 1 root root 26470 Dec 22 17:52
> >/var/cache/ldconfig/aux-cache
> >
> >^^^ here '*' gets expanded probably later, as original user does
> >not have access to /var/cache/ldconfig at all.
> >
> >In both cases original user does not have access to /var/tor,
> >respecively
> >to /var/cache/ldconfig.
> >
> >So the question is: why does same command on equally "restricted" dir
> >path gets different output - why on openbsd does '*' get expanded
> >immediatelly but on linux is it taken into account somehow by sudo
> >(?)...
> >
> >j.

Re: The kernels of *BSD include nonfree firmware blobs?

[Eric Furman]

Pen and paper and inconspicuous drop spots.

On Fri, Nov 27, 2015, at 10:33 AM, français wrote:
> The Free Software Foundation (FSF) says that:
>
> "FreeBSD, NetBSD, and OpenBSD all include instructions for obtaining
> nonfree
> programs in their ports system. In addition, their kernels include
> nonfree
> firmware blobs.
>
> Nonfree firmware programs used with Linux, the kernel, are called
> “blobs”,
> and that's how we use the term. In BSD parlance, the term “blob” means
> something else: a nonfree driver. OpenBSD and perhaps other BSD
> distributions (called “projects” by BSD developers) have the policy of
> not
> including those. That is the right policy, as regards drivers; but when
> the
> developers say these distributions “contain no blobs”, it causes a
> misunderstanding. They are not talking about firmware blobs.
>
> No BSD distribution has policies against proprietary binary-only firmware
> that might be loaded even by free drivers."
>
> The affirmations of FSF that I cited above are falses?
>
> With spying revelations, it is well-known that non-free firmware can
> contain
> backdoors. ( just one recent example:
> http://www.wired.com/2015/02/nsa-firmware-hacking/ )
>
> I would feel a lot safer if the kernel and packages were fully free,
> containing no non-free drivers nor non-free "firmware".
>
>
>
>
>
>
>
>
>
> --
> View this message in context:
>
http://openbsd-archive.7691.n7.nabble.com/The-kernels-of-BSD-include-nonfree-
> firmware-blobs-tp283900.html
> Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Welcome-Mail

[Eric Furman]

Yea, but ftp is a shitty protocol that should have died
a merciful death a long time ago so

On Mon, Nov 16, 2015, at 06:07 AM, Marc Peters wrote:
> Am 11/16/15 um 12:00 schrieb Stefan Wollny:
> > Hi there,
> > 
> > I may be wrong but I thought usage of ftp to get information and to
> > download packages is discouraged. I just noticed (after having done a
> > fresh install of amd64-current) reading the welcome mail "Welcome to
> > OpenBSD 5.8!" that the ftp-protocol is still given.
> > 
> > Instead
> > ftp://ftp.openbsd.org/pub/OpenBSD/5.8/packages
> > shouldn't this rather be
> > http://ftp.openbsd.org/pub/OpenBSD/5.8/packages
> 
> ftp is still a valid option for packages. The installation via ftp is
> not supported anymore.
> 
> 
> Marc

Re: OT:Paris..

[Eric Furman]

I am Christian.
I have friends who are Muslim.
This is what we can both agree upon.

Outside the scope of this list
People got hurt
Can't say why
Always a bummer
Hope folks are A OK.
peace ok@ please

On Sun, Nov 15, 2015, at 04:41 AM, noah pugsley wrote:
> I hope I don't seem like a cheerleader for reflecting your sentiments.
> Null
> politics. Null comment. Geopolitical associations are outside the scope
> of
> this list.
> 
> People got hurt. Can't say why from my armchair. Always a bummer. Can't
> or
> won't do much about it but genuinely hope folks are A OK.
> 
> peace ok@?
> 
> On Sat, Nov 14, 2015 at 9:03 AM, John Long  wrote:
> 
> > Miod, are you ok? Condolences and hoping for the best for you guys.
> >
> > /jl
> >
> > --
> > ASCII ribbon campaign ( ) Powered by Lemote Fuloong
> >  against HTML e-mail   X  Loongson MIPS and OpenBSD
> >and proprietary/ \http://www.mutt.org
> >  attachments /   \  Code Blue or Go Home!
> >  Encrypted email preferred  PGP Key 2048R/DA65BC04

Re: Linus Torvalds thoughts on Linux Security

[Eric Furman]

Please don't encourage trolls.
This has already been discussed at length on this list to no purpose.

Re: disklabel fs types, where can I find the whole list of supported types?

[Eric Furman]

Its been explained to you already.
You're just being a troll now.

On Mon, Oct 5, 2015, at 03:53 AM, Mikael wrote:
> Right, I am fully aware of that (i.e. that you can type in MBR partition
> type as HEX code in the fdisk tool) - please correct me if I'm wrong, but
> that is specific to the FDISK (and the MBR partition table only), and the
> BSD disklabel and hence what you're working with in the disklabel tool,
> is
> separate altogether from that;
> 
> My question was (third time now), which FS types are available in the
> disklabel tool?
> 
> Is it "4.2BSD", "swap", "RAID" and "unknown" only, or are there any more?
> 
> 
> 2015-10-05 15:41 GMT+08:00 Dusan Sukovic :
> 
> > Yes, but beside ffs HEX id inside fdisk prompt you have also ffs partition
> > id values in plain English..
> >
> > Regards,
> >
> > Dusan
> >
> > 2015-10-05 9:28 GMT+02:00 Mikael :
> >
> > >
> > > And, the disklabel filesystem type is requested as a string (unlike the
> > > fdisk partition type which is an 8-bit unsigned integer typically entered
> > > in hex) and hence you need to know which options are available:

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

[Eric Furman]

On Sun, Sep 27, 2015, at 01:11 PM, Matt Hamilton wrote:
> > On 27 Sep 2015, at 18:01, Theo de Raadt  wrote:
> >
> >> Quernus  wrote:
> >>> On 27 Sep 2015, at 16:10, Stuart Henderson  wrote:
> >>>
>  On 2015-09-27, Quernus  wrote:
> 
>  I actually run OpenBSD in a VM on FreeBSD using bhyve which gives me the
> >> best
>  of both worlds.
> >>>
> >>> This has an impact on security, of course.
> >>
> >> In what way? If you mean the hypervisor does not provide adequate
> separation
> >> between VMs then that is not really an issue as I control the host and all
> >> VMs. If any are compromised then I have bigger issues.
> >
> > We don't need to make precise claims about which parts will break, nor
> > how.
> 
> I’m not asking that. I was just curious as to what the basis was for
> the
> ‘this has an impact of security’ statement with no context or backup
> of
> the statement.
> 
> > The problem here is the process of gluing all-the-parts together
> > without evaluating what is oging on.  You need not talk about big
> > issues once things go worng -- you do have big issues right from the
> > start, just like everyone else.
> >
> > Once you hook a system up to the internet, it is the internet that is
> > trying to push the buttons of the system.
> 
> Indeed, hence the statement ‘This has an impact on security, of
> course’
> could be applied to attaching any software or hardware of any kind to any
> kind
> of network. Writing this email ‘has an impact on security, of
> course’.
> Opening my front door in the morning 'has an impact on security, of
> course’.
> It is a uselessly vague statement on it’s own.
> 
> > By combining many disparate pieces together, you require all those
> > layers of software to make the right decisions, and never make wrong
> > decisions.  You require all the programmers to be largely infallable.
> >
> > You are testing all the parts at once.
> >
> > There's a general rule which may apply here:
> >
> >More software, more bugs.
> >
> > It is clear that your priority is on gaining more operational
> > features, rather than greater quality.
> 
> Yup. Alas, utopia doesn’t exist. We all have to make compromises and
> prioritise our requirements and trade offs. For me, this is a very nice
> blend
> of security, manageability and convenience for my use-case. YMMV.
> 
> > I know lots of people are doing the same.  Anyways, good luck with it
> > long term.
> 
> Thanks! I’m blogging about how it is turning out. So far seems to be
> working
> pretty nicely.

You really don't get it. Running OpenBSD in a VM gives you no
security benefits of OpenBSD. Your base security will be your
host, in this case FreeBSD. And on top of that you are running
a very complex piece of software, the VM. Who knows what
security holes are in it.

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

[Eric Furman]

On Sun, Sep 27, 2015, at 06:22 PM, Matt Hamilton wrote:
> > On 27 Sep 2015, at 22:57, Theo de Raadt <dera...@cvs.openbsd.org> wrote:
> > 
> >>> On 27 Sep 2015, at 22:38, Eric Furman <ericfur...@fastmail.net> wrote:
> >>> 
> >>> You really don't get it. Running OpenBSD in a VM gives you no
> >>> security benefits of OpenBSD. Your base security will be your
> >>> host, in this case FreeBSD. And on top of that you are running
> >>> a very complex piece of software, the VM. Who knows what
> >>> security holes are in it.
> >> 
> >> 
> >> I do get it. I guess you wrote this before reading my last reply. That
> >> explains the situation.
> >> 
> >> Yes, the base security will be my host. Putting an OpenBSD VM on there
> >> does not (IMHO) significantly decrease the security of that host. I
> >> agree that it is adding complexities and there could be potentially
> >> unforeseen security issues due to the combination. e.g. something like
> >> OpenBSD's ability to generate random number could somehow be
> >> affected by the underlying VM that would not be present on bare metal.
> > 
> > Any additional code you run, beyond the minimum, increases your exposure
> 
> Indeed. Which is why you are typing this on a typewriter, right? I mean,
> I don’t know what editor you use, emacs, vi, mg, whatever… but that is
> additional code right? That has increased your attack surface. But you
> deem that an appropriate compromise to absolute security as you want
> feature and convenience.
> 
> > You are so clueless.  It's amazing.
> 
> 
> No. The fact that I have tried an experiment and have a setup that has
> different priorities on it’s requirements to someone else’s setup or
> requirements is not clueless. It is different. OpenBSD just does not
> offer the functionality (e.g. a large, redundant filesystem, ala ZFS) I
> need to get the job I want to do done on it’s own. So I need additional
> software to achieve that. End of story. Yes it is a larger attack
> surface, yes it is added complexity. I fully understand that. But I need
> additional software to achieve my end goals.
> 
> This thread started with someone who is starting to learn and wanted to
> know which OS, OpenBSD or FreeBSD would be best for their requirements. I
> don’t feel putting forward an idea that you could run OpenBSD as a VM and
> have both is so unreasonable.

OK, I read your blog. I see you are running this on x86 hardware.
X86 hardware provides NO real hardware virtualization.
You are clueless. Your VM and OpenBSD in the configuration
gives you NO added security. Just convenience. If that's all
you care about, fine, but don't delude yourself into thinking
that you are somehow adding security by running OpenBSD
in this fashion.
VM's give you no added security unless you are running them
on hardware that has been designed for that purpose, such
as IBM mainframes or the AS400. Probably some others
I'm leaving out, but NOT x86 hardware.
Just search for VM and security on the internets and see
what comes up. Secure they are not.

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

[Eric Furman]

On Sun, Sep 27, 2015, at 09:34 PM, jungle Boogie wrote:
> On 27 September 2015 at 17:34, Eric Furman <ericfur...@fastmail.net>
> wrote:
> > Just search for VM and security on the internets and see
> > what comes up. Secure they are not.
> 
> 
> Where in the blog does Matt discuss 'secure' and/or 'security' outside
> of discussing freebsd binary updates system? It seems he's aware of
> how insecure the setup is and its more of a convenience.
> 
> I think it's quite clear what Matt wants: ipsec without the need to
> compile in the special bits needed for it in freebsd.

Reread the whole thread.
He doesn't mention it in his blog. He asks about it in this thread.
Stuart comments on his setup by saying; 
"This has an impact on security, of course.'
He came back and asked how. And making a statement that clearly
demonstrates that he does not understand the risks of VMs.
Then Theo says we don't need to explain it to him.
If you understand security the problems are self evident.
Then he came back and implied that the running of a text
editor was comparable in security risk as running a VM.
And then he states; "For me, this is a very nice blend
of security, manageability and convenience for my use-case."
This statement clearly demonstrates that he believes his
setup is secure. When, in fact, it is not.
That's why the security implications were brought up.
Hope this helps.

Re: radeondrm firmware archive problem?

[Eric Furman]

On Sun, Aug 9, 2015, at 01:42 PM, Theo de Raadt wrote:
   On Sat, Aug 08, 2015 at 10:59:15PM -0800, pstern wrote:
   hello:
  
   I recently put a couple of Dell optiplex 7010 machiens in operation using
   OpenBSD 5.6 and 5.7. Both machines have a radeon card in them.
  
   vga1 at pci1 dev 0 function 0 ATI Radeon HD 7470 rev 0x00
  
   I ran into the video going to gray screen during the boot process when it
   tried to switch to high res. I disabled the radeondrm temporarily to get 
   the
   machines to boot.
  
   I found the radeondrm-firmware-20131002p2.tgz at firmware.openbsd.org
  
   Trying to use pkd_add would not work because it kept reporting the 
   archive
   was corrupt. I believe the problem was actually the signature in the 
   archive
   wasn't current and could not be validated against the certificates in
   /etc/ssl or /etc/signify.
   Nope. it's that it's signed with the firmware keys... which is why you
   install firmwares with fw_update and not pkg_add.
  
   I ended up manually loading the firmware in /etc/firmware, which 
   resulted in
   bypassing verifying the archive, but the archive expanded without a 
   problem.
   The machines run fine with the contents of that archive in place.
  
   Is there something wrong with that archive?
   The fact that it looks like a normal package doesn't mean it's a normal
   package. Since you expanded it manually, you can look at the @signer line
   in the contents. You'll see the signature name in all its glories.
  
   The design of signify means it's the *commands* that decide which 
   signatures
   they trust. There are three classes of keys in openbsd. Trying to verify
   a fw-signed archive with a pkg-checking command won't work.
  
  
  I saw that pkg_add is discouraged at the bottom of the man page for 
  fw_update.
  
  Trying local update
  
  # ls -la /etc/firmware/*.tgz
  -rw-r--r--  1 root  wheel  1224091 Aug  8 15:08 
  /etc/firmware/radeondrm-firmware-20131002p0.tgz
  # fw_update -n -v -p /etc/firmware/radeondrm-firmware-20131002p0.tgz
  fw_update: Path to firmware: /etc/firmware/radeondrm-firmware-20131002p0.tgz
  fw_update: Installing firmware:  
  radeondrm-firmware.file:/etc/firmware/radeondrm-firmware-20131002p0.tgz/ is 
  empty
  Can't find radeondrm-firmware
  
  trying directly from firmware.openbsd.org
  
  fw_upate -n -v -p 
  http://firmware.openbsd.org/firmware/5.7/radeondrm-firmware-20131002p0.tgz
  
  fw_update: Path to firmware: 
  http://firmware.openbsd.org/firmware/5.6/radeondrm-firmware-20131002p0.tgz
  fw_update: Installing firmware:  radeondrm-firmware.
  Error from 
  http://firmware.openbsd.org/firmware/5.7/radeondrm-firmware-20131002p0.tgz/
  ftp: Error retrieving file: 404 Not Found
  http://firmware.openbsd.org/firmware/5.7/radeondrm-firmware-20131002p0.tgz/ 
  is empty
  Can't find radeondrm-firmware
  
  What is the correct way to deal with this file?
 
 Just Wow.  The right way to use it is
 
 # fw_update
 
 That's it, you don't need any specific options, nor do you have to
 give it URLs to files.  It autodiscovers.
 
 For some firmwares, you need to follow this with a reboot so that the
 kernel can find the actual firmwares early enough in boot.
 
 You really are inventing your own difficulties.  Sometimes you have to
 step back and go Wow, I am passing 5 arguments to the program.  Is that
 what the system developers would have intended as normal operation?
 
 The answer is NO.
 

Linux trains people that kind of shit is normal.

Re: OpenBSD httpd version

[Eric Furman]

The sooner people know they are dealing with OpenBSD
the sooner they give up and look for a softer target.

On Thu, Jul 30, 2015, at 08:11 AM, averl...@nextmail.ru wrote:
 Hi All.
 
 How do I hide OpenBSD webserver name info from clients? 
 I do not want to show the world what operating system and web server is
 used.
 
 So I made a few changes on the 5.7-stable.
 
 [demime 1.01d removed an attachment of type text/x-diff which had a name
 of httpd.patch]

Re: Disk Problem

[Eric Furman]

On Fri, Jul 10, 2015, at 09:15 PM, Vijay Sankar wrote:
 
 Quoting Eric Furman ericfur...@fastmail.net:
 
  On Fri, Jul 10, 2015, at 01:57 PM, Vijay Sankar wrote:
  Quoting Otto Moerbeek o...@drijf.net:
 
   On Fri, Jul 10, 2015 at 04:04:04PM +, Vijay Sankar wrote:
  
   My objective for this weekend was to follow the new dpb and build ports
   without using sudo. So I was hoping to upgrade to the latest  
  snapshot on a
   system that I use for tests.
  
   The test system has a 2TB drive and it had two 300GB partitions in it 
   for
   ports and vm; and a 120GB SSD for the OS and used to look as follows:
  
   Filesystem SizeUsed   Avail Capacity  Mounted on
   /dev/sd1a 1005M   55.0M900M 6%/
   /dev/sd1k 64.5G   20.9G   40.3G34%/home
   /dev/sd1d  3.9G   10.0K3.7G 0%/tmp
   /dev/sd1f  2.0G966M946M51%/usr
   /dev/sd1g 1005M191M764M20%/usr/X11R6
   /dev/sd1h  9.8G2.9G6.5G31%/usr/local
   /dev/sd1j  2.0G2.0K1.9G 0%/usr/obj
   /dev/sd1i  2.0G827M1.1G43%/usr/src
   /dev/sd1e 13.5G   26.5M   12.8G 0%/var
   /dev/sd0h  298G176G107G62%/ports
   /dev/sd0f  298G   19.6G263G 7%/vm
  
   My /etc/fstab was
  
   4f0cd8b5e7fd8f6a.b none swap sw
   4f0cd8b5e7fd8f6a.a / ffs rw 1 1
   4f0cd8b5e7fd8f6a.k /home ffs rw,nodev,nosuid 1 2
   4f0cd8b5e7fd8f6a.d /tmp ffs rw,nodev,nosuid 1 2
   4f0cd8b5e7fd8f6a.f /usr ffs rw,nodev 1 2
   4f0cd8b5e7fd8f6a.g /usr/X11R6 ffs rw,nodev 1 2
   4f0cd8b5e7fd8f6a.h /usr/local ffs rw,nodev 1 2
   4f0cd8b5e7fd8f6a.j /usr/obj ffs rw,nodev,nosuid 1 2
   4f0cd8b5e7fd8f6a.i /usr/src ffs rw,nodev,nosuid 1 2
   4f0cd8b5e7fd8f6a.e /var ffs rw,nodev,nosuid 1 2
   4d43e3389228e319.h /ports ffs rw,nodev,nosuid 1 2
   4d43e3389228e319.f /vm ffs rw,nodev,nosuid 1 2
  
   I am not sure what happened -- but when I rebooted the system  
  this morning
   /ports and /vm would not mount; so I commented out the last two lines in
   /etc/fstab and rebooted. After reboot disklabel seems to have changed
   completely and it currently looks like this:
  
   # disklabel sd0
   # /dev/rsd0c:
   type: SCSI
   disk: SCSI disk
   label: ST2000DM001-1CH1
   duid: 
   flags:
   bytes/sector: 512
   sectors/track: 63
   tracks/cylinder: 255
   sectors/cylinder: 16065
   cylinders: 503
   total sectors: 8089950
   boundstart: 0
   boundend: 8089950
   drivedata: 0
  
   16 partitions:
   #size   offset  fstype [fsize bsize  cpg]
 c:  80899500  unused
  
  
   Is there any way fix the disklabel or is this an error that is  
  impossible to
   recover from? duid used to show up as 4d43e3389228e319 and not
   .
  
   Please let me know if you have any suggestions.
  
   Get your old label from /var/backups and try to restore it with
   disklabel -R.  You don't tell what your platform is, it might be that
   you also need to do fdisk work first to restore the mbr partition
   table.
  
   But of course, it is also interesting to know what happened to you
   disk. But since you do not tell us what you did you are on your own
   here.
  
-Otto
 
  Thank you very much. I am running an older snapshot OpenBSD 5.7
  -current as of Mar 19, 2015. I thought of -R with disklabel but since
  the drive seems to show itself as a 3950MB drive instead of a 2TB
  drive, I was not sure how to do this.
 
  The problem truly is I am not sure what I did to cause all this
  problem!!! The sequence of actions were as follows. Since I had not
  looked at this box for a while I was just logging in to look at where
  I had kept everything. I did a cd /ports/packages/amd64/all and got an
  input error when I tried to edit a file. So I did a shutdown -h now;
 
  -
  opened the 3.5 and 2.5 hotswap drive bays and pulled both drives out
  and pushed them back in. Powered the system on at which point I was
  ^^
 
  I am very curious to know why you did this.
  What am I missing here?
  -
 
  dropped into the shell because /vm and /ports had errors. So I tried
  to do a fsck_ffs and that failed. At that point I looked at disklabel
  and noticed that the duid was gone. fdisk sd0 does not show anything
  other than:
 
  # fdisk sd0
  Disk: sd0   geometry: 503/255/63 [8089950 Sectors]
 
  I tried the disklabel -R as you suggested;
 
  # disklabel -R sd0 disklabel.sd0.current
  disklabel: partition a: partition extends past end of unit
  disklabel: partition c: partition extends past end of unit
  disklabel: partition d: offset past end of unit
  disklabel

Re: Why does my 5.7 laptop suspend when I close the lid?

[Eric Furman]

A lot of people worked very hard to add this feature, 
because most people wanted it.
Search the archives

On Tue, Jun 30, 2015, at 02:38 PM, Alan Corey wrote:
 I didn't ask it to do that and I don't know how to unsuspend.  As far
 as I'm concerned this is an undocumented feature.  If I want to
 suspend I'll type zzz.  I haven't found a way to turn this off.
 
 -- 
 Credit is the root of all evil.  - AB1JX

Re: GROUP CHANGED

[Eric Furman]

On Sun, Jun 14, 2015, at 06:14 PM, andrew fabbro wrote:
 On Sun, Jun 14, 2015 at 10:17 AM, Marc Espie es...@nerim.net wrote:
 
  Note that the description of wheel characteristics
  in FSF's Linux used to be hilarious.
 
 
 Yes, it was on the su(1) man page...it's still in their docs:
 
 http://www.gnu.org/software/coreutils/manual/html_node/su-invocation.html#index-fascism-2365
 
 So welcome to the oppressive, totalitarian regime of *BSD.  If you've got
 root, be sure to claim your free pair of hobnailed boots to place on the
 necks of your users.  CEMENT THE POWER!

This is all you need to know;
(This section is by Richard Stallman.) 

Or, Warning; delusional nut job about to pontificate.

Re: OpenBSD Foundation and OpenBSD Project

[Eric Furman]

On Tue, May 5, 2015, at 12:19 AM, Hrishikesh Muruk wrote:
 Hi
 
 I dont want to purchase 5.7 CDs and pay international shipping (also done
 have a CD drive). I would like to donate that amount instead.
 
 From the OpenBSD Project donations page (
 http://www.openbsd.org/donations.html) I gather that donations to OpenBSD
 Project are different from donations to OpenBSD Foundation.
 
 When one purchases a OpenBSD CD from the OpenBSD store does that money
 (after admin fees etc) go to Project or Foundation?
 
 Thanks
 Hrishi
 

From what I understand, but things may have changed, most of the
money from CD sales goes to pay Theo's living expenses. Without
that money Theo would have to get a job and that would be very bad
for everybody that uses OpenBSD.
Please correct me if I'm wrong.

Re: 5.7 upgrade question

[Eric Furman]

If you are new to OpenBSD you should probably avoid
running -current until you are much more familiar with
everything.

On Thu, Apr 23, 2015, at 10:49 AM, Joseph Oficre wrote:
 Yeah, i read faq as well, but english is not  my native lang so from time
 to time i just cant clearly understand what something means and prefer to
 ask it.
 
 Ty for help! I appreciate it so much.
 
 2015-04-23 10:42 GMT-04:00 Raf Czlonka rczlo...@gmail.com:
 
  On Thu, Apr 23, 2015 at 03:27:15PM BST, Joseph Oficre wrote:
 
   Oh, i got it, ty for advices, friends! Im pretty new in openbsd, so
   that kind of questions can appear from me.
 
  Please do your homework before asking a question[0].
 
  OpenBSD has excellent documentation - start with manual pages[1] and
  FAQ[2]
 
   So, if i want to run snapshots...how offten do u guys update ur
   previous one to newer? I just dont want to update my system every few
   days, ones in month would be nice tho...
 
  Provided there are no obvious bugs and you're not planning on installing
  any ports or packages, there's nothing stopping you from doing so -
  always check Following -current[3] beforehand.
 
  [0] http://www.openbsd.org/mail.html
  [1] http://www.openbsd.org/cgi-bin/man.cgi
  [2] http://www.openbsd.org/faq/
  [3] http://www.openbsd.org/faq/current.html
 
  Raf

Re: Secure PDF viewer

[Eric Furman]

On Sat, Apr 4, 2015, at 01:17 PM, Landry Breuil wrote:
 On Sat, Apr 4, 2015 at 6:31 PM, Kevin Chadwick m8il1i...@gmail.com
 wrote:
 
  On Fri, 3 Apr 2015 08:24:36 + (UTC)
  Stuart Henderson wrote:
 
   I'm not
   sure whether the in-browser renderers are based on these or something
   else,
 
  Firefox uses jspdf (javascript pdf)
 
  I think but am not sure if this is the right link
 
  https://github.com/MrRio/jsPDF
 
 
 Why do ppl feel compelled to reply when they have no clue about a subject
 ?
 Firefox uses https://github.com/mozilla/pdf.js/ developped my mozilla
 itself, and it's as secure as any pdf viewer.

So what does that mean? Are you saying there are no secure
pdf viewers or that I don't really need to worry about it that much?

Re: a few questions to httpd

[Eric Furman]

On Wed, Apr 1, 2015, at 11:21 AM, Markus Rosjat wrote:
 Am 01.04.2015 um 16:51 schrieb Alexander Hall:
  On April 1, 2015 4:32:43 PM GMT+02:00, Markus Rosjat ros...@ghweb.de 
  wrote:
  Hi there,
 
  since 5.7 will not have a apache or a nginx as  out of the box
  webserver
  it would be nice to know something about the new httpd. I try to
  google arround but I only found man pages. So I try to get some answers
 
  here.
  It didn't occur to you to actually read said man pages? Some, if not all, 
  of your questions might be answered right there... ;-)
 
  /Alexander
 I'm a german , extremly lazy and a dummy by default (ask arround you'll 
 see )

How dare you slander Germans like that. ;-)

Re: Secure PDF viewer

[Eric Furman]

Thanks for the info and I expected someone to suggest this,
but I didn't really want to go all crazy. :)
I wanted to know if there was a secure one so I wouldn't have
to jump through all these kind of hoops.
Thanks anyway.

On Thu, Apr 2, 2015, at 04:17 PM, dan mclaughlin wrote:
 On Thu, 2 Apr 2015 11:47:04 -0400 Jiri B ji...@devio.us wrote:
  On Thu, Apr 02, 2015 at 12:33:25AM -0400, Eric Furman wrote:
   I sometimes have to deal with PDF files (ugh) and all
   I need is the ability to view and print them, nothing
   fancy. With security in mind I would like to get opinions
   on the best one to use.
   Thanks.
 
 hardly any existing software is written with security in mind, so...
 mitigation is the word. and since sometimes even the best coders may
 slip up...
 
  
  Run it chrooted under non-default (0) routing domain
  and you should be in 99 % fine.
 
 and running under it's own user as well.
 
 some of these mitigation techniques and more have been discussed
 recently:
 https://marc.info/?l=openbsd-miscm=142703553113760w=2
 https://marc.info/?l=openbsd-miscm=142637712203350w=2
 https://marc.info/?l=openbsd-miscm=142676615612510w=2
 
 the last thread is my experiments with ssh chroot jailing. if you
 decide to go the chroot route, you need to read that. you would
 have to do some additional work (eg set up a device) to get a
 printer working. there is also some info on using Xephyr. i use
 a jailed xpdf myself just as in the examples.
 
 and instead of routing, i use a pf rule:
 
   block out log
   pass out log quick on $intif proto tcp user { root, browse, 1000 }
   pass out log quick on $intif proto udp user { root, browse, 1000 }
 
 but you could just block the one user:
 
   block out log quick on $intif proto tcp user pdf
   block out log quick on $intif proto udp user pdf
   pass out
 
 at the very least, you want to run it under it's own user, using
 'ssh -X' and Xephyr.
 
  
  (I still can't figure out how to make apps in Xephyr
  maximalized without help of a WM.)
 
 many programs have command line options to control some of this.
 eg 'xpdf -fullscreen'. although that doesn't always give me the
 interface i want. but 'xpdf -geometry xXy' works too. i have
 scripts that syncronize the Xephyr geometry and the app's.
 
  
  j.
  
 
 in sum, a dedicated unpriviledged user, using ssh -X and Xephyr, with
 a pf rule (as above), and maybe chroot. about the best you can do for
 any program. one of those threads is about systrace, but that might
 be more complicated to set up (haven't looked into it too much myself).

Secure PDF viewer

[Eric Furman]

I sometimes have to deal with PDF files (ugh) and all
I need is the ability to view and print them, nothing
fancy. With security in mind I would like to get opinions
on the best one to use.
Thanks.

Re: Fund raising

[Eric Furman]

I'm not going to give you any shit. I think you are well intentioned.
However the number of people who would pay for such a thing is
so small that it is not worth the time and effort to create it.
One of the worst side effects of Linux and the FSF is that now
their are millions of pricks who think *EVERYTHING* should
be free. This attitude screws projects like OpenBSD.
What is so much trouble and bother about buying a CD?
I have bought CD releases. Most of them, in fact.
Not once was it any trouble or bother.
If you don't want the CD just give it away.

On Thu, Mar 26, 2015, at 01:40 AM, worik wrote:
 I got a lot of shit on this list for suggesting that the OpenBSD project
 sell documentation collections (that are freely available elsewhere) as
 a method of raising funds for the project as CD rom sales dry up.
 
 A lot of shit on list and especially off list (one clown made up a gmail
 address especially to tell me to fuck off.  Way too much time some
 people have)
 
 Today I spent $US5 on an ebook containing tutorials for software  I am
 considering using.  By exercising my mouse I could have got it for free.
 
 I did not.
 
 So I am bringing this up again.  I do not want CDROMs.  I have been to
 the trouble of paying for one and insisting they do not post it, but it
 was a lot of bother.
 
 I would pay for a collection of release notes for each new release.
 
 I support this project and I would like to support Theo directly - as CD
 sales do.
 
 So once again (at the risk of infuriating idle clowns) I respectfully
 suggest that the project consider such a release beside and as well as
 CDROMs.
 
 I do realise that I am proposing a good idea for some one else to do.
  I cannot lead such a task as I am a OpenBSD newbie.
 
 W
 
 PS For those who might care I bought Backbone Tutorials by Thomas
 Davis.  https://leanpub.com/backbonetutorials
 
 -- 
 Why is the legal status of chardonnay different to that of cannabis?
worik.stan...@gmail.com 021-1680650, (03) 4821804
   Aotearoa (New Zealand)
  I voted for love

Re: lynx is gone?

[Eric Furman]

On Thu, Mar 5, 2015, at 08:24 PM, Paolo Aglialoro wrote:
 Dear Theo,
 
 I respect you as a person and I respect your work.
 
 This said, I can also tell you that, after a few years reading misc@,
 there
 is still one thing that I do not understand about your colourful
 answers
 to several mails.
 
 Not all the people who run obsd can, for various personal reasons of
 their
 own, contribute as a coder. But they still can contribute as users,
 reporting problems or making suggestions. This does not necessarily mean
 they order you what to do or not to do, don't take it personally. They
 just love to run obsd, so they try to do their best. My grandpa taught me
 that when people don't tell you things it's because they just don't care
 anymore.
 
 With their detailed answers, for instance, Stuart, Giancarlo and Ingo
 showed attention to my problem as a user, analyzing things just on a
 logical viewpoint. I perfectly accept their polite way of answering.
 
 Here nobody was making making a wishlist for obsd like I want zfs, xfs,
 ext4, pf multicore, etc.. The point is that here, often, the moment you
 got used to a tool, the day after it's gone/modified. This creates
 frustration in the average user, like me.
 
 Of course we're still a pkg_add away but, hey, isn't denying to consider
 that most people will keep using that tool a contradiction? Yes, base
 will
 be pure and safe, but at the same time it will diminish functionality,
 depending more and more from packages.
 
 This said, this is your OS, delete everything you like!
 
 Just be respectful, please.
 
 Il 05/mar/2015 21:43 Theo de Raadt dera...@cvs.openbsd.org ha
 scritto:
 
  So it looks like that, till some months ago, everybody here was on the
  wrong OS and risking their lives, as lynx was in base!
 
  Such hyperbole!  Such drama!
 
  Impressive.
 
  If you don't like our software, there are other options out there for
  you to use.  In the end, it is our software, and we get to make our own
  choices.
 
  That is fair.  People who get to make choices, tend to care, and tend to
  try to make things better for themselves and everyone, according to a
  narrow definition, but there you have it.  No hyperbole or drama needed.
 
  You can run something else, Sir.
 

How was Theo being disrespectful? I don't see it.
Compared to most of Theo's responses this was a love letter. :)

Re: CPU criteria for OpenBSD firewall

[Eric Furman]

On Wed, Feb 18, 2015, at 07:54 PM, Giancarlo Razzolini wrote:
 On 18-02-2015 20:30, ML mail wrote:
  Stupid question but if you would have to choose between two different Intel 
  CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks 
  behind and around 50-60 Mbit/s average traffic would you rather choose the 
  CPU with higher Frequency and less cores or for a CPU with lower frequency 
  but more cores?
 This question isn't stupid at all. And the answer is probably entirely
 based on your setup. I do have a similar system, but with less average
 traffic, 10MB/s, and one 6-port intel card. In my setup, having the
 lower frequency, more cores is better, because my firewall isn't used
 just for PF. If you're gonna use you OpenBSD firewall for other
 processes such as, proxy, dns server, web server, dhcp server, it won't
 hurt to have more cores.

A firewall should be a firewall. Period.
It's your first line of defense against attack.
Each and every additional thing you run on it just
makes it that much more vulnerable to attack.

Re: gzip compression in httpd

[Eric Furman]

On Sun, Feb 15, 2015, at 03:46 PM, Артур Истомин wrote:
 On Sun, Feb 15, 2015 at 07:20:53PM +, Florian Obser wrote:
  On Sun, Feb 15, 2015 at 07:11:48PM -, Merci Brault wrote:
   Does the new httpd support gzip compression?
   
  
  No.
 
 Planned?

Since the 'g' in gzip stands for 'gnu', my guess would be no.

Re: gzip compression in httpd

[Eric Furman]

On Sun, Feb 15, 2015, at 10:13 PM, Ted Unangst wrote:
 Eric Furman wrote:
  On Sun, Feb 15, 2015, at 03:46 PM, Артур Истомин wrote:
   On Sun, Feb 15, 2015 at 07:20:53PM +, Florian Obser wrote:
On Sun, Feb 15, 2015 at 07:11:48PM -, Merci Brault wrote:
 Does the new httpd support gzip compression?
 

No.
   
   Planned?
  
  Since the 'g' in gzip stands for 'gnu', my guess would be no.
  
 
 the g in gzip stands for gratis.

https://en.wikipedia.org/wiki/Gzip#Implementations

Ah yes, I stand corrected. Thanks for the info.

Re: Hannover BSD meetup

[Eric Furman]

On Fri, Jan 23, 2015, at 03:34 AM, Jan Klemkow wrote:
 On Thu, Jan 22, 2015 at 08:05:13PM +0100, Jan Lambertz wrote:
  Hey Reyk,
  
  that sounds great. Unfortunately the Way to Hannover is 600km from
  here. I hope something simliar is happening soon near Munich. I was
  not able to find any Meeting for OpenBSD here.
  
  Jan
 
 Hi Jan,
 
 I'm living in Munich and interested to meet OpenBSD folks, too.  And I
 know some other OpenBSD people around Munich.  If you organise a place
 with food and coke I will join!
 
 bye,
 Jan
 

You, of course, mean Coca-Cola right? ;)

Re: Openbsd broke my hard drive twice! Getting frustrated

[Eric Furman]

Linux supports the UEFI boot loader. OpenBSD does not.
Before installing OpenBSD you need to enter its setup and enable legacy
support.
You don't need to do that with Linux.
https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface

On Mon, Dec 29, 2014, at 09:49 AM, Gabriel Guzman wrote:
 I've been seeing a similar issue on a DELL XPS 13 Developer edition I
 got
 back in June -- ran fine with ubuntu as shipped with Dell, and then I 
 wiped and installed OpenBSD and now can't even access the BIOS.  
 
 I'm *sure* it's a BIOS issue as the BIOS is probably trying to do 
 something silly with the hardisk.  Haven't gotten around to flashing the 
 BIOS to a newer version as I'm fairly sure
 I'll need to remove the harddisk before the system will even let me
 boot (and that involves taking apart most of the laptop).  It's sad that 
 BIOSes are so buggy these days, and a bit crazy that something you do to 
 the disk would cause the BIOS to freak out.  Oh well, whenever the Dell 
 support people pick up the phone, I'll complain to them for all the good 
 it will do. 
 
 The Dell had no problem booting the install media from usb, was just
 when it came time to try and boot from HD that the BIOS freaked, and now
 won't allow me to access the BIOS settings or the choose which media to
 boot from menu.
 
 To the OP -- This is definitely not OpenBSD breaking your system, it's
 OpenBSD doing one of the things it does best... exposing bugs in *other*
 places (: and I feel your pain, it's quite frustrating when hardware
 we've paid for can't handle something that should be easy.
 
 gabe. 

Re: Openbsd broke my hard drive twice! Getting frustrated

[Eric Furman]

On Mon, Dec 22, 2014, at 10:23 PM, Henrique Lengler wrote:
 On 2014-12-23 01:18, mar...@martinbrandenburg.com wrote:
  Does the disk that you claim OpenBSD damaged still work in a different
  computer?
 
 Will be difficult to me can do this, I don't have any other desktop in 
 my house.
 I will see if I can do this later.
 
  I was being nice when I said exceedingly odd. It's more like 
  impossible.
  You come here with an impossible problem and no information. You 
  haven't
  even said what type of computer this is. I realize a dmesg is 
  impossible
  when it won't boot (though you could unplug the offending disk and get 
  a
  dmesg from the CD), but some information would be nice.
 
 Isn't the operating system responsible to recognize and use with a 
 correct
 driver my HDD?
 Linux is like this, the kernel have the SATA driver wich handle the 
 drivers.

No. This is done by the BIOS.
After the computer boots the BIOS then hands over control to the OS.
And yes, that is a gross over simplification of what actually happens.
There is no way that any OS can 'break' a hard drive.
And since your computer is fairly new it probably uses UEFI.
You might try to go into your BIOS settings and try a 'Legacy' boot
option.

Re: openhttpd

[Eric Furman]

https://en.wikipedia.org/w/index.php?search=openhttpdtitle=Special%3ASearchgo=Go

My guess is that it is a dead project.

On Sun, Dec 21, 2014, at 04:23 AM, Reyk Floeter wrote:
 On Sat, Dec 20, 2014 at 08:33:00PM -0600, Edgar Pettijohn wrote:
  Is there a mailing list for openhttpd?  Also all the links on openhttpd.net 
  are broken.
  
  thanks
  
 
 I don't know what openhttpd.net is, but it is not related to us. The
 page is not even new.
 
 Reyk

Re: OT:Password strength

[Eric Furman]

On Wed, Dec 3, 2014, at 08:27 AM, Brad Smith wrote:
 On 11/30/14 15:20, Ted Unangst wrote:
  Examples:
 
  treetykaveprethicooputhedu
  soonataviceenoopatecoge
  gootrozapiceelytrithunula
  preezypeendothanundipeesooka
 
 That defeats the purpose of the second example in the OPs question.

I think I like Schneier's scheme:
So if you want your password to be hard to guess, you should choose
something that this process will miss. My advice is to take a sentence
and turn it into a password. Something like This little piggy went to
market might become tlpWENT2m. That nine-character password won't be
in anyone's dictionary. Of course, don't use this one, because I've
written about it. Choose your own sentence -- something personal.
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html

This scheme generates long hard passwords that are fairly easy to
remember.
And if I had read this article first I never would have asked my
original question.
Thanks to all who contributed, but I think we can kill this thread now.

Re: OT:Password strength

[Eric Furman]

On Sun, Nov 30, 2014, at 05:02 PM, thornton.rich...@gmail.com wrote:
 I get why network admins and CIO types live and breath security and
 hardened passwords, but the average user has gone mad. I like leading
 alpha characters in combination with an old phone number, with a few
 non-alpha‎ characters, leading and trailing. Thus a password that I can
 remember, but not something easy to guess. Example: I worked at Empire
 Blue Cross 20 years ago. My phone was x3699.   212 476 3699. Thus say,
 =EmpBC3699 would be fairly good, and I could recall it without writing
 it down.    One could say that 3699 is too easy, perhaps, buts its a
 quick example of a easy analog way to create a password which is ok, and
 easy to remember.

But according to this article;
https://www.schneier.com/blog/archives/2007/01/choosing_secure.html

if an attacker did have some of this personal info your password
would be easy to crack.

Re: OT:Password strength

[Eric Furman]

On Sun, Nov 30, 2014, at 03:20 PM, Ted Unangst wrote:
 On Sat, Nov 29, 2014 at 22:07, Eric Furman wrote:
  OFF TOPIC. This has nothing to do with OpenBSD,
  but a lot of guys here know about this stuff.
  I've done some reading, but still not sure.
  OK, at the risk of looking stupid,which of these passwords is better;
  kMH65?3
  or
  mylittlelambjumpedovertenredbarns
 
 I think it's a mistake to reverse a password into entropy. If your
 pool of possible passwords is sentences from common nursery rhymes,
 for example, they may look awesome but in reality there are only a few
 thousand possibilities.
 
 Instead, pick a generating algorithm. It can be random letters, random
 symbols, whatever. Random words. Random fake words consisting of
 alternating consonants and vowels. You know how big the search space
 is for each atom. Divide desired password strength (e.g. 64 bits) by
 bits per atom to determine required number of atoms.
 
 For the consonant/vowel example, here's a luajit script that makes
 passwords. Even though they are all lower case, they are at least 64
 bits hard.
 
 local letters = {
 c, k, t, tr, rt, p, pr, d,
 v, n, l, nd, z, g, th, s }
 local vowels = { a, e, i, o, u, y, oo, ee }
 
 local letterbits = 4
 local vowelbits = 3
 
 local wantedbits = 64
 
 local bits = 0
 
 local ffi = require ffi
 ffi.cdef[[uint32_t arc4random_uniform(uint32_t);]]
 local function rand(max)
 return ffi.C.arc4random_uniform(max) + 1
 end 
 
 local atoms = { }
 while bits  wantedbits do
 table.insert(atoms, letters[rand(16)])
 table.insert(atoms, vowels[rand(8)])
 bits = bits + letterbits + vowelbits
 end 
 print(table.concat(atoms))
 
 Examples:
 
 treetykaveprethicooputhedu
 soonataviceenoopatecoge
 gootrozapiceelytrithunula
 preezypeendothanundipeesooka

Bruce Schneier agrees. :)
According to him modern password crackers find string of word passwords,
like in XKCD, to be easy to crack.
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html

But I can't always use a password manager and those passwords are
impossible to remember.

Re: OT:Password strength

[Eric Furman]

On Sun, Nov 30, 2014, at 12:48 AM, Nick Holland wrote:
 On 11/29/14 22:06, Eric Furman wrote:
  OFF TOPIC. This has nothing to do with OpenBSD,
  but a lot of guys here know about this stuff.
  I've done some reading, but still not sure.
  OK, at the risk of looking stupid,which of these passwords is better;
  kMH65?3
  or
  mylittlelambjumpedovertenredbarns
 
 there's an XKCD comic along these lines.  I'm too lazy to dig it up.
 
 It's complicated.
 Both have eight things.  The later is drawn from a much much larger
 set (words (thousands), vs. characters (not 100)).  So, looks like a
 simple win for the second over the first, right?
 
 Problem is the words connect to humans.  little is more likely to be
 followed by lamb than it is red (though if red follows little I
 bet the next word would be wagon).  red is more likely to be
 followed by barn than lamb.  Still, there's a huge number of choices
 for each word, so I'd say the phrases still win.
 
 (sorta related side note: At least with names, there's some curious
 clusters that are seen -- for example, a friend of mine and her two
 siblings have (basically) the same names as three of Adolph Hitler's
 siblings (one is a slight stretch, the other two are dead-on, which is
 impressive considering the very different ethnic backgrounds).  I don't
 think my friend's parents would have permitted this had they known.
 I've seen similar groupings of names in other families.  (Did I just
 win the award for most unexpected use of hitler in an internet
 discussion?))
 
 Simply saying there are X words of five letters or less and there are
 eight of them in my pw means there are X^8 PWs someone would have to try
 to get my PW is wrong by probably several orders of magnitude.  That's
 not how humans pick passwords, and if the computer does it for you, it
 might be as hard or harder than if you use random characters.
 
 Then there is the system where it is stored.  If you are working on a
 stock Solaris 9 or AIX system with the default settings, only the first
 eight chars are used, so the random string is much better than
 mylittle, and if you, like most people, reuse passwords or don't know
 that the target system only uses the first eight characters, you can end
 up using a trivial pw that you thought was really good.

Yes, part of the reason for asking this question was that I am aware
that
some authentication schemes only use the first 8 characters. 
Is there any way of knowing if they do ignore any characters after the
first eight?
Are authentication schemes that don't recognize more than eight
characters
still common?

One of my banking sites won't except certain special characters.
Like $, %, ?
Which messes up my best short passwords that I actually remember.

OT:Password strength

[Eric Furman]

OFF TOPIC. This has nothing to do with OpenBSD,
but a lot of guys here know about this stuff.
I've done some reading, but still not sure.
OK, at the risk of looking stupid,which of these passwords is better;
kMH65?3
or
mylittlelambjumpedovertenredbarns

Re: Contributing

[Eric Furman]

On Sun, Nov 16, 2014, at 12:50 AM, Ingo Schwarze wrote:
 Hi Andrew,
 
 andrew fabbro wrote on Sat, Nov 15, 2014 at 04:34:35PM -0800:
 
  What about writing tutorials/articles?
 
 That is most definitely *not* a job for beginners.
 Writing good tutorials requires much more expertise and
 experience than writing reference documentation or
 hunting for bugs.
 
  There's www.openbsdsupport.org which I believe is officially blessed
 
 Not at all.  It is completely unofficial, i didn't even know about it,
 and a brief look gives me the impression that most of the content is
 probably completely outdated.  Besides, i haven't ever heard of most
 of the authors, so i doubt the content could be trusted in the first
 place.
 
 I'd strongly advise against using that site for anything.

You could submit something to undeadly.org.
BTW, is undeadly.org an official OBSD site?

contributing

[Eric Furman]

OpenBSD's man pages are fantastic, but one area I have
noticed that could be improved is that some entries could
benefit from having more and/or better examples of use.

Re: 64-bit amd64 : actual memory limitations?

[Eric Furman]

On Sun, Oct 26, 2014, at 10:21 PM, Martin Schröder wrote:
 2014-10-27 1:56 GMT+01:00 Mayuresh Kathe mayur...@devio.us:
  if the intended application actually requires larger memory to be
  accessible, would it be better to go for a non-x86-64 64-bit hardware?
 
 256TB (2^48) should be good enough till 2020.
 

And all the Browser coders are rubbing their hands with glee
over all the ways they can waste that memory. ;)

Re: ksh, csh same vulnerability as bash

[Eric Furman]

On Wed, Oct 8, 2014, at 01:05 AM, Jason Adams wrote:
 On 09/29/2014 05:00 AM, Peter Hessler wrote:
  You tested bash.  All 3 shells are behaving correctly by passing the env
  variable to the bash command you are running.  the bash command you are
  running is behaving incorrectly by parsing the variable as a function.
 
 So the question is, for those of us that have added the bash package,
 why is bash still vulnerable after all these weeks, when everyone else
 has fixed
 their bash packages?
 
 Just checked for updated pkg, today, and its still vulnerable.
 

This is not really a general OBSD question because it's not part of
base.
Ask the maintainer of the bash package why it hasn't been updated.
Maybe the ports list?
Or you could do it yourself.

Re: Ordering OpenBSD 5.6 in the US?

[Eric Furman]

https://https.openbsd.org/cgi-bin/order

from this page;
http://www.openbsd.org/orders.html#ca/cshop

On Mon, Sep 29, 2014, at 10:21 PM, Andrew Lester wrote:
 Hey all,
 
 I notice the Softpro books seller, the only one for the US, indicates
 that they will no longer sell
 OpenBSD as distribution is moving to Europe. That being the case, what
 would the best place
 to order the disc set for OpenBSD 5.6 in the US be? Any word on when a
 preorder will be
 available?
 
 Warm regards,
 Andrew

Re: How to follow -stable and verify it with signify?

[Eric Furman]

On Tue, Sep 30, 2014, at 09:02 PM, Giancarlo Razzolini wrote:
 On 30-09-2014 20:24, Stuart Henderson wrote:
  There is no expiry time on a signify signature. If an anoncvs server
  were to be compromised such that you could no longer trust its key,
  there is no way we could revoke that signed web page. If an attacker
  was able to cause you to keep seeing an old version of the page, you'd
  have no way to know that this server's key was no longer to be trusted.
 Yes. I went on reading the signify man page, again, and found that to be
 the issue.
 
  This is actually something that dnssec can handle to some extent (you
  can set expiry times when signing a zone). But even then, signing a page
  with the host fingerprints...well, all it lets you do is verify that the
  server you're connecting to has a matching ssh host key and maybe that
  nobody has noticed and reported any problems with the code it's handing
  out within a certain window. It gives no guarantees that the program
  code handed out by that server is correct. In fact, verifying the host
  like this could be seen as giving a bit of a false sense of security.
 
 I didn't mentioned this attack, it's a form of trusting trust attack.
 But, I believe it would be better to have this than not to. OpenBSD do
 not have any secure way to get things. It's all up to the user. Not
 every user of OpenBSD can afford or even know how, to do what is
 necessary to at least have some confidence that you got things right.
 signify is a huge deal, but the project's infrastructure could be more
 secure in this sense. SSL? DNSSEC? signify signing of the site? I
 don't know what the project is willing to do, but I'm sure that
 something could be done.

If you don't realize the the OpenBSD team hasn't thought about, talked
about and argued about these issues to an extremely large extent
then you are very new here. You won't see it on these lists, but if
users are making suggestions you can be rest assured it has already
been extensively discussed privately with the team.
They are way ahead of us.

Re: rc.local mystery executables

[Eric Furman]

grc.*** (because I don't want any more googgle weight given to
this website) and the person who runs it, whose name shall
not be mentioned other than his initials are SG, is a complete
fraud.


On Fri, Aug 29, 2014, at 08:37 PM, Scott Bonds wrote:
 On Tue, Aug 19, 2014 at 03:24:08AM -0400, Todd Zimmermann wrote:
 
  Just off the top my head a few links:
  www.team-cymru.org
  https://www.dshield.org
  http://emergingthreats.net/
  https://www.grc.***/dns/dns.htm
 
  I stumbled upon malheur awhile back. No idea what to do with it, but
  it compiles easy on obsd. Since you found the malware files it might
  help.
  
  http://www.mlsec.org/malheur/
 
 Thanks, I'll check these out.

Re: Donations to OpenBSD

[Eric Furman]

On Fri, Aug 15, 2014, at 02:02 AM, Bernte wrote:
 On 14/08/14 16:14, Nicolai wrote:
  On Thu, Aug 14, 2014 at 07:16:41AM +0100, Bernte wrote:
  Could you please just clarify: I have money and I want that to go to the
  OpenBSD project. I would like as much as possible to make it there (from
  the UK in my case), I would like to give the OpenBSD people the highest
  degree of freedom of what to do with it, and don't need any physical
  gadgets to go with it. What is the optimal way to achieve this?
  
  The OpenBSD Foundation.
  
  http://www.openbsdfoundation.org/donations.html
  
  Theo has mentioned it several times this year as being the preferred
  route.  It's as simple as possible.
  
  Nicolai
 
 Thanks Nicolai for the answer. A few things have been clarified
 off-list. I now understand the implications of the different routes to
 OpenBSD.
 
 Bernd
 

The best way to help OpenBSD is to help Theo de Raadt.
The best way to do that is to buy CD's.
Buy a CD and request no CD delivery.
Buy many CD's with this intent.
Buy a CD and have it shipped to Theo.
(not ideal but an option)
Theo does not like to admit it, understandably, but the main
funding of Theo de Raadt's expenses is paid for by CD sales.
If you want OpenBSD to continue to exist *BUY* *CD's*.
If you want the most secure binaries and to help the
OpenBSD project BUY CD's!

SWIFT and the Foundation fund things like Hackathons.
(I welcome corrections if I am am wrong)
Those things are great.
CD sales support Theo de Raadt directly.
ELECTRICITY
Property taxes
Mortgage
Food
Beer
All sorts of other ESSENTIAL expenses.
We do not want Theo to have to get a commercial job.
That would prevent him from being able to direct the
OpenBSD project.
If that happened then OpenBSD would cease to exist.
BUY CD's

It's really not that complicated.

P.S. Theo de Raadt is an asshole. :)
P.P.S. but if you care about OpenBSD that shit is irrelevant. ;)

Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request

[Eric Furman]

On Wed, Aug 13, 2014, at 04:47 AM, Kevin Chadwick wrote:
 It has occurred to me that you have been very good in terms of not
 tying the keys in any way to the buying of cds for each
 release/snapshot. I donate what I can rather than buy cd's as it is more
 efficient but I guess the money goes to a different place. I do hope
 there hasn't been a drop/sharp drop in cd sales? I guess any switch
 to donations may be masked by other fundraising?

The most absolutely best way any one can contribute to OBSD
is to BUY CD'S. Buy some cd's and then buy some more.
Buy them for the stickers. Buy them because they fund OBSD.
Without cd sales OBSD would cease to exist.
It is as simple as that. So, BUY CD'S!
That is worth repeating;
Without CD sales OpenBSD will cease to exist. PERIOD.
Contrary to what a lot of you assholes think
NOTHING IS FOR FREE.
ELECTRICITY COSTS MONEY.
FOOD COSTS MONEY
BEER COSTS MONEY.
BUY CD'S
thank you for your attention.

Re: [Bulk] Re: a half-baked analysis of the verification chicken-and-egg problem, and request

[Eric Furman]

On Wed, Aug 13, 2014, at 05:36 PM, Worik Stanton wrote:
 On 13/08/14 22:13, Eric Furman wrote:
 [snip]
  The most absolutely best way any one can contribute to OBSD
  is to BUY CD'S. Buy some cd's and then buy some more.
  Buy them for the stickers. Buy them because they fund OBSD.
  Without cd sales OBSD would cease to exist.
  It is as simple as that. So, BUY CD'S!
  That is worth repeating;
  Without CD sales OpenBSD will cease to exist. PERIOD.
  Contrary to what a lot of you assholes think
 
 I would rather have a 5.5 T'shirt.
 
 I am new and when I am ready I will be back here asking questions but
 for now, I do not want a CD (totally useless to me) but a T'shirt would
 be cool.  It would cover my nakedness.
 
 Looking on http://www.openbsd.org/tshirts.html I can see no 5.5 T'shirt.
 
 Actually given that today I am at home because of snow on the  Lieth
 Saddle a 5.5 merino hoodie would be best. It would cover my nakedness
 and keep me warm(er)

Fine, buy a T-shirt, but realize that only a small fraction of the cost
actually goes to OpenBSD. When you buy a CD the vast majority
of the cost goes to OpenBSD. Who cares whether you need the
CD or not. Buy if for the cool stickers. Throw the CD in the trash
for all I and the OpenBSD developers care.

Re: Good thing

[Eric Furman]

On Mon, Aug 11, 2014, at 11:53 AM, Alexandre Ratchov wrote:
 On Mon, Aug 11, 2014 at 05:05:17PM +0200, Gustav Fransson Nyvell wrote:
  On 08/11/14 11:49, Alexandre Ratchov wrote:
  On Mon, Aug 11, 2014 at 09:02:29AM +0200, Gustav Fransson Nyvell wrote:
  Good thing OpenBSD didn't go down the multiple versions path.
  
  $ au
  aucat   autoheader-2.59 automake-1.11 autoscan-2.63
  audioctlautoheader-2.61 automake-1.14 autoscan-2.65
  [...]
  
  since you seem to dislike this, awaiting your diff to fix it. Talk
  is cheap and wastes other people's time.
  There's no guarantee a patch would be accepted.
 
 Just fix the problem you're complaining about, for you. Nobody
 forces you to share your solution; in case you share it, nobody
 will prevent you from using it, right?
 
 Still I don't see your patch to fix the problem you're complaining
 about. Complaining wont fix this problem.
 

This problem was created by the original posters ignorance.
There is in fact no actual problem.

Re: Does the OpenBSD support well AMD's APU hardware?

[Eric Furman]

He's saying he's dumb and has a weak grasp of technology.
As in, I'm just a dumb country boy.
It was in response to Theo's remark that it was unlikely
that any future developers would come from Alabama.
He's being funny.

On Sat, Jul 5, 2014, at 11:30 PM, Артур Истомин wrote:
 On Sat, Jul 05, 2014 at 07:54:33PM -0400, Daniel Villarreal wrote:
  It means he's a Southerner by the grace of God.
 
 I still do not understand the joke. Can you specify. I really wonder.

Re: crowding out bsd using systemd?

[Eric Furman]

My real helpful comments are that it violates every real concept of UNIX
Do ONE thing and do it WELL
Systemd does none of these things.

On Sun, Jun 29, 2014, at 04:51 AM, Antoine Jacoutot wrote:
  https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git;a=blob;f=scripts/gen-gdbus-interfaces.sh;h=f827434d0211ea8765c075fdb2916386ffc16ecb;hb=HEAD
  
  btw. it's bashism in a posix shell suit?
 
 If that is all you were able to spot then move along :-)
 It's very pre-alpha WIP and many things will be modified. If you have
 real helpful comments to make, feel free to contact Ian, landry@ and
 myself.
 
 -- 
 Antoine