mount_ntfs(8) -u/-g problem?
Hi, I'm running: OpenBSD victim.blackhelicopters.org 7.2 GENERIC.MP#640 amd64 According to mount_ntfs(8), -u and -g let you set UID and GID of mounted filesystems. Took an NTFS USB drive, plugged it in, mounted it, and checked ownership. # mount_ntfs -u mwlucas -g mwlucas /dev/sd4i /mnt/ # ls -lai /mnt/ total 107 4 -rwxr-xr-x 1 root wheel 2560 Dec 31 1600 $AttrDef 8 -rwxr-xr-x 1 root wheel 0 Dec 31 1600 $BadClus 6 -rwxr-xr-x 1 root wheel 32768 Dec 31 1600 $Bitmap 7 -rwxr-xr-x 1 root wheel 0 Dec 31 1600 $Boot 11 drwxr-xr-x 1 root wheel 0 Aug 17 15:05 $Extend 2 -rwxr-xr-x 1 root wheel 0 Dec 31 1600 $LogFile 1 -rwxr-xr-x 1 root wheel 0 Dec 31 1600 $MFTMirr 9 -rwxr-xr-x 1 root wheel 0 Aug 17 15:05 $Secure 10 -rwxr-xr-x 1 root wheel 131072 Dec 31 1600 $UpCase 3 -rwxr-xr-x 1 root wheel 0 Dec 31 1600 $Volume 5 drwxr-xr-x 1 root wheel 0 Dec 31 1600 . 2 drwxr-xr-x 15 root wheel512 Aug 16 13:02 .. 36 drwxr-xr-x 1 root wheel 0 Aug 17 15:05 System Volume Information 38 -rwxr-xr-x 1 root wheel 111496224 Aug 17 13:35 VirtualBox-6.1.36-152435-Win.exe If I create /tmp/mnt owned by mwlucas:mwlucas and mount there, ownership of the mount point is changed to root:wheel and the files are owned by root. # chown mwlucas:mwlucas /tmp/mnt ls -lai /tmp/ total 1 2 drwxrwxrwt 9 root wheel 512 Aug 17 15:42 . 2 drwxr-xr-x 15 root wheel 512 Aug 16 13:02 .. 25920 drwxrwxrwt 2 root wheel 512 Aug 16 13:02 .ICE-unix 388800 drwxrwxrwt 2 root wheel 512 Aug 16 13:02 .X11-unix 77760 drwxr-xr-x 2 mwlucas mwlucas 512 Aug 17 15:42 mnt 259200 drwxr-xr-x 2 root wheel 512 Aug 16 13:02 sndio ... # mount_ntfs -u mwlucas -g mwlucas /dev/sd4i /tmp/mnt/ # ls -lai /tmp/mnt/ total 107 4 -rwxr-xr-x 1 root wheel 2560 Dec 31 1600 $AttrDef 8 -rwxr-xr-x 1 root wheel 0 Dec 31 1600 $BadClus 6 -rwxr-xr-x 1 root wheel 32768 Dec 31 1600 $Bitmap 7 -rwxr-xr-x 1 root wheel 0 Dec 31 1600 $Boot 11 drwxr-xr-x 1 root wheel 0 Aug 17 15:05 $Extend ... Am I doing something wrong here, or did I find a bug? FWIW, mount_msdos -u and -g assigns ownership. Thanks, ==ml -- Michael W. Lucashttps://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Absolute FreeBSD, Immortal Clay, Prohibition Orcs, etc, etc, etc... ### New books: TLS Mastery, the Networknomicon, $ git sync murder ###
openssl/libressl s_client -crlf difference
Hi, Should LibreSSL and OpenSSL be strictly command line compatible? The reason I ask is: using OpenSSL, I can use openssl s_client to connect to a site like so: $ openssl s_client -crlf www:443 LibreSSL requires I add the -connect $ openssl s_client -crlf -connect www:443 Thanks, ==ml -- Michael W. Lucashttps://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc... ### New books: SNMP Mastery, the Networknomicon, Drinking Heavy Water ###
Re: relayd redirect not working
Thanks. Look at the PF rules in the relayd table. See what's redirecting from where to what. If that all looks ok, there's always tcpdump... On Wed, Mar 15, 2017 at 11:42:32PM -0700, Dave Cohen wrote: > Michael, > > Appreciate you chiming in. I'm a fan of Absolute OpenBSD! > > I'm having trouble reproducing the settings that I originally wrote about. > I've tried to restore /etc/relayd.conf and /etc/pf.conf to what they were > when I wrote the email. But right now, neither port 80 nor 443 are > redirecting to the other ports. Earlier, port 80 was working while 443 was > not. I'm at a loss as to why the behavior is not the same as before. > > Despite that trouble, I tried the commands you suggested. `relayd -dvvv` > shows > > $ doas relayd -dvvv > startup > socket_rlimit: max open files 1024 > init_filter: filter init done > init_tables: created 2 tables > socket_rlimit: max open files 1024 > socket_rlimit: max open files 1024 > socket_rlimit: max open files 1024 > hce_notify_done: 127.0.0.1 (icmp ok) > host 127.0.0.1, check icmp (32ms,icmp ok), state unknown -> up, availability > 100.00% > pfe_dispatch_hce: state 1 for host 1 127.0.0.1 > hce_notify_done: 127.0.0.1 (icmp ok) > host 127.0.0.1, check icmp (33ms,icmp ok), state unknown -> up, availability > 100.00% > pfe_dispatch_hce: state 1 for host 2 127.0.0.1 > table https: 1 added, 0 deleted, 0 changed, 0 killed > pfe_sync: enabling ruleset > sync_ruleset: rule added to anchor "relayd/https" > hce_notify_done: 127.0.0.1 (icmp ok) > hce_notify_done: 127.0.0.1 (icmp ok) > table http: 1 added, 0 deleted, 0 changed, 0 killed > pfe_sync: enabling ruleset > sync_ruleset: rule added to anchor "relayd/http" > hce_notify_done: 127.0.0.1 (icmp ok) > hce_notify_done: 127.0.0.1 (icmp ok) > hce_notify_done: 127.0.0.1 (icmp ok) > ...etc... > > and `relayctl sho sum` > > $ relayctl sho sum > Id TypeNameAvlblty Status > 1 redirecthttps active > 1 table httpshosts:8443 active (1 > hosts) > 1 host127.0.0.1 100.00% up > 2 redirecthttp active > 2 table httpshosts:8080 active (1 > hosts) > > > -Dave > > On Sun, Mar 12, 2017, at 03:16 PM, Michael W. Lucas wrote: > > On Sun, Mar 12, 2017 at 09:26:53AM +0100, Salvatore Cuzzilla wrote: > > > Ciao Dave, > > > > > > I'm also playing with relayd as a L7 gateway and as far as I can see from > > > your > > > config there is no CA and key configured. In order for HTTPS to work > > > relayd > > > needs to be able to do TLS inspection and of course you should redirect > > > all > > > your https traffic to port 8443 (using PF for example). If you check the > > > pf.conf man page under both the sections RELAYS and Examples you should be > > > able to find a lot of good hints. > > > > He's using a redirect, not a relay, so it should work just fine. No L7 > > stuff here, only low-level IP. > > > > Dave, looks OK to me. What does relayd -dvvv say? And relayctl sho sum ? > > > > -- > > Michael W. LucasTwitter @mwlauthor > > nonfiction: https://www.michaelwlucas.com/ > > fiction: https://www.michaelwarrenlucas.com/ > > blog: http://blather.michaelwlucas.com/ -- Michael W. LucasTwitter @mwlauthor nonfiction: https://www.michaelwlucas.com/ fiction: https://www.michaelwarrenlucas.com/ blog: http://blather.michaelwlucas.com/
Re: relayd redirect not working
On Sun, Mar 12, 2017 at 09:26:53AM +0100, Salvatore Cuzzilla wrote: > Ciao Dave, > > I'm also playing with relayd as a L7 gateway and as far as I can see from your > config there is no CA and key configured. In order for HTTPS to work relayd > needs to be able to do TLS inspection and of course you should redirect all > your https traffic to port 8443 (using PF for example). If you check the > pf.conf man page under both the sections RELAYS and Examples you should be > able to find a lot of good hints. He's using a redirect, not a relay, so it should work just fine. No L7 stuff here, only low-level IP. Dave, looks OK to me. What does relayd -dvvv say? And relayctl sho sum ? -- Michael W. LucasTwitter @mwlauthor nonfiction: https://www.michaelwlucas.com/ fiction: https://www.michaelwarrenlucas.com/ blog: http://blather.michaelwlucas.com/
collecting relayd check scripts?
Hi, I'm collecting relayd check scripts for the httpd/relayd book. If you have a check script that you don't mind sharing, please send it to me. Regards, ==ml -- Michael W. LucasTwitter @mwlauthor nonfiction: https://www.michaelwlucas.com/ fiction: https://www.michaelwarrenlucas.com/ blog: http://blather.michaelwlucas.com/
relayd send/expect syntax
Hi, Running the most recent amd64 snapshot on ESXi. OpenBSD r1.mwlucas.org 6.0 GENERIC#162 amd64 I'm trying to use relayd's check send/expect support to verify a daemon's banner comes up. After problems I've stripped this down to the simplest possible config, a single known good mail server. The server keeps showing up as down, with a TCP timeout. Packet sniffer shows that the connection opens and that the SMTP banner is returned in less than a second. Am I doing something obviously stupid here? Here's the config and the debugging output. relayd.conf: --- ext_ip="203.0.113.213" log updates timeout 9000 table { 104.236.197.233 } redirect smtp { listen on $ext_ip port 587 interface em0 forward to check send nothing expect "200 *" } -- Why have the "timeout 9000"? Well, because of the error I get: relayd -d pfe: filter init done startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relayd_tls_ticket_rekey: rekeying tickets init_tables: created 1 tables hce_notify_done: 104.236.197.233 (tcp read timeout) host 104.236.197.233, check send expect (9020ms,tcp read timeout), state unknown -> down, availability 0.00% pfe_dispatch_hce: state -1 for host 1 104.236.197.233 ^Chce exiting, pid 12145 kill_tables: deleted 1 tables flush_rulesets: flushed rules pfe exiting, pid 67580 relay exiting, pid 72564 ca exiting, pid 19097 relay exiting, pid 72558 relay exiting, pid 72790 ca exiting, pid 1431 ca exiting, pid 889 parent terminating, pid 81783 Any suggestions, folks? Thanks, ==ml -- Michael W. LucasTwitter @mwlauthor nonfiction: https://www.michaelwlucas.com/ fiction: https://www.michaelwarrenlucas.com/ blog: http://blather.michaelwlucas.com/
Re: bgplg httpd "ping: socket: Permission denied"
On Tue, Dec 13, 2016 at 02:21:51AM +0100, Jeremie Courreges-Anglas wrote: > "Michael W. Lucas" <mwlu...@michaelwlucas.com> writes: > > > Hi, > > Hi, > > > Running the 12/12 snapshot, amd64. > > > > I'm setting up the looking glass CGI included with httpd. Requests for > > ping and traceroute fail. > > > > Per bgplg(8), I've set mode 4555 on the static binaries: > > > > ls -lai /var/www/bin/ > > total 1844 > > 77958 drwxr-xr-x 2 root daemon 512 Dec 11 17:47 . > > 77956 drwxr-xr-x 15 root daemon 512 Dec 12 15:35 .. > > 77959 -r-xr-xr-x 1 root bin 256240 Dec 8 12:09 bgpctl > > 77978 -rwxr-xr-x 1 root bin 273200 Dec 8 15:36 femail > > 77960 -r-sr-xr-x 2 root bin 318320 Dec 8 12:09 ping > > 77960 -r-sr-xr-x 2 root bin 318320 Dec 8 12:09 ping6 > > 77961 -r-sr-xr-x 2 root bin 281168 Dec 8 12:09 traceroute > > 77961 -r-sr-xr-x 2 root bin 281168 Dec 8 12:09 traceroute6 > > > > Ping and traceroute run fine as root. As an unprivileged user, though, > > I get: > > > > ./ping 8.8.8.8 > > ping: socket: Permission denied > > > > $ ./traceroute 8.8.8.8 > > traceroute: unable to revoke privs: Operation not permitted > > > > Any suggestions? Or have I found a bug? > > Is the partition that holds /var/www/bin mounted "nosuid"? (Replying mostly for the archives.) Yes, /var is mounted nosuid. bgplg(8) has lovely detailed instructions on how to set it up, including setting the suid bit, but don't mention that detail. Thank you. ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
bgplg httpd "ping: socket: Permission denied"
Hi, Running the 12/12 snapshot, amd64. I'm setting up the looking glass CGI included with httpd. Requests for ping and traceroute fail. Per bgplg(8), I've set mode 4555 on the static binaries: ls -lai /var/www/bin/ total 1844 77958 drwxr-xr-x 2 root daemon 512 Dec 11 17:47 . 77956 drwxr-xr-x 15 root daemon 512 Dec 12 15:35 .. 77959 -r-xr-xr-x 1 root bin 256240 Dec 8 12:09 bgpctl 77978 -rwxr-xr-x 1 root bin 273200 Dec 8 15:36 femail 77960 -r-sr-xr-x 2 root bin 318320 Dec 8 12:09 ping 77960 -r-sr-xr-x 2 root bin 318320 Dec 8 12:09 ping6 77961 -r-sr-xr-x 2 root bin 281168 Dec 8 12:09 traceroute 77961 -r-sr-xr-x 2 root bin 281168 Dec 8 12:09 traceroute6 Ping and traceroute run fine as root. As an unprivileged user, though, I get: ./ping 8.8.8.8 ping: socket: Permission denied $ ./traceroute 8.8.8.8 traceroute: unable to revoke privs: Operation not permitted Any suggestions? Or have I found a bug? ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
httpd: server match strangeness
Hi, I'm running the 2016-11-11 amd64 snapshot on a VMWare test host, working with patterns in httpd's server statements. Here's my /etc/httpd.conf: -- public_ip="*" public_ip6="::" server "default" { root "/default" listen on $public_ip port 80 listen on $public_ip6 port 80 } server match "^[w]+%.mwlucas%.org$" { listen on $public_ip port www listen on $public_ip6 port 80 root "/www1" directory auto index } -- My understanding of what this should do is: Requests that match one or more 'w's.mwlucas.org (i.e., www.mwlucas.org, w.mwlucas.org, ww.mwlucas.org, etc) should hit the server with the match statement. Other requests to the server, such as by raw IP, a plain "mwlucas.org," or any other hostname pointed at that IP address, should get the default entry. Each site only contains a single document, giving the site name in large letters. Instead, it seems that every request hits the match statement. Running the server in debug mode: # httpd -dvvv startup server_privinit: adding server default socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 server_privinit: adding server default server_privinit: adding server ^[w]+%.mwlucas%.org$ server_privinit: adding server ^[w]+%.mwlucas%.org$ server_launch: configuring server default server_launch: running server default server_launch: configuring server default server_launch: running server default server_launch: configuring server default server_launch: running server default server_launch: configuring server default server_launch: running server default server_launch: configuring server default server_launch: running server default server_launch: configuring server default server_launch: running server default Lynx on another workstation. Requesting www.mwlucas.org works as expected: ^[w]+%.mwlucas%.org$ 203.0.113.208 - - [11/Nov/2016:16:35:00 -0500] "GET / HTTP/1.0" 200 51 server default, client 1 (1 active), 203.0.113.208:15679 -> 192.0.2.101, done Let's try plain mwlucas.org. That doesn't have any leading w or the explicit period, I'd expect it to hit the default server. ^[w]+%.mwlucas%.org$ 203.0.113.208 - - [11/Nov/2016:16:37:34 -0500] "GET / HTTP/1.0" 200 51 server default, client 1 (1 active), 203.0.113.208:62794 -> 192.0.2.101, done Something without any host name in it: browse by IP: ^[w]+%.mwlucas%.org$ 203.0.113.208 - - [11/Nov/2016:16:38:13 -0500] "GET / HTTP/1.0" 200 51 server default, client 1 (1 active), 203.0.113.208:61442 -> 192.0.2.101, done It seems that no matter how I get to this host, I get the server with the match statement. I've tried variants on the pattern. It seems that a simpler pattern should work, like: server match "w+.mwlucas.org" { but it seems all requests still go to the match statement server. If I remove the match statement from httpd.conf and rely on something like server www.mwlucas.org { requests go to either the default server or, if I specifically request that hostname, the named server. Any suggestions? What am I missing to use patterns in a server entry? Thanks, ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
using httpd's pattern support?
Hi, I'm writing a book on OpenBSD's web stack. If you're using httpd's Lua pattern support ('location match' or 'server match'), I'd be interested in hearing what you're using it for. I'm collecting use cases. If you can share snippets of httpd.conf, that would be VERY helpful. Please reply off-list. I've set the reply-to, but no idea if that will survive the mailing list. Thanks, ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Detroit-area BSD user group
Hi, Nick Holland and I live about three miles apart, so this was pretty inevitable. Working on starting a Detroit-area BSD user group. If you're interested, join the mailing list and help us figure out where & when to meet. www.semibug.org. Followups to... uh... not this list. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Re: The 2014 Book of PF Auction Concluded
On Wed, Nov 05, 2014 at 12:33:20AM +0100, Peter N. M. Hansteen wrote: You heard it here first (unless you refreshed ebay item http://www.ebay.com/itm/321563281902 more often than I did) - The auction for the first signed copy of The Book of PF, 3rd Edition concluded, with a successful bid of USD 3,050.00. The formalities are in motion, and I hope both the physical package and the money will be on their way to their intended destinations very soon. If the successful bidder allows me to announce their name, I will do so in a followup announcement. In the meantime, I *strongly* urge all those who bid on this item to make a direct donation to the OpenBSD foundation instead, equal to their highest bid. Thank you all for your kind support, it has been good fun. All the best, Peter Sincere congratulations. Well done! ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Re: The Book of PF, 3rd ed: You own the first author signed copy and support OpenBSD!
On Sat, Nov 01, 2014 at 09:23:35PM +0100, Peter N. M. Hansteen wrote: pe...@bsdly.net (Peter N. M. Hansteen) writes: The amount is certainly in the comfortable zone for me, and with three days to go it's entirely possible that this auction will indeed bring in more money than Michael Lucas' Absolute OpenBSD, 2nd edition auction[2]. Bah! Not a chance. If by some bizarre failure of natural law that should happen, I'll be compelled to write an OpenBSD book next year to auction off. Just so MY next auction can CRUSH HANSTEEN'S ABSURD FLUKE OF LUCK AND RESTORE THE NATURAL ORDER. I mean, the footnotes in BoPF3 all contain actual *facts* -- how lame is that? One other point worth considering is that with both Michael Lucas and me setting up these auctions, we have essentially created a new rule: If you write an OpenBSD book, you are morally obliged to auction off the first signed copy for the benefit of the project. That should not be seen as a barrier to entry, rather the opposite. Only if you want to be one of the cool kids. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Re: The Book of PF, 3rd ed: You own the first author signed copy and support OpenBSD!
On Mon, Oct 27, 2014 at 09:04:48PM +0100, Peter N. M. Hansteen wrote: Michael W. Lucas mwlu...@michaelwlucas.com writes: BAH! You think you can steal my idea for supporting OpenBSD? I don't think it's that easy. MY auction raised $1145. There is no way that BoPF3 can POSSIBLY raise more than that! Consider the gauntlet thrown. :D After two days, the highest bit lists as US $493.88, which means a) that bid was likely entered in a non-USD currency (or somebody has an odd sense of humor, I'm fine with both) b) we're on a pretty good trajectory for beating Mr. Lucas on the fundraising front Humpf. It is just BARELY possible that Mr. Hansteen's work will raise more money than mine. If so, it will clearly be the result of nepotism, collusion, and intrigue. If this happens, I'll have to write another OpenBSD book. One that will raise EVEN MORE MONEY than this petty little BoPF3 auction. ==ml One again, the auction is at http://www.ebay.com/itm/The-Book-of-PF-3rd-ed-signed-by-the-author-First-Copy-signed-/321563281902? The blog post with the nice pictures is at http://bsdly.blogspot.no/2014/10/the-book-of-pf-3rd-edition-is-here.html And if your bid turns out not to be the successful one, please make the amount of your highest bid a direct donation to OpenBSD instead. Even if you wouldn't consider bidding, go on, head over to http://www.openbsd.org/orders.html or http://www.openbsd.org/donations.html and spend some money! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Re: The Book of PF, 3rd ed: You own the first author signed copy and support OpenBSD!
On Sun, Oct 26, 2014 at 12:59:03AM +0200, Peter N. M. Hansteen wrote: Ebay situation resolved, the link to the auction is http://www.ebay.com/itm/The-Book-of-PF-3rd-ed-signed-by-the-author-First-Copy-signed-/321563281902? Peter, BAH! You think you can steal my idea for supporting OpenBSD? I don't think it's that easy. MY auction raised $1145. There is no way that BoPF3 can POSSIBLY raise more than that! Consider the gauntlet thrown. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
debugging vio issue?
Hi, I have a 5.5/amd64 KVM VM running Ansible. Most of the time, it works great. It's running the amd64 snapshot dated 27 May, from ftp3.usa.openbsd.org. When I attempt to use the squid proxy to download large files from the Internet, however, I occasionally get stalls. This is most easily reproduced when doing an upgrade. During my last couple of upgrades, I've repeatedly done ^Z and ifconfig vio0 down ifconfig vio0 up fg to make the download resume mid-set. Very occasionally, it happens during normal use. tcpdump on the proxy shows the proxy sending packets, but the OpenBSD box not responding. My other terminal sessions hang, and I can no longer SSH to the OpenBSD box. This doesn't happen on any of my other systems, so I'm inclined to think it's vio(4) related. Any suggestions on how to debug this? Thanks, ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Re: debugging vio issue?
On Wed, May 28, 2014 at 11:37:54AM -0700, Philip Guenther wrote: On Wed, May 28, 2014 at 11:26 AM, Adam Thompson [1]athom...@athompso.net wrote: Don't have a good answer for you, but I have similar problems with vio(4). Switching to e1000 on the KVM side solved my random hangs completely. The vio(4) manpage mentions ? ? ? Setting flags to 0x02 disables the RingEventIndex feature. ? This can be ? ? ? tried as a workaround for possible bugs in host implementations or vio at ? ? ? the cost of slightly reduced performance. Have any of you tested that to see whether it improves the situation? I'll try that. The man page isn't exactly clear on when to use the flags, but I suppose you don't want to say If the driver hangs, try this in the man page. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Re: OpenBSD maintenance compared to FreeBSD
On Tue, Oct 29, 2013 at 09:44:46PM -0500, David Noel wrote: I started playing around with FreeBSD back in the 2.2.7 days. I'd describe myself as a casual desktop/workstation user. Back in the day I was attracted to OpenBSD's heavy focus on security but was pulled towards FreeBSD due to a good friend of mine being a FreeBSD contributor (dude, trust me, it's the way to go). Recently I've purchased a handful of servers for a software project I've been working on and have started reconsidering my choice of OS's. Administering a single FreeBSD workstation isn't too much of a headache; I've kind of gotten used to having to rebuild kernel and world every few months as security advisories are released. But now that I'm administering 6 of them I'm really starting to get annoyed by the whole process: rebuild kernel... rebuild world... reboot, and then pray that it doesn't blow up in my face (as it often does). That got me thinking about OpenBSD. Looking at the security advisories the last one I see was from nearly a year and a half ago! That's pretty incredible to me. Does this mean that I could theoretically have gotten away with a year and a half uptime? What's the catch here? I'm sorry but I'm incredulous by how good it sounds so I have to ask. For me the biggest selling points of an operating system are security and maintenance. I've been wowed by ZFS, but really how often do filesystems need to be fsck'd? --and I never take snapshots. I feel like I could do without it. UFS+J is good enough. Given my priorities, does it sound like OpenBSD could be the one for me? Hi, OpenBSD and FreeBSD each have their own annoyances. The trick is to match the annoyances to business roles. What's acceptable in one role is unacceptable in another. I use both. Each of them annoys me in their own... special way. The only way to learn where each goes is to play with them. And any time you administer a bunch of machines, it's best to have some kind of infrastructure to manage them en masse. Ansible, Puppet, rdist, something. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: sudo configuration !ttytickets?
On Wed, Sep 11, 2013 at 10:50:19PM -0600, Andy Bradford wrote: Thus said Michael W. Lucas on Wed, 11 Sep 2013 20:59:08 -0400: This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. Is sudo enabled for any non-root users by default? Sudo isn't enabled for non-root users by default. It just seems a really strange default choice, one that nobody else shares. But I wouldn't be shocked if there's a really good reason for the !ttytickets default. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
sudo configuration !ttytickets?
Hi, I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions on all my other ttyp* have authenticated to sudo. This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. It seems insecure. Can anyone enlighten me as to the thinking here? Thanks, ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: Two questions.
On Fri, Aug 09, 2013 at 06:45:10PM -0600, Theo de Raadt wrote: On 08/09/2013 12:00 AM, voic...@openmailbox.org wrote: ... The first one. We all know that the operating system OpenBSD largely depends on lead, so what will happen when time will come for Theo? We all know that so far people do not live thousands of years... I think that not only me would be interesting to know the future of this great project in case something happens. Please do not misunderstand me here, I do not wish anything bad for Theo, I just need to be sure that there are others who could keep project going. same thing that happens for any open source volunteer project, or any sole proprietorship...or any corporation. Someone(s) may step up, they may not. They may succeed in keeping the team together, they may not. The project may improve, it may lessen. What a bunch of worrying balony. I have asexually reproduced a few times, and put the other copies of myself in stasis. In the event that I fall off a mountain or get attacked by group of dogs in central Turkey, a copy is automatically brought out of statis to continue to effort. The process is so transparent, that you won't even know if it has happened before... Excellent detail on the process. I'll get an errata out for Absolute OpenBSD. But I do wish you'd mentioned this before we went to print. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: X or cwm got slower
1 int 19 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xf3 pci7 at ppb6 bus 21 cbb0 at pci7 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: apic 1 int 16 Ricoh 5C832 Firewire rev 0x04 at pci7 dev 0 function 1 not configured sdhc0 at pci7 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x21: apic 1 int 18 sdmmc0 at sdhc0 Ricoh 5C843 MMC rev 0x11 at pci7 dev 0 function 3 not configured Ricoh 5C592 Memory Stick rev 0x11 at pci7 dev 0 function 4 not configured Ricoh 5C852 xD rev 0x11 at pci7 dev 0 function 5 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801HBM LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801HBM IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVDRAM GMA-4082N, PX07 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ahci0 at pci0 dev 31 function 2 Intel 82801HBM AHCI rev 0x03: msi, AHCI 1.1 scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: ATA, HITACHI HTS54161, SB4I SCSI3 0/direct fixed naa.5000cca553d9c785 sd0: 152627MB, 512 bytes/sector, 312581808 sectors ichiic0 at pci0 dev 31 function 3 Intel 82801H SMBus rev 0x03: apic 1 int 23 iic0 at ichiic0 usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pms0: ALPS Dualpoint, version 0x7301 wsmouse1 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 aps0 at isa0 port 0x1600/31 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support ugen0 at uhub2 port 2 TouchStrip Fingerprint Sensor rev 1.00/0.01 addr 2 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (603a3f894caa2b45.a) swap on sd0b dump on sd0b iwn0: radio is disabled by hardware switch iwn0: radio is disabled by hardware switch iwn0: radio is disabled by hardware switch sd1 at scsibus3 targ 1 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed sd1: 28667MB, 512 bytes/sector, 58710448 sectors -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )
On Wed, May 08, 2013 at 08:18:58AM -0600, Jack Woehr wrote: Ingo Schwarze wrote: Hi, TRUNASUCI TRUNASUCI wrote on Wed, May 08, 2013 at 12:01:03AM -0400: I just wanna ask if there is a project for this official refernce book for all users ( if any please inform ). If you want to buy a very helpful book, _Absolute OpenBSD_ from No Starch Press just made second edition. I have the Kindle version to review and will be reviewing on Amazon soon. I should mention here: the Kindle conversion of AO2e had problems. The publisher is addressing them, but the corrected version is not yet live. Sadly, I cannot fix these files myself. Only the publisher can. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: Tux cups
On Fri, May 03, 2013 at 10:41:32PM +0200, Erling Westenvik wrote: To my astonishment: when printing a test page from cups, it outputs an image of Tux!?! Cups is Linux-ware, ported to OpenBSD. The name claims to be common, but no, it's Linux-centric. As the test logo shows. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: OpenBSD Foundation benefit Auction / Absolute OpenBSD 2nd Ed.
Auction is over. $1,145 for the Foundation. http://blather.michaelwlucas.com/archives/1660 ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: OpenBSD Foundation benefit Auction / Absolute OpenBSD 2nd Ed.
On Mon, Apr 08, 2013 at 12:05:37AM -0600, Theo de Raadt wrote: (Personally, I'd like to see the devs sign whatever part of the book they worked on. Preferably in red ink. With notations like Wrong! pf.conf(5) and newaliases(8) together clearly imply otherwise or I'm redoing this for 5.4, ignore this chapter.) If that is what the lucky winner wishes, I am going to need to set aside at least an hour... Do it at the pub. The yeasty aroma will add verisimilitude. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: OpenBSD Foundation benefit Auction / Absolute OpenBSD 2nd Ed.
On Sun, Apr 07, 2013 at 10:21:55PM -0600, Austin Hook wrote: OpenBSD Foundation benefit Auction: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=200913454300 I'm delighted to see this finally happen! I've been told by fairly reliable sources that there's a hackathon in Toronto from 29 May to 5 June. I suspect that the auction winner could get their book signed by a whole pubload of developers. We could delay shipping the book to the winner, or perhaps let the winner ship the book to someone in Toronto. (Personally, I'd like to see the devs sign whatever part of the book they worked on. Preferably in red ink. With notations like Wrong! pf.conf(5) and newaliases(8) together clearly imply otherwise or I'm redoing this for 5.4, ignore this chapter.) In any event, bid early. Bid often. When we auctioned off Absolute FreeBSD, the FreeBSD Foundation got about $600. Frankly, I expect the OpenBSD community to crush that puny record. Now I get to sit back and watch the fun... ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: Absolute OpenBSD 2nd Edition pre-orders are up.
This is OpenBSD-misc. ALWAYS search the archives before asking. Sheesh! http://marc.info/?l=openbsd-miscm=105723966516199w=2 Updated base dates are here: http://blather.michaelwlucas.com/archives/1599 I don't know where the printer is located this time. ==ml On Sat, Mar 16, 2013 at 11:06:23PM -0500, Brandon Tanner wrote: I got mine ordered today, when do you think it will ship from NoStarch Press? On Sat, Mar 16, 2013 at 3:32 PM, Michael W. Lucas mwlu...@blackhelicopters.org wrote: On Fri, Mar 15, 2013 at 11:59:28PM -0600, Austin Hook wrote: Pre-orders for the 2nd Edition of Michael Lucas' Absolute OpenBSD are now up on the main order website. Expected to arrive about the same time we start shipping pre-orders for OpenBSD 5.3. Pre-orders for the latter will show up pretty soon as well. No special early discount, but the difference does go to support the project. Or, if you need to pinch those pennies (before they are discontinued), take the early order path suggested by Michael's website, rather than through the big online monopoly. He gets a bit more that way. You thought you knew all there is to learn in an introductory book to OpenBSD? You might be surprised. A reference when you need it, and worth a skim even just to see how OpenBSD has evolved over the last 10 years, if you have the original volume. http://www.openbsd.org/books.html#B10 And follow the links. Excellent, Austin! Glad you got them. Linked from the book page. And thanks for the plug. Before anyone asks: I don't really care where you buy it. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me. -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
Re: Absolute OpenBSD 2nd Edition pre-orders are up.
On Fri, Mar 15, 2013 at 11:59:28PM -0600, Austin Hook wrote: Pre-orders for the 2nd Edition of Michael Lucas' Absolute OpenBSD are now up on the main order website. Expected to arrive about the same time we start shipping pre-orders for OpenBSD 5.3. Pre-orders for the latter will show up pretty soon as well. No special early discount, but the difference does go to support the project. Or, if you need to pinch those pennies (before they are discontinued), take the early order path suggested by Michael's website, rather than through the big online monopoly. He gets a bit more that way. You thought you knew all there is to learn in an introductory book to OpenBSD? You might be surprised. A reference when you need it, and worth a skim even just to see how OpenBSD has evolved over the last 10 years, if you have the original volume. http://www.openbsd.org/books.html#B10 And follow the links. Excellent, Austin! Glad you got them. Linked from the book page. And thanks for the plug. Before anyone asks: I don't really care where you buy it. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code ILUVMICHAEL gets you 30% off helps me.
login.conf(5) rpasswd support removed?
Hi, login.conf includes the following: ... rpasswdRequest a password and check it against the password in the rpasswd.db file. ... It seems that there's no reference to rpasswd.db in the current source code, except for the login.conf man page. Should this line be removed from login.conf? I can file a bug report, but wanted to double-check it first. (Credit where it's due: I didn't notice this, Pitr Hansteen caught it doing the tech review of AO2e). ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@michaelwlucas.com, Twitter @mwlauthor
w(1) weirdness
w(1) gives the -a option: -a Attempt to translate network addresses into names. But this appears to be the default: wrath~;w 5:46PM up 8 days, 1:08, 1 user, load averages: 0.50, 0.45, 0.37 USERTTY FROM LOGIN@ IDLE WHAT mwlucas p0 adsl-99-103-114- 5:44PM 0 w Adding -a doesn't change the output. I would *think* (there's my problem, I know) that if -a is the default, then there would be a -n or somesuch to turn off hostname resolution. What am I missing here? Yes, there's other ways to see what IP I'm logged in from, just seemed strangely inconsistent for you folks. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@michaelwlucas.com, Twitter @mwlauthor
route(8) doc question
Hi, route show displays flags for a route. But route(8) doesn't give me a conversion between those flags and their meaning. route(4) lists the flags, but in hex format and not such that I can translate UGRS into anything useful. I found the table in src/sbin/route/show.c, so my immediate purposes are met. But I *know* this has to be in a man page somewhere. Is it missing? Or did I just gloss over it somewhere? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@michaelwlucas.com, Twitter @mwlauthor
atexit() and stdio() protection
Hi folks, I'm trying to dig up information on the atexit() and stdio() protection given in the FAQ. I can find lots of statements that this protection exists, but I can't find any presentations or papers saying what they are and what they do. The man pages for these functions don't seem to have anything explicit about this protection. Any pointers? Man pages I should read? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@michaelwlucas.com, Twitter @mwlauthor
softraid metadata removal
Hi, I'm playing with softraid on a test machine. I reuse disks. This makes me trip over metadata: # bioctl -c 1 -l sd2n,sd3n softraid0 softraid0: volume level does not match metadata level # bioctl -c 5 -l sd2p,sd3p,sd4p,sd5p,sd6p softraid0 softraid0: not all chunks are of the native metadata format I could just spew dd if=/dev/zero all over the disk, but surely there's a better/faster/simpler way to clean up this metadata? Any suggestions? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@michaelwlucas.com, Twitter @mwlauthor
Re: SSH Mastery -- New book by Michal Lucas!
On a personal level, I don't care. Just get it somehow. ;-) I said I wasn't going to follow up here, but given the flood of emails, I'd best answer this one en masse. About 100,000 rough words exist for Absolute OpenBSD 2nd Ed. I will announce on my blog when I need community reviewers. I put random details out on Twitter, with hashtags #absoluteopenbsd or #ao2e. ==ml On Sat, Feb 18, 2012 at 10:49:53AM +0800, Alan Cheng wrote: As much as I want a printed copy, I just ordered an electronic copy on smashwords.com -- the int'l shipping cost, which is usually higher than the book itself, can be put to better use, like a donation to the project. thanks ml. Alan On Sat, Feb 18, 2012 at 9:42 AM, Michael W. Lucas mwlu...@blackhelicopters.org wrote: YES! Now I can tell people where they can pre-order print. And they will stop bugging me. ;-) Seriously, I'm delighted to be able to do this. I'm giving the books to the OpenBSD project at my cost. I expect them to use the proceeds well, on barbeque and beer. Maybe even some code. You'll notice that the OpenBSD folks are charging cover price. That's because this is a fundraiser. I don't make anything on these books, but that's okay. It'll be available through all the usual online booksellers later. Amazon will have it cheaper, and I'll get profits from those sales. But I'm thinking that the people on this list will want the OpenBSD-direct version. ==ml On Fri, Feb 17, 2012 at 05:27:49PM -0700, Austin Hook wrote: Here's the entry I just finished adding to OpenBSD's books.html page clip SSH Mastery by Michael Lucas ISBN-13: 978-1470069711 ISBN-10: 1470069717 February 2012, 145 pp. A guide to what you need to know about SSH. This book will help you eliminate passwords on your network, tunnel unencrypted protocols through secure channels, build VPNs with OpenSSH, and more. Focuses on the OpenSSH server, the OpenSSH client, and the PuTTY client. Michael W Lucas is the author of Absolute OpenBSD and other BSD books. Helping support OpenBSD, Michael is contributing all his author's profits, from orders via the main OpenBSD order page, back to the project. [ Order direct from the OpenBSD website International.] /clip A book like this is great for those of us that have a lot on our plate. I can remember a long period when I kind of knew what OpenSSH could do but just didn't have the time to parse out the man page to properly to forward a browser port or a mail port, to set up a VPN, and I could have benefited a lot sooner with a bit more well explained cookbook examples at my fingertips. Then there's that pesky stuff with keep alive and so on. What does it all really mean for the context I was having trouble with? Hey, I wonder if Michael has anything to say about the safety of even using OpenSSH variants on a different operating system to access one of my OpenBSD boxen. I'm looking forward to read my own copy. Yes, this book has already been out in electronic form for a bit, but myself I spend too much time looking at screen and I still like the physical experience of handling a book. Besides, the printed version already benefits from reader corrections to the electronic edition. Michael has been very gracious with timely help to enable the main OpenBSD website to be the first to offer it, It will be available everywhere soon, but we do have a jump on it this time. It's been so long for us since we last enjoyed Michael's style that we enjoyed in Absolute OpenBSD, I am really happy to see him come back to us with this new volume. There will be a slight delay before the first copies arrive and can be shipped, but the order site is already set up. https://https.openbsd.org/cgi-bin/order?B09=1B08%2b=Add Austin -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@blackhelicopters.org, Twitter @mwlauthor -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@blackhelicopters.org, Twitter @mwlauthor
Re: SSH Mastery -- New book by Michal Lucas!
YES! Now I can tell people where they can pre-order print. And they will stop bugging me. ;-) Seriously, I'm delighted to be able to do this. I'm giving the books to the OpenBSD project at my cost. I expect them to use the proceeds well, on barbeque and beer. Maybe even some code. You'll notice that the OpenBSD folks are charging cover price. That's because this is a fundraiser. I don't make anything on these books, but that's okay. It'll be available through all the usual online booksellers later. Amazon will have it cheaper, and I'll get profits from those sales. But I'm thinking that the people on this list will want the OpenBSD-direct version. ==ml On Fri, Feb 17, 2012 at 05:27:49PM -0700, Austin Hook wrote: Here's the entry I just finished adding to OpenBSD's books.html page clip SSH Mastery by Michael Lucas ISBN-13: 978-1470069711 ISBN-10: 1470069717 February 2012, 145 pp. A guide to what you need to know about SSH. This book will help you eliminate passwords on your network, tunnel unencrypted protocols through secure channels, build VPNs with OpenSSH, and more. Focuses on the OpenSSH server, the OpenSSH client, and the PuTTY client. Michael W Lucas is the author of Absolute OpenBSD and other BSD books. Helping support OpenBSD, Michael is contributing all his author's profits, from orders via the main OpenBSD order page, back to the project. [ Order direct from the OpenBSD website International.] /clip A book like this is great for those of us that have a lot on our plate. I can remember a long period when I kind of knew what OpenSSH could do but just didn't have the time to parse out the man page to properly to forward a browser port or a mail port, to set up a VPN, and I could have benefited a lot sooner with a bit more well explained cookbook examples at my fingertips. Then there's that pesky stuff with keep alive and so on. What does it all really mean for the context I was having trouble with? Hey, I wonder if Michael has anything to say about the safety of even using OpenSSH variants on a different operating system to access one of my OpenBSD boxen. I'm looking forward to read my own copy. Yes, this book has already been out in electronic form for a bit, but myself I spend too much time looking at screen and I still like the physical experience of handling a book. Besides, the printed version already benefits from reader corrections to the electronic edition. Michael has been very gracious with timely help to enable the main OpenBSD website to be the first to offer it, It will be available everywhere soon, but we do have a jump on it this time. It's been so long for us since we last enjoyed Michael's style that we enjoyed in Absolute OpenBSD, I am really happy to see him come back to us with this new volume. There will be a slight delay before the first copies arrive and can be shipped, but the order site is already set up. https://https.openbsd.org/cgi-bin/order?B09=1B08%2b=Add Austin -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@blackhelicopters.org, Twitter @mwlauthor
Re: SSH Mastery -- New book by Michal Lucas!
On Sat, Feb 18, 2012 at 01:26:16PM +1100, Rod Whitworth wrote: On Fri, 17 Feb 2012 20:42:21 -0500, Michael W. Lucas wrote: Now I can tell people where they can pre-order print. And they will stop bugging me. ;-) ... Timing is everything! I just bought a PDF copy of the book. I was waiting for the dead-tree version but couldn't resist getting something I had been waiting for since the release news. Much obliged, I appreciate it! My blog post on this is at http://blather.michaelwlucas.com/archives/1250 I'm gonna shut up now, rather than fill the list with naked self-promotion. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@blackhelicopters.org, Twitter @mwlauthor
Re: roundcubemail on openbsd 5.0
I have Roundcube elsewhere. It basically runs like any other IMAP/pop3 client, e.g., communicates over port 110/995/whatever. My roundcube install isn't actually on my mail server. This leads me to think that copying system files into the chroot isn't going to help. Using a mail client other than roundcube, can you authenticate to the server using user@domain, and send mail from user@domain? ==ml On Mon, Dec 12, 2011 at 04:37:50PM +0400, Wesley M. wrote: I tried this : cp /etc/mail/virtusertable /var/www/roundcubemail/ And changed in /var/www/roundcubemail/main.inc.php this line to $rcmail_config['virtuser_file'] = '/roundcubemail/virtusertable'; Add a new user. Try it, only works with his username, and when i try to send emails, it comes from username@localhost Any idea ? My first guess here would be that httpd is probably chrooted in which case you're trying to access a file that is not available When i try to connect using user@domain : error authentification and when i use just the username, there's @localhost attached to the username. See the config file, where it says This domain will be used to form e-mail addresses of new users. Note that it says *new*; existing users will need to be changed in the database. -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
Re: SSH VPN without root login?
It appears that the SSH VPN startup runs /bin/sh /etc/netstart tun0 I suspect that if I could somehow get a sudo in front of that things would work. Must go read source code... On Mon, Aug 15, 2011 at 10:09:48PM +1200, Graeme Neilson wrote: Pretty sure if you change the owner / group of the tap or tun device you are using to the user you want to bring up the tunnel you can avoid root. G On Fri, Aug 12, 2011 at 5:40 AM, Michael W. Lucas mwlu...@blackhelicopters.org wrote: Hi, I'm trying to get a SSH VPN working between a 4.9 i386 and a recent 5.0 amd64 snapshot (with the MP#49 kernel). The tunnel works fine if I SSH in as root. My guts really protest at enabling remote root logins, however. Yes, I can limit the access with a Match statement. Surely I can change some device permissions, or use sudo, to permit a particular otherwise-unprivileged user to bring up this VPN? Any suggestions on where to look for that? I've tried several Internet searches, but found nothing. Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
SSH VPN without root login?
Hi, I'm trying to get a SSH VPN working between a 4.9 i386 and a recent 5.0 amd64 snapshot (with the MP#49 kernel). The tunnel works fine if I SSH in as root. My guts really protest at enabling remote root logins, however. Yes, I can limit the access with a Match statement. Surely I can change some device permissions, or use sudo, to permit a particular otherwise-unprivileged user to bring up this VPN? Any suggestions on where to look for that? I've tried several Internet searches, but found nothing. Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
man page search and Xenocara
Hi, It appears that the online openbsd.org man page search does not include Xenocara? Should it? I'm trying to link to the official cwm(1) man page, but it's not there. Other X stuff, e.g., xsetroot, also seems to be missing. Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
PF with gigabit voice/video streams
Hi, I'm looking for a NAT/firewall/VPN solution with failover for a private enterprise TV system. While my gut reaction is PF, I'm wondering if anybody here has done this before. Video and voice send large numbers of small packets. I'm told that this particular application can fill a gigabit Ethernet. I've found pps discussions on the Internet, of course, but they're mostly dated. And I haven't found anything on copious voice or video and PF. So, anybody care to share their experience with PF in this space? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
change cwm screensaver?
Hi, Is there a way to easily change the cwm screensaver? It's not in the man pages or the archives. (Daft, I know. And petty.) ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
preferring ipv6?
Hi, My desktop, running the January amd64 snapshot, has a ipv6 tunnel via he.net. It seems that my applications all prefer using ipv4. Research led me to rfc3484 and the destination address selection algorithm. A tunnel isn't going to work that way, fair enough. I found a discussion about making Linux prefer IPv6 (http://wahjava.wordpress.com/2007/12/13/unable-to-view-ipv6-site-over-6to4-connection-in-firefox/). Is there some way to make OpenBSD similarly prefer IPv6 when available? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
Re: netflow and ipv6?
On Mon, Jan 24, 2011 at 10:43:36PM +0100, Patrick Lamaiziere wrote: Hello, Are there some plans to implement netflow v9 in pflow(4) (to be able to trace ipv6 flows)? Without, which collector can I use in userland? And is the load introduced by such userland tool a concern with a network traffic passing the firewall around ~500Mb/s? Softflowd. http://www.mindrot.org/projects/softflowd/ I believe it will handle the load -- I put 50Mbs through a PF machine several years ago, and softflowd didn't crack 1% CPU. YMMV. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
pkg_add -iu failure on newest amd64 snapshot
Summary: Is this error worth a bug report? Can't call method errsay on unblessed reference at /usr/libdata/perl5/OpenBSD/Add.pm line 693. Full saga: Upgraded from 10 April snapshot to 18 January itself via snapshot, aka: OpenBSD gluttony.blackhelicopters.org 4.9 GENERIC.MP#777 amd64 Then I tried to upgrade my packages. pkg_add -iu ... apache-ant-1.7.1p1:tiff-3.8.2p5-tiff-3.9.4: ok apache-ant-1.7.1p1:jasper-1.900.1p1-jasper-1.900.1p1: ok Error from ftp://openbsd.mirrors.tds.net/pub/OpenBSD/snapshots/packages/amd64/gdk-pixbuf-2.22.1.tgz ftp: Can't connect or login to host `openbsd.mirrors.tds.net' Fatal error: archive does not match +CONTENTS != lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ani.so Read shared items: ok --- -libxml-2.7.6 --- Remember to update /var/db/xmlcatalog --- +jikes-1.22p4 --- This software is subject to the terms of the IBM Jikes Compiler Open Source License Agreement in /usr/local/share/doc/jikes/license.htm, also available at this URL: http://ibm.com/developerworks/oss/jikes/ Copyright (C) 1996, 1998, International Business Machines Corporation and others. All Rights Reserved. You must accept the terms of that agreement to use this software. Can't call method errsay on unblessed reference at /usr/libdata/perl5/OpenBSD/Add.pm line 693. I assumed that the error here was related to the cannot connect or login to host error, and indeed, trying to connect manually gives me: $ ftp openbsd.mirrors.tds.net Connected to openbsd.mirrors.tds.net. 421 There are too many connections from your internet address. ftp quit So, there's an explicable reason behind this failure. I can't find the error: Can't call method errsay on unblessed reference at /usr/libdata/perl5/OpenBSD/Add.pm line 693. in an online search. My packages are now in an inconsistent state, as partial-gdk-pixbuf was fubarized in the previous crash: s$ sudo pkg_add -iu Checking packages|No change in OpenEXR-1.6.1p1Warning: couldn't read packing-list from installed package partial-gdk-pixbuf-2.22.1 File /var/db/pkg/partial-gdk-pixbuf-2.22.1/+CONTENTS does not exist apache-ant-1.7.1p1:libaudiofile-0.2.6p2-libaudiofile-0.2.6p2: ok Checking packages|No change in glib2-2.26.1p0Warning: couldn't read packing-list from installed package partial-gdk-pixbuf-2.22.1 File /var/db/pkg/partial-gdk-pixbuf-2.22.1/+CONTENTS does not exist Read shared items|** | 45%Warning: couldn't read packing-list from installed package partial-gdk-pixbuf-2.22.1 File /var/db/pkg/partial-gdk-pixbuf-2.22.1/+CONTENTS does not exist Read shared items: ok Fatal error: can't locate partial-gdk-pixbuf-2.22.1 at /usr/libdata/perl5/OpenBSD/Update.pm line 102 I can fix this with pkg_delete and re-adding them. But is there an easier way? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
smtpd and spamd, with antivirus
Hi, I have to build a new mail relay host, and would like to use spamd and smtpd on OpenBSD. I'm required to provide antivirus scanning of mail contents, however. Has anyone attached any antivirus software to this combination? I'm well aware that spamd stops a vast amount of viruses, but I'm not the one writing the requirements. Thanks for any hints, ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ New book available: Network Flow Analysis http://www.networkflowanalysis.com/
cwm ssh autocompletion, SSH on non-standard port
Hi, I'm running 4.7 GENERIC.MP#0 amd64 with the cwm window manager. Read the man pages and searched, but no answer to this. My employer runs SSH on a specific non-standard port. (Yes, I know, but that's the rule and it's my paycheck.) I've noticed that cwm's ssh autocompletion doesn't include known_hosts entries on nonstandard ports. Presumably, this is because the hostname is in square brackets and cwm can't parse it. Is there a way to make cwm's ssh autocompletion work when SSH is used on an off port? Or is this just the penalty I pay for living with this policy? Thanks for any suggestions, ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ New book available: Network Flow Analysis http://www.networkflowanalysis.com/
Re: cwm ssh autocompletion, SSH on non-standard port
On Fri, Jul 23, 2010 at 04:50:10PM +0200, Joachim Schipper wrote: On Fri, Jul 23, 2010 at 10:43:36AM -0400, Michael W. Lucas wrote: Hi, I'm running 4.7 GENERIC.MP#0 amd64 with the cwm window manager. Read the man pages and searched, but no answer to this. My employer runs SSH on a specific non-standard port. (Yes, I know, but that's the rule and it's my paycheck.) I've noticed that cwm's ssh autocompletion doesn't include known_hosts entries on nonstandard ports. Presumably, this is because the hostname is in square brackets and cwm can't parse it. Is there a way to make cwm's ssh autocompletion work when SSH is used on an off port? Or is this just the penalty I pay for living with this policy? Thanks for any suggestions, Can't you just use the machine name, and then put something like Host *.myemployer.com Port 222 in ~/.ssh/config? Joachim Tried this config file: Host * ForwardAgent yes ForwardX11 yes Port 222 ForwardX11Trusted yes Removed the entry for the host from known_hosts and tried again. I connected to the correct port, but the known_hosts entry is still recorded in brackets. No autocompletion. I don't see any other option in ssh_config(5) that seems appropriate. Thanks, ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ New book available: Network Flow Analysis http://www.networkflowanalysis.com/
reporting a bug in ports/net/flow-tools?
Hi, Sendbug doesn't seem to have a ports option, and my bug report doesn't have a single recommend solution in any case, so I'm asking here. The flow-log2rrd, flow-rpt2rrd, and flow-rptfmt programs in flow-tools each start with the line: #!/bin/env python This won't work on OpenBSD. OpenBSD's env is in /usr/bin, and python is installed (at least on my system) as /usr/local/bin/python2.5. There is no generic python command. These programs will run under any of the 3 python ports. I could argue that these should start with any of the following: #!/usr/bin/env python2.5 #!/usr/local/bin/python2.5 (repeat for python 2.4 and 2.6) So, what is the OpenBSD-style resolution for this sort of thing? I don't care what the solution is, I just want flow-tools to work out of the box. Out of curiosity, is there any interest in a port of the new flow-tools fork? It fixes many corruption bugs on 64-bit systems. Thanks, ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org http://www.MichaelWLucas.com/ Latest book: Cisco Routers for the Desperate, 2nd Edition http://www.CiscoRoutersForTheDesperate.com/
Re: reporting a bug in ports/net/flow-tools?
On Tue, Apr 27, 2010 at 05:36:15PM +0300, Antti Harri wrote: On Tue, 27 Apr 2010, Michael W. Lucas wrote: Hi, Sendbug doesn't seem to have a ports option, and my bug report doesn't have a single recommend solution in any case, so I'm asking here. The flow-log2rrd, flow-rpt2rrd, and flow-rptfmt programs in flow-tools each start with the line: #!/bin/env python This won't work on OpenBSD. OpenBSD's env is in /usr/bin, and python is installed (at least on my system) as /usr/local/bin/python2.5. There is no generic python command. These programs will run under any of the 3 python ports. I could argue that these should start with any of the following: #!/usr/bin/env python2.5 #!/usr/local/bin/python2.5 (repeat for python 2.4 and 2.6) So, what is the OpenBSD-style resolution for this sort of thing? I don't care what the solution is, I just want flow-tools to work out of the box. Out of curiosity, is there any interest in a port of the new flow-tools fork? It fixes many corruption bugs on 64-bit systems. Thanks, You should symlink one of the pythonX.Y binaries to 'python', as post install message for python packages suggest. Fair enough. Python was one of many dependencies in an earlier install, so I missed that message. But that still leaves the bogus /bin/env problem in this particular package. ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org http://www.MichaelWLucas.com/ Latest book: Cisco Routers for the Desperate, 2nd Edition http://www.CiscoRoutersForTheDesperate.com/
application key mappings in cwm
Hi, I recently switched to cwm (from WindowMaker). Everything works great, except for how some key mappings interact with applications. OpenOffice uses control-arrowkey to move the cursor a word at a time, and control-shift-arrowkey to highlight. At times I must highlight entire paragraphs, or skip through paragraphs at high speed, so I need this function. Firefox has similar behavior, and I'm sure other apps do as well. cwm uses control-arrowkeys for window size placement, so these keystrokes never reach the app. I'm not attached to control-arrowkey for this application function, but I need the function. I'm sure other people have had this annoyance as well. My first thought is to use the windows key on this keyboard for a control key just for applications, but a) I'm not sure how to do that, and b) someone else has probably had a better idea. Any suggestions for remapping keys to restore control-shift-arrow highlighting in apps, without losing cwm's behavior? Is there a specific OpenBSD way to do that, or a particular man page I should read? Thanks, ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org http://www.MichaelWLucas.com/ Latest book: Cisco Routers for the Desperate, 2nd Edition http://www.CiscoRoutersForTheDesperate.com/
Re: sftp chroot ?
On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: Hello, If I understand this will chroot any user. Am I correct ? - Is root chrroted as well ? Don't scp or SSH in as root. Use a regular account and sudo, or at least the root password. - Is it possible to chrrot only some users ? I don't believe so. You could look at scponly, it can chroot users. It's an add-on shell, not in ports, has not been audited by OpenBSD, etc. YMMV. I am afraid that is I do this then all users will be chrooted and I won't be able to turn this back since I will not have access to /etc. Run a separate sshd instance on a different port, with -p. Test the changes there. ==ml Line to be changed in sshd_config : #ChrootDirectory none Thanks JF Le lundi 23 fC)vrier 2009 C 19:07 +0100, Floor Terra a C)crit : See sshd_config(5) and search for ChrootDirectory. Floor On Feb 23, 2009 6:24 PM, Jean-Francois jfsimon1...@gmail.com wrote: Hi All, As far as I understand, the sftp service is always running since it is the ssh daemon (maybe one can correct me if I'm wrong). Hence I need to chroot some users to specific directories. I prefer not to use vsftp at present time if this feature is available with sftp of OpenBSD. One can help me ? Thank you; JF -- Michael W. Lucasmwlu...@blackhelicopters.org, mwlu...@freebsd.org http://www.BlackHelicopters.org/~mwlucas/ My pessimism extends to the point of even suspecting the sincerity of the pessimists. -- Jean Rostand, French biologist and philosopher
Re: sftp chroot ?
On Mon, Feb 23, 2009 at 05:20:17PM -0500, Mike Erdely wrote: On Mon, Feb 23, 2009 at 04:21:01PM -0500, Michael W. Lucas wrote: On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: - Is it possible to chrrot only some users ? I don't believe so. You could look at scponly, it can chroot users. It's an add-on shell, not in ports, has not been audited by OpenBSD, etc. YMMV. I am afraid that is I do this then all users will be chrooted and I won't be able to turn this back since I will not have access to /etc. Run a separate sshd instance on a different port, with -p. Test the changes there. Ugh. Bad advice. Please see sshd_config(5) and http://undeadly.org/cgi?action=articlesid=20080220110039 -ME Yep, definitely better way to chroot. But I still suggest running sshd on an off port to test changes if you're concerned about locking yourself out. ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org, mwlu...@freebsd.org http://www.BlackHelicopters.org/~mwlucas/ My pessimism extends to the point of even suspecting the sincerity of the pessimists. -- Jean Rostand, French biologist and philosopher
Re: mp3 playback speed problem on new snapshot
On Sat, Feb 21, 2009 at 01:37:27AM +, Jacob Meuser wrote: On Fri, Feb 20, 2009 at 05:23:09PM -0500, Michael W. Lucas wrote: Hi, I'm running OpenBSD paranoiac.blackhelicopters.org 4.5 GENERIC.MP#82 i386 on a Toshiba Satellite P105-S6179. Fresh install, not an upgrade. Widescreen works beautifully with 915resolution package, ACPI made the fan start when necessary, everything seems good... except sound. MP3 playback is fast. Not terribly fast, just a little bit fast. My VNV Nation sounds like they've taken a little bit too much speed, and John Fogerty sounds like he's been kicked in the fork. Everything is understandable, but just that little bit too fast. I've solved any number of no sound problems, but this is a new one. The archives include reports of this issue years ago, but nothing current. Any suggestions? what applications are playing too fast? that's far more iportant than who's voice sounds like what. it sounds like 44.1kHz media being played at 48kHz. there are suggestions in tha FAQ. You're right, thank you. The rest is mostly for the archives: mpg123 reports 44.1kHz media and the azalia0 sound card reports play.rate=48000. (I have hundreds of gigs of MP3s at 44.1kHz, so I'm not about to start over from that end. :-) Changing play.rate to 44100 doesn't work, and the archives show it won't with an azalia sound card. Madplay does work correctly, though. And I can use madplay as an input engine for XMMS through audio/xmms-madplay. It looks like audacious is a better choice, however, as xmms is slowly dying. And the end result is: audacious plays everything fine. The volume control doesn't seem to work, but I have a physical volume dial. Thanks, ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org, mwlu...@freebsd.org http://www.BlackHelicopters.org/~mwlucas/ My pessimism extends to the point of even suspecting the sincerity of the pessimists. -- Jean Rostand, French biologist and philosopher
Re: mp3 playback speed problem on new snapshot
On Sat, Feb 21, 2009 at 06:25:11PM +0100, Alexandre Ratchov wrote: On Sat, Feb 21, 2009 at 11:14:29AM -0500, Michael W. Lucas wrote: On Sat, Feb 21, 2009 at 01:37:27AM +, Jacob Meuser wrote: On Fri, Feb 20, 2009 at 05:23:09PM -0500, Michael W. Lucas wrote: Hi, I'm running OpenBSD paranoiac.blackhelicopters.org 4.5 GENERIC.MP#82 i386 on a Toshiba Satellite P105-S6179. Fresh install, not an upgrade. Widescreen works beautifully with 915resolution package, ACPI made the fan start when necessary, everything seems good... except sound. MP3 playback is fast. Not terribly fast, just a little bit fast. My VNV Nation sounds like they've taken a little bit too much speed, and John Fogerty sounds like he's been kicked in the fork. Everything is understandable, but just that little bit too fast. I've solved any number of no sound problems, but this is a new one. The archives include reports of this issue years ago, but nothing current. Any suggestions? what applications are playing too fast? that's far more iportant than who's voice sounds like what. it sounds like 44.1kHz media being played at 48kHz. there are suggestions in tha FAQ. You're right, thank you. The rest is mostly for the archives: mpg123 reports 44.1kHz media and the azalia0 sound card reports play.rate=48000. (I have hundreds of gigs of MP3s at 44.1kHz, so I'm not about to start over from that end. :-) Changing play.rate to 44100 doesn't work, and the archives show it won't with an azalia sound card. Madplay does work correctly, though. And I can use madplay as an input engine for XMMS through audio/xmms-madplay. It looks like audacious is a better choice, however, as xmms is slowly dying. And the end result is: audacious plays everything fine. The volume control doesn't seem to work, but I have a physical volume dial. You can use aucat(1) in server mode (aucat -l). It will do all the necessary conversions on the fly. It's supposed to be transparent. Check the ``server mode'' section of aucat(1) Not all audio applications are upated to use it, mpg123 and xmms (and a lot other apps) can use it. Thank you, this works perfectly. While audacious works, it uses about 25% of one CPU. The visualization is just slow enough to be distracting. Open up the preferences, and the sound skips. I think I'll stick with old but works. ==ml -- Michael W. Lucasmwlu...@blackhelicopters.org, mwlu...@freebsd.org http://www.BlackHelicopters.org/~mwlucas/ My pessimism extends to the point of even suspecting the sincerity of the pessimists. -- Jean Rostand, French biologist and philosopher
mp3 playback speed problem on new snapshot
11) uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 1 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 1 int 16 (irq 11) ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 1 int 23 (irq 7) ehci0: timed out waiting for BIOS usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci4 at ppb3 bus 10 cbb0 at pci4 dev 4 function 0 TI PCIXX12 CardBus rev 0x00: apic 1 int 17 (irq 11) TI PCIXX12 FireWire rev 0x00 at pci4 dev 4 function 1 not configured TI PCIXX12 Multimedia Card Reader rev 0x00 at pci4 dev 4 function 2 not configured sdhc0 at pci4 dev 4 function 3 TI PCIXX12 Secure Data rev 0x00: apic 1 int 17 (irq 11) sdmmc0 at sdhc0 fxp0 at pci4 dev 8 function 0 Intel PRO/100 VM rev 0x02, i82562: apic 1 int 20 (irq 11), address 00:16:36:c0:58:a5 inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 11 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: TOSHIBA MK1637GSX wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-RAM UJ-850S, 1.10 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x02: apic 1 int 19 (irq 11) iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-4200CL5 SO-DIMM spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity PC2-4200CL5 SO-DIMM usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support ath0 at cardbus0 dev 0 function 0 Atheros AR5212 rev 0x01: irq 268505355 ath0: AR2414 7.9 phy 4.5 rf2413 5.6, FCC2A*, address 00:1e:2a:4e:65:71 acpibat0: BAT1 inserted ugen0 at uhub3 port 1 STMicroelectronics Biometric Coprocessor rev 1.00/0.01 addr 2 softraid0 at root root on wd0a swap on wd0b dump on wd0b -- Michael W. Lucasmwlu...@blackhelicopters.org, mwlu...@freebsd.org http://www.BlackHelicopters.org/~mwlucas/ My pessimism extends to the point of even suspecting the sincerity of the pessimists. -- Jean Rostand, French biologist and philosopher
Re: Absolute OpenBSD out-of-print?
On Thu, May 10, 2007 at 03:11:09PM -0500, James Hartley wrote: On 5/10/07, Matthew Szudzik [EMAIL PROTECTED] wrote: Does anybody know if there are plans for another printing? Or maybe even a second edition? According to Lucas' Website, he still intends on writing an _Absolute_ book for NetBSD. I may be wrong, but I don't suspect we will see second editions of the other two volumes. http://www.blackhelicopters.org/~mwlucas/#stuff Hi, Competing publishers have taken to eavesdropping on what I'm writing, and then rushing competing books of their own into print. I no longer publically announce what I'm writing at any time because of this. Paranoid? Perhaps. I do run OpenBSD, however. ;-) The publisher generally tells me when a book is out-of-print, but AO is outdated at this point so they might not have. Much of it is still applicable, but it doesn't cover all the new nifty features that have come out in the last few years. It might also be in that dregs can be found here and there, but not really totally out of print limbo. Family medical problems have generally thrown my writing schedule into the toilet the last couple of years. (Hurrah for the US health care system!) But I am working on a tech book to come out later this year. ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ Latest book: PGP GPG -- http://www.pgpandgpg.com On 5/4/2007, the TSA kept 3 pairs of my soiled undies for security reasons.
Re: NYCBSDCon 2005
On Tue, Aug 23, 2005 at 11:02:49PM -0400, Ted Unangst wrote: On Tue, 23 Aug 2005, George R. wrote: New York City BSD Conference (NYCBSDCon), a one day technical conference hosted by the New York City *BSD User Group, will be held on Saturday, September 17th at Columbia University. The all day conference will include a variety of speakers representing the BSD projects and the open source community. was there a cfp that i missed or was it more like invite only? I'm only a guest, not a committee member, so this is only my impression. The speakers were arranged by the time-honored method of scrounging around for anyone damn fool enough to fly to NYC for a one day event. Apparently, I'm damn fool enough. :-) NYCBug is a user group, so they picked up people of interest to their users. Fair enough. ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur
Re: Negotiating a license for Sun Java on OpenBSD?
On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote: The FreeBSD guys sold their soul to Sun in a license agreement of some sort in order to use Sun's code as a base for their native implementation. Sorry, not quite. The FreeBSD-native Java implementation did not require changing any licenses in the base OS. Mind you, those poor bastards who donated their work and code to get Java running natively on FreeBSD may have sold their souls (or, at least, got badly taken), but that's a separate issue. The last time I tried it, the FreeBSD native Java ran fine on OpenBSD under emulation. At least it's a step closer than the Linux version. And, if you feel like donating your limited free time to Sun, the FreeBSD version is a better starting point than the Linux version. ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur
Re: Negotiating a license for Sun Java on OpenBSD?
On Mon, Aug 08, 2005 at 10:05:38AM -0400, Kurt Miller wrote: From: Michael W. Lucas [EMAIL PROTECTED] On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote: The FreeBSD guys sold their soul to Sun in a license agreement of some sort in order to use Sun's code as a base for their native implementation. Sorry, not quite. The FreeBSD-native Java implementation did not require changing any licenses in the base OS. Mind you, those poor bastards who donated their work and code to get Java running natively on FreeBSD may have sold their souls (or, at least, got badly taken), but that's a separate issue. I have spent considerable time getting Java working on OpenBSD. How I choose to spend my time is my choice. I've nethier sold my soul or have been badly taken. Piss off! The last time I tried it, the FreeBSD native Java ran fine on OpenBSD under emulation. At least it's a step closer than the Linux version. And, if you feel like donating your limited free time to Sun, the FreeBSD version is a better starting point than the Linux version. Stop spreading FUD. At least take a sec and look in /usr/ports/devel/jdk before posting this crap. Kurt, Really, no disparagement was meant of your efforts. My apologies for any offense. I can't see spending my time working on Sun's code, but that's your choice, and if it works for you more power to you. ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur