Re: Q: Problems forwarding traffic using pf ...
On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote: > I need to quickly create a solution for forwarding multicast traffic > between two systems, so I though perhaps I could use pf to do just that > by writing some rules along the lines of: > > 1. pass in on iface A proto UDP ... tag mcast > 2. pass out on iface B tagged mcast > > And another pair of rules for the reverse direction B -> A. > > (Obviously I'd add more options to filter specific addresses, etc.) Possibly stupid question, but did you set the sysctl(s) to enable forwarding? $ sysctl net.inet.ip.forwarding and $ sysctl net.inet6.ip6.forwarding will provide the answer (as in, if those values are not 1, forwarding between interfaces is not enabled) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: My PC is crashing
On Fri, May 10, 2024 at 08:48:56AM +0200, Anders Andersson wrote: > Missing from the FAQ is IMO step 0: Run memtest over night to rule out > hard to debug hardware problems. It won't catch everything of course, > but it usually finds RAM issues which is its main job. That is a very valid point. Bad RAM could very well be the cause of the problems described. And on a side note, given that the memory allocation in OpenBSD is different than what some other systems do, it is not unlikely that other systems never or only rarely would hit the failing memory location while OpenBSD would, more often. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: My PC is crashing
Hi Daniel, On Fri, May 10, 2024 at 07:57:31AM +0200, Daniel Hejduk wrote: > Hello, > I installed OBSD on my IdeaPad. > Install went fine I installed offline using .iso file. > But after rebooting it works for ~30 seconds and after that it shutdowns, > without any errors kernel panics nothing. > > How can I debug it? I will send you more info if I found something. The FAQ has a reasonable description of how to debug and report observed problems at https://www.openbsd.org/report.html That said, I would start with looking at the output of dmesg and any traces of what happened immediately before the incidents in the log files such as /var/log/messages (and any other possibly relevant log files). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: obsd wifi
On Sat, May 04, 2024 at 03:01:54PM -0300, Gustavo Rios wrote: > I have just installed OpenBSD in my brand new notebook. It is a dell > notebook that came with just a wifi NIC. How do i discover the name o my > wifi nic ? ifconfig with no arguments should list all network interfaces the kernel has recognized. There is a catch, though. For wifi interfaces it is likely that the interface can not be configured until the device's firmware is installed. If that is the situation, a common workaround is to use some device that *is* configurable (most USB Ethernet dongles I have encountered Just Work), configure that, then run fw_update. Once the firmware is in place, the rest should be straightforward. Good luck! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Desktop performance
On Sat, May 04, 2024 at 03:41:28PM +0200, Manfred Koch wrote: > These specifications origin from a website > > I could need your judgments to these settings, so that I can use it. It would be interesting to hear which website recommended those settings, just for reference. It's hard to come up with actually generally valid answers to this kind of question. It really depends on what you want to do with your system. I remember some packages (chrome comes to mind) that have instructions in the package readme file to tweak some of the login.conf parameters. If the software you want to use comes with instructions of that kind, it may be a good idea to follow those suggestions. Otherwise I would as a general rule leave things at the defaults unless you find a specific reason not to. Hm. Back in the day I did some conference tutorials on "transition to the most recent OpenBSD release", with some desktop/laptop oriented tweaks I had found useful myself. Some of those tweaks may still apply, but some are likely to be outdated or just plain wrong to start with. But perhaps an updated version would be useful to somebody? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
USB keyboard quirks may not be properly catered to in bsd.rd kernels (was: Re: bad first impression of OpenBSD at install time)
On Fri, Apr 26, 2024 at 06:52:38AM +0200, Lourens wrote: > I too experienced this issue during installation. > I simply plugged in an old Logitech keyboard to complete the installation > and after rebooting the previously 'problematic' keyboard was detected and > fully usable. Summing up, this sounds like the kernel configuration that was shoehorned into amd64 installer images (and possibly other platforms?) lacks some of the code that caters to the quirks that show up in certain (newer) USB keyboards. What is not clear to me is how common those keyboards are, as in is there significant risk that new users would encounter this in the wild, with a probability large enough that it would be useful to add a note about this to say https://www.openbsd.org/faq/faq4.html#bsd.rd somewhere? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: bad first impression of OpenBSD at install time
On Thu, Apr 25, 2024 at 05:46:04PM +0200, Harald Dunkel wrote: > > I posted this before, without any response from the community: > > At the boot> prompt of the installer image my USB keyboard still works, > but at the install prompt the keyboard is ignored. I cannot press "i" > to actually install OpenBSD. I remember vaguely something that matches the description, and I think the feedback then too was that more information about the hardware involved would be needed in order to help. Preferably full sendbug output, but a dmesg (preferably from OpenBSD but even from some other unixlike like Linux will do). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: syntax error in httpd.conf file
On Sat, Apr 20, 2024 at 08:47:23AM -0600, deich...@placebonol.com wrote: > continuing with man page recommendations, when you read entirely to the end > of a man page you will see reference to related man pages. At the end of > httpd man there are several references, including httpd.conf this can not ever be over emphasised or over amplified. On OpenBSD, you can expect man pages to be complete and informative and to contain references to other useful resources. Anyone learning OpenBSD or with OpenBSD should be using 'apropos' and 'man' quite intensively. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: syntax error in httpd.conf file
On Sat, Apr 20, 2024 at 12:58:34PM +1000, Alexis wrote: > > and a bit surprinsigly - at least to me - chatgpt didn't get the syntax > > right either, no matter how detailed my prompt was. > > Not at all surprising to me, given that ChatGPT and other LLM-based 'AI' > systems - essentially Markov chains / glorified autocorrect - are > increasingly known for 'hallucinations' and confidently making false claims. Here's the story of my asking it to write a PF.conf - https://nxdomain.no/~peter/chatgpt_writes_pf.conf.html or with nicer formatting and trackers https://bsdly.blogspot.com/2023/06/i-asked-chatgpt-to-write-pfconf-to-spec.html so in this context, near totally useless, likely due to insufficient volume of actually useful configurations in the data it was trained on. This other piece has it come up with some only tangentially related gibberish, but the thing partially redeems itself by offering up that poem at the end - https://nxdomain.no/~peter/chatgpt_on_ipv6_and_openbsd_poetry.html (or again with nicer formatting but G's trackers https://bsdly.blogspot.com/2023/03/chatgpt-opines-on-ipv6-procastination.html) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall setup
I give up. The obviously incomplete, hand edited ifconfig output shows three interfaces that are (or appear to be, judging from the excerpts that we are given) not configured with IP addresses, two of which have a link, while the last does not. For reasons unknown these three are joined in a three-way bridge. >From the tiny crumbs of information you have deigned to reveal to us, it is not at all clear what it is you are trying to achieve. That this configuration does not do anything useful is however no surprise at all. Once you can describe what it is your Rube Goldberg contraption is supposed to do, competent people here might offer some advice on how to make things work properly. Until that happens, I for one will simply ignore anything from that source. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall setup
On Mon, Apr 15, 2024 at 10:09:31PM +0200, Karel Lucas wrote: > This gives the following error messages when booting: > no IP address found for igc1:network > /etc/pf.conf:41: could not parse host specification > no IP address found for igc2:network > /etc/pf.conf:42: could not parse host specification This sounds to me like those interfaces either do not exist or have not been correctly configured. Are those interfaces configured, as in do they have IP addresses? the output of ifconfig igc1 and ifconfig igc2 will show you. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall setup
On Mon, Apr 15, 2024 at 10:01:59PM +0200, Karel Lucas wrote: > They both give a syntax error by booting. > > Op 14-04-2024 om 17:45 schreef Zé Loff: > > pass in on $int_if proto udp to port 53 > > pass in on $int_if proto udp to $nameservers port 53 You're not giving us a lot to work with here. Off the top of my head, seeing that your int_if macro is a list of two interfaces, that may well be your problem (or one of them). The rule syntax is not really intended to deal with a list of interfaces following 'on'. It is likely more useful to treat the two interfaces separately. The other option - if your network layout is such that it makes sense to treat them to the same rule criteria - would be to make an interface group with both interfaces as members, then use the interface group name in your rules. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD Installation Doesn't Detect NVMe SSD, but Detects My USB Drives
On Mon, Apr 15, 2024 at 08:29:21AM +0200, aliyu...@tutanota.com wrote: > > I'm currently trying to install OpenBSD on my laptop, and I'm coming > across a problem. The installation only detects my installation drive > and my other USB flash drive that I use for data storage, but not my > NVMe SSD I want to do an installation on. > > This same problem also occurs in NetBSD, but not FreeBSD. The UEFI > setup acknowledges my drive as a Non-RAID disk, and Linux also shows > it as nvme0n1, so there isn't any problems with the drive itself. As Brian mentioned, it would generally be useful to have dmesg output from a system where the drive works as well as from the OpenBSD config where the drive is not recognized. That said, I would recommend looking into the BIOS options to see whether there is a setting for the storage controller mode. In an ASUS laptop I bought a little while back, the options were somewhat non-intuitive: "The option turned out to live in the BIOS' Advanced menu, labeled VMD setup menu, where you set the Enable VMD controller option to Disabled." which made the drive visible to OpenBSD. (the fuller story is at https://nxdomain.no/~peter/blog_wild_wild_world_of_windows.html or with nicer formatting and trackers https://bsdly.blogspot.com/2021/07/the-impending-doom-of-your-operating.html) In your case, the relevant option (if it exists) may be labeled something completely different. But it's likely worth checking for. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall setup
On Sun, Apr 14, 2024 at 05:09:01PM +0200, Karel Lucas wrote:
> Hi all,
>
> Everything about PF is all very confusing to me at the moment, so any help
> is appreciated. So let's start simple and then proceed step by step. I want
> to continue with ping so that I can test the connection to the internet.
> This works: ping -c 10 195.121.1.34. But this doesn't work: ping -c 10
> www.apple.com. As others have stated, I have a problem with using DNS
> servers on the internet. The PF ruleset needs to be adjusted for this, but
> it is still not clear to me how to do that. What else do I need to get ping
> to work correctly? To get started simply, I created a new pf.conf file, see
> below.
I'd put this somewhere after your block rules:
pass inet proto { tcp, udp } from igc1:network to port $client_out
pass inet proto { tcp, udp } from igc2:network to port $client_out
- that way you will actually use the macro. But the macro sitll references
the invalid service nportntp (you probably want ntp instead), and I would
think that the services "446, cvspserver, 2628, 5999, 8000, 8080" are unlikely
to be useful unless you *know* you need to pass traffic for those.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Sat, Apr 13, 2024 at 06:18:46AM +0200, Janne Johansson wrote: > Den fre 12 apr. 2024 kl 19:41 skrev Karel Lucas : > > > > Hi all, > > > > Ping only works partially. For example, this works: ping -c 10 > > 195.121.1.34. But this doesn't work: ping -c 10 www.apple.com. I suspect > > this has to do with DNS servers, but I don't know where to start > > troubleshooting. Can someone help me? > > If the below pf.conf it your total firewall config, then you are only > letting icmp through, and not DNS queries. > Perhaps you meant to use the "client_out" macro for a pass rule and forgot it? As Janne hints at here, your pass criteria are too narrow to be practical for the needs you appear to have. Not an uncommon problem while learning to write rulesets. And of course I have written about that too - https://home.nuug.no/~peter/pf/en/basicgw.html#GWPITFALLS (That is in the piece that evolved into The Book of PF, and likely something similar appears somewhere in the book too) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: No internet connection (firewall block)
On Thu, Apr 11, 2024 at 09:34:15AM +0100, Zé Loff wrote:
> > pass log out on egress inet proto udp to port 33433:33626 # for IPv4
> > pass log out on egress inet6 proto udp to port 33433:33626 # for IPv6
> >
> > pass log quick on $ext_if inet proto {tcp, udp} from $localnet \
> > to port $udp_services
> > pass log on $ext_if inet proto icmp all icmp-type $icmp_types
> > pass log on $ext_if inet proto tcp from $localnet to port $client_out
> > pass log out proto tcp to port $tcp_services # establish keep-stat
> > pass log log proto udp to port $udp_services # Establish keep-state
>
> If I read this correctly, you are not allowing any "in" traffic, except
> for the two "Letting ping through lines", which are just for ICMP, and
> on the first two rules on the last part ("...$icmp_types" and
> "...$client_out"). I am assuming "log log" on the last rule is a typo,
> and it is actually "log out".
Those are as far as I can tell correct observations. There appears to be
no rule allowing traffic other than the selected icmp types to pass from
anywhere but the local host.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On Thu, Apr 11, 2024 at 09:41:47AM +0200, Eivind Eide wrote: > > HOME="/home/eivind" > > That's the environmental variable that triggers the message if an > empty ~/.terminfo/ directory is present in my home. It is possible that I have missed important context here, but with a bare environment with only essentials like $HOME defined and no ~/.terminfo directory (as opposed to an empty one), do the odd messages still appear? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: No internet connection (firewall block)
On Wed, Apr 10, 2024 at 11:53:47PM +0200, Karel Lucas wrote: > > With the new firewall I am setting up I cannot connect to the internet. That > starts with traceroute, so let's start there. Ping works fine. Below I have > listed my pf.conf file. This sounds like you have a link to somewhere, at least. The first question would be, when you say "I cannot connect to the internet", where is this in relation to the host with the ruleset you quote? Start with the basics - is the gateway set up to forward packets? The output of $ sysctl net.inet | grep forward will reveal the truth there. And looking at the quoted ruleset, I find it rather unlikely that it will actually load -- you will get a "macro 'martians' not defined" and "unknown port nportntp" and likely a few "syntax error" messages as well. I would advise to take a few steps back, start from the basics and add only the things you know you need. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Wed, Apr 10, 2024 at 11:01:18PM +0200, Peter N. M. Hansteen wrote: > Another gentle introduction can be found in the latest PF tutorial, > the slides for the AsiaBSDCon 2024 version can be found as > https://nxdomain.no/~peter/pf_asiabsdcon2024.pdf which in turn has > references to various useful resources. and I should add that the labs referenced there are almost certainly not available at the moment. They tend to be turned on specifically for the sessions and are generally only left running for a few days. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Wed, Apr 10, 2024 at 04:41:58PM -0400, Steve Litt wrote: > I found out where to buy your book, and will buy it once I have the > "for dummies" level of knowledge. In the meantime, what other PF > references do you recommend? I know just enough PF to be dangerous, but > want to make my own BSD/PF firewall/router. The Book of PF was meant to be accessible to people with only basic networking knowledge, but anyway - I'd start with the official PF user guide at https://www.openbsd.org/faq/pf/index.html and look up the relevant man pages. Another gentle introduction can be found in the latest PF tutorial, the slides for the AsiaBSDCon 2024 version can be found as https://nxdomain.no/~peter/pf_asiabsdcon2024.pdf which in turn has references to various useful resources. And of course, this mailing list tends to be receptive to reasonably formulated questions. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: > I defined the table as stated in your book (3rd edition, page 42). However, > that gives an error message. In the lines with that table: macro 'martians' > not defined. Moreover, I now also have a Syntax error in lines 38, 39 and > 46, causing the pf lines not to be loaded. The martians example only appears on page 91, and if you had read that book or other PF references, you would have known full well that the syntax for defining and referencing macros differs from how you define and reference tables. Please actually read the advice offered by contributors to this thread. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote:
> I defined the table as stated in your book (3rd edition, page 42). However,
> that gives an error message. In the lines with that table: macro 'martians'
> not defined. Moreover, I now also have a Syntax error in lines 38, 39 and
> 46, causing the pf lines not to be loaded.
macro names are case sensitive, to wit
peter@kapet:~$ cat martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
0.0.0.0/8, 240.0.0.0/4 }"
block from $martians
peter@skapet:~$ doas pfctl -vnf martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4
}"
martians:5: macro 'martians' not defined
martians:5: syntax error
for conversion to tables, keep in mind that references need the
surrounding '<' and '>'.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: > Hi all, > > For the first time I tested my new firewall with ping, and it is blocked. I > don't know what the reason is, you can find the information below. I have a > network with only regular clients, so no servers. I'm still using OpenBSD > V7.4, and will upgrade once the firewall is up and running so I can test the > upgrade process. Upgrading to 7.5 will not affect this particular problem I think. Still low on caffeine I spot two likely factors - your $localnet range overlaps with one of the ranges in $martians (which I anyway would recommend converting into a table), and your block referencing $martians comes after the pass rules that would have let icmp through. With no previous matching quick, last match applies. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: 7.5 NO hard drive?
On Sun, Apr 07, 2024 at 05:17:25PM +0200, Wolfgang Pfeiffer wrote: > > > > The problem was with the BIOS, it needs IHCH or something like that to be > > recognized! > > But it is working now as a xfce Desktop! > > Seems to be (not only) a DELL thing: Some time ago I tried an Openbsd > installer on an Alienware computer, ~10 years old, which was sold by > DELL: In UEFI, IIRC, I had to change sata mode from "raid" to "ahci" > to let openbsd detect hard disks on that computer. > > Seems to an older issue: > https://daemonforums.org/showthread.php?t=10228 > https://www.mail-archive.com/misc@openbsd.org/msg153583.html Adding to that list, my experience with an ASUS laptop where it would be physically impossible to fit more than one storage device, but the storage controller anyway was set to "Raid" mode by default. Fortunately it was possible to choose the other options and have the device turn up as a regular NMVe device: https://nxdomain.no/~peter/blog_wild_wild_world_of_windows.html (or with incrementally nicer formatting at the cost of G's trackers, https://bsdly.blogspot.com/2021/07/the-impending-doom-of-your-operating.html) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: wifi hotspot workaround
On Thu, Apr 04, 2024 at 07:22:01PM +0500, ofthecentury wrote: > Okkk, device hangups still occur. But there's some > statistics at least in FreeBSD, by running > `sysctl dev.ath`...anything like that in OpenBSD? netstat -I $devicename with your choice of options will reveal at least some information. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: need help to access my machine after upgrade -- system immediately logs me out
On Tue, Apr 02, 2024 at 12:44:01AM +0530, Sandeep Gupta wrote: > Hello, > > I need to access my desktop local machine after I did a sysupgrade -s (I > had reasons to do so because some rust libraries were too old for some > applications). > Sysupgrade seems to have gone fine. Disk is healthy no issues reported. > > However when i tried to log from the console -- the login message shows but > the system logs me out immediately. > On the desktop gui too, with only root I was able to login. But running > xterm from the fvwm menu fails. This sounds very much like a situation where the base system and packages are out seriously of sync AND your user is et up with a default shell from packages (I am guessing bash). The solution would likely be to log in as root, run pkg_add -D snap -u to get the latest snapshot packages, then try to log in as your regular user. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
I DEMAND TO KNOW (re recent activity)
Friends, Some recent activity here (you will remember the threads) had me want to post this earlier, but I was bowled over by a stomach bug and only found the reference again now - https://mastodon.social/deck/@danielbowen/112173051434619556 which reads: Daniel Bowen @danielbowen@mastodon.social >From a tweet of mine from 2011, but evergreen: I DEMAND TO KNOW WHY YOUR GROUP OF OVERWORKED VOLUNTEERS, WHICH I AM NOT A MEMBER OF, IS NOT PURSUING MY PERSONAL GRIEVANCE. Mar 28, 2024, 12:22 PM -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 08:59:49PM +0500, ofthecentury wrote: > And now something else happened, which seems like a big > bug. > athn0 sent a reason 6 deauthentication to my wifi client > after I cycled the athn0 wifi interface! > Reason 6 death is class 2 frame received from a nonauthenticated > station. Correct me if I'm wrong, but this sounds like a major > bug in the driver. Or shitty hardware with a helping of possibly not-too-great firmware. With a bit of luck, any errors from the card itself should be possible to glean from dmesg output. (on a side note, I am on the list, the Cc:s are not necessary and in fact a bit annoying) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 05:44:32PM +0500, ofthecentury wrote: > On Sat, Mar 30, 2024 at 5:29 PM Peter N. M. Hansteen wrote: > > > > why? > > I got "disassoc"s events in the log. disassociations can happen for a number of different reasons. The event should log a reason code, which you can look up with a simple web search. In order to debug properly it would likely help to have ifconfig debug output from both sides (access point and client both). I would suspect banal radio interference by such things as improperly shielded equipment somewhere close by, but with no actual data it's only guesswork from here. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 04:19:31PM +0500, ofthecentury wrote: > I have an athn0 wifi hotspot going. > I think I get wifi dissassoc attacks. why? > I actually don't understand why cycling > the interface gets my wifi device back > online. Maybe it's actually a problem with > the athn0? The logs sometimes say > "athn0 device timeout" or mention > something about going into IBSS mode > WHILE ifconfig still shows it's in hostap > mode. Is there a way to interrogate the > interface's function to make sure it's > in hostap mode and test it's performing > that function? I'm just trying to > troubleshoot. The option to make the driver output more information is debug Add that to whatever options the configuration for the interface already contains, then restart the interface. That will produce significantly more information in your system logs. That said, it would have been a lot easier to help you out if you had provided your actual configuration (with any secrets shrouded as appropriate) and at least a dmesg. Keep in mind that wireless connections are in fact quite brittle in nature and subject to all sorts of radio interference that's essentially background noise -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
lcamtuf on the recent xz debacle
While this issue does not in fact affect OpenBSD, I think it will still be of interest to OpenBSD users -- a lot of us deal with Linux in our dayjobs, after all. This is one of the best explanations of the matter I have seen so far: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor and it leads in with a quote to remember - "This dependency existed not because of a deliberate design decision by the developers of OpenSSH, but because of a kludge added by some Linux distributions to integrate the tool with the operating system’s newfangled orchestration service, systemd." Enjoy! -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
On Thu, Mar 28, 2024 at 09:16:45PM +, Dan wrote: > You didn't "Reply All", so I didn't get your reply in my inbox. (The person > you're replying to should be in the To field, and the mailing list in the > Cc field.) OH PUH-LEEZE. No. You send to a mailing list, people are supposed to reply to the mailing list. A select few may have their mail clients configured so the author of the message will receive a courtesy copy (aka Cc:). If I seem unresponsive to any followups to this thread, a likely reason will be that I will not see messages with your From: without putting in some extra effort. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: CLI program to download OpenBSD ISO images
On Sun, Mar 24, 2024 at 05:32:20PM -0300, Alceu Rodrigues de Freitas Junior wrote: > > Is there any CLI program for OpenBSD that implements the steps described at > https://www.openbsd.org/faq/faq4.html#Download to download and check the ISO > images? > > I wasn't able to find anything relevant after a quick check on DuckDuckGo. > > I implemented a simple Perl script that implements those steps, but is > basically forking wget and signify to really get the job done. ftp(1) is in base and can do the fetching for you. sha256(1) and signify(1), both in base, will do the integrity checking. If you *want* to have a script that wraps both actions into one, that's fine. But I would have wanted to make life easier by sticking to the tools that are available in a default install. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Personal Information Notice - Bright Data
I assume those with the proper means to LART these jokers properly will do so. The rest of us are better off ingoring the whole thing. On a somewhat offtopic side note, total number of Mastodon accounts has just broken 15 million, which must be some kind of indicator of going mainstream since I was just notified that two different obvious pr0n spam sources followed my account. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Unable to get ip6 address
On Fri, Mar 15, 2024 at 06:38:14PM +0100, Peter N. M. Hansteen wrote: > least the content of your configuration files -- /etc/hostmhame.* and the > output that should of course have been /etc/hostname.* but would be obvious? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Unable to get ip6 address
Please keep this on the list unless you want me to start writing invoices. On Fri, Mar 15, 2024 at 05:02:27PM +, Pencilgon wrote: > Sorry for earlier email, I left you some details. > > First of all I don't think ip6 work at all, well in theory inet6 autoconf > should > work and grant me internet access but it doesn't, I don't get a ip6 address at > all. > > Second I am unable to get ip4 address even on wifi. This sounds like your wifi interface is not in fact properly configured. For this to produce anything even resembling useful results, we need to see at least the content of your configuration files -- /etc/hostmhame.* and the output of ifconfig for the relevant interfaces (if need be with stuff like IP addresses and passwords masked). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Unable to get ip6 address
On Fri, Mar 15, 2024 at 03:32:48PM +, Pencilgon wrote: > I recently installed openbsd got everything working wifi etc. The problem > arises > when I tried to connect ip6 network to it using wifi. I connected sucessfully > but was unable to get ip6 address. My wifi worked fine with ip4 address. If your network offers IPv6 connectivity and you have IPv4 working, simply adding inet6 autoconf to the hostname.$if file for the interface and running /etc/netstart $if *should* take care of things. There are any number of other possible variations, but you do need some 'inet6' settings in there. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: USB peripherals hang, nothing in messages
Messages like this are worse than useless for actually diagnosing the issue. Basically, we have no idea what hardware you are running on, or for that matter what software you are trying out. If there is a real issue, please learn how to use sendbug (https://man.openbsd.org/sendbug) or at least provide some actually relevant information besides log messages that you fail to interpret. On Wed, Mar 13, 2024 at 05:12:29PM +0500, ofthecentury wrote: > My USB mouse and keyboard hang intermittently. > > Very weird things happen, i.e. my mouse's red LED > light begins to flicker in a very weird fashion, or my > keyboard stops responding and my sound output > is suddenly muted by itself (I don't even touch sound). > > This was in the /var/log/messages regarding sound: > wrapper-2.0: vfprintf %s NULL in "[xfce-mixer-plugin. > c:374 xfce_mixer_plugin_set_property]: could not > set sound-card to '%s', trying the default card instead" > wrapper-2.0: vfprintf %s NULL in "%s: muted" > > Nothing else to show up in /var/log/messages. Is there > a more detailed log? > > How do I gather info about this from the system? > -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Is this a security issue?
On Wed, Mar 13, 2024 at 05:01:57PM +0500, ofthecentury wrote: > Just saw this in my /var/log/messages: > > '/bsd: drm:pid1338:intel_pipe_update_start *ERROR* > [drm] *ERROR* Potential atomic update failure on pipe B' > > Intel_pipe_update??? > A fairly simple web search would have provided potetially useful information such as https://marc.info/?l=openbsd-bugs=2=1=Potential+atomic+update+failure=b Try fw_update (possibly after reading its man page) and see if it makes a difference. Also, *complete* dmesg output would have told anyone trying to help diagnose the issue a lot more. As somebody (sorry, I forget who) posted earlier, https://idownvotedbecau.se/ is actually worth reading. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: files are going missing
On Mon, Mar 11, 2024 at 05:24:43PM -, beecdadd...@danwin1210.de wrote: > what system log files? my first port of call would be /var/log/messages including any rotated older ones (as in /var/log/messages.?.gz) but grep and zgrep for any device name related to your storage in /var/log/ would be my next step. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: files are going missing
On Mon, Mar 11, 2024 at 12:43:58PM -, beecdadd...@danwin1210.de wrote: > I have a problem where files recently downloaded go missing and it > happened over 3 times and on patition/s with enough available space > I want to verify it 1 more time before knowing hdd is failing for sure Did you perhaps download these files to somewhere under /tmp or /var/tmp or somewwhere else volatile like a memory file system and then reboot before trying to access those downloads? In general, files do not go missing unless someone explicitly delete them, but there is a possibility that you stumbled into one of the scenarios where either a cleanup script or the volatile nature of the location you were playing with did away with the data. > so what gives? > is hdd failing? but how do entire files go missing? > maybe hdd metadata/header corruption of some kind? If a drive is failing, more likely than not you would be seeing messages in system log files or possibly even in dmesg output. Totally silent failures are not very common. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: USB ethernet ure0 not working
On Wed, Mar 06, 2024 at 12:43:28PM +0500, ofthecentury wrote: > I'm stumped. Pls help. > I plug a TPLink USB ethernet dongle in, it > is identified by OpenBSD, and I get a ure0 > interface. It says ure0 is up and running. I > give it the ip address, default route, but > nothing happens, I don't get connectivity. > I do everything the same for the USB dongle > as for the inbuilt ethernet (which works fine). > Dmesg says some additional interface rlphy0 > is added or something, but the only interface > I see in ifconfig is ure0. `route show` gives > nothing. ENOACTUALINFO The actual output of those commands (censored of any not-to-be-revealed information if need be) would be crucial in helping diagnose the problem. dmesg showing rlphy0 and possibly rgephy0 is to be expected, see man ure Hopefully the actual problem is a trivial one, easy to spot for a separate set of eyes. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
EuroBSDCon 2024 Call for Talk and Presentation proposals for EuroBSDCon 2024 is now open.
EuroBSDCon 2024, Dublin, September 2024 The Call for Talk and Presentation proposals for EuroBSDCon 2024 is now open. EuroBSDCon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 19-22 2024 in Dublin, Ireland or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday. The Call for Talk and Presentation proposals period will close on May 15th, 2024. Prospective speakers will be notified of acceptance or otherwise by May 22nd, 2024. This document is available at https://2024.eurobsdcon.org/cfp/. Call for Talk and Presentation Proposals (CfP) The EuroBSDCon program committee is inviting BSD developers and users to submit innovative and original talk proposals not previously presented at other European conferences. Topics of interest to the conference include, but are not limited to applications, architecture, implementation, performance and security of BSD-based operating systems, as well as topics concerning the economic or organizational aspects of BSD use. Presentations are expected to be 45 minutes and are to be delivered in English. Call for Tutorial Proposals The EuroBSDCon program committee is also inviting qualified practitioners in their field to submit proposals for half or full day tutorials on topics relevant to development, implementation and use of BSD-based systems. Half-day tutorials are expected to be 2.5 to 3 hours and full-day tutorials 5 to 6 hours. The tutorials and talks are to be held in English. Submissions Proposals should be sent through the registration system at https://events.eurobsdcon.org. Proposals should contain a short and concise text description in about 100 words as well as a short speaker bio. Accepted papers and presentations will be published on the conference web site as soon as feasible during or after the conference. We encourage the submitter to consider writing up a formal paper for this purpose in addition to making a presentation. While we urge prospective speakers to seek funding from employers or other benevolent sources, the conference does have a budget for covering reasonable travel and accommodation expenses for speakers, with accommodation to the extent possible provided at the primary speaker hotel (see the Travel page on the conference website). Speakers who will be applying for travel funding should also submit an estimate of expected travel expenses. Please see the Speaker Reimbursement Policy for details. Please also note that due to visa issues in the past, we would like to know as early as possible of any visa requirements for speakers. Please check the Ireland visa application requirements site at https://www.dfa.ie/travel/visas/visas-for-ireland/ for guidance. NOTE: If conditions dictate that the conference move to an all-online format, further instructions on how to access the conference for both speakers and attendees will be forwarded by email and posted on the conference website. As such we are especially interested in proposals that would work well in a virtual format, such as panel discussions. Please also include your timezone and expected available times with your proposals. Due to known and unknown unknowns, the format of the conference has not yet been decided at this writing. If the format of the conference, on-site versus online has consequences for your ability to present, please let us know in the notes on your submission. Contact If you have any questions, please feel free to contact us by sending an email to p...@eurobscon.org
Re: SoGo for OpenBSD?
On Fri, Feb 16, 2024 at 04:05:21PM +0300, Mark wrote: > > Is there any hero here, to explain/forward me a working tutorial (never > found one) for installation of SoGo (for its webmail) on an OpenBSD mail > server? I must admit I had never heard of the thing before reading your message, but there appears to be a www/sogo port, so "doas pkg_add sogo" and proceed to any configuration steps the docs specify should be a possible way forward. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Log files, OpenBSD and Zero click exploits
On Tue, Feb 13, 2024 at 08:29:59AM +, jonathon575 wrote: > Kindly find below log entries generated from tcpdump of the pflog. The is a > fresh install & updated openbsd 7.4, with bare-minimum installation > configured for a firewall. There are no x* programs installed. > > Feb 11 18:09:41.682345 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0xdd6a56bc > Feb 11 18:09:46.754493 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x963acc89 > Feb 11 18:09:51.778525 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x93d9508d > Feb 11 18:09:56.835383 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x112cf65b > Feb 11 18:29:33.657009 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x639ed21a > Feb 11 18:29:33.657454 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0xb2fcd9b8 > Feb 11 18:29:33.658140 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x8ae84cca > Feb 11 18:29:33.658808 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0xcbb881b7 > Feb 11 18:29:33.659165 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x612a28f8 > Feb 11 18:29:33.659416 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x49f595ec > > wan-ip is my wan static ip address. > > What does [wg] means? What does "initiation from 0xdd6a56bc"...etc. means? These log entries mean that your system blocked attempts from 69.166.225.73 access to whatever wan-ip is. Your system recognized the traffic as attempts to initiate a WireGuard (a sort of vpn, see https://man.openbsd.org/wg and links therein). The attempts were blocked. The rest of your questions can be answered relatively easily by familiarizing yourself with the tools at hand, such as the tcpdump you have already encountered. Do read up on how syslog classfies messages and how to report which levels and so forth. Some of the things you mention may require specialized tools, but please invest some time in learning to properly interpret the output of the basic tools first. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
BSDCan 2024 submissions period runs until 2024-02-12
BSDCan 2024 will be held 31 May - 1 June (Fri-Sat), 2024 in Ottawa, at the University of Ottawa. It will be preceded by two days of tutorials on 29-30 May (Wed-Thu). Also: do not miss out on the Goat BOF on Tuesday 28 May. For the safety of speakers and attendees, this conference will again follow the mask policy outlined at https://bsdcan.org. We are now accepting proposals for talks. The talks should be designed for a technical audience, and may be intended for a variety of experience levels. Proposals of a business development or marketing nature are not appropriate for this venue. We have tended to group the sessions into the following categories or tracks: - Development - System Administration - Experiences - Security - Tutorials - BOFs (Birds-of-a-Feather sessions) and we may add further categories as needed, depending on the nature of the submissions. See http://www.bsdcan.org/2024/ If you are doing something interesting with a BSD operating system, please submit a proposal. Whether you are developing a very complex system using BSD as the foundation, or helping others and have a story to tell about how BSD played a role, we want to hear about your experience. People using BSD as a platform for research are also encouraged to submit a proposal. Possible topics include: * How we manage a giant installation with respect to handling spam * and/or sysadmin * and/or networking * Cool new stuff in BSD * Tell us about your project which runs on BSD * other topics (see next paragraph) >From the BSDCan website, the Archives section will allow you to review the wide variety of past BSDCan presentations as further examples. Both users and developers are encouraged to share their experiences. The schedule is: 26 Dec 2023 Proposal acceptance begins 12 Feb 2024 Proposal acceptance ends 19 Feb 2024 Confirmation of accepted proposals The conference will be primarily an in-person one. We are hoping to offer other ways to participate, but the details have not been worked out, so if you can only present remotely, please indicate this in your submission notes. See also http://www.bsdcan.org/2024/papers.php Instructions for submitting a proposal to BSDCan 2024 are available from: http://www.bsdcan.org/2024/submissions.php The BSDCan Program Commitee
Re: mountd
On Tue, Jan 09, 2024 at 10:13:56AM +0300, 4 wrote: > i'm trying to solve the problem of which port need to open on the pf. the > variant of processing rpcinfo output with script and then putting a rules > into an anchor is not very pretty. especially considering that this is not > enough, and i still need to repeat this action by cron. this variant works, > but it's not even close to how it should work %\ why i should solve such the > task at a time when humanity is flying to conquer Mars? In my possibly very traditinal thinking I would suggest that if you need to mount file systems located on the other side of a firewall, it would be useful to consider whether your network design is in fact fit for the purpose. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ProtectLi w/ OpenBSD
On Wed, Jan 03, 2024 at 06:21:03AM +, Kenneth Hendrickson wrote: > Is there any newer information than this: > https://OpenBsdMailBox.blogspot.com/2023/05/protectli-vp2420-with-dasharo.html > > Looking for a newer faster firewall ... > > Want headless, and obviously OpenBSD. > > So is CoreBoot not an option? Or is there a way to make it work? That post is from May 2023. Since then we have had another release (7.4) and significant work in most areas since then. My main suggestion would be to try with 7.4 or if you are more adventurous, a snapshot and if there are any problems use the mailing lists, including bugs@ (see man sendbug) and follow up on any response from developers. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pf queues
On Thu, Nov 30, 2023 at 03:55:49PM +0300, 4 wrote: > > "cbq can entirely be expressed in it" ok. so how do i set priorities for > queues in hfsc for my local(not for a router above that knows nothing about > my existence. tos is an absolutely unviable concept in the real world) > pf-router? i don't see a word about it in man pf.conf > In my reply to the initial message in this thread, I gave you the references that spell this out fairly clearly. And you're dead wrong about the pf.conf man page. Unless of course you are trying to look this up on a system that still runs something that is by now roughly a decade out of date. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pf queues
On Thu, Nov 30, 2023 at 02:57:23PM +0300, 4 wrote: > so what happened to cbq? why such the powerful and useful thing was removed? > or Theo delete it precisely because it was too good for obsd? %D Actually, the new queueing system was done by Henning, planned as far back as (at least) 2012 (https://quigon.bsws.de/papers/2012/bsdcan/), finally available to the general public in OpenBSD 5.5 two years later. ALTQ support was removed from OpenBSD in time for the OpenBSD 5.6 release (November 2014). So, it's been a while and whatever you were running most certainly needed an upgrade anyway. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pf queues
On Wed, Nov 29, 2023 at 12:12:02AM +0300, 4 wrote: > i haven't used queues for a long time, but now there is a need. previously, > queues had not only a hierarchy, but also a priority. now there is no > priority, only the hierarchy exists. i was surprised, but i thought that this > is quite in the way of Theo, and it is possible to simplify the queue > mechanism only to the hierarchy, meaning that if a queue standing higher in > the hierarchy, and he priority is higher. but in order for it to work this > way, it is necessary to allow assigning packets to any queue, and not just to > the last one, because when you assign only to the last queue in the > hierarchy, then in practice it means that you have no hierarchy and no > queues. and although the rule with the assignment to a queue above the last > one is not syntactically incorrect, but in practice the assignment is not > performed, and the packets fall into the default(last) queue. am i missing > something or is it really idiocy that humanity has not seen yet? > How long ago is it that you did anything with queues? the older ALTQ system was replaced by a whole new system back in OpenBSD 5.5 (or actually, altq lived on as oldqeueue through 5.6), and the syntax is both very different and in most things much simpler to deal with. The most extensive treatment available is in The Book of PF, 3rd edition (actually the introduction of the new queues was the reason for doing that revision). If for some reason the book is out of reach, you can likely glean most of the useful information from the relevant slides in the PF tutorial https://home.nuug.no/~peter/pftutorial/ with the traffic shaping part starting at https://home.nuug.no/~peter/pftutorial/#68 -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: bsd.re-config syntax
On Fri, Nov 24, 2023 at 08:23:48AM +0100, Capitan Cloud wrote: > Thnx Peter, please can you point me out the path of cvsweb where > to find the resources that you are meaning? the machine-independent GENERIC config is at https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/conf/GENERIC?rev=1.291=text/plain, while what I assume is the most common machine dependent one would be https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/amd64/conf/GENERIC.MP?rev=1.16=text/x-cvsweb-markup Lots more under src/sys/arch/$arch/conf where $arch is your architecture. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: bsd.re-config syntax
On Fri, Nov 24, 2023 at 01:14:06AM +0100, Nowarez Market wrote: > I'm in the need to know if /etc/bsd.re-config accepts > comment starting with "#" as normally other file.conf do. It's a kernel configuration file. There are numerous examples in the source tree. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: GoCD on OpenBSD (?)
On Wed, Nov 22, 2023 at 01:46:28AM +0100, Nowarez Market wrote: > Just to drop the hint that GoCD at the moment (Nov 2023) > among the Unix "wrappers" FreeBSD, AIX, HP-UX, Solaris > miss the wrapper for OpenBSD and GoCD server immediately hangs > pointing to the missing resources. Did you actually want somebody to help you get the thing running? If that was your intention, something at least resembling steps to reproduce and actual output would help immensely. https://gocd.org does not list OpenBSD as a supported platform, so it is reasonable to expect some steps not already automated in the package will be required. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall Problems
Hi, Please keep this on the list. On Sat, Nov 18, 2023 at 06:35:35AM -0800, louise9...@gmail.com wrote: > Hi thank you, I will try to change my rules accordingly. Also some questions: > 1. I saw you talked about the block all rule. Does this cover traffic between > vlans/networks as I’m trying to isolate vlans/networks 6,10,20,30 as well as > my admin network which is em2 interface in this case. Unless you have explicitly excluded interfaces from filtering (set skip on $interface) "block drop log all" will drop packets that do not match any pass rules following. > 2. You also pointed out that ICMPv4 wasn’t getting through. In my case ICMPv6 > won’t get out either from my internal networks. Literally nothing from > internal networks gets out except icmpv4 to gateway, icmp from internal lan > to internal lan, icmp from internal lan to firewall itself. Other than that > there’s no DNS, HTTP, etc getting out. Would I need additional rules for > those explicitly or would I just need a pass out all rule that done a certain > way could work?(I have also tried this and it still doesn’t work)? Please take a look at the resources I pointed to. The tutorial slides will clear up most of if not all of those questions. And please keep any followups on the list. All the best, Peter PS: The PF tutorial slides: https://home.nuug.no/~peter/pftutorial/ -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall Problems
On Fri, Nov 17, 2023 at 08:52:19AM -0800, Lewis Ingraham wrote:
> Hello i am trying to configure OpenBSD as a firewall but I can't get it to
> ping outside the firewall and subsequently unable to reach the internet
> with devices behind the firewall. I tried changing my pf.conf to match the
> FAQ (as best as i could) and still cant get it to work. I am currently
> trying to get both IPV4 and IPV6 addresses to my devices. Can anyone tell
> me what I am doing wrong?
You have a number of "block quick" that seem to be already covered by the
seeming default
block drop log all # block stateless traffic
but the only mention of ICMP (which is what ping uses) in your pf.conf is
pass in on egress inet6 proto icmp6 all icmp6-type { routeradv neighbrsol
neighbradv }
so IPv4 icmp will not be let through at all.
This is covered somewhat extensively in that book I wrote
(https://nostarch.com/pf3)
and you should be able to find the relevant examples in the oft-repeated
tutorial
at https://home.nuug.no/~peter/pftutorial/
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pf logging in ascii and send to remote syslog
On Fri, Nov 10, 2023 at 08:23:54PM +0100, Hrvoje Popovski wrote: > what would be best way to log pf logs in ascii and sent it to remote > syslog ? I'm aware of pflow but I need ascii pf logs on remote syslog > server. something like the good old https://home.nuug.no/~peter/pf/newest/log2syslog.html should still work, I think. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD_one_site_web_hosting_software_recommendation
On Thu, Nov 09, 2023 at 12:38:27PM +0100, soko.tica wrote: > I have a task to launch from scratch one site web hosting google cloud > instance. > > I know OpenBSD does have httpd web server, but I couldn't have found > neither wordpress nor joomla software neither in packages nor in ports (7.4 > -stable). > > Is there a possibility to launch wordpress or joomla on such an instance on > OpenBSD? Which manpages should I read? You're probably right that those systems do not come pre-packaged for OpenBSD. But simple web search on "wordpress on openbsd httpd" and "joomla on openbsd httpd" yields enough seemingly relevant hits that I strongly suspect both are doable. I have not tried either myself, though. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Jumbo frame, just a little late..
On Tue, Nov 07, 2023 at 10:21:35AM +0100, Daniele B. wrote: > About OpenBSD (7.3 stable) the only thing I need to ask explanation > for is the reason of the error "wrong MTU value" popping up by setting > jumbo frame directly via hostame.mynicdevice; when the setting go > smoothly up via ifconfig manually or by rc.local. Is the nic device > initialization dependent on a sane 1500 MTU value, maybe? try "ifconfig $device hwfeatures" and look for the "hardmtu" value. On the systems I sampled randomly here, it looks like the em device on this box has "hardmtu 9216" so it should handle jumbo frames just fine. On the other hand the iwx in the laptop over there has "hardmtu 1500", so setting the MTU to anything higher than that would simply fail. it is possible whatever mynicdevice is does not actually support jumbo frames. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: The Book of PF: Physical copies to be available again soon
On Sat, Nov 04, 2023 at 10:52:01AM -0400, Jay Hart wrote: > > Peter, > > Any plans to update it? Questions of the type "Are you working on a new edition of your book about ?" or the more general "Are you working on a book about ?" or even "When is your next book coming out?" are never going to be answered truthfully, or at all, by any writer or publisher unless a definite publication date has been set and they are confident that all the myriad factors that determine the outcome of the project are firmly under control. If the real question is, "Would it be safe for me to start writing a PF book?" My answer is no. There is no guarantee that the effort you put in will give satisfactory-to-you returns in any form or fashion. Writing is a time sink and publishers may or may not be interested. On the other hand if you are asking, "Should I start writing a book on PF or a related subject?", my take is, please do, if you feel that it is a thing worth doing. But again, keep in mind that writing a book and getting it published will eat up several significantly more than bite-sized chunks of your time, but if you feel that your book needs to be written, please go ahead. The reason The Book of PF exists is that I had a general idea of what kind of PF book I would like to see existing, and a work in progress manuscript existed that I showed to anyone interested. Fortunately enough people relevant to getting the book actually published (and revised twice so far) agreed that this book needed to happen. When I get to the point that a new edition of The Book of PF or any other book relevant to OpenBSD that I am able to write is certain to be published at a specific time, this mailing list will be one of the first public forums that will receive notification. That much I will promise. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD 7.4
On Thu, Oct 12, 2023 at 07:54:04PM +0200, Karel Lucas wrote: > Is it already known when openBSD 7.4 will be released? I would like to know > that, because of a project I am working on. The exact date will not be generally known until it happens if recent releases are anything to go by. That said, you can be quite sure that the project has planned for a specific date. Traditionally the release dates have been November 1st and May 1st, but several times the release has been earlier, up to a couple of weeks in some cases. So my advice would be to plan for November 1st as a time that release will be available. And anyway it will be useful to move any not yet upgraded systems to 7.3 ahead of that date, since 7.2 will join the ranks of no longer supported releases the moment 7.4 becomes generally available. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD 7.3 latest snaphots
On Tue, Oct 10, 2023 at 07:00:36AM +, jonathon575 wrote: > > How to get the latest openbsd 7.3 snapshot?! On the website, the snapshots > are showing for 7.4 beta version. > > Also would the security patches and bugs be integrated in the openbsd 7.3 > latest snapshots. This sounds like you are misunderstanding what the snapshots are about. If you want the latest 7.3-stable, install 7.3 and run syspatch. The snapshots were past 7.3 by some measure even at the time 7.3 was released, and the latest 7.3-something tagged snapshots are in fact closer to 7.4-release than to 7.3-stable. The first couple of paragraphs of https://www.openbsd.org/faq/current.html explains fairly well how this works. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: syslogd in 7.4 no longer likes self signed certificates for TLS remote logging
You are aware that OpenBSD 7.4 has not been released yet, right? On Mon, Oct 09, 2023 at 06:42:02PM +0200, Noth wrote: > > This wasn't covered in http://www.openbsd.org/plus74.html . I have a setup > where various OpenBSD instances log via TLS to a central logger, using self > signed certificates I generated locally (10 year validity). Both the server > and the clients verify each other using the -c & -s options for syslogd on > the clients and -K for the server. > > I upgraded to 7.4 via CVS on my VMs but not my routers (yet). The 7.3 > routers are still able to connect via TLS but the 7.4 VMs can't as they > don't like the self signed certs. It'd be nice if this was in the > upgrade74.html with some explanation of why this changed. Actually, if you built from source from a recent -current (HEAD) checkout, what you got was just that: something that is close to what will be 7.4-release, (a matter of weeks if not days), but not actually 7.4-release or -stable. > Is my path to getting all this working again the way it was to use Let's > Encrypt certificates? It's hard to tell the exact cause of your problem since you do not provice crucial data such as any error messages that would appear in a log somewhere. We also do not know much about your configuration or what requirements the setup is supposed to fill. But sure, in quite a number of situations auto-reneweing Let's Encrypt certificates would be a serviceable solution. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Problems with HD
On Thu, Oct 05, 2023 at 04:08:34AM +, Maria Morisot wrote: > I have an Asus Vivobook (1400EA), > and the hard drive is not recognized > by OpenBSD. I have the same problem > on some distros of Linux, but on others > it shows up fine. My Asus ZenBook had a similar issue, which was resolved by diving into the BIOS "Advanced" section and setting the storage controller to something other than the pseudo-RAID mode. It may we worth checking whether there is such an option available. (as cronicled a little way down the page in https://bsdly.blogspot.com/2021/07/the-impending-doom-of-your-operating.html or trackerless with only the most basic formatting at https://nxdomain.no/~peter/blog_wild_wild_world_of_windows.html) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets
On Fri, Sep 22, 2023 at 12:50:37PM +0800, Nan ZoE wrote: > Because, as far as I understand, these ROP mitigation mechanisms seem to > have been updated only in the three versions of OpenBSD, namely 6.3 to 6.5 > <https://www.openbsd.org/65.html>. Of course, I have also studied some > programs under OpenBSD 6.5, and many of them still seem to have the > potential to be bypassed. I would not take the lack of explicit mention on the release page (or for that matter lack of conference presentations or undeadly.org articles) on a specific item as proof of absence of activity. Improvements happen all the time, and changes that are not explicitly marked as being ROP-related may very well have an effect on the phenomenon anyway. By focusing on versions that have been unsupported for years you mainly ensure that the people who could have addressed any issuse you find will not bother. If you actually want what you find to matter, for your own good please shift your focus to -current or at least one or both of the still supported releases. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Update from 6.5 to 7.3
On Fri, Sep 08, 2023 at 10:01:45AM +0200, Alessandro Baggi wrote: > I've a problem. I need to upgrade OpenBSD from 6.5 to 7.3 on an APU2D. This > is a firewall. > The problem is that I cannot find older ISO of OpenBSD. Can someone point me > in the right direction? If you are planning to go the supported route and upgrade from release to release, you have eight rounds of upgrading ahead. If this is a firewall that does not do anything else, I would join a few of the other posters here in recommending that you back up the tiny number of files that could differ from a default install do a fresh reinstall, only editing in the things you need from your old /etc/ such as (likely most of) pf.conf. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: heck of a long time
On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote: > > If this is a sensitive topic I apologize ahead of time. > > I'm wondering... can we have a change in the OpenBSD front page (to say): > > "Only two remote holes in the default install, in more than 26 years!" With a value that specific (26 years) there might be nagging for updates every two releases (once per year). So a less maintenance intensive version might be "Only two remote holes in the default install, in more than a quarter century!" Then again, this is entirely up to those who maintain the website. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Recognition Of Linux LVMs
For the several wished-for things here to happen, primarily somebody would need to write the code (or port existing code) to support those features. The reasons why this has not been done for each of those differ, but generally boil down to (in no particular order) * No developer has been motivated to spend sufficient effort on the problem -- for example, anything that has to do with multibooting seems to be not really a priority. * a variation of previous, some features require a *lot* of work to go anywhere, so things that would be desirable in principle have not (yet) happened because getting them done would require more work than there are hands (and brains) available to get done to project quality standards. * Legal issues. For the ZFS case, the first hurdle is the CDDL (see https://en.wikipedia.org/wiki/Common_Development_and_Distribution_License), and if those complications were not enough, the code is affected by if I remember correctly at least a couple of dozen patent claims that have been subject to lawsuits and a few sealed settlements. And of course, some developer may well have started working on something but life happens (including some licensing kerfuffles, including IIRC one that lead to the abandonment of at least one attemtpt at supporting a certain class of BroadCom wifi parts). Generally, searching on the obvious keywords such as the device name and operating system name will give some clues. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ksh bug or just normal behaviour?
On Wed, Aug 02, 2023 at 11:35:39AM +, Ioan Samarul wrote:
> Can you please tell me if this is a bug or it is considered normal?
>
> $ set -A test a b c d e f g h i
> $ echo ${test[07]}
> h
> $ echo ${test[08]}
> ksh: 08: bad number `08'
> $ echo ${test[8]}
> i
I strongly suspect you stumbled on to a case of the old convention "numerals
with
leading zeroes are interpreted as octal notation" (but do check the underlying
code to make sure).
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Installing openBSD
On Mon, Jul 31, 2023 at 07:52:02AM -0400, Nick Holland wrote: > > IF you want to multiboot, just don't until you can answer questions like > this yourself. Multibooting is very complicated, and requires a mastery > of the boot process of ALL the OSs installed. People often consider it > a way to "learn" a new OS, I disagree, it is a good way to get massively > frustrated and lose a lot of data. I could not agree more. Unless you are specifically interested in learning how to develop bootloaders and that is something that yo consider essential to your career plan going forward, please do not mess with multibooting. If your plan is to learn anything besides bootloader internals, please do the sane thing and either run the one you are trying to learn on bare hardware (the best you can afford) or if you are comfortable with a virtualization platform, use that. Multibooting will always be a painful distraction unless bootloaders and their interactions with OSes and random hardware is what you want to spend the bulk of your time on. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Routing multiple IPv4 blocks
On Fri, Jul 28, 2023 at 10:09:31PM +0100, Polarian wrote: > I do have one question, if anyone is willing to answer it, so I have on and > off specified "keep state" depending on when I wrote the rule, but the > following specifies it is the default: > https://www.openbsd.org/faq/pf/filter.html > > So why do a lot of examples I see specify keep state if it is the default, > is there any benefit of specifying it which I am missing? I would guess that some of the examples are based on something that was written long enough ago that "keep state" was not the default. I personally only add "keep state" when I also need to add state options such as pflow or state tracking options. If you do a "pfctl -vnf /etc/pf.conf" and compare the output to the stored file, you will see that "keep state" and possibly other defaults will be appened (and things like lists of ports generating several rules and so on). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: APCI on old Thinkpad
On Mon, Jul 03, 2023 at 01:36:10PM +0200, Michael Hekeler wrote: > oh dear I have forgotten the model number - Sorry! > > It is Thinkpad 570 I had to look this up, since I had forgotten that Thinkpads used to come with model numbers not prefixed and/or postfixed with letters. I think one of several issues you will bump into is that the machine is almost a quarter century old (released April 1999 if Wikipedia is to be trusted), and you may be one of fairly few people who have kept one around this long. This means in practice that in all likelihood, recent versions of any now-useful software has been only lightly tested (if at all) on that vintage hardware. If you can get someone with the right skillset interested (as in, not me, by any measure) it is conceivable that a fix is within reach. That said, however, I suspect that improving support for more current hardware would tend to take priority when developers decide what to spend their time on. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ftp.openbsd.org currently unreachable
On Tue, Jun 20, 2023 at 05:30:20PM -0400, Alex Gaynor wrote: > > I'm writing to provide a heads up that ftp.openbsd.org appears to > currently be unreachable. It looks to be back now, so it was likely a temporary problem somewhere along the likely multi-hop way. That said, unless you are running a mirror, the general recommendation is to find a mirror reasonably close to you network-wise (which may rougly correspond to geographical positions) and stick to those. The sites listed at https://www.openbsd.org/ftp.html are synced often enough that you probably won't miss out on much for long. - Peter PS cross-posting to several OpenBSD mailing lists is generally frowned upon. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
EuroBSDCon 2023 open for Coimbra, Portugal 14-17 September 2023
Registration for @eurobsdcon 2023 is open. Check out the program at https://2023.eurobsdcon.org/program/, then go to https://registration.eurobsdcon.org/ and register. Early bird rates apply before July 15th, 2023. Go register! See you in #Coimbra, #Portugal September 14-17, 2023! #eurobsdcon #bsd #openbsd #freebsd #netbsd #unix #development -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Setting up a Transparent Tor Proxy on OpenBSD 7.3 with pf(4)
On Thu, Jun 15, 2023 at 07:17:45AM -, distantp...@danwin1210.de wrote: > > Thats it, "rcctl start tor" works flawlessly, "sh /etc/netstart" too, and > "pfctl -f /etc/pf.conf" does not spit out any warnings or errors either, Yes, at first blush by visual inspection the file you present is a sytactically valid ruleset. > so I first assumed it would work just as flawlessly then, but apparently > it doesnt, because I cant ping any domain or wget any webpage, when I > start the webbrowser it says it cant resolve the domain. Because all of > that I thought I might have set the DNSPort settings wrong, so I changed > it to 5353, but it didnt work either. I couldnt find any working > configuration for that matter and I would really appreciate it if somebody > took the time and helped me. I am not at all sure about what magic is needed for name resolution to work in your environment, but your ruleset has no mention of icmp, which is likely why ping does not work. But then as JJ said already, instrument your rules with log or log(all) and spend some time getting to know our friend tcpdump(8) as applied to PF logging. For further reference, please see the pf.conf man page, the PF user Guide or even my own tutorials or the Book of PF for working examples. All the best, Peter N. M. Hansteen -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
ChatGPT writes a pf.conf by spec, earns an "F" grade
Prompted by a followup on Mastodon, I was enticed to see what feeding a prose spec for a pf.conf to ChatGPT would produce. TL;DR: it failed miserably, but in a way that would have lead the gullible to try it out raw, leading them down a route that would lead to loads of misery and frustration. Recorded at https://nxdomain.no/~peter/chatgpt_writes_pf.conf.html for those who would be interested. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
The EuroBSDCon 2023 Call for proposals ends this week (May 26th, 2023), get your submission in now!
This year's EuroBSDCon conference is set in Coimbra, Portugal September 14-17, 2023. The conference (or rather the conference program committee) will accept submissions for consideration for inclusion in the program, talks, lightning talks or tutorials until the end of day (in any time zone) May 26th, 2023. The full Call for proposals can be found at https://2023.eurobsdcon.org/call-for-papers-is-now-open/, where you will also find the link to the submissions system. If you are mulling a submission, mull no more! Get your submission in as soon as possible and at the latest May 26th. We aim to finalize selection and to publish the initial version of the conference program on or before June 1st, 2023. Hoping to see you in Coimbra this September! For the EuroBSDCon 2023 program committee, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Minimum install size
On Fri, Apr 28, 2023 at 09:55:13PM -0600, Theo de Raadt wrote: > > > Do not assume "desireable" and "possible" are always the same. > > > > My point was whether the wording "installable on 512MB of storage" is > > appropriate to put in the OpenBSD 7.3 FAQ, and whether "desirable" and > > "possible" are the same is outside the discussion. > > No, it is optimistic oversell by the faq authors > > It should be realistic & accurate, or it should say nothing at all. If I rembember correctly, the 512MB number was somewhere in the "possible but not comfortable" range way back when the text was originally written. But that was before several space consuming things such as the relinking at boot steps happened. A more realistic estimate looking a the various systems I have within reach suggests "you can squeeze in a full install inside 1GB, but if you plan on installing any packages or storing data locally, there is no point in setting yourself up for the pain of running out of storage". You could probably find the absolute minimim (an actually quite useless number) by checking the uncompressed sizes of the *.tgz install sets, but the last time I remember doing a "df -h" on a fresh install before installing any packages or introducing any data, the total ran to somewhere in excess of 650MB. The system with the least storage allocated that I interact with regularly is a thing that runs spamd and some content filtering, with a total of 6GB storage, and at most times uses about two thirds of that. If the bare minimum size for an OpenBSD install is vital information to you for some reason, the way to find out is to do a fresh install using only the Enter key, then recording he total used after first reboot. The exact number is likely a little different across the 14 supported architectures. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: is there anything broken on http://ftp.openbsd.org/pub/OpenBSD/ ?
On Wed, Apr 26, 2023 at 11:32:46AM +0200, Илья Шипицин wrote: > sorry, > > I've searched for announce, didn't find any. Indeed, the ftp site seems to be unreachable at the moment. But if you head over to https://www.openbsd.org/ftp.html you will likely be able to fetch useful things from one of the CDNs. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: File system is full after using dd
On Sat, Apr 15, 2023 at 04:14:08PM +0200, Lorenzo Torres wrote: > Hello, I've run the dd command to wipe the data of an SD card:dd if=/dev/zero > of=/dev/rsdb1c bs=1MAfter quite some time it crashed saying that the / > filesystem is full and even after a reboot the same happens. Now I can't even > run xorg because the fs is full. Any idea on why this happened? I have a 1TB > NVME SSD as root disk and I have only a root partition as well as the efi > partition on the root disk.Lorenzo Torres (https://sagittarius-a.org) This sounds to me that you mistyped and created a huge file in your /dev/ directory. identify that file and delete it. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD Comparable Technologies
Hi Lewis, Possibly due to insufficient caffeine at this end I am not entirely sure I fully grasp the content and context here, but I would recommend reading, in somewhat random order, 1. man pf.conf (https://man.openbsd.org/pf.conf) (you may want to search there for urpf) 2. the PF user guide (https://www.openbsd.org/faq/pf/index.html) 3. the slides from our latest "Network Management with the OpenBSD PF toolset" tutorial (https://home.nuug.no/~peter/pftutorial/#1) 4. the slides from the pre-revision PF tutorial (https://home.nuug.no/~peter/pf/newest/) 5. various books and articles referenced in the previous, and perhaps as a reasonable starting point, The Book of PF (https://nostarch.com/pf3) I'm fairly confident you can get a working and quite comfortably maintainable setup going with the help of these resources. - Peter On Sun, Apr 09, 2023 at 02:42:02AM -0700, louise9...@gmail.com wrote: > Hello, I am new to OpenBSD in terms of using it as a home router/firewall. Im > trying to implement the OpenBSD equivalent or similar way of doing things > like I did on my Linux Router. Are there are equivalent ways/programs for the > following: > > > 1. Reverse Path Filter (Like on Linux). > > 2. Protection against DHCP Starvation attacks. > > 3. DHCP Snooping > > 4. Reply-Only ARP system with features like(automatically adding arps for > leases) that keep people from setting a static ip on the network and > bypassing the queueing done by pf. > > > P.S.: If there are any ways of doing these options above can you point me to > the right documentation as I have tried to research but couldn’t find any > thing on these subjects listed above. > > Thank you, > Lewis > -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Command At Startup
On Sat, Apr 01, 2023 at 11:26:31AM +0200, Computer Planet wrote: > Hi Guys, OpenBSD 7.2 > I have no way to get a stupid autorun script to load. Can anyone tell me > where to put this script? > In /etc/rc.local it doesn't work... > The scirtp is located in the path /home/tech > and contains only this: > -- > #!/bin/ksh > /usr/sbin/apm -C > -- I would think the place to put flags for apm or apmd would be the to put a line in /etc/rc.conf.local with apmd_flags= and the flags you want. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
CFP Submissions Open: EuroBSDCon 2023: Coimbra, Portugal September 14-17, 2023
**EuroBSDCon 2023: Coimbra, Portugal September 14-17, 2023** The Call for Talk and presentation proposals for EuroBSDCon 2023 is now open. EuroBSDCon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 14-17 2023 in Coimbra, Portugal or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday. The Call for Talk and Presentation proposals period will close on May 26th, 2023. Prospective speakers will be notified of acceptance or otherwise by June 1st, 2023. **Call for Talk and Presentation Proposals (CFP)** The EuroBSDCon program committee is inviting BSD developers and users to submit innovative and original talk proposals not previously presented at other European conferences. Topics of interest to the conference include, but are not limited to applications, architecture, implementation, performance and security of BSD-based operating systems, as well as topics concerning the economic or organizational aspects of BSD use. Presentations are expected to be 45 minutes and are to be delivered in English. **Call for Tutorial Proposals** The EuroBSDCon program committee is also inviting qualified practitioners in their field to submit proposals for half or full day tutorials on topics relevant to development, implementation and use of BSD-based systems. Half-day tutorials are expected to be 2.5 to 3 hours and full-day tutorials 5 to 6 hours. The tutorials and talks are to be held in English. **Submissions** Proposals should be sent through the registration system at https://registration.eurobsdcon.org. Proposals should contain a short and concise text description in about 100 words as well as a short speaker bio. Accepted papers and presentations will be published on the conference web site as soon as feasible during or after the conference. We encourage submitters to consider writing up a formal paper for this purpose in addition to making a presentation. While we urge prospective speakers to seek funding from employers or other benevolent sources, the conference does have a budget for covering reasonable travel and accommodation expenses for speakers, with accommodation to the extent possible provided at the primary speaker hotel (see the Travel page on the conference website). Speakers who will be applying for travel funding should also submit an estimate of expected travel expenses. Please see the Speaker Reimbursement Policy page at https://eurobsdconfoundation.org/speaker-reimbursement-policy/ for details. Please also note that due to visa issues in the past, we would like to know as early as possible of any visa requirements for speakers. Please check the Portugal Visa Application Requirements site at https://www.schengenvisainfo.com/portugal-visa/ for guidance. NOTE: If conditions dictate that the conference move to an all-online format, further instructions on how to access the conference for both speakers and attendees will be forwarded by email and posted on the conference website. As such we are especially interested in proposals that would work well in a virtual format, such as panel discussions. Please also include your timezone and expected available times with your proposals. Due to known and unknown unknowns, the format of the conference has not yet been decided at this writing. If the format of the conference, on-site versus online has consequences for your ability to present, please let us know in the notes on your submission. While the registration system offers the option of adding a commercial and/or avatar to your proposal this is not expected (or supported at the moment). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
EuroBSDCon 2023 (Coimbra, Portugal September 14-17) Call for participation: Submission to open soon
**EuroBSDCon 2023: Coimbra, Portugal September 14-17, 2023** The Call for Talk and presentation proposals for EuroBSDCon 2023 is now open. EuroBSDCon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 14-17 2023 in Coimbra, Portugal or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday. The Call for Talk and Presentation proposals period will close on May 26th, 2023. Prospective speakers will be notified of acceptance or otherwise by June 1st, 2023. **Call for Talk and Presentation Proposals (CFP)** The EuroBSDCon program committee is inviting BSD developers and users to submit innovative and original talk proposals not previously presented at other European conferences. Topics of interest to the conference include, but are not limited to applications, architecture, implementation, performance and security of BSD-based operating systems, as well as topics concerning the economic or organizational aspects of BSD use. Presentations are expected to be 45 minutes and are to be delivered in English. **Call for Tutorial Proposals** The EuroBSDCon program committee is also inviting qualified practitioners in their field to submit proposals for half or full day tutorials on topics relevant to development, implementation and use of BSD-based systems. Half-day tutorials are expected to be 2.5 to 3 hours and full-day tutorials 5 to 6 hours. The tutorials and talks are to be held in English. **Submissions** Proposals should be sent through the registration system soon to be available at https://registration.eurobsdcon.org. Proposals should contain a short and concise text description in about 100 words as well as a short speaker bio. Accepted papers and presentations will be published on the conference web site as soon as feasible during or after the conference. We encourage submitters to consider writing up a formal paper for this purpose in addition to making a presentation. While we urge prospective speakers to seek funding from employers or other benevolent sources, the conference does have a budget for covering reasonable travel and accommodation expenses for speakers, with accommodation to the extent possible provided at the primary speaker hotel (see the Travel page on the conference website). Speakers who will be applying for travel funding should also submit an estimate of expected travel expenses. Please see the Speaker Reimbursement Policy page at https://eurobsdconfoundation.org/speaker-reimbursement-policy/ for details. Please also note that due to visa issues in the past, we would like to know as early as possible of any visa requirements for speakers. Please check the Portugal Visa Application Requirements site at https://www.schengenvisainfo.com/portugal-visa/ for guidance. NOTE: If conditions dictate that the conference move to an all-online format, further instructions on how to access the conference for both speakers and attendees will be forwarded by email and posted on the conference website. As such we are especially interested in proposals that would work well in a virtual format, such as panel discussions. Please also include your timezone and expected available times with your proposals. Due to known and unknown unknowns, the format of the conference has not yet been decided at this writing. If the format of the conference, on-site versus online has consequences for your ability to present, please let us know in the notes on your submission. While the registration system offers the option of adding a commercial and/or avatar to your proposal this is not expected (or supported at the moment). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: sftp-server listening port how-to
On Thu, Mar 09, 2023 at 01:31:47PM +0100, Daniele Bonini wrote: > > > change it to any number you want. > > VPS here come in a nice package with a default web console over ssh. > > An other one: if I try to nobody the user default shell > I'm out of any luck to be able to connect. That little guide I posted a link to has a section about setting up a separate set of users for sftp. For other use, you would likely be better off with a normal shell. something like keep your normal user (guessing 'daniele'), and in addition define 'sftp-daniele' along with other users who only need sftp, not a regular shell, in a handful of easy steps as outlined in the guide. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: sftp-server listening port how-to
On Thu, Mar 09, 2023 at 12:47:14PM +0100, Daniele Bonini wrote: > > I'm wondering if there is any chance to change the default > listening port for sftp-server. > > NB: I'm using it on my Linoox VPS but I see from the man > a given OpenBSD 2.8 port origin. it is indeed possible to change the listening port. It's all in the man page. My immediate question would be, why would you want to? For a truly unhelpful interlude, I offer [Thu Mar 09 13:07:40] peter@skapet:~$ grep sftp /etc/services sftp115/tcp or on a nearby mac, [Thu Mar 09 13:08:14] peter@Peters-MacBook-Pro:~$ grep sftp /etc/services sftp115/udp # Simple File Transfer Protocol sftp115/tcp # Simple File Transfer Protocol utsftp 2529/udp# UTS FTP utsftp 2529/tcp# UTS FTP which hints strongly at the historical "Simple File Transfer Protocol", described in RF913, dated September 1984 (and it is likely not what you want. At all). For the actual steps involved in setting up your sshd with sftp-server, this guide looks at first blush fairly sane: https://linuxhandbook.com/sftp-server-setup/ Further to the "why would you want to?" issue, I offer this from the Hail Mary Cloud cycle: https://bsdly.blogspot.com/2013/02/theres-no-protection-in-high-ports.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Mail Etiquette: Reply above or below
On Tue, Mar 07, 2023 at 09:36:10AM +, Johannes Thyssen Tishman wrote: > > When I reply to an email I do so above the senders message, however I see > many people in the mailing lists replying below it. Is this the preferred way > or just preference? Thanks. The traditional style is to quote only the parts of the previous message(s) that you are writing in respose to. If you are commenting on several parts of a previous exchange, the convention would be to offer your own input in several blocks, directly following the parts you are responding to. For whatever reason, Microsoft's Outlook or possibly earlier Microsoft mail client products dragged in a convention of quoting the whole thread (even though those early clients did not in fact have the thread concept) and putting new text on top. I think this would point to my preference at least. Cue my 2011 rant about same, enjoy: https://bsdly.blogspot.com/2011/02/problem-isnt-email-its-microsoft.html All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Nic I225-V issue
On Sun, Mar 05, 2023 at 11:26:04PM +0100, Pietro Leone Pola Falletti di Villafalletto wrote: > Hallo, I bought industrial fanless pc for using it as firewall with OpenBSD. > I tried both 7.2 and 7.3-beta, I installed the stock operating system > without any customization, the four nic and the wifi did not work out of the > box. The differences is that during the installation the wireless card is > recognized as iwn0, but fail to load the firmware, the nics do not appear in > the list of configurable network card. > I tried to load OpenBSD firmware from: > > http://firmware.openbsd.org > > Both 7.2 and 7.3 but the results are the same, wireless nic startworking, > but not the for wired nic. During the boot I see this error for every nic: > > igc0 at pci1 dev 0 function 0 "Intel I225-V" rev 0x03: not enough msi-x > vectors > igc0: unable to map msi-x vector 0 > > I tried to install FreeBSD13.1 and GNU/Linux (Ubuntu 20.04) and both > recognize all nic and wireless card, so the hardware seems ok. This could be a matter of a variant no OpenBSD developer has had their hands on yet. I would try sending to bugs@ instead (the sendbug command is very well suited for that purpose). The chance of catching a relevant developer's attention is a lot larger than when posting on misc@. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Robot poetry about OpenBSD
Here is an article about the poem and other things, witt some context - ChatGPT opines on IPv6 procastination, waxes lyrical over OpenBSD https://medium.com/@peter.hansteen/chatgpt-opines-on-ipv6-procastination-waxes-lyrical-over-openbsd-122d16986fd5 or https://bsdly.blogspot.com/2023/03/chatgpt-opines-on-ipv6-procastination.html trackerless: https://nxdomain.no/~peter/chatgpt_on_ipv6_and_openbsd_poetry.html #chatgpd #ipv6 #procrastination #OpenBSD #poetry All the best. Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Robot poetry about OpenBSD
I decided to test the robot that's been in the news lately - PNMH: write a poem about OpenBSD ChatGPT: In a world of code and bytes, Where hackers lurk in endless nights, There shines a system, strong and bright, A fortress of security, with OpenBSD in sight. Like a lighthouse on a stormy shore, It guards the network from cyber war, With firewalls, cryptography, and more, It stands tall, unyielding, forevermore. In its heart, a philosophy, Of code that's clean and free, No backdoors, no secret keys, Just trust and transparency. >From humble beginnings, it arose, A gift to the world, from the chosen few, A beacon of hope, for those who oppose, The tyranny of those who seek to control. So let us raise a toast, to OpenBSD, A shining example of what can be, When we dare to dream, and we dare to be free, For a better tomorrow, for you and for me. (preserved as https://nxdomain.no/~peter/chatgpt_poem_about_openbsd.txt) All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: openbsd get really hot/warm
On Thu, Mar 02, 2023 at 06:43:02PM +0100, l...@netc.fr wrote: > > unfortunately since a week I was wondering about something : > > on two old hp elitebook, it looks like under win7 and linux/LMDE, that at a > general glance everything looks correct > > but on openbsd, something happens, even if CPU is not high : it's a huge > overheating, with fans going almost everytime in the high speed, and lower > case of the laptop, almost burning (in a way it's really warm, impossible to > get it a minute on laps) > > I saw the same problem on an asus laptop. > > is there anyway to know where it come from? See if you can't get some effect from using apm/apmd (see https://man.openbsd.org/apm). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Mail from the command line
On Thu, Feb 16, 2023 at 12:27:37PM +0100, Andrew wrote: > > *Do you know any recipe for using $ mail on the command line? Or a web link > that proposes one.* typing "using mail from the command line" into a search engine yields quite a few hits. This one https://phoenixnap.com/kb/linux-mail-command looks like a fairly useful one once you skip the "how to install mailx on Linux" part. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Taring a "posix problemozauro"..
On Fri, Feb 10, 2023 at 11:12:44AM +0100, Daniele Bonini wrote: > > But when it is matter to deliver things from OpenBSD eg. to other > live destination taring the same stuff I get the following error: > > tar: File name too long for ustar > "go/Pippo/Pluto_Pluto_Pluto_Pluto/pippo/EN/pippo pippo pippo pippo > technical assistance and sale of appliances emergency service > throughout the pippo area pippo pippo superpippopippo.com" > > and these folder and files doesn't comes compressed at all. The first thing that comes to my mind is to try with GNU tar which is available as a package on OpenBSD - pkg_add gtar should get you that one. It is possible or even likely you are being tripped up by "differing interpretations" of the archive format spec. Also, spaces in file names could be part of the problem set. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Safely remove USB drive
On Wed, Feb 08, 2023 at 04:50:32PM +0100, Jan Stary wrote: > On Feb 08 13:56:18, pe...@bsdly.net wrote: > > 1) close any open files stored there > > 2) make sure no process has the media as $PWD (as in, cd away from there, > >and really a variation on the first) > > 3) issue at least one sync command (some folklore will insist on three) > > 4) umount the media from wherever it was mounted > > 4 takes care of 1,2,3, right? It is a common assumption it does, but I have seen time and again applications either coredumping and hanging while doing so or just getting terribly confused when their presumed current directory disappeared from under them. Depending on how much force you put behind the umount (as in doas, sudo) it is not entirely certain you would be able to umount a file system that has open files. Then again, your mileage may vary. And the OP asked for safe removal. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Safely remove USB drive
On Wed, Feb 08, 2023 at 10:44:20AM -0300, Crystal Kolipe wrote: > If you are just copying files, and/or using dd to, for example, overwrite > a device with zeros or random data, then you don't need to do anything > special to use usb storage devices on OpenBSD. In the case of dd-ing to a usb stick I'd say only to wait until you get the shell prompt back before you unplug it. Then you'll be fine. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Safely remove USB drive
On Wed, Feb 08, 2023 at 09:27:08AM -0300, vitmau...@gmail.com wrote: > quick and very basic question: is syncing and umounting a USB drive > enough to safely remove it or should I execute other commands before > unplugging these devices? My personal check list for safely removing removable media after use would be 1) close any open files stored there 2) make sure no process has the media as $PWD (as in, cd away from there, and really a variation on the first) 3) issue at least one sync command (some folklore will insist on three) 4) umount the media from wherever it was mounted then you can go ahead and unplug. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Take it easy..
On Mon, Feb 06, 2023 at 10:45:25AM +0100, Daniele B. wrote: > If eg. the man can be improved soon on how to mount the /tmp on mem ;-) OpenBSD man pages tend to be readable and informative. https://man.openbsd.org/mount_tmpfs is quite short and to the point. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Live stick / cd from official sources
On Sat, Feb 04, 2023 at 05:48:15PM +0100, Daniele B. wrote: > Sorry if I bother you again with the thread. No need to cc: me. I's subscribed to misc@. > The minipc will be on business from tomorrow and I will use it > together with a little student of mine: it is enough critical that the > "not configured" hello! doesn't reppresent anything "risky". > Eg: I tried to tweak the custom bios of Fujitsu for a more perfomant > fan/cpu but the machine started litterally to fly while booting. Precautially > I hanged manually the booting process. I've had a lot of hardware that would start the fans full blast during the early parts of the boot proces, but would quiet down once everything was fully loaded. Or after you have configured apmd(8) properly. I would not worry overmuch over this by and on itself. > The part of dmesg I'm wondering about is the following: partial dmesges are by definition a waste of time. Please send the full one, or perhaps rather full sendbug output. > And for your own concerns: > azalia0 at pci0 dev 3 function 0 "Intel Core 4G HD Audio" rev 0x06: msi > azalia0: No codecs found whether this is significant depends on the specific role you were thinking of assigning to this machine. It looks like this is a new variant of Intel audio. The developers who work with that part of the code on a daily basis will be able to offer insights with a full sendbug output sent to bugs@. They all read bugs@, whether anything posted on misc@ actually reaches a relevant developer is more hit or miss. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Live stick / cd from official sources
On Wed, Feb 01, 2023 at 12:36:18PM +0100, Daniele B. wrote: > The mini-pc arrived in three working days, from Germany to Italy. 30 bucks of > DHL delivery but.. > I could be certainly happy of such a service.. > > (although at time I can't still be sure about the possibility to openbsd > it..). > > Can we arrange these situation in a better bsd fashion? > > I will update you to bugs@ as soon I can boot this mini-pc, hopefully > I will not :D As several of us have said already, more likely than not the install will be easy and straightforward. If it isn't, bugs@ is the place to report. And anyway as soon as you have the thing running, sending the dmesg as described in https://www.openbsd.org/faq/faq4.html#SendDmesg will be much appreciated. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Live stick / cd from official sources
On Mon, Jan 30, 2023 at 03:13:24PM +0100, my25mb wrote:
> Thanks for your patient to ride my horse.. and Peter and Stuart, for
> the completeness of your replies.Often, in this "perfect" world we are
> always all "developers" or advanced users to know enough about OpenBSD.
> However, when it comes to business three stuff could happen and sorry if
> they appear hilarious:- IT staff of the shop is business oriented but
> not much skilled enough same time: just need to deliver pc, and could
> have already delivered my own purchase before to face "complexity"...
> indeed;- In terms of bucks, I do not see yet at time people in line to
> bet that writing to bugs@ will solve any present and future problem about
> their own wallet (although just few bucks);- Trust is not something
> left to the word of mouth: a) talking about OpenBSD itself, I
> need to know that is going to run; b) if there is an unofficial
> live image around seriously maintained and that solve the "hardness" quiz
> of the Team, I think this one or more of them out there (there are some)
> could be endorsed in the FAQ, or whereever by openbsd.org I'm a little bit
> surprised (and maybe.. a too simple dude) to hear that openbsd evaluated
> the possibility to adopt a live installation and gave it up, so lets
> watch to your own diffusion stats, eheh.Daniele Bonini
I really do not want to appear hostile, but whatever it is you are using for
a mail client needs to be taken out behind the barn unless it can be made
to format properly.
As to the issues you are addressing,
* reporting whatever problem you have to b...@openbsd.org is useful in those
cases you can supply relevant information. That list is read attentively
by the developers. This is THE way to communicate with those who are able
to fix any problems found in the OpenBSD codebase.
* the reason why there is no official live CD image is much the same as why
OpenBSD does not have a graphical installer (another much requested feature).
OpenBSD is portable, with 14 supported hardware platforms, and considerable
effort has gone into making the system equally usable on all of them.
Since the project does not have infinite resources in either money or people,
priority is given to what appears useful to the developers themselves or
people
who can be bothered to help out with such things as testing.
For your purposes it is likely that grabbing installer for amd64 and using
that
for a trial install will answer the question ("does it run on this hardware?")
with little or no effort. If, on the other hand, the mysterious hardware is
not
a variant of a supported platform, live CD images will not help you much
either.
So my recommendation would be to start with the installer FAQ,
https://www.openbsd.org/faq/faq4.html
then if you like follow Crystal's advice on installing to a removable storage
device
and possibly dd'ing the result of that operation to a file that can be
downloaded
and dd'ed to a similar device for testing. All doable with operations similar to
what the FAQ describes.
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
