Re: can't find PID

2024-03-05 Thread Raul Miller 
If you want to track which executable was running which pid at a
specific time, you need to put that information in a log, so you can
associate pid and time with the executable path.

-- 
Raul

On Tue, Mar 5, 2024 at 10:26 AM ofthecentury  wrote:
>
> Well, that's not very noice. Where is security?
>
> On Tue, Mar 5, 2024 at 7:45 PM Theo de Raadt  wrote:
>
> > PID 6504 was my shell.  I've logged off now.
> >
> > What are you expecting here??
> >
> >
> > ofthecentury  wrote:
> >
> > > Yes, I'm tcdupming pflog and ALL my dropped packets
> > > reference some PID 6504 that is not found among
> > > the processes that are running. I was actually not fishing
> > > for PIDs, I just saw the PID referenced in the standard
> > > tcpdump output. For forensics I just want to find the link
> > > between PID referenced in tcpdump to the process,
> > > and I cannot, and I believe I should be able to for security.
> > >
> > >
> > >
> > > On Tue, Mar 5, 2024 at 7:12 PM Janne Johansson 
> > wrote:
> > >
> > > > Den tis 5 mars 2024 kl 14:35 skrev ofthecentury <
> > ofthecent...@gmail.com>:
> > > > >
> > > > > Hi, I'm on a fresh install of OpenBSD 7.4.
> > > > > I am watching output of tcpdump and
> > > > > seeing some drops that all reference
> > > > > UID 0, pid 6504. I cannot find that PID
> > > > > among running processes. Does anyone
> > > > > know what is that process and why it's
> > > > > not running but tcpdump references it?
> > > >
> > > > OpenBSD has random pids, so unless you ask about pid 0 or 1, noone can
> > > > divine what process had pid 6504 on your system at that time.
> > > >
> > > > As for this report, it looks like you are tcpdumping pflog in order to
> > > > see "drops" with pids, but since you didn't mention what you ran, it's
> > > > hard to tell. Nor did you state how you looked for pids, perhaps not
> > > > using all the possible options?
> > > >
> > > >
> > > > --
> > > > May the most significant bit of your life be positive.
> > > >
> >

Re: What could cause high CPU load averages (no actual CPU usage)?

2023-10-25 Thread Raul Miller 
On Wed, Oct 25, 2023 at 8:16 PM Justin Yates Fletcher
 wrote:
> On Wed, 2023-10-25 at 21:12 +0200, Mike Fischer wrote:
> >
> > > Am 25.10.2023 um 17:57 schrieb Theo de Raadt :
> > > Mike Fischer  wrote:
> > > > > Am 25.10.2023 um 17:29 schrieb Theo de Raadt
> > > We changed a lot of kernel scheduling code *without giving a damn
> > > about the stability of this number*
> >
> > Fine, but you are not changing my running Kernel, are you?
>
> I don't understand your point with this. Are you making an accusation?
> If not, then why even write this?

I think Mike Fischer's point was that the change did not correspond to
a kernel upgrade.

(And I think Theo de Raadt's point was that there's not enough rigor
on load average to diagnose this issue.)

-- 
Raul

Re: AAAA entry for openbsd.org

2023-10-23 Thread Raul Miller 
OpenBSD is a volunteer organization.

If you want to volunteer to host an ipv6 mirror, I think the licensing
already allows that.

Please correct me if I'm wrong.

Thanks,

-- 
Raul

On Mon, Oct 23, 2023 at 2:00 AM Armin Jenewein  wrote:
>
> No idea what you perceive here as a "rant", my apologies if that seemed
> like one to you, that's not my intention.
>
> FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no 
> entry, either.
>
> I don't see what I need to prove here. That's 3 hosts already that don't
> have an  DNS record, so if you're on an IPv6-only link, you can't
> access these. I didn't check ALL the mirrors that the installer has in
> the list, but the one popping up in my list as ftp.spline.de doesn't
> have one, either, so that's just number four.
>
> With prices for IPv4 addresses are starting to increase, it surprises me
> that this is still such a heated topic. Nobody asks about removing
> IPv4-connectivity here. Nobody wants to break functionaly for v4-only
> users.
>
> I did try installing OpenBSD in v6-only networks, yes. On an IPv6-only
> host it doesn't even suggest a mirror to download from.
>
> My initial mail was about  this one here, nevertheless:
>
> $ ping6 openbsd.org
> ping6: no address associated with name
> $
>
> The fact that all the other hosts I mentioned are v4-only doesn't change
> that situation in any way.
>
> ~ Armin
>
>
>
>
> On 23-10-22 19:29:28, Philip Guenther wrote:
> > On Sun, Oct 22, 2023 at 6:53 PM Armin Jenewein  wrote:
> >
> > > Hi.
> > >
> > > On 23-10-22 15:47:45, Kastus Shchuka wrote:
> > > > On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote:
> > > > > Hi,
> > > > >
> > > > > as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org
> > > > > host
> > > > > wouldn't introduce side-effects for IPv4 users: is there any reason
> > > > > openbsd.org still has no  entry at the end of 2023?
> > > >
> > > > Why do you need it?
> > >
> > > Because it's extremely inconvenient to have manually type in the name of
> > > a mirror that I know has an  entry. The installer won't even be able
> > > to download the mirror list because of the reason I mentioned. It tries
> > > to talk to openbsd.org which obviously fails.
> >
> >
> > See, this is why being clear about What Fine Problem You're Trying To Solve
> > is important: AFAICT the installer tries to fetch the mirror list from
> > ftplist1.openbsd.org and not from openbsd.org.
> >
> > Can you confirm that your _actual_ request is to have the installer be able
> > to get the mirror list when on an IPv6-only host?
> >
> > (Please don't rant at people who try to help, particularly when doing
> > exactly what you requested would NOT HAVE HELPED, unless you *want* people
> > to drop you in their kill-file as "not worth trying to help".)
> >
> >
> > Philip Guenther
>
> --
>
>   ,_^_.
> \- -/
>  \_/ \ Armin Jenewein
>  |O o |
>  |_  <   )  3 )
>  / \ /
> /-__,__-\
>
>
>
>
>

Re: Firefox and stuttering USB audio

2022-06-01 Thread Raul Miller 
On Wed, Jun 1, 2022 at 6:13 PM Mihai Popescu  wrote:
> I am not able to understand why a simple application like mpv for
> example is able to play videos and streams at high resolutions with
> good performance, but a "browser" needs 10 times the CPU cores and
> memory and it still does it wrong enough to annoy users.

If you look at the build details for chromium:

It's layers and layers of indirection where no one really understands
how the browser works.

-- 
Raul

Re: best place to put export variables

2022-05-18 Thread Raul Miller 
"Best" depends on you and your system and how you use your system.
(Are you the sole user of your system? Do you share access? Under what
conditions? How much storage does your system have? Etc..)

Conceptually, $HOME/.login is a fine place to define an environment
variable, though there's ways of using the system which would bypass
that definition.

Conceptually, you might have situations where you want to bypass your
cache home definition, though of course many people would not want
such a thing.

Conceptually, the system should work just fine with the default
behavior (which uses $HOME/.cache if I remember right). And maybe
that's the best for you.

Ideally, you should be the person who determines the best choices for
you, and you should be looking for information which is relevant to
whatever is unusual about your situation.

-- 
Raul



On Wed, May 18, 2022 at 6:51 PM Mihai Popescu  wrote:
>
> Hello,
>
> I want to export XDG_CACHE_HOME variable used by Xorg.
> What is the best place (file or ?) to export this variable?
>
> I remember i used some file to export a long time ago PS1 variable.
> Should I use ~/.login file or is it a better way to export this xorg variable?
>
> OpenBSD amd64 here, snapshots install.
>
> Thank you.
>

Re: Howto do "a detailed cleanup with the aid of the sysclean package"?

2022-05-04 Thread Raul Miller 
On Wed, May 4, 2022 at 4:15 AM Sebastien Marie  wrote:
> The main problem I am seeing would be maintaining such lists, and it necessary
> means manual addition to add only "safe" files to remove (no libraries at
> least).

Conceptually speaking, it's possible to track library dependencies,
and it's possible to build tools for doing so, and it's possible to
automate this. ldd already does a lot of the work here, and a
conceptual sysclean replacement might provide toolchain and/or install
time and/or backup time support for tracking executable locations.
(Conceptually, this kind of tracking would use some directory
structure to support independent updates, and would itself be subject
to [careful] cleanup. Some small redundancy here would probably be
fine.)

That said, I don't personally have a use for this approach -- I lean
towards the "build a new image, and shut down the old one (ideally
hanging onto it for a month, in case there's problems)" mechanism for
cleanup.

Thanks,

-- 
Raul

Re: clang 13 space issues with KARL

2022-04-28 Thread Raul Miller 
On Thu, Apr 28, 2022 at 2:00 PM Peter J. Philipp  wrote:
> BTW do you know any operating systems that aren't BSD, Linux that I can
> continue on?  Surely you'd be in the know for this.

If you do not mind using msdos as a bootstrap loader, you might try
colorforth. For example: https://colorforth.github.io/install.htm

That said, if you are looking for a community to support that effort,
you might have to build it yourself. This isn't really the right place
for that.

Good luck,

-- 
Raul

Re: chroot for go webserver with pledge and unveil

2022-03-15 Thread Raul Miller 
On Tue, Mar 15, 2022 at 10:25 PM  wrote:
> Is there something to restart it if it crashes?

If that's a concern you could use a shell script that launches and
relaunches the thing,

But ask yourself: why would you want it to restart automatically after
a crash, if you are concerned about security?

-- 
Raul

Re: How much does battle-testing weigh?

2022-03-14 Thread Raul Miller 
On Mon, Mar 14, 2022 at 8:13 PM  wrote:
> Please see "Are all BSDs created equally. OpenBSD vs NetBSD vs FreeBSD"
> https://www.youtube.com/watch?v=AvSPqo3_3vM
>
> How they are handled is another matter, but its just as easy as it is in
> other OS's.
>
> Do you believe that OpenBSD has less attack vectors? I fail to see
> that.

That video you referenced indicates that OpenBSD has *less* attack
vectors than the other BSDs, and that is stated several times in
several different ways in that video.

(Check out the text displayed 40 minutes, 30 seconds in, for example.)

Less attack vectors is of course not the same as no attack vectors.
And it's often worth understanding what the issues are (not only in
the kernel, but at the hardware levels).

That said, we have to live with imperfect security, so we also have to
live with mitigation efforts.

Thanks,

-- 
Raul

Re: Please put vi in base

2022-03-12 Thread Raul Miller 
On Sat, Mar 12, 2022 at 9:41 PM  wrote:
> At least I will make sure to always have a custom install media ready.

Make sure you test it before you need to rely on it.

(Also, using echo isn't necessarily a bad idea, though there are
faster approaches. If retyping a line because of a typo is a problem,
you could for example, build a directory to represent the fstab, one
line per file in that directory, names indicating order, and use cat
to assemble the lines.)

((That said, if you spent hours on this, that sounds like learning
curve, or composing emails, not operational time.))

Good luck,

-- 
Raul

Re: Please put vi in base

2022-03-12 Thread Raul Miller 
On Sat, Mar 12, 2022 at 4:48 PM  wrote:
> I already have that book, which is why I KNOW I will never want to use
> ed :)
>
> But thank you all for your feedback. I will make a custom install media
> from now on.

I have been trying to figure out what's going on here: you have not
really explained why you find yourself needing to edit files during
that bootstrap stage of installation.

(When I install openbsd from a usb iso image, I have vi available to
me before I need to edit any files. Apparently this does not match
your experience?)

I mean... it sounds like you have found your solution, so maybe this
conversation is over. But, if not, maybe I could still learn something
here.

Thanks,

-- 
Raul

Re: disk i/o test

2022-03-03 Thread Raul Miller 
On Thu, Mar 3, 2022 at 10:13 AM Nick Holland
 wrote:
> You mention "legacy" options in the BIOS, you may be running an old
> machine.  But also look at softdep and noatime mount options, softdep
> is a HUGE performance gain, noatime is a nice little kick with seemingly
> zero consequences (it does defeat a standard Unix file system feature,
> but I've not come across anything that uses file access time stamps).

Forensics (mostly useful on production machines with well understood
use patterns and software -- atime is rarely useful even there, but
that's true of most forensic issues and tools).

--
Raul

Re: install the sets, install70.img

2022-02-13 Thread Raul Miller 
If I unplug and reinsert the usb drive, after about a minute, I get an
asynchronous blue background bit of text:

uhub0: port 2, set config 0 at addr 6 failed
uhub0: device problem, disabling port 2

There's a second usb socket on the other side of the machine. If I
transfer the drive over to that side, the eventual message is,
instead:

uhub: port 5, set config 0 at addr 6 failed
uhub: device problem, disabling port 5

I guess my next step is to try finding some different kind of usb
media to install from, to see if that changes anything.

Thanks,

-- 
Raul

On Sun, Feb 13, 2022 at 11:22 AM Kristo  wrote:
>
> Hi,
>
> Since more sensible suggestions have already been made I'd just
> like to mention that some time ago I was installing OpenBSD on
> somewhat unusual hardware and during this step I had to reinsert
> the USB for it to be recognized correctly.
>

Re: install the sets, install70.img

2022-02-13 Thread Raul Miller 
On Sun, Feb 13, 2022 at 10:25 AM Maurice McCarthy  wrote:
> Wow, cannot even see your usb drive. Now I am right out of my depth.
> The sdhc0 and sdmmc0 are to do with the SD card slot.

I am also out of my depth.

That said, here is dmesg | grep -n ^ (hand typed to another machine,
and then proofread).

1:OpenBSD 7.0-current (RAMDISK_CD) #322: Sat Feb 12 12:19:10 MST 2022
2:dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
3:real mem = 4083228672 (3894MB)
4:avail mem = 3955458048 (3772MB)
5:random: good seed from bootblocks
6:mainbus0 at root
7:bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x79b69000 (75 entries)
8:bios0: vendor American Megatrends Inc. version
"E3-BI-11.6-Y116AR700-001-B" date 04/28/2020
9:acpi0 at bios0: ACPI 6.0
10:acpi0: tables DSDT FACP FPDT FIDT MSDM MCFG DBG2 DBGP HPET LPIT
APIC NPKT PRAM SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 WDAT
11:acpihpet0 at acpi0: 1920 Hz
12:acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
13:cpu0 at mainbus0: apid 0 (boot processor)
14:cpu0: Intel(R) Celeron(R) CPU N3450 @ 1.10GHz, 1097.13 Mhz, 06-5c-09
15:cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVEBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
16:cpu0: 1MB 64b/line 16-way L2 cache
17:cpu0: apic clock running at 19MHz
18:cpu0: mwait min=64, max=64, C-substates=0.2.0.2.4.2.1.1, IBE
19:cpu at mainbus0: not configured
20:cpu at mainbus0: not configured
21:cpu at mainbus0: not configured
22:ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins
23:acpiprt0 at acpi0: bus 0 (PCI0)
24:acpiprt1 at acpi0: bus 3 (RP01)
25:acpiprt2 at acpi0: bus 4 (RP02)
26:acpiprt3 at acpi0: bus 1 (RP03)
27:acpiprt4 at acpi0: bus -1 (RP04)
28:acpiprt5 at acpi0: bus -1 (RP05)
29:acpiprt6 at acpi0: bus 2 (RP06)
30:acpiec0 at acpi0
31:acpipci0 at acpi PCI0: 0x 0x0011 0x0001
32:"ACPI0003" at acpi0 not configured
33:"PNP0C0A" at acpi0 not configured
34:"PNP0C0D" at acpi0 not configured
35:"SYNA3602" at acpi0 not configured
36:"ID9001" at acpi0 not configured
37:acpicmos0 at acpi0
38:aplgpio0 at acpi0 GPO0 uid 1 addr 0xd0c5/0x76c irq 14, 78 pins
39:aplgpio1 at acpi0 GPO1 uid 2 addr 0xd0c4/0x764 irq 14, 77 pins
40:aplgpio2 at acpi0 GPO2 uid 3 addr 0xd0c7/0x674 irq 14, 47 pins
41:aplgpio3 at acpi0 GPO3 uid 4 addr 0xd0c0/0x654 irq 14, 43 pins
42:"INT33A1" at acpi0 not configured
43:"MSFT0101" at acpi0 not configured
44:"PNP0C0C" at acpi0 not configured
45:"INT33D5" at acpi0 not configured
46:"INT3400" at acpi0 not configured
47:"INT3403" at acpi0 not configured
48:"PNP0C0B" at acpi0 not configured
49:acpicpu at acpi0 not configured
50:acpipwrres at acpi0 not configured
51:acpitz at acpi0 not configured
52:pci0 at mainbus0 bus 0
53:pchb0 at pci0 dev 0 function 0 "Intel Apollo Lake Host" rev 0x0b
54:vendor "Intel", unknown product 0x5a8c (class DASP subclass
miscellaneous, rev 0x0b) at pci0 dev 0 function 1 not configured
55:"Intel HD Graphics 500" rev 0x0b at pci0 dev 2 function 0 not configured
56:"Intel Apollo Lake HD Audio" rev 0x0b at pci0 dev 14 function 0 not
configured
57:"Intel Apollo Lake TXE" rev 0x0b at pci0 dev 15 function 0 not configured
58:ahci0 at pci0 dev 18 function 0 "Intel Apollo Lake AHCI" rev 0x0b:
msi, AHCI 1.3.1
59:ahci0: PHY offline on port 0
60:ahci0: PHY offline on port 1
61:scsibus0 at ahci0: 32 targets
62:ppb0 at pci0 dev 19 function 0 "Intel Apollo Lake PCIE" rev 0xfb: msi
63:pci1 at ppb0 bus 1
64:ppb1 at pci0 dev 19 function 3 "Intel Apollo Lake PCIE" rev 0xfb
65:pci2 at ppb1 bus 2
66:ppb2 at pci0 dev 20 function 0 "Intel Apollo Lake PCIE" rev 0xfb: msi
67:pci3 at ppb2 bus 3
68:ppb3 at pci0 dev 20 function 1 "Intel Apollo Lake PCIE" rev 0xfb: msi
69:pci4 at ppb3 bus 4
70:xhci0 at pci0 dev 21 function 0 "Intel Apollo Lake xHCI" rev 0x0b:
msi, xHCI 1.0
71:usb0 at xhci0: USB revision 3.0
72:uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
3.00/1.00 addr 1
73:dwiic0 at pci0 dev 22 function 0 "Intel Apollo Lake I2C" rev 0x0b:
apic 1 int 27
74:iic1 at dwiic0
75:dwiic1 at pci0 dev 22 function 1 "Intel Apollo Lake I2C" rev 0x0b:
apic 1 int 28
76:iic1 at dwiic1
77:dwiic2 at pci0 dev 22 function 2 "Intel Apollo Lake I2C" rev 0x0b:
apic 1 int 29
78:iic2 at dwiic2
79:ihidev0 at iic2 addr 0x2cdwiic2: timed out reading remaining 30
80:, failed fetching initial HID descriptor
81:dwiic3 at pci0 dev 22 function 3 "Intel Apollo Lake I2C" rev 0x0b:
apic 1 int 30
82:iic3 at dwiic3
83:dwiic4 at pci0 dev 23 function 0 "Intel Apollo Lake I2C" rev 0x0b:
apic 1 int 31
84:iic4 at dwiic4
85:dwiic5 at pci0 dev 23 function 1 "Intel Apollo Lake I2C" rev 0x0b:
apic 1 int 32
86:iic5 at dwiic5
87:dwiic6 at pci0 dev 23

Re: install the sets, install70.img

2022-02-13 Thread Raul Miller 
On Sun, Feb 13, 2022 at 8:53 AM Stuart Henderson
 wrote:
> Escape to a shell and see what you get from
>
>dmesg | grep ^sd

(This is hand-typed, from the install machine, but carefully proofread):

# dmsg | grep ^sd
sdhc0 at pci0 dev 28 function 0 "Intel Apollo Lake eMMC" rev 0x0b: apic 1 int 39
sdhc0: SDHC 3.0, 200 MHz base clock
sdmmc0 at sdhc0: 8-bit, sd high-speed, mmc high-speed, ddr52, dma
sd0 at scsibus1 targ 1 lun 0:  removable
sd0: 59040MB, 512 bytes/sector, 120913920 sectors
sdhc0 at pci0 dev 28 function 0 "Intel Apollo Lake eMMC" rev 0x0b: apic 1 int 39
sdhc0: SDHC 3.0, 200 MHz base clock
sdmmc0 at sdhc0: 8-bit, sd high-speed, mmc high-speed, ddr52, dma
sd0 at scsibus1 targ 1 lun 0:  removable
sd0: 59040MB, 512 bytes/sector, 120913920 sectors

I don't know what I am looking for here, does any of this seem
indicative of a likely problem?

Thanks,

-- 
Raul

Re: install the sets, install70.img

2022-02-13 Thread Raul Miller 
On Sun, Feb 13, 2022 at 8:29 AM Maurice McCarthy  wrote:
> If you look in /dev there are probably no sd1 files created (which I
> guess is where the usb stick is, provided there are no other disks
> present.) So drop to a shell

This sounds promising, and you were indeed correct that no sd1 files
had been created.

> # export TERM=vt220
> # cd /dev
> # ./MAKEDEV sd1 (!! Do not omit the sd1 or you will exhaust the ramdrive !!)
> # mkdir /usb
> # disklabel sd1

MAKEDEV was not executable, but that's easy to change.

Anyways, after making the sd1 device files, disklabel sd1 gets me:

disklabel: /dev/rsd1c: Device not configured.

(And, the install behavior is unchanged.)

Thanks,

-- 
Raul

Re: install the sets, install70.img

2022-02-13 Thread Raul Miller 
On Sat, Feb 12, 2022 at 11:43 PM Ricky Cintron  wrote:
> On Saturday, February 12th, 2022 at 5:44 PM, Raul Miller 
>  wrote:
>
> > ...
> > Location of sets? (disk http nfs or 'done') [http]
> > ...
>
> Entering 'disk' at this point should allow you to select the USB flash drive
> (device) as the location of the sets.

When I type disk at that prompt, it goes like this:

Is the disk partition already mounted? [yes]
Pathname to the sets? (or 'done') [7.0/amd64]
The directory '7.0/amd64' does not exist.
Pathname to the sets? (or 'done') [7.0/amd64]

Or:

Is the disk partition already mounted? [no]
Available disks are: sd0.
Which disk contains the install media? (or 'done') [sd0]

But sd0 is where I am installing openbsd -- it does not contain any sets.

Which is what prompted my previous email...

Thanks,

-- 
Raul

install the sets, install70.img

2022-02-12 Thread Raul Miller 
I am attempting to install openbsd on a maestro evolve iii notebook.

I am using the install70.img from
https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/ written to a usb
drive.

Installation prompts with responses as follows:
boot> (I let this time out)
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I
Choose your keyboard layout ('?' or 'L' for list) [default]
System hostname? (short form, e.g. 'foo') whatever

Available network interfaces are: vlan0
Which network interface do you wish to configure? (or 'done') [vlan0] done
DNS domain name? (e.g. 'example.com') [my.domain] bogus.invalid
DNS nameservers? (IP address list or 'none') [none]
Password for root account? (will not echo)
Password for root account? (again)
Start sshd(8) by default? [yes] no
Do you want the X Window System to be started by xenodm(1)? [no]
Setup a user? (enter a lower-case loginname, or 'no') [no]

Available disks are: sd0
Which disk is the root disk? ('?' for details) [sd0]
Use (W)hole disk MBR, whole disk (G)pt, (O)penBSD area or (E)dit? [OpenBSD] G
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
Location of sets? (disk http nfs or 'done') [http]

So here's my problem:

I was expecting that since I was using install70.img that I would have
an option to install the sets from the usb drive. But I do not see
that option listed here. And, dropping into shell, I do not see
anything that looks like a device file for the usb drive, to mount on
mnt2

Obviously, I am doing something wrong. But, what?

I am not currently prepared to bring up wifi on this machine, to
install the sets from the network. Should that be my only recourse
here?

I opt to use gpt rather than mbr, because this machine is an efi
machine, and I am under the impression that efi wants gpt. I think
this is the right choice, though if I am wrong about that, I would be
interested in hearing the reasoning. But, in any event, it's probably
not the source of this issue.

How should I access the sets which are supposed to be on the install media here?

Thanks,

-- 
Raul

Re: arrayfire?

2022-02-03 Thread Raul Miller 
On Thu, Feb 3, 2022 at 4:07 PM Nick Holland  wrote:
> As I recall, GPU hardware has access to basically all the RAM in a
> computer...

I think that this is always true at the bus level.

But I have also seen machines where the GPU was not able to access CPU memory.

Thanks,

-- 
Raul

Re: arrayfire?

2022-02-03 Thread Raul Miller 
Clarifying my question...

Arrayfire technically works without any gpu support (cpu context), but
openbsd has some support for amd gpus and conceptually that means that
arrayfire's use of opencl should be portable without herculean
efforts.

But, when I look for openbsd support of opencl, I see stale
suggestions that openbsd not be used:
https://marc.info/?l=openbsd-tech=151316732712240=2

And... I realize that this is a fuzzy question, one where I might have
to invest months or years of time to get a decent answer.

Still, ... if dead silence is the response here, ... maybe it's
something I should burn some time on...

Thanks,

-- 
Raul


On Thu, Feb 3, 2022 at 11:25 AM Raul Miller  wrote:
>
> Currently, openbsd has no arrayfire port (see: arrayfire.org).
>
> Arrayfire is a computational interface to gpu hardware.
>
> I am not looking for someone to port arrayfire to openbsd -- but I
> would like to know if such a port seems viable (are there obvious
> failure modes which would likely prevent such a port from succeeding?)
>
> Thanks,
>
> --
> Raul

arrayfire?

2022-02-03 Thread Raul Miller 
Currently, openbsd has no arrayfire port (see: arrayfire.org).

Arrayfire is a computational interface to gpu hardware.

I am not looking for someone to port arrayfire to openbsd -- but I
would like to know if such a port seems viable (are there obvious
failure modes which would likely prevent such a port from succeeding?)

Thanks,

-- 
Raul

Re: clang performance bug is worse on openbsd than freebsd

2021-11-08 Thread Raul Miller 
Sorting an array of around 300 (or 3) randomly created unsigned
characters sounds like a task tailor made for binsort.

(Which seems plausibly worth mentioning in this context.)

That said, the key openbsd issues might not include performance on
this particular benchmark.

Thanks,

-- 
Raul

On Sun, Nov 7, 2021 at 9:16 PM Luke Small  wrote:
>
> https://bugs.llvm.org/show_bug.cgi?id=50026
>
> I reported it to the llvm people. it is two slightly different quicksort
> algorithms which perform radically differently. The one which you could
> assume would take more time, performs MUCH better.
>
> I made a custom quicksort algorithm which outperforms qsort by A LOT for
> sorting an array of around 300 randomly created unsigned characters, which
> is what I use it for.
>
> if you read the report a guy said there's a 10% difference for sorting 3
> million characters on freebsd, but there's about 40% performance difference
> on OpenBSD. maybe it's also how the OpenBSD team modified clang to prevent
> rop chain stuff or something? I'm using a westmere based intell server.
>
> it's the same for clang 11.
>
> What's the deal?
>
> -Luke


sort_test2r.c
Description: Binary data

Re: How does bsd.upgrade work?

2021-10-21 Thread Raul Miller 
A couple minutes of looking things up suggest
https://marc.info/?l=openbsd-tech=141807224826859 as a plausible
starting point for that kind of inquiry.

Take care,

-- 
Raul

On Thu, Oct 21, 2021 at 8:15 AM  wrote:
>
> On Tue, Oct 19, 2021 at 09:32:21PM +0100, Stuart Henderson wrote:
> >> That's intentional.
> >
> >OK. Since you didn't realise this breaks sysupgrade you might also
> >not realise it weakens RNG initialisation, it is not recommended
>
> Where can I read more about this?
>

Re: Run a command on "last day of month"

2021-09-01 Thread Raul Miller 
Or, since last day of the month never occurs before the 28th, you
could run the script only on days which might be the last of the
month,

Also, since crontab does support a month column, you could have three
crontab entries: one for months with 31 days (month: 1,3,5,7,8,10,12),
another for months with 30 days (month:4,6,9,11), and another for
February. Then, you could either neglect the 29th of February, or you
could have your script do a year test (and the next year evenly
divisible by 4 which is not a leap year is 2100).

FYI,

-- 
Raul

On Wed, Sep 1, 2021 at 8:04 AM Nick Holland  wrote:
>
> On 9/1/21 5:50 AM, Joel Carnat wrote:
> > Hello,
> >
> > I would like to run a command on "the last day of each month".
> >
> >   From what I understood reading the crontab(5) manpage, the simplest way
> > would be setting day-of-month to "28-31". But this would mean running
> > the command 4 times for months that have 31 days.
> >
> > Is there a simpler/better way to configure crontab(1) to run a command
> > on "the last day of month" only ?
> >
> > Thank you,
> > Joel C.
> >
>
> Just run your script every day, and first thing in the script, check to see
> if it is the last day of the month -- and quickly exit if it isn't.  Very
> cheap to do and relatively easy if you know a good trick to do it.
>
> http://holland-consulting.net/scripts/endofmonth.html
>
> Find the last day of the month:
> $ set $(cal)
> $ shift $(($# - 1))
> $ echo $1
> 30
>
> Compare to today:
> $ date "+%d"
> 1
>
> rather easy, and fairly portable.
> You could probably stuff it into a one-liner in a crontab, but I would not
> recommend it.
>
>
> Nick.
>

Re: sndiod on by default (does it need to be ? )

2021-02-21 Thread Raul Miller 
On Sun, Feb 21, 2021 at 1:38 PM Stuart Henderson  wrote:
> I don't honestly think it's worth going to the trouble of disabling.
> Look at the other software you run which isn't enabled in OpenBSD by
> default - that's where your attack surface is ;)

Also look at your hardware, and look at the documentation on the
software you're using.

Unless your concern is malware specifically targeted at your
environment, the consequences of being hit by malware probably aren't
going to be too far away from the consequences of running on faulty
hardware and/or not understanding your software.

(Malware specifically targeted at your environment would most likely
be motivated along the lines of discrediting you and/or your efforts.
And that's usually more easily accomplished using other methods, like
capitalizing on your most obvious mistakes.)

(If your concern is protection of trade secrets or loss of critically
important information: ink on paper does a pretty good job of holding
comprehensible information, and it has an attack surface which is
quite small, etc. But mostly, if those are concerns for you, it's
going to be about the people you're working with, and their
motivations. Also, mostly: NASA is a much better source of good
technical information, for those who want that.)

("Don't worry about people stealing an idea. If it's original, you
will have to ram it down their throats." -- Howard H. Aiken)

Anyways, the point I am trying to make here is that you're going to
notice some problems too late (so having plans for dealing with
failures is good, and having a variety of ways of isolating failures
is good).

That said: planning for the wrong disaster is usually better than not
planning for any disasters.

Good luck,

-- 
Raul

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

2020-05-11 Thread Raul Miller 
On Mon, May 11, 2020 at 9:17 PM  wrote:
> I was told on the chat that Linux GNU software has hardly visible NSA 
> backdoors and IMHO most funding for Linux seems to be from USA ?

This is beyond incompetent. You've got the wrong mailing list for this
kind of issue, you haven't identified the version with the problem,
you haven't even identified the problem.

All you are doing is citing vague rumor.

Why are you doing this?

-- 
Raul

Re: 'post quantum' encryption algorithm(s) in latest libressl and upcoming 6.7 to chose

2020-05-09 Thread Raul Miller 
On Sat, May 9, 2020 at 1:05 PM Kevin Chadwick  wrote:
> Careful of what sources you trust! If a processor was storing the keys used, 
> non
> volatile then people would have found out. Software encryption wouldn't save 
> you
> either. If there is a back door it won't have anything to do with AES-NI that
> can be analysed so easily.

Indeed -- human based key compromise issues severely outweigh the risk
of direct attacks on a tcp session with encrypted content.

That said, the risk with encrypted material here is not attacks on
individual sessions but opportunistic attacks on large bodies of
sample material (with, of course, human assist which will often have
economic basis and vectors).

(That said, I would also keep in mind also that supposedly the
computer industry has hit a performance wall because of Moore's Law
issues. But, assuming that there's a thread of truth in the marketing,
we also have reason to believe that 5G switches at speeds an order of
magnitude faster than anything we see on computer busses. So it's not
just about the size of the transistors. And, sure, there's real issues
there, but I think we have to assume that some of what we're hearing
about computational abilities and limits isn't completely factual.)

Thanks,

-- 
Raul

Re: Regarding randomized times in crontab

2020-04-18 Thread Raul Miller 
On Sat, Apr 18, 2020 at 12:25 PM Aham Brahmasmi  wrote:
> The examples and Theo's reply helped in understanding the nuance. It
> might seem logical and common sense on further thought, as Janne has
> pointed out. But at least in my case, it was not immediately apparent.

Yeah, after rethinking it, I had goofed in my reading.

I guess it's nothing that a simple experiment wouldn't have shown up.

That said, it wouldn't have been difficult to also calculate the first
minute of each new ~ delimited interval and (re-)randomize it at that
point in time. (The system already calculates the min and max for each
~ instance.)

Thanks,

--
Raul

Re: Regarding randomized times in crontab

2020-04-16 Thread Raul Miller 
That's a poorly phrased question, to be honest.

In one sense the point in time where the job is scheduled has to be
different -- it's a point in time in a different 24 hour period.

But in another sense (a sense closer to what you probably intended)
the point in time can't be guaranteed to be different. There's a
finite number of minutes in a day and picking one pseudo-randomly
would occasionally collide. Consider, as an extreme example, a system
which reboots often and is only up for 1 minute every 24 hour period.

But, such collisions should be rare, and that specific extreme case
example was ludicrous.

Anyways, on a normally operating machine, you should expect the same
minute to be used slightly more often than once every four years. And,
a difference less than 2 minutes would happen more often (around once
a year, depending on exactly where you draw the line).

But, if you don't trust what I have said here (and maybe you should
not) what you really want to understand is the algorithm being used,
and the best way to discover that is to look at the implementation.
https://www.openbsd.org/anoncvs.html  -- Specifically, you'll want to
look at the implementation of get_range() in usr.sbin/cron/entry.c

FYI,


--
Raul

On Thu, Apr 16, 2020 at 12:41 PM Andreas Kusalananda Kähäri
 wrote:
>
> Thanks for that!
>
> Also, considering a job scheduled like
>
> ~ ~ * * * somecommand
>
> I'm assuming, provided that the cron daemon is not restarted, this would
> run the job at a single random point in each 24h period, right?  A
> *different* point in time, each 24 period?
>
>
>
> On Thu, Apr 16, 2020 at 10:28:34AM -0600, Theo de Raadt wrote:
> > Yes.
> >
> > But that problem already existed with the minutes field being >close to
> > the moment cron was restarted.
> >
> > Only difference is now you don't know the minute.
> >
> >
> > Andreas Kusalananda Kähäri  wrote:
> >
> > > Thanks for the ~ crontab(5) feature!
> > >
> > > Question: If the cron daemon is restarted (e.g. via reboot) during the
> > > interval during which a cron job may be randomly triggered, is there a
> > > risk (or even guarantee) that the job may run a second time?
> > >
> > >
> > > Regards,
> > >
> > > --
> > > Andreas (Kusalananda) Kähäri
> > > SciLifeLab, NBIS, ICM
> > > Uppsala University, Sweden
> > >
> > > .
> > >
>
> --
> Andreas (Kusalananda) Kähäri
> SciLifeLab, NBIS, ICM
> Uppsala University, Sweden
>
> .
>

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

2020-04-14 Thread Raul Miller 
On Tue, Apr 14, 2020 at 3:38 PM Consus  wrote:
> It is modular to a degree, but separating services requires a bit of
> work so yeah, in this area systemd sucks. Documentation is pretty good
> though.  I don't like the complexity of the thing, but I've never been
> stuck because there is not enough docs.

Got any good docs on how to debug (or monitor) D-Bus issues?

Thanks,

--
Raul

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

2020-04-14 Thread Raul Miller 
On Tue, Apr 14, 2020 at 1:37 PM Consus  wrote:
> On Tue, Apr 14, 2020 at 05:10:14PM +0200, Oddmund G. wrote:
> > I know all this, Ottavio. I have been using GNU+Linux since 1994 after
> > several years with Ultrix/VMS/OpenVMS @DEC: Slackware in the beginning, then
> > Debian until the forced introduction of systemd and the rest of the crap
> > being considered as 'much better' and 'mandatory'.
>
> Because systemd is good enough "base tools suite". Think of it as a base
> system like OpenBSD provides. It has a _lot_ of issues with reliability,
> consistency and whatever, but simply put, other Linux folks failed to
> provide similar tools. Maybe someday someone will make something better.

I think that thinking of it this way would be some kind of mistake:

Last I checked, systemd was not modular, was poorly documented,
exhibited incompatibilities with basically all historical interfaces,
and had introduced a variety of boot-time race conditions (which
mostly hit people who tried to change the configuration from the
default). These are all solvable problems, but OpenBSD is not the only
distribution which suffers from a lack of competent contributions.

I don't think Linux is particularly doomed -- computer systems tend to
stick around far longer than most sales pitches would have you
believe. But these are concerning issues.

But that's also why these sorts of discussions tend to be fairly
worthless. While there are attractive things (for some use cases)
about systemd, the likelihood of a competent port to OpenBSD (which
addresses the above listed problems) isn't something anyone is
volunteering for. It would be a lot of work -- possibly a complete
rewrite and more work than anyone has put into systemd to date.

-- 
Raul

Re: Help: System hang/Lockup using snapshots on Intel i5 NUC?

2020-03-07 Thread Raul Miller 
You might also try testing that memory on that machine is not faulty.

(I've been struggling with an ongoing onslaught of machines with faulty memory.)

FYI,

-- 
Raul

On Fri, Mar 6, 2020 at 6:19 PM Raymond, David  wrote:
>
> You might try an alternate desktop/window manager such as lxqt or
> icewm and see if the problem persists.  When I tried XFCE on my X1
> carbon laptop, XFCE was not so nice, though I can't remember the
> details at this point.
>
> Dave Raymond
>
> On 3/5/20, Why 42? The lists account.  wrote:
> >
> > Hi All,
> >
> > We've been running OpenBSD on a server for several years now and its been
> > reliable with minimal issues, so I thought I would also like to try it as
> > a desktop system.
> >
> > Thus I've been experimenting with an Intel NUC 8i5BEH running OpenBSD
> > current snapshots and with XFCE as the Windowing system. And it all works
> > very nicely. So well in fact that I've added an SSD, NFS mounted my old
> > Linux box and rsynced over my home directory. OpenBSD as my main desktop
> > system!
> >
> > For the most part everything has gone well, I have only noticed one
> > serious issue so far: The complete system hangs intermittently. Which is
> > naturally a bit of a downer :(.
> >
> > When this happens the mouse is frozen, the capslock LED on the (USB)
> > keyboard doesn't light up and the system doesn't respond to ssh. To
> > recover I have to hold down the power switch to shutoff the system, then
> > turn it on again, reboot and examine the resulting fsck errors.
> >
> > I have impression this often occurs when using a Web browser. At first
> > when I used Iridium, then Chrome, it seemed to happen every few hours.
> > When I switched to trying Firefox, then the hangs seemed to occur less
> > often, maybe every day or two. Perhaps I'm doing less browsing because of
> > the hangs :).
> >
> > The graphics driver being used is: inteldrm0 at pci0 dev 2 function 0
> > "Intel Iris Plus Graphics 655" rev 0x01
> >
> > I can leave the system running, sitting at the xenodm screen, for days
> > without issue. I've also done a couple of complete memtest86 runs without
> > error. I've even upgraded to the latest BIOS/firmware version.
> >
> > I've increased maxproc and maxfiles in sysctl.conf and also set
> > ddb.panic=0 thinking that the behaviour might change to a panic+reboot
> > instead of a hang, but this made no difference.
> >
> > After a hang + reboot there is nothing obvious in the log files.
> >
> > Any suggestions how to further debug such an issue?
> >
> > The OpenBSD kernel tells me that there is a serial port / UART (com0 at
> > isa0 port 0x3f8/8 irq 4: ns16550 ...) but I've taken the NUC to pieces
> > and I cannot see anything on the board that looks like a serial port
> > header.
> >
> > The kernel does log a few of dubious messages at boot time. There are
> > several instances of "not configured". And there is one occurrence of
> > "mem address conflict 0xfe01/0x1000". I don't know if these are
> > relevant, generally the system seems quite stable. Until it isn't. If you
> > see what I mean. (See below for a complete set of boot time messages).
> >
> > I would be grateful for any support in debugging, or even better,
> > resolving this issue.
> >
> > Cheers,
> > Robb.
> >
> > mjoelnir:log 5.03 23:22:54 # dmesg
> > OpenBSD 6.6-current (GENERIC.MP) #20: Sat Feb 29 14:38:12 MST 2020
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 34201518080 (32617MB)
> > avail mem = 33152389120 (31616MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x7a9a4000 (77 entries)
> > bios0: vendor Intel Corp. version "BECFL357.86A.0077.2019.1127.1452" date
> > 11/27/2019
> > bios0: Intel(R) Client Systems NUC8i5BEH
> > acpi0 at bios0: ACPI 6.1
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT HPET SSDT SSDT UEFI
> > LPIT SSDT SSDT DBGP DBG2 DMAR SSDT NHLT BGRT TPM2 WSMT
> > acpi0: wakeup devices SIO1(S3) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4)
> > PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4)
> > PXSX(S4) RP08(S4) [...]
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz, 9182.89 MHz, 06-8e-0a
> > cpu0:
> > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0,

Re: man to render pure text? (or a pipe in vi macros ?)

2020-03-02 Thread Raul Miller 
Have you looked at:
  man col
?

(Especially for the -b option...)

And, for that matter, have you looked at
   man col | cat -vet | less
?

Alternatively, have you tried using any web searches on this topic?

Thanks,

-- 
Raul

On Mon, Mar 2, 2020 at 12:01 PM Marc Chantreux
 wrote:
>
> hello,
>
> > Try the mandoc manual page, man is just a front-end to it. Both
> > man/mandoc support -T option and you can specify ascii/utf8 to get the
> > formatted page but it still adds all escape sequences.
>
> indeed, that's why i asked
>
> > The documentation
> > says to pipe the output to col -b to suppress them (I think what you did
> > with the alternative fmt command).
>
> i felt dumb reading this as i gave a try to the mandoc man. but i just
> double checked:
>
> man mandoc|col -b|grep -w col
>
> gives me nothing. can you please tell me what documentation explicitly refers
> to col -b? i can probably learn more from it.
>
> regards
> marc
>

Re: What is you motivational to use OpenBSD

2020-01-10 Thread Raul Miller 
On Wed, Aug 28, 2019 at 10:41 AM Mohamed salah
 wrote:
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?

I wanted a machine with tcp and udp but which wasn't listening for rpc
requests, and OpenBSD was the quickest way for me to get there.

Thanks,

-- 
Raul

Re: Turbo boost and performance degradation

2019-12-31 Thread Raul Miller 
This might be relevant:

hw.setperf=0

See also: https://man.openbsd.org/cpu.4

-- 
Raul

On Tue, Dec 31, 2019 at 1:57 PM Leo  wrote:
>
> hi
>
> my russian friend has a trouble running OpenBSD
> on his laptop, he reports that Turbo Boost is
> not working (OpenBSD limits him to 1100 MHz),
> he also reports that he owns /dev/drm0, but
> everything is slow, he can't even play videos
> in Firefox
>
> I attach his dmesg, Xorg.0.log and sysctl hw:
> OpenBSD 6.6-current (GENERIC.MP) #576: Mon Dec 30 11:57:39 MST 2019
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4096020480 (3906MB)
> avail mem = 3959422976 (3776MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xfaf60 (44 entries)
> bios0: vendor LENOVO version "6GCN24WW" date 11/13/2017
> bios0: LENOVO 81A4
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP UEFI BDAT DBG2 DBGP HPET LPIT APIC MCFG NPKT PRAM 
> WSMT SSDT SSDT BATB SSDT SSDT SSDT SSDT MSDM SSDT FPDT BGRT WDAT UEFI
> acpi0: wakeup devices LID0(S3) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) 
> PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) XHC_(S4) 
> XDCI(S4) HDAS(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 1920 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU N3350 @ 1.10GHz, 1097.97 MHz, 06-5c-09
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 19MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.2.4.2.1.1, IBE
> cpu1 at mainbus0: apid 4 (application processor)
> cpu1: Intel(R) Celeron(R) CPU N3350 @ 1.10GHz, 1097.49 MHz, 06-5c-09
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 2, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe000, bus 0-63
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (RP01)
> acpiprt2 at acpi0: bus 2 (RP02)
> acpiprt3 at acpi0: bus -1 (RP03)
> acpiprt4 at acpi0: bus -1 (RP04)
> acpiprt5 at acpi0: bus -1 (RP05)
> acpiprt6 at acpi0: bus -1 (RP06)
> acpiec0 at acpi0
> acpicpu0 at acpi0: C3(10@150 mwait.1@0x60), C2(10@50 mwait.1@0x21), C1(1000@1 
> mwait.1@0x1), PSS
> acpicpu1 at acpi0: C3(10@150 mwait.1@0x60), C2(10@50 mwait.1@0x21), C1(1000@1 
> mwait.1@0x1), PSS
> acpipwrres0 at acpi0: FN00, resource for FAN0
> acpitz0 at acpi0: critical temperature is 100 degC
> aplgpio0 at acpi0: GPO0 uid 1 addr 0xd0c5/0x76c irq 14, 78 pins
> acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
> acpibat0 at acpi0: BAT1 model "BASE-BAT" serial 12345678 type LiP oem "LENOVO"
> "VPC2004" at acpi0 not configured
> acpibtn0 at acpi0: LID0
> "SYNA2B38" at acpi0 not configured
> acpiac0 at acpi0: AC unit offline
> acpibtn1 at acpi0: PWRB
> acpicmos0 at acpi0
> aplgpio1 at acpi0: GPO1 uid 2 addr 0xd0c4/0x764 irq 14, 77 pins
> aplgpio2 at acpi0: GPO2 uid 3 addr 0xd0c7/0x674 irq 14, 47 pins
> aplgpio3 at acpi0: GPO3 uid 4 addr 0xd0c0/0x654 irq 14, 43 pins
> "INT33A1" at acpi0 not configured
> "INT3400" at acpi0 not configured
> "INT3406" at acpi0 not configured
> "INT3403" at acpi0 not configured
> "INT3403" at acpi0 not configured
> "PNP0C0B" at acpi0 not configured
> acpivideo0 at acpi0: GFX0
> acpivout0 at acpivideo0: DD1F
> cpu0: Enhanced SpeedStep 1097 MHz: speeds: 1101, 1100, 1000, 900, 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Apollo Lake Host" rev 0x0b
> vendor "Intel", unknown product 0x5a8c (class DASP subclass miscellaneous, 
> rev 0x0b) at pci0 dev 0 function 1 not configured
> inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 500" rev 0x0b
> drm0 at inteldrm0
> inteldrm0: msi
> azalia0 at pci0 dev 14 function 0 "Intel Apollo Lake HD Audio" rev 0x0b: msi
> azalia0: codecs: Realtek ALC269, Intel/0x280a, using Realtek ALC269
> audio0 at azalia0
> "Intel Apollo Lake TXE" rev 0x0b at pci0

Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

2019-12-31 Thread Raul Miller 
On Tue, Dec 31, 2019 at 1:32 PM  wrote:
> I'm curious to know if there are any languages other than C and perl in
> use in OpenBSD base.

It's pretty easy to download the sources for base, and then:

tar zxf src.tar.gz
find . -type f -name '*.*' | sed 's/^.*\.//' | sort | uniq -c | sort
-n | tail -40

But, anyways: yes there are (and not just cpp and m4 and shell).

And, I can see why Theo seems to radiate such impatience at the
inanity of, for example, this thread.

-- 
Raul

Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

2019-12-31 Thread Raul Miller 
On Tue, Dec 31, 2019 at 11:46 AM Roderick  wrote:
> I am curious to know why tcl, my fovourite scripting lanuage, would
> not be a candidate.

If OpenLuaBSD would be a welcome fork, I don't see why OpenTCLBSD
would be any worse.

Doesn't mean anyone wants to write it.

-- 
Raul

Re: vi in ramdisk?

2019-11-15 Thread Raul Miller 
On Fri, Nov 15, 2019 at 1:17 PM Roderick  wrote:
> On Fri, 15 Nov 2019, Ian Darwin wrote:
> > Who needs cat when you have echo?
>
> Echo? Necessary?! Terrible waste of paper in a teletype terminal!
> I remember editing with sos in TOPS 10 after giving the command:
> tty noecho.

This is starting to smell like premature optimization.

Contrast, for example:

$ (echo this; echo is; echo test) >file

vs

$ cat >file
this
is
a
test

And tell me: which uses more paper?

(Answer: neither, in my case, since I am not using a teletype machine.)

Thanks,

-- 
Raul

Re: Tools for writers

2019-11-05 Thread Raul Miller 
On Tue, Nov 5, 2019 at 1:58 PM Marc Chantreux  wrote:
> yes ... what's the point of using another format than postscript
> directly. ...

That's not a really question (nor does it fit here).

> that said: i'll really give troff a try again when i will figure out how
> to create templates for the documents i need (as i said in a previous
> message: i have a layout problem)

First mention of templates in this four dozen message thread.

What templates?

Thanks,

-- 
Raul

Re: On blindly running code

2019-10-18 Thread Raul Miller 
On Fri, Oct 18, 2019 at 8:23 AM  wrote:
> That's not to even start on the fact that it's little more than process 
> switching and virtual memory on steroids, so the extra seperation on top of 
> what the OS already provides is little more than smoke and mirrors.


My mental model of computer security often approximates putting a bank
vault door on a picket fence (and maybe setting up a sniper to stop
people from climbing over the door).

Doesn't mean that the exercises weren't worthwhile, but in my opinion
we put far too little effort into making people comprehend what's
going on.
(Not entirely true, and raspberry pi/arduino
communities for example have been putting in some useful efforts.
OpenBSD is no slouch, either, but I sometimes worry about the lack of
focus on physical and electronic abstraction layers.)

In my opinion, good computer security typically involves multiple
pieces of independent hardware (and good practices such as making and
recovering backups (I've seen backup systems which never worked where
that wasn't detected until they were needed because no one thought to
test the backups (... then again, I've also seen multiple redundant
systems taken out by a single stroke of lightning because they were in
the same room... ))).

Anyways, we do what we can, and no security can be perfect, but also
the existence of flaws is not, in and of itself, a reason to give up.
Better to classify that as "room for improvement".

(Also, sad to say, but: smoke and mirrors can sometimes be useful --
if you have enough other measures in place.)

Thanks,

-- 
Raul

Re: spool smtpd filling

2019-09-19 Thread Raul Miller 
You should probably look at what you see there.

-- 
Raul

On Thu, Sep 19, 2019 at 3:35 PM sven falempin  wrote:
>
> Sorry to disturb ,
>
> what is filling my /var/spool/smtpd/offline directory ?
>
> Smtpd is off on my device ( no mailing ) weekly/monthly active or not
> it feels this directory
> ( looks like 6.4 novelty )
>
> Best.
>

Re: Why regex doesn't work in while loop's condition?

2019-09-06 Thread Raul Miller 
On Fri, Sep 6, 2019 at 2:40 PM JohnS  wrote:
> Why next construction doesn't work?
>
> read x; while [ "$x" != [abc] ]; do echo "Not a, b or c"; break; done

People have been focusing on the syntax of arguments for test (the
left bracket operation), but there's no 'next' here.

You are reading x just once and then going into a loop. That's almost
certainly not what you want to do.

You might want to be doing something like this:

   while read x; ! echo $x | egrep -q '[abc]'; do echo 'Not a, b or c'; done

But, given how non-functional your code example was, and how
non-descriptive your surrounding text was, it's kind of hard to
tell...

That said, good luck,

-- 
Raul

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Raul Miller 
I would fix the issue, or use something else to get that done or
abandon that project.

(I am not sure why you would imagine that using OpenBSD implies not
using other operating systems. It's *because* I use other operating
systems that I like using OpenBSD.)

Thanks,

-- 
Raul

On Wed, Aug 28, 2019 at 10:41 AM Mohamed salah
 wrote:
>
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?

Re: linux hacked...

2019-08-14 Thread Raul Miller 
You  haven't provided enough information to give a definitive answer.

Installing OpenBSD should get you up and working again. But you'll
need to study the documentation and learn how to pull information from
logs and generally be able to keep an eye on things if you want other
people to be able to help you.

Thanks,

-- 
Raul

On Wed, Aug 14, 2019 at 10:22 AM lgcmn  wrote:
>
> hello, i am having serious issues w/Linux...ubuntu...and my boot sticks seem 
> to be corrupted now as well - we were actually hacked and it seems that we 
> are still being attacked...i'm not a professional, so have no way of proving, 
> but i was running netstat and wireshark and i could see the hits and 1 ip 
> addr in particular had many bad comments when researched...kept getting 
> several hits from same (also firefox browser made calls to same ip) and a few 
> others...also saw, when i had no browser open, link to our router, link to 
> localhost on my machine, finally noticed that the bootsticks started off 
> allowing me to create bootable drives, and now, the options aren't 
> allowed...there are other things that have happened, but it just sounds a 
> little off the deep end...bottom line is we need to get our pc back online...
>
> so my question is, do you feel that openbsd will be negatively affected by 
> any bad coding / scripts that have been installed on the machine as Linux 
> seems to have been...
>
> thank you for any insights...
>

Re: SCM

2019-07-22 Thread Raul Miller 
Both git and OpenBSD run on patches.

That said, OpenBSD has a cultural restriction of requiring people to
inspect the patches before incorporating them. Adopting git would be a
step away from that practice.

Does that help make sense of the current situation?

-- 
Raul

On Mon, Jul 22, 2019 at 11:04 AM Австин Ким  wrote:
>
> Hi,
>
> As someone completely new to OpenBSD the one immediate first impression that 
> most peculiarly sticks out like a sore thumb to me is the Project’s use of 
> CVS for source code management.  In the class I’m taking (the one for whose 
> class project I just recently downloaded OpenBSD/macppc for the first time to 
> install on IBM PowerPC 970/970MP-based Apple G5 hardware), we all use git for 
> SCM which I think is typical at most universities nowadays (at least in the 
> U. S.).  I am curious why the Project continues to use CVS and/or if 
> developers have in the past considered migrating the codebase to a 
> distributed SCM system like Mercurial which IMHO might make branching and 
> merging easier on developers, especially more recent developers coming out of 
> universities.  Is it because the Project prefers using a centralized versus 
> distributed SCM system?  Or is it just because that’s just the way it has 
> always been done and why change that?  And would migration to something like 
> hg be a possibility in the future that might possibly lower the psychological 
> barrier of entry for newer developers?  (And btw this is meant as a sincere 
> question with no intention to start a contentious debate; really just asking 
> out of curiosity because seeing CVS diffs in the mailing lists was what 
> visually jumped out most prominently to me for the first time; I’m sure after 
> spending more time with OpenBSD it could be something I could just get used 
> to.)
>
> Thanks for all the wonderful responses to my previous post which really 
> helped me gain a better understanding of the Project!
>
> All the best,
> Austin
>
> “If you want to change the future, start living as if you’re already there.”  
> —Lynn Conway
>

Re: When will OpenBSD become a friendly place for bug reporters?

2019-07-12 Thread Raul Miller 
On Thu, Jul 11, 2019 at 7:39 PM ropers  wrote:
> I've just noticed yet another false positive where Gmail has
> classified your email as spam here for the n-th time.  I'm not sure if
> that's just happening to my mailbox, or if it's Gmail-wide or, worse,

My gmail spam bucket contains some openbsd mailing list traffic, but
nothing from Ingo Schwarze. For example, nothing from this thread has
been classified as spam, for me.

(It may be that gmail spam countermeasures are partially personalized?)

((My apologies for contributing nothing relevant to the central topics
of this thread, but this tangent seemed worth a small comment.))

Thanks,

-- 
Raul

Re: When will OpenBSD become a friendly place for bug reporters?

2019-07-09 Thread Raul Miller 
On Tue, Jul 9, 2019 at 1:13 PM Leonid Bobrov  wrote:
> Theo, your excuse that OpenBSD is not more popular than Linux because AT
> sued BSD in 90's is ridiculous,

Nah, it's a relevant issue.

That said, it's not the only issue, which I imagine was the point you
were trying to get across.

-- 
Raul

Re: OT: hardware war with manufacturers (espionage claims)

2019-07-03 Thread Raul Miller 
Any sufficiently advanced technology is indistinguishable from noise,

https://en.wikipedia.org/wiki/Shannon%E2%80%93Hartley_theorem

Thanks,

-- 
Raul

On Tue, Jul 2, 2019 at 1:30 PM Brian Brombacher  wrote:
>
> Oh and if the implant is smart, it’ll detect you’re trying to find it and go 
> dormant.
>
> Even more good luck!
>
> > On Jul 2, 2019, at 1:24 PM, Brian Brombacher  wrote:
> >
> > Hardware implants go beyond just sending packets out your network card.  
> > They have transceivers that let agents control or snoop the device from a 
> > distance using RF.
> >
> > You need to scan the hardware with RF equipment to be sure.
> >
> > Good luck!
> >
> >>> On Jul 2, 2019, at 12:27 PM, Misc User  
> >>> wrote:
> >>>
> >>> On 7/2/2019 12:43 AM, John Long wrote:
> >>> On Tue, 2 Jul 2019 10:07:59 +0300
> >>> Mihai Popescu  wrote:
>  Hello,
> 
>  I keep finding articles about some government bans against some
>  hardware manufacturers related to some backdoor for espionage. I know
>  this is an old talk. Most China manufacturers are under the search:
>  Huawei, ZTE, Lenovo, etc.
> >>> It seems painfully obvious what's driving all the bans and vilification
> >>> of Chinese hardware and software is that the USA wants exclusive rights
> >>> to spy on you and won't tolerate any competition.
> >>> Does anybody think maybe the reason Google and Facebook don't pay taxes
> >>> anywhere might have something to do with what they do with all that
> >>> info they collect? Is the "new" talk about USA banning any meaningful
> >>> encryption proof of how seriously they take security and privacy?
>  What do you think and do when using OpenBSD on this kind of hardware?
> >>> Lemote boxes are kinda neat but they're not the fastest in the world.
> >>> It beats the hell out of the alternatives if you can live with the
> >>> limitations.
>  Do you prefer Dell, HP and Fujitsu?
> >>> Your only choice is probably to pick the least objectionable entity to
> >>> spy on you. If you buy Intel you know you're getting broken, insecure
> >>> crap no matter whose box it comes in. Sure it runs fast, but... in that
> >>> case everybody is going to spy on you.
> >>> /jl
> >>
> >> Assume everything is compromised.  Don't trust something because someone
> >> else said it was good.  Really, the only way to test if a machine is
> >> spying on you, do some kind of packet capture to watch its traffic until
> >> you are satisfied.  But also put firewalls in front of your devices to
> >> ensure that if someone is trying to spy on you, their command and
> >> control packets don't make it to the compromised hardware.
> >>
> >> Besides, subverting a supply a hardware supply chain is a difficult and
> >> expensive process.  And if there is one thing I've learned in my career
> >> as a security consultant, its that no matter how malevolent or
> >> benevolent a government is, they are still, above all, cheap and lazy.
> >> And in a world where everything is built with the first priority is
> >> making the ship date, there are going to be so many security flaws to be
> >> exploited.  So much cheaper and easier to let Intel rush a design to
> >> market or Red Hat push an OS release without doing thorough testing and
> >> exploit the inevitable remote execution flaws.
> >>
> >> Or intelligence agencies can take advantage of the average person's 
> >> tendency to laziness and cheapness by just asking organizations like 
> >> Google, Facebook, Comcast, Amazon to just hand over the data they gathered 
> >> in the name of building an advertising profile.
> >>
> >
>

Re: what about bootkit, infect the kernel and other security questions.

2019-06-29 Thread Raul Miller 
You might want to put five minutes into researching each of these questions
on your own. This would help you form more meaningful questions and would
also increase the likelihood that you would be able to understand the
responses.

That said, here's something that you (or maybe someone else) might find
useful:

https://en.wikipedia.org/wiki/The_Coroner%27s_Toolkit


Thanks,

-- 
Raul

On Saturday, June 29, 2019, Cord  wrote:

> Hi, I have some questions about security and computer forensics on opensbd.
>
> - Is openbsd vulnerable to bootkit ? and firmware rootkit ?
> - Can an attacker (with root) infect the kernel and insert code to be
> relinked ?
> - Can an attacker substitute the entire kernel with an infected one ? If
> yes, how to check its integrity ?
> - Are there forensics tools for openbsd ?
> - Could be usefull memory forensics frameworks like rekall and volatility
> in openbsd ? Is planned to build something like that ?
>
>
> Thank you.
> Cord
>
>
>
>

Re: Puffy — format SVG

2019-06-13 Thread Raul Miller 
On Thu, Jun 13, 2019 at 2:38 PM Stephane HUC "PengouinBSD"
 wrote:
> https://stephane-huc.net/img/EBNH/OBSD/Puffy.svg

This looks like an svg raster image (as opposed to a vector image,
which would take some manual effort).

Probably worth setting expectations accordingly?

Thanks,

-- 
Raul

Re: When will be created a great desktop experience for OpenBSD?

2019-05-23 Thread Raul Miller 
This looks like violent agreement. (It's perhaps worth noting that if
you change the first word here from "No" to "Yes" that the idea being
expressed does not change.)

Thanks,

-- 
Raul

On Thu, May 23, 2019 at 1:35 PM Patrick Harper  wrote:
>
> No, the installation program should make setup as easy as possible. The idea 
> of a common development platform for X being suited only for circa 100dpi 
> screens in 2019 is ludicrous. Making users pore  through half-a-dozen man 
> pages and config files to make their X systems usable on hidpi screens is 
> ludicrous.
>
> --
>   Patrick Harper
>   paia...@fastmail.com
>
> On Thu, 23 May 2019, at 16:58, Ingo Schwarze wrote:
> > Hi,
> >
> > Patrick Harper wrote on Thu, May 23, 2019 at 04:50:54PM +0100:
> >
> > > I think OpenBSD could be made easier to set up for GUI applications
> > > if some configuration that is currently done in files could be moved
> > > to the install program.
> >
> > I very strongly oppose the idea.
> >
> > > These questions (or similar) could be shown
> >
> > Absolutely not.  The installer should ask as few questions as possible,
> > ideally none whatsoever.  *That* is a way to simplify setup.
> >
> > The topics you mention have nothing to do with installation.
> > They are merely low-importance user configuration that can be done
> > at any time if desired.  But almost no user will ever have to consider
> > any of those; i certainly didn't, ever, and i have been using many
> > OpenBSD computers for almost two decades now, including with a wide
> > variety of GUI applications.
> >
> > Yours,
> >   Ingo
> >
>

Re: single user question

2019-05-15 Thread Raul Miller 
On Wed, May 15, 2019 at 3:05 PM James Huddle  wrote:
> What I am trying to do (thank you Troy Martin), is work through
> the standard answers and missteps toward a more secure OS,
> starting with OpenBSD and a flashlight.  It is my humble opinion
> that the optimal number of users for (say) a laptop is one.
> And the optimal number for a server is zero.  I doubt many would
> agree with that assessment, but I'm looking for solutions, regardless.

I'm going to try to phrase this politely, but I might trigger other
people to say some rude things (not sure if they'll be aimed at
myself, or not). Anyways...  I have two hypothetical questions you
should think about:

1) Why do you doubt that many would agree with that assessment?

2) Also, what is a "user"?

If by "user" you mean "person", that leads to some lines of discussion.

If by "user" you mean an integer value which appears under the label
"user_id" (or some variant, such as perhaps "uid") in a C structure,
that leads to other lines of discussion.

If by "user" you mean a line in the /etc/passwd file which identifies
a directory, that leads to yet other lines of discussion.

...

>From skimming this thread, I don't think you mean any of those. But if
no one knows what you mean, it doesn't really matter whether they
agree or disagree with you.

Thanks,

-- 
Raul

Re: hacked for the second time

2019-04-03 Thread Raul Miller 
If someone is using your ssh key and you do not want that to happen,
please replace your keys.

Thanks,

-- 
Raul

On Wed, Apr 3, 2019 at 2:58 PM Cord  wrote:
>
> Hi,
> I have some heavy suspect that my openbsd box was been hacked for the second 
> time in few weeks. The first time was been some weeks ago, I have got some 
> suspects and after few checks I have found that someone was been connected to 
> my vps via ssh on a non-standard port using my ssh key. The connection came 
> from a tor exit node. There were been 2 connections and up since 5 days. Now 
> I have some other new suspects because some private email seems knew from 
> others. Also I have found other open sessions on the web gui of my email 
> provider, but I am abolutely sure I have done the logout always.
> I am using just chrome+unveil and I haven't used any other script or opened 
> pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have used 
> epiphany *only* to open the webmail because chrome crash. My email provider 
> support html (obviously) but generally photo are not loaded. Ofcourse I have 
> pf enable and few service.
> I also use a vpn and I visit very few web site with chrome.. maybe 20 or 25 
> website just to read news. Sometimes I search things about openbsd.
> Anyone could help me ?
> Cord.
>
>
>

Re: article : undefined behavior and the purpose of C

2019-01-17 Thread Raul Miller 
Perhaps worth noting that a lot of this gcc quirkiness (and, via peer
pressure, clang quirkiness) was spawned in response to overly brittle
copyright laws and enforcement. (The expiration times have been
extended excessively to satisfy the likes of Disney, and the
enforcement seems to necessarily be focussed on stupid issues and most
people tend to be uninformed about the nature and character of the
laws and issues.)

To avoid the specter of copyright being enforced on computer software
(where the code tends to closely follow the spec), the gcc maintainers
(fsf and whoever else rms managed to recruit to that cause). adopted a
deliberate policy of extending and reinterpreting the specifications
and standards. As noted in that writeup, the consequences have not
always been good (and some pruning is probably warranted).

Fortunately, OpenBSD takes a more deliberate approach and this can
help temper some of that silliness (in part, through peer pressure).

That said, the laws themselves are a motivation here. In its current
form, copyright law has been overly hostile to industry and coding in
some ways, and presumably overly tolerant in some other ways (because
people have limited time and attention). The open source community has
been one successful workaround for this state of affairs. But the
"undefined behavior" sillinesses are one kind of example of where the
community misleads. Another successful workaround, in industry, has
been to offload manufacturing to China (which has not agreed to these
laws). But that introduces language barriers and other problems (which
are out of scope for this mailing list). Anyways, it seems like
industry should be demanding laws which enable it to get its work
done, but this isn't a subject suitable for polite conversation.

I wish I had a good answer here, but I don't...

That said, ... for now at least, focusing on practical issues hasn't
stopped being essential.

Responses to this message should go to me and not the list.

Thanks,

-- 
Raul


On Thu, Jan 17, 2019 at 8:07 AM Mayuresh Kathe  wrote:
>
> Don't know if this has been discussed here before, but I found the
> following excerpt from the article at
> http://www.yodaiken.com/2018/12/31/undefined-behavior-and-the-purpose-of-c/
> unnerving;
> ... often the writers of the ISO C Standard have thrown up their hands
> and labeled the effects of non-portable and potentially non-portable
> operations "undefined behavior" for which they provided only a fuzzy
> guideline.  Unfortunately, the managers of the gcc and clang C compilers
> have increasingly ignored the guideline and ignored well-established
> well-understood practice, producing  often bizarre and dangerous results
> ...
>

Re: Yes: The linux devs can rescind their license grant. GPLv2 is a bare license and is revocable by the grantor.

2018-12-24 Thread Raul Miller 
(1) Wrong mailing lists - these are not linux mailing lists.

(2) ... (I am not going to go over the legal mistakes you've made,
because of (1))...

(3) Anyways, ... people do make mistakes... But, please stop making
these mistakes.

Thanks,

-- 
Raul

On Mon, Dec 24, 2018 at 10:55 AM  wrote:
>
> Bradley M. Kuhn: The SFConservancy's new explanation was refuted 5 hours
> after it was published:
>
>
>
>
> Yes they can, greg.
>
> The GPL v2, is a bare license. It is not a contract. It lacks
> consideration between the licensee and the grantor.
>
> (IE: They didn't pay you, Greg, a thing. YOU, Greg, simply have chosen
> to bestow a benefit upon them where they suffer no detriment and you, in
> fact, gain no bargained-for benefit)
>
> As a bare license, (read: property license), the standard rules
> regarding the alienation of property apply.
>
> Therein: a gratuitous license is revocable at the will of the grantor.
>
> The licensee then may ATTEMPT, as an affirmative defense against your
> as-of-right action to claim promissory estoppel in state court, and
> "keep you to your word". However you made no such promise disclaiming
> your right to rescind the license.
>
> Remeber: There is no utterance disclaiming this right within the GPL
> version 2. Linus, furthermore, has chosen both to exclude the "or any
> later version" codicil, to reject the GPL version 3, AND to publicly
> savage GPL version 3 (he surely has his reasons, perhaps this is one of
> them, left unstated). (GPLv3 which has such promises listed (not to say
> that they would be effective against the grantor, but it is an attempt
> at the least)).
>
>
>
>
> The Software Freedom Conservancy has attempted to mis-construe clause 4
> of the GPL version 2 as a "no-revocation by grantor" clause.
>
> However, reading said clause, using plain construction, leads a
> reasonable person to understand that said clause is speaking
> specifically about the situation where an upstream licensee loses their
> permission under the terms due to a violation of the terms; in that case
> the down-stream licensee does not in-turn also lose their permission
> under the terms.
>
> Additionally, clause 0 makes it crystal clear that "You" is defined as
> the licensee, not the grantor. Another issue the SFConservancy's public
> service announcement chooses to ignore.
>
> Thirdly, the SFConservancy banks on the ignorance of both the public and
> the developers regarding property alienation. A license does not impinge
> the rights of the party granting the license in a quid-pro-quo manner
> vis a vis the licensee's taking. A license merely grants permission,
> extended from the grantor, to the licensee, regarding the article of
> property that is being impinged. A license is NOT a full nor is it a
> permanent alienation of the article(property) in question. The impinged
> property, being under a non bargained-for temporary grant, can be taken
> back into the sole dominion of the owner - at his election to do so.
>
>
>
> Now as to the 9th circuit appellate court's decision in Jacobsen v.
> Katzer . While the court waxes eloquently about opensource licenses,
> even mentioning the word "consideration" in it's long dicta, when it
> comes time to make the binding decision the court found that the lower
> (district) court was in _ERROR_ regarding the application of
> contract-law principals to the Artistic License, regarding the case, and
> instructed the lower court to instead construe said license as a
> Copyright License.
>
> The SFConservancy, and Bruce Perens have chosen to:
> 1) Rely on the dicta. (non-binding - "some things could be contracts -
> opensource is great")
> 2) Ignore the actual ruling. (Binding - Copyright License - Not
> Contract)
> 3) Ignore that this case was about the AL, not the GPLv2
> 4) Ignore the existence of different jurisdictions.
> (Why file in the roll-the-dice 9th district if you can file in a
> district that has personal-juristicion over the defendant and is much
> more consistent in it's rulings?)
> 5) Ignore all established law regard property licensing, contract
> formation, meeting of the minds, what consideration is etc.
>
> Which is not surprising considering the desire of people like Bruce
> Perens is to rob MEN of EVERY benefit of their Labour and every speck of
> happiness in life and to transfer those benefits to WOMEN and those who
> support women.
>
> (This is why people who are like Bruce Perens, the SFConservancy
> menbers, and the CoC supporters, banned men from taking female children
> as brides: in contrivance to the law of YHWH (Devarim chapter 22 - -
> verse 28 (na'ar (LXX: padia)), and continue to uphold that ban
> world-wide, and seek to destroy ALL cultures that do no bend to their
> will who are not idolators of Women)
>
>
>
>
> Look, you may love your users, you may love the people who edit your
> code in their home or office; but the fact of the matter is...
>
> They have done nothing for you, they have promised

Re: SSH extremely quickly dropped from T-Mobile phone hotspot

2018-09-16 Thread Raul Miller 
On Sun, Sep 16, 2018 at 2:50 AM Chris Bennett
 wrote:
> See, I'm a US citizen in a country that has these nasty FISA courts and
> a variety of new-ish unconstitutional laws that allow the President and
> others to plant fake content on my server, snatch me up, deny me a
> lawyer, detain me forever and kill me without cause.
>
> Did I forget to mention that all the ISPs I have used, including
> T-Mobile take my search requests sent to https, yes https://google.com
> and know what those search terms were?
>
> I guess I'm just a paranoid without cause??

So, yeah, and no, and yeah...

We've got problems, and some of them are people in government and some
of the are people in business and some of them are our in our laws.
But you can be almost certain that some of them are in how stuff gets
reported.

>From my point of view, the unconstitutional (aka: illegal) law which
bothers me the most are the copyright laws which favor Walt Disney's
grandchildren at the expense of the constitutional rationale for
copyright. The kind of thinking which got us those laws have played a
part in building out our low income city populations and creating the
economic conditions which favored shipping most of our industrial jobs
overseas. But there's other factors, also, including bad economic
theory being taught globally [the "efficient market hypothesis"] and
child labor laws being used as an excuse to raise kids to be helpless
adults.

So what we see a lot of are coping mechanisms and people being forced
to cheat the system and people reacting to that with more coping
measures.

But it doesn't take cracking https for your google searches to get
sold to the phone company. All that needs is high priced people in
Google who are great at saying good things about themselves setting up
business arrangements which will trade Google's past reputation and
established abilities for a few years of increased salary.

Anyways, we've got problems, but a lot of them are that you can no
longer expect people's motivations to work like they used to, because
cultures are having to adapt to a global situation where laws of any
one country can't be enforced on anything having to do with
communications. So major countries which relied on enforcing laws on
communications to keep their powerful people powerful have to resort
to deploying their manpower to make that happen if they want to stay
in power.

And those kinds of countries have never relied on technological
approaches, because that kind of power isn't capable of developing
technology and has never seen the need to do so -- instead, it copies
and copes while doing so.

But it doesn't help that we've been getting a lot of things wrong for
a long time (like bad economic theory, for example), leaving us in the
position of having critical holes in our institutions which are
trivial to exploit.

So... yeah, and no, and yeah...

-- 
Raul

Re: Duplicate IP Address -> Spoof/Verizon???

2018-09-07 Thread Raul Miller 
What do you have in your arp -a result for that 192.168.1.1 IP?

Does it look like a Verizon device?

If not, it’s probably the “problem”.

(I believe Verizon FIOS wants to live on that IP and wants to use DHCP to
issue addresses to the things it’s talking to.)

—
Raul

On Friday, September 7, 2018, Jay Hart  wrote:

> I'm now running my new router. Internal network is 192.168 based. I have
> two interfaces on my
> router, one external, one internal.  Motherboard is a MITAC PDP11BICC
> using Realtek NICs.
>
> I'm seeing a lot of messages in the log file regarding duplicate IP
> Addresses, specifically I'm
> seeing:
>
> /bsd: duplicate IP address 192.168.1.1 sent from ethernet 20:c0:47:dc:27:dd
>
> This translates to a Verizon MAC. My FIOS ONT is definitely Verizon.  What
> I struggling with is
> what exactly is causing this message, and how to stop/resolve it.
>
> When I run 'Arp -a' either internally from another box, or on the router
> itself, I'm not seeing
> this MAC.
>
> Hoping the list can provide some additional troubleshooting ideas.  Can
> this be some sort of spoof
> attempt???
>
> Thanks,
>
> Jay
>
>

Re: Lesser evil

2018-09-05 Thread Raul Miller 
On Wed, Sep 5, 2018 at 1:05 PM Kevin Chadwick  wrote:
> *yawn* This is nonsense!

You don't like generally useful procedures which happen to be useful
for dealing with statistically unlikely events?

-- 
Raul

Re: Lesser evil

2018-09-05 Thread Raul Miller 
On Wednesday, September 5, 2018, Kevin Chadwick  wrote:
> I meant that an OpenBSD user using Windows should not get a virus or
> could handle them if downloading illegal software. I am yet to see a
> truly clever system entry in the press. They always rely on user
> idiocy or poor setup. Whether Viri with these properties are the only
> ones caught is another question.
>
> Additionally I don't see the "think disk". If the partition is
> intact then surely it is not difficult to fix and with some boot
> loaders like GAG would likely be unaffected. It used to be the case
> that the windows bootloader was needed for hibernate support but I
> haven't seen that for a while. It is certainly true that the
> bootloader/bios itself could be targeted. If something breaks
> then at least you know.

You are overlooking some important issues:

One has to do with the nature of the press — it’s primary audience has
little to no technical background, and reporters have little training
on machine design and implementation. They are not very capable of
describing truly clever system entry. Also, common events tend to not
be "news". [How often do you hear about any of the suffering from the
leading causes of mortality? Instead you mostly hear about the rare
events.]

Another has to do with counter measures—any effective malware
mechanism gets attention and *eventually* gets squashed. This is a
statistical issue, but there are some other implications -- hold that
thought.

Another issue has to do with the nature of bug reporting systems: as
the user population increases, they become overwhelmed. Approaches
which worked well when the user population was mostly well educated
college students don't work so well when the user population is mostly
not.

Yet another issue has to do with the nature of malware itself: it’s a
mix of taking advantage of design defects (which are never in short
supply) and social structures (which, ok, do partially adapt to the
pressures but also tend to be more than a little imperfect).

Anyways:

1) you don’t have adequate knowledge of what other people are going
through—you can’t.

2) eventually someone with adequate, relevant knowledge is going to
trip over a malware deployment.

Put different: disk wipes are being limited by social issues more than
by technical issues. Disk wipes with broad propagation probably gets
lots of people really upset. And [this year, at least] there's no
effective border control on malware vectors, so state actors aren't
going to be using such things unless they feel they're backed into a
corner where unleashing such problems seems to offer them a way
forwards. (Because their own people will get hit, also - both by the
malware itself and possibly by the reactions from other state actors.)

But that only holds for large scale malware deployments.

There's another possibility which involves being specifically
targeted. It's difficult to think what the motivations would be for
this, but that's not an actual obstacle. If this sort of thing
happens, it would rely on social structures for concealment (in other
words, its point might be to make you look stupid - so to defend
against this kind of thing you would have to be comfortable with
dealing with having people think you look stupid. For example.)  But,
hey, there's no such thing as bullies, right? On the positive side,
this sort of thing is statistically unlikely, for most people.

Anyways... generalities that are usually correct can't always be
correct. And, when debugging, you sort of have to consider a lot of
unlikely possibilities until you have the problem isolated and solved.
So you are going to see discussion here about possibilities which are
mostly irrelevant to you, but which still have some use in helping
people reason about the problems they encounter.

So: back to the disk-wipe malware (and most other malware). Good
backups limit the impact that. And, you need a diversity of backup
mechanisms to defend against the backups getting hit by malware.

So your computer got wiped out - if you've got several of them each
running different OSes, perhaps with some other partitioning, you just
switch to a different one. (And software developers - especially
low-level software developers - tend to crash their own systems a lot
already, so in that sense it might not seem like such a big deal. If
you are a developer, malware is really just a consequence of bad
design.)

Anyways, that's enough words from me to last you way way too long...

Sorry about that.

-- 
Raul

Re: RDONLY but for the good ( pledged ) guys

2018-06-26 Thread Raul Miller 
Personally, I can't totally figure out what this policy would be.

My current best approximation is: there's a period of time when
pkg_add and syspatch are running and that is a time when writes are
allowed, other than that, not.

I could maybe rig up something more complicated using inherited
cryptographic tokens but the potential special cases wind up with
approximately the same effect.

-- 
Raul
On Tue, Jun 26, 2018 at 2:45 PM sven falempin  wrote:
>
> Hello,
>
> As a user i come across one use case
> where i m thinking : i do not want any program/exec
> to modify base  or local base (  (/usr and /bin /bsd etc.. )
> except syspatch and pkg_add -u.
>
> Please stop and tell if it does not make sense.
>
> I did look at pledge(2) and mount as pledge may force rdonly
> and mount as wxallowed.
>
> I did not really find a clever way to enforce pkg_add and syspatch
> to be the only binaries to actually write in usr/local and base 'stuff'.
>
> Because mount can have multiple device on one patch i was tricked to think,
> it would be fun to mount one device in multiple place ( rdonly ) and one
> time rw.
> Which would somewhat allow to chroot to a writable system before running
> syspatch.
>
> Another way would to force every program to be pledge rdonly by default on
> non /var
> /tmp path and the force some kind of flag to allow writing in specific path.
> Like wxallowed, but pledgewrite, then the binary would call pledge() and
> gain write access.
>
> Maybe a bit too complex and strange.
>
> If you read that far, thank you, can you think of a clever way to enforce
> this policy
> without heavily modifying the base ?
>
> Best.
>
>
> --
> --
> -
> Knowing is not enough; we must apply. Willing is not enough; we must do

Re: OT: how do you write your tools /scripts for everyday tasks

2018-05-30 Thread Raul Miller 
On Wed, May 30, 2018 at 9:51 AM, IL Ka  wrote:
> There is no reason to use C for "onetime tools" except cases when no other
> API exist.

Or when the tool would be running long enough that the performance
difference matters. Also, Javascript/Perl/Python/Ruby/shell all tend
to be lousy at dealing with anything where control over timing is the
overriding issue.

Or when your target environment needs you to be miserly with your memory use.

Or, for practice.

Or, sometimes, just because there are some things where C is more
convenient and comprehensible.

And maybe for things I haven't thought of.

But, other than that, yes.

That said, to address the question raised by the original poster:
these days, for me, it's been mostly php, perl, shell and sql, with a
few makefiles thrown in for good measure. Oh, and a bit of javascript
and a bit of svg. A good bit of that is a reflection of my current
job, though. [I started learning php last december, for example - and
php 7 is almost a reasonable language, unlike previous versions.] If I
was working on more practical issues, I would probably focus on C
and/or an assembly language (or something close to that - maybe a
forth, for example).

Thanks,

-- 
Raul

Re: Limit CPU usage of a process?

2018-05-29 Thread Raul Miller 
There's https://man.openbsd.org/nice.1

You might be describing https://man.openbsd.org/setrlimit.2 or the
ulimit shell builtin (ulimit -t). But you might not want what you are
describing, if that is the case.

-- 
Raul


On Tue, May 29, 2018 at 2:35 PM, BergenBergen BergenBergen
 wrote:
> Browser or not, how *does* one cap CPU resources though? I think it's a
> very interesting question, and I'm sorta baffled by the fact that the
> demand for this kinda thing hasn't been any higher.
>
> All the best,
> Murk
>
> On Tue, May 29, 2018 at 8:10 PM, Dumitru Mișu Moldovan 
> wrote:
>
>> On 05/27/18 13:07, Maximilian Pichler wrote:
>>
>>> Is it possible to limit the CPU usage of a given process to, say, 20%?
>>>
>>> I'd like to slow down the web browser since it is draining my laptop's
>>> battery. With enough tabs open it's often consuming ~50% of CPU but
>>> not doing anything productive. Apparently with RLIMIT_CPU in
>>> setrlimit(2) the total CPU time of a process can be limited. Can a
>>> similar limit be set for the percentage?
>>>
>>
>> Honest question…  Have you tried blocking ads with something like uBlock
>> Origin?  I use several approaches to make web browsing palatable on old
>> hardware, and blocking ads is what makes the biggest difference for me.
>> (Using NoScript or equivalents to selectively enable JavaScript for sites
>> where I actually need it is a distant second.)
>>
>> Capping CPU resources is not the way to go on a laptop in my opinion,
>> unless you have some demanding job that always runs in the background in
>> your browser, and that's a problem by itself in your scenario.  Capping
>> will not change the fact that you'll still spend the same resources on
>> loading web pages, however it will slow you down and annoy you.
>>
>>

Re: Intranet routing with dynamic IPs

2018-05-21 Thread Raul Miller 
I would try OpenOSPFD for this situation, instead of OpenBGPD.

-- 
Raul

On Mon, May 21, 2018 at 4:16 PM,   wrote:
> On 2018-05-21 01:22, Solene Rapenne wrote:
>
>> hello
>>
>> I'm not sure to understand your need. You don't need BGP for
>> this. Adding a route on router A, accessing network B through router B
>> is all you need. Computers on the dhcp client of A will use router A as
>> a default gateway and then will be able to reach network B computers.
>>
>> And then, do the same on the other router.
>>
>> Or maybe I totally missed your need.
>
>
> I probably didn't explain it very well. Here is my best attempt of drawing
> the situation in ASCII:
>
>   OO
>  o INTERNET o
>   OO
>|  |
>| ?.?.?.?  | ?.?.?.?
>  +---+  +---+
>  | A |  | B |
>  +---+  +---+
>| 10.0.0.1 | 10.0.0.2
>|  |
>+--+
>
> What I need is some way for A and B to inform each other of their Internet
> facing IP addresses. They would then route those IPs via the internal path.
> Since the Internet-facing addresses are dynamic, the routers should inform
> each other when these change.
>
> Network A and B should be completely autonomous. But they should be aware of
> their local line instead of using the Internet.
>
> The situation I have now, using BGP, does almost exactly what I want. The
> only problem is that the routers inform each other of their whole Internet
> subnet, instead of just their own host entries.
>

Re: counting dropped packets for pf

2018-03-30 Thread Raul Miller 
On Fri, Mar 30, 2018 at 10:35 AM, 3  wrote:
> i showed my idea on the example of pf's config- this language should
> be familiar to you
...
> no more effective ways. the variant with pfctl is a kolhoz-style(ugly
> and ineffective), it requires a lot of work to convert data into
> netflow format

You did indeed show some rules that would do something if you replace
some of their text with something else but which do not address the
issue you had earlier labeled "impossible".

But, if you will excuse me, I have a lot of work to do.

-- 
Raul

Re: counting dropped packets for pf

2018-03-30 Thread Raul Miller 
On Fri, Mar 30, 2018 at 9:58 AM, 3  wrote:
> perhaps my poor english prevented you from understanding the question

perhaps

> my initial approach does work. u are have comments about route-to?

If people do not understand the words you use to represent the ideas
you were thinking, does that matter?

If there are more efficient ways of accomplishing the same thing, is
it important?

[regardless, I am going back to lurking and trying to figure out a
good way to install current on a system I use.]

Thanks,

-- 
Raul

Re: identifying software and licenses used in base install

2018-01-17 Thread Raul Miller 
On Thu, Jan 18, 2018 at 12:31 AM, Theo de Raadt  wrote:
> Sometimes it is almost like there is a stream of people who want us
> to stop trying.
>
> And quit.   Some of you can see it, right?

yes. :(

Worse, i am concerned that i might have been contributing to that
effect - not intentionally, but it's not like that should matter to
anyone.

But you do what you can.

-- 
Raul

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Raul Miller 
On Thu, Jan 11, 2018 at 12:16 PM, L. V. Lammert  wrote:
> On Thu, 11 Jan 2018, STeve Andre' wrote:
>
>> Don't bother.   Wiping the disk twice is enough.   If you are storing state
>> secrets melt the disk.
>>
> An anvil big hammer also works well and gives some exercise in the
> process.

Might be more secure to sell it to Hollywood, as a movie script.
They'll change it beyond recognition.

-- 
Raul

Re: Kernel memory leaking on Intel CPUs?

2018-01-04 Thread Raul Miller 
On Thu, Jan 4, 2018 at 10:49 AM, Daniel Wilkins  wrote:
> From what I understand, AMD has come out and explicitly said that their
> architecture isn't and has never been vulnerable, while Intel's said that
> it affects every processor in the last 20+ years and that it's "not a big
> deal for most users" because it's only a kernel memory *read*.

I think you should interpret this as saying that there is a part of
that specific exploit implementation which AMD cpus have not
implemented.

But keep in mind, also, that the exploit involves multiple hardware
components (not only sloppy cpu instruction scheduling but shoddy
power management interacting with cheap dynamic ram refresh).

Of course, I have also misused my adjectives here. The cpu scheduling
is just wonderful, the power management is professional and the memory
implementation is beyond high tech. Sales people are omniscient and
thus have good reason for ... ah, ... never mind. I'm going to go
crawl back under my rock.

Good luck,

-- 
Raul

can we declare obsolescence obsolete?

2017-11-21 Thread Raul Miller 
It seems that opengl is ... getting sort of lost.

Once upon a time, we had jzopengl.

I even remember trying to put together a lab covering opengl v2.0+ -
but I got stalled on dealing with version issues. Also, I remember
being urged to *not* cover opengl v1.0 in that effort. I complied, but
this resulted in no lab. So, I think that that was a big mistake.

Also, my OS-X machine's opengl implementation was still based on
opengl v1 (back when I had opengl support in J and could check such
things). I think it's mostly only phones (possibly only certain
models) where opengl v1 got dropped.

Anyways, ... OpenGL is a series of related standards, but I do not
think it was appropriate to drop support for the older versions.
Generally speaking you should not remove such functionality until the
newer versions have been shown to be complete replacements (including
with adequate documentation).

---

Bottom line: I would like to be able to use jzopengl code with current
J implementations (webgl completely acceptable in jhs, of course). Or,
failing that, I guess I could live with documentation on how to port
jzopengl code to whatever the currently supported opengl
implementation(s) are.

Or, failing that, I'd like someone to show me enough of the basics
that I myself my implement the necessary bits and labs. I'm lost /
stuck / stalled right now.

Thanks,

-- 
Raul

Re: [ot] Security of my bit coin wallet

2017-11-15 Thread Raul Miller 
Assumption is invalid. Flaws are widely documented (e.g. fixed
supply). Probably wrong list, also.

Thanks,

-- 
Raul

On Wed, Nov 15, 2017 at 8:46 AM, James  wrote:
> While a little off topic it is security related so I hope you don't mind.
>
> This is the misc list, right?
>
> Assumption 1.
> bitcoin is a secure protocol without flaws.
>
> quote from 
> https://github.com/bitcoinbook/bitcoinbook/blob/second_edition/ch01.asciidoc
>
> With these keys they can sign transactions to unlock the value and
> spend it by transferring it to a new owner. Keys are often stored in a
> digital wallet on each user’s computer or smartphone. Possession of
> the key that can sign a transaction is the only prerequisite to
> spending bitcoin, putting the control entirely in the hands of each
> user.
>
>
> Is the security of a bitcoin wallet ultimately determined by it's password?
> The way I see it If an attacker had access to my computer, the only
> thing protecting access to the wallet would be a password or some
> iteration of a password scheme, if not mine than a centralized server
> of trust somewhere, but eventually someone has a password that is used
> to, unlock a bitcoin. Is that correct reasoning or are there
> alternatives?
>
> Thanks,
> James
>

Re: About WPA2 compromised protocol

2017-10-16 Thread Raul Miller 
On Mon, Oct 16, 2017 at 6:43 AM, Stefan Sperling  wrote:
> On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote:
>>  Regarding WPA2 alert published today: https://www.krackattacks.com/,
>> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
>> connection to authenticate and protect clients and hostAP comms, is
>> this vulnerability mitigated?
>
> Also this was *NOT* a protocol bug.
> arstechnica claimed such nonesense without any basis in fact and
> now everybody keeps repeating it :(
>
> It was an implementation bug.

What is the relevant language from the spec?

Thanks,

-- 
Raul

Re: A stupid question, re: xargs(1)

2017-10-14 Thread Raul Miller 
On Sat, Oct 14, 2017 at 10:26 AM, Marc Espie  wrote:
> the find -print0 / xargs -0 couple was designed to solve that problem
> a long time ago in one specific case.

I suppose the other angle to take would be the addition of a null
delimiter option for other command line utilities.

Put differently: if it's "broken by design" then there's no real
non-broken motives for avoiding incompatibilities with that design.

Which is *not* to say that my kneejerk reactions are the right
approach: Other people's insight's are important. But: short term
buy-in, less so (though can't be ignored in the long run).

Thanks,

-- 
Raul

Re: A stupid question, re: xargs(1)

2017-10-14 Thread Raul Miller 
On Sat, Oct 14, 2017 at 3:08 AM, Andreas Kusalananda Kähäri
 wrote:
> find . -type f -mtime -1 \
> -exec grep -q -E 'pattern1' {} ';' \
> -exec shasum {} +

That's cute, but it winds up spinning up a process for every file
(actually, in your example, two processes for every file). I generally
want to avoid doing that.

Thanks though,

-- 
Raul

Re: A stupid question, re: xargs(1)

2017-10-14 Thread Raul Miller 
On Sat, Oct 14, 2017 at 1:08 AM, Philip Guenther  wrote:
> You want a version of xargs that, instead of requiring special handling for
> 5 characters legal in filenames (quote, double-quote, backslash, space, tab,
> newline), will be completely unable to handle exactly one of those
> characters (newline)?  Easy: create this two line shell script under some
> convenient name and use it instead:

Not completely unable, but when working with files supplied by other
people, spaces in file names are common, apostrophes less so but still
present. Quotes, backslashes and tabs quite rare, and I have never
encountered file names containing newlines.

> #!/bin/sh
> sed 's!\(.\)!\\\1!g' | xargs "$@"

Thanks, I'll try that - or a variation - next time. I wish it had
occurred to me, but I'm kind of slow sometimes.

> My personal preference is to pick either of the following options:
> a) don't use any of those characters in filenames and just use xargs bare
> b) go directly into perl or C once I reach the limit of -0 option handling
>
> IMO, (a) makes sense for stuff you control the name of, (b) for stuff where
> you don't.  The set of people I trust to create filenames containing space,
> tabs, or quotes, but not newlines is *empty*.

I guess I deal with a different kind of person than you.

Thanks again,

-- 
Raul

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
I think the "an exact problem" thing tends to be misleading for open
ended issues like this.

The while loop works (and I have used it), but can be tremendously
slow, depending on the command in question (and if you need xargs to
break up the command line, there tends to be a lot of work that needs
doing).

And, generally speaking, this is solvable - but it's also a problem
that should have been solved once and for all a long time ago. (And,
by "solved" I mean that it should be straightforward to use the xargs
with the unix "standard" where one line is one record - here, a record
being a file name.)

Anyways, the -d option looks like it might be as good as it can get?

Thanks,

-- 
Raul





On Fri, Oct 13, 2017 at 9:26 PM, Andre Smagin <a...@smagin.com> wrote:
> On Fri, 13 Oct 2017 18:03:59 -0400
> Raul Miller <rauldmil...@gmail.com> wrote:
>
>> "Because then you don't need xargs, normal tooling seperates each line
>> into a seperate argv entry regardless of other spacing."
>>
>> If there's some existing way (portable or not) to build this kind of
>> argv in a shell script - using newline separation and nothing else - I
>> would really appreciate another hint.
>
> I wish you would have given an exact problem you are having
> difficulties with...
>
> I've been using
>
> ls | while read i; do echo "$i"; done
> or
> cat /tmp/tmp_file | while read i; do echo "$i"; done
>
> type of constructs for years and have never even needed xargs...
>
> --
> Andre
>

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
On Fri, Oct 13, 2017 at 6:14 PM, Theo de Raadt  wrote:
> If you want to add things to standardized utilities you need to
> convince a large volume of people in the greater community
>
> Not me.

Ok,

Would you be open to a re-implementation of the gnu xargs -d option?

Quoting 
https://www.gnu.org/software/findutils/manual/html_node/find_html/xargs-options.html

---

-d delim

Input file names are terminated by the specified character delim
instead of by whitespace, and any quotes and backslash characters are
not considered special (every character is taken literally). Disables
the end of file string, which is treated like any other argument.

The specified delimiter may be a single character, a C-style character
escape such as ‘\n’, or an octal or hexadecimal escape code. Octal and
hexadecimal escape codes are understood as for the printf command.
Multibyte characters are not supported.

---

That's considerably more elaborate than what I was thinking, but would
at least accomplish what I think needs to be done.

And, that way you've got at least some buy-in already...

Thanks,

-- 
Raul

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
On Fri, Oct 13, 2017 at 7:37 PM, edgar  wrote:
> Perhaps a real life example of what you have been doing with xargs before
> and after your change would be helpful.

That's tough, since when I was working on this issue I didn't have
time to think about xargs and now that I have time to think about
xargs the examples are distant memories.

That said, something on the order of this:

find . -type f -mtime -1 -print0 | xargs -0 egrep -l pattern1 | xargs shasum

Anyways, I think I fixed it that time by removing all the files with
problematic names, and another time by using a while loop instead of
the second xargs, and a third time by writing a perl program, and the
fourth time using grep -v ' ' in the pipeline, and probably a few
dozen other hacks over the years...

And if I search, I can find a tremendous variety of other elaborate
approaches, including replacements for xargs. So it's not like this is
not a real issue, nor is it like this isn't something that grows new
handlings on an ongoing basis.

What I'm trying to understand is why there's no simple fix. And maybe
this really is just one of those things that will never get fixed.

Thanks,

-- 
Raul

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
Portability?

It does seem to me that the implementation should be portable. Then if
someone needs it elsewhere they can have it elsewhere. But I think
that that's more about pledge than anything else (strnsubst and
strtonum maybe deserving honorable mention).

Meanwhile, I guess this would also need a man page update with a
portability caution until enough other implementations deploy this
(probably 10 years or longer). I could supply that if this was the
only remaining issue.

And, ok, I do not expect this to be an immediately useful fix for any
of my problems. I've lived with this problem for a very long time...

But maybe there are other people issues also? I know any choice has its haters.

However, in that first message you had said:

"Because then you don't need xargs, normal tooling seperates each line
into a seperate argv entry regardless of other spacing."

If there's some existing way (portable or not) to build this kind of
argv in a shell script - using newline separation and nothing else - I
would really appreciate another hint. The only approaches I know of
are order of magnitude worse (heavy, inefficient and/or risky). On the
other hand if you just meant "xargs already splits on newlines and a
bunch of other stuff" then that gets back into standards
interpretation and history land.

Thanks,

-- 
Raul

On Fri, Oct 13, 2017 at 5:29 PM, Theo de Raadt  wrote:
>> Ok, I am curious - what new problems would this create?
>
> I explained in the first mail.

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
I do use xargs -0 almost habitually. That handles quoting issues and
space issues, but:

xargs -0 fails when I want to pipe the result of xargs through a
filter on the way to another xargs.

Meanwhile, tr fails when I do not know the relevant set of unused
characters (when just looking for them takes a long time and a
specialized routine).

Meanwhile, I am trying to understand what would fail if we had an
option similar to -0 where xargs would split on (always and only)
newlines rather than newlines plus other stuff.

And, yes, I have been able to survive without this - but I still am
wanting to understand the issue.

Thanks,

-- 
Raul



On Fri, Oct 13, 2017 at 3:22 PM, Allan Streib <astr...@indiana.edu> wrote:
> Raul Miller <rauldmil...@gmail.com> writes:
>
>> The problem here is that you currently can't get xargs to use newline
>> as a separator without also getting spaces as a separator. This
>> creates a variety of problems.
>
> I see. I've always used -0 in this case, can't recall any times where
> this didn't solve the problem. You use case sounds unusual. Without
> knowing the details, I'd suggest using additional filters e.g. maybe
> tr(1), before/after xargs.
>
> Allan

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
Er... aside from the broken patch problems, I mean.

:(

Once again, sorry about that.

-- 
Raul

--- xargs.c.orig2017-10-13 14:13:16.0 -0400
+++ xargs.c2017-10-13 15:16:16.0 -0400
@@ -65,7 +65,7 @@
 static char **av, **bxp, **ep, **endxp, **xp;
 static char *argp, *bbp, *ebp, *inpline, *p, *replstr;
 static const char *eofstr;
-static int count, insingle, indouble, oflag, pflag, tflag, Rflag, rval, zflag;
+static int count, insingle, indouble, oflag, pflag, tflag, Rflag,
rval, zflag, lflag;
 static int cnt, Iflag, jfound, Lflag, wasquoted, xflag, runeof = 1;
 static int curprocs, maxprocs;
 static size_t inpsize;
@@ -114,7 +114,7 @@
 nline -= strlen(*ep++) + 1 + sizeof(*ep);
 }
 maxprocs = 1;
-while ((ch = getopt(argc, argv, "0E:I:J:L:n:oP:pR:rs:tx")) != -1)
+while ((ch = getopt(argc, argv, "0E:I:J:L:n:oP:pR:rs:tx/")) != -1)
 switch (ch) {
 case 'E':
 eofstr = optarg;
@@ -174,6 +174,9 @@
 case '0':
 zflag = 1;
 break;
+case '/':
+lflag = 1;
+break;
 case '?':
 default:
 usage();
@@ -262,7 +265,7 @@
 if (insingle || indouble)
 goto addch;
 hasblank = 1;
-if (zflag)
+if (zflag || (lflag  && '\n'!=ch))
 goto addch;
 goto arg2;
 }
@@ -282,6 +285,8 @@
 goto arg2;
 goto addch;
 case '\n':
+if (lflag)
+goto arg2;
 hasblank = 1;
 if (hadblank == 0)
 count++;
@@ -360,19 +365,19 @@
 wasquoted = 0;
 break;
 case '\'':
-if (indouble || zflag)
+if (indouble || zflag || lflag)
 goto addch;
 insingle = !insingle;
 wasquoted = 1;
 break;
 case '"':
-if (insingle || zflag)
+if (insingle || zflag || lflag)
 goto addch;
 indouble = !indouble;
 wasquoted = 1;
 break;
 case '\\':
-if (zflag)
+if (zflag || lflag)
 goto addch;
 /* Backslash escapes anything, is escaped by quotes. */
 if (!insingle && !indouble && (ch = getchar()) == EOF)

On Fri, Oct 13, 2017 at 3:07 PM, Raul Miller <rauldmil...@gmail.com> wrote:
> Ok, I am curious - what new problems would this create?
>
> Thanks,
>
> --
> Raul
>
>
> On Fri, Oct 13, 2017 at 2:52 PM, Theo de Raadt <dera...@openbsd.org> wrote:
>>> The problem here is that you currently can't get xargs to use newline
>>> as a separator without also getting spaces as a separator. This
>>> creates a variety of problems.
>>
>> But it creates lots of other problems when you propose an extension to
>> only one operating system's version of a utility.
>>
>> I think you've written a diff and now you are handwaving...
>>

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
Ok, I am curious - what new problems would this create?

Thanks,

-- 
Raul


On Fri, Oct 13, 2017 at 2:52 PM, Theo de Raadt  wrote:
>> The problem here is that you currently can't get xargs to use newline
>> as a separator without also getting spaces as a separator. This
>> creates a variety of problems.
>
> But it creates lots of other problems when you propose an extension to
> only one operating system's version of a utility.
>
> I think you've written a diff and now you are handwaving...
>

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
That deals with some but not all problems.

It does deal with the spaces in file names problem.

Thanks,

-- 
Raul


On Fri, Oct 13, 2017 at 2:57 PM, Stefan Johnson
<tigerphoenixdra...@gmail.com> wrote:
> I'm at work at the moment, so I can't test this on my OpenBSD machine at
> home.  However, have you tried setting IFS to a new line prior to feeding
> newline separated output to xargs?
>
> IFS="
> "
> some_command_that_generates_multiple_lines | xargs -n 1 some_other_command
> Understand that "xargs -0" from linux-land doesn't delimit on new lines.  It
> delimits on a zero marker "null" separator often generated by linux-land
> find.
>
>
>
> On Fri, Oct 13, 2017 at 1:49 PM, Raul Miller <rauldmil...@gmail.com> wrote:
>>
>> The problem here is that you currently can't get xargs to use newline
>> as a separator without also getting spaces as a separator. This
>> creates a variety of problems.
>>
>> Thanks,
>>
>> --
>> Raul
>>
>>
>> On Fri, Oct 13, 2017 at 2:40 PM, Allan Streib <astr...@indiana.edu> wrote:
>> > Raul Miller <rauldmil...@gmail.com> writes:
>> >
>> >> Can someone explain to me why xargs(1) does not support using newline
>> >> as a separators, when that is one of the most common unix separators?
>> >
>> > Which xargs(1) are you talking about? From my 6.1 machine, man xargs
>> > says:
>> >
>> >  The xargs utility reads space, tab, newline, and end-of-file
>> >  delimited strings from the standard input and executes the
>> >  specified utility with the strings as arguments.
>> >
>> > Allan
>> >
>>
>

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
The problem here is that you currently can't get xargs to use newline
as a separator without also getting spaces as a separator. This
creates a variety of problems.

Thanks,

-- 
Raul


On Fri, Oct 13, 2017 at 2:40 PM, Allan Streib <astr...@indiana.edu> wrote:
> Raul Miller <rauldmil...@gmail.com> writes:
>
>> Can someone explain to me why xargs(1) does not support using newline
>> as a separators, when that is one of the most common unix separators?
>
> Which xargs(1) are you talking about? From my 6.1 machine, man xargs
> says:
>
>  The xargs utility reads space, tab, newline, and end-of-file
>  delimited strings from the standard input and executes the
>  specified utility with the strings as arguments.
>
> Allan
>

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
When our interpretation of the specification creates orders of
magnitude more problems than it solves, yes.

This should not in any way be construed as meaning that anything goes.

Thanks,

-- 
Raul



On Fri, Oct 13, 2017 at 2:45 PM, Theo de Raadt  wrote:
>> (2) Given that POSIX is an incomplete specification, why is POSIX the
>> issue here?
>
> What does 'incomplete specification' mean.
>
> You mean incompatible extensions should be added, quite similar to the
> damage bash creates in the ecosystem with it's incompatible extensions?
>

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
Ok, first off, I appreciate your having taken time to respond.
Especially given the bug I had in my suggested patch.

That said... two things I am missing here:

(1) How do I get access to that normal tooling from the shell command
line without xargs?

(2) Given that POSIX is an incomplete specification, why is POSIX the
issue here?

That said, note also that I am partially motivated by having seen a
lot of xargs -0 deprecated warnings over the years, but I am also
motivated by my desire to use grep or other filters in front of xargs.

Thanks,

-- 
Raul

On Fri, Oct 13, 2017 at 2:34 PM, Theo de Raadt  wrote:
>> Can someone explain to me why xargs(1) does not support using newline
>> as a separators, when that is one of the most common unix separators?
>
> Because then you don't need xargs, normal tooling seperates each line
> into a seperate argv entry regardless of other spacing.
>
> You are proposing an incompatible extension to a POSIX defined
> utility.  Meaning if someone uses this in a script, it won't work on
> other systems.
>
> Not everything in unix is perfect.
>
>> I'm pasting one potential approach to the end of this message. There's
>> a few issues that might be stalling points:
>>
>> (*) which command line option to be used (this gets into potential
>> conflicts with other versions).
>>
>> (*) how to handle (or not handle) escape characters (my feeling is
>> that escaping newline characters would be a bad thing when using
>> newline as a separator).
>>
>> (*) code neatness and style issues.
>>
>> But, anyways, given the problems that arise from xargs space handling
>> being "too smart", and given how often spaces get included in file and
>> directory names, it seems like newline separated records should have
>> been a no-brainer back like 20 years ago, if not earlier. So
>> presumably someone has at some point squashed efforts to fix this.
>>
>> So, I guess I might be looking for the reasons. Does anyone know?
>>
>> Thanks,
>>
>> --
>> Raul
>>
>> --- xargs.c.orig2017-10-13 14:13:16.0 -0400
>> +++ xargs.c2017-10-13 14:13:17.0 -0400
>> @@ -65,7 +65,7 @@
>>  static char **av, **bxp, **ep, **endxp, **xp;
>>  static char *argp, *bbp, *ebp, *inpline, *p, *replstr;
>>  static const char *eofstr;
>> -static int count, insingle, indouble, oflag, pflag, tflag, Rflag, rval, 
>> zflag;
>> +static int count, insingle, indouble, oflag, pflag, tflag, Rflag,
>> rval, zflag, lflag;
>>  static int cnt, Iflag, jfound, Lflag, wasquoted, xflag, runeof = 1;
>>  static int curprocs, maxprocs;
>>  static size_t inpsize;
>> @@ -174,6 +174,9 @@
>>  case '0':
>>  zflag = 1;
>>  break;
>> +case '/':
>> +lflag = 1;
>> +break;
>>  case '?':
>>  default:
>>  usage();
>> @@ -262,7 +265,7 @@
>>  if (insingle || indouble)
>>  goto addch;
>>  hasblank = 1;
>> -if (zflag)
>> +if (zflag || (lflag  && '\n'==ch))
>>  goto addch;
>>  goto arg2;
>>  }
>> @@ -282,6 +285,8 @@
>>  goto arg2;
>>  goto addch;
>>  case '\n':
>> +if (lflag)
>> +goto arg2;
>>  hasblank = 1;
>>  if (hadblank == 0)
>>  count++;
>> @@ -360,19 +365,19 @@
>>  wasquoted = 0;
>>  break;
>>  case '\'':
>> -if (indouble || zflag)
>> +if (indouble || zflag || lflag)
>>  goto addch;
>>  insingle = !insingle;
>>  wasquoted = 1;
>>  break;
>>  case '"':
>> -if (insingle || zflag)
>> +if (insingle || zflag || lflag)
>>  goto addch;
>>  indouble = !indouble;
>>  wasquoted = 1;
>>  break;
>>  case '\\':
>> -if (zflag)
>> +if (zflag || lflag)
>>  goto addch;
>>  /* Backslash escapes anything, is escaped by quotes. */
>>  if (!insingle && !indouble && (ch = getchar()) == EOF)
>>
>

Re: A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
Actually, that had a bug, which is maybe why I should have waited
before posting that question


if (zflag || (lflag  && '\n'==ch))

The && bit should not be there. Probably best to go if (zflag ||
lflag) though changing == to != would guard against the possibility
that isblank would recognize linefeed as a blank.

Sorry about that,

-- 
Raul


On Fri, Oct 13, 2017 at 2:23 PM, Raul Miller <rauldmil...@gmail.com> wrote:
> Can someone explain to me why xargs(1) does not support using newline
> as a separators, when that is one of the most common unix separators?
>
> I'm pasting one potential approach to the end of this message. There's
> a few issues that might be stalling points:
>
> (*) which command line option to be used (this gets into potential
> conflicts with other versions).
>
> (*) how to handle (or not handle) escape characters (my feeling is
> that escaping newline characters would be a bad thing when using
> newline as a separator).
>
> (*) code neatness and style issues.
>
> But, anyways, given the problems that arise from xargs space handling
> being "too smart", and given how often spaces get included in file and
> directory names, it seems like newline separated records should have
> been a no-brainer back like 20 years ago, if not earlier. So
> presumably someone has at some point squashed efforts to fix this.
>
> So, I guess I might be looking for the reasons. Does anyone know?
>
> Thanks,
>
> --
> Raul
>
> --- xargs.c.orig2017-10-13 14:13:16.0 -0400
> +++ xargs.c2017-10-13 14:13:17.0 -0400
> @@ -65,7 +65,7 @@
>  static char **av, **bxp, **ep, **endxp, **xp;
>  static char *argp, *bbp, *ebp, *inpline, *p, *replstr;
>  static const char *eofstr;
> -static int count, insingle, indouble, oflag, pflag, tflag, Rflag, rval, 
> zflag;
> +static int count, insingle, indouble, oflag, pflag, tflag, Rflag,
> rval, zflag, lflag;
>  static int cnt, Iflag, jfound, Lflag, wasquoted, xflag, runeof = 1;
>  static int curprocs, maxprocs;
>  static size_t inpsize;
> @@ -174,6 +174,9 @@
>  case '0':
>  zflag = 1;
>  break;
> +case '/':
> +lflag = 1;
> +break;
>  case '?':
>  default:
>  usage();
> @@ -262,7 +265,7 @@
>  if (insingle || indouble)
>  goto addch;
>  hasblank = 1;
> -if (zflag)
> +if (zflag || (lflag  && '\n'==ch))
>  goto addch;
>  goto arg2;
>  }
> @@ -282,6 +285,8 @@
>  goto arg2;
>  goto addch;
>  case '\n':
> +if (lflag)
> +goto arg2;
>  hasblank = 1;
>  if (hadblank == 0)
>  count++;
> @@ -360,19 +365,19 @@
>  wasquoted = 0;
>  break;
>  case '\'':
> -if (indouble || zflag)
> +if (indouble || zflag || lflag)
>  goto addch;
>  insingle = !insingle;
>  wasquoted = 1;
>  break;
>  case '"':
> -if (insingle || zflag)
> +if (insingle || zflag || lflag)
>  goto addch;
>  indouble = !indouble;
>  wasquoted = 1;
>  break;
>  case '\\':
> -if (zflag)
> +if (zflag || lflag)
>  goto addch;
>  /* Backslash escapes anything, is escaped by quotes. */
>  if (!insingle && !indouble && (ch = getchar()) == EOF)

A stupid question, re: xargs(1)

2017-10-13 Thread Raul Miller 
Can someone explain to me why xargs(1) does not support using newline
as a separators, when that is one of the most common unix separators?

I'm pasting one potential approach to the end of this message. There's
a few issues that might be stalling points:

(*) which command line option to be used (this gets into potential
conflicts with other versions).

(*) how to handle (or not handle) escape characters (my feeling is
that escaping newline characters would be a bad thing when using
newline as a separator).

(*) code neatness and style issues.

But, anyways, given the problems that arise from xargs space handling
being "too smart", and given how often spaces get included in file and
directory names, it seems like newline separated records should have
been a no-brainer back like 20 years ago, if not earlier. So
presumably someone has at some point squashed efforts to fix this.

So, I guess I might be looking for the reasons. Does anyone know?

Thanks,

-- 
Raul

--- xargs.c.orig2017-10-13 14:13:16.0 -0400
+++ xargs.c2017-10-13 14:13:17.0 -0400
@@ -65,7 +65,7 @@
 static char **av, **bxp, **ep, **endxp, **xp;
 static char *argp, *bbp, *ebp, *inpline, *p, *replstr;
 static const char *eofstr;
-static int count, insingle, indouble, oflag, pflag, tflag, Rflag, rval, zflag;
+static int count, insingle, indouble, oflag, pflag, tflag, Rflag,
rval, zflag, lflag;
 static int cnt, Iflag, jfound, Lflag, wasquoted, xflag, runeof = 1;
 static int curprocs, maxprocs;
 static size_t inpsize;
@@ -174,6 +174,9 @@
 case '0':
 zflag = 1;
 break;
+case '/':
+lflag = 1;
+break;
 case '?':
 default:
 usage();
@@ -262,7 +265,7 @@
 if (insingle || indouble)
 goto addch;
 hasblank = 1;
-if (zflag)
+if (zflag || (lflag  && '\n'==ch))
 goto addch;
 goto arg2;
 }
@@ -282,6 +285,8 @@
 goto arg2;
 goto addch;
 case '\n':
+if (lflag)
+goto arg2;
 hasblank = 1;
 if (hadblank == 0)
 count++;
@@ -360,19 +365,19 @@
 wasquoted = 0;
 break;
 case '\'':
-if (indouble || zflag)
+if (indouble || zflag || lflag)
 goto addch;
 insingle = !insingle;
 wasquoted = 1;
 break;
 case '"':
-if (insingle || zflag)
+if (insingle || zflag || lflag)
 goto addch;
 indouble = !indouble;
 wasquoted = 1;
 break;
 case '\\':
-if (zflag)
+if (zflag || lflag)
 goto addch;
 /* Backslash escapes anything, is escaped by quotes. */
 if (!insingle && !indouble && (ch = getchar()) == EOF)

Re: size of size_t

2017-10-12 Thread Raul Miller 
On Thu, Oct 12, 2017 at 3:18 PM,   wrote:
> On a related note, would you folks be interested in patches removing
> said assumpting of equivalence from programs like dd(1)?

I would assume yes, unless those patches broke dd on some platforms.

(Patches which break things tend to provoke a rather negative reaction.)

Thanks,

-- 
Raul

Re: Blocking users who change their IP address

2017-10-06 Thread Raul Miller 
On Thu, Oct 5, 2017 at 5:39 PM, Eric Johnson  wrote:
> Since the primary firewall and the DHCP server (and pretty much everything
> else on my end) run on OpenBSD, if there is a way to do it with OpenBSD,
> for example with pf, then I think that it should be a very good place to
> ask the question.
>
> Of course, if there is no way to address the problem on computers running
> OpenBSD, then I did ask in the wrong place.
>
> Based on your response, I assume that OpenBSD must be useless for trying
> to solve that problem and I shall have to look elsewhere.

Another plausible conclusion might be that you had not mentioned how
OpenBSD could be relevant in this setup, and so someone pushed back on
the relevance of your question.

On the other hand... if you actually subscribe to the idea that people
should just know things you did not tell them... it's entirely
possible that there is other critically important information which
you have not yet revealed?

Thanks though,

-- 
Raul

Re: code replication (was: Re: Query regarding exec in mandocdb.c)

2017-08-26 Thread Raul Miller 
On Sat, Aug 26, 2017 at 4:36 AM,   wrote:
> The greater the body of code is, the smaller our understanding, or at
> least our ability to grok the code.
>
> Even in the UNIX world, 'duckspeak' code -- just doing what seems right
> without realizing the longer-term implications -- is unfortunately very
> common.
>
> I don't think that we can really afford that in the modern world.

Could you be more specific?

What problem are you trying to solve?

Thanks,

-- 
Raul

Re: Query regarding exec in mandocdb.c

2017-08-26 Thread Raul Miller 
"Replicated similar functionality" is indeed a security issue.

It's a security problem, sometimes - the whole buffer overflow being
replicated everywhere thing, for example.

But replication also gives robustness in the face of failure, so it
can also be a security asset. Still an issue, just not a security
problem. (Or, a problem, but for people trying to defeat security.)

That said, replication is intrinsic in the nature of computer
programming. Patterns are useful and, therefore, replicated. But even
more than that we start with a [relatively] small set of primitive
instructions and build up from there.

Unnecessary replication, on the other hand, is indeed something that's
not so good.

But getting rid of all replication is an impossible rabbit hole that
you really do not want to go down.

Thanks,

-- 
Raul


On Fri, Aug 25, 2017 at 8:13 PM,   wrote:
> [now I'm subscribed, might as well respond to some recent stuff from the
>  archives...]
>
> 321.geo...@gmail.com wrote:
>> In mandocdb.c it appears cmp(1) and rm(1) are executed in a child
>> process. It seems that if the logic from these programs were duplicated
>> the pledge in mandocdb.c could be further restricted and even not bother
>> with forking.
>>
>> Would such a change be pointless churn however? Both cmp(1) and rm(1)
>> are simple programs and are pledge'd themselves. Not to mention the
>> creation of the mandoc database is in itself a short lived process.
>>
>> To be clear I'm not proposing a change (indeed I have no diff) but
>> rather I am simply curious to the opinion of others in the OpenBSD
>> community.
>
> Okay, in that case, please forgive me if I go off on a little bit of a
> tangent.
>
> I've used UNIX for quite a while now. Not being satisfied with just
> using anything, I've (not deeply) poked at the luserspace internals
> quite a bit over time.
>
> Almost each time I read the source code of any UNIX program, whether it
> came w/ the system or not, I find duplicated functionality.
>
> As I see it, this is not just inefficient, but also a huge security
> issue: if the same operation is stated differently in many different
> places, how can we make sure that we squash all instances of a
> particular bad habit or bug?
>
> The only real solution that I've come up w/ over time is to put the
> actual logic in libraries and leave the programs to be luser interfaces
> to that logic.
>
> Perhaps something not quite so extreme is needed. I wouldn't know.
>
> It would certainly make it easier to execute the suggestion you make in
> the first paragraph of your message.
>
> --schaafuit.
>
> [so, the spacing issue does not appear today, but the subject lines
>  are fscked. g!]
>

Re: doas /usr/bin/vi best practice

2017-08-13 Thread Raul Miller 
What is the larger problem you are trying to solve?

Thanks,

-- 
Raul


On Sun, Aug 13, 2017 at 9:19 AM, Alessandro DE LAURENZIS
 wrote:
> Dear misc@ readers,
>
> I was wondering what you normally do when running vi with doas if a .exrc
> file is present in the normal user $HOME.
>
> "doas /usr/bin/vi" without any special rules will end up with:
>
> /home/just22/.exrc: not sourced: not owned by you
>
> 'cause the $HOME variable is preserved by default. The only thing that came
> to my mind was to add to doas.conf(5):
>
> permit setenv { -HOME } :wheel cmd /usr/bin/vi
>
> but I really don't know if this is the best practice.
>
> Any hints?
>
> All the best
>
> -- Alessandro DE LAURENZIS
> [mailto:jus...@atlantide.t28.net]
> LinkedIn: http://it.linkedin.com/in/delaurenzis
>

Re: Minium System Requirements

2017-07-22 Thread Raul Miller 
On Sat, Jul 22, 2017 at 4:58 PM, Ingo Schwarze  wrote:
> Max Power wrote on Sat, Jul 22, 2017 at 10:49:05PM +0200:
>> but In addition to your advice...
>> possible that there is no official documentation?
>> This is the questions...!
>
> And i already answered that:
>
> No, there isn't, because:
>
>  1. It varies from platform to platform.
>  2. It varies from time to time.
>
>  3. It is rarely relevant because application software
> usually is the bottleneck in practice, *not* the OS.
>
> So, 1 & 2 mean that maintaining such a list would cause considerable
> work for developers, and 3 means that it would be virtually useless.

It's also an ill-defined concept, as you've described fairly well.

That said, while "minimum requirement" is neither useful nor
understandable, it might be interesting to document nominal
requirements - for example, size of base system on disk and memory
occupied on bootup.

But - given the undefined free variables - that sort of thing probably
belongs in blog posts rather than on openbsd.org.

Thanks,

-- 
Raul

Re: Doubts about the successors of OpenBSD leadership and development

2017-07-10 Thread Raul Miller 
On Mon, Jul 10, 2017 at 5:04 PM, SOUL_OF_ROOT 55  wrote:
> Theo de Raadt no responds to me private message since I told him that I do
> not understand English.

If you told him that in english, I can imagine why.

(You effectively said that you do not know what you are saying - which
makes any response stupid. Including this one.)

-- 
Raul

Re: Get an MAC address of a LAN PC - OpenBSD

2017-06-22 Thread Raul Miller 
arp caches, of course, because ip packets are only exchanged intermittently.

Whether it caches long enough for you is a different question.

Thanks,

-- 
Raul


On Fri, Jun 23, 2017 at 1:03 AM, Indunil Jayasooriya
<induni...@gmail.com> wrote:
>
> arp -a gives all.
>
> thanks a LOT.
>
> it gives current list.
>
>
> Is there any way to get an MAC address of a PC that was connected to OpenBSD
> PF box but now it is NOT connect to.
>
> This PC was removed from the network recently for auditing purpose.
>
> Can arp give old stuffs? Does it have a caching database somewhere in
> OpenBSD or do you know any other software that can fulfill my need.
>
> Sir, Hope to hear from you.
>
>
>
>
> On Fri, Jun 23, 2017 at 9:55 AM, Raul Miller <rauldmil...@gmail.com> wrote:
>>
>> http://man.openbsd.org/arp.8?
>>
>> --
>> Raul
>>
>>
>> On Fri, Jun 23, 2017 at 12:01 AM, Indunil Jayasooriya
>> <induni...@gmail.com> wrote:
>> > Hi Misc,
>> >
>> >
>> > I do want to get an MAC address of a LAN PC that is 192.168.1.x
>> >
>> > This PC is behind OpenBSD pf box.
>> >
>> > this below command only shows IPs.
>> >
>> > tcpdump -n -e -ttt -r /var/log/pflog
>> >
>> >
>> > How can I get it from this OpenBSD Pf box?
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> > cat /etc/motd
>> >
>> > Thank you
>> > Indunil Jayasooriya
>> > http://www.theravadanet.net/
>
>
>
>
> --
> cat /etc/motd
>
> Thank you
> Indunil Jayasooriya
> http://www.theravadanet.net/
>

Re: OpenBSD NFS: Windows 10 writes wrong uid

2017-06-13 Thread Raul Miller 
On Tue, Jun 13, 2017 at 12:25 PM, Rupert Gallagher  wrote:
>> Worse, though, is if you think that a security issue on a file server
> is because of a problem in the default client configuration.
>
> I did not say that.

And yet:

On Mon, Jun 12, 2017 at 2:27 PM, Rupert Gallagher  wrote:
> I think the problem is how windows mounts the nfs folder by default (right 
> click
> on "this computer" then select to attach a network folder to a drive letter).

But, perhaps you were referring to some other problem here?

If so, we are not talking about "the problem" but about one of many
problems, each of which needs to be clearly identified...

(That said, Kenneth Gober has identified several issues that I was
overlooking - in particular, the nobody with id -2 thing. And if that
was "the problem" you were talking about there then I might also owe
you an apology.)

Thanks,

-- 
Raul

Re: OpenBSD NFS: Windows 10 writes wrong uid

2017-06-13 Thread Raul Miller 
(also, once again, sticky bit)

-- 
Raul

On Tuesday, June 13, 2017, Raul Miller <rauldmil...@gmail.com> wrote:

> Worse, though, is if you think that a security issue on a file server
> is because of a problem in the default client configuration.
>
> Mind you, this is not completely general (load issues and integrity
> issues do matter on the client side), but when we're talking about
> granting of permissions on those files it's about as wrong as you can
> get.
>
> --
> Raul
>
>
> On Tue, Jun 13, 2017 at 1:47 AM, Otto Moerbeek <o...@drijf.net
> <javascript:;>> wrote:
> > On Tue, Jun 13, 2017 at 01:24:19AM -0400, Rupert Gallagher wrote:
> >
> >> If a non-root user can delete a root owned file with read-only
> permissions, then there is a security problem. Good luck to you if you are
> thinking otherwise.
> >
> > This is not how unix permissions work. The directory permissions
> > detemine if you can remove a file.
> >
> > If you expect otherwise, you should adapt your expectations.
> >
> > -Otto
> >
> >>
> >> The windows nfs umask solves the problem of writing files to both user
> and group. It certainly does not solve the above security problem.
> >>
> >> Sent from ProtonMail Mobile
> >>
> >> On Mon, Jun 12, 2017 at 10:27 PM, Raul Miller <rauldmil...@gmail.com
> <javascript:;>> wrote: You have a very odd idea of "security". Probably
> though, this is the
> >> wrong mailing list for what you are trying to do.
> >>
> >> Good luck,
> >>
> >> --
> >> Raul
> >>
> >> On Mon, Jun 12, 2017 at 2:27 PM, Rupert Gallagher <r...@protonmail.com
> <javascript:;>> wrote:
> >> > I think the problem is how windows mounts the nfs folder by default
> (right click on "this computer" then select to attach a network folder to a
> drive letter). The following article by Microsoft describes the mount
> option "fileaccess" to set a default umask:
> >> >
> >> > https://technet.microsoft.com/en-us/library/cc754350(v=ws.11).aspx
> >> >
> >> > This option is not available from the default menu.
> >> >
> >> > Sent from ProtonMail Mobile
> >> >
> >> > On Mon, Jun 12, 2017 at 7:24 PM, Raul Miller <rauldmil...@gmail.com
> <javascript:;>> wrote: p.s. if you do not want windows files in that
> shared directory to be
> >> > executable, I think you can mount the nfs backing store partition
> >> > noexec.
> >> >
> >> > I haven't tested this, though - I mostly try to avoid networked file
> systems.
> >> >
> >> > Thanks,
> >> >
> >> > --
> >> > Raul
> >> >
> >> > On Mon, Jun 12, 2017 at 1:22 PM, Raul Miller <rauldmil...@gmail.com
> <javascript:;>> wrote:
> >> >> Ok, look...
> >> >>
> >> >> Your problem 1: all windows files are executable because the windows
> >> >> model for executable or not is proprietary and not supportable. It's
> >> >> also not clear why you should care about this in a shared directory.
> >> >>
> >> >> Your problem 2: if we assume that a shared directory (rather than
> user
> >> >> specific directories) is the right approach, and if we also assume
> >> >> that each user's claim to a file name should deny write access to
> >> >> other users with that file name, we need to look at the permissions
> on
> >> >> the containing directory.
> >> >>
> >> >> In your case, you have drwxrwxr-x -- this means that everyone who is
> a
> >> >> member of the staff directory has the right to remove directory
> >> >> entries. If you do not want that, you need to change the permissions
> >> >> on the directory: http://man.openbsd.org/sticky.8
> >> >>
> >> >> But, note that if you are changing the owner on the files to not
> match
> >> >> that of the user who created the files, you should expect that people
> >> >> will not be able to delete files that they themselves created.
> >> >>
> >> >> Your problem 3: this is a consequence of your having changed the
> owner
> >> >> of the file. Your file permissions say that only the owner can change
> >> >> the file.
> >> >>
> >> >> With this in mind, I think I can see how I would change thi

Re: OpenBSD NFS: Windows 10 writes wrong uid

2017-06-13 Thread Raul Miller 
Worse, though, is if you think that a security issue on a file server
is because of a problem in the default client configuration.

Mind you, this is not completely general (load issues and integrity
issues do matter on the client side), but when we're talking about
granting of permissions on those files it's about as wrong as you can
get.

-- 
Raul


On Tue, Jun 13, 2017 at 1:47 AM, Otto Moerbeek <o...@drijf.net> wrote:
> On Tue, Jun 13, 2017 at 01:24:19AM -0400, Rupert Gallagher wrote:
>
>> If a non-root user can delete a root owned file with read-only permissions, 
>> then there is a security problem. Good luck to you if you are thinking 
>> otherwise.
>
> This is not how unix permissions work. The directory permissions
> detemine if you can remove a file.
>
> If you expect otherwise, you should adapt your expectations.
>
> -Otto
>
>>
>> The windows nfs umask solves the problem of writing files to both user and 
>> group. It certainly does not solve the above security problem.
>>
>> Sent from ProtonMail Mobile
>>
>> On Mon, Jun 12, 2017 at 10:27 PM, Raul Miller <rauldmil...@gmail.com> wrote: 
>> You have a very odd idea of "security". Probably though, this is the
>> wrong mailing list for what you are trying to do.
>>
>> Good luck,
>>
>> --
>> Raul
>>
>> On Mon, Jun 12, 2017 at 2:27 PM, Rupert Gallagher <r...@protonmail.com> 
>> wrote:
>> > I think the problem is how windows mounts the nfs folder by default (right 
>> > click on "this computer" then select to attach a network folder to a drive 
>> > letter). The following article by Microsoft describes the mount option 
>> > "fileaccess" to set a default umask:
>> >
>> > https://technet.microsoft.com/en-us/library/cc754350(v=ws.11).aspx
>> >
>> > This option is not available from the default menu.
>> >
>> > Sent from ProtonMail Mobile
>> >
>> > On Mon, Jun 12, 2017 at 7:24 PM, Raul Miller <rauldmil...@gmail.com> 
>> > wrote: p.s. if you do not want windows files in that shared directory to be
>> > executable, I think you can mount the nfs backing store partition
>> > noexec.
>> >
>> > I haven't tested this, though - I mostly try to avoid networked file 
>> > systems.
>> >
>> > Thanks,
>> >
>> > --
>> > Raul
>> >
>> > On Mon, Jun 12, 2017 at 1:22 PM, Raul Miller <rauldmil...@gmail.com> wrote:
>> >> Ok, look...
>> >>
>> >> Your problem 1: all windows files are executable because the windows
>> >> model for executable or not is proprietary and not supportable. It's
>> >> also not clear why you should care about this in a shared directory.
>> >>
>> >> Your problem 2: if we assume that a shared directory (rather than user
>> >> specific directories) is the right approach, and if we also assume
>> >> that each user's claim to a file name should deny write access to
>> >> other users with that file name, we need to look at the permissions on
>> >> the containing directory.
>> >>
>> >> In your case, you have drwxrwxr-x -- this means that everyone who is a
>> >> member of the staff directory has the right to remove directory
>> >> entries. If you do not want that, you need to change the permissions
>> >> on the directory: http://man.openbsd.org/sticky.8
>> >>
>> >> But, note that if you are changing the owner on the files to not match
>> >> that of the user who created the files, you should expect that people
>> >> will not be able to delete files that they themselves created.
>> >>
>> >> Your problem 3: this is a consequence of your having changed the owner
>> >> of the file. Your file permissions say that only the owner can change
>> >> the file.
>> >>
>> >> With this in mind, I think I can see how I would change things to
>> >> match what you seem to be claiming that you want:
>> >>
>> >> (1) remove the user id mapping
>> >>
>> >> (2) set the sticky bit on the Shared directory.
>> >>
>> >> If you do not want this, I think you need to spend a little time
>> >> thinking about what it is that you actually want, and whether or not
>> >> that should even be possible.
>> >>
>> >> (So far, you have only mentioned an example uid value for a user as
>> >> perhaps being an issue. Th

Re: OpenBSD NFS: Windows 10 writes wrong uid

2017-06-12 Thread Raul Miller 
You have a very odd idea of "security". Probably though, this is the
wrong mailing list for what you are trying to do.

Good luck,

-- 
Raul


On Mon, Jun 12, 2017 at 2:27 PM, Rupert Gallagher <r...@protonmail.com> wrote:
> I think the problem is how windows mounts the nfs folder by default (right 
> click on "this computer" then select to attach a network folder to a drive 
> letter). The following article by Microsoft describes the mount option 
> "fileaccess" to set a default umask:
>
> https://technet.microsoft.com/en-us/library/cc754350(v=ws.11).aspx
>
> This option is not available from the default menu.
>
> Sent from ProtonMail Mobile
>
> On Mon, Jun 12, 2017 at 7:24 PM, Raul Miller <rauldmil...@gmail.com> wrote: 
> p.s. if you do not want windows files in that shared directory to be
> executable, I think you can mount the nfs backing store partition
> noexec.
>
> I haven't tested this, though - I mostly try to avoid networked file systems.
>
> Thanks,
>
> --
> Raul
>
> On Mon, Jun 12, 2017 at 1:22 PM, Raul Miller <rauldmil...@gmail.com> wrote:
>> Ok, look...
>>
>> Your problem 1: all windows files are executable because the windows
>> model for executable or not is proprietary and not supportable. It's
>> also not clear why you should care about this in a shared directory.
>>
>> Your problem 2: if we assume that a shared directory (rather than user
>> specific directories) is the right approach, and if we also assume
>> that each user's claim to a file name should deny write access to
>> other users with that file name, we need to look at the permissions on
>> the containing directory.
>>
>> In your case, you have drwxrwxr-x -- this means that everyone who is a
>> member of the staff directory has the right to remove directory
>> entries. If you do not want that, you need to change the permissions
>> on the directory: http://man.openbsd.org/sticky.8
>>
>> But, note that if you are changing the owner on the files to not match
>> that of the user who created the files, you should expect that people
>> will not be able to delete files that they themselves created.
>>
>> Your problem 3: this is a consequence of your having changed the owner
>> of the file. Your file permissions say that only the owner can change
>> the file.
>>
>> With this in mind, I think I can see how I would change things to
>> match what you seem to be claiming that you want:
>>
>> (1) remove the user id mapping
>>
>> (2) set the sticky bit on the Shared directory.
>>
>> If you do not want this, I think you need to spend a little time
>> thinking about what it is that you actually want, and whether or not
>> that should even be possible.
>>
>> (So far, you have only mentioned an example uid value for a user as
>> perhaps being an issue. This, combined with the subject line in this
>> thread are the only clues I have as to why you might not have removed
>> the user id mapping. But why this should even be an issue for you is
>> unclear to me.)
>>
>> Thanks,
>>
>> --
>> Raul
>>
>>
>> On Mon, Jun 12, 2017 at 12:58 PM, Rupert Gallagher <r...@protonmail.com> 
>> wrote:
>>> On problem 2,
>>>
>>> if a user has group write permission on a folder, it has permission to 
>>> write its own files and those of same group membership in that folder, 
>>> provided the group permission is set on the file by its owner. If a file 
>>> belongs to me and I deny write permission to group and other, then nobody 
>>> can write my file. File creation and destruction are forms of writing. This 
>>> is what I am used to see. The ability of a windows nfs user to delete a 
>>> file for which it has no write permission is a security

Re: OpenBSD NFS: Windows 10 writes wrong uid

2017-06-12 Thread Raul Miller 
p.s. if you do not want windows files in that shared directory to be
executable, I think you can mount the nfs backing store partition
noexec.

I haven't tested this, though - I mostly try to avoid networked file systems.

Thanks,

-- 
Raul

On Mon, Jun 12, 2017 at 1:22 PM, Raul Miller <rauldmil...@gmail.com> wrote:
> Ok, look...
>
> Your problem 1: all windows files are executable because the windows
> model for executable or not is proprietary and not supportable. It's
> also not clear why you should care about this in a shared directory.
>
> Your problem 2: if we assume that a shared directory (rather than user
> specific directories) is the right approach, and if we also assume
> that each user's claim to a file name should deny write access to
> other users with that file name, we need to look at the permissions on
> the containing directory.
>
> In your case, you have drwxrwxr-x -- this means that everyone who is a
> member of the staff directory has the right to remove directory
> entries. If you do not want that, you need to change the permissions
> on the directory: http://man.openbsd.org/sticky.8
>
> But, note that if you are changing the owner on the files to not match
> that of the user who created the files, you should expect that people
> will not be able to delete files that they themselves created.
>
> Your problem 3: this is a consequence of your having changed the owner
> of the file. Your file permissions say that only the owner can change
> the file.
>
> With this in mind, I think I can see how I would change things to
> match what you seem to be claiming that you want:
>
> (1) remove the user id mapping
>
> (2) set the sticky bit on the Shared directory.
>
> If you do not want this, I think you need to spend a little time
> thinking about what it is that you actually want, and whether or not
> that should even be possible.
>
> (So far, you have only mentioned an example uid value for a user as
> perhaps being an issue. This, combined with the subject line in this
> thread are the only clues I have as to why you might not have removed
> the user id mapping. But why this should even be an issue for you is
> unclear to me.)
>
> Thanks,
>
> --
> Raul
>
>
> On Mon, Jun 12, 2017 at 12:58 PM, Rupert Gallagher <r...@protonmail.com> 
> wrote:
>> On problem 2,
>>
>> if a user has group write permission on a folder, it has permission to write 
>> its own files and those of same group membership in that folder, provided 
>> the group permission is set on the file by its owner. If a file belongs to 
>> me and I deny write permission to group and other, then nobody can write my 
>> file. File creation and destruction are forms of writing. This is what I am 
>> used to see. The ability of a windows nfs user to delete a file for which it 
>> has no write permission is a security

  1   2   >