Re: lcamtuf on the recent xz debacle

[Eric Pruitt]

On Thu, Apr 04, 2024 at 09:17:18PM +, Katherine Mcmillan wrote:
> I have seen the following comment, or similar, in several articles now:
> "On Friday, a lone Microsoft developer rocked the world when he revealed a 
> backdoor<https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/>
>  had been intentionally planted in xz Utils, an open source data compression 
> utility available on almost all installations of Linux and other Unix-like 
> operating systems." 
> https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
> 
> There are a couple of problems with this statement, but I just want to focus 
> in on the "almost all installations of Linux and other Unix-like operating 
> systems" part.  From my understanding, it is certainly almost all 
> installations of Linux​, but the "and other Unix-like operating systems" 
> doesn't seem founded.  From what I understand, this backdoor would not affect 
> any flavour of *BSD, or of illumos for that matter (ex. smartOS), or QNX, or 
> Solaris.  Just for clarity, does anyone know what "Unix-like operating 
> systems" would be affected by this?

I think this might be an issue of how you're parsing the statement. It
sounds like you're reading this as the exploit being available on those
systems. However, when I read the line, I interpret as "xz Utils ...
[is] available on almost all installations of Linux and other Unix-like
operating systems," which is true. That does not necessarily suggest
that they're all affected by the vulnerability.

Eric

Re: lcamtuf on the recent xz debacle

[Eric S Pulley]

I says quite clearly in the second article you posted it can only work
in Linux... 

"...Linux distributions add a patch to link sshd to systemd, a program
that loads a variety of services during the system bootup. Systemd, in
turn, links to liblzma, and this allows xz Utils to exert control over
sshd."

-- 
ESP

On Thu, 4 Apr 2024 21:17:18 +
Katherine Mcmillan  wrote:

> Hello Peter and all,
> 
> I have seen the following comment, or similar, in several articles
> now: "On Friday, a lone Microsoft developer rocked the world when he
> revealed a
> backdoor
> had been intentionally planted in xz Utils, an open source data
> compression utility available on almost all installations of Linux
> and other Unix-like operating systems."
> https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
> 
> There are a couple of problems with this statement, but I just want
> to focus in on the "almost all installations of Linux and other
> Unix-like operating systems" part.  From my understanding, it is
> certainly almost all installations of Linux​, but the "and other
> Unix-like operating systems" doesn't seem founded.  From what I
> understand, this backdoor would not affect any flavour of *BSD, or of
> illumos for that matter (ex. smartOS), or QNX, or Solaris.  Just for
> clarity, does anyone know what "Unix-like operating systems" would be
> affected by this?
> 
> Thank you,
> Katie
> 
> 
> From: owner-m...@openbsd.org  on behalf of
> Aaron Mason  Sent: 03 April 2024 19:17
> To: misc@openbsd.org 
> Subject: Re: lcamtuf on the recent xz debacle
> 
> Attention : courriel externe | external email
> 
> On Sat, Mar 30, 2024 at 9:32 PM Peter N. M. Hansteen
>  wrote:
> >
> > "This dependency existed not because of a deliberate design decision
> > by the developers of OpenSSH, but because of a kludge added by some
> > Linux distributions to integrate the tool with the operating
> > system’s newfangled orchestration service, systemd."
> >  
> 
> As if I needed another reason to intensely dislike systemd...
> 
> --
> Aaron Mason - Programmer, open source addict
> I've taken my software vows - for beta or for worse
> 

Re: Mouse moving on its own, kbd typing on its own

[Eric Furman]

>> On Fri, March 8, 2024 4:43 pm, ofthecentury wrote:
>> > I have a USB mouse that starts to move a little
>> > on its own once in a while when I'm browsing the internet using chromium.
>> > My USB keyboard
>> > is also acting up...it just started typing spaces all of a sudden as I was
>> > typing up this email and wasn't reactive to any input until I unplugged it
>> >  and plugged it back in. Is it Chromium? Or is it OpenBSD? I think it's
>> > Chromium, but how to get to the bottom of it?
>> > I'm on OpenBSD 7.5 right now, but I've seen it
>> > on OpenBSD 7.4. And I've seen this on my Fedora 39 installation before, by
>> > the way. I think it's a major security flaw somewhere.

You don't happen to have an Xbox type controller plugged
into your computer by any chance do you?

Re: man.openbsd.org timing out via HTTP & HTTPS

[Eric Pruitt]

On Fri, Dec 29, 2023 at 02:46:39PM -0600, Tim Chase wrote:
> Not much to add to the subject.  For a couple days now, I've tried
> connecting via HTTP & HTTPS from various points around the internet
> and they all time out.  Sounds like something hung or accidentally
> lost power and needs a nudge.

Known issue:

- https://marc.info/?l=openbsd-misc=170301839017559=2
- https://marc.info/?l=openbsd-misc=170345453930038=2

Eric

termtypes.master glitch in building -current

[Eric Grosse]

When I've built -current on several machines recently, the procedure dies at
  ===> share/termtypes
  /usr/bin/tic -C -x /usr/src/share/termtypes/termtypes.master > termcap
  /usr/bin/tic -x -o terminfo /usr/src/share/termtypes/termtypes.master
  "/usr/src/share/termtypes/termtypes.master", line 4429,
   terminal 'mintty': error writing
/usr/obj/share/termtypes/terminfo/m/mintty
because at that point in the build tic has been recompiled but still lives
in /usr/obj/usr.bin/tic/tic.

A manual workaround is to install that new tic and restart the build.
A better fix would be to change /usr/src/share/termtypes/Makefile from
TIC=/usr/bin/tic to TIC=/usr/obj/usr.bin/tic/tic.
Or set PATH in the Makefile to have /usr/obj/usr.bin/tic before /usr/bin.
Or change the build sequence for when tic is installed.
Or just expect anyone building -current is competent to debug for themselves.

Re: Auto-install over network using UEFI

[Eric Elena]

On Thu, 23 Nov 2023 00:37:37 -0800 Nick Owens wrote:
> On Tue, Nov 21, 2023 at 7:03 PM Chris Narkiewicz  wrote:
> >
> > I'm experimentin with auto-install over network using linux libvirt
> > (qemu).
> >
> > I managed to load pxeboot in BIOS mode and I'm wondering if UEFI
> > is supported.
> >
> > According to this blog, I should load BOOTX64.EFI instead of pxeboot.
> >
> > https://eradman.com/posts/autoinstall-openbsd.html
> >
> > I was skeptical but tried it neverthekess and system immediately reboots 
> > after
> > probing disk:
> >
> > probing: p0 com0 mem[640K 2029M 9M 3M]
> > disk:BS->LocateHandle() returns 14
> > 
> >
> > Is it possible to net-boot installer in UEFI using QEMU?
> >
> > Cheers,
> > Chris
> >
> 
> i had some trouble getting PXE set up with dhcpd - see my mail from
> april, "dhcpd user-class and vendor-class".
> 
> i think there is also a bug in the EFI loader when run under OVMF as
> you experienced, but i never figured it out.

It works with QEMU, it took me around 2 minutes to boot a blank VM in
UEFI mode, auto-install it, reboot it and see the login prompt.

Error code 14 means "the item was not found", there is probably
something wrong with the VM/disk configuration.

Re: Change userland core dump location

[Eric Wong]

Stuart Henderson wrote:
> On 2023-09-13, Eric Wong  wrote:
> > Theo de Raadt wrote:
> >> There isn't a way.  And I will argue there shouldn't be a way to do that.
> >> I don't see a need to invent such a scheme for one user, when half a 
> >> century
> >> of Unix has no way to do this.
> >> Sorry.
> >
> > I have a different use case than Johannes but looking for a similar feature.
> > Maybe I can convince you :>
> >
> > For background, I develop multi-process daemons and OpenBSD is
> > the only platform I'm noticing segfaults on[1].
> >
> > The lack of PIDs in the core filenames means they can get
> > clobbered in parallel scenarios and I lose useful information.
> >
> > Sometimes, daemons run in / (or another unwritable directory);
> > and the core dump can't get written, at all.
> 
> If the daemons are changing uid, read about kern.nosuidcoredump
> in sysctl(8) (set the sysctl, mkdir /var/crash/progname, and
> it will write to $pid.core).

They aren't, they're all per-user.  I'm seeing core files from a
heavily-parallelized test suite[1].  Some processes can chdir to
/, some stay in their current dir, and some chdir into
short-lived temporary directories.

Thanks.

[1] The good news is the test suite passes; but the lone core dump
sometimes get tells me it's in the Perl destructor sequence.
I've been adding `END {}' blocks and explicit undefs but still
occasionally see a perl.core file after a run.  And even if
I don't see that file after a run, I wouldn't know if a core
dump failed in / or a temporary directory.

Re: Change userland core dump location

[Eric Wong]

Theo de Raadt wrote:
> There isn't a way.  And I will argue there shouldn't be a way to do that.
> I don't see a need to invent such a scheme for one user, when half a century
> of Unix has no way to do this.
> Sorry.

I have a different use case than Johannes but looking for a similar feature.
Maybe I can convince you :>

For background, I develop multi-process daemons and OpenBSD is
the only platform I'm noticing segfaults on[1].

The lack of PIDs in the core filenames means they can get
clobbered in parallel scenarios and I lose useful information.

Sometimes, daemons run in / (or another unwritable directory);
and the core dump can't get written, at all.

On Linux, I've set sys.kernel.core_pattern=/var/tmp/core and
sys.kernel.core_uses_pid=core_uses_pid[2] since the early 2000s
or so to minimize my chance of losing important core dumps.

Thanks for reading.


[1] something in Perl / DBD::SQLite destruction order; not sure
if it's down to the versions of the software packaged for
OpenBSD or something else.  I haven't seen it on Linux nor FreeBSD;
but yeah, Perl destruction with interelated XS objects graphs
get tricky...

[2] Nowadays, Linux core_pattern supports printf-like formats,
but I've been relying on it for longer.

> Johannes Thyssen Tishman  wrote:
> 
> > Hi everyone,
> > 
> > is there a way to configure a location to store userland core dumps?
> > I'd like to store them in /tmp to keep them available only until
> > the next reboot. This way I can avoid having core dumps, that
> > sometimes I don't even know about, scattered all over my home
> > directory.
> > 
> > I've read about 'sysctl kern.nosuidcoredump' in sysctl(8), but I
> > believe files stored under /var/crash/${program} are persistent
> > after reboots, right? Also, I know I can disable them from
> > /etc/login.conf, but I'd prefer to keep them at least until the
> > next reboot just in case.
> > 
> > I'm sure that there must be a reason for why OpenBSD defaults to
> > dumping core files like it does, so please let me know if what I'm
> > asking is a bad idea. I would really appreciate it.
> > 
> > Thank you.
> > 
> > Kind regards,
> > Johannes
> > 

Re: Does openBSD come with a web browser?

[Eric Demer]

Thankyou. As Allan mentioned, I will do more
searching regarding the laptop I might be buying.
 
Eric Demer

Re: Does openBSD come with a web browser?

[Eric Demer]

> > (I am considering getting a laptop with openBSD, but have
> > not yet done so, which is why I can't easily check on my own.)
> >  
> > Does openBSD come with a web browser?
> > The "the FAQ and" parts of https://www.openbsd.org/mail.html
> > suggest that it does, but I haven't found any more
> > detail regarding this at https://www.openbsd.org/ .
> 
> Quite frankly, if you're incapable of using one, I'd steer clear.
> The answer to this is the result of a very basic web search.
> Cheers!



Perhaps I should steer clear anyway, but what's probably
the reason I didn't find that answer may change things.

Specifically, do you find that information with a basic web search
while using none ofStackexchange , Reddit , Youtube , Google  ?

For the reasons explained in the following paragraphs, I am
not willing to use those four sites.  I still got into results saying
that one _can easily install_ Firefox on openBSD, and remember at
least one result saying that some people _use_ Lynx _on_ it, but those
didn't address whether there's one that comes _already_ installed.


I did go into results saying that one _can easily install_
Firefox on openBSD, and remember at least one result saying
that some people _use_ Lynx _on_ it, but those didn't
address whether there's one that comes _already_ installed.
The other search results (from using duckduckgo) I found
that mentioned openBSD - as opposed to just freeBSD -
were all from stackexchange and reddit and youtube.

I left Stackexchange when it adopted Terms according to which,
them changing those terms other than the arbitration clause
as I am scrolling a page on their site would result in
me being bound by whatever they changed the Terms to.
Since the trigger for those Terms was something like,
using their Network in any way, I have never intentionally
gone back there, and have left immediately when I've
accidentally when I've accidentally gone back there.
(In particular, if they no longer have
such Terms then I don't know that.)

My brief search for Reddit's Terms brought up Reddit
result previews suggesting that Reddit's Terms are also
such that according to them, using their site to view
their terms would constitute acceptance of those terms.
Furthermore, according to
https://github.com/OpenTermsArchive/contrib-versions
/blob/main/Reddit/Terms%20of%20Service.md
,  the changes provision in Reddit's Terms manages
to be even worse than that of Stackexchange's Terms:
Its change-acceptance is from access to or use of "the Services on or
after the Effective Date of the revised Terms", and it does not say
the Effective Date can't be _before_ the revised Terms were posted.

Youtube's Terms are better, but (0) it's Google, and
(1) the "launch a new product or feature" exception is
merely a timing restriction:  It's not limited to changes
that have anything else to do with the new product or feature.
Google's Terms seem to have the same changes provision.




Eric Demer

Does openBSD come with a web browser?

[Eric Demer]

(I am considering getting a laptop with openBSD, but have
not yet done so, which is why I can't easily check on my own.)
 
Does openBSD come with a web browser? The "the FAQ and" parts of
https://www.openbsd.org/mail.html suggest that it does, but I haven't
found any more detail regarding this at https://www.openbsd.org/ .
 
 
Eric Demer

Re: Temporary failure when sending emails to this mailing list

[Eric Furman]

Me, personally, I have blocked all email from .us domains.
I know that there are some emails from .us that are legitimate,
but after doing so the amount of Spam I have to deal with
dropped dramatically. In my experience 99.% of
emails from .us are SPAM.
You might want to invest in another email address.

On Mon, Jul 24, 2023, at 4:20 AM, Stuart Henderson wrote:
> On 2023-07-24, Jay F. Shachter  wrote:
>>
>> Centuries ago, Nostradamus predicted that Polarian would write on Sun Jul 23 
>> 21:44:34 2023:
>>> 
>>> I believe I have discussed this before, but when I email any openbsd
>>> mailing list (or email address) I get the "451 Temporary failure,
>>> please try again later."
> ...
>>> Although my emails eventually go through after about 20-40 minutes
>>> of waiting, it is still incredibly annoying about the length of time
>>> I have to wait for them to be delivered.
>
> Once you have successfully sent mail once from an IP, it will be allowed
> straight past the spamd greylisting for a period of time.
>
>> Are you sure that users of gmail and outlook don't have the same
>> problem?  If you're sure that they don't, it is most likely because
>> the SMTP server at mail.openbsd.org has put them in its whitelist.
>
> Either that or mail is sent often enough from their servers to
> openbsd.org that they tend to bypass spamd most of the time.
>
>> You didn't even mention the worst of it.  The first few times you
>> connect to mail.openbsd.org, the system administrator insults you.
>> 
>> Here is a verbatim quote from an early SMTP session between my
>> computer and mail.openbsd.org:
>>
>> 220 mail.openbsd.org ESMTP mail.openbsd.org; Wed Jul 12 12:55:35 2023
>> HELO m5.chicago.il.us
>> 250 Hello, spam sender. Pleased to be wasting your time.
>> MAIL FROM:
>> 250 You are about to try to deliver spam. Your time will be spent, for 
>> nothing.
>> RCPT TO:
>> 250 This is hurting you more than it is hurting me.
>> DATA
>> 451 Temporary failure, please try again later.
>
> Nothing to do with the sysadmin. See /usr/src/libexec/spamd/spamd.c.
>
>> I almost didn't join this mailing list when I saw that.  But then I
>> thought -- Why should I deprive myself of this mailing list, because
>> the system administrator of mail.openbsd.org is an a.e?
>
> I think you should retract that statement.
>
>
>
> -- 
> Please keep replies on the mailing list.

Re: Mail Etiquette: Reply above or below

[Eric Johnson]

--- Original Message ---
On Tuesday, March 7th, 2023 at 03:50, Peter N. M. Hansteen  
wrote:

> For whatever reason, Microsoft's Outlook or possibly earlier Microsoft mail
> client products dragged in a convention of quoting the whole thread (even 
> though
> those early clients did not in fact have the thread concept) and putting new
> text on top.

Don't forget AOL.  In the old UseNet days, AOLers seemed to 
be the ones who most insisted on top posting and it drove the
rest of us crazy.

I'm not positive, but I think that the AOL software handled 
the mail and Microsoft came around to it somewhat later.

I have come around to the point that I don't mind top posting 
if the remarks pretty much stand on their own and only address
a single point. It even saves scrolling down to the bottom to
read the comments, especially if the person being responded to
didn't snip those parts that don't really relate to the comments
being made.

But you are right that inline is the way to go for anything
suitably complicated in order to eliminate any chance of
someone else getting confused about what is being referred
to by the comment.

In one web forum that I participate in, there are a few users
who will quote the message being replied to and then insert
their comments intermixed within the quoted part instead of
separating the quotes out in pieces to avoid the reader from
being seriously confused over who said what.  I really hate
it when they do that.

So in response, I sometimes write my replies using the 
character code sequences such as  for J.  That way, it
forces those who can't be bothered to separate their comments
from the quoted text to keep their text separate.

I think that the main point is that the purpose of writing
is so that others may understand what you had to say. The
more difficult that someone makes it to decipher what they
wrote, the more people won't even bother with them.

Eric

Re: Ensuring data integrity

[Eric Johnson]

Raid Mirror?  I assume you mean Raid-1.

One of my brothers used to be a big fan of mirrors.  He somehow thought it was 
some kind of substitute for backing up his data.  Guess what?  He was wrong.

It is generally far better to put the effort into producing and maintaining 
proper backups.

Ask yourself what happens when someone writes a file to a mirror?  Answer: It 
means that both drives in the mirror will then contain the file.  If you make a 
mistake in the file, it means that you have the issue on both drives and no 
copy of the original file. What do you do if someone steals the computer? Or 
the building is wiped out in a fire or other disaster? Or if you drop the 
computer down an escalator (I saw someone do that once).

Not long ago, I meant to delete one directory containing less than 1 MB that 
was only intended to be temporary, but accidentally deleted another directory 
containing about 35 GB which was easily the most important data on my 
workstation. Fortunately, I have very good backups and recovered all but the 
most recent file within two hours. If I was depending on a mirror, I would have 
lost ten to fifteen years of work.

Create a mirror if you must (why not go to higher Raid levels instead?), but 
you still need to do backups unless the data is meaningless and/or unnecessary. 
 If you can lose your data without having any impact on your business at all, 
why even bother with a mirror?

Do not bet the business on a mirror instead of a backup.

Eric

--- Original Message ---
On Wednesday, February 15th, 2023 at 18:48, i...@tutanota.com 
 wrote:


> In the latest book by Michael Lucas, OpenBSD Mastery: Filesystems, Michael
> writes, "A filesystem should put data on disk. That data should be safely
> stored and reliably read. That's it. Error checking? Deduplication? No.
> The operating system has other tools for ensuring data integrity and
> compactness."
> 
> If I setup a couple of drives in a RAID mirror on OpenBSD to serve as
> a NAS box, what is the best way to ensure data integrity?
> 
> --
> Sent with Tutanota, enjoy secure & ad-free emails.

Re: (video) obsd install initial boot process slowed down

[Eric Elena]

On Fri, 6 Jan 2023 11:04:46 - (UTC) Stuart Henderson wrote:
> >> On 1/4/23 01:13, Sylvain Saboua wrote:
> >>> Hi, my openbsed (encrypted) install is functionning really
> >>> well, apart from one thing, that would signal a bug or smth:
> ..
> 
> On 2023-01-05, Sylvain Saboua  wrote:
> > https://youtu.be/lzGT1TAGG1Y
> 
> So just under 30 seconds. Not super fast but I don't think it signals a bug.

When I upgraded my VPS to 7.2 it took more than 10 minutes (no kidding)
to load the kernel and reach the "entry point at..." step after typing
my passphrase, then everything was normal. I only rebooted the OS to
either (7.2) bsd.rd or (7.2) bsd, I didn't try to turn the machine off
or boot another kernel after that. It was the first time I observed
such a thing with this instance in 6 years. Dmesg below just in case,
as it is a virtual machine there could be many reasons to explain this behavior.

OpenBSD 7.2 (GENERIC) #728: Tue Sep 27 11:49:18 MDT 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056813056 (1007MB)
avail mem = 1007554560 (960MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries)
bios0: vendor Vultr
bios0: Vultr VC2
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP APIC HPET WAET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Core Processor (Broadwell, no TSX, IBRS), 2400.56 MHz,
06-3d-02 cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 4MB
64b/line 16-way L2 cache, 16MB 64b/line 16-way L3 cache cpu0: smt 0,
core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88
fixed ranges cpu0: apic clock running at 1000MHz ioapic0 at mainbus0:
apid 0 pa 0xfec0, version 20, 24 pins acpihpet0 at acpi0: 1
Hz acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
cpu0: using Broadwell MDS workaround
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1
drive 0 scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int
11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03:
apic 0 int 9 iic0 at piixpm0
vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 56:00:00:6e:5b:9b
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio1
scsibus2 at vioblk0: 1 targets
sd0 at scsibus2 targ 0 lun 0: 
sd0: 25600MB, 512 bytes/sector, 52428800 sectors
virtio1: msix shared
virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory Balloon" rev
0x00 viomb0 at virtio2
virtio2: apic 0 int 10
virtio3 at pci0 dev 6 function 0 "Qumranet Virtio RNG" rev 0x00
viornd0 at virtio3
virtio3: apic 0 int 10
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1 uhidev0 at uhub0 port 1 configuration 1 interface 0
"QEMU QEMU USB Tablet" rev 2.00/0.00 addr 2 uhidev0: iclass 3/0
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
sd1 at scsibus4 targ 1 lun 0: 
sd1: 25595MB, 512 bytes/sector, 52419503 sectors
root on sd1a (e7c50e2c7957eecd.a) swap on sd1b dump on sd1b
fd0 at fdc0 drive 1: density unknown

Manpage of strlcat/strlcpy

[Eric Sanchis]

Dear Maintainer,

I have two remarks about:
https://man.openbsd.org/OpenBSD-5.9/strlcpy.3

(1) In the section “Return Values”, it is written:
n = strlcpy(dst, src, len);
n = snprintf(dst, len, "%s", src);
But len should not be a length but a size. This example can confuse
beginners. So I suggest the modifications:
n = strlcpy(dst, src, dstsize);
n = snprintf(dst, dstsize, "%s", src);

(2) In the section “Description”, it is written:
“They are designed to be safer, more consistent, and less error prone
replacements for the easily misused functions strncpy(3) and
strncat(3).”
It is not completely true: strncpy/strncat can copy/concatenate a
substring of src (the third parameter n means n bytes of src).
Strlcpy/strlcat cannot.

Sincerely yours,

Eric Sanchis
Associate Professor in Computer Science
University of Toulouse Capitole (IUT Rodez)
France

Re: OpenBSD 7.2 on VPS, routing via IPv6 gateway outside of interface prefix

[Eric JACQUOT]

> De: Michal Šmucr 
> Envoyé: lundi 7th novembre 2022 13:03
> À: misc@openbsd.org
> Sujet: OpenBSD 7.2 on VPS, routing via IPv6 gateway outside of interface 
> prefix
> 
> Hello to all,
> 
> I'm looking for possible opinions or advice regarding IPv6 setup at new VPS.
> Probably the most common approach is a VPS provider gives you /64
> prefix length with gateway within the subnet.
> Works everywhere, it's also the smallest usable prefix length for use
> with SLAAC.
> However in this case, the VPS has /121 prefix length and its gateway
> is outside of the subnet.
> Something like this:
> VPS IP: 2001:db8:efef::d9e:18d2:b761:0/121
> GW: 2001:db8:efef::1/48


Hi,

Could you try with this inet6 conf in your /etc/hostname.vio0 :

inet6  [yourvpsipv6] 121
!route add -inet6 -net 2001:db8:efef::1/128 -cloning -link -iface vio0
!route add -inet6 default 2001:db8:efef::1

Be aware of icmpv6 filtering in your pf.conf.

Regards,


--
Eric Jacquot

Re: How to track system changes?

[Eric Thomas]

Very valuable insights. That’s a great idea. 

The rysnc script was ksh/bash or cron? Ideally I’d like to use Python to tackle 
something like this but I’m not against learning shell. 


> On Apr 4, 2022, at 2:02 PM, Nick Holland  wrote:
> 
> On 4/4/22 11:32 AM, Eric Thomas wrote:
>> I want to have a high degree of confidence in my system's state
>> (packages that have been added, configs that have changed, permissions
>> changed, etc). I've read about "read only filesystems" and the
>> pro's/con's [here](http://geodsoft.com/howto/harden/OpenBSD/no_changes.htm).
>> Aside from that, is there a way to...
>> 1. ...hash the file system in some way and monitor for changes? OR
>> 2. ...somehow review changes that have taken place (a log somewhere)?
>> The goal is to concretely know whether the state of the system has
>> changed, then point to what EXACTLY has changed.
>> Anyone doing something similar?
>> Thank you
> 
> Something I came up with which worked out really well at my employer was
> a backup system that used rsync and the --link-dest option to make a useful
> rotated disk-based backup of current systems.  When they said, "We want some
> kind of file integrity monitoring system", I puzzled over all kinds of ways
> to look for altered files...but it suddenly hit me -- I HAD a list of all the
> altered files -- the output of the rsync --link-dest backup run!
> 
> Took that output, ran it through a "grep -vf exclusionlist", where
> "exclusionlist" was a list of files (in regex form) I EXPECTED change on...and
> I had a daily output of all unexpected changed files.  I called it the
> "File Alteration Reporting Tool", but my coworkers thought another name would
> be more appropriate for some reason. :D
> 
> It was really quite interesting.  Never found a real security breach (yay),
> but learned a LOT of new things about the software running on our systems,
> and to the point -- we found a few things that prompted us to go kicking trees
> to find out what someone had done that we weren't aware of.  I call that 
> success.
> 
> Yes, I'm working on re-doing it (i.e., clean slate so my (former)employer has
> no gripes (and no internal information disclosure), but if you are adept at
> scripting, it wasn't too difficult.
> 
> Nick.
> 

How to track system changes?

[Eric Thomas]

I want to have a high degree of confidence in my system's state
(packages that have been added, configs that have changed, permissions
changed, etc). I've read about "read only filesystems" and the
pro's/con's [here](http://geodsoft.com/howto/harden/OpenBSD/no_changes.htm).

Aside from that, is there a way to...

1. ...hash the file system in some way and monitor for changes? OR
2. ...somehow review changes that have taken place (a log somewhere)?

The goal is to concretely know whether the state of the system has
changed, then point to what EXACTLY has changed.

Anyone doing something similar?

Thank you

Internal Logging?

[Eric Thomas]

I'd like to understand more about how OpenBSD logs internal events such as:

- pkg_add/delete events
- user logins
- X session start/stops
etc.

Is there "one big log" where all of these types of events are stored?
Or are they logged in specific directories depending on log type?
Which log directories do you monitor?

Thank you!

Re: How to rebuild the ports tree?

[Eric Thomas]

@Stuart

Disregard! I see now that the `make FETCH_PACKAGES= install` installed
everything. I assumed it would get the large packages only.

Looks like running `unifi info` yields all relevant info.

Thank you very much for the patience and expertise.

On Sat, Apr 2, 2022 at 6:16 PM Eric Thomas  wrote:
>
> @Stuart
>
> > I really recommend using FETCH_PACKAGES
>
> Thank you for the (repeated!) recommendation to use `make
> FETCH_PACKAGES= install`. I had originally tried the command but
> missed that CRITICAL space ' ' between `=` and `install`. Now that I
> have that corrected, the `make` went very quickly.
>
> >"pkg_info | grep unifi" will show some output if it is installed
>
> Nice! After running `make`, `pkg_info | grep unifi` shows:
> "unifi-6.2.26 controller for Ubiquit..."
>
> Last(?) issue:
> Running `pkg_add unifi` (or `unifi-6.2.26`) from
> `/urs/ports/net/unifi/6.2` results in:
> "quirks-4.54 signed on 2022-03-26T14:02:422
> Can't find unifi"
>
> How do I get the custom build to a location where pkg_add can "see it"?
>
> On Fri, Apr 1, 2022 at 8:30 AM Stuart Henderson
>  wrote:
> >
> > On 2022-04-01, Eric Thomas  wrote:
> > > @Crystal
> > >
> > >> If you want to work with the ports tree, it's _much_ better to set up
> > >> DPB than just running 'make' in the various directories:
> > >
> > > Very cool blog! I def spent some time reading. The dpb method feels
> > > like a litle too advanced for me at this moment. I'm struggling to
> > > get this UniFi port built using the standard setup.
> >
> > The only places I use dpb are 1) for bulk builds, i.e. building the
> > whole set of ports in one go, and 2) if I want to download all the
> > distfiles (source code to all the ports) if I want to run a search
> > over it all.
> >
> > It's useful but I would not describe it as useful for what most people
> > need to do with the ports tree.
> >
> > > @Stuart
> > >
> > > 1. I was able to restore a previous checkpoint (I'm in a virtual
> > > machine) where the port tree was freshly installed.
> > > 2. I ran `make install` in the correct directory ( thank you:
> > > `/usr/ports/net/unifi/6.2`) and piped the results to a log.txt file.
> >
> > I really recommend using FETCH_PACKAGES so you aren't spending hours
> > building difficult-to-build ports needlessly, unifi itself cannot be
> > distributed as packages, but the other software which it requires aren't
> > a problem.  i.e. this bit from my mail:
> >
> > >> memory limits, you probably want to install those from packages instead
> > >> ("make FETCH_PACKAGES= install" should do that - the unifi port would
> > >> have displayed a hint about this when you ran "make").
> >
> >
> > > 3. I wish I could figure out how to get the dang log.txt file out of
> > > the OpenBSD VM (email?, USB thumbdrive?, other?) and into your hands!
> >
> > the easiest options are based around connecting to the machine by ssh
> > e.g.
> >
> > - ssh in, copy and paste from the terminal
> > - scp or sftp the file to another machine
> >
> > > - Seems like an act of congress to setup external email. At least
> > > I can't find a simple example on the web
> >
> > either use a mail client that can connect to your mail server directly,
> > or use something like this
> > https://blog.joelg.net/post/2020-09-20-setting-up-opensmtpd-with-an-external-relay/
> >
> > if you need to use a From address that is something other than
> > @ then it gets more complicated
> >
> > > - It'll probably be easier for me to determine how to add USB
> > > drives to the VM (working on it)
> > > 4. I can't tell whether the `make install` worked or not
> >
> > "pkg_info | grep unifi" will show some output if it is installed
> >

Re: How to rebuild the ports tree?

[Eric Thomas]

@Stuart

> I really recommend using FETCH_PACKAGES

Thank you for the (repeated!) recommendation to use `make
FETCH_PACKAGES= install`. I had originally tried the command but
missed that CRITICAL space ' ' between `=` and `install`. Now that I
have that corrected, the `make` went very quickly.

>"pkg_info | grep unifi" will show some output if it is installed

Nice! After running `make`, `pkg_info | grep unifi` shows:
"unifi-6.2.26 controller for Ubiquit..."

Last(?) issue:
Running `pkg_add unifi` (or `unifi-6.2.26`) from
`/urs/ports/net/unifi/6.2` results in:
"quirks-4.54 signed on 2022-03-26T14:02:422
Can't find unifi"

How do I get the custom build to a location where pkg_add can "see it"?

On Fri, Apr 1, 2022 at 8:30 AM Stuart Henderson
 wrote:
>
> On 2022-04-01, Eric Thomas  wrote:
> > @Crystal
> >
> >> If you want to work with the ports tree, it's _much_ better to set up
> >> DPB than just running 'make' in the various directories:
> >
> > Very cool blog! I def spent some time reading. The dpb method feels
> > like a litle too advanced for me at this moment. I'm struggling to
> > get this UniFi port built using the standard setup.
>
> The only places I use dpb are 1) for bulk builds, i.e. building the
> whole set of ports in one go, and 2) if I want to download all the
> distfiles (source code to all the ports) if I want to run a search
> over it all.
>
> It's useful but I would not describe it as useful for what most people
> need to do with the ports tree.
>
> > @Stuart
> >
> > 1. I was able to restore a previous checkpoint (I'm in a virtual
> > machine) where the port tree was freshly installed.
> > 2. I ran `make install` in the correct directory ( thank you:
> > `/usr/ports/net/unifi/6.2`) and piped the results to a log.txt file.
>
> I really recommend using FETCH_PACKAGES so you aren't spending hours
> building difficult-to-build ports needlessly, unifi itself cannot be
> distributed as packages, but the other software which it requires aren't
> a problem.  i.e. this bit from my mail:
>
> >> memory limits, you probably want to install those from packages instead
> >> ("make FETCH_PACKAGES= install" should do that - the unifi port would
> >> have displayed a hint about this when you ran "make").
>
>
> > 3. I wish I could figure out how to get the dang log.txt file out of
> > the OpenBSD VM (email?, USB thumbdrive?, other?) and into your hands!
>
> the easiest options are based around connecting to the machine by ssh
> e.g.
>
> - ssh in, copy and paste from the terminal
> - scp or sftp the file to another machine
>
> > - Seems like an act of congress to setup external email. At least
> > I can't find a simple example on the web
>
> either use a mail client that can connect to your mail server directly,
> or use something like this
> https://blog.joelg.net/post/2020-09-20-setting-up-opensmtpd-with-an-external-relay/
>
> if you need to use a From address that is something other than
> @ then it gets more complicated
>
> > - It'll probably be easier for me to determine how to add USB
> > drives to the VM (working on it)
> > 4. I can't tell whether the `make install` worked or not
>
> "pkg_info | grep unifi" will show some output if it is installed
>

Re: How to rebuild the ports tree?

[Eric Thomas]

@Crystal

> If you want to work with the ports tree, it's _much_ better to set up
> DPB than just running 'make' in the various directories:

Very cool blog! I def spent some time reading. The dpb method feels
like a litle too advanced for me at this moment. I'm struggling to
get this UniFi port built using the standard setup.
---

@Stuart

1. I was able to restore a previous checkpoint (I'm in a virtual
machine) where the port tree was freshly installed.
2. I ran `make install` in the correct directory ( thank you:
`/usr/ports/net/unifi/6.2`) and piped the results to a log.txt file.
3. I wish I could figure out how to get the dang log.txt file out of
the OpenBSD VM (email?, USB thumbdrive?, other?) and into your hands!
- Seems like an act of congress to setup external email. At least
I can't find a simple example on the web
- It'll probably be easier for me to determine how to add USB
drives to the VM (working on it)
4. I can't tell whether the `make install` worked or not
- Running `pkg_add unifi` results in:
- 'quirks-4.54 signed on 2022-03-26T14:02:42Z /n Can't find unifi`


On Thu, Mar 31, 2022 at 5:53 PM Stuart Henderson
 wrote:
>
> On 2022-03-31, Eric Thomas  wrote:
> > --c9bb7b05db88e7ee
> > Content-Type: text/plain; charset="UTF-8"
> >
> > I'm stuck. I need to install the UniFi 6.2.26 port, I used the [FAQ to
> > setup the ports tree](https://www.openbsd.org/faq/ports/ports.html).
> > This seemed to work just fine. However, the last few messages in the
> > `make install` output showed errors. To debug the issue, I decided to
> > completely uninstall the UniFi port then pipe the `make install`
> > output to a log.txt.
>
> As you mentioned 6.2 and this shows 5.6 you'll want to cd into the
> relevant subdirectory of /usr/ports/net/unifi.
>
> Compiling mongodb and java aren't very much fun and may need raised
> memory limits, you probably want to install those from packages instead
> ("make FETCH_PACKAGES= install" should do that - the unifi port would
> have displayed a hint about this when you ran "make").
>
> > To uninstall:
> >
> > - TRIED: `make uninstall`
> > - ERROR: `make: don't know how to make uninstall`
>
> This would be "make deinstall", but it isn't installed yet, what you
> showed is where it was trying to compile/install the dependencies.
>
> > Content-Type: image/png; name="image.png"
>
> Hopefully that will help, if not please copy the text from a terminal
> rather than send a screenshot, it may be helpful to scroll up a bit
> to show preceding lines too.
>

How to rebuild the ports tree?

[Eric Thomas]

I'm stuck. I need to install the UniFi 6.2.26 port, I used the [FAQ to
setup the ports tree](https://www.openbsd.org/faq/ports/ports.html).
This seemed to work just fine. However, the last few messages in the
`make install` output showed errors. To debug the issue, I decided to
completely uninstall the UniFi port then pipe the `make install`
output to a log.txt.

To uninstall:

- TRIED: `make uninstall`
- ERROR: `make: don't know how to make uninstall`

- TRIED:
  - `make clean`
  - `pkg_delete -a`
  - `make clean=dist`
  - `make clean=packages`
  - `make install`
- ERRORS: MANY (attached)

The question is, how to I just rebuild the ports tree and/or get it
back in a known good state?

How to determine if WiFi AP is compatible?

[Eric Thomas]

I'm trying to determine if a WiFi AP is compatible with OpenBSD. For
example, checking the [Wireless FAQ's](
https://www.openbsd.org/faq/faq6.html#Wireless), I don't see whether the
chipset used by the [UniFi Access Point WiFe 6 Pro](
https://dl.ui.com/ds/u6-pro_ds.pdf) is compatible or not.

I want to know if I need use a particular [switch](
https://store.ui.com/collections/unifi-network-switching/products/usw-lite-16-poe)
to plug the WiFi AP into, or whether I can plug the WiFi AP directly into
the OpenBSD server.

Sheet of music:
https://i.stack.imgur.com/IkBMf.png

OpenBSD Home Server + Workstation on same machine?

[Eric Thomas]

Hello,

I'd like to learn about secure networking (PKI, x509 certs, DNS, IPS, etc.)
and generally
harden my home network using OpenBSD. Can I use OpenBSD services AND have
it act as a desktop workstation on the same machine?

Ref:
https://superuser.com/questions/1712101/openbsd-home-server-workstation-on-same-machine

Thanks,
Eric

Re: Why is tmpfs not working on OpenBSD?

[Eric Furman]

On Mon, Sep 6, 2021, at 8:44 PM, iio7 wrote:
> On Monday, September 6th, 2021 at 12:50 PM, Marc Espie  
> wrote:
> 
> > On Sun, Sep 05, 2021 at 10:12:33PM +, iio7 wrote:
> >
> > > > On 2021-09-05, iio7 <
> > > >
> > > > i...@protonmail.com
> > > >
> > > > wrote:
> > > >
> > > > > mount -t tmpfs tmpfs /home/foo/tmp/
> > > > > ===
> > > > >
> > > > > mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported
> > >
> > > > It isn't built into the standard kernels, disabled with this commit::
> > >
> > > > revision 1.229
> > > >
> > > > date: 2016/07/25 19:52:56
> > > >
> > > > disable tmpfs because it receives zero maintainance.
> > >
> > > Why isn't it removed? It is kinda "misguiding".
> >
> > There might be hope that someone who has the time would do proper
> >
> > maintenance...
> 
> That's fine. I just naturally assumed that something like this would
> be mentioned in the man page, or on the FAQ or somewhere else, which
> is where I looked. When I didn't find anything I just assumed that
> there where something wrong with my system or setup. I didn't even
> consider searching the mailing list because I would never had guessed
> that OpenBSD was in this state. Over the years I have come to know
> OpenBSD for its prime documentation. Shipping a solution in the base
> that isn't working is not what I normally connect with OpenBSD.
> 
> 

It would be helpful if the mount_tmpfs man page mentioned that it is
no longer supported. Seems like that man page was last updated in
November 16, 2014.

Re: Does intel(4) support Iris Xe Graphics?

[Eric Auge]

Hello,

Experiencing something similar with a similar machine: x1 carbon gen 9 with
an Intel Iris Xe.
I am running -current/amd64 from April 25th on this machine.
No kernel panics here, but almost impossible to use Xorg, it hangs and I
have to restart it all (Ctrl + Alt + Backspace),
it behaves like this more or less randomly, but happens within 5 minutes of
a valid session (after login to xenodm, opening terminals, browser, etc..)
the following messages are in the kernel messages/logs:

drm:pid593:intel_cpu_fifo_underrun_irq_handler *ERROR* [drm] *ERROR* CPU
pipe A FIFO underrun
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
i915_vma_coredump_create: stub
pool_fini: stub
drm:pid23016:intel_engine_reset *NOTICE* Resetting rcs0 for stopped
heartbeat on rcs0
drm:pid23016:mark_guilty *NOTICE* Xorg[86272] context reset due to GPU hang

I've attached a dmesg, just wanted to comment on this report as it "seems"
similar.
About to properly send this to bugs@ in a separate email (with acpidump,
pcidump, blablabla sendbug(1)).

Regards,
Eric.

On Tue, 6 Apr 2021 at 09:36, Michel von Behr  wrote:

> Hi - (not a dev, just trying to use OpenBSD snapshot) whenever I try to
> launch Xorg, either via xenodm or startx, I'm getting a kernel panic,
> like "pool_do_get:
> drmobj : page empty" (I already sent an e-mail [1] to b...@openbsd.org
> with
> dmesg and all).
>
> I'm wondering if the problem could be with my video card, Intel Iris Xe?
> Even though dmesg shows that is was detected and should (?) be working. But
> I can't find a reason why my laptop would not run Xorg.
>
> inteldrm0 at pci0 dev 2 function 0 "Intel Xe Graphics" rev 0x01
> drm0 at inteldrm0
> inteldrm0: msi, TIGERLAKE, gen 12
>
>
> Any pointing to the right direction would be appreciated. (If this problem
> relates to Xorg specifically and not to OpenBSD please let me know).
>
> [1] https://marc.info/?l=openbsd-bugs=161754767328009=2
>
> Regards,
>
> Michel
>
OpenBSD 6.9-current (GENERIC.MP) #477: Sat Apr 24 16:08:13 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34031988736 (32455MB)
avail mem = 32985214976 (31457MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x8fcb1000 (76 entries)
bios0: vendor LENOVO version "N32ET47W (1.23 )" date 03/26/2021
bios0: LENOVO 20XWCTO1WW
acpi0 at bios0: ACPI 6.1
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT TPM2 SSDT ECDT HPET APIC MCFG SSDT 
SSDT SSDT NHLT SSDT SSDT SSDT LPIT WSMT SSDT DBGP DBG2 POAT SSDT BATB DMAR SSDT 
ASF! BGRT PTDT UEFI FPDT
acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEGP(S4) XHCI(S3) XDCI(S4) 
HDAS(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) 
PXSX(S4) RP05(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 1920 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz, 41672.71 MHz, 06-8c-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,AVX512IFMA,CLFLUSHOPT,CLWB,PT,AVX512CD,SHA,AVX512BW,AVX512VL,AVX512VBMI,UMIP,PKU,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 256KB 64b/line disabled L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 38MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.1.2.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz, 2893.34 MHz, 06-8c-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,AVX512IFMA,C

Re: static IPv6 config on OVH dedicated server

[Eric JACQUOT]

Hi,

My bad... I finally read more man pages about ip6, route, trying to understand 
their network topology...

New config for ovh ipv6 with a prefixlen 64.

Example /etc/hosname.if :

inet6 2607:5300:60:62ac:: 64 
!route add -inet6 -net 2607:5300:60:62ff::/64 -cloning -link -iface ix0
!route add -inet6 default 2607:5300:60:62ff:ff:ff:ff:ff

I ran with it from 2 days and test with a reboot today. All is up and works 
good.

Dealing with a /56 config is a bad workaround as you will not be able to reach 
other /64 subnets in the /56.

The NDP works fine now.  

If this can help other people using ovh dedicated hosts,

Cheers,

Re: static IPv6 config on OVH dedicated server

[Eric JACQUOT]

Forgot this. 1 hour later It sucks again
. What a fucking network :(


-Message initial-
> De: Eric JACQUOT 
> Envoyé: lundi 12 avril 2021 0:13
> À: Piotr Isajew ; misc@openbsd.org
> Sujet: RE: static IPv6 config on OVH dedicated server
> 
> Hi Piotr,
> 
> -Message initial-
> > De: Piotr Isajew 
> > Envoyé: vendredi 9 avril 2021 22:59
> > À: misc@openbsd.org
> > Sujet: static IPv6 config on OVH dedicated server
> > 
> > Hi, 
> > 
> > I'm struggling to configure IPv6 for my fresh OpenBSD 6.8
> > installation running on OVH (soyoustart.com) dedicated server.
> > 
> > What I get from the ISP is the /64 address pool.
> > OVH requires static configuration with gateway outside of the
> > assigned subnet. According to their docummentation:
> > 
> >  The default gateway for your IPv6 block (IPv6_GATEWAY) is always
> >  ...xxFF:FF:FF:FF:FF.
> > 
> >  For example:
> > 
> >  The IPv6 address of the server is 2607:5300:60:62ac::/64. The
> >  IPv6_GATEWAY will therefore be 2607:5300:60:62FF:FF:FF:FF:FF.
> 
> 
> A decade ago, I tried to configure OVH ipv6 and give up after an headhache
> to use an ugly /56.
> I never try again to deal with a /64 and an outside gateway since your mail.
> Then I tried again with a fucking headache. But thanks to you. I solved my
> misconfigured problem.
> 
> Before you test, stay with your /56 and try to list the mac address of your
> default gateway with :
> 
> # ndp -a
> 
> You will see the MAC address you will need for your /etc/hostname.if (this
> is an example for the ip6 part)
> 
> ...
> inet6 2607:5300:60:62ac:: 64 
> !route add -inet6 2607:5300:60:62ff:ff:ff:ff:ff/128 -link -static -iface ix0
> !route add -inet6 default 2607:5300:60:62ff:ff:ff:ff:ff
> #replace XX:XX:XX:XX:XX:XX with the gw mac address :
> !ndp -s 2607:5300:60:62ff:ff:ff:ff:ff XX:XX:XX:XX:XX:XX proxy
> #EOF
> 
> 
> This will work as expected. 
> 
> 
> Cheers,

Re: static IPv6 config on OVH dedicated server

[Eric JACQUOT]

Hi Piotr,

-Message initial-
> De: Piotr Isajew 
> Envoyé: vendredi 9 avril 2021 22:59
> À: misc@openbsd.org
> Sujet: static IPv6 config on OVH dedicated server
> 
> Hi, 
> 
> I'm struggling to configure IPv6 for my fresh OpenBSD 6.8
> installation running on OVH (soyoustart.com) dedicated server.
> 
> What I get from the ISP is the /64 address pool.
> OVH requires static configuration with gateway outside of the
> assigned subnet. According to their docummentation:
> 
>  The default gateway for your IPv6 block (IPv6_GATEWAY) is always
>  ...xxFF:FF:FF:FF:FF.
> 
>  For example:
> 
>  The IPv6 address of the server is 2607:5300:60:62ac::/64. The
>  IPv6_GATEWAY will therefore be 2607:5300:60:62FF:FF:FF:FF:FF.


A decade ago, I tried to configure OVH ipv6 and give up after an headhache to 
use an ugly /56.
I never try again to deal with a /64 and an outside gateway since your mail.
Then I tried again with a fucking headache. But thanks to you. I solved my 
misconfigured problem.

Before you test, stay with your /56 and try to list the mac address of your 
default gateway with :

# ndp -a

You will see the MAC address you will need for your /etc/hostname.if (this is 
an example for the ip6 part)

...
inet6 2607:5300:60:62ac:: 64 
!route add -inet6 2607:5300:60:62ff:ff:ff:ff:ff/128 -link -static -iface ix0
!route add -inet6 default 2607:5300:60:62ff:ff:ff:ff:ff
#replace XX:XX:XX:XX:XX:XX with the gw mac address :
!ndp -s 2607:5300:60:62ff:ff:ff:ff:ff XX:XX:XX:XX:XX:XX proxy
#EOF


This will work as expected. 


Cheers,

Re: static IPv6 config on OVH dedicated server

[Eric JACQUOT]

Hi Piotr,



You have to configure your if with a /56 mask and then you will be able reach 
the ipv6 gateway.



Remember to accord your pf rules to allow required icmpv6 types.



Cheers,




--
Eric JACQUOT

De : Piotr Isajew 
Envoyé : vendredi 9 avril 2021 22:59
À : misc@openbsd.org
Objet : static IPv6 config on OVH dedicated server



Hi,

I'm struggling to configure IPv6 for my fresh OpenBSD 6.8
installation running on OVH (soyoustart.com) dedicated server.

What I get from the ISP is the /64 address pool.
OVH requires static configuration with gateway outside of the
assigned subnet. According to their docummentation:

 The default gateway for your IPv6 block (IPv6_GATEWAY) is always
 ...xxFF:FF:FF:FF:FF.

 For example:

 The IPv6 address of the server is 2607:5300:60:62ac::/64. The
 IPv6_GATEWAY will therefore be 2607:5300:60:62FF:FF:FF:FF:FF.

My problem is how to properly configure the route to their
gateway. I'm trying i.e.:

 ifconfig ix0 inet6 alias 2607:5300:60:62ac:: prefixlen 64
 route add -inet6 -host 2607:5300:60:62FF:FF:FF:FF:FF -llinfo \
  -link -iface ix0

but it doesn't work:

 ping6 2607:5300:60:62FF:FF:FF:FF:FF

 ping6: sendmsg: Invalid argument

I know, that if I shrink the prefix to 56, the gateway starts to
be directly reachable and then it responds to pings.  I just
wonder if there is a way to make the gateway reachable with
proper prefix on the interface.

Re: static IPv6 config on OVH dedicated server

[Eric JACQUOT]

Too fast


You will never reach an outside gateway.


--
Eric JACQUOT

De : Eric JACQUOT
Envoyé : vendredi 9 avril 2021 23:55
À : Piotr Isajew; misc@openbsd.org
Objet : Re: static IPv6 config on OVH dedicated server



Hi Piotr,



You have to configure your if with a /56 mask and then you will be able reach 
the ipv6 gateway.



Remember to accord your pf rules to allow required icmpv6 types.



Cheers,




--
Eric JACQUOT

De : Piotr Isajew 
Envoyé : vendredi 9 avril 2021 22:59
À : misc@openbsd.org
Objet : static IPv6 config on OVH dedicated server



Hi,

I'm struggling to configure IPv6 for my fresh OpenBSD 6.8
installation running on OVH (soyoustart.com) dedicated server.

What I get from the ISP is the /64 address pool.
OVH requires static configuration with gateway outside of the
assigned subnet. According to their docummentation:

 The default gateway for your IPv6 block (IPv6_GATEWAY) is always
 ...xxFF:FF:FF:FF:FF.

 For example:

 The IPv6 address of the server is 2607:5300:60:62ac::/64. The
 IPv6_GATEWAY will therefore be 2607:5300:60:62FF:FF:FF:FF:FF.

My problem is how to properly configure the route to their
gateway. I'm trying i.e.:

 ifconfig ix0 inet6 alias 2607:5300:60:62ac:: prefixlen 64
 route add -inet6 -host 2607:5300:60:62FF:FF:FF:FF:FF -llinfo \
  -link -iface ix0

but it doesn't work:

 ping6 2607:5300:60:62FF:FF:FF:FF:FF

 ping6: sendmsg: Invalid argument

I know, that if I shrink the prefix to 56, the gateway starts to
be directly reachable and then it responds to pings.  I just
wonder if there is a way to make the gateway reachable with
proper prefix on the interface.

pf on bridge interface not working

[Eric Zylstra]

This came through to me from the list with “no content”, so I’m trying again.
——

My box has three interfaces, dc0 to manage, em0 and em1 for bridging external 
LAN to internal LAN. 

hostname.em0: up 
hostname.em1: up 
hostname.bridge0: add em0 add em1 up 

Bridge works, traffic flows across no problem. 

Add filtering. 
 pf.conf: 
filtered = "{ em1 }”
not_filtered = "{ lo, dc0, em0, bridge0 }”
block log on $filtered 
set skip on $not_filtered

`doas pfctl -sr`
block drop log on em1 all

`tcpdump -nettti pflog0` shows lots of filtered packets. Traffic is blocked.

-But- 
make one simple change to filter on the bridge0 interface— 

pf.conf: 
filtered = "{ bridge0 }”
not_filtered = "{ lo, dc0, em0, em1 }” 
block log on $filtered 
set skip on $not_filtered 

`doas pfctl -sr`
block drop log on bridge0 all

traffic is NOT blocked and everything flows right on through. (!?) 
`tcpdump -nettti pflog0` shows no packets being filtered.

Am I overlooking something?

E

Re: pf on bridge interface not working

[Eric Zylstra]

pf on bridge interface not working

[Eric Zylstra]

Re: File this bug, or not?

[Eric Zylstra]

So you would expect a kernel panic when a live drive gets pulled from a RAID5?

Sent from my iPhone

> On Jan 20, 2021, at 7:12 AM, Stuart Henderson  wrote:
> 
> On 2021-01-19, Jordan Geoghegan  wrote:
>> 
>>> On 1/18/21 2:47 PM, Eric Zylstra wrote:
>>> I’ve set up a 6 drive RAID-5. Just for the experience of degrading
>>> and rebuilding the RAID, I popped a drive out. Within a few seconds the
>>> machine kerneled and dropped into ddb. Is there any chance this would be
>>> expected considering the machine’s SATA is not hot-swappable?
>>> 
>>> I’m looking into setting up a serial connection so I can capture the
>>> debut output (I already have photos of the traces for all 8 CPU, but
>>> would like to give serial output instead). I would not file a report if
>>> this behavior falls into “not great, but expected”.
> 
> Assume this is softraid rather than one of the supported hardware
> RAID options which usually work ok with hotswap most of the time.
> 
>> Just thought I'd chip in here too FWIW:
>> 
>> I've never successfully hot swapped a drive with OpenBSD before.
>> I have hardware that does it fine on Linux, but fails on OpenBSD. I
>> haven't caused the kernel to panic when pulling a drive, but the OS
>> fails to detect any newly attached SATA or SAS drives. It's certainly
>> caused some frustration when trying to rebuild a RAID array on a
>> production machine. Maybe I just have wonky hardware, but I've tried
>> this on a number of releases, on several different pieces of hardware,
>> on several different arches. I have no solution to offer, just thought
>> I'd share my experience with hot swapping drives on OpenBSD.
> 
> Even if you do have a proper hotswappable drive chassis or external
> SCSI or whatever, there's no way to rescan drives on OpenBSD.
> 
> 

File this bug, or not?

[Eric Zylstra]

Misc,

I’ve set up a 6 drive RAID-5.  Just for the experience of degrading and 
rebuilding the RAID, I popped a drive out.  Within a few seconds the machine 
kerneled and dropped into ddb.  Is there any chance this would be expected 
considering the machine’s SATA is not hot-swappable?

I’m looking into setting up a serial connection so I can capture the debut 
output (I already have photos of the traces for all 8 CPU, but would like to 
give serial output instead).  I would not file a report if this behavior falls 
into “not great, but expected”.

Thanks,

EZ

Re: Reinstall to upgrade

[Eric Furman]

On Sat, Nov 28, 2020, at 9:40 AM, Gregory Edigarov wrote:
> 
> 
> On 11/25/20 3:26 PM, Manuel Giraud wrote:
> > Hi,
> >
> > I'd like to upgrade (on -current) and, in the process, remove some cruft
> > accumulated over the years. I usually do sysupgrade and sysclean for
> > system.
> >
> > But for packages, I think I would be better to reinstall everything
> > since "pkg_check -F" does not seems to complain and I can see I have,
> > for example, some firefox-57 files left.
> >
> > I think I could do the following but I don't know if it is safe:
> > - sysupgrade (+ sysclean)
> > - pkg_info -mz > mypkg
> > - umount /usr/local
> > - newfs partition_of_usr_local
> > - mount /usr/local
> > - pkg_add -l mypkg
> >
> > Or maybe, I should dump, do a complete reinstall, pkg_add -l mypkg,
> > restore /home and, tediously, restore some /etc files.
> > How would you do this?
> Here's what I found easy to do periodically on my home computers, when I
> feel it is a time to de-clutter:
> 
> #!/bin/sh
> rm -rf /usr/local/*  /var/db/pkg/* /var/db/pkg/.* /etc/rc.d/*_daemon
> /etc/rc.d/avahi* 
> for i in \
> adobe-source-code-pro \
> ansible \
> borgbackup \
> chromium \
> emacs--gtk3 \
> gnupg-- \
> dmenu \
> firefox \
> thunderbird \
> rsync-- \
> git \
> gpicview \
> go \
> rust \
> inconsolata-font \
> ipcalc \
> mplayer \
> mtr-- \
> nmap \
> ntfs_3g \
> openvpn \
> pidgin-- \
> pv \
> spectrwm \
> splint \
> tcptraceroute \
> telegram-purple \
> terminus-font \
> transmission \
> vim--gtk2 \
> xpdf \
> zsh ; do pkg_add  -v $i; done
> 
> so when I am running it I am easily getting the system which I have most
> essential software installed.
> 
>

If you are going to do all that you might as well just re-install from scratch.

Re: How do I get the man page for a package I haven't installed yet?

[Eric Furman]

Let us say just for example I am running Mono on Windows OS.
If I need to look at docs would I go to Microsoft.com?
Of course I wouldn't. That would be silly. I would go to Mono's
website. So why would people think that all the ports docs should
be at OpenBSD.com?

Re: How do I get the man page for a package I haven't installed yet?

[Eric Furman]

On Tue, Jun 23, 2020, at 2:20 PM, Theo de Raadt wrote:
> Ottavio Caruso  wrote:
> 
> > Hi,
> > 
> > Unless I've got it all wrong,  will only
> > display man pages for programs and commands in base. Is there a way to
> > display the man page for a package/port I haven't installed and/or
> > downloaded yet? (This assumes I haven't downloaded the ports cvs
> > tree).
> 
> Doing that would be very annoying and painful, and very few people
> would want it.  It would also substantially degrade the clarity at
> man.openbsd.org

I think the best option is if the program you want to install has
a web page would be to go there and ask them if they could
put up the docs you want.

Re: Filling a 4TB Disk with Random Data

[Eric Furman]

On Mon, Jun 1, 2020, at 10:28 AM, Paul de Weerd wrote:
> storage medium.  Due to smart disks remapping your data in case of
> 'broken' sectors, some old data can never be properly overwritten.

This is why if you are serious you use a degausser.

Re: Thinkpad X1 5th Gen Microphone

[Eric Auge]

forgot to ask in my previous mail but did you check your sndioctl settings?
$ sndioctl
input.level=0.494
input.mute=0
output.level=1.000
output.mute=0
app/aucat0.level=1.000
app/aucat1.level=1.000
app/mumble0.level=1.000
app/mumble1.level=1.000

Cheers,
HTH,
Eric.

On Thu, May 21, 2020 at 5:03 PM Eric Auge  wrote:
>
> re,
>
> just to be sure, I tried aucat | aucat .. and mumble both are fine and
> I can record  (low volume though as you can see, it was just to answer
> your email for 5th gen...)
>
> # mixerctl -a :
> inputs.dac-0:1_mute=on
> inputs.dac-0:1=204,204
> inputs.dac-2:3_mute=on
> inputs.dac-2:3=204,204
> inputs.beep=108
> record.adc-2:3_source=mic
> record.adc-2:3_mute=off
> record.adc-2:3=126,126
> record.adc-0:1_source=mic2
> record.adc-0:1_mute=off
> record.adc-0:1=126,126
> outputs.hp_source=dac-0:1
> outputs.hp_boost=off
> outputs.hp_eapd=on
> outputs.spkr_source=dac-2:3
> outputs.spkr_eapd=on
> inputs.mic=85,85
> outputs.mic_dir=input-vr80
> inputs.mic2=85,85
> outputs.hp_sense=unplugged
> outputs.mic_sense=unplugged
> outputs.spkr_muters=hp
> outputs.master=206,206
> outputs.master.mute=on
> outputs.master.slaves=dac-0:1,dac-2:3
> record.volume=126,126
> record.volume.mute=off
> record.volume.slaves=adc-2:3,adc-0:1
> record.enable=sysctl
>
>
> HTH,
> Eric.
>
> On Thu, May 21, 2020 at 3:01 PM Edd Barrett  wrote:
> >
> > Hi Eric,
> >
> > On Thu, May 21, 2020 at 12:50:36PM +0200, Eric Auge wrote:
> > > Hello Edd,
> > >
> > > All good here, microphone works fine, once I enable recording:
> > > sysctl kern.audio.record=1
> >
> > Can you share your output of `mixerctl -a` please so that I can diff it
> > with mine?
> >
> > --
> > Best Regards
> > Edd Barrett
> >
> > http://www.theunixzoo.co.uk

Re: Thinkpad X1 5th Gen Microphone

[Eric Auge]

re,

just to be sure, I tried aucat | aucat .. and mumble both are fine and
I can record  (low volume though as you can see, it was just to answer
your email for 5th gen...)

# mixerctl -a :
inputs.dac-0:1_mute=on
inputs.dac-0:1=204,204
inputs.dac-2:3_mute=on
inputs.dac-2:3=204,204
inputs.beep=108
record.adc-2:3_source=mic
record.adc-2:3_mute=off
record.adc-2:3=126,126
record.adc-0:1_source=mic2
record.adc-0:1_mute=off
record.adc-0:1=126,126
outputs.hp_source=dac-0:1
outputs.hp_boost=off
outputs.hp_eapd=on
outputs.spkr_source=dac-2:3
outputs.spkr_eapd=on
inputs.mic=85,85
outputs.mic_dir=input-vr80
inputs.mic2=85,85
outputs.hp_sense=unplugged
outputs.mic_sense=unplugged
outputs.spkr_muters=hp
outputs.master=206,206
outputs.master.mute=on
outputs.master.slaves=dac-0:1,dac-2:3
record.volume=126,126
record.volume.mute=off
record.volume.slaves=adc-2:3,adc-0:1
record.enable=sysctl


HTH,
Eric.

On Thu, May 21, 2020 at 3:01 PM Edd Barrett  wrote:
>
> Hi Eric,
>
> On Thu, May 21, 2020 at 12:50:36PM +0200, Eric Auge wrote:
> > Hello Edd,
> >
> > All good here, microphone works fine, once I enable recording:
> > sysctl kern.audio.record=1
>
> Can you share your output of `mixerctl -a` please so that I can diff it
> with mine?
>
> --
> Best Regards
> Edd Barrett
>
> http://www.theunixzoo.co.uk

Re: Thinkpad X1 5th Gen Microphone

[Eric Auge]

Hello Edd,

All good here, microphone works fine, once I enable recording:
sysctl kern.audio.record=1

HTH,
Cheers,
Eric.

On Thu, May 21, 2020 at 11:53 AM Edd Barrett  wrote:
>
> Hi,
>
> I was wondering if anyone has ever gotten a microphone working with the
> built-in azalia chipset of a Thinkpad X1 5th gen (either the internal
> mic, or a headset)? I've never managed to get it working.
>
> Default mixerctl settings:
>
> ```
> inputs.dac-0:1_mute=off
> inputs.dac-0:1=198,198
> inputs.dac-2:3_mute=off
> inputs.dac-2:3=198,198
> inputs.beep=108
> record.adc-2:3_source=mic
> record.adc-2:3_mute=off
> record.adc-2:3=126,126
> record.adc-0:1_source=mic2
> record.adc-0:1_mute=off
> record.adc-0:1=126,126
> outputs.hp_source=dac-0:1
> outputs.hp_boost=off
> outputs.hp_eapd=on
> outputs.spkr_source=dac-2:3
> outputs.spkr_eapd=on
> inputs.mic=85,85
> outputs.mic_dir=input-vr80
> inputs.mic2=85,85
> outputs.hp_sense=unplugged
> outputs.mic_sense=unplugged
> outputs.spkr_muters=hp
> outputs.master=199,199
> outputs.master.mute=off
> outputs.master.slaves=dac-0:1,dac-2:3
> record.volume=126,126
> record.volume.mute=off
> record.volume.slaves=adc-2:3,adc-0:1
> record.enable=sysctl
> ```
>
> With default sndiod flags (i.e. the sole sound card is enabled: rsnd/0),
> and of course `sysctl kern.audio.record=1`. Microphone enabled in BIOS.
>
> Using the "Ratchov method", `aucat -o - | aucat -i -` should echo
> microphone input back at you. This works for me on my other machine
> using a USB headset with a dedicated DAC.
>
> I've tried fiddling various knobs: boosting various mic and record
> levels, all of the mic_dir enumerations, toggling various mutes in case
> they are inverted. Tried it all again with a headset connected. No joy.
>
> So does it work for someone out there, or is there a bug?
>
> Cheers -- stay sane!
>
> --
> Best Regards
> Edd Barrett
>
> http://www.theunixzoo.co.uk
>

Re: Comments in source code

[Eric Furman]

On Thu, Apr 23, 2020, at 5:38 PM, Aisha Tammy wrote:
> > If you aren't already, you should be looking at commit messages from
> > where the relevant code was touched. That is often where you'll find the
> > explanations you seek.
> > 
> I have been reading them, Commit messages don't explain algorithms very 
> clearly.
> I agree this is a very specific use case but definitely something that 
> could be improved.
> Some of the things I've been considering useful (in this specific 
> scenario for diff3)
> - explanation for merge function, what it does
> - in merge function, explain how empty for loop is used, as this is a 
> very big loop
>   with a lot of cases
> 
> IMO, any function with a lot of cases should have a small explanation 
> about what it 
> is doing, so the code is a lot more lit.
> 
> Cheers,
> Aisha

I am no expert on reading code myself, but wouldn't be possible to look at
who wrote that bit of code find their email address and ask them?
There might not be a simple terse explanation that would go well in comments.

Re: More than 16 partitions

[Eric Furman]

On Thu, Apr 23, 2020, at 4:16 PM, Strahil Nikolov wrote:
> So, can I setup  openBSD labels on x86_64 without legacy/GPT partition 
> first ?
> And who the hell needs more than 16 partitions ? Why not we just port  
> ZFS from  FreeBSD, or LVM  from Linux and get over it ?
> 
> P.S.: The last one was not a real  question, but I would like  to hear  
> if  anyone has attempted to port any of these  2  .

ZFS cannot be ported to OBSD. It has an unacceptable license.
If something like it were to be used on OBSD it would have to be
written from scratch with a BSD license and it has already been
discussed at length on this list how hard that is.
Besides it is not really necessary. ZFS is overly complex and not
needed in most cases.

Re: openbsd.org down?

[Eric Zylstra]

ezylstra ~ % traceroute openbsd.org
traceroute to openbsd.org (129.128.5.194), 64 hops max, 52 byte packets
 1  dslrouter (192.168.0.1)  0.811 ms  0.405 ms  0.295 ms
 2  stpl-dsl-gw13.stpl.qwest.net (207.109.2.13)  10.595 ms  10.860 ms  10.977 ms
 3  stpl-agw1.inet.qwest.net (207.109.3.97)  57.309 ms  14.162 ms  10.966 ms
 4  4.68.38.177 (4.68.38.177)  11.740 ms  11.695 ms  15.970 ms
 5  ae-0-25.bar3.minneapolis2.level3.net (4.69.218.182)  14.949 ms  12.693 ms  
11.964 ms
 6  v135.core1.msp1.he.net (184.105.52.221)  13.082 ms  11.910 ms  11.796 ms
 7  100ge10-1.core1.ywg1.he.net (184.105.64.86)  19.679 ms  19.895 ms  20.369 ms
 8  100ge5-2.core1.yxe1.he.net (184.104.192.70)  28.868 ms  28.466 ms  28.587 ms
 9  100ge11-2.core1.yeg1.he.net (72.52.92.61)  53.860 ms  53.360 ms  53.231 ms
10  university-of-alberta-sms.10gigabitethernet2-2.core1.yeg1.he.net 
(184.105.18.50)  54.089 ms  54.084 ms  54.264 ms
11  katzcore-esqgw.corenet.ualberta.ca (129.128.255.41)  54.326 ms
cabcore-esqgw.corenet.ualberta.ca (129.128.255.35)  54.093 ms  53.920 ms
12  * * *
13  * * *
14  * * *
15  obsd3.srv.ualberta.ca (129.128.5.194)  53.712 ms  54.430 ms  53.976 ms

Problems on campus at Alberta?

EZ


> On Apr 13, 2020, at 8:22 AM, Mario Theodoridis  wrote:
> 
> For me with /etc/mail/spamd.conf
> 
> nixspam:\
>:black:\
>:msg="Your address %A is in the nixspam list\n\
>See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
>:method=http:\
>:file=www.openbsd.org/spamd/nixspam.gz
> 
> sleep $((RANDOM % 2048)) && /usr/libexec/spamd-setup
> 
> produces
> 
> ftp: connect: Operation timed out
> 
> since yesterday morning 4am CEST.
> 
> But running
> 
> wget http://www.openbsd.org/spamd/nixspam.gz
> --2020-04-13 14:59:07--  http://www.openbsd.org/spamd/nixspam.gz
> Resolving www.openbsd.org (www.openbsd.org)... 129.128.5.194
> Connecting to www.openbsd.org (www.openbsd.org)|129.128.5.194|:80... 
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 18025 (18K) [text/plain]
> Saving to: 'nixspam.gz'
> 
> nixspam.gz 
> 100%[=>]  
> 17.60K  37.7KB/sin 0.5s
> 
> 2020-04-13 14:59:08 (37.7 KB/s) - 'nixspam.gz' saved [18025/18025]
> 
> just now works.
> 
> Mit freundlichen Grüßen/Best regards
> 
> Mario Theodoridis
> 
> On 13.04.2020 14:02, infoomatic wrote:
>> not reachable for days now in Austria, Germany, Czech Republic
>> On 13.04.20 11:01, SP2L Tom wrote:
>>> Greetings.
>>> 
>>> 
>>> It was and it is still up
>>> At least, I can reach OpenBSD site.
>>> 
>>> 
>>> Best regards.
>>> Tom
>>> 
>>> W 13 kwietnia 2020 10:23:18 Sebastien Marie  napisał:
>>> 
 On Mon, Apr 13, 2020 at 10:14:00AM +0300, Ilya Mitrukov wrote:
> Hi,
> flushing the caches doesn't help and it's still unavailable.
> 
> Does anybody know where to report the issue?
> (I'd look at openbsd.org but ... )
 
 I suppose there is one or two openbsd developers which follow this
 list. So they
 might already know.
 
 Thanks.
 --
 Sebastien Marie
>>> 
>>> 
>>> 
> 

Re: Full disk encryption including /boot, excluding bootloader?

[Eric Furman]

Make sure no one has physical access to you machine!
EVER.
Lock it away.
That way no 'Evil Maid' or any one else can access it!
This is not hard.
Why is this a thing?
If someone has physical access to you box then it is Game Over!
All of these fantasy efforts are BS.
Physically secure your hardware people!
You are deluding yourselves. 

Re: Kibana/Elasticsearch fail

[Eric Zylstra]

You rock!  I’ll let you know it works for me when I get a chance.

EZ


Sent from my iPhone

> On Feb 10, 2020, at 11:19 PM, Aaron Bieber  wrote:
> 
> On Thu, 06 Feb 2020 at 23:31:01 -0600, Eric Zylstra wrote:
>> I’ve installed the ELK packages (Elasticsearch, Logstash, Kibana) using 
>> pkg_add.  Installs went fine.  I checked out the pkg documentation 
>> (pkg_reames) and followed the steps for those that had documentation to 
>> follow.
>> 
>> When I boot, Logstash and Kibana fail.  I can use rcctl to start Logstash 
>> with no problem.  When I try to start Kibana, the following is what I see:
>> 
>> # rcctl -d start kibana
>> doing _rc_parse_conf
>> doing _rc_quirks
>> kibana_flags empty, using default ><
>> doing _rc_parse_conf /var/run/rc.d/kibana
>> doing _rc_quirks
>> doing rc_check
>> kibana
>> doing rc_start
>> doing _rc_wait start
>> doing rc_check
>> No home directory /nonexistent!
>> Logging in with home = "/".
>> Kibana does not support the current Node.js version v10.16.3. Please use 
>> Node.js v>=10.15.0 <10.16.
>> doing _rc_rm_runfile
>> (failed)
>> 
>> 
>> I’m not sure what to do with this.  Why is Logstash not starting on reboot?  
>> Why does Kibana fail?  I assume there is some config that need be done, 
>> because that Node.js error wouldn’t have made it to distribution, right?
> 
>> that Node.js error wouldn’t have made it to distribution
> 
> It did, and it's entirely my fault.
> 
> Kibana is failing because it is very strict about the version of node it wants
> to use (hence the "Kibana does not support.." message). 
> 
> Apparently the tests I had run to verify this update worked failed:
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/kibana/patches/patch-package_json?rev=1.4=text/x-cvsweb-markup
> 
> Here is a diff that fixes it for 6.6 (you will have to build it from ports
> until (if?) a proper fix is in place).
> 
> https://deftly.net/patches/kibana-6.6.1.diff
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/kibana/Makefile,v
> retrieving revision 1.32
> diff -u -p -r1.32 Makefile
> --- Makefile28 Sep 2019 09:37:54 -1.32
> +++ Makefile11 Feb 2020 04:13:52 -
> @@ -3,7 +3,7 @@
> COMMENT=browser based analytics/search interface to ElasticSearch
> 
> V =6.6.1
> -REVISION =1
> +REVISION =2
> PKGNAME =kibana-${V}
> DISTNAME =kibana-oss-${V}-darwin-x86_64
> 
> Index: patches/patch-package_json
> ===
> RCS file: /cvs/ports/www/kibana/patches/patch-package_json,v
> retrieving revision 1.4
> diff -u -p -r1.4 patch-package_json
> --- patches/patch-package_json13 May 2019 22:08:11 -1.4
> +++ patches/patch-package_json11 Feb 2020 04:13:52 -
> @@ -8,7 +8,7 @@ Index: package.json
>},
>"engines": {
> -"node": "10.15.1"
> -+"node": ">=10.15.0 <10.16"
> ++"node": "10.16.3"
>}
> -}
> \ No newline at end of file
> 
>> 
>> Thanks,
>> 
>> EZ
> 
> -- 
> PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A  4AF0 1F81 112D 62A9 ADCE

Kibana/Elasticsearch fail

[Eric Zylstra]

I’ve installed the ELK packages (Elasticsearch, Logstash, Kibana) using 
pkg_add.  Installs went fine.  I checked out the pkg documentation (pkg_reames) 
and followed the steps for those that had documentation to follow.

When I boot, Logstash and Kibana fail.  I can use rcctl to start Logstash with 
no problem.  When I try to start Kibana, the following is what I see:

# rcctl -d start kibana
doing _rc_parse_conf
doing _rc_quirks
kibana_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/kibana
doing _rc_quirks
doing rc_check
kibana
doing rc_start
doing _rc_wait start
doing rc_check
No home directory /nonexistent!
Logging in with home = "/".
Kibana does not support the current Node.js version v10.16.3. Please use 
Node.js v>=10.15.0 <10.16.
doing _rc_rm_runfile
(failed)


I’m not sure what to do with this.  Why is Logstash not starting on reboot?  
Why does Kibana fail?  I assume there is some config that need be done, because 
that Node.js error wouldn’t have made it to distribution, right?

Thanks,

EZ

Re: Suricata from packages

[Eric Zylstra]

> On Jan 21, 2020, at 1:45 PM, Stuart Henderson  wrote:
> 
> On 2020-01-18, Eric Zylstra  wrote:
>> 
>> 
>>> On Jan 18, 2020, at 6:42 AM, Antoine Jacoutot  wrote:
>>> 
>>> On Fri, Jan 17, 2020 at 11:24:22PM -0600, Eric Zylstra wrote:
>>>> OpenBSD 6.6 Generic.MP amd64
>>>> Stable.
>>>> 
>>>> I installed suricata using pkg_add.  Having trouble with starting it.
> 
> pkg_add pointed you at the pkg-readme file when you installed suricata.
> Did you follow the instructions in that file?
> 
> 

The file /usr/local/share/doc/suricata/README is an empty file.

Re: Suricata from packages

[Eric Zylstra]

The pkg-readme was perfect.  Concise and all I need to know.  Two minutes and 
I’m good to go.

Thanks all!

EZ


Sent from my iPhone

> On Jan 21, 2020, at 3:59 PM, Stuart Henderson  wrote:
> 
> On 2020/01/21 15:40, Eric Zylstra wrote:
>> 
>> 
>>>> On Jan 21, 2020, at 1:45 PM, Stuart Henderson  wrote:
>>> 
>>> On 2020-01-18, Eric Zylstra  wrote:
>>>> 
>>>> 
>>>>> On Jan 18, 2020, at 6:42 AM, Antoine Jacoutot  
>>>>> wrote:
>>>>> 
>>>>> On Fri, Jan 17, 2020 at 11:24:22PM -0600, Eric Zylstra wrote:
>>>>>> OpenBSD 6.6 Generic.MP amd64
>>>>>> Stable.
>>>>>> 
>>>>>> I installed suricata using pkg_add.  Having trouble with starting it.
>>> 
>>> pkg_add pointed you at the pkg-readme file when you installed suricata.
>>> Did you follow the instructions in that file?
>>> 
>>> 
>> 
>> The file /usr/local/share/doc/suricata/README is an empty file.
> 
> Hmm, yes all the files in /usr/local/share/doc/suricata seem completely
> useless in the current version.
> 
> $ grep -R . /usr/local/share/doc/suricata
> /usr/local/share/doc/suricata/NEWS:https://suricata-ids.org/news/
> /usr/local/share/doc/suricata/TODO:Plenty, and you're welcome to help!
> /usr/local/share/doc/suricata/TODO:https://suricata-ids.org/participate/
> /usr/local/share/doc/suricata/AUTHORS:Team:
> /usr/local/share/doc/suricata/AUTHORS:https://suricata-ids.org/about/team/
> /usr/local/share/doc/suricata/AUTHORS:All contributors:
> /usr/local/share/doc/suricata/AUTHORS:https://www.ohloh.net/p/suricata-engine/contributors/summary
> 
> CC'ing port maintainers, can I just remove them? (Diff below).
> 
> I am pretty certain that the OpenBSD-specific pkg-readme (which you let me 
> know
> you found after writing this mail) has enough to fix the problem you're
> running into.
> 
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/security/suricata/Makefile,v
> retrieving revision 1.27
> diff -u -p -r1.27 Makefile
> --- Makefile16 Dec 2019 15:33:27 -1.27
> +++ Makefile21 Jan 2020 21:55:02 -
> @@ -4,6 +4,7 @@ COMMENT =high performance network IDS, 
> 
> SURICATA_V =5.0.1
> SUPDATE_V =1.1.1
> +REVISION =0
> 
> DISTNAME =suricata-${SURICATA_V}
> CATEGORIES =security
> @@ -72,8 +73,6 @@ post-install:
>${INSTALL_DATA} ${WRKSRC}/*.config ${PREFIX}/share/examples/suricata
>${INSTALL_DATA} ${WRKSRC}/suricata.yaml ${PREFIX}/share/examples/suricata
>${INSTALL_DATA} ${WRKSRC}/rules/*.rules 
> ${PREFIX}/share/examples/suricata/rules
> -rm ${PREFIX}/share/doc/suricata/{*.txt,GITGUIDE,INSTALL*}
> -${INSTALL_DATA} ${WRKSRC}/doc/{AUTHORS,NEWS,README,TODO} \
> -${PREFIX}/share/doc/suricata
> +rm -r ${PREFIX}/share/doc/suricata # nothing particularly useful in 
> there as of 5.0.1
> 
> .include 
> Index: pkg/PLIST
> ===
> RCS file: /cvs/ports/security/suricata/pkg/PLIST,v
> retrieving revision 1.11
> diff -u -p -r1.11 PLIST
> --- pkg/PLIST16 Dec 2019 15:33:27 -1.11
> +++ pkg/PLIST21 Jan 2020 21:55:02 -
> @@ -150,11 +150,6 @@ ${MODPY_COMMENT}lib/python${MODPY_VERSIO
> lib/python${MODPY_VERSION}/site-packages/suricatasc/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc
> @man man/man1/suricata.1
> share/doc/pkg-readmes/${PKGSTEM}
> -share/doc/suricata/
> -share/doc/suricata/AUTHORS
> -share/doc/suricata/NEWS
> -share/doc/suricata/README
> -share/doc/suricata/TODO
> @sample ${SYSCONFDIR}/suricata/
> @sample ${SYSCONFDIR}/suricata/rules/
> share/examples/suricata/
> 
> 
> 
> 

Re: Suricata from packages

[Eric Zylstra]

> On Jan 18, 2020, at 9:08 AM, Eric Zylstra  wrote:
> 
> 
> 
>> On Jan 18, 2020, at 6:42 AM, Antoine Jacoutot > <mailto:ajacou...@bsdfrog.org>> wrote:
>> 
>> On Fri, Jan 17, 2020 at 11:24:22PM -0600, Eric Zylstra wrote:
>>> OpenBSD 6.6 Generic.MP amd64
>>> Stable.
>>> 
>>> I installed suricata using pkg_add.  Having trouble with starting it.
>>> 
>>> $ doas rcctl start suricata
>>> …fails.  No informative fail message, though.
>> 

I get the same result with a clean OBSD 6.6 install.


>> Run rcctl in debug mode.
> 
> Notable that man rcctl(8) does not contain the word “debug”.  I had to do a 
> web search to confirm the -d argument was what I needed to get debug output.
> 
> 
> $ doas rcctl -d start suricata
> doas (dixon@dixon.local <mailto:dixon@dixon.local>.) password: 
> doing _rc_parse_conf
> doing _rc_quirks
> suricata_flags empty, using default ><
> doing _rc_parse_conf /var/run/rc.d/suricata
> doing _rc_quirks
> doing rc_check
> suricata
> doing rc_start
> doing _rc_wait start
> doing rc_check
> Suricata 4.1.5
> USAGE: /usr/local/bin/suricata [OPTIONS] [BPF FILTER]
> 
>   -c : path to configuration file
>   -T   : test configuration file (use 
> with -c)
>   -i: run in pcap live mode
>   -F  : bpf filter file
>   -r : run in pcap file/offline mode
>   -d  : run in inline ipfw divert mode
>   -s : path to signature file loaded in 
> addition to suricata.yaml settings (optional)
>   -S : path to signature file loaded 
> exclusively (optional)
>   -l  : default log directory
>   -D   : run as daemon
>   -k [all|none]: force checksum check (all) or 
> disabled it (none)
>   -V   : display Suricata version
>   -v[v]: increase default Suricata 
> verbosity
>   --list-app-layer-protos  : list supported app layer 
> protocols
>   --list-keywords[=all|csv|]: list keywords implemented by the 
> engine
>   --list-runmodes  : list supported runmodes
>   --runmode: specific runmode modification 
> the engine should run.  The argument
>  supplied should be the id for 
> the runmode obtained by running
>  --list-runmodes
>   --engine-analysis: print reports on analysis of 
> different sections in the engine and exit.
>  Please have a look at the conf 
> parameter engine-analysis on what reports
>  can be printed
>   --pidfile  : write pid to this file
>   --init-errors-fatal  : enable fatal failure on 
> signature init error
>   --disable-detection  : disable detection engine
>   --dump-config: show the running configuration
>   --build-info : display build information
>   --pcap[=]   : run in pcap mode, no value 
> select interfaces from suricata.yaml
>   --pcap-file-continuous   : when running in pcap mode with a 
> directory, continue checking directory for pcaps until interrupted
>   --pcap-file-delete   : when running in replay mode (-r 
> with directory or file), will delete pcap files that have been processed when 
> done
>   --pcap-buffer-size   : size of the pcap buffer value 
> from 0 - 2147483647
>   --simulate-ips   : force engine into IPS mode. 
> Useful for QA
>   --erf-in   : process an ERF file
>   --unix-socket[=]   : use unix socket to control 
> suricata work
>   --set name=value : set a configuration value
> 
> 
> To run the engine with default configuration on interface eth0 with signature 
> file "signatures.rules", run the command as:
> 
> /usr/local/bin/suricata -c suricata.yaml -s signatures.rules -i eth0 
> 
> doing _rc_rm_runfile
> (failed)
> 

The complaint appears to be that the invocation of suricata in the rc file 
isn’t proper.  If I use the exact command on the command line, it works.  This 
feels like a problem with the package.  Am I the only one tr

Re: Suricata from packages

[Eric Zylstra]

> On Jan 18, 2020, at 6:42 AM, Antoine Jacoutot  wrote:
> 
> On Fri, Jan 17, 2020 at 11:24:22PM -0600, Eric Zylstra wrote:
>> OpenBSD 6.6 Generic.MP amd64
>> Stable.
>> 
>> I installed suricata using pkg_add.  Having trouble with starting it.
>> 
>> $ doas rcctl start suricata
>> …fails.  No informative fail message, though.
> 
> Run rcctl in debug mode.

Notable that man rcctl(8) does not contain the word “debug”.  I had to do a web 
search to confirm the -d argument was what I needed to get debug output.


$ doas rcctl -d start suricata
doas (dixon@dixon.local.) password: 
doing _rc_parse_conf
doing _rc_quirks
suricata_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/suricata
doing _rc_quirks
doing rc_check
suricata
doing rc_start
doing _rc_wait start
doing rc_check
Suricata 4.1.5
USAGE: /usr/local/bin/suricata [OPTIONS] [BPF FILTER]

-c : path to configuration file
-T   : test configuration file (use 
with -c)
-i: run in pcap live mode
-F  : bpf filter file
-r : run in pcap file/offline mode
-d  : run in inline ipfw divert mode
-s : path to signature file loaded in 
addition to suricata.yaml settings (optional)
-S : path to signature file loaded 
exclusively (optional)
-l  : default log directory
-D   : run as daemon
-k [all|none]: force checksum check (all) or 
disabled it (none)
-V   : display Suricata version
-v[v]: increase default Suricata 
verbosity
--list-app-layer-protos  : list supported app layer 
protocols
--list-keywords[=all|csv|]: list keywords implemented by the 
engine
--list-runmodes  : list supported runmodes
--runmode: specific runmode modification 
the engine should run.  The argument
   supplied should be the id for 
the runmode obtained by running
   --list-runmodes
--engine-analysis: print reports on analysis of 
different sections in the engine and exit.
   Please have a look at the conf 
parameter engine-analysis on what reports
   can be printed
--pidfile  : write pid to this file
--init-errors-fatal  : enable fatal failure on 
signature init error
--disable-detection  : disable detection engine
--dump-config: show the running configuration
--build-info : display build information
--pcap[=]   : run in pcap mode, no value 
select interfaces from suricata.yaml
--pcap-file-continuous   : when running in pcap mode with a 
directory, continue checking directory for pcaps until interrupted
--pcap-file-delete   : when running in replay mode (-r 
with directory or file), will delete pcap files that have been processed when 
done
--pcap-buffer-size   : size of the pcap buffer value 
from 0 - 2147483647
--simulate-ips   : force engine into IPS mode. 
Useful for QA
--erf-in   : process an ERF file
--unix-socket[=]   : use unix socket to control 
suricata work
--set name=value : set a configuration value


To run the engine with default configuration on interface eth0 with signature 
file "signatures.rules", run the command as:

/usr/local/bin/suricata -c suricata.yaml -s signatures.rules -i eth0 

doing _rc_rm_runfile
(failed)


> 
> 
>> 
>> I’ve tried finding info in logs.  Nothing informative in suricata logs nor 
>> /var/log/messages.
>> 
>> $ doas /usr/local/bin/suricata -D
>> …succeeds.  It runs fine.  That is the same command in the 
>> /etc/rc.d/suricata.
>> 
>> Pointers?  Suggestions?  Specific details?
>> 
>> Thanks,
>> 
>> Eric Z
>> 
> 
> -- 
> Antoine

Suricata from packages

[Eric Zylstra]

OpenBSD 6.6 Generic.MP amd64
Stable.

I installed suricata using pkg_add.  Having trouble with starting it.

$ doas rcctl start suricata
…fails.  No informative fail message, though.

I’ve tried finding info in logs.  Nothing informative in suricata logs nor 
/var/log/messages.

$ doas /usr/local/bin/suricata -D
…succeeds.  It runs fine.  That is the same command in the /etc/rc.d/suricata.

Pointers?  Suggestions?  Specific details?

Thanks,

Eric Z

Re: Hyperbola Gnu Linux changing to Bsd

[Eric Furman]

On Thu, Jan 2, 2020, at 3:09 AM, Bodie wrote:
> 
> 
> On 2.1.2020 02:56, SOUL_OF_ROOT 55 wrote:
> > Em seg, 30 de dez de 2019 00:59, SOUL_OF_ROOT 55 
> > 
> > escreveu:
> > 
> >> Hi!
> >> 
> >> It is written in article  Free GNU/Linux distributions:

BLAH BLAH BLAH

When are you people going to learn that  SOUL_OF_ROOT 55 
is nothing but a crank and a troll?

Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

[Eric Zylstra]

Proposing such a huge project without the ability to do it?  I may have been a 
little disrespectful, but not the first one in the thread.  And my point wasn’t 
to be disrespectful, but to point out that most proposals unaccompanied by code 
and that don’t solve obvious problems don’t seem to be received very well.  
Apologies if that wasn’t within bounds.

E


Sent from my iPhone

> On Dec 31, 2019, at 3:46 PM, Theo de Raadt  wrote:
> 
> Isn't it a bit disrespectful to assume someone on misc@ is going to
>  write such a large diff?
> 
>> Maybe the OP could just go ahead and replace all the Perl code with Lua and 
>> then ask for feedback from the other devs?  That is the OpenBSD way, right?  
>> If it really is a great idea, they’d all be really excited.  In any case, it 
>> would kill this thread.
>> 
>> EZ
>> 
>> 
>> Sent from my iPhone
>> 
 On Dec 31, 2019, at 1:22 PM, Daniel Corbe  wrote:
>>> 
>>> I like where this thread is headed.
>>> 
>>> To expand on this idea, maybe we should demonstrate how diversity and
>>> inclusiveness can work in an operating system via language choices.
>>> Why stop at TCL and LUA?  Or even scripting languages in general.  Why
>>> not Go, Rust, Haskell and Scala too?
>>> 
>>> Hear me out.  We can set up a raffle system so that each winner can
>>> write their winning tool in their language of choice.  All the
>>> parallel development will even solve the "multi year effort" problem
>>> that was brought up by the original poster too.  Nobody will mind
>>> having another 8 or 9 languages in the base system, right?
>>> 
>> 

Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

[Eric Zylstra]

Maybe the OP could just go ahead and replace all the Perl code with Lua and 
then ask for feedback from the other devs?  That is the OpenBSD way, right?  If 
it really is a great idea, they’d all be really excited.  In any case, it would 
kill this thread.

EZ


Sent from my iPhone

> On Dec 31, 2019, at 1:22 PM, Daniel Corbe  wrote:
> 
> I like where this thread is headed.
> 
> To expand on this idea, maybe we should demonstrate how diversity and
> inclusiveness can work in an operating system via language choices.
> Why stop at TCL and LUA?  Or even scripting languages in general.  Why
> not Go, Rust, Haskell and Scala too?
> 
> Hear me out.  We can set up a raffle system so that each winner can
> write their winning tool in their language of choice.  All the
> parallel development will even solve the "multi year effort" problem
> that was brought up by the original poster too.  Nobody will mind
> having another 8 or 9 languages in the base system, right?
> 

Re: Installing OpenBSD -current snapshots

[Eric Furman]

On Fri, Nov 29, 2019, at 2:26 AM, Clay Daniels wrote:
> Nick, thanks for straightening me out about what is actually going on here
> with the install. I see that there is now a fresh snapshot with today's
> date, not the one I downloaded and ran yesterday. This might tend to keep
> one busy. I'm not sure I would not be better off doing what Bruno & Marc
> suggested and run sysupgrade. Thanks to them for the advice.

BTW, why do you want to run -current?
There are only 2 real reasons to do that
1: You HAVE to (for various reasons)
2: You want to help with development and test things. This is a great reason, 
but
you better be prepared for a lot of work. Know what you are doing and file bug 
reports.
Else you won't be a whole lot of actual help.

If these don't apply then you might be better off just running Release.
Not trying to be an A hole here. Just giving you heads up of what is expected of
you if you run -current.
Good luck

Re: OpenSMTPD filters and "Masquerading"

[Eric Elena]

Hi Jon,

I already described the solution I use for masquerading here 
https://marc.info/?l=openbsd-misc=154811965001823=2
Users don't need to be authenticated when your smtp server receives the initial 
email. The authenticated user is local to the smtp server, it's just a trick to 
rewrite the header.
In my case an external server from an SNS sends me a message (in fact to a 
friend), the server rewrites the from (envelope and header), changes the 
recipient to a gmail address, and forwards the message to gmail. The SNS is 
obviously not authenticated. I needed it so gmail is happy with this 
indirection flow.

Thanks,
Eric

On Fri, 4 Oct 2019 08:08:57 + (UTC) Jon Arlund wrote:
> Hi misc,
> I was delighted to see the inclusion of OpenSMTPD filters in the latest 
> snapshot.
> Knowing this has been a frequently requested feature, does someone know 
> if/how filters could be used to implement domain rewriting/masquerading of 
> the From header in the DATA section?
> I know the "senders" parameter in combination with the "masquerade" option is 
> capable of rewriting the From header for authenticated users. Unfortunately, 
> we still have legacy systems that don't support SMTP authentication but are 
> allowed to relay messages based on their IP address.
> Any information will be greatly appreciated.
> Kind regards,
> Jon

Re: When will be created a great desktop experience for OpenBSD?

[Eric Furman]

On Wed, May 8, 2019, at 7:38 AM, Peter N. M. Hansteen wrote:
> > When will be created a great desktop experience for OpenBSD?
> 
> I think it is important to keep in mind that in order to achieve
> *anything* in the OpenBSD project (or other open source projects for
> that matter) the way forward is to work *with*, not against, the
> developers and their code.
> 
> The short version is, please present your ideas of what you want to do
> with sound reasoning and if at all possible supplement with patches
> posted to tech@.
> 
> The patches stand a better chance of being accepted (perhaps along
> with their developer) if the submitter can take comments and valid
> criticisms from competent people (again mainly the developers) in
> stride and seems willing to stay around as maintainer in the longer
> haul (ie not slink back to the shadows after a release or two).
> 
> For anyone considering taking up the theme of this thread, please
> consider whether this could somehow be made into the package with only
> minimal impact on the base system.
> 
> Such a package could for example leverage all the tools already in the
> base systems to generate something like bsd.graphic.{rd,is,fs} and
> offer a skeleton for a site.tgz for the generated install medium.
> 
> If this sounds a lot like what is very achievable with the tools
> already in the OpenBSD base system and seasoned OpenBSD admins would
> do comfortably with a relatively simple autoinstall, it's because that
> is exactly what it is.
> 
> But if there is an actual use case spot we're missing, this would be
> the way to filling it with the least amount of extra work for everyone
> involved.

Peter, it's not going to happen because it would require someone to do work.
The whole point is to try to get others to do it for you.

Re: smtpd - help needed tranlsating to new virtual map syntax [FIXED]

[Eric Elena]

On Mon, 21 Jan 2019 11:08:02 +0100 Gilles Chehade wrote:
> I may sound a bit harsh, but starting a thread with "this is my last try
> or I'll switch" (as if it actually matters) right before telling someone
> who wants to help you that you actually tried _nothing_ then blaming the
> code improvements for a use-case that could have never worked because it
> not only uses the wrong _documented_ mechanism but also because the code
> to make your use-case work has never existed, kinds of irritates me.
> 
> I don't get royalties on smtpd install, please install whatever software
> fits your use case, this is how proper engineering works.

First of all thank you Gilles (and all the others who contributed to
this project) for your amazing work on OpenSMTPD!

That said, there is a kind of sender rewriting mechanism in OpenSMTP.
Well, it works for me (tm) I'm not saying it's perfect, it might be an
overkill but at least it does what I want it to do. The conf is
included below (only the part for rewriting the sender
address):
o /etc/mail/smtpd.conf
listen on all tls pki my.domain auth-optional
listen on lo0 port 10030 smtps pki my.domain tag MASQ auth senders { foo = 
masq@my.domain } masquerade

table masquser  { "toto@my.domain" }
table masq-alias{ "toto@my.domain" = "t...@example.com" }

table secrets   file:/etc/mail/secrets

action masq01 mbox virtual 
action masq02 relay host smtps://masqlabel@127.0.0.1:10030 auth  
mail-from "masq@my.domain"



match tag MASQ rcpt-to  action masq01
match from any rcpt-to  action masq02



o /etc/mail/secrets
masqlabel foo:asuperpassword

When a mail is received (listen on all):
- check if it is rejected
- if not, if the email if for toto@my.domain, forward it to the very
same OpenSMTP daemon on port 10030 using the authenticated user foo and
using masq@my.domain as the MAIL-FROM in the SMTP session (enveloppe)
- when an email is received on port 10030, tag it with the label MASQ.
The authenticated user is allowed to send an email as the user
masq@my.domain. The keyword masquerade modifies the From header (the
message itself) to match the address given in the SMTP session
- at that point, the sender address is rewritten both in the SMTP
session and the headers
- if the email is for toto@my.domain and is tagged with the label MASQ,
the virtual user address is expanded to the real email address
- continue like a normal message

There is probably room for improvement but I hope this helps.

Re: rtwn

[Eric Furman]

On Tue, Dec 11, 2018, at 8:56 PM, Stanislav wrote:
> OK. What can I do?
> Could you recommend an action I can make?
> Is it normal if I just wait for new version of rtwn?
> Or does this situation mean that mentioned card probably never will be
> supported? 
> 
> I have searched similar cases. 
> Stefan Sperling's report at EuroBSDcon2017:  "Sometimes just adding a new
> PCI/USB device ID is enough to extend device support of an existing driver".
> 
> Or the problem is more complicated and driver is not ready to work with the
> device. Is it? What can I research?

If you really want support for this card the best thing to do is buy
one and contact Theo DeRaadt for information on who to send
it to so they can work on supporting it. If a developer does not
have one of these cards in their possession they can't work on
the driver to make it supported.

Re: Non-copyleft IRC servers

[Eric Pruitt]

On Sat, Sep 22, 2018 at 01:00:57PM -0700, Eric Pruitt wrote:
> Does anyone have recommendations for a maintained IRC server that
> doesn't have a copyleft license? There are only a few listed on
> https://en.wikipedia.org/wiki/Comparison_of_Internet_Relay_Chat_daemons,
> and they don't seem to be maintained. Any runtime is fine, but I'm
> partial to C, and DCC support would be nice but isn't a hard
> requirement.

I found Oragono, an MIT-licensed server written in Go
(https://github.com/oragono/oragono). Go limits its portability, and I
know there have been issues with Go on BSDs in the past, but my IRC
server is hosted on a Linux box making this a non-issue for me right
now.

Re: Non-copyleft IRC servers

[Eric Pruitt]

On Sat, Sep 22, 2018 at 10:15:04PM +0200, Solene Rapenne wrote:
> Eric Pruitt  wrote:
> > Does anyone have recommendations for a maintained IRC server that
> > doesn't have a copyleft license? There are only a few listed on
> > https://en.wikipedia.org/wiki/Comparison_of_Internet_Relay_Chat_daemons,
> > and they don't seem to be maintained. Any runtime is fine, but I'm
> > partial to C, and DCC support would be nice but isn't a hard
> > requirement.
> >
> > Thanks,
> > Eric
>
> net/ngircd is fine

The GPL is a copyleft license.

Non-copyleft IRC servers

[Eric Pruitt]

Does anyone have recommendations for a maintained IRC server that
doesn't have a copyleft license? There are only a few listed on
https://en.wikipedia.org/wiki/Comparison_of_Internet_Relay_Chat_daemons,
and they don't seem to be maintained. Any runtime is fine, but I'm
partial to C, and DCC support would be nice but isn't a hard
requirement.

Thanks,
Eric

Re: Cannot set swap priority to "move" swap on another disk.

[Eric Huiban]

Solene Rapenne wrote:

Eric Huiban  wrote:

Hello,

With "6.3 release" version, i'm unable to set swap priority with fstab
using the following :

2e04cb867188f137.b none swap sw,priority=0
e7f9094bf357d407.b none swap sw,priority=1

I get the following result :

$ swapctl
Device  512-blocks Used    Avail Capacity  Priority
/dev/sd0b 21941640    0 21941640 0%    0
/dev/sd1b 62524916    0 62524916 0%    0
Total 84466556    0 84466556 0%

Using "swapctl -a -p 1 e7f9094bf357d407.b" present the very same result.
Same for "swapctl -a -p 1 /dev/sd0b".
Also tried an hypothetic reboot...

Do you have an idea on what i missed here ?

Regards,
Eric.

Hello,

I tried on amd64 6.3 and on amd64 -current and I have not been able to
reproduce the issue.

What is the result if you remove your 2 swaps with

 # swapctl -d e7f9094bf357d407.b
 # swapctl -d 2e04cb867188f137.b

and that you type

 # swapctl -A

after this, you should see the priorities correctly assigned after
typing "swapctl".



Hello,

I performed what you just suggested :

Tried to remove the two swaps : OK none remaining
Tried to reload the fstab : OK got priorities 0 and 1
Performed "halt -p" : OK computer dead like a stone
Power on...
Check swapctl : two swaps present with both priority at 0.

There's something i do not master within the boot process.

Note : this host has been freshly reinstalled with wiped out SSD.

Eric.

systat strange live display on pf rules activity.

[Eric Huiban]

Hello,

Functionnally pf is OK : packets are blocked or passed according to 
what's expected. But when i use systat for live examination of what 
appends amongst the rules there is no hit on match rules with IP list 
while there's on relevant block rule.


Did someone notice such behaviour, or did i missed something once again 
? Google and others only output some garbage about this question.


my pf is organised around an header pf.conf which calls sub pf files and 
puts each of them in an anchor ( one for IPv4 wan, one for IPv4 local, 
one for IPv6 wan, etc). It is organised with a lot of match rules and a 
few block/pass rules. (One list to rule them all, One match to find 
them, One block to bring them all and in the darkness bind them)


I changed the orders of rules and anchors : no effect. What i currently 
use is here :


(rogueIPs list is the automatically build from several reliable sources 
and processed to get clean without dups, annoyers is my manually fed table)


table  persist file "/etc/rogueIPs.tbl" counters
table  persist file "/etc/annoyers.tbl" counters

match in on $EXIT inet from {,  } to any tag 
"ROGUED:$if"
match out on $EXIT inet from any to {,} tag 
"ROGUED:$if"


block return quick on $EXIT inet tagged "ROGUED:$if"

Regards,
Eric.

Cannot set swap priority to "move" swap on another disk.

[Eric Huiban]

Hello,

With "6.3 release" version, i'm unable to set swap priority with fstab 
using the following :


2e04cb867188f137.b none swap sw,priority=0
e7f9094bf357d407.b none swap sw,priority=1

I get the following result :

$ swapctl
Device  512-blocks Used    Avail Capacity  Priority
/dev/sd0b 21941640    0 21941640 0%    0
/dev/sd1b 62524916    0 62524916 0%    0
Total 84466556    0 84466556 0%

Using "swapctl -a -p 1 e7f9094bf357d407.b" present the very same result.
Same for "swapctl -a -p 1 /dev/sd0b".
Also tried an hypothetic reboot...

Do you have an idea on what i missed here ?

Regards,
Eric.

Re: Rewards of Up to $500,000 Offered for OpenBSD Zero-Days (and other dist.)

[Eric]

On Wed, 4 Jul 2018 23:11:35 +0200
Ingo Schwarze  wrote:

> Hi,
> 
> Eric wrote on Wed, Jul 04, 2018 at 01:55:17PM -0500:
> 
> > The solution is obvious.  If there are any bug fixes of sufficient
> > importance, report the bug, collect the $500,000 for the foundation,
> > and then fix it.
> 
> i can hardly believe this needs to be said, but given the lack of
> any smiley, and given the presence of several purportedly "humorous"
> postings in this thread:

It was only meant to be humorous, nothing more.  That obviously failed.

Re: Rewards of Up to $500,000 Offered for OpenBSD Zero-Days (and other dist.)

[Eric]

On Wed, 4 Jul 2018 18:06:04 +0200
Reyk Floeter  wrote:

> I hope somebody steps up and donates $500,000 to the OpenBSD foundation 
> instead.

The solution is obvious.  If there are any bug fixes of sufficient importance, 
report the bug, collect the $500,000 for the foundation, and then fix it.

Eric

Re: State of Yubikey/U2F support on OpenBSD

[Eric Augé]

Hello Rickard,

On Sun, Jul 1, 2018 at 12:30 PM, Rickard von Essen
 wrote:
> Hi Eric,
>
> Thanks for replying. If I can sort out most ykman issues I'll create a port
> for it, which hopefully will make it easier for more people to use
> YubiKeys with OpenBSD.
>
>> A) CCID worked out of the box with a yubikey 4, with pcscd and gpg
>> works fine with it for me, IIRC you can even make it work with GPG
>> without pcscd, but I'd need to verify again.
>
> I have several YubiKey NEO and 4 Nano, but neither of them work with
> CCID, they fails to connect. I'm very interested to see which versions
> you have installed of ykman and dependencies.
>
> I can run OTP commands and "ykman list"
>

I do not use ykman, so I cannot speak about ykman.
ykpers and ykclient were already packaged and worked fine for my use.


> $ ykman list
> YubiKey 4 [OTP+FIDO+CCID] Serial: 5977032
>
> But when I try to list oaths it doesn't connect:
>
> $ ykman -l DEBUG oath list
>
> 2018-07-01T11:43:43+0200 INFO [ykman.logging_setup.setup:59]
> Initialized logging for ykman version: 0.7.1-dev
> 2018-07-01T11:43:43+0200 DEBUG
> [ykman.descriptor.Descriptor.open_device:75] transports: 0x4,
> self.mode.transports: 0x7
> 2018-07-01T11:43:43+0200 DEBUG [ykman.descriptor.open_device:80]
> Opening driver for serial: None, type: YUBIKEY.YK4, mode:
> OTP+FIDO+CCID
> [...]
> 2018-07-01T11:43:47+0200 DEBUG [ykman.descriptor.open_device:82]
> Attempt 10 of 10
> 2018-07-01T11:43:47+0200 DEBUG [ykman.descriptor.open_device:101]
> Sleeping for 1.00 s
> 2018-07-01T11:43:48+0200 DEBUG [ykman.descriptor.open_device:103] No
> matching device found
> Usage: ykman [OPTIONS] COMMAND [ARGS]...
>
> Error: Failed connecting to the YubiKey.
>
> These are the versions I have:
>
> $ ykman version
>
> YubiKey Manager (ykman) version: 0.7.1-dev
> Libraries:
> libykpers 1.18.1
> libusb 1.0.21
>
> $ pkg_info pcscd
>
> Information for inst:pcsc-lite-1.8.22p1
> [...]

Do you run pcscd while running your attempts?

Try shutting it down when you want direct access to the yubikey?
pcscd get a hold of the USB device and AFAIR I cannot use ykpers or
ykclient while pcscd is running, so I'd expect the same with ykman.

HTH,
Eric.

>
> $ pip3.6 show yubikey-manager
>
> Name: yubikey-manager
> Version: 0.7.1.dev0
> Summary: Tool for managing your YubiKey configuration.
> Home-page: https://github.com/Yubico/yubikey-manager
> Author: Dain Nilsson
> Author-email: d...@yubico.com
> License: BSD 2 clause
> Location: 
> /home/rickard/.local/lib/python3.6/site-packages/yubikey_manager-0.7.1.dev0-py3.6.egg
> Requires: six, pyscard, pyusb, click, cryptography, pyopenssl, fido2
>
> $ pip3.6 show pyscard six pyusb click cryptography pyOpenSSL fido2
>
> Name: pyscard
> Version: 1.9.7
> Summary: Smartcard module for Python.
> Home-page: https://github.com/LudovicRousseau/pyscard
> Author: Ludovic Rousseau
> Author-email: ludovic.rouss...@free.fr
> License: UNKNOWN
> Location: 
> /home/rickard/.local/lib/python3.6/site-packages/pyscard-1.9.7-py3.6-openbsd-6.3-amd64.egg
> Requires:
> ---
> Name: six
> Version: 1.11.0
> Summary: Python 2 and 3 compatibility utilities
> Home-page: http://pypi.python.org/pypi/six/
> Author: Benjamin Peterson
> Author-email: benja...@python.org
> License: MIT
> Location: /home/rickard/.local/lib/python3.6/site-packages
> Requires:
> ---
> Name: pyusb
> Version: 1.0.2
> Summary: Python USB access module
> Home-page: http://walac.github.io/pyusb
> Author: Wander Lairson Costa
> Author-email: wander.lair...@gmail.com
> License: BSD
> Location: /home/rickard/.local/lib/python3.6/site-packages
> Requires:
> ---
> Name: click
> Version: 6.7
> Summary: A simple wrapper around optparse for powerful command line utilities.
> Home-page: http://github.com/mitsuhiko/click
> Author: Armin Ronacher
> Author-email: armin.ronac...@active-4.com
> License: UNKNOWN
> Location: /home/rickard/.local/lib/python3.6/site-packages
> Requires:
> ---
> Name: cryptography
> Version: 2.2.2
> Summary: cryptography is a package which provides cryptographic
> recipes and primitives to Python developers.
> Home-page: https://github.com/pyca/cryptography
> Author: The cryptography developers
> Author-email: cryptography-...@python.org
> License: BSD or Apache License, Version 2.0
> Location: /usr/local/lib/python3.6/site-packages
> Requires: idna, asn1crypto, six, cffi
> ---
> Name: pyOpenSSL
> Version: 18.0.0
> Summary: Python wrapper module around the OpenSSL library
> Home-page: https://pyopenssl.org/
> Author: Hynek Schlawack
> Author-email: h...@ox.cx
> License: Apache License, Ver

Re: State of Yubikey/U2F support on OpenBSD

[Eric Augé]

Hello Rickard,

A) CCID worked out of the box with a yubikey 4, with pcscd and gpg
works fine with it for me, IIRC you can even make it work with GPG
without pcscd, but I'd need to verify again.
B) same, chromium crashes, I started investigating but lack the
knowledge in chromium and I am a bit lost, there are several tickets
open on chromium side as you mentioned.
C) I have not tried.

HTH,
Eric.

On Fri, Jun 29, 2018 at 11:41 AM, Rickard von Essen
 wrote:
>
> I've been experimenting with switching over one of my laptops to OpenBSD, but
> there is one main problem stopping me from switching. The support for Yubikeys
> and U2F.
>
> I'm try to gather a list of things that currently doesn't work. And maybe find
> some collaborators to investigate and maybe fix the issues. So if you are
> interested to work on any of these or have further information please post on
> this thread.
>
> A) Yubikey-manager (ykman) is the new Yubikey CLI. I got it to install but 
> only
> one out of three transport (protocols) works. OTP works. CCID fails connecting
> to the Yubikey via pcscd, further investigation needed (this is hopefully not 
> to
> hard to fix). FIDO doesn't work since the pyu2f library doesn't support 
> OpenBSD,
> this is probably not to hard to fix. I'm tracking these in [1].
>
> B) Chromium (v 65.0.3325.181) crashes when U2F auth is requested and a key is
> inserted, see [2]. I haven't yet debugged this, but fixing this probably
> requires a fair amount of knowledge about Chromiums internals.
>
> C) Firefox (v 59.0.2) doesn't officially support U2F but have a config option 
> to
> enable this [3][4]. Unfortunately this doesn't work on OpenBSD (but macOS for
> example).  (Firefox 60 is supposed to support the new FIDO2 standard this 
> might
> improve on U2F support too.)
>
> [1] https://github.com/Yubico/yubikey-manager/issues/124
> [2] https://bugs.chromium.org/p/chromium/issues/detail?id=451248
> [3] https://discourse.mozilla.org/t/u2f-standard-to-firefox/23301/2
> [4] 
> https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
>

Re: OpenBSD logo on my private hompage. It is allowed?

[Eric Furman]

On Thu, Jun 7, 2018, at 10:10 PM, justina colmena wrote:
> On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III  web.com> wrote:
> >
> >
> >On 06/07/18 18:51, justina colmena wrote:
> >> On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer
> > wrote:
> >>> Hallo,
> >>>
> >>> Thanks! I have read over that.
> >>>
> >>> Best regards,
> >>> Johannes Krottmayer
> >>>
> >>> On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin
> >wrote:
>  On 7 June 2018 at 17:36, Johannes Krottmayer 
> >>> wrote:
> > Can I use the OpenBSD logo on my homepage? It is allowed?
> > I can't find any information about this plan.
>  http://www.openbsd.org/art1.html has all the details.
> 
>  C.
> 
> >> " ... it is our intent that anyone be able to use these images to
> >represent OpenBSD in a positive light -- but do not make profit from
> >them"
> >>
> >> The no-profit clause is new. Sounds like I'd better dump OpenBSD
> >entirely if I want to make a profit at any sort of business or keep any
> >of my private information private or retain any of MY intellectual
> >property for my own use. There's a giant hole in my pocket that needs
> >to be sewn up. Not sure where to go. The lawyers are coming out like
> >alligators from the Florida swamps. This is as bad as SCO and groklaw.
> >>
> >> OpenBSD is for non-profit use only. Thank you for bringing that to my
> >attention.
> >> --
> >> https://www.colmena.biz/~justina/contacto.php
> >>
> >I hope your joking. Obviously they don't want rogue people selling 
> >merchandise with these images since it would detract from legitimate 
> >sales that support the project. The operating system's license info is
> >here:
> >https://www.openbsd.org/policy.html
> 
> Straw that broke the camel's back. There are a few other issues, namely 
> people getting foreign psych degrees and prescribing "benzedrine" and 
> such. I don't do drugs, and no, I am most certainly not joking. I am not 
> happy with that kind of stuff, and  I personally do not want to support 
> it on MY web page.

Just the image itself is copyright deRaadt.
He just doesn't want you selling stickers or t-shirts or mugs or or or...
You can make and sell any product you want using OBSD.
No fee or questions asked. Even Baby-Mulching Machines.
If you want to include the OBSD logo in/on your product just write
and ask Theo's permission. Depending on what it is I'm pretty certain
he will give you permission.
Of course if you did make a profit from something you developed using
OBSD a donation would be greatly appreciated, but not required.
Many Big Corporations do it all the time.
(Use OBSD developed software and not give anything back, that is)
Your tinfoil hat is on too tight.

Re: New lpd server

[Eric Faurot]

On Thu, May 10, 2018 at 10:35:01AM -0400, Predrag Punosevac wrote:
> Where can I learn more about the work on the new lpd server aside of
> reading the code? I learnt about it from the OpenBSD Journal
>
> https://undeadly.org/cgi?action=article;sid=20180509184829
> 
> 
> Thank you!
> Predrag
> 

There is really nothing more than the code currently.

Eric.

Re: Installboot uses wrong device for secondary boot loader

[Eric Zylstra]

I rebooted and checked each step again.  One big difference is this time on 
reboot, my installer USB drive was not sd0 as in my last install attempt.  My 
RAID1 devices now were sd0 and sd1.  After running through all the RAID prep 
steps, the install went without incident.

Thanks for your help,

EZ


> On Apr 29, 2018, at 8:58 AM, Eric Zylstra <ezyls...@mac.com 
> <mailto:ezyls...@mac.com>> wrote:
> 
> Interesting.  I’ll look into that.  Not sure why installboot, upon seeing an 
> error condition (missing MBR), would not generate an error but instead try 
> another device.
> 
> EZ
> 
> 
>> On Apr 29, 2018, at 8:54 AM, Joel Sing <j...@sing.id.au 
>> <mailto:j...@sing.id.au>> wrote:
>> 
>> On Saturday 28 April 2018 22:21:08 Eric Zylstra wrote:
>>> I’m installing 6.3 on a RAID1.  Install was fine until ending with an error
>>> message, “invalid boot record signature…”.
>>> I manually ran installboot:
>>>> . installboot -v -r /mnt sd4
>>> 
>>> Hand transcription:
>>> 
>>> Using /mnt as root
>>> Installing bootstrap on /dev/rsd4c
>>> Using first-stage /mnt/usr/mdec/biosboot, second-stage /mnt/usr/mdec/boot
>>> sd4:  softraid volume with 2 disk(s)
>>> sd4:  installing boot loader on softraid volume
>>> /mnt/usr/mdec/boot is 6 blocks x 16384 bytes
>>> sd0a:  installing boot blocks on /dev/rsd0c, part offset 144
>>> Master boot record (MBR) at sector 0
>>> Install boot:  invalid boot record signature (0x) @ sector 0
>>> 
>>> I did not typo the secondary boot block install.  It attempts to install on
>>> sd0 instead of sd4 as specified in my command.
>> 
>> In order to boot a softraid volume, the underlying disks have to be bootable 
>> with the first stage boot block being installed in the MBR (at least for 
>> i386/amd64). This is why it's looked at sd4, then gone to install the first 
>> stage boot block on sd0... however there is no MBR on this device to install 
>> it into. This suggests that you've not run fdisk correctly - but with 
>> insufficient details I can only guess.
> 

Re: Installboot uses wrong device for secondary boot loader

[Eric Zylstra]

I’m following the documentation in OpenBSD FAQ:  disk setup.

I’m inclined to think there is a code issue since I specified device sd4 and 
installboot used that device for the first stage and then seems to have 
defaulted to sd0 for the second stage bootloader.

EZ


Sent from my iPhone

> On Apr 29, 2018, at 4:01 AM, Stuart Henderson <s...@spacehopper.org> wrote:
> 
>> On 2018-04-29, Eric Zylstra <ezyls...@mac.com> wrote:
>> I’m installing 6.3 on a RAID1.  Install was fine until ending with an error 
>> message, “invalid boot record signature…”.
>> 
>> I manually ran installboot:
>>> . installboot -v -r /mnt sd4
>> 
>> Hand transcription:
>> 
>> Using /mnt as root
>> Installing bootstrap on /dev/rsd4c
>> Using first-stage /mnt/usr/mdec/biosboot, second-stage /mnt/usr/mdec/boot
>> sd4:  softraid volume with 2 disk(s)
>> sd4:  installing boot loader on softraid volume
>> /mnt/usr/mdec/boot is 6 blocks x 16384 bytes
>> sd0a:  installing boot blocks on /dev/rsd0c, part offset 144
>> Master boot record (MBR) at sector 0
>> Install boot:  invalid boot record signature (0x) @ sector 0
>> 
>> I did not typo the secondary boot block install.  It attempts to install on 
>> sd0 instead of sd4 as specified in my command.
> 
> With softraid the bootblock is installed on all component disks of a raid1.
> 
> Since the installer doesn't directly support softraid...what did you type
> earlier to prepare this?
> 

Installboot uses wrong device for secondary boot loader

[Eric Zylstra]

I’m installing 6.3 on a RAID1.  Install was fine until ending with an error 
message, “invalid boot record signature…”.

I manually ran installboot:
>. installboot -v -r /mnt sd4

Hand transcription:

Using /mnt as root
Installing bootstrap on /dev/rsd4c
Using first-stage /mnt/usr/mdec/biosboot, second-stage /mnt/usr/mdec/boot
sd4:  softraid volume with 2 disk(s)
sd4:  installing boot loader on softraid volume
/mnt/usr/mdec/boot is 6 blocks x 16384 bytes
sd0a:  installing boot blocks on /dev/rsd0c, part offset 144
Master boot record (MBR) at sector 0
Install boot:  invalid boot record signature (0x) @ sector 0

I did not typo the secondary boot block install.  It attempts to install on sd0 
instead of sd4 as specified in my command.

Eric

Re: bug tracking system for OpenBSD

[Eric Furman]

On Fri, Mar 30, 2018, at 4:01 PM, Sergey Bronnikov wrote:
> I have made a first step forward in direction to OpenBSD bugtracker
> and imported bugs@ archive to a Fossil SCM -
> https://bronevichok.ru/cgi-bin/b.cgi/rptview?rn=1
> Let's discuss a next step.
> 

You think I'm going to visit a .ru website?

Re: counting dropped packets for pf

[Eric Furman]

On Wed, Mar 28, 2018, at 7:10 PM, 3 wrote:
> > 3(ba...@yandex.ru) on 2018.03.28 23:03:27 +0300:
> >> > On 03/28/18 15:04, 3 wrote:
> >> >> hi guys. when the pflow option first appeared, i was surprised by the
> >> >> stupidity of those who implemented it- pflow could not be specified
> >> >> for block-rules, i.e. dropped packets were not taken into account. as
> i understand- no kosher ways. im asking for illegal ways. many years
> ago there was no way either, but i found a way out. i dont think you
> are dumber than me
> 

You are asking, "How do I use a wrench as a screwdriver?"

Re: ESP8266 Non-OS SDK

[Eric Huiban]

Base Pr1me wrote:

Has anyone played around with compiling the Espressif SDK for their chips?
Just curious.

Thanks,
Tracey



I'm beginning to modify the SDK for Espressif ESP32 step by step when 
time allows. It's full of linuxism and very gnuish, but if i can do some 
mod in their stuff everybody can. I'm a very small player in this kind 
of arena. ;)


I'm know at the step where the SDK is looking for python and does not 
find it on BSD (all versions are here because of pkg dependancies 
management...).


So... it is slow (on my  x230 laptop each compilation of the toolchain 
now lasts 50mn before ending with a new error) and quite boring. However 
it apparently can be done up to now. But i'm not finished with this 
stuff and cannot say it is definitively OK.


Regards

Re: libasr/libevent question

[Eric Faurot]

On Thu, Feb 15, 2018 at 07:41:55PM -0600, Edgar Pettijohn wrote:
> I have this trivial program that I keep getting a segfault trying to use
> event_asr_run(). I have #if 0'd working code to show my progression from
> getaddrinfo() to event_asr_run(). It is hopefully something trivial that I'm
> overlooking.  Anyway I compiled like so:

You need to call event_init() before using other libevent functions.

Eric.

Re: OpenBSD IRQ sharing on ISA

[Eric Furman]

On Thu, Feb 8, 2018, at 7:02 AM, Mihai Popescu wrote:
> > Then i setup only one port using configure command all ports work normally.
> 
> I worked a lot with multiple RS-232 ports boards. They all had some
> hardware jumpers to configure the IRQ and Address for each port ( a
> lot of jumpers!). Maybe this option is integrated in your board BIOS,
> check it.
> 
> How did you manage to find and even install 3.8 ?
> 

The question is not how it is why. :)
I have sitting next to me every CD going back to 3.3.
If I were to dig a bit I am sure I  could find even earlier ones.

Re: Resume fails with connected USB hub

[Eric Furman]

On Tue, Jan 30, 2018, at 8:56 PM, Maximilian Pichler wrote:
> On Tue, Jan 30, 2018 at 5:54 PM, Theo de Raadt  wrote:
> > There are a few people who can debug this.  It is quite hard to debug
> > without having a machine on the desk.  Something about have non-working
> > hardware makes Mike and I and others figure out a strategy for determining
> > where it is locking up.  Providing a list of approaches is too hard.
> 
> Not quite sure I got the point, but am more than happy to help in any way I 
> can.

What he is saying is that for this to be properly fixed he needs to have
actual possession of one of these machines. Some one needs to donate
one so they can fix the problem. 

Re: Problems with inteldrm on ASRock J3455-ITX (Apollo Lake)

[Eric Furman]

On Sun, Jan 14, 2018, at 12:53 PM, Nils Reuße wrote:
> Hi there,
> 
> i got a new board (ASRock J3455-ITX) that's based intels apollo lake 
> SoC.  I've updated the bios to the latest version (1.4) and all things i 
> need are supported by openbsd out of the box on 6.2-current, except for 
> the graphic chip, an integrated Intel HD Graphics 500 chip.
> 
> Unfortunately, when i boot the system, the screen goes black very soon 
> (after the cpu info scrolls by) and then it never fully boots (login via 
> ssh is not possible), so i cannot see or check what's wrong.
> 
> If i disable inteldrm on boot, the system boots, ssh works and i can use 
> the system.  Trying to start X fails however.
> 
> As i intend to use the system as a headless server, i do not really care 
> if the card really works, but i'd like to be able to boot the system 
> without disabling inteldrm every time.
> 
> This is the firmware i've currently installed:
> 
>$ doas fw_update -i
>Installed: intel-firmware-20180108
> 
> The graphics card shows as
> 
>vga1 at pci0 dev 2 function 0 vendor "Intel", unknown product 0x5a85 
> rev 0x0b
> 
> Is anyone else here using this board, or is this error due to some 
> changes in the recent snapshots? Any help is appreciated.

This is not an OBSD specific problem.
Intel integrated graphics is crap.
They cause problems for a lot of people.
Do yourself a favor and disable the integrated graphics
and get yourself any cheap graphics card.
Preferably AMD based.

Re: Options for dealing with DES crypt password file

[Eric Furman]

On Thu, Jan 11, 2018, at 3:42 PM, Consus wrote:
> On 18:27 Thu 11 Jan, Jeff Zimmerman wrote:
> > I've got an old server (OpenBSD 4.7 old) with a mixed bag of password
> > hashes in master.passwd. A majority of the passwords (hundreds) are
> > old salted DES crypt format.
> > 
> > Am I correct in my research that everything but Blowfish was removed
> > from crypt() around OpenBSD 5.7? Are there any workarounds for me
> > using the old DES password hashes, or do we need to 'passwd '
> > for hundreds of users?
> 
> Use LDAP already.
> 

We don't really know his situation.
LDAP could be major overkill...

Fwd: Re: Kernel memory leaking on Intel CPUs?

[Eric Furman]

- Original message -
On 05/01/18 08:51, Eric Furman wrote:
> I always love threads like this. :)
> Doesn't it tell anybody anything that none of the developers have commented?


My point was that this thread was just pointless speculation
by a bunch of people who have no idea of what they write.
The Devs aren't going to add to the noise until they *KNOW*
something. So everybody else should just can it.
I have confidence you guys will handle it properly.
Whether that will make all of us happy, well
I won't speculate. :)

Re: Kernel memory leaking on Intel CPUs?

[Eric Furman]

I always love threads like this. :)
Doesn't it tell anybody anything that none of the developers have commented?

Re: Having a problem with ldomctl

[Eric S Pulley]

Circling back around replying to my own issue in the off chance that
someone else ran into this problem and this helps them out. Think it's
probably a pretty edge case though not too many folks seem to be running
Sun's anymore.

I was able to dump the contents of the NVRAM by booting of an older
version of OpenBSD. In my case I went clear back to 5.3 because that
was just a CD I had. When I get more time maybe I'll figure out where
the functionality breaks and see if I can fix it or at least provide
a clear bug report.

But for now, once I had the 3 files that ldomctl dump produces I saved
them off and loaded 6.2. I was then able to create and load my own ldom
config into NVRAM. Happy to say I now have a few T5120's that are
running 8 ldoms each. (8x8 cpuxram).

Should now get a couple more years life out of these expensive wind
tunnels.


On Fri, 1 Dec 2017 19:04:42 -0700
Eric S Pulley <pul...@dabus.com> wrote:

> Hello,
> 
> I'm trying to breath some life into some Sun T5120's that no longer
> have oracle support for by switching them to OpenBSD6.2.
> 
> The issue I'm having is when I go to dump the contents of the
> NVRAM config into the current working directory to copy for my new
> config, the ldomctl dump command never completes.
> 
> I don't know what the expected behavior is as I've never run OpenBSD
> as the primary domain before. However after letting ldomctl dump run
> for over an hour all I have is one file and the process is still
> running:
> 
> -rw-r--r--  1 root  wheel  23168 Dec  1 18:37 hv.md
> 
> I've tried running ldomd in the foreground to see if there is any sort
> of error but it seems to all be running okay. Before I cleared the
> system of all my old LDOMs ldomctl was seeing them fine and was able
> to access them.
> 
> Can anyone who has run this before tell me if ldomctl dump just takes
> a really long time or possibly shed some light on where I have gone
> wrong?
> 
> As a side note OpenBSD runs beautifully on these hosts in an ldom. I
> have had zero issues. Just trying to stop using Solaris all together
> now.

Re: Hellos from.. one nation under Üni

[Eric Furman]

Please go spread crazy somewhere else.
We're all filled up here.

On Tue, Jan 2, 2018, at 9:39 AM, Epost wrote:
> I have rationalized this even futher. Some of the reason for me 
> rejecting GNU was indeed the hallucinogenic element. I hate indeed 
> "psilocybin prophets"and that they supposedly can tell me something 
> about reality.
> 
> So I have dropped the entire adamic lineage of psilocybin prophets, and 
> replaced the deity concept with Üni, which is a rational zén realized 
> concept. Indeed "God" already is far a rationalization of the prophets 
> sayings.
> 
> I hope you´ll come around to understanding my view.
> 
> Peace.
> 
> Racoh Box - An alpha specification for a fair economy on available 
> source. - https://www.youtube.com/watch?v=x8HzSVdBHZU
> 

Having a problem with ldomctl

[Eric S Pulley]

Hello,

I'm trying to breath some life into some Sun T5120's that no longer
have oracle support for by switching them to OpenBSD6.2.

The issue I'm having is when I go to dump the contents of the
NVRAM config into the current working directory to copy for my new
config, the ldomctl dump command never completes.

I don't know what the expected behavior is as I've never run OpenBSD as
the primary domain before. However after letting ldomctl dump run for
over an hour all I have is one file and the process is still running:

-rw-r--r--  1 root  wheel  23168 Dec  1 18:37 hv.md

I've tried running ldomd in the foreground to see if there is any sort
of error but it seems to all be running okay. Before I cleared the
system of all my old LDOMs ldomctl was seeing them fine and was able to
access them.

Can anyone who has run this before tell me if ldomctl dump just takes a
really long time or possibly shed some light on where I have gone wrong?

As a side note OpenBSD runs beautifully on these hosts in an ldom. I
have had zero issues. Just trying to stop using Solaris all together
now.

Thanks for any help you can give.

Massive amount of system info follows:

from the service processor:
hypervisor_version = Hypervisor 1.10.7.g 2014/07/10 11:46
obp_version = OpenBoot 4.33.6.f 2014/07/10 10:23
post_version = POST 4.33.6.f 2014/07/10 10:32
sysfw_version = Sun System Firmware 7.4.8.a 2014/10/12 09:186.2

Dmesg:
console is /virtual-devices@100/console@1
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights
reserved. Copyright (c) 1995-2017 OpenBSD. All rights reserved.
https://www.OpenBSD.org

OpenBSD 6.2 (GENERIC.MP) #303: Tue Oct  3 22:46:49 MDT 2017
dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP
real mem = 68585259008 (65408MB)
avail mem = 67371524096 (64250MB)
warning: no entropy supplied by boot loader
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root: SPARC Enterprise T5120
cpu0 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu1 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu2 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu3 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu4 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu5 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu6 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu7 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu8 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu9 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu10 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu11 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu12 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu13 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu14 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu15 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu16 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu17 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu18 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu19 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu20 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu21 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu22 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu23 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu24 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu25 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu26 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu27 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu28 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu29 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu30 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu31 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu32 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu33 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu34 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu35 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu36 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu37 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu38 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu39 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu40 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu41 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu42 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu43 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu44 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu45 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu46 at mainbus0: SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz
cpu47 at 

Re: OpenBSD Puffy Stickers

[Eric Furman]

On Fri, Dec 1, 2017, at 02:50 AM, Rudy Baker wrote:
> Alright guys, he gets it. I wouldn't want to have to read two obligatory
> leaving letters in one week :)
> 
> 
> On Dec 1, 2017 1:31 AM, "Eric Furman" <ericfur...@fastmail.net> wrote:
> 
> On Thu, Nov 30, 2017, at 11:07 PM, Theo de Raadt wrote:
> > > Currently the OpenBSD store has mugs, t-shirts, posters, and CDs. All of
> > > those require more expense than stickers. Stickers are rather
> inexpensive
> > > to produce, can be sold for high markup, and cost very little to ship,
> not
> > > to mention are very popular, especially in the tech industry.
> > >
> > > It wouldn't require any new artwork or commissions. If you were to sell
> > > Puffy stickers or OpenBSD Logo stickers I'm sure they'd be top-sellers.
> > >
> > > Case in point, UnixStickers.com charges $2.69 per sticker and that
> doesn't
> > > include shipping.
> >
> > Why should I do that?  You only thought of yourself.
> >
> > What is in it for me?
> >
> > NOTHING.
> >
> > So why should I do this for you?
> >
> > If you think I should, and you repeatedly send mails saying so I can
> > only conclude one thing:
> >
> > You have a self-entitlement issue.
> >
> 
> This *MIGHT* be a great idea, but...
> WHO IS GOING TO DO IT?
> I don't want Theo or any of the Devs wasting their time doing crap like
> this
> that might just turn out to be a wast of time. They should be coding.
> People are always asking "What can I do to help the Project"?
> What people can do is to DO something and not talk about it.
> So, make a batch of stickers yourself and sell them on ebay.
> Then you can see for yourself just how Big A Seller they can be.
> I'm going to bet that it will turn out to take a lot more time and
> effort than you think and that it will turn very little if any profit.
> But hey, don't let me stop you.
> Good luck.

You misunderstand.
I am genuinely trying to give good advice.
I wish him real Good Luck.


I will freely admit,  I am all talk and no action.
My contributions to Obsd over the last 20 years
are nothing more than monetary and hardware
donations. But I will wager that is more than
most of you F** have done.

Re: OpenBSD Puffy Stickers

[Eric Furman]

On Thu, Nov 30, 2017, at 11:07 PM, Theo de Raadt wrote:
> > Currently the OpenBSD store has mugs, t-shirts, posters, and CDs. All of
> > those require more expense than stickers. Stickers are rather inexpensive
> > to produce, can be sold for high markup, and cost very little to ship, not
> > to mention are very popular, especially in the tech industry.
> > 
> > It wouldn't require any new artwork or commissions. If you were to sell
> > Puffy stickers or OpenBSD Logo stickers I'm sure they'd be top-sellers.
> > 
> > Case in point, UnixStickers.com charges $2.69 per sticker and that doesn't
> > include shipping.
> 
> Why should I do that?  You only thought of yourself.
> 
> What is in it for me?
> 
> NOTHING.
> 
> So why should I do this for you?
> 
> If you think I should, and you repeatedly send mails saying so I can
> only conclude one thing:
> 
> You have a self-entitlement issue.
> 

This *MIGHT* be a great idea, but...
WHO IS GOING TO DO IT?
I don't want Theo or any of the Devs wasting their time doing crap like
this
that might just turn out to be a wast of time. They should be coding.
People are always asking "What can I do to help the Project"?
What people can do is to DO something and not talk about it.
So, make a batch of stickers yourself and sell them on ebay.
Then you can see for yourself just how Big A Seller they can be.
I'm going to bet that it will turn out to take a lot more time and
effort than you think and that it will turn very little if any profit.
But hey, don't let me stop you.
Good luck.

Re: ASLR: How Robust is the Randomness?

[Eric Furman]

How is your fork of netbsd doing these days?

On Tue, Nov 28, 2017, at 11:59 PM, Edgar Pettijohn wrote:
> On Tue, Nov 28, 2017 at 09:40:34PM +0100, leo_...@volny.cz wrote:
> > theo wrote:
> > > It is over your head. Or learn to read. Or learn to not reply before
> > > you think.
> > 
> > You know what? You're full of crap.
> > 
> > I may be inexperienced (as you once correctly pointed out), but I know
> > my theory very, very well. Chances are that in a lot of areas, I know
> > it better than *you*.
> > 
> > Like it or not, you're dealing with an equal here. You'll have to treat
> > me that way.
> 
> https://marc.info/?l=netbsd-users=118832592524888=2
> 
> > 
> > If you cannot handle that, well, I'm sorry for you.
> > 
> > /thread.
> > 
> > --schaafuit.
> > 
> 

Re: Hellos from the Lands of Norway.

[Eric Furman]

On Tue, Nov 7, 2017, at 06:13 AM, mich...@hekeler.com wrote:
> This seems to be a very technically orientated and serious discussion.
> ‎Chapeau, Mr. Ywe Cærlyn!
> 

God Bless Norway!

Re: Hellos from the Lands of Norway.

[Eric Furman]

Oh, one more thing. The joke threads are supposed to
be reserved for Fridays. Since you're new you probably
didn't know that.

On Tue, Nov 7, 2017, at 12:04 AM, Eric Furman wrote:
> OK, my understanding of English must be broken because
> I do not understand any of this.
> I just wanted to warn you off starting any discussions about
> BSD vs GNU licensing schemes. Are minds are closed on
> this topic.
> 
> On Mon, Nov 6, 2017, at 11:44 PM, Ywe Cærlyn wrote:
> > So archaically speaking, that is your biggest security issue right there.
> > For instance, if you eat much kebabs, your stomach sings The Quran, and 
> > unfortunately "Mohammed and the companions".
> > If you eat much pizza, it sings The Bible, and "Jesus died for your
> > sins".
> > Now to equalize this, and get Transcendent Truth, for each 3 pizzas, eat 
> > 1 kebab.
> > And you are archaically correct. - There is just one deity, as all 
> > original monotheism teaches. Then you should be at security with The 
> > Chief, justice prevail, and obtuseness conquered.
> > 
> > Peace.
> > 
> > Den 11/7/2017 05:10, skrev Ywe Cærlyn:
> > > As opposed to say, if you have ever had a moment of Mindful Zen, and 
> > > thought of Transcendent Trueness. It is a "song" a bit more like 
> > > "OpenBSD" and "3-clause licence". In other words, 1:1 reality. ;) That 
> > > is why I got interested in OpenBSD instead.
> > >
> > > Peace.
> > >
> > > Den 11/7/2017 04:49, skrev Ywe Cærlyn:
> > >> Yes. I actually had a look a linux earlier. And found for instance a 
> > >> 10ms filter in cpu measurement. I mean, then you haven´t really 
> > >> understood what available resources in a computer is.. And in for 
> > >> instance the LADSPA plugins, is tons of pointer variables. The real 
> > >> song of the GNU licence is this. And "thou shall make no money". That 
> > >> is why it is really going nowhere. WIth the 2 clause licence, you 
> > >> hear a little bit of that song.. Just a warning, from someone who has 
> > >> seen real obtusity in code.
> > >>
> > >> Den 11/7/2017 02:57, skrev Eric Furman:
> > >>> On Mon, Nov 6, 2017, at 03:28 PM, Ywe Cærlyn wrote:
> > >>>
> > >>>> First contribution: You should focus on the 3-clause licence. The two
> > >>>> 2-clause tries to be GNU, and that is a mistake I think.
> > >>> OK, you had me up till here and then this 'Contribution".
> > >>> Is this an attempt at humor? Last time I checked all of the
> > >>> GNU licenses were about 14 pages long of legalese.
> > >>> How is the simpler shorter 2 clause license more like GNU?
> > >>> Sounds like a troll...
> > >>>
> > >>
> > >
> > 
> 

Re: Hellos from the Lands of Norway.

[Eric Furman]

OK, my understanding of English must be broken because
I do not understand any of this.
I just wanted to warn you off starting any discussions about
BSD vs GNU licensing schemes. Are minds are closed on
this topic.

On Mon, Nov 6, 2017, at 11:44 PM, Ywe Cærlyn wrote:
> So archaically speaking, that is your biggest security issue right there.
> For instance, if you eat much kebabs, your stomach sings The Quran, and 
> unfortunately "Mohammed and the companions".
> If you eat much pizza, it sings The Bible, and "Jesus died for your
> sins".
> Now to equalize this, and get Transcendent Truth, for each 3 pizzas, eat 
> 1 kebab.
> And you are archaically correct. - There is just one deity, as all 
> original monotheism teaches. Then you should be at security with The 
> Chief, justice prevail, and obtuseness conquered.
> 
> Peace.
> 
> Den 11/7/2017 05:10, skrev Ywe Cærlyn:
> > As opposed to say, if you have ever had a moment of Mindful Zen, and 
> > thought of Transcendent Trueness. It is a "song" a bit more like 
> > "OpenBSD" and "3-clause licence". In other words, 1:1 reality. ;) That 
> > is why I got interested in OpenBSD instead.
> >
> > Peace.
> >
> > Den 11/7/2017 04:49, skrev Ywe Cærlyn:
> >> Yes. I actually had a look a linux earlier. And found for instance a 
> >> 10ms filter in cpu measurement. I mean, then you haven´t really 
> >> understood what available resources in a computer is.. And in for 
> >> instance the LADSPA plugins, is tons of pointer variables. The real 
> >> song of the GNU licence is this. And "thou shall make no money". That 
> >> is why it is really going nowhere. WIth the 2 clause licence, you 
> >> hear a little bit of that song.. Just a warning, from someone who has 
> >> seen real obtusity in code.
> >>
> >> Den 11/7/2017 02:57, skrev Eric Furman:
> >>> On Mon, Nov 6, 2017, at 03:28 PM, Ywe Cærlyn wrote:
> >>>
> >>>> First contribution: You should focus on the 3-clause licence. The two
> >>>> 2-clause tries to be GNU, and that is a mistake I think.
> >>> OK, you had me up till here and then this 'Contribution".
> >>> Is this an attempt at humor? Last time I checked all of the
> >>> GNU licenses were about 14 pages long of legalese.
> >>> How is the simpler shorter 2 clause license more like GNU?
> >>> Sounds like a troll...
> >>>
> >>
> >
> 

Re: Hellos from the Lands of Norway.

[Eric Furman]

On Mon, Nov 6, 2017, at 03:28 PM, Ywe Cærlyn wrote:

> First contribution: You should focus on the 3-clause licence. The two 
> 2-clause tries to be GNU, and that is a mistake I think.

OK, you had me up till here and then this 'Contribution".
Is this an attempt at humor? Last time I checked all of the
GNU licenses were about 14 pages long of legalese. 
How is the simpler shorter 2 clause license more like GNU?
Sounds like a troll...

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

[Eric Furman]

I'm posting this because it has as much to do with OBSD as all this
bullshit;

https://www.youtube.com/watch?v=py3u3P9OpBE


On Fri, Oct 20, 2017, at 05:52 AM, x9p wrote:
> 
> > hehe - you don´t know the situation in germany ;-)
> > I have seen many of these letters for "one time users" (even those with
> > only a few seconds connection)
> >
> 
> I do actually. By the time i lived there, a friend got something like EUR
> 800 bill for downloading a movie over torrent. Thats why I dont like
> Germany hosting, and enjoy offshore VPS :)
> 
> >
> >
> >> ...but it is really easy and cheap to write an script, collect IPs via
> >> torrent, and send DMCA takedown notices.
> >
> > professional software exists. So noone hacks his own scripts.
> >
> 
> thats not much difference between "professional software" and a bunch of
> scripts doing the same job. been there.
> 
> >
> >
> >> DMCA free ignores this automatic scripts, but of course need to act upon
> >> receiving a court order.
> >
> > Thanks for the clarification of "DCMA free".
> >
> >
> 
> welcome.
> 
> 
> 
>