Re: bozohttpd .htpasswd basic auth being non recursive

[Matt Sporleder]

> On May 31, 2019, at 10:01 PM, Mayuresh  wrote:
> 
> On Fri, May 31, 2019 at 07:52:25PM +, Christopher Pinon wrote:
>>> I meant, if we can't solve this in bozohttpd, please suggest some other
>>> httpd which is nearest match to its minimalistic approach.
>> 
>> apache? ;-)
> 
> Well... minimalistic?
> 
> Any takers for lighttpd, it it light as its name suggests? Of course,
> whether .htpasswd applies recursively or not is to be checked.
> 
> Mayuresh

Apache runs in well under 1MB and does all of this stuff and more. 

I wrote the original version of this if the default config freaks you out 

https://cwiki.apache.org/confluence/display/HTTPD/Minimal+Config

Don’t use .htaccess

Re: git https issue

[Matt Sporleder]

> On Aug 18, 2018, at 3:48 PM, Riccardo Mottola  
> wrote:
> 
> Hi,
> 
> 
>> On 11/08/2018 02:35, matthew sporleder wrote:
>> I think the GIT_CURL_VERBOSE=1 is going to give you the answer.
> 
> I typed exactly what you did and see this:
> 
> 
> narsil$ GIT_CURL_VERBOSE=1 git clone --verbose 
> https://github.com/github/debug-repo
> Cloning into 'debug-repo'...
> * Couldn't find host github.com in the .netrc file; using defaults
> *   Trying 192.30.253.112...
> * TCP_NODELAY set
> * Connected to github.com (192.30.253.112) port 443 (#0)
> * ALPN, offering http/1.1
> * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
>   CAfile: none
>   CApath: /etc/openssl/certs
> 
> 
> It stops before SSL connection using TLSv1.2 that appears on your side.
> 
> something is wrong with SSL? I have no OpenSSL or similar pkg installed, this 
> means the one in base is used, how at your place?
> 
> 
> narsil$ pkg_info | grep openssl
> mozilla-rootcerts-openssl-2.1 Wedge for installing and managing 
> mozilla-rootcerts
> 
> 
> Riccardo
> 
> 

Can you do curl -vvv to GitHub?

Re: security clarification, efail-attack-paper.pdf

[Matt Sporleder]

> On May 15, 2018, at 12:55 AM, Dave Huang  wrote:
> 
>> On 5/14/2018 18:59, George Georgalis wrote:
>> What exactly is the threat? All I can put together is an attacker can 
>> encrypt a malicious html email which, when rendered, makes http requests. 
>> Not always a good thing, but no different than if a victim renders 
>> non-encrypted html email anyway. Is that correct?
> 
> My understanding is that if an attacker can pose as a man-in-the-middle for 
> your email, they can modify an encrypted email so that when you receive it, 
> it'll send the decrypted email to the attacker.
> 
> -- 
> 

This was my understanding of the most obvious attack as well. 

Another one might be to email someone an encrypted file you ready have to get 
it decrypted for you (passwords.txt.pgp found in your company git repo or 
something)

I thought the risk seemed lowish but I am not as creative as evil hackers tend 
to be. :)

Re: ISO image size

[Matt Sporleder]

When w shave seen this issue before it is related to gzip encoding in http. Do 
the final products differ?

> On Feb 21, 2017, at 7:22 AM, Cág  wrote:
> 
> Hi,
> 
> Why is this iso image[0] is 319 MB (or at least identified as so in Firefox) 
> and this one[1]
> is 372 MB? Are they different?
> 
> Thanks
> 
> [0]: cdn.netbsd.org/pub/NetBSD/NetBSD-7.0.2/images/NetBSD-7.0.2-amd64.iso
> [1]: 
> http://ftp.fi.netbsd.org/pub/NetBSD/NetBSD-7.0.2/images/NetBSD-7.0.2-amd64.iso
> 
> --
> Cág

Re: NetBSD Wiki sites not available

[Matt Sporleder]

> On Dec 13, 2015, at 6:54 AM, Helge Muehlmeier  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> 
> 
>> Am 13.12.2015 um 04:29 schrieb Christos Zoulas:
>> In article <566c81eb.1080...@gmx.de>, Helge Muehlmeier
>>  wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>> 
>>> Hi,
>>> 
>>> I try to get access to some port sites but get error messages in
>>> my browser.
>>> 
>>> Are there some maintenance work on it?
>> 
>> We are moving stuff to a new hosting site, but things should be
>> up...
> 
> I get the sites if I set "httpps://" in URL manually. But if I use the
> links from the NetBSD ports site (click on it) I get a redirection
> error...
> 
> I tried this with a Linux and a NetBSD box...
> 
> Greetings,
> Helge
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJWbVyFAAoJEBgUdGKprwT5togQAMbdaGeJGKv8CwDLUI6aFDfN
> sPUvGkWuLVCSmORUrysBOaiHSQzqJ71UZ4Pu2Raolu7i/HB1PE7M1Nz8HSyw7/wA
> Kf3DUNLvNSzGIlZohSG6cITwNUKBzvfZX8pvReac9VHYoEEKS1er+OlF+3t+YOCe
> lcfQbxubSRShXLZP1wtNNT03jU3Q95ZsgeXq0FiudZ/aNa3/2PErGhdRp0AiAmrh
> vVoC0cNt5sQAi+EqB4EvbIfLthZdQr8nDJymS2DTvGhj+GU+1o4Xwuf0nAiDdjcr
> jEJ6PF+WdhNwsYQbB8K6vHHJtNLvOpH7O04b4qtwOo9f6P1a8mLFAlkHFvVq2cS7
> +wkJvIvVi7eC5Og+D5Iv0BgDlh2jf23YfpHFA2F4QVF5PW5sRK4A9FUJsugCp1bS
> bp8yqO0IDUzudYFVINNQXxZw5JawsdrL1w+O23kO1eCU/kwKGfAIc8lnOcR+Y93w
> kMQCJQbTHMUv3ktAwz4hGw8KaLUMXi0C0WC9dsO1Y4wsoh/7OLmRqnN9oczD895P
> uM3MBk9Q3vPrQHg6Unmal6FyVs32zAEh1GUiAlooQ7CUmUbzueVQeR1memrvG/Ao
> WUhQA5pC64Ek2uivlexO1bjLLakGHR7xG88MZxM4ku4L8oTBx8fla6CeJw/xAJOD
> tlGTmXECqytrtQrTQ04M
> =v8dM
> -END PGP SIGNATURE-

What error, exactly? 

Also clear your cache and restart your browser please. 

Re: NetBSD Wiki sites not available

[Matt Sporleder]

> On Dec 13, 2015, at 7:49 AM, Helge Muehlmeier <h_muehlme...@gmx.de> wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> 
> 
>> Am 13.12.2015 um 13:25 schrieb Matt Sporleder:
>> 
>> 
>> 
>> 
>>> On Dec 13, 2015, at 7:21 AM, Chavdar Ivanov <ci4...@gmail.com>
>>> wrote:
>>> 
>>> All seem to work fine for me.
>>> 
>>> Chavdar
>>> 
>>>> On Sun, 13 Dec 2015 at 11:44 Helge Muehlmeier
>>>> <h_muehlme...@gmx.de> wrote:
>>>>>> I get the sites if I set "httpps://" in URL manually. But
>>>>>> if I use the links from the NetBSD ports site (click on it)
>>>>>> I get a redirection error...
>>>>>> 
>>>>>> I tried this with a Linux and a NetBSD box...
>>>>>> 
>>>>>> Greetings, Helge
>>>>>> 
>>>>>>> What error, exactly?
>>>>>>> 
>>>>>>> Also clear your cache and restart your browser please.
>>>>>> I cleared my cache and restarted the browser and still get
>>>>>> the error: ... The page isn't redirecting properly
>>>>>> 
>>>>>> Firefox has detected that the server is redirecting the
>>>>>> request for this address in a way that will never
>>>>>> complete.
>>>>>> 
>>>>>> This problem can sometimes be caused by disabling or
>>>>>> refusing to accept cookies. ...
>> 
>> If I use chrome I get the following message:
>> 
>> This webpage has a redirect loop
>> 
>> ERR_TOO_MANY_REDIRECTS
>> 
>> Greetings, Helge
>> 
>> 
>> 
>> Are you using something like https everywhere?  The redirects are
>> for http://wiki and work for me.
> I didn't setup up things like "only use https". I'm just using the
> website as normally as I did before.
> 
> And this behavior is reproducible on other computers, too.
> 
> I just took a phonecall to a friend. This behavior is reproducible in
> his location, too.
> 
> Strange...
> 
> Helge
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJWbWlvAAoJEBgUdGKprwT5MC8P/ix8CD/MXIcbJECdIdVB6zPb
> Z9YbHa8gbKKEx2bTQGg5B7EiNItcKUvuuSd5YugSp5++vjOon1m2Furn+gpCsLyX
> z5sUIfqJKOkiR90pwSAFJ4JpidL2HJ8WczHNqAFskWQI0l+MUp2VM8okxXwhn75D
> WFdxQkt2mtsFJYNIBQZYNY1mPvmsMV+kSUzlN2qNE9gWfzKhtE15Bln2Xa1fS0HI
> bBPqdD/8EETyME1OpQqKuf6aFBqjgMSAWGZSQcSK4Tc9IJbB4QmKxZV0qEqIqXzh
> fBw/JCFS/Ml8wTtS/LmkYkVNfskNqKc8hMx3plbM9JGw+jcUGgy92GxCI3lB7kZF
> ChOjOwBvWduuCqYTA1RXNXRV5iOgrJRYTo8SfkwX0zvbHrxRmssubAyro5qtFsz5
> /x+H6YNX57VzmoNYMl9u5iF23LPoiqYb7t2AnC9K+2pfbBeZA0NasR8w4Xd9KpHs
> dUf4hQ8OunV05jHjA57N5elHEmWwBEfGxy3DZYnJCX3Xo1p71WBJpbbrfkMC+Fcj
> gfiLSwhqdzJaspsWXQ3UcL+Em1L3KSuT5mhrA5VUrFw7+8D0QE7lYJe/zn+8cHZ/
> ZJPjWNMuOPK+rj+DneZ/siWRUb2xPvwBJzfGSRb8Ve/zt9bCWyPSX52nqWAWUHjr
> mtm4MxCccx6Dsx4B3dVw
> =4gYn
> -END PGP SIGNATURE-

Can you share the exact steps you are using to get this error?

Re: NetBSD Wiki sites not available

[Matt Sporleder]

> On Dec 13, 2015, at 7:21 AM, Chavdar Ivanov  wrote:
> 
> All seem to work fine for me. 
> 
> Chavdar
> 
>> On Sun, 13 Dec 2015 at 11:44 Helge Muehlmeier  wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>> 
>> > I get the sites if I set "httpps://" in URL manually. But if I use
>> > the links from the NetBSD ports site (click on it) I get a
>> > redirection error...
>> >
>> > I tried this with a Linux and a NetBSD box...
>> >
>> > Greetings, Helge
>> >
>> >> What error, exactly?
>> >>
>> >> Also clear your cache and restart your browser please.
>> > I cleared my cache and restarted the browser and still get the
>> > error: ... The page isn't redirecting properly
>> >
>> > Firefox has detected that the server is redirecting the request for
>> > this address in a way that will never complete.
>> >
>> > This problem can sometimes be caused by disabling or refusing to
>> > accept cookies. ...
>> 
>> If I use chrome I get the following message:
>> 
>> This webpage has a redirect loop
>> 
>> ERR_TOO_MANY_REDIRECTS
>> 
>> Greetings,
>> Helge
>> 
>> 
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>> 
>> iQIcBAEBCAAGBQJWbVnkAAoJEBgUdGKprwT5Fq4QAMersI7oR3nFCwEMWpnYRW8y
>> K5rVVnjtJ+JPx0sLB/q50tQWJS6BCAqYYEsu5yi77Lgtpy+/7GjGTXzFKRIUBLx8
>> AhHAW06c+XxO/Ft2vMV6gjrK6mxRo6cLMprkz2dhx5Tu4QNiwtRaHZnSXMV7EAk6
>> LlH983yQWRWrp9W470lpiiuzQc22+WP7mh8waCtj8WqNEhFRiowWPFFgqzVSU4OX
>> Cx6xXiQxSisTmjVT1Wube6g/JlWE7GvBrJaQaSPxmgVciNGoYq2W+xaWDD+d4qe+
>> ERxe5Lfsqk0Uozu+eOhKPxYmUoL1nmbTYYUoy9eTqu2nIYRJwart4MTmODpbjisj
>> Kzs0YI67nCIuX+kDdDT0+mbWCL3vAohNDFa1MLzMK04gvN7bp7Hgs+jIRZiap7uA
>> LQTkZ25vrp/KrP+kpqWUkc+O4q3sx6nvbV4kRTLmfA1BnNPfuEYoObWsApFXy25h
>> l0wY0hV6TXMPx9ITLFbViwpwASeQcfm/RmYd/FPCh/Hz8EwIiyJtxU6WO0Z4iWEq
>> LVl+xrP2GNWWpwYdPDKYJUdP+XyQtDQ+LSyLR6r7DXgvWiDb5fIPzWdBOT+uYuwf
>> +4zeQE0xqZE2vLJQPQFQsCS7ZnKyUOIhV8Yb3GuMgeMIC0/tIhTVHQp1rnl56ZyL
>> vPkhJbx4IeoQhUEXB7nN
>> =qLte
>> -END PGP SIGNATURE-

Are you using something like https everywhere?  The redirects are for 
http://wiki and work for me. 

Re: Replace default SSH with pkgsrc version

[Matt Sporleder]

This is what I do. 



> On Dec 8, 2015, at 1:24 PM, Jeremy C. Reed  wrote:
> 
> Another idea (untested recently) is to have a file called 
> /etc/rc.conf.d/sshd with:
> 
> command=/usr/pkg/sbin/sshd
> sshd_flags="-f /etc/ssh/sshd_config"
> sshd=YES
> 
> Then use default "/etc/rc.d/sshd restart"

Re: segfault in bozohttpd

[Matt Sporleder]

> On Nov 3, 2015, at 4:19 PM, Jan Danielsson  wrote:
> 
> Hello,
> 
>   Environment: Running netbsd-7, but using bozohttp from -current
> 
>   I built bozohttpd and started it using my regular script, but it
> segfaulted immediately.  The corefile said:
> 
> [---]
> Reading symbols from /home/jan/checkout/fsys/bozohttpd/bozohttpd...(no
> debugging symbols found)...done.
> [New process 1]
> Core was generated by `bozohttpd'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x0040ab33 in bozo_add_lua_map ()
> (gdb) bt
> #0  0x0040ab33 in bozo_add_lua_map ()
> #1  0x0040b94f in main ()
> 
>   I rebuilt it with -g and the segfault didn't occur.  I then cleaned
> up again and rebuilt without -g again, and this time it didn't segfault.
> 
>   Non-deterministic segfaults..  :/
> 
> -- 
> Kind Regards,
> Jan

I saw seeing similar and marked it down to a bad build env from old builds 
hanging around. 

Re: Why doesn't NetBSD recognize my entries in /etc/hosts?

[Matt Sporleder]

> On Sep 16, 2015, at 3:30 PM, Ottavio Caruso  
> wrote:
> 
>> On 16 September 2015 at 19:06, Johnny Billquist  wrote:
>>> On 2015-09-16 19:09, Ottavio Caruso wrote:
>>> 
>>> RE: http://mail-index.netbsd.org/netbsd-users/2014/04/27/msg014543.html
>>> 
>>> I put domains that I want to block in /etc/hosts preceded by 0.0.0.0
>>> but I can still ping them.
>>> 
>>> I rebooted, but I can still ping them.
>>> 
>>> Then I have mass-changed all entries from 0.0.0.0 to 127.0.0.1 and I
>>> can still ping them.
>>> 
>>> Rebooted, same thing.
>>> 
>>> Why can I do this effortlessly with Windows and Linux but not with NetBSD?
>> 
>> 
>> First of all, using /etc/hosts as a way of block domains is extremely
>> unreliable and not really a meaningful way of actually block anything.
> 
> Why? It works on other platforms?
> 
>> 
>> Second, I guess you haven't heard of /etc/nsswitch.conf. It also exists in
>> Linux. It tells which methods are used, and in which order. It might be that
>> you have dns before files.
> 
> I've checked my nsswitch.conf, it's files before hosts
> 
>> 
>> Changing a destination to 127.0.0.1, and then pinging it, why would you
>> expect it to not work. 127.0.0.1 will most likely respond to pings.
>> Pinging 0.0.0.0 will also give some result. Most probably your default
>> gateway machine.
> 
> Yes, I didn't express myself correctly. I meant that I ping the
> original host, not 127.0.0.1.
> 
> BTW, rebooting TWICE produced the intended result. I wonder why I had
> to reboot twice.
> 
>> 
>> Maybe you should try and learn about /etc/hosts.deny as well as ipfilters?
> 
> But again, why?
> 
> If I have a list of 300 domains to block, this would not be practicable.
> 
> 
> 
> 
> -- 
> Ottavio

Show us a sample hosts entry and the full output of your ping, please. 

Re: pkgsrc use curl or wget

[Matt Sporleder]

That is a fetch using custom I think. Check out adding stuff to mk/fetch/ 
tools. 

(sorry for lack of detail but I am on my phone)




On Jul 11, 2013, at 3:16 AM, Mayuresh mayur...@acm.org wrote:

 On Wed, Jul 10, 2013 at 10:41:04PM -0400, matthew sporleder wrote:
 Try FETCH_USING= curl in mk.conf
 
 I know you can use it in individual packages so maybe it will just work.
 
 I was looking for something similar. Would an accelerator like aget or
 aria2 work? Perhaps the infrastructure would just pass URL to whatever
 command you right. (Or does it specifically understand some of the
 downloaders?)
 
 Currently, for large packages, I break the download, download those
 manually using aget and then make again.
 
 Mayuresh.