Re: Remote client cannot mount NFS

[Zhi-Qiang Lei]

It works like a charm! Thank you!

$ sudo mount_nfs -P 192.168.1.1:/nfs mnt
$ df -h
Filesystem Size   Used  Avail Capacity  iusedifree %iused  Mounted
on
/dev/disk1112Gi  107Gi  5.0Gi96% 28016815  1310543   96%   /
devfs 185Ki  185Ki0Bi   100%  6400  100%   /dev
map -hosts  0Bi0Bi0Bi   100%00  100%   /net
map auto_home   0Bi0Bi0Bi   100%00  100%   /home
192.168.1.1:/nfs  1.7Ti  8.0Ki  1.6Ti 1%1 587389410%
/Users/siegfried/mnt

Best regards,
Zhi-Qiang Lei

> On Mar 6, 2015, at 12:21 AM, Gabriel Kihlman  wrote:
>
> Zhi-Qiang Lei  writes:
>>
>> $ sudo mount -t nfs 192.168.1.1:/nfs mnt
>> Password:
>> mount_nfs: can't mount /nfs from 192.168.1.1 onto /Users/siegfried/mnt:
>> Permission denied
>>
>> What could be the problem? How can I debug it? Thanks.
>
> It used to be that you needed to mount with -P from mac:
>
> sudo mount_nfs -P server.address:/path/to/share /path/to/local/directory
>
> Not sure if that is still the case but it might be worth a try?
>
> /gabriel

Re: lynx is gone?

[Eric Furman]

On Thu, Mar 5, 2015, at 08:24 PM, Paolo Aglialoro wrote:
> Dear Theo,
> 
> I respect you as a person and I respect your work.
> 
> This said, I can also tell you that, after a few years reading misc@,
> there
> is still one thing that I do not understand about your "colourful"
> answers
> to several mails.
> 
> Not all the people who run obsd can, for various personal reasons of
> their
> own, contribute as a coder. But they still can contribute as users,
> reporting problems or making suggestions. This does not necessarily mean
> they "order" you what to do or not to do, don't take it personally. They
> just love to run obsd, so they try to do their best. My grandpa taught me
> that when people don't tell you things it's because they just don't care
> anymore.
> 
> With their detailed answers, for instance, Stuart, Giancarlo and Ingo
> showed attention to my problem as a user, analyzing things just on a
> logical viewpoint. I perfectly accept their polite way of answering.
> 
> Here nobody was making making a wishlist for obsd like "I want zfs, xfs,
> ext4, pf multicore, etc.". The point is that here, often, the moment you
> got used to a tool, the day after it's gone/modified. This creates
> frustration in the average user, like me.
> 
> Of course we're still a pkg_add away but, hey, isn't denying to consider
> that most people will keep using that tool a contradiction? Yes, base
> will
> be pure and safe, but at the same time it will diminish functionality,
> depending more and more from packages.
> 
> This said, this is your OS, delete everything you like!
> 
> Just be respectful, please.
> 
> Il 05/mar/2015 21:43 "Theo de Raadt"  ha
> scritto:
> >
> > >So it looks like that, till some months ago, everybody here was on the
> > >wrong OS and risking their lives, as lynx was in base!
> >
> > Such hyperbole!  Such drama!
> >
> > Impressive.
> >
> > If you don't like our software, there are other options out there for
> > you to use.  In the end, it is our software, and we get to make our own
> > choices.
> >
> > That is fair.  People who get to make choices, tend to care, and tend to
> > try to make things better for themselves and everyone, according to a
> > narrow definition, but there you have it.  No hyperbole or drama needed.
> >
> > You can run something else, Sir.
> 

How was Theo being disrespectful? I don't see it.
Compared to most of Theo's responses this was a love letter. :)

Re: Remote client cannot mount NFS

[Zhi-Qiang Lei]

According to the FAQ, I think 192.168.1 represents the network 192.168.1.0.

http://www.openbsd.org/faq/faq6.html#NFS


The IP of Mac is 192.168.1.36. And the IP of server is 192.168.1.1.

If I run showmount on Mac, I get these:

$ showmount -e 192.168.1.1
Exports list on 192.168.1.1:
/nfs192.168.1.0

Here is what I found in manual of mount_nfs on Mac:

 nfsvers=
 Set the NFS protocol version number - 2 for NFSv2, 3 for NFSv3
and 4 for NFSv4.  The default is to try version 3 first, and fall back to
ver-
 sion 2 if the mount fails.


Best regards,
Zhi-Qiang Lei

> On Mar 6, 2015, at 1:26 PM, Philip Guenther  wrote:
>
> On Thu, Mar 5, 2015 at 6:52 PM, Zhi-Qiang Lei 
wrote:
>> I simply started a NFS on my OpenBSD 5.6 server as flow:
>>
>> # cat /etc/exports
>> /nfs -alldirs -network=192.168.1 -mask=255.255.255.0
>
> You sure about that "192.168.1", with only three components?  I
> believe that'll be interpreted as 192.168.0.1, which may not be what
> you mean...and doesn't match your loopback mount below.
>
>
>> I’m able to mount it on the OpenBSD server:
>>
>> # mount -t nfs 192.168.1.1:/nfs /mnt
>> # df -h
>> Filesystem  SizeUsed   Avail Capacity  Mounted on
>> /dev/wd0a   3.9G   52.3M3.7G 1%/
>> /dev/wd0k   9.9G4.0K9.4G 0%/home
>> /dev/wd0l   1.7T8.0K1.6T 0%/nfs
> ...
>> 192.168.1.1:/nfs1.7T8.0K1.6T 0%/mnt
>>
>> However, I cannot mount it on my Mac:
>>
>> $ mount -t nfs 192.168.1.1:/nfs mnt
>> mount_nfs: can't mount /nfs from 192.168.1.1 onto /Users/siegfried/mnt:
>> Permission denied
>>
>> $ sudo mount -t nfs 192.168.1.1:/nfs mnt
>> Password:
>> mount_nfs: can't mount /nfs from 192.168.1.1 onto /Users/siegfried/mnt:
>> Permission denied
>
> What IP will that Mac be using as its source address?
> From that Mac, what's "showmount -e 192.168.1.1" show?
>
> What version of NFS does the Mac documentation say it'll use in this case?
>
>
> Philip Guenther

Re: Remote client cannot mount NFS

[Philip Guenther]

On Thu, Mar 5, 2015 at 6:52 PM, Zhi-Qiang Lei  wrote:
> I simply started a NFS on my OpenBSD 5.6 server as flow:
>
> # cat /etc/exports
> /nfs -alldirs -network=192.168.1 -mask=255.255.255.0

You sure about that "192.168.1", with only three components?  I
believe that'll be interpreted as 192.168.0.1, which may not be what
you mean...and doesn't match your loopback mount below.


> I’m able to mount it on the OpenBSD server:
>
> # mount -t nfs 192.168.1.1:/nfs /mnt
> # df -h
> Filesystem  SizeUsed   Avail Capacity  Mounted on
> /dev/wd0a   3.9G   52.3M3.7G 1%/
> /dev/wd0k   9.9G4.0K9.4G 0%/home
> /dev/wd0l   1.7T8.0K1.6T 0%/nfs
...
> 192.168.1.1:/nfs1.7T8.0K1.6T 0%/mnt
>
> However, I cannot mount it on my Mac:
>
> $ mount -t nfs 192.168.1.1:/nfs mnt
> mount_nfs: can't mount /nfs from 192.168.1.1 onto /Users/siegfried/mnt:
> Permission denied
>
> $ sudo mount -t nfs 192.168.1.1:/nfs mnt
> Password:
> mount_nfs: can't mount /nfs from 192.168.1.1 onto /Users/siegfried/mnt:
> Permission denied

What IP will that Mac be using as its source address?
>From that Mac, what's "showmount -e 192.168.1.1" show?

What version of NFS does the Mac documentation say it'll use in this case?


Philip Guenther

Re: improving browser security

[Steve Shockley]

On 03/01/2015 01:36 PM, Ted Unangst wrote:

Nevertheless, the policy is only advisory. Writeable executable memory is only
an mmap or mprotect away.


Thanks for your work.  Is there a simple way to turn on enforcement W^X 
on a system, to see what breaks?

Re: lynx is gone?

[Theo de Raadt]

>On Thu, Mar 5, 2015 at 9:32 PM, Theo de Raadt 
>wrote:
>
>>
>> Never know.  OpenBSD is not generally known as an exposed democracy.
>>
>
>This made me chuckle out loud :)

Well, it makes me laugh out loud too.

We are succesfully making good software, using a scheme called
undemocratic.

How un-American of us.

Laughing again?  You must be a terrorist.

Remote client cannot mount NFS

[Zhi-Qiang Lei]

I simply started a NFS on my OpenBSD 5.6 server as flow:

# cat /etc/exports
/nfs -alldirs -network=192.168.1 -mask=255.255.255.0

I’m able to mount it on the OpenBSD server:

# mount -t nfs 192.168.1.1:/nfs /mnt
# df -h
Filesystem  SizeUsed   Avail Capacity  Mounted on
/dev/wd0a   3.9G   52.3M3.7G 1%/
/dev/wd0k   9.9G4.0K9.4G 0%/home
/dev/wd0l   1.7T8.0K1.6T 0%/nfs
/dev/wd0d   3.9G4.0K3.7G 0%/tmp
/dev/wd0f   9.8G310M9.0G 3%/usr
/dev/wd0g   3.9G2.0K3.7G 0%/usr/X11R6
/dev/wd0h   9.8G216K9.3G 0%/usr/local
/dev/wd0j   9.8G2.0K9.3G 0%/usr/obj
/dev/wd0i   9.8G2.0K9.3G 0%/usr/src
/dev/wd0e   9.8G5.3M9.3G 0%/var
192.168.1.1:/nfs1.7T8.0K1.6T 0%/mnt

However, I cannot mount it on my Mac:

$ mount -t nfs 192.168.1.1:/nfs mnt
mount_nfs: can't mount /nfs from 192.168.1.1 onto /Users/siegfried/mnt:
Permission denied

$ sudo mount -t nfs 192.168.1.1:/nfs mnt
Password:
mount_nfs: can't mount /nfs from 192.168.1.1 onto /Users/siegfried/mnt:
Permission denied

What could be the problem? How can I debug it? Thanks.

Best regards,
Zhi-Qiang Lei

Re: lynx is gone?

[bofh]

On Thu, Mar 5, 2015 at 9:32 PM, Theo de Raadt 
wrote:

>
> Never know.  OpenBSD is not generally known as an exposed democracy.
>

This made me chuckle out loud :)


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."  --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: lynx is gone?

[Theo de Raadt]

>Dear Theo,
>
>I respect you as a person and I respect your work.
>
>This said, I can also tell you that, after a few years reading misc@, there
>is still one thing that I do not understand about your "colourful" answers
>to several mails.
>
>Not all the people who run obsd can, for various personal reasons of their
>own, contribute as a coder. But they still can contribute as users,
>reporting problems or making suggestions. This does not necessarily mean
>they "order" you what to do or not to do, don't take it personally. They
>just love to run obsd, so they try to do their best. My grandpa taught me
>that when people don't tell you things it's because they just don't care
>anymore.
>
>With their detailed answers, for instance, Stuart, Giancarlo and Ingo
>showed attention to my problem as a user, analyzing things just on a
>logical viewpoint. I perfectly accept their polite way of answering.
>
>Here nobody was making making a wishlist for obsd like "I want zfs, xfs,
>ext4, pf multicore, etc.". The point is that here, often, the moment you
>got used to a tool, the day after it's gone/modified. This creates
>frustration in the average user, like me.
>
>Of course we're still a pkg_add away but, hey, isn't denying to consider
>that most people will keep using that tool a contradiction? Yes, base will
>be pure and safe, but at the same time it will diminish functionality,
>depending more and more from packages.
>
>This said, this is your OS, delete everything you like!
>
>Just be respectful, please.

Thank you for your detailed mail.

It has led me to revisit my viewpoints.

We will be adding Firefox to the base distribution.  It is time
to stop this focus on a high quality base, and just incorporate
what people want, even if it is harder then for developers to use
existing methods to discern good from crap.

ps. If you still want the old world, it is still there.  There are
many software legacy software distributions that don't change as fast.
Like Linux or FreeBSD.

pps.  If that does not agree with you, you should feel lucky because a
few projects choose to forge ahead and see where future change may get
us (in the future, as in, not so much Xenix compat anymore)

Re: lynx is gone?

[Theo de Raadt]

>> It's not like this wasn't discussed previously. At length.
>> http://marc.info/?t=14050482952&r=1&w=2
>
>Wow! And I thought the whole fun is on misc@ only. It looks like some
>folks are ready to quit using and OS because of some software location
>(base or packages).
>The irony is lynx is also an extinct animal called "smile" in my country.

Businesses fire their worst customers all the time, to allow the
business to focus on doing what it does best without adhering to
models used in the past to get ahead.

Maybe the removal of lynx is not about the low quality of the software
and general lack of maintainance moving it forward.

Maybe it more of a conspiracy against our worst users, those ready to
accept bad software as a part of the better whole.

Never know.  OpenBSD is not generally known as an exposed democracy.

If people want an exposed democracy with different warts, Debian seems
to be such a thing.  Choose your warts carefully.

Re: lynx is gone?

[Gene]

On Thu, Mar 5, 2015 at 5:24 PM, Paolo Aglialoro  wrote:

> Dear Theo,
>
> I respect you as a person and I respect your work.
>
> This said, I can also tell you that, after a few years reading misc@,
> there
> is still one thing that I do not understand about your "colourful" answers
> to several mails.
>
> Not all the people who run obsd can, for various personal reasons of their
> own, contribute as a coder. But they still can contribute as users,
> reporting problems or making suggestions. This does not necessarily mean
> they "order" you what to do or not to do, don't take it personally. They
> just love to run obsd, so they try to do their best. My grandpa taught me
> that when people don't tell you things it's because they just don't care
> anymore.
>
> With their detailed answers, for instance, Stuart, Giancarlo and Ingo
> showed attention to my problem as a user, analyzing things just on a
> logical viewpoint. I perfectly accept their polite way of answering.
>
> Here nobody was making making a wishlist for obsd like "I want zfs, xfs,
> ext4, pf multicore, etc.". The point is that here, often, the moment you
> got used to a tool, the day after it's gone/modified. This creates
> frustration in the average user, like me.
>

Uhm, excuse me, I definitely want all of those things.

If I don't get them right now I'll stomp my feet and cry until I do!


> Of course we're still a pkg_add away but, hey, isn't denying to consider
> that most people will keep using that tool a contradiction? Yes, base will
> be pure and safe, but at the same time it will diminish functionality,
> depending more and more from packages.
>
> This said, this is your OS, delete everything you like!
>
> Just be respectful, please.
>

This discussion started off with disrespect to the project's developers and
continued throughout much of it.

Respect is something to be earned, don't expect to get it for free.

-Gene


>
> Il 05/mar/2015 21:43 "Theo de Raadt"  ha scritto:
> >
> > >So it looks like that, till some months ago, everybody here was on the
> > >wrong OS and risking their lives, as lynx was in base!
> >
> > Such hyperbole!  Such drama!
> >
> > Impressive.
> >
> > If you don't like our software, there are other options out there for
> > you to use.  In the end, it is our software, and we get to make our own
> > choices.
> >
> > That is fair.  People who get to make choices, tend to care, and tend to
> > try to make things better for themselves and everyone, according to a
> > narrow definition, but there you have it.  No hyperbole or drama needed.
> >
> > You can run something else, Sir.

Re: lynx is gone?

[Theo de Raadt]

>On Thu, Mar 05, 2015 at 08:24:47PM GMT, Theo de Raadt wrote:
>> >Ingo,
>> >
>> >On Mar 05 18:11:31, schwa...@usta.de wrote:
>> >> By the way, lynx(1) removal doesn't really hurt that much.
>> >> Rotten code that will hurt more when it will finally be deleted
>> >> includes, for example, the sqlite3(1) library and file(1).
>> >
>> >can you please elaborate on what's rotten in sqlite?
>> 
>> Jan, can you please start from the other end, and provide evidence
>> that the code is of the highest possible quality?
>
>Hi Theo,
>
>Based on the above, Jan hadn't made any such claims so no evidence is
>required. He only asked Ingo to support *his* claim - more info, for
>mere reference, if nothing else, would be greatly appreciated. :^)

Please run something else.  You'll be happier.  Really.  You don't
need code-fussy people around you.

Re: lynx is gone?

[Paolo Aglialoro]

Dear Theo,

I respect you as a person and I respect your work.

This said, I can also tell you that, after a few years reading misc@, there
is still one thing that I do not understand about your "colourful" answers
to several mails.

Not all the people who run obsd can, for various personal reasons of their
own, contribute as a coder. But they still can contribute as users,
reporting problems or making suggestions. This does not necessarily mean
they "order" you what to do or not to do, don't take it personally. They
just love to run obsd, so they try to do their best. My grandpa taught me
that when people don't tell you things it's because they just don't care
anymore.

With their detailed answers, for instance, Stuart, Giancarlo and Ingo
showed attention to my problem as a user, analyzing things just on a
logical viewpoint. I perfectly accept their polite way of answering.

Here nobody was making making a wishlist for obsd like "I want zfs, xfs,
ext4, pf multicore, etc.". The point is that here, often, the moment you
got used to a tool, the day after it's gone/modified. This creates
frustration in the average user, like me.

Of course we're still a pkg_add away but, hey, isn't denying to consider
that most people will keep using that tool a contradiction? Yes, base will
be pure and safe, but at the same time it will diminish functionality,
depending more and more from packages.

This said, this is your OS, delete everything you like!

Just be respectful, please.

Il 05/mar/2015 21:43 "Theo de Raadt"  ha scritto:
>
> >So it looks like that, till some months ago, everybody here was on the
> >wrong OS and risking their lives, as lynx was in base!
>
> Such hyperbole!  Such drama!
>
> Impressive.
>
> If you don't like our software, there are other options out there for
> you to use.  In the end, it is our software, and we get to make our own
> choices.
>
> That is fair.  People who get to make choices, tend to care, and tend to
> try to make things better for themselves and everyone, according to a
> narrow definition, but there you have it.  No hyperbole or drama needed.
>
> You can run something else, Sir.

Re: lynx is gone?

[Mihai Popescu]

> It's not like this wasn't discussed previously. At length.
> http://marc.info/?t=14050482952&r=1&w=2

Wow! And I thought the whole fun is on misc@ only. It looks like some
folks are ready to quit using and OS because of some software location
(base or packages).
The irony is lynx is also an extinct animal called "smile" in my country.

wsconsctl illusive ThinkPad Print keycode

[Toby Slight]

Hi there,

I'm trying to remap the Print key to be Control_R, via wsconsctl, on one of the
new fangled chicklet ThinkPad(X230) keyboards. Print is now in the spot Menu
used to be (which was nice and easy to remap with "keysym Menu = Control_R").

However, I cannot, for the life of me, work out what the keycode is for this
key, and wsconsctl doesn't seem to support showing keycodes like xev does or
showkey does on the Linux tty, although I did find this old thread:

https://marc.info/?l=openbsd-tech&m=132794198221403&w=2

which led me to believe that it once did. Was this flag(-r) removed? Or am I
just being really stupid? I tend towards the latter! If so, does anyone happen
to know what the keycode is for this pesky key? I've tried all the keycodes
that seemed likely from doing:

$ wsconsctl keyboard.map | less

but to no avail. There are a couple of keycodes with the keysym Print_Screen
which I tried remapping with both:

$ wsconsctl keyboard.map+="keycode 170 = Control_R"
$ wsconsctl keyboard.map+="keycode 183 = Control_R"

but as with all the other keys I tried, the Print key remained stubbornly
useless.

Here are the results of wsconsctl keyboard.map with my kbd of choice -
uk.metaesc, in case that might be of any use:

keyboard.map=
keycode 1 = Cmd_Debugger Escape
keycode 2 = 1 exclam plusminus exclamdown
keycode 3 = 2 quotedbl twosuperior cent
keycode 4 = 3 sterling threesuperior threesuperior
keycode 5 = 4 dollar acute currency
keycode 6 = 5 percent mu yen
keycode 7 = 6 asciicircum paragraph paragraph
keycode 8 = 7 ampersand periodcentered brokenbar
keycode 9 = 8 asterisk cedilla ordfeminine
keycode 10 = 9 parenleft onesuperior diaeresis
keycode 11 = 0 parenright masculine copyright
keycode 12 = minus underscore hyphen ssharp
keycode 13 = equal plus onehalf guillemotleft
keycode 14 = Cmd_ResetEmul Delete
keycode 15 = Tab
keycode 16 = q Q
keycode 17 = w W
keycode 18 = e E
keycode 19 = r R
keycode 20 = t T
keycode 21 = y Y
keycode 22 = u U
keycode 23 = i I
keycode 24 = o O
keycode 25 = p P
keycode 26 = bracketleft braceleft
keycode 27 = bracketright braceright
keycode 28 = Return
keycode 29 = Cmd1 Control_L
keycode 30 = a A
keycode 31 = s S
keycode 32 = d D
keycode 33 = f F
keycode 34 = g G
keycode 35 = h H
keycode 36 = j J
keycode 37 = k K
keycode 38 = l L
keycode 39 = semicolon colon
keycode 40 = apostrophe at section Agrave
keycode 41 = grave grave agrave agrave
keycode 42 = Shift_L
keycode 43 = numbersign asciitilde sterling thorn
keycode 44 = z Z
keycode 45 = x X
keycode 46 = c C
keycode 47 = v V
keycode 48 = b B
keycode 49 = n N
keycode 50 = m M
keycode 51 = comma less
keycode 52 = period greater
keycode 53 = slash question
keycode 54 = Shift_R
keycode 55 = KP_Multiply
keycode 56 = Cmd2 Alt_L
keycode 57 = space
keycode 58 = Caps_Lock
keycode 59 = Cmd_Screen0 f1 F1
keycode 60 = Cmd_Screen1 f2 F2
keycode 61 = Cmd_Screen2 f3 F3
keycode 62 = Cmd_Screen3 f4 F4
keycode 63 = Cmd_Screen4 f5 F5
keycode 64 = Cmd_Screen5 f6 F6
keycode 65 = Cmd_Screen6 f7 F7
keycode 66 = Cmd_Screen7 f8 F8
keycode 67 = Cmd_Screen8 f9 F9
keycode 68 = Cmd_Screen9 f10 F10
keycode 69 = Num_Lock
keycode 70 = Hold_Screen
keycode 71 = KP_Home KP_7
keycode 72 = KP_Up KP_8
keycode 73 = KP_Prior KP_9
keycode 74 = KP_Subtract
keycode 75 = KP_Left KP_4
keycode 76 = KP_Begin KP_5
keycode 77 = KP_Right KP_6
keycode 78 = KP_Add
keycode 79 = KP_End KP_1
keycode 80 = KP_Down KP_2
keycode 81 = KP_Next KP_3
keycode 82 = KP_Insert KP_0
keycode 83 = KP_Delete KP_Decimal
keycode 86 = backslash bar Udiaeresis Udiaeresis
keycode 87 = Cmd_Screen10 f11 F11
keycode 88 = Cmd_Screen11 f12 F12
keycode 91 = f13 F13
keycode 92 = f14 F14
keycode 93 = f15 F15
keycode 99 = f16 F16
keycode 100 = f17 F17
keycode 101 = f18 F18
keycode 102 = f19 F19
keycode 103 = f20 F20
keycode 104 = f21
keycode 105 = f22
keycode 106 = f23
keycode 107 = f24
keycode 127 = Pause
keycode 156 = KP_Enter
keycode 157 = Cmd1 Control_R
keycode 160 = AudioMute
keycode 170 = Print_Screen
keycode 174 = AudioLower
keycode 176 = AudioRaise
keycode 181 = KP_Divide
keycode 183 = Print_Screen
keycode 184 = Cmd2 Alt_R Multi_key
keycode 199 = Home
keycode 200 = Up
keycode 201 = Cmd_ScrollBack Prior
keycode 203 = Left
keycode 205 = Right
keycode 207 = End
keycode 208 = Down
keycode 209 = Cmd_ScrollFwd Next
keycode 210 = Insert
keycode 211 = Cmd_KbdReset KP_Delete
keycode 219 = Meta_L
keycode 220 = Meta_R
keycode 221 = Menu

dmesg:

OpenBSD 5.7-beta (GENERIC.MP) #869: Sun Mar  1 02:26:37 MST 2015
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8237064192 (7855MB)
avail mem = 8013877248 (7642MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9c000 (68 entries)
bios0: vendor LENOVO version "G1ETA6WW (2.66 )" date 08/19/2014
bios0: LENOVO 2349VFV
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! 
UEFI UEFI POAT SSDT SSDT UEFI DBG

Re: lynx is gone?

[Raf Czlonka]

On Thu, Mar 05, 2015 at 08:24:47PM GMT, Theo de Raadt wrote:
> >Ingo,
> >
> >On Mar 05 18:11:31, schwa...@usta.de wrote:
> >> By the way, lynx(1) removal doesn't really hurt that much.
> >> Rotten code that will hurt more when it will finally be deleted
> >> includes, for example, the sqlite3(1) library and file(1).
> >
> >can you please elaborate on what's rotten in sqlite?
> 
> Jan, can you please start from the other end, and provide evidence
> that the code is of the highest possible quality?

Hi Theo,

Based on the above, Jan hadn't made any such claims so no evidence is
required. He only asked Ingo to support *his* claim - more info, for
mere reference, if nothing else, would be greatly appreciated. :^)

Cheers,

Raf

Re: httpd + dokuwiki or mailman

[agrquinonez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 03/05/2015 12:14 PM, Michael wrote:
> I run dokuwiki on httpd with php-fpm.
> 
> I did an: cd /var/www/htdocs && ln -s ../../dokuwiki doku The
> config in /etc/examples will work ok if you adjust the root
> directive. You will need to open the full name via your browser, as
> in my setup http://127.0.0.1/doku/doku.php as you will get an error
> otherwise.
> 

Thanks to respond.

Yes, but i do not have, and i do not want a browser in the server;
then i tried /var/www/htdocs/dokuwiki/install.php with:

ln -sf /var/www/htdocs/dokuwiki /var/www/dokuwiki

and:

location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}

After that, i tried from an external machine:

www.my_server.org/dokuwiki/install.php

What is wrong with it?

Is it what you mean?
# A name-based "virtual" server on the same address
server "dokuwiki" {
listen on $ext_addr port 80
root "/dokuwiki"
}
iQEcBAEBAgAGBQJU+MVEAAoJEKbsEnZGVkUMx38IAJf8dr8nZ5NPxCLVtebSIcHt
hRnMwtVEs1t3/COkGuH10tgs2qzsmvL78/gnnDeM5O6xVAVLARAjA0pCXvgGudd3
45K0GnpJCLR6cx0e6OTpSijwxYa1rPmI8fe4alq4wWT6cyJ1f+p7WgyfU+VkDLZp
e2oaxRehy4DDunAPhj4TH8uQg5PMcATXKWHjq86Ip7NV04e5zLasgOZNWN9c2Wcb
bGhCYpWFbp1KdLUBlODShdrbHGvzrNTJ8SFCwsr5xoGjG50iEcCorC/OD3019iag
blVgOk2fZeohXsU4oqTNQpSNROPRlqTDR0FdeAIXFJb6maeC3WtrkdRnxvBiObM=
=o7Dj
-END PGP SIGNATURE-

Re: lynx is gone?

[Theo de Raadt]

On Thu, Mar 05, 2015 at 06:52:20PM +0100, Marc Espie wrote:
> > On Thu, Mar 05, 2015 at 06:11:31PM +0100, Ingo Schwarze wrote:
> > > By the way, lynx(1) removal doesn't really hurt that much.
> > > Rotten code that will hurt more when it will finally be deleted
> > > includes, for example, the sqlite3(1) library and file(1).
> > 
> > re: sqlite, the code doesn't follow our guidelines, but it's not that 
> > badly rotten.  I've played with it a bit, and as long as you use it for
> > what it's meant (sql), it's pretty sturdy.

> I concur. And the sqlite devs are also reacting quickly to bug reports.
> The very few times new sqlite releases caused a regression in SVN the
> problem was fixed promptly.
> http://article.gmane.org/gmane.comp.db.sqlite.general/66248
> http://www.sqlite.org/src/info/4c86b126f2

Reactive is not the same as proactive.

The code uses risk-prone idioms.

Re: lynx is gone?

[Theo de Raadt]

>So it looks like that, till some months ago, everybody here was on the
>wrong OS and risking their lives, as lynx was in base!

Such hyperbole!  Such drama!

Impressive.

If you don't like our software, there are other options out there for
you to use.  In the end, it is our software, and we get to make our own
choices.

That is fair.  People who get to make choices, tend to care, and tend to
try to make things better for themselves and everyone, according to a
narrow definition, but there you have it.  No hyperbole or drama needed.

You can run something else, Sir.

Re: lynx is gone?

[Theo de Raadt]

>Ingo,
>
>On Mar 05 18:11:31, schwa...@usta.de wrote:
>> By the way, lynx(1) removal doesn't really hurt that much.
>> Rotten code that will hurt more when it will finally be deleted
>> includes, for example, the sqlite3(1) library and file(1).
>
>can you please elaborate on what's rotten in sqlite?

Jan, can you please start from the other end, and provide evidence
that the code is of the highest possible quality?

Thank you.

Re: lynx is gone?

[Jan Stary]

Ingo,

On Mar 05 18:11:31, schwa...@usta.de wrote:
> By the way, lynx(1) removal doesn't really hurt that much.
> Rotten code that will hurt more when it will finally be deleted
> includes, for example, the sqlite3(1) library and file(1).

can you please elaborate on what's rotten in sqlite?

Jan

httpd + dokuwiki or mailman

[agrquinonez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello misc

OpenBSD 5.7-beta (GENERIC) #727: Sun Mar  1 02:30:38 MST 2015

I did an installation of Dokuwiki, i gave execution permit to
install.php and then i try to run install.php in the server
historia = dokuwiki. I tested too, with ln -sf from htdocs to historia
(dokuwiki).

first try:
# /var/www/dokuwiki

then:
i installed lynx, and tried to run it again.

from other machine, i used firefox and the file was only available to
open it with an editor or download it.

I tested many posibilities on the httpd.conf.

# $OpenBSD: httpd.conf,v 1.13 2014/12/28 13:55:22 reyk Exp $

#
# Macros
#
ext_addr="*"

#
# Global Options
#
# prefork 3

#
# Servers
#

# A minimal default server
server "default" {
listen on $ext_addr port 80
}

# A name-based "virtual" server on the same address
server "agronomos" {
listen on $ext_addr port 80
}

# A name-based "virtual" server on the same address
server "dokuwiki" {
listen on $ext_addr port 80
}

# Logging is enabled by default, but it can be turned off per
server
#no log

### location "/pub/*" {
### directory auto index
### log style combined
### }

### location "*.php" {
### fastcgi socket "/run/php-fpm.sock"
### }

### location "/cgi-bin/*" {
### fastcgi

# The /cgi-bin directory is outside of the document root
### root "/"
### }

### root "/htdocs/example.com"
###}

# An HTTPS server using SSL/TLS
###server "secure.example.com" {
### listen on 127.0.0.1 tls port 443

# Define server-specific log files relative to /logs
### log { access "secure-access.log", error "secure-error.log" }

# Increase connection limits to extend the lifetime
### connection { max requests 500, timeout 3600 }

### root "/htdocs/secure.example.com"
###}

# Another server on a different internal IPv4 address
###server "intranet.example.com" {
### listen on 10.0.0.1 port 80
### directory { auto index, index "default.htm" }
### root "/htdocs/internet.example.com"
###}

# An IPv6-based server on a non-standard port
###server "ipv6.example.com" {
### listen on 2001:db8::53f6:3eab port 81
### root "/htdocs/ipv6.example.com"
###}

# Include MIME types instead of the built-in ones
types {
include "/usr/share/misc/mime.types"
}

I am curious, how is expected to run install.php; i have done it few
times before with apache and nginx, but i can not figure it out whit
httpd. I am in need to do it from other computer, via ssh or directly
from firefox.

Thanks for your attention, and a really great OS.

agrquinonez
PS:
My next step is to install mailman!
iQEcBAEBAgAGBQJU+LSeAAoJEKbsEnZGVkUMelIH/R0B5xePjHVA5NkgFbXj1kix
urRUwhg8J3zSg8hlR+Ohf0tlu6yCL0kDk0X4AwvcBygrs6cOCXlwuDm0QLHFS7HJ
mZdLFDel9VOpAFwAwgLvJ+e23asYcuDuJ/mJkLXHW7Bppb8fs8F+gFwDdnogB2k3
sTCAVEqXILl2YzDlnoGvkzHxAs4u6ucVgFq82mmhDPzkk1T5ad1RyHpv6GMeOfn+
8jSy4mt13t8aXM7BFNi+iijohPabpS3q4kxOZp55DMS74sKA3TJqgvzE76jnkU0K
9spDIfC3jgu8m14WMXKPtRQyohAWMkbKXoWFQPXqGdPRZncTJzZ+/oJWNhthsec=
=SSOd
-END PGP SIGNATURE-

Re: lynx is gone?

[Ted Unangst]

Paolo Aglialoro wrote:

> So it looks like that, till some months ago, everybody here was on the
> wrong OS and risking their lives, as lynx was in base! But I have never

It's not like this wasn't discussed previously. At length.

http://marc.info/?t=14050482952&r=1&w=2

Re: lynx is gone?

[Giancarlo Razzolini]

On 05-03-2015 13:20, Paolo Aglialoro wrote:
> I perfectly agree with you, both on fun and curiosity.
>
> Nevertheless, not all the times we have got time enough "to have fun
> netcatting servers". More than often u just have to go straight to the
> point.

But before you can get to the point, someone (hopefully) looked under
the hood for you.

>  Btw, try these with (net)cat:
>
> $ lynx saveddocument.html
> $ pdftohtml -stdout -i manual.pdf | lynx -stdin

As I mentioned, "for the task the OP mentioned". Of course netcat does
not replace a browser.

> Actually it does on a user viewpoint: a server daemon is up 24/7 while a
> client is activated by the user. For the server, insecurity comes mainly
> from its own flaws, for the client danger does not mainly come from the
> tool itself (unless it's a totally hopeless sw) but from the *potentially*
> silly utilization which is done by the user.

You forget that programs bring along libraries and other potentially
nasty stuff when ran. lynx had support for a lot of protocols besides
http. Take a look at the tech@ thread from last year that prompted it's
removal.

> So it looks like that, till some months ago, everybody here was on the
> wrong OS and risking their lives, as lynx was in base! But I have never
> read here about anybody who had his system compromised because of poor
> lynx. So, right now, this deletion reflects more a "what if" worry than a
> real threat, i.e. lynx <> shellshock.

Many of OpenBSD security features are based on " what if". That does not
mean that in the future, the "what if", can't become a real threat. The
mentality of the OpenBSD devs is in the right place. They try hard to
make a OS that try to don't allow you to shoot yourself in the face.
Even if that means removing software that might (or not) pose a threat
to you in any point in the future.

Cheers,
Giancarlo Razzolini

Re: slow to no throughout on ral

[Stefan Sperling]

On Thu, Mar 05, 2015 at 08:48:49PM +0200, Lars Nooden wrote:
> Would a weak or dying power supply 
> also affect the throughput on the wireless?

It is a possibility. But only you can verify this theory.

I've seen it happen with other devices:
http://hofmeyr.de/PoE%20power%20fix%20for%20NanoStationM2/

Re: slow to no throughout on ral

[Lars Nooden]

On Wed, 4 Mar 2015, Stefan Sperling wrote:
> On Wed, Mar 04, 2015 at 05:06:57PM +0200, Lars Nooden wrote:
> > The only other strange symptom is that the machine locks up hard every 
> > week or two requiring a powercycle or hardware reset to restart.  I can 
> > find nothing in the logs anywhere near the time of the lock ups.  The main 
> > board runs at about 60 deg, according to systat, and the other card an 
> > ADSL card runs at about 80 deg, so I don't think it is temperature.
> > 
> > What should I be looking at?
> 
> Sounds like your soekris power adapter is dying.
> 
> Earlier discussion:
> http://marc.info/?l=openbsd-misc&m=139574811317516&w=2
> http://marc.info/?l=openbsd-misc&m=139577725328950&w=2

Thanks.  I'll investigate that route.  Would a weak or dying power supply 
also affect the throughput on the wireless?

Regards,
/Lars

Re: lynx is gone?

[Halim Srama]

> $ pdftohtml -stdout -i manual.pdf | lynx -stdin

I do that all the time. ;-)

I see no problem with it being removed from base though. Its just a pkg_add
away.

Re: lynx is gone?

[Stefan Sperling]

On Thu, Mar 05, 2015 at 06:52:20PM +0100, Marc Espie wrote:
> On Thu, Mar 05, 2015 at 06:11:31PM +0100, Ingo Schwarze wrote:
> > By the way, lynx(1) removal doesn't really hurt that much.
> > Rotten code that will hurt more when it will finally be deleted
> > includes, for example, the sqlite3(1) library and file(1).
> 
> re: sqlite, the code doesn't follow our guidelines, but it's not that 
> badly rotten.  I've played with it a bit, and as long as you use it for
> what it's meant (sql), it's pretty sturdy.

I concur. And the sqlite devs are also reacting quickly to bug reports.
The very few times new sqlite releases caused a regression in SVN the
problem was fixed promptly.
http://article.gmane.org/gmane.comp.db.sqlite.general/66248
http://www.sqlite.org/src/info/4c86b126f2

Re: lynx is gone?

[Marc Espie]

On Thu, Mar 05, 2015 at 06:11:31PM +0100, Ingo Schwarze wrote:
> By the way, lynx(1) removal doesn't really hurt that much.
> Rotten code that will hurt more when it will finally be deleted
> includes, for example, the sqlite3(1) library and file(1).

re: sqlite, the code doesn't follow our guidelines, but it's not that 
badly rotten.  I've played with it a bit, and as long as you use it for
what it's meant (sql), it's pretty sturdy.

Re: Audio probles like, slow response in applications that use audio

[Henrique Lengler]

On Thu, Mar 05, 2015 at 03:59:37PM +0100, Dmitrij D. Czarkoff wrote:
Hi, Dimitrij, I am using some software from your port (ratox).

> If the performance issue depends on video resolution, most likely you
> experience problems with hardware graphics acceleration.
To me looks like the audio is causing lag on video, since, the problem
happens with cmus too.

> Do other GStreamer-based programs play the same videos fine?  What about
> non-Gstreamer software, eg. ffplay from ffmpeg?
As I said, ffplay is the only one I found that works well, when using it, I 
see no lag, even with HD videos.

On Thu, Mar 05, 2015 at 01:45:57PM +0100, Alexandre Ratchov wrote:
> Let's first fix system-related audio problems (as programs depend
> on it). Once we're sure audio works well, then we can try to debug
> browsers which are known to not work well yet in all cases.
> 
> mplayer is known to work; it has a small lag (iirc, less than
> 500ms, depends on the setup) which is somewhat acceptable. Could
> you confirm at least this works on -current as expected?

No, still the same thing. mplayer, cmus and html5 video in any browser 
(firefox, chromium, webkitbased), are with lag in my system.
Also please remeber that the audio is synchronized, the lag is when I want 
to advance the video.

-- 
Regards

Henrique Lengler 

Re: lynx is gone?

[patric conant]

On Thu, Mar 5, 2015 at 11:11 AM, Ingo Schwarze  wrote:

> Hi Paolo,
>
> Paolo Aglialoro wrote on Thu, Mar 05, 2015 at 05:20:51PM +0100:
>
> > So it looks like that, till some months ago, everybody here was
> > on the wrong OS and risking their lives, as lynx was in base!
>
> That's a fallacy so common that it's worth calling out.
>
> An operating system is not a religion:  Created perfect by God
> herself ere the Dawn of Time and since conserved untainted by Her
> faithful and diligent followers.
>
> OpenBSD inherits from 4.3BSD-Reno and 4.4BSD-Lite2 via 386BSD and
> NetBSD-1.0.  The CSRG BSD code was good code by 1990 standards, is
> not so good any longer by 2015 standards, and much third-party stuff
> of lesser quality had to be included simply because nothing better
> was freely available at the time, or even available at all.
>
> We keep improving the code, you know, one (intentional!) side effect
> being that the bar of what is deemed good enough is constantly
> rising.  Most often, when something is no longer good enough,
> somebody cares enough to write a better replacement, though nobody
> is obliged to do that work and nobody is entitled to request it.
>
> Sometimes, stuff has already rotten for too long before patience
> finally runs out, and still no one cares enough to write the
> replacement.  If the system is still deemed usable without it,
> it may get deleted outright, even if that hurts a bit.
>
> If it hurts you, take that as an incentive to write the replacement.
>
> Yours,
>   Ingo
>
>
> P.S.
> By the way, lynx(1) removal doesn't really hurt that much.
> Rotten code that will hurt more when it will finally be deleted
> includes, for example, the sqlite3(1) library and file(1).
>
> Maintaining file might be a good enough reason for me to learn C and
contribute. file is pretty high on my list of must-have's.

Re: lynx is gone?

[Ingo Schwarze]

Hi Paolo,

Paolo Aglialoro wrote on Thu, Mar 05, 2015 at 05:20:51PM +0100:

> So it looks like that, till some months ago, everybody here was
> on the wrong OS and risking their lives, as lynx was in base!

That's a fallacy so common that it's worth calling out.

An operating system is not a religion:  Created perfect by God
herself ere the Dawn of Time and since conserved untainted by Her
faithful and diligent followers.

OpenBSD inherits from 4.3BSD-Reno and 4.4BSD-Lite2 via 386BSD and
NetBSD-1.0.  The CSRG BSD code was good code by 1990 standards, is
not so good any longer by 2015 standards, and much third-party stuff
of lesser quality had to be included simply because nothing better
was freely available at the time, or even available at all.

We keep improving the code, you know, one (intentional!) side effect
being that the bar of what is deemed good enough is constantly
rising.  Most often, when something is no longer good enough,
somebody cares enough to write a better replacement, though nobody
is obliged to do that work and nobody is entitled to request it.

Sometimes, stuff has already rotten for too long before patience
finally runs out, and still no one cares enough to write the
replacement.  If the system is still deemed usable without it,
it may get deleted outright, even if that hurts a bit.

If it hurts you, take that as an incentive to write the replacement.

Yours,
  Ingo


P.S.
By the way, lynx(1) removal doesn't really hurt that much.
Rotten code that will hurt more when it will finally be deleted
includes, for example, the sqlite3(1) library and file(1).

Re: OpenBSD Foundation GSOC 2015

[Jan Stary]

On Mar 04 09:32:34, kwesterb...@gmail.com wrote:
> The OpenBSD Foundation is pleased to announce that we have been
> accepted as a mentoring organization for Google Summer of Code 2015.

Is there please some survey of what parts of the 2014 GSOC
ebentually went into the OpenBSD tree?

The Foundation page http://www.openbsdfoundation.org/gsoc2014.html
describes the proposed projects, and the GSOC 2014 page
provides the resulting code, such as

https://www.google-melange.com/gsoc/project/details/google/gsoc2014/gduchene/5717271485874176
https://www.google-melange.com/gsoc/project/details/google/gsoc2014/mmu/5639274879778816
https://www.google-melange.com/gsoc/project/details/google/gsoc2014/pelikan/5649050225344512

Is any of that in base now? The reason I am asking is that
for the parts that are not, people might be interested
in finishing it (whether as GSOC or not).

Thank you

Jan

Re: lynx is gone?

[Paolo Aglialoro]

Il 05/mar/2015 14:34 "Giancarlo Razzolini"  ha
scritto:
>
> But it's so fun man! If people looked under the hood more often, we
wouldn't had the bug nightmare that was these past years. Heartbleed,
ghost, shellshock, etc.

I perfectly agree with you, both on fun and curiosity.

Nevertheless, not all the times we have got time enough "to have fun
netcatting servers". More than often u just have to go straight to the
point. Btw, try these with (net)cat:

$ lynx saveddocument.html
$ pdftohtml -stdout -i manual.pdf | lynx -stdin

> lynx removal does not compare to this.

Actually it does on a user viewpoint: a server daemon is up 24/7 while a
client is activated by the user. For the server, insecurity comes mainly
from its own flaws, for the client danger does not mainly come from the
tool itself (unless it's a totally hopeless sw) but from the *potentially*
silly utilization which is done by the user.


> Then you're on the wrong Operating System. OpenBSD is secure by default.
If lynx had the tiniest chance of compromising your system, then I'm glad
it's gone.

So it looks like that, till some months ago, everybody here was on the
wrong OS and risking their lives, as lynx was in base! But I have never
read here about anybody who had his system compromised because of poor
lynx. So, right now, this deletion reflects more a "what if" worry than a
real threat, i.e. lynx <> shellshock.

Re: lynx is gone?

[Kevin Chadwick]

> > And, just for the records, I bet that 99% of use of lynx is just sysadmin
> > stuff on CLI systems  

The reason I install lynx from ports is simpy because it opens the
packages directory in seconds rather than 10s of seconds compared to
even xombrero which is quicker that firefox or chrome.

Having seen people browse the web on exchange servers I'm quite happy
for it to be gone from base as it simply saves me from ever
needing to chmod 000 it on servers.

Re: Audio probles like, slow response in applications that use audio

[Dmitrij D. Czarkoff]

Henrique Lengler said:
> I tried some browsers like (firefox, midori and chromium), and they get
> really slow when I am watching a html5 video, and it freezes all the
> time if the video is in HD.

If the performance issue depends on video resolution, most likely you
experience problems with hardware graphics acceleration.

Do other GStreamer-based programs play the same videos fine?  What about
non-Gstreamer software, eg. ffplay from ffmpeg?

-- 
Dmitrij D. Czarkoff

Re: disabled voice and video in Pidgin?

[Alan Corey]

I've been working for months on 5.6 to clone, by dialup it's slow. I
only upgrade every few years.  Going to 1 TB drives.

I'm ab1jx on devio btw.

On 3/5/15, Jiri B  wrote:
> On Thu, Mar 05, 2015 at 03:49:33AM -0500, Alan Corey wrote:
>> This is under OpenBSD 5.2.  I built pidgin from ports, it worked, I
>> decided I want sound so I removed it and libpurple, set FLAVOR to
>> audio.  It built libpurple-audio and pidgin-audio and installed them
>> but when I go into Help -> Build Information it says audio and video
>> are disabled.  Why?
>
> ...and nobody would care about 5.2 here, time to upgrade?
>
> j.
>


-- 
Credit is the root of all evil.  - AB1JX

Re: pkg_add failure in March 1 snapshot

[Marc Espie]

On Wed, Mar 04, 2015 at 06:04:14PM +0100, Dmitrij D. Czarkoff wrote:
> Marc Espie said:
> > > I believe this is reported when $PKG_TMPDIR isn't writable.
> > 
> > Definitely looks like somebody had fun with his /var/tmp <-> /tmp change... 
> > :p
> 
> Not me.  I didn't even touch either directory neither before nor after
> the breakage.
> 
Whatever, the errors don't lie. It's obviously not being able to create
a tempdir in there...

Re: lynx is gone?

[Giancarlo Razzolini]

On 04-03-2015 20:30, Paolo Aglialoro wrote:

>
> Using netcat or ftp to browse the web/intranet/localhost in the 3rd
> millennium is like eating a steak with a spoon.

But it's so fun man! If people looked under the hood more often, we
wouldn't had the bug nightmare that was these past years. Heartbleed,
ghost, shellshock, etc.

Konsole output
~# nc -vvv www.openbsd.org 80
Connection to www.openbsd.org 80 port [tcp/www] succeeded!
GET / HTTP/1.1
Host: www.openbsd.org

HTTP/1.1 200 OK
Date: Thu, 05 Mar 2015 13:28:54 GMT
Server: Apache
Last-Modified: Wed, 19 Nov 2014 17:29:26 GMT
ETag: "84c3c06e225fcffbdd723847e25fa29b1586fbe2"
Accept-Ranges: bytes
Content-Length: 4871
Content-Type: text/html


>
> It's the same logic of leaving open root ssh access with pw=password:
> nothing can stop a stupid misuse of things. But this is not a good reason
> to delete ssh.

lynx removal does not compare to this. It was removed based solely on
technical merits. That, and the fact that no OpenBSD dev would spare
time to fix it.

>
> And, just for the records, I bet that 99% of use of lynx is just sysadmin
> stuff on CLI systems, for the rest (the dangerous horrid scary world...)
> there are X clients with Firefox. Who's going to warez sites with lynx? Of
> course we're all a pkg_add away, but that is not the point.

I didn't got your point.

>
> Security is a damn good thing.
> Excesses not.

Then you're on the wrong Operating System. OpenBSD is secure by default.
If lynx had the tiniest chance of compromising your system, then I'm
glad it's gone.

Cheers,
Giancarlo Razzolini

Re: Audio probles like, slow response in applications that use audio

[Alexandre Ratchov]

On Wed, Mar 04, 2015 at 06:59:43PM -0300, Henrique Lengler wrote:
> Hi,
> 
> Updating the situation, I already used -stable, and I am using now
> -current, and still the problem.
> I tried some browsers like (firefox, midori and chromium), and they get
> really slow when I am watching a html5 video, and it freezes all the
> time if the video is in HD.
> 
> Here is almost all the problem
> information:http://marc.info/?l=openbsd-misc&m=142385651303855&w=2 

Let's first fix system-related audio problems (as programs depend
on it). Once we're sure audio works well, then we can try to debug
browsers which are known to not work well yet in all cases.

mplayer is known to work; it has a small lag (iirc, less than
500ms, depends on the setup) which is somewhat acceptable. Could
you confirm at least this works on -current as expected?

Re: disabled voice and video in Pidgin?

[Stuart Henderson]

On 2015-03-05, Alan Corey  wrote:
> This is under OpenBSD 5.2.  I built pidgin from ports, it worked, I
> decided I want sound so I removed it and libpurple, set FLAVOR to
> audio.  It built libpurple-audio and pidgin-audio and installed them
> but when I go into Help -> Build Information it says audio and video
> are disabled.  Why?

Probably the "--disable-vv" in CONFIGURE_ARGS.

Please switch to ports@ if following up.

Re: panic due to bridge mem address conflict on IBM x3650M4 server

[Mihai Popescu]

> Get a serial cable and grab your dmesg and error message.
> Failing that, hand-transcribe at least enough to let us know you really
> care enough to get our attention.

Another IBM twist & shout hardware workout, maybe?
I have a model from them and USB devices are visible if plugged in at
boot time only. The BIOS can't see a device when you plug it it after
that. Why? Ask IBM.
Anyway, better to change the hardware than have someone busy with
undisclosed hardware specifications.

Re: disk change-out and packages

[Craig Skinner]

On 2015-03-05 Thu 11:38 AM |, Peter N. M. Hansteen wrote:
> 
> It would be rather interesting to see the results of equivalent tests 
> performed 
> today, with modern systems.
> 

Yes. Until a new paper comes out, go for a dump!

Where possible, unmount partitions before dumping &
dump the RAW character device:

$ ls -l /dev/sd4h /dev/rsd4h
crw-r-  1 root  operator   13,  71 Jan 22 11:31 /dev/rsd4h
brw-r-  1 root  operator4,  71 Jan 22 11:31 /dev/sd4h

Note that operator's home is /operator (not /home/operator)
so /home can be sudo unmounted by operator for dumping,
with ssh keys & other dot files still available.


-- 
Glasgow University has great Scottish balls with live folk music:
https://twitter.com/Craig_Skinner/status/573437436119912448
Programme (diagrams/text): http://my.strathspey.org/dd/list/4012/

Re: disk change-out and packages

[Janne Johansson]

For backup software, I usually make a program or script to make all 64k
(minus a few) combination of two-byte-filenames in a dir, then ask for a
backup and later a restore of it. Surprising results when backup programs
decide that certain combinations of bytes are "illegal" and won't back them
up for you, when they in reality are valid unix file names.

Most of the time I guess they know "Our gui will have a hard time painting
the creative chars needed in a certain way". Or just malice.


2015-03-05 11:38 GMT+01:00 Peter N. M. Hansteen :

> On Thu, Mar 05, 2015 at 10:12:09AM +, Craig Skinner wrote:
> > 18.10.7 Which Backup Program Is Best?
> > dump(8) Period. Elizabeth D. Zwicky torture tested all the backup
> > programs discussed here. The clear choice for preserving all your data
> > and all the peculiarities of UNIX file systems is dump. Elizabeth
> > created file systems containing a large variety of unusual conditions
> > (and some not so unusual ones) and tested each program by doing a backup
> > and restore of those file systems. The peculiarities included: files
> > with holes, files with holes and a block of nulls, files with funny
> > characters in their names, unreadable and unwritable files, devices,
> > files that change size during the backup, files that are created/deleted
> > during the backup and more.
>
> It would be rather interesting to see the results of equivalent tests
> performed
> today, with modern systems.
>
> For one thing, the possible set of 'funny' characters in file names have
> expanded quite a bit since 1991, and $DEITY only knows what new and
> exciting
> file system bugs have been introduced with the various newer file systems
> on Linuxes, Solaris and others.
>
> But the paper is still a very good read.
>
> - P
>
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>
>


-- 
May the most significant bit of your life be positive.

Re: disk change-out and packages

[Peter N. M. Hansteen]

On Thu, Mar 05, 2015 at 10:12:09AM +, Craig Skinner wrote:
> 18.10.7 Which Backup Program Is Best?
> dump(8) Period. Elizabeth D. Zwicky torture tested all the backup
> programs discussed here. The clear choice for preserving all your data
> and all the peculiarities of UNIX file systems is dump. Elizabeth
> created file systems containing a large variety of unusual conditions
> (and some not so unusual ones) and tested each program by doing a backup
> and restore of those file systems. The peculiarities included: files
> with holes, files with holes and a block of nulls, files with funny
> characters in their names, unreadable and unwritable files, devices,
> files that change size during the backup, files that are created/deleted
> during the backup and more.

It would be rather interesting to see the results of equivalent tests performed 
today, with modern systems.

For one thing, the possible set of 'funny' characters in file names have
expanded quite a bit since 1991, and $DEITY only knows what new and exciting
file system bugs have been introduced with the various newer file systems
on Linuxes, Solaris and others. 

But the paper is still a very good read.

- P 

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: disk change-out and packages

[Craig Skinner]

On 2015-03-04 Wed 07:22 AM |, Ed Ahlsen-Girard wrote:
> 
> I thought tar | tar would get everything.
> 

18.10.7 Which Backup Program Is Best?
dump(8) Period. Elizabeth D. Zwicky torture tested all the backup
programs discussed here. The clear choice for preserving all your data
and all the peculiarities of UNIX file systems is dump. Elizabeth
created file systems containing a large variety of unusual conditions
(and some not so unusual ones) and tested each program by doing a backup
and restore of those file systems. The peculiarities included: files
with holes, files with holes and a block of nulls, files with funny
characters in their names, unreadable and unwritable files, devices,
files that change size during the backup, files that are created/deleted
during the backup and more.

5.0 Conclusions
(Zwicky): These results are in most cases stunningly appalling.
dump comes out ahead, which is no great surprise.

Tools tested were: tar, gnutar, bar, cpio, pax, afio, fbackup, and bru.
Almost all backup utilities are based on these tools underneath. Others
use rsync, which is also not as reliable as dump as like the other
tools, it does not work with the raw binary data of an (unmounted) disk.

References:
http://archive-org.com/page/3589638/2014-01-25/http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/backup-basics.html
http://www.coredumps.de/doc/dump/zwicky/testdump.doc.html

-- 
Everybody's Free To Wear Sunscreen
http://youtu.be/sTJ7AzBIJoI

Re: disabled voice and video in Pidgin?

[Jiri B]

On Thu, Mar 05, 2015 at 03:49:33AM -0500, Alan Corey wrote:
> This is under OpenBSD 5.2.  I built pidgin from ports, it worked, I
> decided I want sound so I removed it and libpurple, set FLAVOR to
> audio.  It built libpurple-audio and pidgin-audio and installed them
> but when I go into Help -> Build Information it says audio and video
> are disabled.  Why?

...and nobody would care about 5.2 here, time to upgrade?

j.

disabled voice and video in Pidgin?

[Alan Corey]

This is under OpenBSD 5.2.  I built pidgin from ports, it worked, I
decided I want sound so I removed it and libpurple, set FLAVOR to
audio.  It built libpurple-audio and pidgin-audio and installed them
but when I go into Help -> Build Information it says audio and video
are disabled.  Why?

I have pulseaudio, portaudio (apparently not jack at the moment)
installed, maybe it needs some codec?  Is there some dependency that
the port didn't build?
Can there be something in ~/.purple from my old installation that's
turning it off?  Since it's listed under build information it seems
more serious than that.  Sound works in other things.


Pidgin 2.10.6 (libpurple 2.10.6)
4cfe697ea3ae39a4fb3dad8e3ed1c70855901095

Build Information
  Arguments to ./configure:   '--disable-avahi' '--disable-cap'
'--disable-doxygen' '--disable-farstream' '--disable-gevolution'
'--disable-gnutls' '--disable-nm' '--disable-nss' '--disable-perl'
'--disable-tcl' '--disable-tk' '--disable-vv'
'--with-python=/usr/local/bin/python2.7' '--disable-schemas-install'
'--disable-gtkspell'
'--with-gconf-schema-file-dir=/usr/local/share/schemas/pidgin'
'--prefix=/usr/local' '--sysconfdir=/etc' '--mandir=/usr/local/man'
'--infodir=/usr/local/info' '--localstatedir=/var'
'--disable-silent-rules' 'CC=cc' 'CFLAGS=-I/usr/local/include'
'LDFLAGS=-L/usr/local/lib' 'CPPFLAGS=-I/usr/local/include'
  Print debugging messages: No
  Plugins: Enabled
  SSL: SSL support is present.

  Library Support
Cyrus SASL: Disabled
D-Bus: Enabled
Evolution Addressbook: Disabled
Gadu-Gadu library (libgadu): Enabled
GtkSpell: Disabled
OpenSSL: Enabled
GnuTLS: Disabled
GStreamer: Enabled
Mono: Disabled
NetworkManager: Disabled
Network Security Services (NSS): Disabled
Perl: Disabled
Tcl: Disabled
Tk: Disabled
UTF-8 DNS (IDN): Enabled
Voice and Video: Disabled
X Session Management: Enabled
XScreenSaver: Enabled
Zephyr library (libzephyr): Internal
Zephyr uses Kerberos: No

-- 
Credit is the root of all evil.  - AB1JX

Re: lynx is gone?

[Stuart Henderson]

On 2015-03-04, Paolo Aglialoro  wrote:
> And, just for the records, I bet that 99% of use of lynx is just sysadmin
> stuff on CLI systems

And probably a lot of that is quickly checking something that you're
only doing directly on the machine for convenience. Something that you
might otherwise do on the system you're ssh'ing from, or on a phone/etc
which avoids the need to run any browser on what is potentially a
sensitive server.

And the remainder for things like lynx -dump in scripts where it can
easily be pkg_add'ed if needed. (hopefully these will run as a relatively
unprivileged user).

> for the rest (the dangerous horrid scary world...) there are X clients
> with Firefox. Who's going to warez sites with lynx?

You've never heard of webservers on technical topics being attacked and
serving malicious content?