Re: aucat problems
On Mon, Jul 27, 2015 at 04:47:56PM -0400, Stefan Berger wrote: Hi, i have some trouble, configuring my audio devices: I want to record with my internal microphone (Thinkpad x220i) or/and my headphones with aucat, but I can't configure it according to FAQ because the output from mixerctl is somehow, different. does playback work? assuping it does, if you run: aucat -o test.wav then speak to the microphone during 5 seconds, then hit ^C, then run: aucat -i test.wav what do you hear? could you post the output of mixerctl -v ?
Re: SPARC minimum hardware specification
On 2015-07-27, Christian Weisgerber na...@mips.inka.de wrote: We're hurtling towards the 5.8 release and, as usual, ports and packages on non-x86 platforms are in dire shape. If you want to put your money where your mouth is, take a look at recent build logs and start fixing some of those problems. http://build-failures.rhaalovely.net/ sparc64, powerpc, alpha, hppa, ... Yes, this requires skill and effort. Some of them probably don't require that much skill, just access to the machine arch and a little effort. Also look for BROKEN- in Makefiles. Unfortunately a lot of the errors in these build logs would just go away if the build was reattempted (Error: job failed 256) so it's hard to spot which ports have real problems from the directory indices.
Re: aucat problems
I found this http://archives.neohapsis.com/archives/openbsd/2010-12/0057.html but aucat seemed to have changed, at least for me, I can't follow the explanation. I am running a Thinkpad x220i and I am pretty sure that my microphone is supported but I tried a lot of different settings with mixerctl, I am not 'there' yet.. greetings.
Re: aucat problems
On Tue, Jul 28, 2015 at 04:28:31AM -0400, Stefan Berger wrote: On Tue, Jul 28, 2015 at 10:01:56AM +0200, Alexandre Ratchov wrote: On Mon, Jul 27, 2015 at 04:47:56PM -0400, Stefan Berger wrote: Hi, i have some trouble, configuring my audio devices: I want to record with my internal microphone (Thinkpad x220i) or/and my headphones with aucat, but I can't configure it according to FAQ because the output from mixerctl is somehow, different. does playback work? assuping it does, if you run: aucat -o test.wav I did that, but when I do the aucat -i test.wav command, then I can't hear anything. I also tried aucat -c 0:1 -o 1.wav -c 2:3 -o 2.wav -c 4:5 -o 3.wav For this to work, you've to restart sndiod with the following args -C 0:5 -c 0:3. But according to mixerctl, all 3 ADCs get their signal from mic2 so all 3 files would have the same content. but nothing for all three files. could you post the output of mixerctl -v ? here is my mixerctl -v output: First, try to crank all input gains: mixerctl record.volume=255 record.adc-0:1_source=mic2 [ sel sel2 mic2 mix ] record.adc-2:3_source=mic2 [ sel sel2 mic2 mix ] record.adc-4:5_source=mic2 [ sel sel2 mic2 mix ] inputs.sel_source=mic [ mic ] If it doesn't work, try to use the other mic: mixerctl record.adc-0:1_source=sel mixerctl record.adc-2:3_source=sel mixerctl record.adc-4:5_source=sel
Loading (libdlrpc.so) by SPIKE fuzzer?!
Hi all, I compile spike fuzzer https://www.immunitysec.com/downloads/SPIKE2.9.tgz file but when I execute that, it warning me to load libdlrpc.so firstly. I copy this library from its src folder to /usr/lib but now I get these error messages when running spike! # ./generic_send_tcp ./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local' ./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local' ./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local' . . . . . ./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local' argc=1 Usage: ./generic_send_tcp host port spike_script SKIPVAR SKIPSTR ./generic_send_tcp 192.168.1.100 701 something.spk 0 0 # How can I resolve this library errors? Or Where I must copied that libdlrpc.so? Thanks in advance. -- [image: See you on my WEB] http://933k.ir
doas, keepenv PATH segfault
Hi all On yesterday's amd64 -current (#1201), if PATH is added to the keepenv list in doas.conf, e.g. permit keepenv { ENV PATH PKG_PATH PS1 SSH_AUTH_SOCK } :wheel as root when attempting to run an inexistent command, doas segfaults instead of exiting with command not found and retval 1. I actually have no idea if keepenv PATH makes any sense, I just had a couple of scripts in ~/bin that require sudo/doas -- but even if its a stupid idea, segfaulting didn't seem right. Cheers Zé --
Re: doas.conf: omitting [as root] allows me to run a command as everybody? [resolved]
On Mon, Jul 27, 2015 at 10:44:00PM +0200, Alexander Hall wrote: On July 27, 2015 3:22:13 PM GMT+02:00, Theo Buehler t...@math.ethz.ch wrote: On Mon, Jul 27, 2015 at 03:13:55PM +0200, Marc Espie wrote: On Mon, Jul 27, 2015 at 02:40:53PM +0200, Theo Buehler wrote: So omitting [as identity] allows me to run as every user, not just as root? Is this intentional? I think it's intentional. It's definitely what I would expect [as identity] is a restrictive modifier. If you want to only be able to run as root, you write as root. Ok thanks, this makes sense, but it is not quite clear (to me) from the docs that this is a restrictive quantifier. The the bit I quoted from the man page on as target sais The default is root., not root and everybody else. (Sorry I should have written as target, not as identity in my mail) How would you phrase things if it wasn't the case ?.. As indicated above I would probably write something like as root and every other user instead of simply as root. Assuming you are properly quoting the docs, and I have no reason to believe otherwise, it should certainly not say as root, but rather as anyone. This was resolved by tedu@'s most recent commit to doas.conf.5: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/doas.conf.5.diff?r1=1.12r2=1.13 Thanks to espie@ and halex@ for helping me understand where my confusion came from.
OpenBSD machine was hacked
Dear All, Recently, I'm realized that my openbsd firewall router was not usable anymore due to pf rules had changed by using carp and pfsync mechanism. Here is my prove. I'm tried to reinstall the whole machine and plugged in the modem LAN cable to NIC card. All my written pf rules was flush and changed. This happen even without internet connection(No IP address assign). I'm suspected this is did by my ISP. I'm believed my openbsd machine was located same subnet with their machine. I'm even tried to disable carp protocol but my pf rules still get flushed out. How this can happen? How to prevent it? How my ISP can synchronize its pf rules to my machine without IP assign? I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my machine. net.inet.carp.allow=0 Please help. Very urgent. -- Linux
Re: aucat problems
On Tue, Jul 28, 2015 at 10:01:56AM +0200, Alexandre Ratchov wrote: On Mon, Jul 27, 2015 at 04:47:56PM -0400, Stefan Berger wrote: Hi, i have some trouble, configuring my audio devices: I want to record with my internal microphone (Thinkpad x220i) or/and my headphones with aucat, but I can't configure it according to FAQ because the output from mixerctl is somehow, different. does playback work? assuping it does, if you run: aucat -o test.wav I did that, but when I do the aucat -i test.wav command, then I can't hear anything. I also tried aucat -c 0:1 -o 1.wav -c 2:3 -o 2.wav -c 4:5 -o 3.wav but nothing for all three files. could you post the output of mixerctl -v ? here is my mixerctl -v output: inputs.dac-0:1_mute=off [ off on ] inputs.dac-0:1=180,180 inputs.dac-2:3_mute=off [ off on ] inputs.dac-2:3=180,180 inputs.beep=108 record.adc-0:1_source=mic2 [ sel sel2 mic2 mix ] record.adc-0:1_mute=off [ off on ] record.adc-0:1=126,126 record.adc-2:3_source=mic2 [ sel sel2 mic2 mix ] record.adc-2:3_mute=off [ off on ] record.adc-2:3=126,126 record.adc-4:5_source=mic2 [ sel sel2 mic2 mix ] record.adc-4:5_mute=off [ off on ] record.adc-4:5=126,126 inputs.sel_source=mic [ mic ] outputs.sel=126,126 inputs.sel2_source=mic [ mic ] outputs.sel2=126,126 outputs.hp_source=dac-0:1 [ dac-0:1 dac-2:3 ] outputs.hp_boost=off [ off on ] outputs.mic_source=dac-0:1 [ dac-0:1 dac-2:3 ] outputs.mic_dir=input-vr80 [ none output input input-vr50 input-vr80 ] outputs.mic_eapd=on [ off on ] outputs.spkr_source=dac-2:3 [ dac-0:1 dac-2:3 ] inputs.mic2=126,126 inputs.mix_source=dac-0:1,dac-2:3 { dac-0:1 dac-2:3 } inputs.mix_dac-0:1=126,126 inputs.mix_dac-2:3=126,126 outputs.hp_sense=unplugged [ unplugged plugged ] outputs.mic_sense=unplugged [ unplugged plugged ] outputs.spkr_muters=hp,mic { hp mic } outputs.master=181,181 outputs.master.mute=off [ off on ] outputs.master.slaves=dac-0:1,dac-2:3 { dac-0:1 dac-2:3 beep sel sel2 } record.volume=126,126 record.volume.mute=off [ off on ] record.volume.slaves=adc-0:1,adc-2:3,adc-4:5 { adc-0:1 adc-2:3 adc-4:5 mic2 }
Re: OpenBSD machine was hacked
What information you all require? On Tue, Jul 28, 2015 at 10:28 PM, Giancarlo Razzolini grazzol...@gmail.com wrote: Em 28-07-2015 06:17, Wong Peter escreveu: Dear All, Recently, I'm realized that my openbsd firewall router was not usable anymore due to pf rules had changed by using carp and pfsync mechanism. Here is my prove. I'm tried to reinstall the whole machine and plugged in the modem LAN cable to NIC card. All my written pf rules was flush and changed. This happen even without internet connection(No IP address assign). I'm suspected this is did by my ISP. I'm believed my openbsd machine was located same subnet with their machine. I'm even tried to disable carp protocol but my pf rules still get flushed out. How this can happen? How to prevent it? How my ISP can synchronize its pf rules to my machine without IP assign? I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my machine. net.inet.carp.allow=0 Please help. Very urgent. You use a very controversial subject in order to draw attention in the hope that someone will help you. And not only you can't manage to give a shred of evidence to support your claim, as you can't even manage to provide enough information for some good soul on this list to help you. Come back when you sorted this out. Cheers, Giancarlo Razzolini -- Linux
Re: rdomain with BGP dynamic route
I see what you mean. This, I think, is close to what you're looking for, but I'm not 100% certain of how to accomplish exactly what you want: nexthop qualify via bgp listen on A.B.C.D ## vrf member address of, say, em1 rtable 2 ## put vrf interface into rdomain 2 via ifconfig? rdomain 2 { rd 123:456 depend on em1 } neighbor VPNCLIENT1 { depend on em1 } ...I don't know how to avoid running a separate instance of bgpd(8) per VRF, however. Given that OpenBSD has, apparently, a working MPLS + LDP implementation, this is obviously yet another case where the manual pages contain enough information Based on jeker's MPLS paper back at EuroBSDCon 2011, it may be the case that BGP + VRF really only works work mpe(4). Ah! I found someone else's documentation that explains it... you do still need to use rdomain0, but you MUST tag the routes. rdomain0 contains everything, including the [possibly overlapping] routes, but with prefixes to keep them separate. See http://firstyear.id.au/entry/21. Also see jeker's explanation (perhaps dated) here: http://openbsd-archive.7691.n7.nabble.com/Using-RDomain-setup-with-pf-4-and-bgpd-8-td42066.html. (Also check out http://lmgtfy.com/?q=openbsd+bgp+vrf. Admittedly, the fourth or fifth result _is_ this thread :-/.) Failing that, as I can't tell for certain if it does what you want, wait for Claudio, Henning, or whoever else is working on it now to figure out how to make it work better! I hear sending them beer sometimes helps... -Adam On 07/24/2015 08:07 PM, XU, YANG (YANG) wrote: Adam, I really appreciate your reply. I read bgpd.conf and see rdomain can only define network as explicit, static or connected. In my case, I need to import dynamic prefix from BGP session. Right now all prefix learned from BGP goes to rdomain 0. I want to put prefix learned from BGP into the rdomain I specify. Thanks, -Yang From: Adam Thompson [athom...@athompso.net] Sent: 24 July 2015 20:33 To: XU, YANG (YANG) Subject: Re: rdomain with BGP dynamic route On 2015-07-24 06:47 AM, XU, YANG (YANG) wrote: Let me describe it in another way. Can I create a new rdomain as a VRF and use the rdomain to import/export customer's prefix through BGP? I will greatly appreciate it if you can provide any information. I have seen some information online, but prefix is either from static configuration or connected network. In my case, I need to support dynamic routes from BGP in VRF. Short answer: yes. See man bgpd.conf(5): ROUTING DOMAIN CONFIGURATION bgpd(8) supports the setup and distribution of Virtual Private Networks. It is possible to import and export prefixes between routing domains. Each routing domain is specified by an rdomain section, which allows properties to be set specifically for that rdomain: rdomain 1 { descr a rdomain rd 65002:1 import-target rt 65002:42 export-target rt 65002:42 network 192.168.1/24 depend on mpe0 } -- -Adam Thompson athom...@athompso.net
Re: OpenBSD machine was hacked
One question at a time. On Tue, Jul 28, 2015 at 6:17 PM, Wong Peter peterap...@gmail.com wrote: Dear All, Recently, I'm realized that my openbsd firewall router was not usable anymore What symptoms? due to pf rules had changed Can you show the configuration, the rules before the undesired changes, and the rules after the changes? by using carp and pfsync mechanism. Have you checked for unauthorized logins, rootkits, and such things? Here is my prove. Without the log messages that should be generated when you went through this, it's hard to analyze this. I'm tried to reinstall the whole machine and plugged in the modem LAN cable to NIC card. All my written pf rules was flush and changed. This happen even without internet connection(No IP address assign). Can you provide copies of your logs when you did this? If not, can you do it again, keeping logs this time? I'm suspected this is did by my ISP. I'm believed my openbsd machine was located same subnet with their machine. Check your DHCP client, as well. Both the configuration and the logs. I'm even tried to disable carp protocol but my pf rules still get flushed out. Again, can you show before and after? How this can happen? How can what happen? How to prevent it? It's hard to prevent things you don't understand. And it's hard to give advice when it seems like the advice won't be understood. (Pardon me for being blunt.) How my ISP can synchronize its pf rules to my machine without IP assign? Why ask this question before you know what really happened? I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my machine. net.inet.carp.allow=0 Suspicion is free, but it doesn't help without understanding. Please help. Very urgent. Get answers to the first questions first. The other questions don't make sense without answers to the first questions. If it's urgent, that's all the more reason to start with questions you can understand. (This is what everyone else is saying.) -- Joel Rees Be careful when you look at conspiracy. Arm yourself with knowledge of yourself, as well: http://reiisi.blogspot.jp/2011/10/conspiracy-theories.html
Re: Default OpenBSD browser
On 2015-07-28, li...@wrant.com wrote: What is the best and lightest browser... Dillo is generally good, with Firefox for heavy sites. Seconded. The default browser concept is most probably not a good idea (read a bad idea) for any OS. There is no such thing as best, but for lightest: Dillo is very fast lightweight and almost always renders correct the proper sites, and has no JavaScript vulnerabilities (for now). Helps read web pages daily. The ftp(1) works great for command line client, used daily. Any opinions on w3m as an alternative to the much debated lynx for casual text mode browsing? I use w3m daily and heavily for browsing most basic web pages or if I just want to read text content when the look/layout of a page is not necessary for me. It handles cookies if you want it to, with easy cookie management. Has tabs, but doesn't remember sessions (unless you are using the w3m Emacs plugin, which I have never tried). I also use it to browse directories that have a lot of HTML files, like my book and web archive collections. I've used its external browser functions to attach URL yanking to keybinds (hint: define a browser as xsel), which is handy. It has an image mode which seems to be pretty hackish and has never worked smoothly for me, at least running rxvt with tmux. I use it rarely, and instead use the program's mailcap file to define an image viewer, and view images externally by selecting them and hitting a keybind. Some of the features and options can be difficult to discover or decipher due partly to the state of the English documentation (author is Japanese). Maybe someday when I find more time I can contribute to the documentation, and maybe one day, the code. Seconding Dillo for a quick, no-nonsense graphical browser. And of course there is always surf[1]. [1] http://surf.suckless.org -Brendan
'PermitRootLogin no' sshd_config default on latest snapshot even though ssh root key specified in install.conf
Today I ran an automated installation using the latest amd64 install58.iso media. A root ssh key was specified in install.conf, and the key is being correctly installed in /root/.ssh/authorized_keys. This method was working fine with the 5.7 release, but apparently 5.8 now sets 'PermitRootLogin no' in /etc/ssh/sshd_config even when a root ssh key is specified in install.conf. Looking through the relevant commits over the last few months [1], it appears that the setting keeps getting 'twiddled' back and forth. What's the long term plan for this? My preference is that root ssh pubkey logins are allowed on reboot. [1] http://freshbsd.org/search?project=openbsdq=permitrootlogin
Re: OpenBSD machine was hacked
On Wed, 29 Jul 2015, Wong Peter wrote: Q:why do you believe that your machine was hacked? A: My pf rules was flushed.This can prove using pfctl -sr. The whoe firewall was not usable anymore. NO NAT nor packet filtering. Q: You say that whatever happened was done by your ISP even though you had no Internet connection.Why do you believe that to be true? A: Our ISP had implement monitoring like NSA or British CGHQ. Moreover, Hacking openBSD is not that easy. First hop hacking is much more easier than anyone. Q: Why do you believe that you had no Internet connection? A: No response when ping dns server and no IP address assign to pppoe0 interface. Q: If you had no Internet connection, how is it that someone at your ISP would have been able to access the machine? A: I had no idea. Thus, I was asked it here. Q: Where is the machine actually located? A: This is a home use firewall router sit behind a modem. Where to find log files regarding pf rule was flushed out using carp or pfsync? I'm understand you all want to help me and you all require information. I'm tried to extract the whole OS into zip file and copied to portable hard disk but it failed. It say no such file or directory. cp /home/user/bsd.tar.gz /mnt/obsd/ What wrong with it? I see no evidence that your ISP hacked your machine. As you say hacking OpenBSD is not easy. Further it is difficult to imagine what motive somebody might have in hacking into your machine and turning your Internet connection and NAT off. One plausable scenario is that your firewall rules are not setup correctly to begin with, and the machine rebooted due to a power interruption, and the firewall rules never got put back in. There are many other plausable scenarios that somebody with more time could think of. Is your computer set up to restore the connection and firewall on boot? Have you tested that? As far as intrusion goes, the best place to look would be /var/log/authlog, which will record logins. However I think what I've outlined above will be a more fruitful approach. Further your entire OS image is far too large to send here, and very few people here will have the patience to wade through it searching for your problem. If cp says no such file or directory then either the source file path is wrong or the destination directory does not exist. To be very blunt, the fact that you did not know this makes me suspect that you have misconfigured your system in some way. Describe how you configured it, and somebody may be able to help you. -- Martin
Re: OpenBSD machine was hacked
There is all sorts of information that you could provide: - why do you believe that your machine was hacked? You seem to think that someone at your ISP did whatever was done. Why do you believe that to be true? Why would someone at your ISP want to do this? Why would someone at you ISP be better able to do this than some random bad person out on the Internet? - you say that whatever happened was done by your ISP even though you had no Internet connection. Why do you believe that this is even possible? Why do you believe that you had no Internet connection? If you had no Internet connection, how is it that someone at your ISP would have been able to access the machine? Where is the machine actually located? - you say that your pf rules were flushed. Why do you believe that they were ever loaded in the first place? Can you demonstrate that the rules were in place at one point in time and that they are no longer in place later? Have you tried rebooting the machine and then immediately checking to see if the rules are there or not? - you say that you suspect that your ISP used some sort of “Layer 2 by using mac spoofing/mac target” technique. Please say more about “some sort of” - what sort of? Why do you believe that this technique, whatever it is, might work? Can you even provide a basic explanation of how this technique, whatever it is, might have been used to hack your machine or is this just a theory with no evidence to support it. There are lots of other questions you could answer. For example, what messages appear in your log files that support your theory? Even a list of the evidence that you see that supports your theory might help. It almost sounds like you are saying that you cannot figure out how whatever happened occurred so it must have been someone at your ISP. That is a pretty big leap to make without some evidence that actually points at your ISP. -Danny On Jul 28, 2015, at 18:00 , Wong Peter peterap...@gmail.com wrote: What information you all require? On Tue, Jul 28, 2015 at 10:28 PM, Giancarlo Razzolini grazzol...@gmail.com wrote: Em 28-07-2015 06:17, Wong Peter escreveu: Dear All, Recently, I'm realized that my openbsd firewall router was not usable anymore due to pf rules had changed by using carp and pfsync mechanism. Here is my prove. I'm tried to reinstall the whole machine and plugged in the modem LAN cable to NIC card. All my written pf rules was flush and changed. This happen even without internet connection(No IP address assign). I'm suspected this is did by my ISP. I'm believed my openbsd machine was located same subnet with their machine. I'm even tried to disable carp protocol but my pf rules still get flushed out. How this can happen? How to prevent it? How my ISP can synchronize its pf rules to my machine without IP assign? I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my machine. net.inet.carp.allow=0 Please help. Very urgent. You use a very controversial subject in order to draw attention in the hope that someone will help you. And not only you can't manage to give a shred of evidence to support your claim, as you can't even manage to provide enough information for some good soul on this list to help you. Come back when you sorted this out. Cheers, Giancarlo Razzolini -- Linux
Re: OpenBSD machine was hacked
Q:why do you believe that your machine was hacked? A: My pf rules was flushed.This can prove using pfctl -sr. The whoe firewall was not usable anymore. NO NAT nor packet filtering. Q: You say that whatever happened was done by your ISP even though you had no Internet connection.Why do you believe that to be true? A: Our ISP had implement monitoring like NSA or British CGHQ. Moreover, Hacking openBSD is not that easy. First hop hacking is much more easier than anyone. Q: Why do you believe that you had no Internet connection? A: No response when ping dns server and no IP address assign to pppoe0 interface. Q: If you had no Internet connection, how is it that someone at your ISP would have been able to access the machine? A: I had no idea. Thus, I was asked it here. Q: Where is the machine actually located? A: This is a home use firewall router sit behind a modem. Where to find log files regarding pf rule was flushed out using carp or pfsync? I'm understand you all want to help me and you all require information. I'm tried to extract the whole OS into zip file and copied to portable hard disk but it failed. It say no such file or directory. cp /home/user/bsd.tar.gz /mnt/obsd/ What wrong with it? On Wed, Jul 29, 2015 at 8:26 AM, Daniel Boulet da...@matilda.com wrote: There is all sorts of information that you could provide: - why do you believe that your machine was hacked? You seem to think that someone at your ISP did whatever was done. Why do you believe that to be true? Why would someone at your ISP want to do this? Why would someone at you ISP be better able to do this than some random bad person out on the Internet? - you say that whatever happened was done by your ISP even though you had no Internet connection. Why do you believe that this is even possible? Why do you believe that you had no Internet connection? If you had no Internet connection, how is it that someone at your ISP would have been able to access the machine? Where is the machine actually located? - you say that your pf rules were flushed. Why do you believe that they were ever loaded in the first place? Can you demonstrate that the rules were in place at one point in time and that they are no longer in place later? Have you tried rebooting the machine and then immediately checking to see if the rules are there or not? - you say that you suspect that your ISP used some sort of âLayer 2 by using mac spoofing/mac targetâ technique. Please say more about âsome sort ofâ - what sort of? Why do you believe that this technique, whatever it is, might work? Can you even provide a basic explanation of how this technique, whatever it is, might have been used to hack your machine or is this just a theory with no evidence to support it. There are lots of other questions you could answer. For example, what messages appear in your log files that support your theory? Even a list of the evidence that you see that supports your theory might help. It almost sounds like you are saying that you cannot figure out how whatever happened occurred so it must have been someone at your ISP. That is a pretty big leap to make without some evidence that actually points at your ISP. -Danny On Jul 28, 2015, at 18:00 , Wong Peter peterap...@gmail.com wrote: What information you all require? On Tue, Jul 28, 2015 at 10:28 PM, Giancarlo Razzolini grazzol...@gmail.com wrote: Em 28-07-2015 06:17, Wong Peter escreveu: Dear All, Recently, I'm realized that my openbsd firewall router was not usable anymore due to pf rules had changed by using carp and pfsync mechanism. Here is my prove. I'm tried to reinstall the whole machine and plugged in the modem LAN cable to NIC card. All my written pf rules was flush and changed. This happen even without internet connection(No IP address assign). I'm suspected this is did by my ISP. I'm believed my openbsd machine was located same subnet with their machine. I'm even tried to disable carp protocol but my pf rules still get flushed out. How this can happen? How to prevent it? How my ISP can synchronize its pf rules to my machine without IP assign? I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my machine. net.inet.carp.allow=0 Please help. Very urgent. You use a very controversial subject in order to draw attention in the hope that someone will help you. And not only you can't manage to give a shred of evidence to support your claim, as you can't even manage to provide enough information for some good soul on this list to help you. Come back when you sorted this out. Cheers, Giancarlo Razzolini -- Linux -- Linux
Re: OpenBSD machine was hacked
Em 28-07-2015 06:17, Wong Peter escreveu: Dear All, Recently, I'm realized that my openbsd firewall router was not usable anymore due to pf rules had changed by using carp and pfsync mechanism. Here is my prove. I'm tried to reinstall the whole machine and plugged in the modem LAN cable to NIC card. All my written pf rules was flush and changed. This happen even without internet connection(No IP address assign). I'm suspected this is did by my ISP. I'm believed my openbsd machine was located same subnet with their machine. I'm even tried to disable carp protocol but my pf rules still get flushed out. How this can happen? How to prevent it? How my ISP can synchronize its pf rules to my machine without IP assign? I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my machine. net.inet.carp.allow=0 Please help. Very urgent. You use a very controversial subject in order to draw attention in the hope that someone will help you. And not only you can't manage to give a shred of evidence to support your claim, as you can't even manage to provide enough information for some good soul on this list to help you. Come back when you sorted this out. Cheers, Giancarlo Razzolini
Re: Sluggish/laggy browser behaviour
On Tue, Jul 28, 2015 at 02:48:41PM +0200 or thereabouts, Stefan Sperling wrote: On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote: This problem is NOT specific to this model or any other machine (as far as I experienced). This issue was present on a few towers and still is on an Intel/Asus{1} based machine. You can try debugging FireFox or Chromium with gdb(1). {1} No dmesg, not on this machine at the moment. I have never seen fluent browser HTML5 video on any OpenBSD machine. Same here. I always download any video content first and play it in vlc or mplayer. The chaps at Jondo reckon it is a little safer too. https://anonymous-proxy-servers.net/en/faq-jondofox.html#1c Generally, videos at a fair resolution on OpenBSD played back without use of xvideo extensions or OpenGL are not watchable. My theory is that browsers rely on fast multi-core CPUs and multihreading in the kernel to show video smoothly. OpenBSD doesn't have multihreading in the kernel and is tuned for correctness rather than performance. Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single core machine running Linux? Would you expect that to work?
Re: doas, keepenv PATH segfault
2015-07-28 12:34 GMT+03:00 Zé Loff zel...@zeloff.org: Hi all On yesterday's amd64 -current (#1201), if PATH is added to the keepenv list in doas.conf, e.g. permit keepenv { ENV PATH PKG_PATH PS1 SSH_AUTH_SOCK } :wheel as root when attempting to run an inexistent command, doas segfaults instead of exiting with command not found and retval 1. I actually have no idea if keepenv PATH makes any sense, I just had a couple of scripts in ~/bin that require sudo/doas -- but even if its a stupid idea, segfaulting didn't seem right. Hi, thank you for the report. I've just committed the fix; please check that your usecase is happy now. -- WBR, Vadim Zhukov
Re: IPV6 routing issue
Em 25-07-2015 11:50, Stuart Henderson escreveu: Actually that's fine, a point-to-point interface can be unnumbered, or in the case of IPv6, it can just have a link-local address. In my case I don't have a ppp interface, my CPE talks to my OpenBSD firewall through normal LAN. DHCPv6 PD would give you a /64 or (if allowed by the ISP) a larger prefix to assign to interfaces as you choose. Normally you would assign this to internal interface/s, but assuming the ISP allows more than a /64, you *can* apply part of that delegation to the PPP interface if you would like it to have a globally routable address. This is one of my problems, my ISP would only give me a /64 prefix, not a /56 or other manageable size. I can ask a PD from the CPE, but the only prefix already is delegated to the CPE itself. So the CPE keeps asking me neighbor solicitation messages, and won't route the packets. Unless I use NDP proxying, I can't do normal routing. As I stated, I did a bridge. When I have some free time I'll visit the NDP proxy again. Perhaps I'll be able to port some of the existing solutions to OpenBSD. Cheers, Giancarlo Razzolini
Re: Sluggish/laggy browser behaviour
On Tue, 28 Jul 2015 14:48:41 +0200 Stefan Sperling s...@stsp.name wrote: On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote: This problem is NOT specific to this model or any other machine (as far as I experienced). This issue was present on a few towers and still is on an Intel/Asus{1} based machine. You can try debugging FireFox or Chromium with gdb(1). {1} No dmesg, not on this machine at the moment. I have never seen fluent browser HTML5 video on any OpenBSD machine. Generally, videos at a fair resolution on OpenBSD played back without use of xvideo extensions or OpenGL are not watchable. I might have gotten luky but this Thinkpad X220 plays 720p Youtube HTML5 video in Chromium without glitches, even on fullscreen. As long as there is no other system load. My theory is that browsers rely on fast multi-core CPUs and multihreading in the kernel to show video smoothly. OpenBSD doesn't have multihreading in the kernel and is tuned for correctness rather than performance. Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single core machine running Linux? Would you expect that to work? OpenBSD 5.8 (GENERIC.MP) #2: Mon Jul 27 21:42:02 CEST 2015 b...@x220.home.netzbasis.de:/git/hellfish/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8451125248 (8059MB) avail mem = 8191107072 (7811MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries) bios0: vendor LENOVO version 8DET69WW (1.39 ) date 07/18/2013 bios0: LENOVO 4287CTO acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.29 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus 5 (EXP4) acpiprt5 at acpi0: bus 13 (EXP5) acpiprt6 at acpi0: bus -1 (EXP7) acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 acpitz0 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 42T4861 serial 12675 type LION oem SANYO acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK docked (15) cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000,
Re: Default OpenBSD browser
Hello, Thoughts on Links+. Code quality, security and generial usefulness. Regards Gerald Hanuer
Re: Default OpenBSD browser
There's a FAQ section for this[0]. Personally, I mostly use Firefox for everything and works quite well. But also use from time to time Chromium, for YouTube, SoundCloud, Google Apps, etc. [0] http://www.openbsd.org/faq/faq8.html#Browsers
Re: Default OpenBSD browser
Hi. OpenBSD don't include browser by default, but my recommendation is always Mozilla Firefox. Regards On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan mbzade...@gmail.com wrote: Hi, As we know the default X Window manager for OpenBSD is fvwm http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is very usefull for initial using of OpenBSD. But Does OpenBSD have any WEB browser(Text or vs Image) by default? If have not, What is the best and lightest browser that usefull with fvwm? Thanks. -- Francisco Valladolid H. -- http://blog.bsdguy.net - Jesus Christ follower.
Re: Sluggish/laggy browser behaviour
On 2015-07-28, Maurice McCarthy m...@mythic-beasts.com wrote: I have never seen fluent browser HTML5 video on any OpenBSD machine. Same here. I always download any video content first and play it in vlc or mplayer. The chaps at Jondo reckon it is a little safer too. https://anonymous-proxy-servers.net/en/faq-jondofox.html#1c Their remark is specifically about Flash and not at all about HTML5. Both VLC and MPlayer are kitchen-sink applications full of dubious code. VLC gets regular security advertisements; MPlayer doesn't, but that probably just means that nobody can be bothered to write them. -- Christian naddy Weisgerber na...@mips.inka.de
Re: Intel Atom?
Recommendation for a very capable router are C2750/C2758 Supermicro So, do you think we'd *need* a board like that? Depends on your specific requirements in terms of expected bottlenecks. The reason I ask is that they're nearly twice the price of other dual-gigE Atom boards, and the ECC SODIMMs don't help. ECC RAM always helps in the long term, if the board is collocated this can save you a trip or two / remote hands fees. Even for home use ECC is considered a reliability feature (at about 5-15% annual rate of random memory errors) if the device is powered 24/7. If you're saying that an old D525 can handle our traffic needs and is well supported, I'm don't think springing for this board makes sense. I am saying it handles my specific needs since early 2011 and also saying that newer Atoms are preferred if budget allows this, for added performance in the same thermal dissipation and power usage. Regarding price, if you plan to use a Supermicro board, those are more expensive than comparable other brands, even more expensive than comparable Intel boards. At the time I was shopping the best available Atom offers were D525 boards from Supermicro. I could have dealt away with an Intel board and still be happy (lower priced other boards were not yet listed), but I'd not have IMPI serial BIOS (out of band) access. D525 is an older Atom CPU on ICH9R chipset and a lot less capable compared to newer Atoms, especially the ones recommended. It does not have the VT-* (think virtualisation) extensions, but a router or storage appliance does not need these. http://ark.intel.com/products/49490/Intel-Atom-Processor-D525-1M-Cache-1_80-GHz With a grain of salt as the benchmarks are unreliable source of performance comparisons (and these promote a utility): http://www.cpubenchmark.net/cpu.php?cpu=Intel+Atom+D525+%40+1.80GHz $ md5 -tt MD5 time trial. Processing 10 1-byte blocks... Digest = 766a2bb5d24bddae466c572bcabca3ee Time = 4.094940 seconds Speed = 244203822.278226 bytes/second Here is one good board: http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPA-HF-D525.cfm If you want to use X, stick a cheap low power fanless single slot Radeon HD5450 in it, this supports OK up to dual link DVI 2560x1440 + VGA 1920x1200 together. The included in the mainboard Matrox G200eW video works OK to boot up and with special tweaking has worked for X but not at the moment. With the added video card the system works quite responsive for a low power on board soldered processor driven desktop. The system can run headless with no monitor/keyboard entirely commanded over the serial port including BIOS access. Serial over LAN works OK too, but serial 3 wire does not depend on network. Always consider a spare monitor keyboard attached / around the system just in case. There is no point in using more than 4 GB RAM, though there are reports it can boot with 8 GB RAM, those are silly tricks. The CPU spec says it can address 4 GB and the mainboard spec as well 4 GB. Pick good RAM exactly timed per the spec as the board will not boot up with unreliable funky cheap RAM and you will be glad in the long term for the RAM choice. This board is not your choice for ZFS/RAID fate abuse, but works great for a NAS provider, this comment is in regard to the 8 GB silliness. This system does not support ECC RAM. http://www.servethehome.com/supermicro-x7spehfd525-8gb-ddr3-ipmi-pfsense-freenas-unraid-linux-power-consumption/ The total power consumption bare is about 35-40 W, if you plan to populate more than 1 of the 6 SATA ports, consider a reliable 200 W PSU so it can function halfway loaded. These 200 W specify total power summary across voltages and are maximum power load before failure, not normal working (at efficient levels) power use. Even with no drives, still pick a 200 W PSU standard form factor case. The 2 LAN GigE ports are enough for a router, one is shared for IPMI. These are just fine in OpenBSD as em(4) devices. I'll put the dmesg later in the message, no glitches for years, happily saturate the network with SSH rsync. Everything works great on the board and is well supported, I have it and this runs flawless almost idle since 2011 when I bought it. IPMI works as advertised, you have to patch the BIOS IPMI firmwares to close vulnerability (in IPMI) and confine the IMPI (shared LAN) on local network only even with proper set up. It will need a case fan (or two for redundancy) because the CPU is fanless and produces enough heat (about 15-20 W TDP) and even without a Radeon added (20 W more) inside, the system can not rely on free air convection in a tower / desktop small form factor (mini-ITX) case. Remember, these boards are designed to be put in controlled temperature environments in 1U rack mount cases where air is flowing through the chassis. You can't leave it just heat up the temperature sensitive components (capacitors, HDDs) without shortening their life.
Re: OpenBSD machine was hacked
The changes was not done to /etc/pf.conf file but it is on runtime. I'm issues pfctl -sr command which reflect this. On Tue, Jul 28, 2015 at 5:35 PM, Stefan Wollny ste...@wollny.de wrote: Hi, I can't tell you anything what might have happend as you didn't provide enough information and I am not educated to give any hints. But to prevent any changes you might consider using chflags after you have set up your pf.conf: $ sudo chflags schg /etc/pf.conf Keep in mind that changes thereafter are only possible if you reboot into insecure mode. man 1 chflags is your friend. If this doesn't help it is beyond my knowledge. Good luck! STEFAN *Gesendet:* Dienstag, 28. Juli 2015 um 11:17 Uhr *Von:* Wong Peter peterap...@gmail.com *An:* misc@openbsd.org *Betreff:* OpenBSD machine was hacked Dear All, Recently, I'm realized that my openbsd firewall router was not usable anymore due to pf rules had changed by using carp and pfsync mechanism. Here is my prove. I'm tried to reinstall the whole machine and plugged in the modem LAN cable to NIC card. All my written pf rules was flush and changed. This happen even without internet connection(No IP address assign). I'm suspected this is did by my ISP. I'm believed my openbsd machine was located same subnet with their machine. I'm even tried to disable carp protocol but my pf rules still get flushed out. How this can happen? How to prevent it? How my ISP can synchronize its pf rules to my machine without IP assign? I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my machine. net.inet.carp.allow=0 Please help. Very urgent. -- Linux -- Linux
Re: Sluggish/laggy browser behaviour
On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote: This problem is NOT specific to this model or any other machine (as far as I experienced). This issue was present on a few towers and still is on an Intel/Asus{1} based machine. You can try debugging FireFox or Chromium with gdb(1). {1} No dmesg, not on this machine at the moment. I have never seen fluent browser HTML5 video on any OpenBSD machine. Generally, videos at a fair resolution on OpenBSD played back without use of xvideo extensions or OpenGL are not watchable. My theory is that browsers rely on fast multi-core CPUs and multihreading in the kernel to show video smoothly. OpenBSD doesn't have multihreading in the kernel and is tuned for correctness rather than performance. Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single core machine running Linux? Would you expect that to work?
Default OpenBSD browser
Hi, As we know the default X Window manager for OpenBSD is fvwm http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is very usefull for initial using of OpenBSD. But Does OpenBSD have any WEB browser(Text or vs Image) by default? If have not, What is the best and lightest browser that usefull with fvwm? Thanks.
Re: Sluggish/laggy browser behaviour
QUOTE: I can pretty much confirm this on an X220i, I have sort of come to terms with it, but it is definitely noticeable (in chromium and firefox). X220 here. This problem is NOT specific to this model or any other machine (as far as I experienced). This issue was present on a few towers and still is on an Intel/Asus{1} based machine. You can try debugging FireFox or Chromium with gdb(1). {1} No dmesg, not on this machine at the moment.
Re: Collect logs with syslog +hostname
On 07/28/2015 03:20 PM, Gregory Edigarov wrote: On 07/28/2015 02:41 PM, Atanas Vladimirov wrote: Hi, I tried the new feature of syslogd to collect log messages from other syslog capable devices (in this case an OpenWRT router). I red syslog.conf many times, but I can't figure it why it doesn't work. [ns]~$ cat /etc/syslog.conf # $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ # +wdr4900.bsdbg.net *.* /var/log/w4900 move the above 2 lines to the end of your file. remove next line: +* next, add 192.168.1.18 wdr4900 to /etc/hosts also, change the syslog rule as: + wdr4900 *.* /var/log/w4900 and things will work
Collect logs with syslog +hostname
Hi, I tried the new feature of syslogd to collect log messages from other syslog capable devices (in this case an OpenWRT router). I red syslog.conf many times, but I can't figure it why it doesn't work. [ns]~$ cat /etc/syslog.conf # $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ # +wdr4900.bsdbg.net *.* /var/log/w4900 +* !!spamd daemon.err;daemon.warn;daemon.info /var/log/spamd !* !!ppp daemon.err;daemon.warn;daemon.info /var/log/ppp.log !* !!pptp daemon.err;daemon.warn;daemon.info /var/log/ppp.log !* *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log daemon.info /var/log/daemon ftp.info/var/log/xferlog lpr.debug /var/log/lpd-errs mail.info /var/log/maillog #uucp.info /var/log/uucp [ns]~$ ping wdr4900.bsdbg.net PING wdr4900.bsdbg.net (192.168.1.18): 56 data bytes 64 bytes from 192.168.1.18: icmp_seq=0 ttl=64 time=0.267 ms 64 bytes from 192.168.1.18: icmp_seq=1 ttl=64 time=0.220 ms 64 bytes from 192.168.1.18: icmp_seq=2 ttl=64 time=0.228 ms --- wdr4900.bsdbg.net ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.220/0.238/0.267/0.024 ms OpenBSD 5.8-beta (GENERIC.MP) #1152: Tue Jul 14 12:08:52 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4008378368 (3822MB) avail mem = 3883024384 (3703MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root
Re: Collect logs with syslog +hostname
On 07/28/2015 02:41 PM, Atanas Vladimirov wrote: Hi, I tried the new feature of syslogd to collect log messages from other syslog capable devices (in this case an OpenWRT router). I red syslog.conf many times, but I can't figure it why it doesn't work. [ns]~$ cat /etc/syslog.conf # $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ # +wdr4900.bsdbg.net *.* /var/log/w4900 move the above 2 lines to the end of your file. remove next line: +* next, add 192.168.1.18 wdr4900 to /etc/hosts and things will work
Re: Loading (libdlrpc.so) by SPIKE fuzzer?!
On Tue, Jul 28, 2015 at 12:45 AM, Mohammad BadieZadegan mbzade...@gmail.com wrote: I compile spike fuzzer https://www.immunitysec.com/downloads/SPIKE2.9.tgz file but when I execute that, it warning me to load libdlrpc.so firstly. I copy this library from its src folder to /usr/lib but now I get these error messages when running spike! # ./generic_send_tcp ./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local' This message means the shared object was linked incorrectly. Shared object like libdlrpc.so should be linked by invoking the compiler with the -shared option; that lets the compiler include the necessary additional objects in the link command to handle compiler, library, and ABI requirements like __guard_local, atfork, and constructor invocation, respectively. Philip Guenther
Re: Default OpenBSD browser
On 2015-07-29, Scarlett wrote: (My last few mails to this list have been caught by the spam daemon, so I'm replying directly and hoping this makes its way through). I've wrestled with w3m's code plenty. What I found did not make me happy, as bcallah@ can attest (they also pointed me to this message). Numerous Linux distributions have fixes for fairly serious bugs in w3m sitting in their patches directories that have not been fixed upstream. Fuzzing it did not have positive results. Memory management practices are terrible. I suspect that replacing the GC layer with regular malloc() and adding free() in the correct places would be a major effort. A rewrite would possibly be preferable. I've merged a lot of fixes from various Linux distributions, and some of my own (C-standard-libraryification, overflow checks, NULL pointer deref bugs). I've also made some non-trivial simplifications to the code, removed a lot of cruft, and made it use libtls. You can check out my repository here, if you're interested: https://bitbucket.org/Scarletts/w3m/src I'd be really happy if other people took an interest and sent in some patches, or just tested it. w3m is fairly terrifying code. I would recommend using a modern intensively audited browser and disabling features like JavaScript over using w3m if security is a major concern. On the bells and whistles end of the spectrum, I'm rather partial to Iridium at the moment. Video performance on YouTube is much nicer than Firefox, and the process-per-tab feature adds some much needed stability. I am not a programmer at all, so I avoided stating that my gut tells me that w3m is likely in dire need of major fixes and optimizations. My dream project, if I ever learn C, would be to fork w3m or to write a brand new browser in the spirit of w3m. I'll check out your repo and mess around with it, for sure :) Thanks for the reply. -BSD
Re: aucat problems
On Tue, Jul 28, 2015 at 10:53:26AM +0200, Alexandre Ratchov wrote: If it doesn't work, try to use the other mic: mixerctl record.adc-0:1_source=sel mixerctl record.adc-2:3_source=sel mixerctl record.adc-4:5_source=sel Setting mixerctl to sel2 worked: mixerctl record.adc-0:1_source=sel2 mixerctl record.adc-2:3_source=sel2 mixerctl record.adc-4:5_source=sel2 Thank you for helping.
Re: Default OpenBSD browser
On Tue, 28 Jul 2015 23:58:14 -0400 Brendan Desmond bren...@imap.cc wrote: On 2015-07-29, Scarlett wrote: (My last few mails to this list have been caught by the spam daemon, so I'm replying directly and hoping this makes its way through). I've wrestled with w3m's code plenty. What I found did not make me happy, as bcallah@ can attest (they also pointed me to this message). Numerous Linux distributions have fixes for fairly serious bugs in w3m sitting in their patches directories that have not been fixed upstream. Fuzzing it did not have positive results. Memory management practices are terrible. I suspect that replacing the GC layer with regular malloc() and adding free() in the correct places would be a major effort. A rewrite would possibly be preferable. I've merged a lot of fixes from various Linux distributions, and some of my own (C-standard-libraryification, overflow checks, NULL pointer deref bugs). I've also made some non-trivial simplifications to the code, removed a lot of cruft, and made it use libtls. You can check out my repository here, if you're interested: https://bitbucket.org/Scarletts/w3m/src I'd be really happy if other people took an interest and sent in some patches, or just tested it. w3m is fairly terrifying code. I would recommend using a modern intensively audited browser and disabling features like JavaScript over using w3m if security is a major concern. On the bells and whistles end of the spectrum, I'm rather partial to Iridium at the moment. Video performance on YouTube is much nicer than Firefox, and the process-per-tab feature adds some much needed stability. I am not a programmer at all, so I avoided stating that my gut tells me that w3m is likely in dire need of major fixes and optimizations. My dream project, if I ever learn C, would be to fork w3m or to write a brand new browser in the spirit of w3m. I'll check out your repo and mess around with it, for sure :) Thanks for the reply. -BSD For plaintext browsing lynx has a lot of nice defaults that w3m lacks out of the box (meaningful page caching being the kicker). I like the promise of Dillo too with its graphical www minus all of the cancerous scripting. It is just not likely that there can ever again be a web browser worthy of getting the default designation in any serious OS.
Re: Sluggish/laggy browser behaviour
Well, video playback aside (least of my problems on this machine tbqf)... OpenBSD doesn't have multithreading in the kernel and is tuned for correctness rather than performance. I take from that I should not expect to see any movement on this front... Should I give up and go back to Linux then? Web usage is like a solid 50-60% of my daily use on this machine; I can't handle how bad scrolling and opening+closing tabs are if it's going to be my daily driver OS.
Re: OpenBSD machine was hacked
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/28/15 11:17, Wong Peter wrote: Recently, I'm realized that my openbsd firewall router was not usable anymore due to pf rules had changed by using carp and pfsync mechanism. It would be a lot easier to offer assistance if you offer some facts (including config files and the output of various commands you should find obvious, and data from relevant log files would be nice), along with the reasoning behind that conjecture. I have several plausible scenarios in mind that be could good fits your very vaguely described symptoms, but there's no way anybody can help you without some actual information on the configuration and problem at hand. - -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. iQIcBAEBAgAGBQJVt694AAoJELJiGF9h4DyesVEP/iIAWIpQSegLsVKTvP04Cdu1 t6Km8k9/DMZqIRLpIdRafCoMIbPX7732754yFxiUFwSswNg+utBVvrROajndgoPC TQIUYEyZwJFUHWFxV83nNU3vwXrpgBHFvdXXRkb5Y+6rySnW8dCK5Gbdw4pu8X2u ZtGSMESrVX0JQuhHLarf+Zg5qKa0IPyKB2+rk1U2mIwhoaDPysXgQ9s3yW982Nb3 Q9qBLPVmxseut3LIZ7Z3DLCzyXH/RhVhJgA1phjDVYTHYg38R8dVqAR2Y11eHEVu Z5uNJ/59zzVcgMaysga/8kjH1vHwhLrya31euf5dMjD3fmCZwZ/bUYmwllmTwlBz kP9gSGgUGqhmhF9MY95uxdmfNpdFNeqxsl5nJS8sWNhtPYVV9q5FqZI4XsRtoDOt 5HTxj+D4QrUph/lQg131+Xeq+u5spSR0i4OESk2Spilr81o2wbx1FjYxHttwF3gb pv1mE8D2iiK3vt2eNExvmUkFFqBqzH/KJn+O8bKsTy6M6nXND6PZ2t9Gzpu0stma 1/i8QjSt+duCpXPdh9ft/Z9TOtff2m2GGXUct55s50ST8T2rt+eFGvUdSAv4FyS/ IL7wbhVG8/3AemZrqtMsUyPWdfZd4w7fUEf8HSOYumbxvfdiaAg5+ZA5bIodu7OW JcDpBSaAoi+/bK9AbxPr =lcQs -END PGP SIGNATURE-
Re: Sluggish/laggy browser behaviour
On Tue, Jul 28, 2015 at 04:17:16PM +0200, Benjamin Baier wrote: I might have gotten luky but this Thinkpad X220 plays 720p Youtube HTML5 video in Chromium without glitches, even on fullscreen. As long as there is no other system load. I've only tried firefox. AFAIK chromium makes some use of OpenGL. Perhaps that's why it works for you.
Re: Default OpenBSD browser
On 2015-07-28 Tue 15:30 PM |, Mohammad BadieZadegan wrote: What is the best and lightest browser that usefull with fvwm? Dillo is generally good, with Firefox for heavy sites. Depends on where _you_ surf.
Re: Default OpenBSD browser
lynx was in the base distribution for quite some time. I occasionally used it to fetch http files (as opposed to getting wget from packages and using that). I've found that ftp(1) is quite sufficient for most of the things I need to to as far as a CLI client for quickly grabbing files via ftp/http/https. e.g. $ ftp -o OpenBSD.html http://openbsd.org/ Trying 129.128.5.194... Requesting http://openbsd.org/ Redirected to http://www.openbsd.org/ Trying 129.128.5.194... Requesting http://www.openbsd.org/ 100% |**| 4779 00:00 4779 bytes received in 0.00 seconds (5.25 MB/s) $ On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan mbzade...@gmail.com wrote: Hi, As we know the default X Window manager for OpenBSD is fvwm http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is very usefull for initial using of OpenBSD. But Does OpenBSD have any WEB browser(Text or vs Image) by default? If have not, What is the best and lightest browser that usefull with fvwm? Thanks.
Re: Default OpenBSD browser
What is the best and lightest browser... Dillo is generally good, with Firefox for heavy sites. Seconded. The default browser concept is most probably not a good idea (read a bad idea) for any OS. There is no such thing as best, but for lightest: Dillo is very fast lightweight and almost always renders correct the proper sites, and has no JavaScript vulnerabilities (for now). Helps read web pages daily. The ftp(1) works great for command line client, used daily. Any opinions on w3m as an alternative to the much debated lynx for casual text mode browsing?
Re: Intel Atom?
ECC RAM always helps in the long term, It helps yes, but for a router I wonder if it makes a significant difference. if the board is collocated It's in-house. but I'd not have IMPI serial BIOS (out of band) access. Both of those aren't necessary for this project. If you want to use X, Always consider a spare monitor keyboard attached / around the system just in case. We don't need X, but do need local console / KVM. It will need a case fan (or two for redundancy) because the CPU is fanless and produces enough heat (about 15-20 W TDP) and even without a Radeon added (20 W more) inside, the system can not rely on free air convection in a tower / desktop small form factor (mini-ITX) case. Don't use external brick / micro / pico type PSU units, those are not offering any benefit over stock SFX/ATX form factor and are less than reliable to say the least not mention interchangeable. The PSU is one of the least reliable system blocks. The reason I'm asking about Atoms ITXs in the first place is that physical size is a major constraint for this project and a micro ATX case or larger is a non-starter. It's even proving hard to find an SFX/TFX case that's compact enough (and isn't shit). We're pretty much looking at some sort of open mesh compact case design with a compact PSU, like a pico+MiniBox M350, Antec ISK110, or Silverstone PT13B + a thin-ITX motherboard with bult-in dc power. In such a cramped situation the low heat output of an Atom seems a better choice than a full sized Core. (See my other thread on this list about using NICs with multiple jacks). Also, you're the first person I've seen who's said that pico's aren't reliable. We have one that's several years old that's still going strong. I'm curious what your experiences have been? but you'll miss the chance to learn and use the advanced capabilities or more reliable components on board. That's not really an issue, we have and use Supermicro stuff all the time. In fact there's a couple old P8SCT-based 1U severs I'm trying to sell off as we speak. and don't buy used That's a given. There is absolutely no point in considering SSD for this system. Maybe. This system also needs to act as a PXE boot server for a variety of clients, so it needs several gigs of storage space for all the images, and that storage needs to be fast enough that the clients can boot in a sane time frame. I'm not sure if random 16gb thumb drives will really cut it.
Re: Sluggish/laggy browser behaviour
Il 28/lug/2015 19:06, Stefan Sperling s...@stsp.name ha scritto: On Tue, Jul 28, 2015 at 04:17:16PM +0200, Benjamin Baier wrote: I might have gotten luky but this Thinkpad X220 plays 720p Youtube HTML5 video in Chromium without glitches, even on fullscreen. As long as there is no other system load. I've only tried firefox. AFAIK chromium makes some use of OpenGL. Perhaps that's why it works for you. something is fscked up wrt gstreamer playback (Firefox uses gstreamer) . Chromium and Iridium work fine for me on a T420. Cheers, David
Re: Sluggish/laggy browser behaviour
On 7/26/15, Henrik Friedrichsen hen...@diff.cc wrote: Hey On Sun, Jul 26, 2015 at 10:46:30PM +0100, Dimitris Papastamos wrote: Try viewtube[0] and gecko-mediaplayer instead. No hangs on my system at all. Yeah, that is a workaround. Sometimes I use youtube_dl with mpv. That was just one example, though ;p I've used essentially this[1] bound to a key in cwm ever since coming across it to watch videos... I prefer browsers to just browse[2]. #!/bin/sh # needs zenity, youtube-dl and vlc installed URL=$(zenity --entry --text Enter Video URL:) if [ $URL = ]; then echo You must enter a url. exit fi TMPFILE=$(mktemp /tmp/youtube-vid.XX) youtube-dl --no-part -f 18/0/h264-sd -o $TMPFILE $URL DL_PID=$! sleep 5 cvlc -f $TMPFILE vlc://quit kill $DL_PID rm $TMPFILE --- [1] http://daemonforums.org/showpost.php?s=985087eedf0b6bd2d04482749e5fd726p=50021postcount=29 [2] I say as typing this into gmail...
Re: Intel Atom?
On 2015-07-28, li...@wrant.com li...@wrant.com wrote: The 2 LAN GigE ports are enough for a router, one is shared for IPMI. Shared IPMI is *never* fine IMHO.
Re: Default OpenBSD browser
Hi. OpenBSD don't include browser by default, but my recommendation is always Mozilla Firefox. Regards On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan mbzade...@gmail.com wrote: Hi, As we know the default X Window manager for OpenBSD is fvwm http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is very usefull for initial using of OpenBSD. But Does OpenBSD have any WEB browser(Text or vs Image) by default? If have not, What is the best and lightest browser that usefull with fvwm? Thanks. I used to do some price changes on a wordpress site for a friend and it would take just under 10 mins on firefox/chromium and around 5 with xombrero ;-) due to much faster page loading and it is a fully graphical browser. I still keep firefox around, partly because javascript on some sites causes core dumps in webkit-gtk (less so these days) but also because it's easier than turning whitelist mode off to see if the issue is simply another dumb site that *relies* on third party javascript. If you don't mind learning a tiled window manager then spectrwm is written by some of the devs. -- KISSIS - Keep It Simple So It's Securable
Re: Default OpenBSD browser
On 7/28/15, Craig Skinner skin...@britvault.co.uk wrote: On 2015-07-28 Tue 15:30 PM |, Mohammad BadieZadegan wrote: What is the best and lightest browser that usefull with fvwm? Dillo is generally good, with Firefox for heavy sites. Depends on where _you_ surf. I'm just an obsd end-user, but it would be wrong for me to not say something nice to/ or about the devs behind the xombrero browser. I think xombrero is a diamond in the rough and I hope they keep polishing it until it becomes a common recommendation on this list. The authors are listed at the bottom of man xombrero
Re: Sluggish/laggy browser behaviour
On 2015-07-28, Stefan Sperling s...@stsp.name wrote: On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote: This problem is NOT specific to this model or any other machine (as far as I experienced). This issue was present on a few towers and still is on an Intel/Asus{1} based machine. You can try debugging FireFox or Chromium with gdb(1). {1} No dmesg, not on this machine at the moment. I have never seen fluent browser HTML5 video on any OpenBSD machine. Generally, videos at a fair resolution on OpenBSD played back without use of xvideo extensions or OpenGL are not watchable. My theory is that browsers rely on fast multi-core CPUs and multihreading in the kernel to show video smoothly. OpenBSD doesn't have multihreading in the kernel and is tuned for correctness rather than performance. Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single core machine running Linux? Would you expect that to work? IIRC it works better on GENERIC rather than GENERIC.MP. I haven't tried in a while though.
Re: Default OpenBSD browser
On July 29, 2015 12:23:34 AM GMT+02:00, Kevin Chadwick m8il1i...@gmail.com wrote: Hi. OpenBSD don't include browser by default, but my recommendation is always Mozilla Firefox. Regards On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan mbzade...@gmail.com wrote: Hi, As we know the default X Window manager for OpenBSD is fvwm http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is very usefull for initial using of OpenBSD. But Does OpenBSD have any WEB browser(Text or vs Image) by default? If have not, What is the best and lightest browser that usefull with fvwm? Thanks. I used to do some price changes on a wordpress site for a friend and it would take just under 10 mins on firefox/chromium and around 5 with xombrero ;-) due to much faster page loading and it is a fully graphical browser. I still keep firefox around, partly because javascript on some sites causes core dumps in webkit-gtk (less so these days) but also because it's easier than turning whitelist mode off to see if the issue is simply another dumb site that *relies* on third party javascript. If you don't mind learning a tiled window manager then spectrwm is written by some of the devs. Not intending to pick a fight with any of those devs putting their time and effort creating free software, but I moved away from spectrwm because it was a gem that never seemed to get that final touch. Whole admittedly a long time ago, that was the same reason I never really took up on xombrero, but maybe it got better. For anyone interested in spectrwm, I suggest *also* looking at i3wm. Not saying is better for everyone, but I lack very few features from it. /Alexander
Re: Sluggish/laggy browser behaviour
Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single core machine running Linux? Would you expect that to work? Can't be done, maybe with a new 1ghz with a newish intel gpu. It took me a while with custom settings to get mythtv just to play DVB (480?) video (mplayer worked) well on something like mythbuntu 7 or 9 and newer versions of mythbuntu couldn't on the same hardware and settings. I have a p4 3ghz with hd2400 pro that can play 1080p after some twiddling in mythtv (vdpau which I thought was for nvidia) but low grade iplayer HD (720P) is pushing it towards the limits on google chrome and I have another mythtv intel gpu 64 bit dual core (newer than duo) machine where chrome can play browser video but firefox really struggles. I'll love the day I can ditch those linux boxes with html5 being one step but I'm not sure I'll hold my breath for dvb/dvbs card support but maybe tv will all come through the internet via html5 in the future anyway :-) Things like sky go and many others only work with Windows and mobiles currently though. Pirate sites work of course and often have more conetent in one place as long as you can navigate the forests of javascript that OpenBSD is better suited to ;-) -- KISSIS - Keep It Simple So It's Securable
Re: Sluggish/laggy browser behaviour
On 07/28/2015 11:08 PM, Matthew Martin wrote: On 7/26/15, Henrik Friedrichsen hen...@diff.cc wrote: Hey On Sun, Jul 26, 2015 at 10:46:30PM +0100, Dimitris Papastamos wrote: Try viewtube[0] and gecko-mediaplayer instead. No hangs on my system at all. Yeah, that is a workaround. Sometimes I use youtube_dl with mpv. That was just one example, though ;p I've used essentially this[1] bound to a key in cwm ever since coming across it to watch videos... I prefer browsers to just browse[2]. #!/bin/sh # needs zenity, youtube-dl and vlc installed URL=$(zenity --entry --text Enter Video URL:) if [ $URL = ]; then echo You must enter a url. exit fi TMPFILE=$(mktemp /tmp/youtube-vid.XX) youtube-dl --no-part -f 18/0/h264-sd -o $TMPFILE $URL DL_PID=$! sleep 5 cvlc -f $TMPFILE vlc://quit kill $DL_PID rm $TMPFILE --- [1] http://daemonforums.org/showpost.php?s=985087eedf0b6bd2d04482749e5fd726p=50021postcount=29 [2] I say as typing this into gmail... Ha, someone's using my script on the internet ;) Nowadays mpv uses youtube-dl, so mpv url works with even less dependencies. Here's a newer version of my script: #!/bin/sh URL=$(xclip -o) if [ $URL = ]; then echo You must select a url. exit 1 fi mpv -fs $URL
Re: Intel Atom?
The 2 LAN GigE ports are enough for a router, one is shared for IPMI. Shared IPMI is *never* fine IMHO. The notion was that 2 ports are enough for a router, though I agree and have the same sentiment on the shared IPMI port. Supermicro did not put a standalone IPMI Ethernet port on the X7SPA-HF / X7SPE-HF chipset ICH9 boards in 2011 when I needed this. For personal use I can't justify an overpriced dual port PCI-e NIC and used the slot for a video card. As an alternative USB NICs exist, I have a couple of axe(4) off Ebay but not used it in live traffic, so can't say anything about its merits. That's one of the reasons (dedicated IPMI port) for recommending newer Atom based Supermicro C2000 series boards, yet the original poster is obviously looking for COTS consumer electronics general purpose inexpensive mini-ITX mainboards for home router project.