Re: aucat problems

2015-07-28 Thread Alexandre Ratchov
On Mon, Jul 27, 2015 at 04:47:56PM -0400, Stefan Berger wrote:
 Hi, 
 
 i have some trouble, configuring my audio devices: I want to 
 record with my internal microphone (Thinkpad x220i) or/and my headphones 
 with aucat, but I can't configure it according to FAQ because 
 the output from mixerctl is somehow, different. 

does playback work? assuping it does, if you run:

aucat -o test.wav

then speak to the microphone during 5 seconds, then hit ^C, then
run:

aucat -i test.wav

what do you hear?

could you post the output of mixerctl -v ?



Re: SPARC minimum hardware specification

2015-07-28 Thread Stuart Henderson
On 2015-07-27, Christian Weisgerber na...@mips.inka.de wrote:
 We're hurtling towards the 5.8 release and, as usual, ports and
 packages on non-x86 platforms are in dire shape.

 If you want to put your money where your mouth is, take a look at recent
 build logs and start fixing some of those problems.
 http://build-failures.rhaalovely.net/
 sparc64, powerpc, alpha, hppa, ...

 Yes, this requires skill and effort.

Some of them probably don't require that much skill, just access to the
machine arch and a little effort. Also look for BROKEN- in Makefiles.

Unfortunately a lot of the errors in these build logs would just go away
if the build was reattempted (Error: job failed 256) so it's hard to
spot which ports have real problems from the directory indices.



Re: aucat problems

2015-07-28 Thread Stefan Berger
I found this

http://archives.neohapsis.com/archives/openbsd/2010-12/0057.html

but aucat seemed to have changed, at least for me, I 
can't follow the explanation.  

I am running a Thinkpad x220i and I am pretty sure that 
my microphone is supported but I tried a lot of different 
settings with mixerctl, I am not 'there' yet.. 

greetings. 



Re: aucat problems

2015-07-28 Thread Alexandre Ratchov
On Tue, Jul 28, 2015 at 04:28:31AM -0400, Stefan Berger wrote:
 On Tue, Jul 28, 2015 at 10:01:56AM +0200, Alexandre Ratchov wrote:
  On Mon, Jul 27, 2015 at 04:47:56PM -0400, Stefan Berger wrote:
   Hi, 
   
   i have some trouble, configuring my audio devices: I want to 
   record with my internal microphone (Thinkpad x220i) or/and my headphones 
   with aucat, but I can't configure it according to FAQ because 
   the output from mixerctl is somehow, different. 
  
  does playback work? assuping it does, if you run:
  
  aucat -o test.wav
 
 I did that, but when I do the 
 
 aucat -i test.wav
 
 command, then I can't hear anything.  I also tried 
 
 aucat -c 0:1 -o 1.wav -c 2:3 -o 2.wav -c 4:5 -o 3.wav
 

For this to work, you've to restart sndiod with
the following args -C 0:5 -c 0:3.

But according to mixerctl, all 3 ADCs get their signal from mic2 so
all 3 files would have the same content.

 but nothing for all three files.  
 
  could you post the output of mixerctl -v ?
 
 here is my mixerctl -v output:  
 

First, try to crank all input gains:

mixerctl record.volume=255

 record.adc-0:1_source=mic2  [ sel sel2 mic2 mix ]
 record.adc-2:3_source=mic2  [ sel sel2 mic2 mix ]
 record.adc-4:5_source=mic2  [ sel sel2 mic2 mix ]
 inputs.sel_source=mic  [ mic ]

If it doesn't work, try to use the other mic:

mixerctl record.adc-0:1_source=sel
mixerctl record.adc-2:3_source=sel
mixerctl record.adc-4:5_source=sel



Loading (libdlrpc.so) by SPIKE fuzzer?!

2015-07-28 Thread Mohammad BadieZadegan
Hi all,
I compile spike fuzzer https://www.immunitysec.com/downloads/SPIKE2.9.tgz
file but when I execute that, it warning me to load libdlrpc.so firstly.
I copy this library from its src folder to /usr/lib but now I get these
error messages when running spike!

# ./generic_send_tcp
./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local'
./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local'
./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local'
.
.
.
.
.
./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local'
argc=1
Usage: ./generic_send_tcp host port spike_script SKIPVAR SKIPSTR
./generic_send_tcp 192.168.1.100 701 something.spk 0 0
#

How can I resolve this library errors?
Or
Where I must copied that libdlrpc.so?
Thanks in advance.

-- 
[image: See you on my WEB] http://933k.ir



doas, keepenv PATH segfault

2015-07-28 Thread Zé Loff
Hi all

On yesterday's amd64 -current (#1201), if PATH is added to the keepenv
list in doas.conf, e.g.

  permit keepenv { ENV PATH PKG_PATH PS1 SSH_AUTH_SOCK } :wheel as root

when attempting to run an inexistent command, doas segfaults instead of
exiting with command not found and retval 1.

I actually have no idea if keepenv PATH makes any sense, I just had a
couple of scripts in ~/bin that require sudo/doas -- but even if its a
stupid idea, segfaulting didn't seem right.

Cheers
Zé

-- 



Re: doas.conf: omitting [as root] allows me to run a command as everybody? [resolved]

2015-07-28 Thread Theo Buehler
On Mon, Jul 27, 2015 at 10:44:00PM +0200, Alexander Hall wrote:
 
 
 On July 27, 2015 3:22:13 PM GMT+02:00, Theo Buehler
 t...@math.ethz.ch wrote:
 On Mon, Jul 27, 2015 at 03:13:55PM +0200, Marc Espie wrote:
  On Mon, Jul 27, 2015 at 02:40:53PM +0200, Theo Buehler wrote:
  
   So omitting [as identity] allows me to run as every user, not
   just
 as
   root?  Is this intentional?
  
  I think it's intentional. It's definitely what I would expect [as
 identity]
  is a restrictive modifier. If you want to only be able to run as
 root, you
  write as root.  
 
 Ok thanks, this makes sense, but it is not quite clear (to me) from
 the docs that this is a restrictive quantifier.
 
 The the bit I quoted from the man page on as target sais The
 default is root., not root and everybody else.  (Sorry I should
 have written as target, not as identity in my mail)
  
  How would you phrase things if it wasn't the case ?..
 
 As indicated above I would probably write something like as root and
 every other user instead of simply as root.
 
 Assuming you are properly quoting the docs, and I have no reason to
 believe otherwise, it should certainly not say as root, but rather
 as anyone. 

This was resolved by tedu@'s most recent commit to doas.conf.5:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/doas.conf.5.diff?r1=1.12r2=1.13

Thanks to espie@ and halex@ for helping me understand where my confusion
came from.



OpenBSD machine was hacked

2015-07-28 Thread Wong Peter
Dear All,

Recently, I'm realized that my openbsd firewall router was not usable
anymore due to pf rules had changed by using carp and pfsync mechanism.

Here is my prove.

I'm tried to reinstall the whole machine and plugged in the modem LAN cable
to NIC card. All my written pf rules was flush and changed. This happen
even without internet connection(No IP address assign).

I'm suspected this is did by my ISP. I'm believed my openbsd machine was
located same subnet with their machine.

I'm even tried to disable carp protocol but my pf rules still get flushed
out.
How this can happen?
How to prevent it?
How my ISP can synchronize its pf rules to my machine without IP assign?
I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my
machine.
net.inet.carp.allow=0

Please help. Very urgent.






-- 
Linux



Re: aucat problems

2015-07-28 Thread Stefan Berger
On Tue, Jul 28, 2015 at 10:01:56AM +0200, Alexandre Ratchov wrote:
 On Mon, Jul 27, 2015 at 04:47:56PM -0400, Stefan Berger wrote:
  Hi, 
  
  i have some trouble, configuring my audio devices: I want to 
  record with my internal microphone (Thinkpad x220i) or/and my headphones 
  with aucat, but I can't configure it according to FAQ because 
  the output from mixerctl is somehow, different. 
 
 does playback work? assuping it does, if you run:
 
 aucat -o test.wav

I did that, but when I do the 

aucat -i test.wav

command, then I can't hear anything.  I also tried 

aucat -c 0:1 -o 1.wav -c 2:3 -o 2.wav -c 4:5 -o 3.wav

but nothing for all three files.  

 could you post the output of mixerctl -v ?

here is my mixerctl -v output:  

inputs.dac-0:1_mute=off  [ off on ]
inputs.dac-0:1=180,180 
inputs.dac-2:3_mute=off  [ off on ]
inputs.dac-2:3=180,180 
inputs.beep=108 
record.adc-0:1_source=mic2  [ sel sel2 mic2 mix ]
record.adc-0:1_mute=off  [ off on ]
record.adc-0:1=126,126 
record.adc-2:3_source=mic2  [ sel sel2 mic2 mix ]
record.adc-2:3_mute=off  [ off on ]
record.adc-2:3=126,126 
record.adc-4:5_source=mic2  [ sel sel2 mic2 mix ]
record.adc-4:5_mute=off  [ off on ]
record.adc-4:5=126,126 
inputs.sel_source=mic  [ mic ]
outputs.sel=126,126 
inputs.sel2_source=mic  [ mic ]
outputs.sel2=126,126 
outputs.hp_source=dac-0:1  [ dac-0:1 dac-2:3 ]
outputs.hp_boost=off  [ off on ]
outputs.mic_source=dac-0:1  [ dac-0:1 dac-2:3 ]
outputs.mic_dir=input-vr80  [ none output input input-vr50 input-vr80 ]
outputs.mic_eapd=on  [ off on ]
outputs.spkr_source=dac-2:3  [ dac-0:1 dac-2:3 ]
inputs.mic2=126,126 
inputs.mix_source=dac-0:1,dac-2:3  { dac-0:1 dac-2:3 }
inputs.mix_dac-0:1=126,126 
inputs.mix_dac-2:3=126,126 
outputs.hp_sense=unplugged  [ unplugged plugged ]
outputs.mic_sense=unplugged  [ unplugged plugged ]
outputs.spkr_muters=hp,mic  { hp mic }
outputs.master=181,181 
outputs.master.mute=off  [ off on ]
outputs.master.slaves=dac-0:1,dac-2:3  { dac-0:1 dac-2:3 beep sel sel2 }
record.volume=126,126 
record.volume.mute=off  [ off on ]
record.volume.slaves=adc-0:1,adc-2:3,adc-4:5  { adc-0:1 adc-2:3 adc-4:5 mic2 }



Re: OpenBSD machine was hacked

2015-07-28 Thread Wong Peter
What information you all require?

On Tue, Jul 28, 2015 at 10:28 PM, Giancarlo Razzolini grazzol...@gmail.com
wrote:

 Em 28-07-2015 06:17, Wong Peter escreveu:
  Dear All,
 
  Recently, I'm realized that my openbsd firewall router was not usable
  anymore due to pf rules had changed by using carp and pfsync mechanism.
 
  Here is my prove.
 
  I'm tried to reinstall the whole machine and plugged in the modem LAN
 cable
  to NIC card. All my written pf rules was flush and changed. This happen
  even without internet connection(No IP address assign).
 
  I'm suspected this is did by my ISP. I'm believed my openbsd machine was
  located same subnet with their machine.
 
  I'm even tried to disable carp protocol but my pf rules still get flushed
  out.
  How this can happen?
  How to prevent it?
  How my ISP can synchronize its pf rules to my machine without IP assign?
  I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to
 my
  machine.
  net.inet.carp.allow=0
 
  Please help. Very urgent.
 
 
 
 
 
 
 You use a very controversial subject in order to draw attention in the
 hope that someone will help you. And not only you can't manage to give a
 shred of evidence to support your claim, as you can't even manage to
 provide enough information for some good soul on this list to help you.
 Come back when you sorted this out.

 Cheers,
 Giancarlo Razzolini




-- 
Linux



Re: rdomain with BGP dynamic route

2015-07-28 Thread Adam Thompson

I see what you mean.

This, I think, is close to what you're looking for, but I'm not 100% 
certain of how to accomplish exactly what you want:


  nexthop qualify via bgp
  listen on A.B.C.D  ## vrf member address of, say, em1
  rtable 2  ## put vrf interface into rdomain 2 via ifconfig?
  rdomain 2 {
rd 123:456
depend on em1
  }
  neighbor VPNCLIENT1 {
depend on em1
  }

...I don't know how to avoid running a separate instance of bgpd(8) per 
VRF, however.


Given that OpenBSD has, apparently, a working MPLS + LDP implementation, 
this is obviously yet another case where the manual pages contain enough 
information


Based on jeker's MPLS paper back at EuroBSDCon 2011, it may be the case 
that BGP + VRF really only works work mpe(4).


Ah!  I found someone else's documentation that explains it... you do 
still need to use rdomain0, but you MUST tag the routes.  rdomain0 
contains everything, including the [possibly overlapping] routes, but 
with prefixes to keep them separate.


See http://firstyear.id.au/entry/21. Also see jeker's explanation 
(perhaps dated) here: 
http://openbsd-archive.7691.n7.nabble.com/Using-RDomain-setup-with-pf-4-and-bgpd-8-td42066.html.


(Also check out http://lmgtfy.com/?q=openbsd+bgp+vrf. Admittedly, the 
fourth or fifth result _is_ this thread :-/.)


Failing that, as I can't tell for certain if it does what you want, wait 
for Claudio, Henning, or whoever else is working on it now to figure out 
how to make it work better!  I hear sending them beer sometimes helps...


-Adam




On 07/24/2015 08:07 PM, XU, YANG (YANG) wrote:

Adam,

I really appreciate your reply. I read bgpd.conf and see rdomain can only 
define network as explicit, static or connected. In my case, I need to import 
dynamic prefix from BGP session. Right now all prefix learned from BGP goes to 
rdomain 0.  I want to put prefix learned from BGP into the rdomain I specify.

Thanks,
-Yang

From: Adam Thompson [athom...@athompso.net]
Sent: 24 July 2015 20:33
To: XU, YANG  (YANG)
Subject: Re: rdomain with BGP dynamic route

On 2015-07-24 06:47 AM, XU, YANG (YANG) wrote:

Let me describe it in another way. Can I create a new rdomain as a VRF and use 
the rdomain to import/export customer's prefix through BGP?

I will greatly appreciate it if you can provide any information. I have seen 
some information online, but prefix is either from static configuration or 
connected network. In my case, I need to support dynamic routes from BGP in VRF.

Short answer: yes.

See man bgpd.conf(5):

ROUTING DOMAIN CONFIGURATION
bgpd(8) supports the setup and distribution of Virtual Private Networks.
It is possible to import and export prefixes between routing domains.
Each routing domain is specified by an rdomain section, which allows
properties to be set specifically for that rdomain:
rdomain 1 {
  descr a rdomain
  rd 65002:1
  import-target rt 65002:42
  export-target rt 65002:42
  network 192.168.1/24
  depend on mpe0
}

--
-Adam Thompson
   athom...@athompso.net




Re: OpenBSD machine was hacked

2015-07-28 Thread Joel Rees
One question at a time.

On Tue, Jul 28, 2015 at 6:17 PM, Wong Peter peterap...@gmail.com wrote:
 Dear All,

 Recently, I'm realized that my openbsd firewall router was not usable
 anymore

What symptoms?

 due to pf rules had changed

Can you show the configuration, the rules before the undesired
changes, and the rules after the changes?

 by using carp and pfsync mechanism.

Have you checked for unauthorized logins, rootkits, and such things?

 Here is my prove.

Without the log messages that should be generated when you went
through this, it's hard to analyze this.

 I'm tried to reinstall the whole machine and plugged in the modem LAN cable
 to NIC card. All my written pf rules was flush and changed. This happen
 even without internet connection(No IP address assign).

Can you provide copies of your logs when you did this?

If not, can you do it again, keeping logs this time?

 I'm suspected this is did by my ISP. I'm believed my openbsd machine was
 located same subnet with their machine.

Check your DHCP client, as well. Both the configuration and the logs.

 I'm even tried to disable carp protocol but my pf rules still get flushed
 out.

Again, can you show before and after?

 How this can happen?

How can what happen?

 How to prevent it?

It's hard to prevent things you don't understand.

And it's hard to give advice when it seems like the advice won't be
understood. (Pardon me for being blunt.)

 How my ISP can synchronize its pf rules to my machine without IP assign?

Why ask this question before you know what really happened?

 I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my
 machine.
 net.inet.carp.allow=0

Suspicion is free, but it doesn't help without understanding.

 Please help. Very urgent.

Get answers to the first questions first.

The other questions don't make sense without answers to the first questions.

If it's urgent, that's all the more reason to start with questions you
can understand.

(This is what everyone else is saying.)

-- 
Joel Rees

Be careful when you look at conspiracy.
Arm yourself with knowledge of yourself, as well:
http://reiisi.blogspot.jp/2011/10/conspiracy-theories.html



Re: Default OpenBSD browser

2015-07-28 Thread Brendan Desmond

On 2015-07-28, li...@wrant.com wrote:

 What is the best and lightest browser...

Dillo is generally good, with Firefox for heavy sites.


Seconded. The default browser concept is most probably not a good
idea (read a bad idea) for any OS.

There is no such thing as best, but for lightest:

Dillo is very fast lightweight and almost always renders correct the
proper sites, and has no JavaScript vulnerabilities (for now). Helps
read web pages daily.

The ftp(1) works great for command line client, used daily.

Any opinions on w3m as an alternative to the much debated lynx for
casual text mode browsing?



I use w3m daily and heavily for browsing most basic web pages or if I just want
to read text content when the look/layout of a page is not necessary for me.
It handles cookies if you want it to, with easy cookie management. Has tabs,
but doesn't remember sessions (unless you are using the w3m Emacs plugin, which
I have never tried). I also use it to browse directories that have a lot of
HTML files, like my book and web archive collections. I've used its external
browser functions to attach URL yanking to keybinds (hint: define a browser
as xsel), which is handy.

It has an image mode which seems to be pretty hackish and has never worked
smoothly for me, at least running rxvt with tmux. I use it rarely, and instead
use the program's mailcap file to define an image viewer, and view images
externally by selecting them and hitting a keybind.

Some of the features and options can be difficult to discover or decipher due
partly to the state of the English documentation (author is Japanese). Maybe
someday when I find more time I can contribute to the documentation, and maybe
one day, the code.

Seconding Dillo for a quick, no-nonsense graphical browser. And of course there
is always surf[1].

[1] http://surf.suckless.org

-Brendan



'PermitRootLogin no' sshd_config default on latest snapshot even though ssh root key specified in install.conf

2015-07-28 Thread Seth
Today I ran an automated installation using the latest amd64 install58.iso  
media.


A root ssh key was specified in install.conf, and the key is being  
correctly installed in /root/.ssh/authorized_keys.


This method was working fine with the 5.7 release, but apparently 5.8 now  
sets 'PermitRootLogin no' in /etc/ssh/sshd_config even when a root ssh key  
is specified in install.conf.


Looking through the relevant commits over the last few months [1], it  
appears that the setting keeps getting 'twiddled' back and forth.


What's the long term plan for this? My preference is that root ssh pubkey  
logins are allowed on reboot.


[1] http://freshbsd.org/search?project=openbsdq=permitrootlogin



Re: OpenBSD machine was hacked

2015-07-28 Thread Martin Brandenburg
On Wed, 29 Jul 2015, Wong Peter wrote:

 Q:why do you believe that your machine was hacked?
 A: My pf rules was flushed.This can prove using pfctl -sr. The whoe
 firewall was not usable anymore. NO NAT nor packet filtering.
 
 Q: You say that whatever happened was done by your ISP even though you had
 no Internet connection.Why do you believe that to be true?
 A: Our ISP had implement monitoring like NSA or British CGHQ. Moreover,
 Hacking openBSD is not that easy. First hop hacking is much more easier
 than anyone.
 
 Q: Why do you believe that you had no Internet connection?
 A: No response when ping dns server and no IP address assign to pppoe0
 interface.
 
 Q:  If you had no Internet connection, how is it that someone at your ISP
 would have been able to access the machine?
 A: I had no idea. Thus, I was asked it here.
 
 Q: Where is the machine actually located?
 A: This is a home use firewall router sit behind a modem.
 
 Where to find log files regarding pf rule was flushed out using carp or
 pfsync?
 
 I'm understand you all want to help me and you all require information.
 I'm tried to extract the whole OS into zip file and copied to portable hard
 disk but it failed.
 It say no such file or directory.
 cp /home/user/bsd.tar.gz /mnt/obsd/
 
 What wrong with it?

I see no evidence that your ISP hacked your machine. As you say hacking
OpenBSD is not easy. Further it is difficult to imagine what motive
somebody might have in hacking into your machine and turning your
Internet connection and NAT off.

One plausable scenario is that your firewall rules are not setup
correctly to begin with, and the machine rebooted due to a power
interruption, and the firewall rules never got put back in. There are
many other plausable scenarios that somebody with more time could think
of.

Is your computer set up to restore the connection and firewall on boot?
Have you tested that?

As far as intrusion goes, the best place to look would be
/var/log/authlog, which will record logins. However I think what I've
outlined above will be a more fruitful approach.

Further your entire OS image is far too large to send here, and very few
people here will have the patience to wade through it searching for your
problem.

If cp says no such file or directory then either the source file path
is wrong or the destination directory does not exist. To be very blunt,
the fact that you did not know this makes me suspect that you have
misconfigured your system in some way. Describe how you configured it,
and somebody may be able to help you.

-- Martin



Re: OpenBSD machine was hacked

2015-07-28 Thread Daniel Boulet
There is all sorts of information that you could provide:

- why do you believe that your machine was hacked? You seem to think that 
someone at your ISP did whatever was done. Why do you believe that to be true? 
Why would someone at your ISP want to do this? Why would someone at you ISP be 
better able to do this than some random bad person out on the Internet?

- you say that whatever happened was done by your ISP even though you had no 
Internet connection. Why do you believe that this is even possible? Why do you 
believe that you had no Internet connection? If you had no Internet connection, 
how is it that someone at your ISP would have been able to access the machine? 
Where is the machine actually located?

- you say that your pf rules were flushed. Why do you believe that they were 
ever loaded in the first place? Can you demonstrate that the rules were in 
place at one point in time and that they are no longer in place later? Have you 
tried rebooting the machine and then immediately checking to see if the rules 
are there or not?

- you say that you suspect that your ISP used some sort of “Layer 2 by using 
mac spoofing/mac target” technique. Please say more about “some sort of” - what 
sort of? Why do you believe that this technique, whatever it is, might work? 
Can you even provide a basic explanation of how this technique, whatever it is, 
might have been used to hack your machine or is this just a theory with no 
evidence to support it.

There are lots of other questions you could answer. For example, what messages 
appear in your log files that support your theory? Even a list of the evidence 
that you see that supports your theory might help. It almost sounds like you 
are saying that you cannot figure out how whatever happened occurred so it must 
have been someone at your ISP. That is a pretty big leap to make without some 
evidence that actually points at your ISP.

-Danny

 On Jul 28, 2015, at 18:00 , Wong Peter peterap...@gmail.com wrote:
 
 What information you all require?
 
 On Tue, Jul 28, 2015 at 10:28 PM, Giancarlo Razzolini grazzol...@gmail.com
 wrote:
 
 Em 28-07-2015 06:17, Wong Peter escreveu:
 Dear All,
 
 Recently, I'm realized that my openbsd firewall router was not usable
 anymore due to pf rules had changed by using carp and pfsync mechanism.
 
 Here is my prove.
 
 I'm tried to reinstall the whole machine and plugged in the modem LAN
 cable
 to NIC card. All my written pf rules was flush and changed. This happen
 even without internet connection(No IP address assign).
 
 I'm suspected this is did by my ISP. I'm believed my openbsd machine was
 located same subnet with their machine.
 
 I'm even tried to disable carp protocol but my pf rules still get flushed
 out.
 How this can happen?
 How to prevent it?
 How my ISP can synchronize its pf rules to my machine without IP assign?
 I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to
 my
 machine.
 net.inet.carp.allow=0
 
 Please help. Very urgent.
 
 
 
 
 
 
 You use a very controversial subject in order to draw attention in the
 hope that someone will help you. And not only you can't manage to give a
 shred of evidence to support your claim, as you can't even manage to
 provide enough information for some good soul on this list to help you.
 Come back when you sorted this out.
 
 Cheers,
 Giancarlo Razzolini
 
 
 
 
 -- 
 Linux



Re: OpenBSD machine was hacked

2015-07-28 Thread Wong Peter
Q:why do you believe that your machine was hacked?
A: My pf rules was flushed.This can prove using pfctl -sr. The whoe
firewall was not usable anymore. NO NAT nor packet filtering.

Q: You say that whatever happened was done by your ISP even though you had
no Internet connection.Why do you believe that to be true?
A: Our ISP had implement monitoring like NSA or British CGHQ. Moreover,
Hacking openBSD is not that easy. First hop hacking is much more easier
than anyone.

Q: Why do you believe that you had no Internet connection?
A: No response when ping dns server and no IP address assign to pppoe0
interface.

Q:  If you had no Internet connection, how is it that someone at your ISP
would have been able to access the machine?
A: I had no idea. Thus, I was asked it here.

Q: Where is the machine actually located?
A: This is a home use firewall router sit behind a modem.

Where to find log files regarding pf rule was flushed out using carp or
pfsync?

I'm understand you all want to help me and you all require information.
I'm tried to extract the whole OS into zip file and copied to portable hard
disk but it failed.
It say no such file or directory.
cp /home/user/bsd.tar.gz /mnt/obsd/

What wrong with it?











On Wed, Jul 29, 2015 at 8:26 AM, Daniel Boulet da...@matilda.com wrote:

 There is all sorts of information that you could provide:

 - why do you believe that your machine was hacked? You seem to think that
 someone at your ISP did whatever was done. Why do you believe that to be
 true? Why would someone at your ISP want to do this? Why would someone at
 you ISP be better able to do this than some random bad person out on the
 Internet?

 - you say that whatever happened was done by your ISP even though you had
 no Internet connection. Why do you believe that this is even possible? Why
 do you believe that you had no Internet connection? If you had no Internet
 connection, how is it that someone at your ISP would have been able to
 access the machine? Where is the machine actually located?

 - you say that your pf rules were flushed. Why do you believe that they
 were ever loaded in the first place? Can you demonstrate that the rules
 were in place at one point in time and that they are no longer in place
 later? Have you tried rebooting the machine and then immediately checking
 to see if the rules are there or not?

 - you say that you suspect that your ISP used some sort of “Layer 2 by
 using mac spoofing/mac target” technique. Please say more about “some
sort
 of” - what sort of? Why do you believe that this technique, whatever it
is,
 might work? Can you even provide a basic explanation of how this technique,
 whatever it is, might have been used to hack your machine or is this just a
 theory with no evidence to support it.

 There are lots of other questions you could answer. For example, what
 messages appear in your log files that support your theory? Even a list of
 the evidence that you see that supports your theory might help. It almost
 sounds like you are saying that you cannot figure out how whatever happened
 occurred so it must have been someone at your ISP. That is a pretty big
 leap to make without some evidence that actually points at your ISP.

 -Danny

  On Jul 28, 2015, at 18:00 , Wong Peter peterap...@gmail.com wrote:
 
  What information you all require?
 
  On Tue, Jul 28, 2015 at 10:28 PM, Giancarlo Razzolini 
 grazzol...@gmail.com
  wrote:
 
  Em 28-07-2015 06:17, Wong Peter escreveu:
  Dear All,
 
  Recently, I'm realized that my openbsd firewall router was not usable
  anymore due to pf rules had changed by using carp and pfsync mechanism.
 
  Here is my prove.
 
  I'm tried to reinstall the whole machine and plugged in the modem LAN
  cable
  to NIC card. All my written pf rules was flush and changed. This happen
  even without internet connection(No IP address assign).
 
  I'm suspected this is did by my ISP. I'm believed my openbsd machine
 was
  located same subnet with their machine.
 
  I'm even tried to disable carp protocol but my pf rules still get
 flushed
  out.
  How this can happen?
  How to prevent it?
  How my ISP can synchronize its pf rules to my machine without IP
 assign?
  I'm suspect they achieved at Layer 2 by using mac spoofing/mac target
 to
  my
  machine.
  net.inet.carp.allow=0
 
  Please help. Very urgent.
 
 
 
 
 
 
  You use a very controversial subject in order to draw attention in the
  hope that someone will help you. And not only you can't manage to give a
  shred of evidence to support your claim, as you can't even manage to
  provide enough information for some good soul on this list to help you.
  Come back when you sorted this out.
 
  Cheers,
  Giancarlo Razzolini
 
 
 
 
  --
  Linux
 




--
Linux



Re: OpenBSD machine was hacked

2015-07-28 Thread Giancarlo Razzolini
Em 28-07-2015 06:17, Wong Peter escreveu:
 Dear All,

 Recently, I'm realized that my openbsd firewall router was not usable
 anymore due to pf rules had changed by using carp and pfsync mechanism.

 Here is my prove.

 I'm tried to reinstall the whole machine and plugged in the modem LAN cable
 to NIC card. All my written pf rules was flush and changed. This happen
 even without internet connection(No IP address assign).

 I'm suspected this is did by my ISP. I'm believed my openbsd machine was
 located same subnet with their machine.

 I'm even tried to disable carp protocol but my pf rules still get flushed
 out.
 How this can happen?
 How to prevent it?
 How my ISP can synchronize its pf rules to my machine without IP assign?
 I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my
 machine.
 net.inet.carp.allow=0

 Please help. Very urgent.






You use a very controversial subject in order to draw attention in the
hope that someone will help you. And not only you can't manage to give a
shred of evidence to support your claim, as you can't even manage to
provide enough information for some good soul on this list to help you.
Come back when you sorted this out.

Cheers,
Giancarlo Razzolini



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Maurice McCarthy
On Tue, Jul 28, 2015 at 02:48:41PM +0200 or thereabouts, Stefan Sperling wrote:
 On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote:
  This problem is NOT specific to this model or any other machine (as far as 
  I experienced).
  This issue was present on a few towers and still is on an Intel/Asus{1} 
  based machine.
  You can try debugging FireFox or Chromium with gdb(1).
  
  {1} No dmesg, not on this machine at the moment.
 
 I have never seen fluent browser HTML5 video on any OpenBSD machine.

Same here. I always download any video content first and play it in vlc or
mplayer. The chaps at Jondo reckon it is a little safer too.
https://anonymous-proxy-servers.net/en/faq-jondofox.html#1c 

 Generally, videos at a fair resolution on OpenBSD played back without
 use of xvideo extensions or OpenGL are not watchable.
 
 My theory is that browsers rely on fast multi-core CPUs and multihreading in
 the kernel to show video smoothly. OpenBSD doesn't have multihreading in
 the kernel and is tuned for correctness rather than performance.
 
 Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single
 core machine running Linux? Would you expect that to work?



Re: doas, keepenv PATH segfault

2015-07-28 Thread Vadim Zhukov
2015-07-28 12:34 GMT+03:00 Zé Loff zel...@zeloff.org:
 Hi all

 On yesterday's amd64 -current (#1201), if PATH is added to the keepenv
 list in doas.conf, e.g.

   permit keepenv { ENV PATH PKG_PATH PS1 SSH_AUTH_SOCK } :wheel as root

 when attempting to run an inexistent command, doas segfaults instead of
 exiting with command not found and retval 1.

 I actually have no idea if keepenv PATH makes any sense, I just had a
 couple of scripts in ~/bin that require sudo/doas -- but even if its a
 stupid idea, segfaulting didn't seem right.

Hi,

thank you for the report. I've just committed the fix; please check
that your usecase is happy now.

--
  WBR,
  Vadim Zhukov



Re: IPV6 routing issue

2015-07-28 Thread Giancarlo Razzolini
Em 25-07-2015 11:50, Stuart Henderson escreveu:
 Actually that's fine, a point-to-point interface can be unnumbered,
 or in the case of IPv6, it can just have a link-local address.

In my case I don't have a ppp interface, my CPE talks to my OpenBSD
firewall through normal LAN.

 DHCPv6 PD would give you a /64 or (if allowed by the ISP) a larger
 prefix to assign to interfaces as you choose. Normally you would
 assign this to internal interface/s, but assuming the ISP allows
 more than a /64, you *can* apply part of that delegation to the
 PPP interface if you would like it to have a globally routable
 address.
This is one of my problems, my ISP would only give me a /64 prefix, not
a /56 or other manageable size. I can ask a PD from the CPE, but the
only prefix already is delegated to the CPE itself. So the CPE keeps
asking me neighbor solicitation messages, and won't route the packets.
Unless I use NDP proxying, I can't do normal routing. As I stated, I did
a bridge. When I have some free time I'll visit the NDP proxy again.
Perhaps I'll be able to port some of the existing solutions to OpenBSD.

Cheers,
Giancarlo Razzolini



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Benjamin Baier
On Tue, 28 Jul 2015 14:48:41 +0200
Stefan Sperling s...@stsp.name wrote:

 On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote:
  This problem is NOT specific to this model or any other machine (as far as 
  I experienced).
  This issue was present on a few towers and still is on an Intel/Asus{1} 
  based machine.
  You can try debugging FireFox or Chromium with gdb(1).
  
  {1} No dmesg, not on this machine at the moment.
 
 I have never seen fluent browser HTML5 video on any OpenBSD machine.
 Generally, videos at a fair resolution on OpenBSD played back without
 use of xvideo extensions or OpenGL are not watchable.
I might have gotten luky but this Thinkpad X220 plays 720p Youtube HTML5
video in Chromium without glitches, even on fullscreen.
As long as there is no other system load.

 My theory is that browsers rely on fast multi-core CPUs and multihreading in
 the kernel to show video smoothly. OpenBSD doesn't have multihreading in
 the kernel and is tuned for correctness rather than performance.
 
 Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single
 core machine running Linux? Would you expect that to work?
 

OpenBSD 5.8 (GENERIC.MP) #2: Mon Jul 27 21:42:02 CEST 2015

b...@x220.home.netzbasis.de:/git/hellfish/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8451125248 (8059MB)
avail mem = 8191107072 (7811MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
bios0: vendor LENOVO version 8DET69WW (1.39 ) date 07/18/2013
bios0: LENOVO 4287CTO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT 
SSDT DMAR UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) 
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.29 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 5 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP7)
acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4861 serial 12675 type LION oem SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK docked (15)
cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 
1400, 1200, 1000, 

Re: Default OpenBSD browser

2015-07-28 Thread Gerald Hanuer
 Hello,

   Thoughts on Links+.

   Code quality, security and generial usefulness.


  Regards

   Gerald Hanuer



Re: Default OpenBSD browser

2015-07-28 Thread Mariano Baragiola
There's a FAQ section for this[0].

Personally, I mostly use Firefox for everything and works
quite well. But also use from time to time Chromium,
for YouTube, SoundCloud, Google Apps, etc.

[0] http://www.openbsd.org/faq/faq8.html#Browsers



Re: Default OpenBSD browser

2015-07-28 Thread Francisco Valladolid H.
Hi.

OpenBSD don't include browser by default, but my recommendation is
always Mozilla Firefox.

Regards

On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan
mbzade...@gmail.com wrote:
 Hi,
 As we know the default X Window manager for OpenBSD is fvwm
 http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is
 very usefull for initial using of OpenBSD.
 But Does OpenBSD have any WEB browser(Text or vs Image) by default?
 If have not, What is the best and lightest browser that usefull with fvwm?
 Thanks.




-- 
Francisco Valladolid H.
 -- http://blog.bsdguy.net - Jesus Christ follower.



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Christian Weisgerber
On 2015-07-28, Maurice McCarthy m...@mythic-beasts.com wrote:

 I have never seen fluent browser HTML5 video on any OpenBSD machine.

 Same here. I always download any video content first and play it in vlc or
 mplayer. The chaps at Jondo reckon it is a little safer too.
 https://anonymous-proxy-servers.net/en/faq-jondofox.html#1c 

Their remark is specifically about Flash and not at all about HTML5.

Both VLC and MPlayer are kitchen-sink applications full of dubious
code.  VLC gets regular security advertisements; MPlayer doesn't,
but that probably just means that nobody can be bothered to write
them.

-- 
Christian naddy Weisgerber  na...@mips.inka.de



Re: Intel Atom?

2015-07-28 Thread lists
  Recommendation for a very capable router are C2750/C2758 Supermicro
 
 So, do you think we'd *need* a board like that?

Depends on your specific requirements in terms of expected bottlenecks.

 The reason I ask is
 that they're nearly twice the price of other dual-gigE Atom boards,
 and the ECC SODIMMs don't help.

ECC RAM always helps in the long term, if the board is collocated this
can save you a trip or two / remote hands fees. Even for home use ECC
is considered a reliability feature (at about 5-15% annual rate of
random memory errors) if the device is powered 24/7.

 If you're saying that an old D525 can
 handle our traffic needs and is well supported, I'm don't think
 springing for this board makes sense.

I am saying it handles my specific needs since early 2011 and also
saying that newer Atoms are preferred if budget allows this, for added
performance in the same thermal dissipation and power usage.

Regarding price, if you plan to use a Supermicro board, those are more
expensive than comparable other brands, even more expensive than
comparable Intel boards. At the time I was shopping the best
available Atom offers were D525 boards from Supermicro. I could have
dealt away with an Intel board and still be happy (lower priced other
boards were not yet listed), but I'd not have IMPI  serial BIOS (out
of band) access.

D525 is an older Atom CPU on ICH9R chipset and a lot less capable
compared to newer Atoms, especially the ones recommended. It does not
have the VT-* (think virtualisation) extensions, but a router or
storage appliance does not need these.

http://ark.intel.com/products/49490/Intel-Atom-Processor-D525-1M-Cache-1_80-GHz

With a grain of salt as the benchmarks are unreliable source of
performance comparisons (and these promote a utility):

http://www.cpubenchmark.net/cpu.php?cpu=Intel+Atom+D525+%40+1.80GHz

$ md5 -tt 
MD5 time trial.  Processing 10 1-byte blocks...
Digest = 766a2bb5d24bddae466c572bcabca3ee
Time   = 4.094940 seconds
Speed  = 244203822.278226 bytes/second

Here is one good board:

http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPA-HF-D525.cfm

If you want to use X, stick a cheap low power fanless single slot Radeon
HD5450 in it, this supports OK up to dual link DVI 2560x1440 + VGA
1920x1200 together. The included in the mainboard Matrox G200eW video
works OK to boot up and with special tweaking has worked for X but not
at the moment. With the added video card the system works quite
responsive for a low power on board soldered processor driven desktop.

The system can run headless with no monitor/keyboard entirely commanded
over the serial port including BIOS access. Serial over LAN works OK
too, but serial 3 wire does not depend on network. Always consider a
spare monitor  keyboard attached / around the system just in case.

There is no point in using more than 4 GB RAM, though there are reports
it can boot with 8 GB RAM, those are silly tricks. The CPU spec says it
can address 4 GB and the mainboard spec as well 4 GB. Pick good RAM
exactly timed per the spec as the board will not boot up with
unreliable funky cheap RAM and you will be glad in the long term for
the RAM choice. This board is not your choice for ZFS/RAID fate abuse,
but works great for a NAS provider, this comment is in regard to the 8
GB silliness. This system does not support ECC RAM.

http://www.servethehome.com/supermicro-x7spehfd525-8gb-ddr3-ipmi-pfsense-freenas-unraid-linux-power-consumption/

The total power consumption bare is about 35-40 W, if you plan to
populate more than 1 of the 6 SATA ports, consider a reliable 200 W PSU
so it can function halfway loaded. These 200 W specify total power
summary across voltages and are maximum power load before failure, not
normal working (at efficient levels) power use. Even with no drives,
still pick a 200 W PSU standard form factor case.

The 2 LAN GigE ports are enough for a router, one is shared for IPMI.
These are just fine in OpenBSD as em(4) devices. I'll put the dmesg
later in the message, no glitches for years, happily saturate the
network with SSH  rsync.

Everything works great on the board and is well supported, I have it
and this runs flawless almost idle since 2011 when I bought it. IPMI
works as advertised, you have to patch the BIOS  IPMI firmwares to
close vulnerability (in IPMI) and confine the IMPI (shared LAN) on
local network only even with proper set up.

It will need a case fan (or two for redundancy) because the CPU is
fanless and produces enough heat (about 15-20 W TDP) and even without a
Radeon added (20 W more) inside, the system can not rely on free air
convection in a tower / desktop small form factor (mini-ITX) case.

Remember, these boards are designed to be put in controlled temperature
environments in 1U rack mount cases where air is flowing through the
chassis. You can't leave it just heat up the temperature sensitive
components (capacitors, HDDs) without shortening their life.


Re: OpenBSD machine was hacked

2015-07-28 Thread Wong Peter
The changes was not done to /etc/pf.conf file but it is on runtime.

I'm issues pfctl -sr command which reflect this.


On Tue, Jul 28, 2015 at 5:35 PM, Stefan Wollny ste...@wollny.de wrote:

 Hi,

 I can't tell you anything what might have happend as you didn't provide
 enough information and I am not educated to give any hints. But to prevent
 any changes you might consider using chflags after you have set up your
 pf.conf:

 $ sudo chflags schg /etc/pf.conf

 Keep in mind that changes thereafter are only possible if you reboot into
 insecure mode. man 1 chflags is your friend.

 If this doesn't help it is beyond my knowledge.

 Good luck!
 STEFAN


 *Gesendet:* Dienstag, 28. Juli 2015 um 11:17 Uhr
 *Von:* Wong Peter peterap...@gmail.com
 *An:* misc@openbsd.org
 *Betreff:* OpenBSD machine was hacked
 Dear All,

 Recently, I'm realized that my openbsd firewall router was not usable
 anymore due to pf rules had changed by using carp and pfsync mechanism.

 Here is my prove.

 I'm tried to reinstall the whole machine and plugged in the modem LAN cable
 to NIC card. All my written pf rules was flush and changed. This happen
 even without internet connection(No IP address assign).

 I'm suspected this is did by my ISP. I'm believed my openbsd machine was
 located same subnet with their machine.

 I'm even tried to disable carp protocol but my pf rules still get flushed
 out.
 How this can happen?
 How to prevent it?
 How my ISP can synchronize its pf rules to my machine without IP assign?
 I'm suspect they achieved at Layer 2 by using mac spoofing/mac target to my
 machine.
 net.inet.carp.allow=0

 Please help. Very urgent.






 --
 Linux





-- 
Linux



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Stefan Sperling
On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote:
 This problem is NOT specific to this model or any other machine (as far as I 
 experienced).
 This issue was present on a few towers and still is on an Intel/Asus{1} based 
 machine.
 You can try debugging FireFox or Chromium with gdb(1).
 
 {1} No dmesg, not on this machine at the moment.

I have never seen fluent browser HTML5 video on any OpenBSD machine.
Generally, videos at a fair resolution on OpenBSD played back without
use of xvideo extensions or OpenGL are not watchable.

My theory is that browsers rely on fast multi-core CPUs and multihreading in
the kernel to show video smoothly. OpenBSD doesn't have multihreading in
the kernel and is tuned for correctness rather than performance.

Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single
core machine running Linux? Would you expect that to work?



Default OpenBSD browser

2015-07-28 Thread Mohammad BadieZadegan
Hi,
As we know the default X Window manager for OpenBSD is fvwm
http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is
very usefull for initial using of OpenBSD.
But Does OpenBSD have any WEB browser(Text or vs Image) by default?
If have not, What is the best and lightest browser that usefull with fvwm?
Thanks.



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Yass Amed

QUOTE:


I can pretty much confirm this on an X220i, I have sort of come to terms
with it, but it is definitely noticeable (in chromium and firefox).


X220 here.


This problem is NOT specific to this model or any other machine (as far as I 
experienced).
This issue was present on a few towers and still is on an Intel/Asus{1} based 
machine.
You can try debugging FireFox or Chromium with gdb(1).

{1} No dmesg, not on this machine at the moment.



Re: Collect logs with syslog +hostname

2015-07-28 Thread Gregory Edigarov

On 07/28/2015 03:20 PM, Gregory Edigarov wrote:

On 07/28/2015 02:41 PM, Atanas Vladimirov wrote:

Hi,
I tried the new feature of syslogd to collect log messages from other 
syslog capable devices (in this case an OpenWRT router).

I red syslog.conf many times, but I can't figure it why it doesn't work.

[ns]~$ cat /etc/syslog.conf
#   $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $
#

+wdr4900.bsdbg.net
*.* /var/log/w4900

move the above 2 lines to the end of your file.
remove next line:

+*


next,  add

192.168.1.18 wdr4900
to /etc/hosts


also, change the syslog rule as:
+ wdr4900
*.* /var/log/w4900


and things will work




Collect logs with syslog +hostname

2015-07-28 Thread Atanas Vladimirov

Hi,
I tried the new feature of syslogd to collect log messages from other 
syslog capable devices (in this case an OpenWRT router).

I red syslog.conf many times, but I can't figure it why it doesn't work.

[ns]~$ cat /etc/syslog.conf
#   $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $
#

+wdr4900.bsdbg.net
*.* /var/log/w4900
+*

!!spamd
daemon.err;daemon.warn;daemon.info  /var/log/spamd
!*

!!ppp
daemon.err;daemon.warn;daemon.info  /var/log/ppp.log
!*

!!pptp
daemon.err;daemon.warn;daemon.info  /var/log/ppp.log
!*

*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none 
/var/log/messages
kern.debug;syslog,user.info 
/var/log/messages

auth.info   /var/log/authlog
authpriv.debug  /var/log/secure
cron.info   /var/cron/log
daemon.info /var/log/daemon
ftp.info/var/log/xferlog
lpr.debug   
/var/log/lpd-errs

mail.info   /var/log/maillog
#uucp.info  /var/log/uucp

[ns]~$ ping wdr4900.bsdbg.net
PING wdr4900.bsdbg.net (192.168.1.18): 56 data bytes
64 bytes from 192.168.1.18: icmp_seq=0 ttl=64 time=0.267 ms
64 bytes from 192.168.1.18: icmp_seq=1 ttl=64 time=0.220 ms
64 bytes from 192.168.1.18: icmp_seq=2 ttl=64 time=0.228 ms
--- wdr4900.bsdbg.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.220/0.238/0.267/0.024 ms


OpenBSD 5.8-beta (GENERIC.MP) #1152: Tue Jul 14 12:08:52 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4008378368 (3822MB)
avail mem = 3883024384 (3703MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root




Re: Collect logs with syslog +hostname

2015-07-28 Thread Gregory Edigarov

On 07/28/2015 02:41 PM, Atanas Vladimirov wrote:

Hi,
I tried the new feature of syslogd to collect log messages from other 
syslog capable devices (in this case an OpenWRT router).

I red syslog.conf many times, but I can't figure it why it doesn't work.

[ns]~$ cat /etc/syslog.conf
#   $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $
#

+wdr4900.bsdbg.net
*.* /var/log/w4900

move the above 2 lines to the end of your file.
remove next line:

+*


next,  add

192.168.1.18 wdr4900
to /etc/hosts

and things will work



Re: Loading (libdlrpc.so) by SPIKE fuzzer?!

2015-07-28 Thread Philip Guenther
On Tue, Jul 28, 2015 at 12:45 AM, Mohammad BadieZadegan
mbzade...@gmail.com wrote:
 I compile spike fuzzer https://www.immunitysec.com/downloads/SPIKE2.9.tgz
 file but when I execute that, it warning me to load libdlrpc.so firstly.
 I copy this library from its src folder to /usr/lib but now I get these
 error messages when running spike!

 # ./generic_send_tcp
 ./generic_send_tcp:/usr/lib/libdlrpc.so: undefined symbol '__guard_local'

This message means the shared object was linked incorrectly.  Shared
object like libdlrpc.so should be linked by invoking the compiler with
the -shared option; that lets the compiler include the necessary
additional objects in the link command to handle compiler, library,
and ABI requirements like __guard_local, atfork, and constructor
invocation, respectively.


Philip Guenther



Re: Default OpenBSD browser

2015-07-28 Thread Brendan Desmond

On 2015-07-29, Scarlett wrote:
(My last few mails to this list have been caught by the spam daemon, 
so I'm replying directly and hoping this makes its way through).


I've wrestled with w3m's code plenty. What I found did not make me 
happy, as bcallah@ can attest (they also pointed me to this message).


Numerous Linux distributions have fixes for fairly serious bugs in w3m 
sitting in their patches directories that have not been fixed 
upstream.


Fuzzing it did not have positive results.

Memory management practices are terrible. I suspect that replacing the 
GC layer with regular malloc() and adding free() in the correct places 
would be a major effort. A rewrite would possibly be preferable.


I've merged a lot of fixes from various Linux distributions, and some 
of my own (C-standard-libraryification, overflow checks, NULL pointer 
deref bugs). I've also made some non-trivial simplifications to the 
code, removed a lot of cruft, and made it use libtls.


You can check out my repository here, if you're interested: 
https://bitbucket.org/Scarletts/w3m/src


I'd be really happy if other people took an interest and sent in some 
patches, or just tested it.


w3m is fairly terrifying code. I would recommend using a modern 
intensively audited browser and disabling features like JavaScript 
over using w3m if security is a major concern.


On the bells and whistles end of the spectrum, I'm rather partial to 
Iridium at the moment. Video performance on YouTube is much nicer than 
Firefox, and the process-per-tab feature adds some much needed 
stability.


I am not a programmer at all, so I avoided stating that my gut tells me that
w3m is likely in dire need of major fixes and optimizations. My dream project,
if I ever learn C, would be to fork w3m or to write a brand new browser in the
spirit of w3m. I'll check out your repo and mess around with it, for sure :)
Thanks for the reply.

-BSD



Re: aucat problems

2015-07-28 Thread Stefan Berger
On Tue, Jul 28, 2015 at 10:53:26AM +0200, Alexandre Ratchov wrote:
 If it doesn't work, try to use the other mic:
 
 mixerctl record.adc-0:1_source=sel
 mixerctl record.adc-2:3_source=sel
 mixerctl record.adc-4:5_source=sel

Setting mixerctl to sel2 worked: 

mixerctl record.adc-0:1_source=sel2
mixerctl record.adc-2:3_source=sel2
mixerctl record.adc-4:5_source=sel2


Thank you for helping. 



Re: Default OpenBSD browser

2015-07-28 Thread BingoBoingo
On Tue, 28 Jul 2015 23:58:14 -0400
Brendan Desmond bren...@imap.cc wrote:

 On 2015-07-29, Scarlett wrote:
 (My last few mails to this list have been caught by the spam daemon, 
 so I'm replying directly and hoping this makes its way through).
 
 I've wrestled with w3m's code plenty. What I found did not make me 
 happy, as bcallah@ can attest (they also pointed me to this message).
 
 Numerous Linux distributions have fixes for fairly serious bugs in
 w3m sitting in their patches directories that have not been fixed 
 upstream.
 
 Fuzzing it did not have positive results.
 
 Memory management practices are terrible. I suspect that replacing
 the GC layer with regular malloc() and adding free() in the correct
 places would be a major effort. A rewrite would possibly be
 preferable.
 
 I've merged a lot of fixes from various Linux distributions, and
 some of my own (C-standard-libraryification, overflow checks, NULL
 pointer deref bugs). I've also made some non-trivial simplifications
 to the code, removed a lot of cruft, and made it use libtls.
 
 You can check out my repository here, if you're interested: 
 https://bitbucket.org/Scarletts/w3m/src
 
 I'd be really happy if other people took an interest and sent in
 some patches, or just tested it.
 
 w3m is fairly terrifying code. I would recommend using a modern 
 intensively audited browser and disabling features like JavaScript 
 over using w3m if security is a major concern.
 
 On the bells and whistles end of the spectrum, I'm rather partial to 
 Iridium at the moment. Video performance on YouTube is much nicer
 than Firefox, and the process-per-tab feature adds some much needed 
 stability.
 
 I am not a programmer at all, so I avoided stating that my gut tells
 me that w3m is likely in dire need of major fixes and optimizations.
 My dream project, if I ever learn C, would be to fork w3m or to write
 a brand new browser in the spirit of w3m. I'll check out your repo
 and mess around with it, for sure :) Thanks for the reply.
 
 -BSD
 

For plaintext browsing lynx has a lot of nice defaults that w3m lacks
out of the box (meaningful page caching being the kicker).

I like the promise of Dillo too with its graphical www minus all of the
cancerous scripting.

It is just not likely that there can ever again be a web browser worthy
of getting the default designation in any serious OS.



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Nathan Van Ymeren
Well, video playback aside (least of my problems on this machine
tbqf)...

OpenBSD doesn't have multithreading in the kernel and is tuned for
correctness rather than performance.

I take from that I should not expect to see any movement on this
front...

Should I give up and go back to Linux then? Web usage is like a
solid 50-60% of my daily use on this machine; I can't handle how bad
scrolling and opening+closing tabs are if it's going to be my daily
driver OS.



Re: OpenBSD machine was hacked

2015-07-28 Thread Peter N. M. Hansteen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/28/15 11:17, Wong Peter wrote:

 Recently, I'm realized that my openbsd firewall router was not
 usable anymore due to pf rules had changed by using carp and pfsync
 mechanism.

It would be a lot easier to offer assistance if you offer some facts
(including config files and the output of various commands you should
find obvious, and data from relevant log files would be nice), along
with the reasoning behind that conjecture.

I have several plausible scenarios in mind that be could good fits
your very vaguely described symptoms, but there's no way anybody can
help you without some actual information on the configuration and
problem at hand.
- -- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
iQIcBAEBAgAGBQJVt694AAoJELJiGF9h4DyesVEP/iIAWIpQSegLsVKTvP04Cdu1
t6Km8k9/DMZqIRLpIdRafCoMIbPX7732754yFxiUFwSswNg+utBVvrROajndgoPC
TQIUYEyZwJFUHWFxV83nNU3vwXrpgBHFvdXXRkb5Y+6rySnW8dCK5Gbdw4pu8X2u
ZtGSMESrVX0JQuhHLarf+Zg5qKa0IPyKB2+rk1U2mIwhoaDPysXgQ9s3yW982Nb3
Q9qBLPVmxseut3LIZ7Z3DLCzyXH/RhVhJgA1phjDVYTHYg38R8dVqAR2Y11eHEVu
Z5uNJ/59zzVcgMaysga/8kjH1vHwhLrya31euf5dMjD3fmCZwZ/bUYmwllmTwlBz
kP9gSGgUGqhmhF9MY95uxdmfNpdFNeqxsl5nJS8sWNhtPYVV9q5FqZI4XsRtoDOt
5HTxj+D4QrUph/lQg131+Xeq+u5spSR0i4OESk2Spilr81o2wbx1FjYxHttwF3gb
pv1mE8D2iiK3vt2eNExvmUkFFqBqzH/KJn+O8bKsTy6M6nXND6PZ2t9Gzpu0stma
1/i8QjSt+duCpXPdh9ft/Z9TOtff2m2GGXUct55s50ST8T2rt+eFGvUdSAv4FyS/
IL7wbhVG8/3AemZrqtMsUyPWdfZd4w7fUEf8HSOYumbxvfdiaAg5+ZA5bIodu7OW
JcDpBSaAoi+/bK9AbxPr
=lcQs
-END PGP SIGNATURE-



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Stefan Sperling
On Tue, Jul 28, 2015 at 04:17:16PM +0200, Benjamin Baier wrote:
 I might have gotten luky but this Thinkpad X220 plays 720p Youtube HTML5
 video in Chromium without glitches, even on fullscreen.
 As long as there is no other system load.

I've only tried firefox.

AFAIK chromium makes some use of OpenGL.
Perhaps that's why it works for you.



Re: Default OpenBSD browser

2015-07-28 Thread Craig Skinner
On 2015-07-28 Tue 15:30 PM |, Mohammad BadieZadegan wrote:
 What is the best and lightest browser that usefull with fvwm?

Dillo is generally good, with Firefox for heavy sites.

Depends on where _you_ surf.



Re: Default OpenBSD browser

2015-07-28 Thread Ax0n
lynx was in the base distribution for quite some time. I occasionally used
it to fetch http files (as opposed to getting wget from packages and using
that).

I've found that ftp(1) is quite sufficient for most of the things I need to
to as far as a CLI client for quickly grabbing files via ftp/http/https.

e.g.
$ ftp -o OpenBSD.html http://openbsd.org/
Trying 129.128.5.194...
Requesting http://openbsd.org/
Redirected to http://www.openbsd.org/
Trying 129.128.5.194...
Requesting http://www.openbsd.org/
100% |**|  4779   00:00

4779 bytes received in 0.00 seconds (5.25 MB/s)
$


On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan mbzade...@gmail.com
wrote:

 Hi,
 As we know the default X Window manager for OpenBSD is fvwm
 http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is
 very usefull for initial using of OpenBSD.
 But Does OpenBSD have any WEB browser(Text or vs Image) by default?
 If have not, What is the best and lightest browser that usefull with fvwm?
 Thanks.



Re: Default OpenBSD browser

2015-07-28 Thread lists
  What is the best and lightest browser...

 Dillo is generally good, with Firefox for heavy sites.

Seconded. The default browser concept is most probably not a good
idea (read a bad idea) for any OS.

There is no such thing as best, but for lightest:

Dillo is very fast lightweight and almost always renders correct the
proper sites, and has no JavaScript vulnerabilities (for now). Helps
read web pages daily.

The ftp(1) works great for command line client, used daily.

Any opinions on w3m as an alternative to the much debated lynx for
casual text mode browsing?



Re: Intel Atom?

2015-07-28 Thread Quartz

ECC RAM always helps in the long term,


It helps yes, but for a router I wonder if it makes a significant 
difference.




if the board is collocated


It's in-house.



but I'd not have IMPI  serial BIOS (out
of band) access.


Both of those aren't necessary for this project.



If you want to use X,



Always consider a
spare monitor  keyboard attached / around the system just in case.


We don't need X, but do need local console / KVM.



It will need a case fan (or two for redundancy) because the CPU is
fanless and produces enough heat (about 15-20 W TDP) and even without a
Radeon added (20 W more) inside, the system can not rely on free air
convection in a tower / desktop small form factor (mini-ITX) case.



Don't use external brick / micro / pico type PSU units, those are not
offering any benefit over stock SFX/ATX form factor and are less than
reliable to say the least not mention interchangeable. The PSU is one
of the least reliable system blocks.


The reason I'm asking about Atoms ITXs in the first place is that 
physical size is a major constraint for this project and a micro ATX 
case or larger is a non-starter. It's even proving hard to find an 
SFX/TFX case that's compact enough (and isn't shit). We're pretty much 
looking at some sort of open mesh compact case design with a compact 
PSU, like a pico+MiniBox M350, Antec ISK110, or Silverstone PT13B + a 
thin-ITX motherboard with bult-in dc power. In such a cramped situation 
the low heat output of an Atom seems a better choice than a full sized 
Core. (See my other thread on this list about using NICs with multiple 
jacks).


Also, you're the first person I've seen who's said that pico's aren't 
reliable. We have one that's several years old that's still going 
strong. I'm curious what your experiences have been?




but you'll miss the chance to learn and use the advanced
capabilities or more reliable components on board.


That's not really an issue, we have and use Supermicro stuff all the 
time. In fact there's a couple old P8SCT-based 1U severs I'm trying to 
sell off as we speak.




and don't
buy used


That's a given.



There is absolutely no point in considering SSD for this system.


Maybe. This system also needs to act as a PXE boot server for a variety 
of clients, so it needs several gigs of storage space for all the 
images, and that storage needs to be fast enough that the clients can 
boot in a sane time frame. I'm not sure if random 16gb thumb drives will 
really cut it.




Re: Sluggish/laggy browser behaviour

2015-07-28 Thread David Coppa
Il 28/lug/2015 19:06, Stefan Sperling s...@stsp.name ha scritto:

 On Tue, Jul 28, 2015 at 04:17:16PM +0200, Benjamin Baier wrote:
  I might have gotten luky but this Thinkpad X220 plays 720p Youtube HTML5
  video in Chromium without glitches, even on fullscreen.
  As long as there is no other system load.

 I've only tried firefox.

 AFAIK chromium makes some use of OpenGL.
 Perhaps that's why it works for you.

something is fscked up wrt gstreamer playback (Firefox uses gstreamer) .
Chromium and Iridium work fine for me on a T420.

Cheers,
David



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Matthew Martin
On 7/26/15, Henrik Friedrichsen hen...@diff.cc wrote:
 Hey

 On Sun, Jul 26, 2015 at 10:46:30PM +0100, Dimitris Papastamos wrote:
 Try viewtube[0] and gecko-mediaplayer instead.  No hangs on my system
 at all.

 Yeah, that is a workaround. Sometimes I use youtube_dl with mpv. That
 was just one example, though ;p



I've used essentially this[1] bound to a key in cwm ever since coming
across it to watch videos... I prefer browsers to just browse[2].

#!/bin/sh
# needs zenity, youtube-dl and vlc installed

URL=$(zenity --entry --text Enter Video URL:)
if [ $URL =  ]; then
echo You must enter a url.
exit
fi
TMPFILE=$(mktemp /tmp/youtube-vid.XX)
youtube-dl --no-part -f 18/0/h264-sd -o $TMPFILE $URL 
DL_PID=$!
sleep 5
cvlc -f $TMPFILE vlc://quit
kill $DL_PID
rm $TMPFILE

---

[1] 
http://daemonforums.org/showpost.php?s=985087eedf0b6bd2d04482749e5fd726p=50021postcount=29

[2] I say as typing this into gmail...



Re: Intel Atom?

2015-07-28 Thread Stuart Henderson
On 2015-07-28, li...@wrant.com li...@wrant.com wrote:
 The 2 LAN GigE ports are enough for a router, one is shared for IPMI.

Shared IPMI is *never* fine IMHO.



Re: Default OpenBSD browser

2015-07-28 Thread Kevin Chadwick
 Hi.
 
 OpenBSD don't include browser by default, but my recommendation is
 always Mozilla Firefox.
 
 Regards
 
 On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan
 mbzade...@gmail.com wrote:
  Hi,
  As we know the default X Window manager for OpenBSD is fvwm
  http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and that is
  very usefull for initial using of OpenBSD.
  But Does OpenBSD have any WEB browser(Text or vs Image) by default?
  If have not, What is the best and lightest browser that usefull with fvwm?
  Thanks.

I used to do some price changes on a wordpress site for a friend and it
would take just under 10 mins on firefox/chromium and around 5 with
xombrero ;-) due to much faster page loading and it is a fully
graphical browser.

I still keep firefox around, partly because javascript on some sites
causes core dumps in webkit-gtk (less so these days) but also because
it's easier than turning whitelist mode off to see if the issue is
simply another dumb site that *relies* on third party javascript.

If you don't mind learning a tiled window manager then spectrwm is
written by some of the devs.

-- 

KISSIS - Keep It Simple So It's Securable



Re: Default OpenBSD browser

2015-07-28 Thread Andrew
On 7/28/15, Craig Skinner skin...@britvault.co.uk wrote:
 On 2015-07-28 Tue 15:30 PM |, Mohammad BadieZadegan wrote:
 What is the best and lightest browser that usefull with fvwm?

 Dillo is generally good, with Firefox for heavy sites.

 Depends on where _you_ surf.


I'm just an obsd end-user, but it would be wrong for me to not say
something nice to/ or about the devs behind the xombrero browser. I
think xombrero is a diamond in the rough and I hope they keep
polishing it until it becomes a common recommendation on this list.
The authors are listed at the bottom of man xombrero



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Stuart Henderson
On 2015-07-28, Stefan Sperling s...@stsp.name wrote:
 On Mon, Jul 27, 2015 at 08:58:54PM -0500, Yass Amed wrote:
 This problem is NOT specific to this model or any other machine (as far as I 
 experienced).
 This issue was present on a few towers and still is on an Intel/Asus{1} 
 based machine.
 You can try debugging FireFox or Chromium with gdb(1).
 
 {1} No dmesg, not on this machine at the moment.

 I have never seen fluent browser HTML5 video on any OpenBSD machine.
 Generally, videos at a fair resolution on OpenBSD played back without
 use of xvideo extensions or OpenGL are not watchable.

 My theory is that browsers rely on fast multi-core CPUs and multihreading in
 the kernel to show video smoothly. OpenBSD doesn't have multihreading in
 the kernel and is tuned for correctness rather than performance.

 Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single
 core machine running Linux? Would you expect that to work?



IIRC it works better on GENERIC rather than GENERIC.MP. I haven't tried in
a while though.



Re: Default OpenBSD browser

2015-07-28 Thread Alexander Hall
On July 29, 2015 12:23:34 AM GMT+02:00, Kevin Chadwick m8il1i...@gmail.com 
wrote:
 Hi.
 
 OpenBSD don't include browser by default, but my recommendation is
 always Mozilla Firefox.
 
 Regards
 
 On Tue, Jul 28, 2015 at 7:00 AM, Mohammad BadieZadegan
 mbzade...@gmail.com wrote:
  Hi,
  As we know the default X Window manager for OpenBSD is fvwm
  http://www.openbsd.org/cgi-bin/man.cgi?query=fvwmsektion=1 and
that is
  very usefull for initial using of OpenBSD.
  But Does OpenBSD have any WEB browser(Text or vs Image) by default?
  If have not, What is the best and lightest browser that usefull
with fvwm?
  Thanks.

I used to do some price changes on a wordpress site for a friend and it
would take just under 10 mins on firefox/chromium and around 5 with
xombrero ;-) due to much faster page loading and it is a fully
graphical browser.

I still keep firefox around, partly because javascript on some sites
causes core dumps in webkit-gtk (less so these days) but also because
it's easier than turning whitelist mode off to see if the issue is
simply another dumb site that *relies* on third party javascript.

If you don't mind learning a tiled window manager then spectrwm is
written by some of the devs.

Not intending to pick a fight with any of those devs putting their time and 
effort creating free software, but I moved away from spectrwm because it was a 
gem that never seemed to get that final touch. Whole admittedly a long time 
ago, that was the same reason I never really took up on xombrero, but maybe it 
got better.

For anyone interested in spectrwm, I suggest *also* looking at i3wm. Not saying 
is better for everyone, but I lack very few features from it.

/Alexander 



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Kevin Chadwick
 Did anyone try playing HTML5 video in a browser on a slow (= 1Ghz) single
 core machine running Linux? Would you expect that to work?

Can't be done, maybe with a new 1ghz with a newish intel gpu. It took me
a while with custom settings to get mythtv just to play DVB (480?) video
(mplayer worked) well on something like mythbuntu 7 or 9 and newer
versions of mythbuntu couldn't on the same hardware and settings.

I have a p4 3ghz with hd2400 pro that can play 1080p after some
twiddling in mythtv (vdpau which I thought was for nvidia) but low grade
iplayer HD (720P) is pushing it towards the limits on google chrome
and I have another mythtv intel gpu 64 bit dual core (newer than duo)
machine where chrome can play browser video but firefox really
struggles.

I'll love the day I can ditch those linux boxes with html5 being one
step but I'm not sure I'll hold my breath for dvb/dvbs card support
but maybe tv will all come through the internet via html5 in the
future anyway :-)

Things like sky go and many others only work with Windows and mobiles
currently though. Pirate sites work of course and often have more
conetent in one place as long as you can navigate the forests of
javascript that OpenBSD is better suited to ;-)

-- 

KISSIS - Keep It Simple So It's Securable



Re: Sluggish/laggy browser behaviour

2015-07-28 Thread Nils Reuße

On 07/28/2015 11:08 PM, Matthew Martin wrote:

On 7/26/15, Henrik Friedrichsen hen...@diff.cc wrote:

Hey

On Sun, Jul 26, 2015 at 10:46:30PM +0100, Dimitris Papastamos wrote:

Try viewtube[0] and gecko-mediaplayer instead.  No hangs on my system
at all.


Yeah, that is a workaround. Sometimes I use youtube_dl with mpv. That
was just one example, though ;p




I've used essentially this[1] bound to a key in cwm ever since coming
across it to watch videos... I prefer browsers to just browse[2].

#!/bin/sh
# needs zenity, youtube-dl and vlc installed

URL=$(zenity --entry --text Enter Video URL:)
if [ $URL =  ]; then
 echo You must enter a url.
 exit
fi
TMPFILE=$(mktemp /tmp/youtube-vid.XX)
youtube-dl --no-part -f 18/0/h264-sd -o $TMPFILE $URL 
DL_PID=$!
sleep 5
cvlc -f $TMPFILE vlc://quit
kill $DL_PID
rm $TMPFILE

---

[1] 
http://daemonforums.org/showpost.php?s=985087eedf0b6bd2d04482749e5fd726p=50021postcount=29

[2] I say as typing this into gmail...



Ha, someone's using my script on the internet ;) Nowadays mpv uses 
youtube-dl, so mpv url works with even less dependencies. Here's a 
newer version of my script:


#!/bin/sh

URL=$(xclip -o)
if [ $URL =  ]; then
echo You must select a url.
exit 1
fi
mpv -fs $URL



Re: Intel Atom?

2015-07-28 Thread lists
  The 2 LAN GigE ports are enough for a router, one is shared for IPMI.
 
 Shared IPMI is *never* fine IMHO.

The notion was that 2 ports are enough for a router, though I agree and
have the same sentiment on the shared IPMI port.

Supermicro did not put a standalone IPMI Ethernet port on the
X7SPA-HF / X7SPE-HF chipset ICH9 boards in 2011 when I needed this. For
personal use I can't justify an overpriced dual port PCI-e NIC and used
the slot for a video card.

As an alternative USB NICs exist, I have a couple of axe(4) off Ebay but
not used it in live traffic, so can't say anything about its merits.

That's one of the reasons (dedicated IPMI port) for recommending newer
Atom based Supermicro C2000 series boards, yet the original poster is
obviously looking for COTS consumer electronics general purpose
inexpensive mini-ITX mainboards for home router project.