Re: Multimedia FAQ
On Thu, May 07, 2020 at 06:12:21PM -0300, Oficial wrote: > Hi, > > The multimedia FAQ (https://www.openbsd.org/faq/faq13.html), list some > mixerctl outputs like: > > outputs.headphones=160,160 > outputs.headphones.mute=off > > In my system (current i386) there is no "outputs.headphones.mute" for > example, but there is a "outputs.hp_mute". Hi, Each sound-card model has its own specific set of controls, yours is different from the one of the example. > The documentation is outdated ? > The audio parts needs *many* updates after the recent audio changes, we're working on it.
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
On Fri, May 8, 2020 at 2:30 AM jeanfrancois wrote: > > As long as there's no material published it's worth just any other word. > To quote Douglas Adams on whether you can trust people on the internet, "of course not, it's just people talking". -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
Re: change default constraint server in ntpd.conf
Theo de Raadt wrote: > > > Stuart Henderson wrote: > > > On 2020-05-07, Marko Cupać wrote: > > > Hi, > > > > > > why not change default constraint server in ntpd.conf from current > > > https://google.com to something more neutral / reputable? > > > > > > If https://www.openbsd.org does not want to be involved, perhaps > > > https://www.ntp.org would be fine. > > > > Neither of those are good options. One or a few servers, IPv4 only, > > only in North America, not peered with many ISPs, compared to a > > large geolocated server front-end, v4+v6, within a few network > > hops of much of the world, with people paid to keep it working, > > and ISPs will quickly notice if their connectivity is down. > > > > The other default constraints server listed (quad9, hosted on > > the very widely peered pch.net) is good for that too. > > > > What ntpd needs for a "constraints" server is a site that > > will a) stay online as much as possible and b) is likely > > enough to hand out something approximating the correct time, > > that's all. > > > > I'm not a big fan of using google.com for this on my own systems so > > I often just don't use it, but I can't argue that it's a bad choice > > overall, and I don't have an idea for another site that is both > > equally good and "more neutral". > > What it needs is someone who cannot afford to ever publish a > certificate for HEAD which is untrue. > > Noone satisfies that condition as well as Google. I'd like to make a larger comment. We chose the constraint settings very carefully over years. The commit logs explain the justifications. Behind the scenes, we talked about it for hours. The recent addition of PCH servers for additional benefit in in pre-DNS (or even better pre-DNSSEC) conditions involved close to 100 emails, and that is is vaguely justified in the commit logs also. The default ntpd.conf is as functional and paranoid as we can make it. You've actually ignored the WORST part, which is access to pool.ntp.org -- there is less reason to trust that collection of people than the other TLS'd DNS service deliverers in the file! At best pool.ntp.org is secretively-selected un-authenticatable collectivism; they have even greater ability to filter truths and only deliver lies JUST TO YOU, compared to the https TLS constraints providers! Just about everything modern in our ntpd codebase and the ntpd.conf file ameliorates old-school NTP protocol weaknesses and the associated common delivery services. You distrust the google line, but google's tremendous difficulty at lying to you here protects you against the EASE with which pool.ntp.org could lie to you. You have judged the situation precisely backwards. But rather than going to the source, and seeing if there was previous discussion, there's this email thread on misc, which is so rarely a point of truth on anything. Awesome... /sarc
Re: change default constraint server in ntpd.conf
Stuart Henderson wrote: > On 2020-05-07, Marko Cupać wrote: > > Hi, > > > > why not change default constraint server in ntpd.conf from current > > https://google.com to something more neutral / reputable? > > > > If https://www.openbsd.org does not want to be involved, perhaps > > https://www.ntp.org would be fine. > > Neither of those are good options. One or a few servers, IPv4 only, > only in North America, not peered with many ISPs, compared to a > large geolocated server front-end, v4+v6, within a few network > hops of much of the world, with people paid to keep it working, > and ISPs will quickly notice if their connectivity is down. > > The other default constraints server listed (quad9, hosted on > the very widely peered pch.net) is good for that too. > > What ntpd needs for a "constraints" server is a site that > will a) stay online as much as possible and b) is likely > enough to hand out something approximating the correct time, > that's all. > > I'm not a big fan of using google.com for this on my own systems so > I often just don't use it, but I can't argue that it's a bad choice > overall, and I don't have an idea for another site that is both > equally good and "more neutral". What it needs is someone who cannot afford to ever publish a certificate for HEAD which is untrue. Noone satisfies that condition as well as Google.
Re: change default constraint server in ntpd.conf
On 2020-05-07, Marko Cupać wrote: > Hi, > > why not change default constraint server in ntpd.conf from current > https://google.com to something more neutral / reputable? > > If https://www.openbsd.org does not want to be involved, perhaps > https://www.ntp.org would be fine. Neither of those are good options. One or a few servers, IPv4 only, only in North America, not peered with many ISPs, compared to a large geolocated server front-end, v4+v6, within a few network hops of much of the world, with people paid to keep it working, and ISPs will quickly notice if their connectivity is down. The other default constraints server listed (quad9, hosted on the very widely peered pch.net) is good for that too. What ntpd needs for a "constraints" server is a site that will a) stay online as much as possible and b) is likely enough to hand out something approximating the correct time, that's all. I'm not a big fan of using google.com for this on my own systems so I often just don't use it, but I can't argue that it's a bad choice overall, and I don't have an idea for another site that is both equally good and "more neutral".
Multimedia FAQ
Hi, The multimedia FAQ (https://www.openbsd.org/faq/faq13.html), list some mixerctl outputs like: outputs.headphones=160,160 outputs.headphones.mute=off In my system (current i386) there is no "outputs.headphones.mute" for example, but there is a "outputs.hp_mute". The documentation is outdated ? -- Ricardo
Re: LDPD includes non-default rdomain interfaces to address message type
Yeah I must be stupid Obviously. But if that's the case what are you? Sergey wrote: > ok youre stupid if you dont know that there is no need to show you rdomain > and ldp > confuguration to answer the question, because of these are very simple and > static > enough on openbsd. moreover ldp address message structure is nothing about the > configuration at all. > > чт, 7 мая 2020 г., 21:29 Theo de Raadt : > > Sergey wrote: > > > ok theo, you are very user friendly as always. > > you may be think that users should solve their issues themself and would > be nice > if > > they will post their effort here for you, very fair. > > You want the people on misc@ to decide for you if code from 2018 might > work better than code from 2014 > > With a complicated configuration which you are not showing > > You are not a user, who I need to be friendly with. > > You are an idiot. What you are requesting is not a software usage question, > it is simply a ridiculous useless email with no context and no value except > YOU TO, and expecting everyone to lift their fingers for you. > > > i did about ten posts here for the 15 years, and got only two pleased > answer by > > claudio. > > how you think, will i post something here again? > > I'm certain I'm not alone when I say: I hope not. >
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
On 5/7/20 11:11 AM, Kevin Chadwick wrote: > On 2020-05-07 14:10, Consus wrote: >> On Thu, May 07, 2020 at 04:00:15PM +0200, i...@aulix.com wrote: >>> Dear OpenBSD fans, >>> >>> Can you please comment negative appraisal from the following website: >>> >>> https://isopenbsdsecu.re/quotes/ >>> >>> I did not want to hurt anyone, just looking for a secure OS and >>> OpenBSD looked very nice to me before I have found this website. >> > > Perhaps you could cite which part as the parts I read should seem without > merit > to anybody? > >> The fun thing to do: offer $50k rewards for code execution >> vulnerabilities and wait for results. >> > > "Apple has lately been slapping proprietary mitigations around like there’s no > tomorrow. But thing is, mitigations are often delicate creatures, with rather > fragile assumptions. Having too many of them in one place can easily make them > break one another, as happened here with execute-only memory vs PAN." > > I am sure that examples of mitigations leveraging and protecting each other, > or > an exploit failing because of multiple mitigations is far more common than > them > hurting each other. > > "I put a lot more faith in privilege separation and reduction than in all the > mitigations. I’d be really impressed by a move to a safe language… most > everyone > is late to that party, so it’s a chance for someone to pull ahead if they > wanted > bragging rights" > > I wouldn't want to read an OS written in Rust and I would love to see secure > developments in C even if it hampers potential performance. Things like Go are > not suitable for an OS with many small programs. > Curious about why... though admittedly I have never written or read rust in great detail. Genuinely curious why, I thought it was supposed to be pretty nice with thread safety and all that jazz. > Also, OpenBSD is one of the pioneers of privilege separation and most Go > programs are not privilege separated at all. > > I quickly lost interest, sorry. IMO, the main thing that causes exploitations > is > carelessness. OpenBSD cares and is careful! > Aisha
Re: LDPD includes non-default rdomain interfaces to address message type
Sergey wrote: > ok theo, you are very user friendly as always. > you may be think that users should solve their issues themself and would be > nice if > they will post their effort here for you, very fair. You want the people on misc@ to decide for you if code from 2018 might work better than code from 2014 With a complicated configuration which you are not showing You are not a user, who I need to be friendly with. You are an idiot. What you are requesting is not a software usage question, it is simply a ridiculous useless email with no context and no value except YOU TO, and expecting everyone to lift their fingers for you. > i did about ten posts here for the 15 years, and got only two pleased answer > by > claudio. > how you think, will i post something here again? I'm certain I'm not alone when I say: I hope not.
change default constraint server in ntpd.conf
Hi, why not change default constraint server in ntpd.conf from current https://google.com to something more neutral / reputable? If https://www.openbsd.org does not want to be involved, perhaps https://www.ntp.org would be fine. Regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: LDPD includes non-default rdomain interfaces to address message type
I think you using the phrase "my effort" incorrectly. Your only effort has been mail misc@openbsd.org with a request that other people do all the effort for you. Good luck. > im not able to just jump to the current on production remote box just for the > testing > purpose. And i asked if it expected behavior or not? > it was my effort to analyze the issue on my setup. > > чт, 7 мая 2020 г., 18:12 Theo de Raadt : > > Sergey wrote: > > > Hi. > > > > Im using the pretty old release 5.5 on openbsd box acting > > as MPLS PE router with many domains, and i noticed that > > ldpd sends huge ldp address message including all interfaces > > in every rdomains. > > Looking at the -current sources it seems there is the same behavior, > > but may be im wrong. > > Can someone confirm the issue on the -current? > > And why there interfaces are pushed to address list at all, > > it seems useless. > > You can confirm by testing on current. Your setup, your configuration > choices, your desire for it to work, your ability to confirm if it works > or not, and thus, it should be your effort. Very fair. >
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
On 2020-05-07 10:00, i...@aulix.com wrote: > Dear OpenBSD fans, > > Can you please comment negative appraisal from the following > website: > > https://isopenbsdsecu.re/quotes/ > > I did not want to hurt anyone, just looking for a secure OS and > OpenBSD looked very nice to me before I have found this website. Rule of life #1: when lots of people hate you, you are either doing something very wrong...or very right. People don't waste their time on people who are average-ish. That's actually how I found OpenBSD -- reading through a once popular chat website, saw people spending a lot of time throwing a lot of hate and personal attacks at Theo and his team. Well, by my figuring, anyone who gets that much venom tossed at them needs a looking at! That was 22+ years ago. No regrets. You have to decide for yourself if OpenBSD is very right or very wrong for you (not a lot of people in the middle, and that's fine.) Looking at the quotes, I see... * Jealousy * competitors * broad, general statements * Blablabla * People with a self contradictory titles. * people hiding behind pseudonyms * People that have All The Answers, just waiting for someone to do what they say. * Name callers * "No shit Sherlock"ers * "OpenBSD sucks, I like your website!" * "OpenBSD does what it set out to do, I like your website" * People "removing all doubt" (as in, "Better to be thought a fool than to open your mouth and remove all doubt") * "if it isn't popular, it's not good"er * unbacked claims. * another, this one thinks only about fighting the past wars. * more unbacked claims, this one, totally anonymous. * A person wanting YOU to find exploits in OSs. Guess they are all pretty secure if they aren't finding them themselves. Seriously, if you understand OpenBSD's work, you would take many of those quotes as complements. OpenBSD's security mitigations broke a "secure" language? Maybe you should check your assumptions. Elsewhere on that website, he mocks OpenBSD for calling someone "inaccurate jerks" -- I happened to click on that, since it didn't exactly roll off the tongue, and what is the actual context? Theo saying, "No, that's not a hardware problem, that's an OpenBSD problem and it should be fixed". You were not supposed to look at the context, I guess. The line about "Insults" is actually someone mock- complaining about doas not insulting users like sudo does.The more stuff I click on, the more I start to think, this is an irony site! This guy LOVES OpenBSD! Well, fudge. I just wasted a lot of time writing this!) Nick.
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
Good evening, As long as there's no material published it's worth just any other word. You can state anything you like granted this collection has value, so no there are no clear points, nothing really worthwhile can emerge. When I feel lost in any Unix system calls I just open an OpenBSD's man page and there you go, things are clear, well explained, and make sense. This above response just any other words too, but actually that's why we like it, this OS and environment just makes sense. Regards J.F. Le 07/05/2020 à 16:00, i...@aulix.com a écrit : Dear OpenBSD fans, Can you please comment negative appraisal from the following website: https://isopenbsdsecu.re/quotes/ I did not want to hurt anyone, just looking for a secure OS and OpenBSD looked very nice to me before I have found this website. Kind Regards
Re: one-character expansion in shell
Hi Philipp, Philipp Buehler wrote on Wed, May 06, 2020 at 04:03:41PM +0200: > Am 06.05.2020 15:54 schrieb Ingo Schwarze: >> Your misunderstandiing is that file names consist of characters. >> They do not. They consist of bytes, and to match two bytes, >> you need two question marks. > One can hold for the OP; the ksh(1) manpage talks about > "characters" in 'File name patterns' throughout. > > Just two bytes ;-) I guess that is because ksh(1) - both the program and the manual page - predate the idea of multi-byte characters. The ksh(1) manual page uses the term "character" troughout when talking about bytes, not just when talking about globbing. That becomes clear at various places, for example: [words] which are sequences of characters, are delimited by unquoted whitespace characters (space, tab, and newline) or ... --> obviously, non-ASCII whitespace is not considered here A parameter name is either one of the special single punctuation or digit character parameters described below ... --> obviously, non-ASCII digits are not considered here PS1 [...] \nnn The octal character nnn. --> obviously, the shell assumes there are at most 512 characters Even more clearly, the subsection "File name patterns" says: alnum cntrl lower space [..] These match characters using the macros specified in isalnum(3), isalpha(3), and so on. --> which explicitly says that "character" refers to single-byte characters This is also fairly explicit: vi-show8 Prefix characters with the eighth bit set with "M-". If this option is not set, characters in the range 128-160 are printed as is, which may cause problems. string > string Strings compare greater than based on the ASCII value of their characters. Admittedly, there is a very small number of cases where our ksh(1) actually does handle UTF-8 multi-byte characters: backward-char: [n] ^B, ^X^D Moves the cursor backward n characters. delete-char-backward: [n] ERASE, ^?, ^H Deletes n characters before the cursor. delete-char-forward: [n] Delete Deletes n characters after the cursor. forward-char: [n] ^F, ^XC Moves the cursor forward n characters. There are also cases where it might make sense to handle UTF-8, but currently characters are just bytes, for example: transpose-chars: ^T If at the end of line, or if the gmacs option is set, this exchanges the two previous characters; otherwise, it exchanges the previous and current characters and moves the cursor one character to the right. I admit those few cases where UTF-8 is handled in a best-effort manner aren't explained in the manual. They only affect command line use, not the shell programming language. Also, the ksh(1) manual is far from alone in tacitly assuming that characters are single-byte characters. Consider manual pages like cat(1), col(1), dd(1), diff(1), dig(1), expr(1), hexdump(1), join(1), jot(1), patch(1), chdir(2), printf(3), strchr(3), strlcpy(3), etc. When utilities specifically support multibyte characters, the respective manual pages usually say so; consider colrm(1), column(1), cut(1), fmt(1), fold(1), ls(1), mandoc(1), mbtowc(3), wcslen(3), wprintf(3), etc. It is unfortunate that the term "character" was first defined as "char", large bodies of documentation were written, and then it was later redefined to sometimes mean "wide character" and sometimes "multibyte character" (which are to different concepts). I don't have a good solution. Sometimes, it is possible to explicitly use the terms "single-byte character", "wide character", and "multi-byte character", but i'm not convinced it would be a good idea to dig through all out manual pages and consistently use these three terms everywhere. In might not become too much of a digression in a very simple page like strlen(3), but i'm not so sure about a page that is already long and complicated, like ksh(1). Yours, Ingo
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
On 2020-05-07 14:48, Aisha Tammy wrote: >> I wouldn't want to read an OS written in Rust and I would love to see secure >> developments in C even if it hampers potential performance. Things like Go >> are >> not suitable for an OS with many small programs. >> > Curious about why... though admittedly I have never written or read rust in > great detail. > Genuinely curious why, I thought it was supposed to be pretty nice with > thread safety and > all that jazz. > It was more the privilege separation part that I found made the comment show a lack of understanding. Privsep really has more to do with design than a language. Aside from the Go/Linux Kernel seteuid bug. https://github.com/golang/go/issues/1435 There have been many proposals for many years to reduce the care needed to write good C and performance or feature support like breaking some pointer use cases, always seems to win the argument upstream. A paper/plugin/extension is written and rarely makes the mainstream compilers, even as a flag. Admittedly, I don't have much Rust experience, either. Ada seems more applicable to avoiding dynamic memory on micro processors and I don't have the time to sacrifice, even on ADA with GCC support or on maintaining tooling and porting code bases. To me, Rust reads like C++ on steroids and I never liked C++ and so I lost all interest very quickly. I just have too many questions when reading it. I rarely like abstraction. Ada looks nicer to read to me but perhaps it wouldn't have that thread safety that you mention or the momentum Rust seems to have gained? Didn't Linus push back against C++ too? I guess I like Go and Ada because they are more similar to C and fairly simple in their core. I think Reyk tweeted about not liking Rust or it being a real pain and now seems to have tweeted about quite liking it. I am not closed minded but more skeptical of ever taking to it.
Re: LDPD includes non-default rdomain interfaces to address message type
Sergey wrote: > Hi. > > Im using the pretty old release 5.5 on openbsd box acting > as MPLS PE router with many domains, and i noticed that > ldpd sends huge ldp address message including all interfaces > in every rdomains. > Looking at the -current sources it seems there is the same behavior, > but may be im wrong. > Can someone confirm the issue on the -current? > And why there interfaces are pushed to address list at all, > it seems useless. You can confirm by testing on current. Your setup, your configuration choices, your desire for it to work, your ability to confirm if it works or not, and thus, it should be your effort. Very fair.
Re: List a package's dependencies
On 2020-04-21 17:54, Kevin Chadwick wrote: >> Nope, it's definitely the wrong place to fix things. >> >> You should fix your pipes (change the timeouts or whatever). >> >> If worse comes to worst, pkg_add could *possibly* retry running ftp(1), >> but that makes little sense. > I agree ftp/tcp should be re-trying anyway. However I believe a re-run of ftp > might work around it. It hangs for a long time and ctrl->C followed by pkg_add > -u seems to work second time around (faster than waiting for the timeout). > > It only happens on one or two pkgs occasionally. I believe it has happened via > wired(landline) and wireless(4G) internet access but can't be 100% sure. I > shall > keep an eye on it and see if it has any patterns like CDN or particular > networks. I may have found the broken pipe. It happened again and switching my phone to 3G, rather than 4G seemed to fix the issue completely. Sometimes 4G degrades badly enough for a few hours here to stop Netflix working, but rarely. I am still left wondering if package installation, should/could be slightly more robust to broken networks though, considering a browser may fail to upgrade and may not always get noticed that quickly?
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
On 2020-05-07 14:10, Consus wrote: > On Thu, May 07, 2020 at 04:00:15PM +0200, i...@aulix.com wrote: >> Dear OpenBSD fans, >> >> Can you please comment negative appraisal from the following website: >> >> https://isopenbsdsecu.re/quotes/ >> >> I did not want to hurt anyone, just looking for a secure OS and >> OpenBSD looked very nice to me before I have found this website. > Perhaps you could cite which part as the parts I read should seem without merit to anybody? > The fun thing to do: offer $50k rewards for code execution > vulnerabilities and wait for results. > "Apple has lately been slapping proprietary mitigations around like there’s no tomorrow. But thing is, mitigations are often delicate creatures, with rather fragile assumptions. Having too many of them in one place can easily make them break one another, as happened here with execute-only memory vs PAN." I am sure that examples of mitigations leveraging and protecting each other, or an exploit failing because of multiple mitigations is far more common than them hurting each other. "I put a lot more faith in privilege separation and reduction than in all the mitigations. I’d be really impressed by a move to a safe language… most everyone is late to that party, so it’s a chance for someone to pull ahead if they wanted bragging rights" I wouldn't want to read an OS written in Rust and I would love to see secure developments in C even if it hampers potential performance. Things like Go are not suitable for an OS with many small programs. Also, OpenBSD is one of the pioneers of privilege separation and most Go programs are not privilege separated at all. I quickly lost interest, sorry. IMO, the main thing that causes exploitations is carelessness. OpenBSD cares and is careful!
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
I don't claim to be an fan of OpenBSD security myself, but as long ås somebody än effort to collevt quotes aboit it's insrcurity I guess it provides decent security to the average pimp on the block. On 7 May 2020 16:00:15 CEST, i...@aulix.com wrote: >Dear OpenBSD fans, > >Can you please comment negative appraisal from the following website: > >https://isopenbsdsecu.re/quotes/ > >I did not want to hurt anyone, just looking for a secure OS and OpenBSD >looked very nice to me before I have found this website. > >Kind Regards -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
On Thu, May 07, 2020 at 04:00:15PM +0200, i...@aulix.com wrote: > Dear OpenBSD fans, > > Can you please comment negative appraisal from the following website: > > https://isopenbsdsecu.re/quotes/ > > I did not want to hurt anyone, just looking for a secure OS and OpenBSD > looked very nice to me before I have found this website. > > Kind Regards 16 people there. I only heard of two (Linus Torvalds, Ilja van Sprundel). Who cares? -peter
Re: OpenBSD insecurity rumors from isopenbsdsecu.re
On Thu, May 07, 2020 at 04:00:15PM +0200, i...@aulix.com wrote: > Dear OpenBSD fans, > > Can you please comment negative appraisal from the following website: > > https://isopenbsdsecu.re/quotes/ > > I did not want to hurt anyone, just looking for a secure OS and > OpenBSD looked very nice to me before I have found this website. The fun thing to do: offer $50k rewards for code execution vulnerabilities and wait for results.
OpenBSD insecurity rumors from isopenbsdsecu.re
Dear OpenBSD fans, Can you please comment negative appraisal from the following website: https://isopenbsdsecu.re/quotes/ I did not want to hurt anyone, just looking for a secure OS and OpenBSD looked very nice to me before I have found this website. Kind Regards
LDPD includes non-default rdomain interfaces to address message type
Hi. Im using the pretty old release 5.5 on openbsd box acting as MPLS PE router with many domains, and i noticed that ldpd sends huge ldp address message including all interfaces in every rdomains. Looking at the -current sources it seems there is the same behavior, but may be im wrong. Can someone confirm the issue on the -current? And why there interfaces are pushed to address list at all, it seems useless.
Re: support
Hi, Chris Petrik wrote on Wed, May 06, 2020 at 11:57:30AM -0500: > 0 > C USA > P Mississippi > T Gulfport > Z 39501 > O Petrik Consulting > I Chris Petrik > A 1610 Thornton, Ave > M ch...@cpettington.com > U http://www.cpettington.com/ > B 2282650091 > X > N BSD based consulting in the Mississippi area. We specialize in using > OpenBSD as our base go-to Operating System for all services requested. I see weak indications - though admittedly not clear proof - that this description may not be completely accurate and honest. The URI you provide does not mention OpenBSD at all as far as i can see and contains almost no content whatsoever. Searching your sites with web search engines, this is the only mention of OpenBSD i managed to find: https://blog.cpettington.com/blog/setups "I have done some changes to my services. Main server still runs Debian but it was updated to 10 with DirectAdmin (Too lazy to do all the things by hand) My second VPS from Transip was canceled and 2 VPS's were purchased. damon. - OpenBSD 6.6-Stable bsddev. - FreeBSD Current or version 13 This will prevent any issues as I like to change things around a lot." So, before May 2, 2020, you had two machines, both virtual, and then you got your (first?) OpenBSD machine (and only -stable)? And now you say "We specialize in using OpenBSD"? I suggest you resubmit your entry at some point in the future when it has become clearer that you actually do have experience providing OpenBSD-based services. Yours, Ingo