Re: 6.9 and (EFI/blackscreen) and UKC

[Sven F.]

On Thu, Feb 11, 2021 at 5:12 PM  wrote:
>
> Having the same issue, since about a year ago
> https://marc.info/?l=openbsd-bugs&m=160575016004118&w=2
>


I do not see the model of the graphic card in your dmesg ?
mine is HD 5500
I know HD630 is working way better,

i tried to look at patches around inteldrm in freebsd ,
no luck

X does not crash here , it cannot use screen 0 / lvds .
It s quite difficult to debug

This mail is more about UKC prompt behing unavailable
I add to config the kernel with ssh

With inteldrm disable I can start the X server, but it cant display a tube
video for more than a minute

I have little experience with graphic stuff, intel upgrade the HD graphics
driver very very often on windows

Have you tried 6.9-current ?

-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: home printer

[Greg Thomas]

On Thu, Feb 11, 2021 at 4:15 AM Stuart Longland 
wrote:

>
> Maybe the imaging drum on your laser has an imperfection that means it
> attracts proportionately more or less toner at a certain spot than other
> areas of the drum.
>
>
Hah, yeah, my old Brother 5250 lays down 3 blobs on every 8 1/2 x 11 sheet
of paper.

Re: 6.9 and (EFI/blackscreen) and UKC

[jpegbild]

Having the same issue, since about a year ago
https://marc.info/?l=openbsd-bugs&m=160575016004118&w=2

February 11, 2021 6:39 PM, "Sven F."  wrote:

> Dear readers,
> 
> Following some advice,
> i am trying to
> 
> boot> boot -c
> UKC> disable inteldrm
> UKC> quit
> 
> on 6.9 - beta that was advertised for testing.
> 
> I have an error : `kbc: cmd word write error`
> and I cannot enter anything in UKC prompt
> 
> It s quite problematic and overall disabling driver
> is usually not a good idea anyway ( referring to all the disable acpi
> to make it work )
> 
> ver num, turn on and off the led, ctrl+alt+suppr resets the device,
> I tried another keyboard to
> Pressing the key change the blinking rate of the UKC cursor.
> 'ghost' input (typing quit , enter ) does not work.
> 
> I will reload today snaps and install .
> 
> Please advice to get more info for debugging/troubleshooting,
> 
> Thank you for reading.
> 
> OpenBSD 6.9-beta (GENERIC.MP) #323: Tue Feb 9 10:19:03 MST 2021
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8485195776 (8092MB)
> avail mem = 8212697088 (7832MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xa4eef000 (81 entries)
> bios0: vendor American Megatrends Inc. version "5.011" date 06/19/2019
> bios0: Intel H81U
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S4 S5
> acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT
> ASF! SSDT SSDT SSDT DMAR
> acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4)
> PEGP(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
> RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2694.11 MHz, 06-3d-04
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,
> SE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCI
> ,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,A
> M,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,S
> BDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.79 MHz, 06-3d-04
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,
> SE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCI
> ,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,A
> M,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,S
> BDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 1 (application processor)
> cpu2: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,
> SE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCI
> ,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,A
> M,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,S
> BDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 1, core 0, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,
> SE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCI
> ,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,A
> M,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,S
> BDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xf800, bus 0-63
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG0)
> acpiprt2 at acpi0: bus -1 (PEG1)
>

Re: Bootloader on USB stick fails with "root device not found"

[tetrahedra]

On Sun, Jan 31, 2021 at 12:06:37PM +0100, Stefan Sperling wrote:

On Sun, Jan 31, 2021 at 11:47:04AM +0100, Stefan Sperling wrote:

In general, crypto softraid volumes don't auto-assemble.


I forgot that softraid volumes that use a key disk instead of a
passphrase will auto-assemble. Have you already tried that?
A disklabel slice on the USB key could act as a key disk for
the encrypted volume on the internal disk.


I am looking at the manpage for bioctl(8) and I don't see any provision 
for either changing the passphrase of an existing encrypted disk, or 
replacing the passphrase with a keydisk.


Is there any way to change my existing install over to using a keydisk, 
instead of a passphrase? Or do I need to wipe everything and re-install?

Re: Bootloader on USB stick fails with "root device not found"

[tetrahedra]

On Wed, Feb 10, 2021 at 03:59:12PM +0100, Stefan Sperling wrote:

On Wed, Feb 10, 2021 at 01:00:33PM +, Frank Beuth wrote:

On Tue, Feb 02, 2021 at 10:50:39PM +0100, Stefan Sperling wrote:
> The idea of protecting key disks with a passphrase (two-factor auth) has
> been raised before. It has not been implemented yet, simply because nobody
> has done the work. A search of the mailing list archives should yield
> some prior discussion.

How about backup keys, so I can have a backup passphrase stored somewhere
safely that works even if I lose my keydisk?


Well, even if two-factor auth were already available, if you lose
the key disk then you should also lose access to the encrypted data.
Otherwise it's not two-factor auth. A scheme where either a passphrase
or a key disk could be used to unlock the volume would be redundant and
even dangerously confusing for users who expect actual two-factor auth.


My original question was about letting the user define behaviour between 
multiple keys.


For example, having X number of key-slots representing 
passphrases/keyfiles/Yubikeys/etc, and the user can define whether they 
are AND (all needed to unlock) or OR (any one needed to unlock).


I suppose the theoretical ideal here would be a key-management 
programming language (a derivative of LISP?) to express the desired 
relationships ("unlock if ANY of these three keys, or ALL of these two, 
or two from the first group and one from the 2nd") but given the human 
inability to write bug-free code maybe that's a bad idea.

Re: pkg_add and an authenticating proxy

[Stuart Henderson]

On 2021-02-11, Stephan Mending  wrote:
> I'm a dork. I actually tried that but forgot to set "keepenv" in doas.conf. :|

This is fairly recent, jca fixed ftp to do http over an authenticated proxy 
last year

Re: OpenBSD and Shells.com

[Abel Abraham Camarillo Ojeda]

On Thu, Feb 11, 20210.00 at 4:00 PM Alex Lee  wrote:

> Just wanted to check in on this one and see if there was a chance to chat.
> Thanks!
>
> On Sun, Jan 24, 2021 at 3:07 PM Alex Lee  wrote:
>
> > Hi!  My name is Alex Lee, and I am hoping that we can partner with
> > OpenBSD.  We offer virtual cloud computers that can be accessed from any
> > web enabled device.  As we offer multiple OS options such as different
> > Linux distros and Windows, it gives the user the opportunity to use the
> OS
> > they want on the device they want (I use Ubuntu Desktop on an iPad
> Pro).  I
> > was hoping that we could chat about a potential collaboration as our
> > product can give folks an opportunity to test out OpenBSD without
> > installing it on their hardware.  I know there are a lot of folks who are
> > afraid to make the jump and this would be an easy way for them to get
> > involved with OpenBSD.  Let me know if we could chat more!   Thanks.
> >
> > alex
> >
>

As far as I know you don't need to ask permission to do that kind of
service,
or I don't understand what you're requesting

Re: OpenBSD and Shells.com

[Alex Lee]

Just wanted to check in on this one and see if there was a chance to chat.
Thanks!

On Sun, Jan 24, 2021 at 3:07 PM Alex Lee  wrote:

> Hi!  My name is Alex Lee, and I am hoping that we can partner with
> OpenBSD.  We offer virtual cloud computers that can be accessed from any
> web enabled device.  As we offer multiple OS options such as different
> Linux distros and Windows, it gives the user the opportunity to use the OS
> they want on the device they want (I use Ubuntu Desktop on an iPad Pro).  I
> was hoping that we could chat about a potential collaboration as our
> product can give folks an opportunity to test out OpenBSD without
> installing it on their hardware.  I know there are a lot of folks who are
> afraid to make the jump and this would be an easy way for them to get
> involved with OpenBSD.  Let me know if we could chat more!   Thanks.
>
> alex
>

Re: pkg_add and an authenticating proxy

[Stephan Mending]

I'm a dork. I actually tried that but forgot to set "keepenv" in doas.conf. :|

Thank you anyway for pointing me at it !

Best regards !

On Thu, Feb 11, 2021 at 05:03:59PM -0300, Fabio Martins wrote:
> 
> Works here for me:
> 
> export http_proxy="http://user:password@127.0.0.1:/"; && pkg_add -nu
> 
> > Hi,
> > I was wondering if there was any way on how to allow pkg_add to use an
> > authenticating http-proxy ? Unluckily I cannot
> > find any documentation on the matter.
> >
> > Thanks alot so far.
> >
> > Best regards,
> > Stephan
> >
> >
> 
> 
> -- 
> Fabio Martins
> PHOSPHORUS NETWORKS
> https://phosphorusnetworks.com/
> 

Re: pkg_add and an authenticating proxy

[Fabio Martins]

Works here for me:

export http_proxy="http://user:password@127.0.0.1:/"; && pkg_add -nu

> Hi,
> I was wondering if there was any way on how to allow pkg_add to use an
> authenticating http-proxy ? Unluckily I cannot
> find any documentation on the matter.
>
> Thanks alot so far.
>
> Best regards,
> Stephan
>
>


-- 
Fabio Martins
PHOSPHORUS NETWORKS
https://phosphorusnetworks.com/

Re: Bootloader on USB stick fails with "root device not found"

[Stefan Sperling]

On Thu, Feb 11, 2021 at 06:56:40PM +, tetrahe...@danwin1210.me wrote:
> On Sun, Jan 31, 2021 at 12:06:37PM +0100, Stefan Sperling wrote:
> > On Sun, Jan 31, 2021 at 11:47:04AM +0100, Stefan Sperling wrote:
> > > In general, crypto softraid volumes don't auto-assemble.
> > 
> > I forgot that softraid volumes that use a key disk instead of a
> > passphrase will auto-assemble. Have you already tried that?
> > A disklabel slice on the USB key could act as a key disk for
> > the encrypted volume on the internal disk.
> 
> I am looking at the manpage for bioctl(8) and I don't see any provision for
> either changing the passphrase of an existing encrypted disk,

Changing the passphrase can be done. From bioctl(8):

 -P  Change the passphrase on the selected crypto volume.

> or replacing the passphrase with a keydisk.

AFAIK that cannot be done. I agree it would be nice to have.

> Is there any way to change my existing install over to using a keydisk,
> instead of a passphrase? Or do I need to wipe everything and re-install?

Yes, wipe and reinstall is the way to go. This could be used as an
opportunity to go through the backup and restore steps required to
get the system working again after losing the key disk :)

To easily restore your installed packages after a re-install check
out the -z options of pkg_info and pkg_add. Combined with backups of
important files this makes the process not too painful.

6.9 and (EFI/blackscreen) and UKC

[Sven F.]

Dear readers,

Following some advice,
i am trying to

boot> boot -c
UKC> disable inteldrm
UKC> quit

on 6.9 - beta that was advertised for testing.

I have an error : `kbc: cmd word write error`
and I cannot  enter anything in UKC prompt

It s quite problematic and overall disabling driver
is usually not a good idea anyway ( referring to all the disable acpi
to make it work )

ver num, turn on and off the led, ctrl+alt+suppr resets the device,
I tried another keyboard to
Pressing the key change the blinking rate of the UKC cursor.
 'ghost' input (typing quit , enter ) does not work.

I will reload today snaps and install .

Please advice to get more info for debugging/troubleshooting,

Thank you for reading.

OpenBSD 6.9-beta (GENERIC.MP) #323: Tue Feb  9 10:19:03 MST 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8485195776 (8092MB)
avail mem = 8212697088 (7832MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xa4eef000 (81 entries)
bios0: vendor American Megatrends Inc. version "5.011" date 06/19/2019
bios0: Intel H81U
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT
ASF! SSDT SSDT SSDT DMAR
acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4)
PEGP(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2694.11 MHz, 06-3d-04
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.79 MHz, 06-3d-04
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus -1 (RP01)
acpiprt5 at acpi0: bus -1 (RP02)
acpiprt6 at acpi0: bus 1 (RP03)
acpiprt7 at acpi0: bus 2 (RP04)
acpiprt8 at acpi0: bus -1 (RP05)
acpiprt9 at acpi0: bus -1 (RP06)
acpiprt10 at acpi0: bus -1 (RP07)
acpiprt11 at acpi0: bus -1 (RP08)
acpiec0 at acpi0: not present
acpipci0 a

Re: home printer

[ropers]

Thanks for the kind words, everyone.  [more words below]

On 11/02/2021, Stuart Longland  wrote:
> The thing is… the printer is an electro-*mechanical* device.
>
> There's backlash, there's timing glitches.  Even *without* deliberate
> "steganography" (are Stegosauruses involved?), your print-out will have
> unique flaws in it, that will "fingerprint" your printer as having made it.
>
> Maybe because the carriage belt has some backlash (or position sensing
> is a bit off), the printer "staircases" (a problem that can exist in
> dot-matrix or inkjet printers).
>
> Maybe a hammer or jet is dead leading to a dead "pixel" at regular
> intervals.
>
> Maybe the imaging drum on your laser has an imperfection that means it
> attracts proportionately more or less toner at a certain spot than other
> areas of the drum.
>
> Maybe the MCU controlling the laser is a bit jittery and so doesn't
> quite hit the target right every time.
>
> These are real-world devices, with real-world tolerances, and real-world
> imperfections.

That's very true, however the deliberate addition of printer
steganography suggests that at least laser printers had gotten so much
closer to theoretical perfection that the powers that be felt they
were "falling behind" on forensics and needed to compensate somehow.
That, or maybe it was just a power grab because they could.  Actually,
most evils are committed because they become justifiable in some way.
Maybe the "we're falling behind because lasers" argument was enough to
convince politicians in closed sessions and judges in secret courts.
Secrecy is seductive.  It's a shame Wikileaks wasn't around when this
started.

I understand that the "falling behind" argument isn't entirely unreasonable.
But I'd want people to know.  Making e.g. the photocopying of
banknotes deceptively easy in an age where stego is included but
nobody knows about it would feel awfully close to entrapment.  And
that's another reason why what happened to Reality Winner is not okay.
(I don't actually agree with her politics or other actions, but never
mind that.  Email me off-list if you positively want to hear more.)

There is an honest argument for printer steganography, but its secret
introduction proves that its advocates knew they would lose a public
debate, and they knew that the courts were already tyrannical enough
not to throw out inadmissible stego-evidence and -cases over parallel
construction, and that they could be relied upon not to let the public
know.  On a related note, the reason the judges of (e.g.) America's
secret courts have their identities protected to an extreme degree is
because they know the public wouldn't stand for any of this.  They
fear the disinfecting power of sunlight, but as per the previous
paragraph, most evils happen because there's some other, at least
superficially plausible explanation, and their explanation is that
evil terrorists and organised criminals would threaten their safety
for exclusively illegitimate reasons, so the most powerful judges
"need to" be the ones living in the shadows the most.  But just
because tyrants somewhat justifiably fear the people, does not mean
tyranny is right.  My Modest Proposal to any court officer anxiously
shunning sunlight: --flips the script-- "If you're not doing anything
wrong, you have nothing to fear."  If you don't want to fear the
people, don't be a tyrant.  Throw that stego case out with prejudice.

Does any of this closely relate to OpenBSD?  I'm not sure.  Could
OpenBSD build on e.g. deda  and ship
with mitigations enabled, so printing would be secure by default, or
as secure as it can be, which isn't very?  Again, I'm not sure.  This
gets hairy very, very quickly, and there'd be a cost-to-benefit
analysis to be done that I'm not anywhere near competent or
well-positioned enough to perform.

¯\_(ツ)_/¯

--Ian

Dropping privileges and execve CAVEAT

[Kevin Chadwick]

If rather than setuid, a root process calls
setgroups(1000)
setresgid(1000, 1000, 1000)
setresuid(1000, 1000, 1000)

Is there anything to worry about in regard to the caveat in execve(2)?

"If a program is setuid to a non-superuser, but is executed when the real uid is
"root", then the process has some of the powers of a superuser as well."

Thanks, Kc

Re: home printer

[Austin Hook]

Good,  that means we can encourage attention to the principle of the 
matter, and not have to worry about all the practical considerations.  

The principle of the matter is that it is a corrupt practice, if not 
specifically admited in the documentation and sales material. 

Each principle we can uphold let's us pay more attention to the next one.

A.



On Thu, 11 Feb 2021, Stuart Longland wrote:

> On 11/2/21 2:52 am, ropers wrote:
> > Printer steganography is the kind of chain most people will only
> > notice once they move and start exercising their rights.  If you're
> > only free because you don't dissent, you're not free.
> 
> The thing is? the printer is an electro-*mechanical* device.
> 
> There's backlash, there's timing glitches.  Even *without* deliberate
> "steganography" (are Stegosauruses involved?), your print-out will have
> unique flaws in it, that will "fingerprint" your printer as having made it.
> 
> Maybe because the carriage belt has some backlash (or position sensing
> is a bit off), the printer "staircases" (a problem that can exist in
> dot-matrix or inkjet printers).
> 
> Maybe a hammer or jet is dead leading to a dead "pixel" at regular
> intervals.
> 
> Maybe the imaging drum on your laser has an imperfection that means it
> attracts proportionately more or less toner at a certain spot than other
> areas of the drum.
> 
> Maybe the MCU controlling the laser is a bit jittery and so doesn't
> quite hit the target right every time.
> 
> These are real-world devices, with real-world tolerances, and real-world
> imperfections.  If someone wants to track you, they will, stenography or
> not.
> -- 
> Stuart Longland (aka Redhatter, VK4MSL)
> 
> I haven't lost my mind...
>   ...it's backed up on a tape somewhere.
> 
> 

Re: home printer

[Stuart Longland]

On 11/2/21 10:12 pm, Stuart Longland wrote:
> These are real-world devices, with real-world tolerances, and real-world
> imperfections.  If someone wants to track you, they will, stenography or
> not.

s/stenography/steganography/… time for the email client dictionary to
learn a new word methinks, and maybe better I check a suggested
correction before applying it.  (Thankfully auto-carrot isn't enabled.)
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: home printer

[Stuart Longland]

On 11/2/21 2:52 am, ropers wrote:
> Printer steganography is the kind of chain most people will only
> notice once they move and start exercising their rights.  If you're
> only free because you don't dissent, you're not free.

The thing is… the printer is an electro-*mechanical* device.

There's backlash, there's timing glitches.  Even *without* deliberate
"steganography" (are Stegosauruses involved?), your print-out will have
unique flaws in it, that will "fingerprint" your printer as having made it.

Maybe because the carriage belt has some backlash (or position sensing
is a bit off), the printer "staircases" (a problem that can exist in
dot-matrix or inkjet printers).

Maybe a hammer or jet is dead leading to a dead "pixel" at regular
intervals.

Maybe the imaging drum on your laser has an imperfection that means it
attracts proportionately more or less toner at a certain spot than other
areas of the drum.

Maybe the MCU controlling the laser is a bit jittery and so doesn't
quite hit the target right every time.

These are real-world devices, with real-world tolerances, and real-world
imperfections.  If someone wants to track you, they will, stenography or
not.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

USB device getting disabled

[Parodper]

Hello,

This is a new install. xenodm starts fine, but the USB mouse doesn't 
work. Looking at the dmesg I can see that some USB ports (I guess the 
ones connected?) are disabled because of "problems":


uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: apic 2 
int 21
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: apic 2 
int 21
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: apic 2 
int 21
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: apic 2 
int 21

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "VIA EHCI root hub" rev 
2.00/1.00 addr 1

[...]
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "VIA UHCI root hub" rev 
1.00/1.00 addr 1

usb2 at uhci1: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "VIA UHCI root hub" rev 
1.00/1.00 addr 1

usb3 at uhci2: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "VIA UHCI root hub" rev 
1.00/1.00 addr 1

[...]
uhub1: device problem, disabling port 2
uhub2: device problem, disabling port 1
uhub2: device problem, disabling port 2

Reading the USB drivers man pages I understood that there were generic 
drivers that would attach, but I can't get wsmoused to connect to any 
/dev/u* device. I know the mouse works on other OS (Windows XP) on the 
same computer. An interesting thing is that I have another wireless 
PS/2-USB Logitech mouse and that one doesn't work either.


Full dmesg:

OpenBSD 6.8 (GENERIC) #4: Mon Jan 11 10:34:49 MST 2021

r...@syspatch-68-i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
real mem  = 1878478848 (1791MB)
avail mem = 1827950592 (1743MB)
User Kernel Config
UKC> disable radeondrm
255 radeondrm* disabled
UKC> exit
Continuing...
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 09/24/03, BIOS32 rev. 0 @ 0xfa0e0, SMBIOS rev. 
2.3 @ 0xf0120 (37 entries)
bios0: vendor Award Software International, Inc. version "F8" date 
09/24/2003

bios0: Gigabyte Technology Co., Ltd. GA-7VT600
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices PCI0(S5) USB0(S3) USB1(S3) USB2(S3) USB6(S3) 
USB7(S3) USB8(S3) USB9(S3) UAR1(S5) LPT1(S5)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) XP 2400+ ("AuthenticAMD" 686-class, 256KB L2 cache) 
2.01 GHz, 06-08-01
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW

mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 267MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 3, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpibtn0 at acpi0: PWRB
"PNP0A03" at acpi0 not configured
acpicmos0 at acpi0
"PNPB006" at acpi0 not configured
"PNPB02F" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
bios0: ROM list: 0xc/0xd000 0xd/0x2800
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8377 PCI" rev 0x80
viaagp0 at pchb0: v3
agp0 at viaagp0: aperture at 0xd000, size 0x1000
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon 9200 PRO" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"ATI Radeon 9200 PRO Sec" rev 0x01 at pci1 dev 0 function 1 not configured
bktr0 at pci0 dev 10 function 0 "Brooktree BT878" rev 0x11: apic 2 int 18
bktr0: AVer Media TV/FM, Philips PAL tuner.
"Brooktree BT878 Audio" rev 0x11 at pci0 dev 10 function 1 not configured
"AT&T/Lucent LTMODEM" rev 0x02 at pci0 dev 12 function 0 not configured
rl0 at pci0 dev 13 function 0 "Realtek 8139" rev 0x10: apic 2 int 17, 
address 00:27:19:b6:23:33

rlphy0 at rl0 phy 0: RTL internal PHY
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: apic 2 int 21
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: apic 2 int 21
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: apic 2 int 21
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: apic 2 int 21
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "VIA EHCI root hub" rev 
2.00/1.00 addr 1

viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00: SMI
iic0 at viapm0
spdmem0 at iic0 addr 0x50: 1GB DDR SDRAM non-parity PC3200CL3.0
spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC2700CL2.5
spdmem2 at iic0 addr 0x52: 512MB DDR SDRAM non-parity PC3200CL3.0
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 128-sector PIO, LBA48, 152626MB, 312579695 sectors
wd1 at pciide0 channel 0 drive 1: 
wd1: 16-sector PIO, LBA, 76318MB, 1562