Re: pcengines apu boards

[Bryan Everly]

I'm running my primary firewall at home on an apu2...

On Thu, 2017-11-30 at 15:08 -0700, Base Pr1me wrote:
> I run 5 apu2 devices with no problems. I don't have any apu3 devices
> ... yet.
> 
> On 11/30/17 3:00 PM, Paul B. Henson wrote:
> > I was wondering if anybody is successfully running openbsd on
> > pcengines apu
> > boards? I have one of their APU3 series, specifically a apu3b4 with
> > OpenBSD
> > 6.2 on it but I can't get the USB2 EHCI ports functioning correctly
> > (for one
> > thing, they don't detect a hot plugged device), I'm not sure if
> > it's an
> > issue with the ehci driver and the amd ehci chipset or possibly
> > something in
> > the bios acpi tables. But just as a data point, it would be
> > interesting to
> > know if the problem is specific to my board or endemic to the
> > design, so if
> > anyone has an APU series board with fully functional USB2 ports on
> > the ehci
> > controller, I would much appreciate hearing which board it is,
> > which
> > specific AMD chipset is driving the controller, and what bios
> > version you
> > are running (and what OpenBSD version too).
> > 
> > Thanks much.
> > 
> 
> 

Re: OT - "Intel Management Engine" security issues

[Bryan Everly]

Dave,
You might want to take a look at both the Libreboot and Coreboot open
source projects.  The challenge with the IME is that if you literally
disable it, it will shut down the system - and it's code is pretty
heavily encrypted.  The Coreboot project has had some limited success
reverse-engineering how it works and can disable it in some cases but
it is very motherboard and CPU version specific which makes it
extremely difficult.
I'm running Libreboot with OpenBSD on a Thinkpad T500 and it works
reasonably well with the exception that I'm still figuring out how to
get full disk encryption working.  Coreboot is something I plan on
experimenting with as well because it can be (mostly) de-blobbed and
supports some more modern hardware.
- B
On Fri, 2017-09-08 at 14:51 -0400, Dave Anderson wrote:
> While this isn't specifically an OpenBSD issue, since OpenBSD
> emphasizes 
> security this seems like a good place to ask.
> 
> As far as I can tell the "Intel Management Engine" (IME) is a gaping 
> backdoor into every recent Intel-based system. My searches on the
> 'net 
> haven't turned up much useful information about it.
> 
> I'd really like to find documentation on how to configure and use
> it, 
> though I'd settle for just enough to know how to lock it down or
> disable 
> it such that it can't be used to attack me from the 'net.
> 
> While this wouldn't work for a laptop, for desktop systems it might
> be 
> sufficient to use an add-in NIC rather than the built-in one -- but
> the 
> limited info I've found suggests that the IME may be able to snoop
> on 
> all devices and so defeat this tactic. Does anyone here know?
> 
> Thanks for any information,
> 
> Dave
> 
> -- 
> Dave Anderson
> 
> 
> 

Re: Lumina enable Shut Down

[Bryan Everly]

On Mon, 2017-07-24 at 07:34 -0600, Theo de Raadt wrote:
> 
Whatever anyone wants to do to de-secure their own machine, but this
> type of thing should NEVER be default configuration applied by a
> package.
> 
> I think the entire approach is dumb.
> 
> It's like adding a "shutdown" built-in to ksh.  Obviously when I'm in
> ksh, I want to be able to Shutdown my machine.  Why has this feature
> been withheld from me for so long??
> 
> 

Darned good point.  If the project leadership thinks it's a bad idea,
I'm totally fine with not baking it into upstream.  I have been using
Lumina as my daily driver since 1.1 and haven't really found it
difficult to type "shutdown -hp now" into the xterm I always have open.

☺

Re: Lumina enable Shut Down

[Bryan Everly]

On Mon, 2017-07-24 at 09:51 +0200, Martijn Rijkeboer wrote:
> 
I totally agree with you, but if you want to use the shutdown
> button from within Lumina you currently need to be member of the
> 'operator' group [0].
> 
> [0] 
> https://github.com/trueos/lumina/blob/master/src-qt5/core/libLumina/LuminaOS-OpenBSD.cpp#L157
> 
> 
> Kind regards,
> 
> 
> Martijn Rijkeboer
> 

I'm our maintainer of the Lumina port.  Let me chat with my friends
upstream and see if we can't come up with a better solution for this. 
As a quick thought, allowing users in a particular group (perhaps
:wheel?) to run shutdown(8) without a password prompt using doas seems
like a starting point.  Thoughts on that if I push that direction?

Re: Thinking about writing something I'm calling wifid

[Bryan Everly]

Hi everyone,

I'm looking for feedback before I burn time on this project so please 
let me know what you think.


I'm thinking about building a daemon that I'll write in C (looked at 
the httpd code in /usr.sbin/httpd as a reference) that essentially 
monitors your network connectivity in the background and, based on an 
/etc/wifid.conf file (which contains an encrypted list of nwid's and 
wpa-keys that you have loaded) looks for the presence of those nwid's 
and will connect you to them (in a particular priority order you set) 
if it finds them.  I would then write a wifictl program that would 
communicate with the daemon and allow you to manipulate the encrypted 
list, etc.


The thought is that this would give us similar behavior to other 
operating systems in making wifi more of a "set it and forget it" 
capability in the system (versus running ifconfig and dhclient any 
time I change to a new network).


The questions I have are as follows:

1.  Is there something like this already that I'm not seeing in OpenBSD?

2.  Would anyone other than me want something like this?  If not, I 
will likely write it much less "cleanly" and just use it locally for 
my needs.  Heck, I could probably write it as a shell script and just 
stuff it in my crontab.


3.  My initial thought was to do the same things in my daemon that are 
going on in the source of ifconfig.c - specifically the setifnwid(), 
setifwpakey() and setifflags() functions (as opposed to shell exec'ing 
the commands themselves).  I'd prefer not to be someone who does 
"editor reuse" and cut & paste those functions into my code, but I'm 
not sure how you would approach that from a "how we do it in OpenBSD" 
perspective.  Would I refactor that tool to put those methods I use in 
a library and then modify it to call them out of the library so we can 
both share it?


4.  Same story as #3 on sbin/dhclient/dhclient.c (seems like most of 
the code I'd lift is in the main() body and subsequent called 
functions.  I'd prefer not to duplicate it (see #3)


5.  Assuming your personal answer to #2 is yes, what do you think a 
"sane default" would be to poll the network to see if it is alive?  
There is a fine balance between not burning lots of CPU checking every 
second versus how long you go without a network connection when you 
are changing networks.


6.  Is there a way my daemon can be notified when the network becomes 
unreachable versus having to poll?  I'm thinking the answer to that is 
"no" but I've been surprised at my own ignorance before (and will 
continue to do so in the future I'm sure!) so I thought I would ask.


Thanks and sorry if this was tl;dr.

Thank you to all of the people who replied in the list and privately.  
As a result of that, it looks like someone has already done basically 
what I'm looking for at:


https://github.com/farhaven/wireless

This was written by Gregor Best, jggimi and spedru.

I will reach out to them and see if they would like to see this added to 
the ports tree and if so, will submit a patch to that list.


Thanks again everyone.

Thinking about writing something I'm calling wifid

[Bryan Everly]

Hi everyone,

I'm looking for feedback before I burn time on this project so please 
let me know what you think.


I'm thinking about building a daemon that I'll write in C (looked at the 
httpd code in /usr.sbin/httpd as a reference) that essentially monitors 
your network connectivity in the background and, based on an 
/etc/wifid.conf file (which contains an encrypted list of nwid's and 
wpa-keys that you have loaded) looks for the presence of those nwid's 
and will connect you to them (in a particular priority order you set) if 
it finds them.  I would then write a wifictl program that would 
communicate with the daemon and allow you to manipulate the encrypted 
list, etc.


The thought is that this would give us similar behavior to other 
operating systems in making wifi more of a "set it and forget it" 
capability in the system (versus running ifconfig and dhclient any time 
I change to a new network).


The questions I have are as follows:

1.  Is there something like this already that I'm not seeing in OpenBSD?

2.  Would anyone other than me want something like this?  If not, I will 
likely write it much less "cleanly" and just use it locally for my 
needs.  Heck, I could probably write it as a shell script and just stuff 
it in my crontab.


3.  My initial thought was to do the same things in my daemon that are 
going on in the source of ifconfig.c - specifically the setifnwid(), 
setifwpakey() and setifflags() functions (as opposed to shell exec'ing 
the commands themselves).  I'd prefer not to be someone who does "editor 
reuse" and cut & paste those functions into my code, but I'm not sure 
how you would approach that from a "how we do it in OpenBSD" 
perspective.  Would I refactor that tool to put those methods I use in a 
library and then modify it to call them out of the library so we can 
both share it?


4.  Same story as #3 on sbin/dhclient/dhclient.c (seems like most of the 
code I'd lift is in the main() body and subsequent called functions.  
I'd prefer not to duplicate it (see #3)


5.  Assuming your personal answer to #2 is yes, what do you think a 
"sane default" would be to poll the network to see if it is alive?  
There is a fine balance between not burning lots of CPU checking every 
second versus how long you go without a network connection when you are 
changing networks.


6.  Is there a way my daemon can be notified when the network becomes 
unreachable versus having to poll?  I'm thinking the answer to that is 
"no" but I've been surprised at my own ignorance before (and will 
continue to do so in the future I'm sure!) so I thought I would ask.


Thanks and sorry if this was tl;dr.

[Q] Thinkpad x230, softraid crypto and ZZZ

[Bryan Everly]

Hi,

I have suspend to RAM working just fine on this system but when I try to 
suspend to disk (ZZZ) it just hangs the system (I thought it might just 
be slow so I let it run for 2 hours and it never completed).  Some data 
points:

1.  I encrypt my boot drive (sd0) with softraid

2.  My /etc/fstab points to a swap partition outside of the softraid 
volume and is 2x my RAM size

3.  I am running apmd with the -A flag

4.  I have 16gb of RAM on the machine

Thanks in advance for any help.  Some relevant information below:

$ cat /etc/fstab

71b4bf84dbfc9f74.a / ffs rw,softdep,noatime 1 1
71b4bf84dbfc9f74.g /home ffs rw,softdep,noatime,nodev,nosuid 1 2
71b4bf84dbfc9f74.d /tmp ffs rw,softdep,noatime,nodev,nosuid 1 2
71b4bf84dbfc9f74.f /usr ffs rw,softdep,noatime,nodev,wxallowed 1 2
71b4bf84dbfc9f74.e /var ffs rw,softdep,noatime,nodev,nosuid 1 2
/dev/sd0b none swap sw 0 0

$ doas disklabel -p g sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: Samsung SSD 850
duid: 25c676a513f5cd3d
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168 # total bytes: 931.5G
boundstart: 64
boundend: 1953520065
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
   a:   899.5G 67119570RAID
   b:32.0G   64swap   # none
   c:   931.5G0  unused

$ doas disklabel -p g sd2
# /dev/rsd2c:
type: SCSI
disk: SCSI disk
label: SR CRYPTO
duid: 71b4bf84dbfc9f74
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 117422
total sectors: 1886399967 # total bytes: 899.5G
boundstart: 64
boundend: 1886384430
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
   a: 1.0G   64  4.2BSD   2048 163841 # /
   c:   899.5G0  unused
   d: 4.0G 35904832  4.2BSD   2048 163841 # /tmp
   e:35.7G 44293408  4.2BSD   2048 163841 # /var
   f:   400.0G119248640  4.2BSD   4096 327681 # /usr
   g:   442.6G958100480  4.2BSD   4096 327681 # /home

$ cat /etc/rc.conf.local
apmd_flags=-A
hotplugd_flags=
httpd_flags=
pkg_scripts=postgresql nagios php56_fpm slim
postgresql_flags=-D /var/postgresql/data
slowcgi_flags=""

$ swapctl -l
Device  512-blocks UsedAvail Capacity  Priority
/dev/sd0b 671195060 67119506 0%0

dmesg attached as dmesg.txt
OpenBSD 6.0-beta (GENERIC.MP) #2: Sun Jul  3 10:17:41 EDT 2016
bceve...@bcebsd.theeverlys.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16844517376 (16064MB)
avail mem = 16329490432 (15573MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (70 entries)
bios0: vendor LENOVO version "G2ET82WW (2.02 )" date 09/11/2012
bios0: LENOVO 2325HP8
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! 
UEFI UEFI POAT SSDT SSDT UEFI DBG2
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3) 
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.58 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, 

Sparc64 and XVR-100 boot error running -current

[Bryan Everly]

Hi misc@


I'm trying to get an XVR-100 working in my SunBlade 2500 workstation
and I'm hitting a roadblock I can't overcome.

Essentially what
happens is, the system boots.  Then when, on my AMD64 machines the
display changes resolution for the rest of the boot process, I get
some sort of crash.

I grabbed my smart phone and started video recording the boot process
to catch it, and I saw that it was saying:

BIOS signature incorrect 0 0

Then it started going into a loop showing blocks of single byte hex values.

I figured that I needed to grab the radeondrm* files from the firmware
site and dump them into the /etc/firmware directory and all would be
good.

Unfortunately the problem persists.

Is there something obvious (or subtle) that I'm missing?

 I have one
of the old PGX-64 cards that everything is working with; however, I'd
like to use the newer ATI card so I can get higher video resolutions.

 I appreciate any help I can get.


Thanks,
Bryan

Re: non-wintel hardware choices

[Bryan Everly]

Unfortunately PA-RISC doesn't have X support at the console. You can
run X on it and have the Windows render on a SPARC, MIPS or Intel
platform though.

Thanks,
Bryan

> On May 5, 2016, at 7:37 PM, Riccardo Mottola 
wrote:
>
> Hi,
>
> Gregory Edigarov wrote:
>> if I want to build a non-wintel system with commodity running OpenBSD
without problems, what are my options?
>> preferably something non-apple also, which i will be able to connect
display, mouse, and keyboard, and hopefully run X, etc.
>
> since we don't have Raspberry support, then your choice for reasonable
(albeit almost all obsolete) platform restricts to ultra-sparc (old sparcs are
fun, but slow by any means and also the CPU support is for OpenBSD hit and
miss... 2 of my SparcStations are unstable), PPC (some Amiga boards, older
Macs) and... nothing else. PA-RISC is fun, but I never tried X there.
> And, if you think, the only other machines that could do are Itanium and
Alpha.
>
>
> For most of these, you will notice that base OpenBSD stuff works pretty well
(as does NetBSD and to a lesser degree Linux) but several bigger application
prove quite buggy! Browsers, mail clients.. everything is tested on i386/amd64
only.
> SPARC and PPC seem to me more crashy when bad programming happens, which is
actually a good thing and a reason to keep computing diversity alive. But I
fear it will become worse, the only thing that has a chance is ARM which is
used little-endian. Or embedded PPC, which is used also LE. Big Endian will
perhaps not even taught at school in 10+ years.
>
> On Linux I have Firefox running on PPC, but I read that others have issues
with it on non-intel. Be prepared to find more bugs than usual.
> We at GNUstep take quite some care that things work on PPC, SPARC and ARM,
but because I love them :)
>
> Riccardo

Re: MacBook 9,1 or 8,1

[Bryan Everly]

Ok. Well my 9,1 should be here in a week or so. I want to dual boot OS
X with it so let's see what I can tease out of it when it gets here.

Thanks,
Bryan

> On Apr 27, 2016, at 4:14 PM, Bryan Vyhmeister <br...@bsdjournal.net> wrote:
>
>> On Wed, Apr 27, 2016, at 12:53 PM, Joerg Jung wrote:
>>> On Wed, Apr 27, 2016 at 09:41:50AM -0400, Bryan Everly wrote:
>>>
>>> Has anyone had success with either of the new 12" Retina MacBooks?  My
>>> search of marc.info came up empty.
>>
>> I own a MacBook8,2 and efiboot as well as inteldrm graphics seems to
>> work fine.  However, internal nvme(4) ssd is not detected and the SPI
>> connected trackpad/mouse also does not work.  The built-in WLAN might
>> never work.  A standard USB3 HUB (connected via adapter), I tested was
>> not really working. So you you can either only attach a USB keyboard or
>> disk or wlan card to the single USB-C port, your choice :)
>>
>> Due to this fact I can not provide a copy dmesg.
>> Linux support seems not much better [1].
>>
>> I have no idea about the 9,x but would like to see a dmesg.
>> Newer MacbookAir might have the same nvme(4) problem.
>
> The MacBookAir7,2 (13-inch 2015 MacBook Air which is currently the
> latest version) does not use nvme(4) and works very well with OpenBSD
> and efiboot (I have one issue with the keyboard not mapping tilde right
> but haven't looked further into that). I also have a MacBook8,1 which I
> tried booting OpenBSD on but ran into various problems mentioned above
> about six months ago. Now that nvme(4) is supported I was going to try
> it again but it sounds like that doesn't make any difference. I have an
> OWC USB-C External Docking station for it and both of Apple's USB-C to
> HDMI/VGA with USB dongles but haven't had a chance to try them.
>
> Bryan

MacBook 9,1 or 8,1

[Bryan Everly]

Hi everyone

Has anyone had success with either of the new 12" Retina MacBooks?  My
search of marc.info came up empty.

Thanks,
Bryan

Re: Upgrade to 5.9 full disk encryption

[Bryan Everly]

Happy to help!  :)

Thanks,
Bryan

> On Apr 15, 2016, at 6:35 PM, Jack J. Woehr <j...@well.com> wrote:
>
> Bryan Everly wrote:
>> Boot the installer. Exit to the shell. Then do:
>>
>> bioctl -c C -l /dev/sd0a softraid0
>>
>> (Substitute for your actual device that is the softraid container).
>> You will be promoted for your password.
>>
>> Watch for the console message telling you what it mounted as. Then
>> type exit to return to the installer and upgrade that disk.
>
> Works for me. Thanks, Bryan.
>
> --
> Jack J. Woehr # Science is more than a body of knowledge. It's a way of
> www.well.com/~jax # thinking, a way of skeptically interrogating the universe
> www.softwoehr.com # with a fine understanding of human fallibility. - Carl 
> Sagan

Re: Upgrade to 5.9 full disk encryption

[Bryan Everly]

Boot the installer. Exit to the shell. Then do:

bioctl -c C -l /dev/sd0a softraid0

(Substitute for your actual device that is the softraid container).
You will be promoted for your password.

Watch for the console message telling you what it mounted as. Then
type exit to return to the installer and upgrade that disk.

Thanks,
Bryan

> On Apr 15, 2016, at 5:56 PM, Jack J. Woehr  wrote:
>
> How does one upgrade a full-disk encrypted OpenBSD boot disk?
>
> --
> Jack J. Woehr # Science is more than a body of knowledge. It's a way of
> www.well.com/~jax # thinking, a way of skeptically interrogating the universe
> www.softwoehr.com # with a fine understanding of human fallibility. - Carl 
> Sagan

Re: iMac computer. Which architecture. macppc?

[Bryan Everly]

Depends on the age. If it is basically "all screen" and indicates G5
on the back then macppc. If not a G5, then amd64. If it is a crt or
the one that looks like a desk lamp, macppc.

Thanks,
Bryan

> On Mar 6, 2016, at 8:52 AM, Chris Bennett 
>  wrote:
>
> A friend found one outside at an apartment complex.
> The display is messed up but it boots cleanly to whatever OS it has.
> I didn't care, could see enough on screen to be sure it works.
> It's a one piece system.
> I assume I just need to get a display port adaptor.
> I'm going to bring it here in about a week or two.
>
> Which 5.9 -current should I download?
>
> Thanks,
> Chris Bennett

Re: VAX - are we dropping support in 5.9?

[Bryan Everly]

Christian,

I am willing to help. My stable of machines includes:

* SunBlade 100 (sparc64)
* HP C3700 (hppa)
* SGI O2 (sgi)
* AlphaStation 500/400 (alpha)
* VAXstation 3100 (VAX) - I can improve this if necessary. I have
found a VAXstation 4000 that is more capable on eBay
* Mac Mini G4 (macppc)
* Thinkpad T21 (i386)

How can I help and make people feel comfortable relative to security?

Thanks,
Bryan

> On Jan 25, 2016, at 5:25 PM, Christian Weisgerber  wrote:
>
>> On 2016-01-24, "Christoph R. Murauer"  wrote:
>>
>> Quotes taked from Christian Weisgerber :
>>
>>> It's the comparatively popular platforms like powerpc and sparc64
>>> that are in dire need of help if OpenBSD is not to turn into an
>>> amd64-only platform.
>
> That was a plea for help.  Well, a pointer to where help would be
> actually... helpful.
>
> People need to run these platforms, find problems, and fix them.
> However, I'm afraid you'll find that most of the low hanging fruit
> has been picked and addressing the problems that matter will require
> heavy lifting.
>
> For instance, landry@'s powerpc package builds are crippled by the
> unreliability of the build machines.  Given the plural, we don't
> think that the hardware is flakey.  Some kernel bug(s) randomly
> causes processes to die.  Vague guesses have been offered.  Maybe
> it's a pmap problem.  Somebody with considerable time and skill
> needs to wade in there.
>
> Or looking a bit into the future, I'll mention the elephant in the
> room and say that architectures without clang support are doomed.
>
>>> Going by previous experience, it's conceivable that somebody else
>>> will step in to build the release and possibly a few packages.
>
> That was not a plea for help.
>
> I meant to say that some OpenBSD developer may step in and do some
> builds on their own hardware.  I think that happened e.g. for
> 5.8/sparc.  This is really the last stage of an architecture's
> death, long after it has ceased to be useful.
>
>> Let's say someone will build releases and packages, would the project
>> accept this builds
>
> Would you like the project to accept builds from a random stranger?
>
> --
> Christian "naddy" Weisgerber  na...@mips.inka.de

Re: VAX - are we dropping support in 5.9?

[Bryan Everly]

I'm ready willing and able!

I'm currently trying to port the Linux display driver for the hppa
frame buffer on my C3700 so we can maybe get X on that platform
natively.

I have a PPC Mac Mini and a SunBlade 100 so I will most definitely help.

Thanks,
Bryan

> On Jan 23, 2016, at 6:43 PM, Christian Weisgerber <na...@mips.inka.de> wrote:
>
>> On 2016-01-23, Bryan Everly <br...@bceassociates.com> wrote:
>>
>> I hope to add some of my time on these less popular architectures to
>> try and fix that.
>
> It's the comparatively popular platforms like powerpc and sparc64
> that are in dire need of help if OpenBSD is not to turn into an
> amd64-only platform.
>
> I obviously can't tell people how to waste their time, but while
> investing in moribund museum architectures may offer personal
> satisfaction to some, it does not help in the bigger picture.
>
> --
> Christian "naddy" Weisgerber  na...@mips.inka.de

Re: VAX - are we dropping support in 5.9?

[Bryan Everly]

Raf,

I hope to add some of my time on these less popular architectures to
try and fix that.

:)

Thanks,
Bryan

> On Jan 23, 2016, at 5:34 PM, Raf Czlonka  wrote:
>
>> On Sat, Jan 23, 2016 at 09:33:21PM GMT, Bryan C. Everly wrote:
>>
>> I run 5.9-current on my other machines so when i didn't see packages
>> in /pub/OpenBSD/snapshots/packages I jumped to that conclusion given
>> that the other architectures were under that directory and VAX was
>> absent.
>
> As you can see from the primary site[0], there's only a handful of
> architectures for which package snapshots are available, i.e. arm is not
> amongst them either.
>
>> Glad to hear that isn't the case.
>
> I never claimed to be an authoritative source and that it isn't indeed
> the case. I haven't noticed anything bar one comment on cvs@[1] which
> would point to that conclusion - and indeed, aviion is gone[2]...
>
>> Any idea why they aren't building packages in 5.9-current snapshots
>> for that architecture?
>
> As with anything - time, resources, etc.
>
> Raf
>
> [0] http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/
> [1] https://marc.info/?l=openbsd-cvs=144887159202054
> [2] https://marc.info/?l=openbsd-cvs=144895627013585

Re: USB external floppy

[Bryan Everly]

Thanks. Yes. That's it. A Vaxatation 3100 boot disk.

Any particular vendor you'd recommend as known to work?

Thanks,
Bryan

> On Dec 14, 2015, at 4:25 AM, Tati Chevron  wrote:
>
>> On Sun, Dec 13, 2015 at 06:11:07PM -0500, Bryan C. Everly wrote:
>> I'm wanting to create a boot floppy for a Vaxstation.  Could someone
>> recommend a USB floppy that I could plug into my amd64 laptop that would
>> allow me to create a boot floppy for a VAX?
>
> Are you trying to write an OpenBSD/VAX boot floppy to a common 1.44 MB
> 3.5" disk, (to read in what DEC would have called an RX23 floppy drive),
> or something more unusual?  If it's something unusual, can you be more
> specific about the model of Vaxstation and/or what format you want to
> write the disk in?
>
> Assuming that you want to create a, 'normal', OpenBSD/VAX boot floppy,
> any supported USB drive will allow you to do this.  If it's anything
> else, the answer will be more complicated.
>
> --
> Tati Chevron
> Perl and FORTRAN specialist.
> SWABSIT development and migration department.
> http://www.swabsit.com

Re: Suspend on Macbook Pro Retina (MacbookPro 11,1)

[Bryan Everly]

Performance is great from my perspective. No noticeable lag, etc.

The wifi will probably never get a driver in OpenBSD though (only a
closed source driver in Linux) and power management is flakey (even in
Linux). Just keep that in mind.

Thanks,
Bryan

> On Dec 6, 2015, at 5:06 PM, Артур Истомин 
wrote:
>
>> On Sun, Dec 06, 2015 at 09:28:05AM -0500, Bryan C. Everly wrote:
>> Hi,
>>
>> Happy to do so.  Here is an imgur link that has three shots.  I am using
>> the i3 desktop currently so I can have a little more control over the
>> fine-grained settings for HiDPI (I had previously been running Gnome 3).
>> Let me know if there is anything in particular you'd like to see:
>>
>> https://imgur.com/a/CiQ82
>
> Bryan, what about performance 2D, 3D? Are there any difference between
> "retina" and "standard" dpi on Intel video on OpenBSD? I'm about
performance
> issues, not about aesthetics (yes, fonts are realy awesome, that is why I
want
> to buy laptop with hidpi display).

Re: OpenBSD as a pentester PC?

[Bryan Everly]

I have been slowly trying to add such tools to the ports tree. If you
can give me a list of the ones you are interested in from most
important to least I will see what I can do.

Thanks,
Bryan

> On Nov 26, 2015, at 4:50 AM, Mohammad BadieZadegan  
> wrote:
>
> Hi every OpenBSD user,
> I have OpenBSD on my Notebook since 2 years ago and I don't want to switch
> other OS for my business pentest project.
> I need some pentest tools for my project like metasploit, fuzzers, ..etc
> but I could not find them on OpenBSD package list
> !
> By default does OpenBSD support metasploit installing (or any attack tools)
> or defer them for security purpose?
> I want to have one OS on my note book for all purpose(business+home).
> Is that I must switch to other OS? (That I don't like at all!)
> Regards.
>
> --
> [image: ( openbsd.pro  933k.ir )] 

Re: MacbookPro 11,1

[Bryan Everly]

I only had to bless my thumb drive so the keyboard worked. Everything
else is native when booting from the hard drive afaik.

Thanks,
Bryan

> On Nov 23, 2015, at 4:37 PM, Bryan Vyhmeister  wrote:
>
>> On Mon, Nov 23, 2015 at 04:20:56PM -0500, Bryan C. Everly wrote:
>> The /usr/sbin/bless command was the key that unlocked this for me.  I have
>> managed to get the latest snapshot installed and booting on this machine.
>> I'm in the process of installing a desktop (I run gnome) so I'll let you
>> know how that goes.
>
> You must be using BIOS emulation then? My goal with my install was to
> avoid using BIOS emulation if possible. I wanted to be able to install
> OpenBSD on a Mac without needing to use OS X at all or dual boot. As I'm
> sure you've read, jcs@ has a gist about this process and jasper@ has a
> blog post detailing how to do the efiboot like I did.
>
> I'm looking forward to finding out how it works out for you.
>
> Bryan

Re: Advices for a new laptop

[Bryan Everly]

The X series and the T series Thinkpads work really well.

My x220 is outstanding. The only device that isn't supported is the
fingerprint reader.  Also the mSATA slot is great for a second SSD. I
dual boot OpenBSD and Arch (for when I need a Virtual Machine) and
just use the F12 key at boot to select the drive I boot off of. Really
simplifies the set up. Also you can put 16gb of ram in this model
(even with an i5 processor) even though the specs say max of 8gb.

Thanks,
Bryan

> On Oct 29, 2015, at 9:41 AM, Domovoy  wrote:
>
> Hi there, i'm looking for advices on a new laptop.
>
> I'd like to run a dual-boot OpenBSD/Debian linux on it.
>
> Won't play any games, but i need to do some simple 3D with Blender and
FreeCAD (for 3D printing stuff).
>
> No real need for a CD/DVD/BD drive, as long as i can boot on USB.
>
> When doing work that requires a comfortable display i usually have an
external screen plugged in, so i don't need a big screen either, although i do
need the possibility to switch to the external one.
>
> A good WiFi is a must have.
>
> From what i gathered on the list, Lenovo is a good bet, and i need to avoid
Nvidia graphics, right?
>
> Any more advices are welcome, particularly on a specific model where
everything works. My budget is under 700€.

Re: Intel Atom?

[Bryan Everly]

On the USB connector I didn't notice it when I installed the board but
I can look when I get home in a couple of days.

I haven't pushed it to breaking but it has yet to present a bottleneck.

Thanks,
Bryan

On Jul 27, 2015, at 1:14 PM, Quartz qua...@sneakertech.com wrote:

 I just deployed an OpenBSD 5.7 firewall/router/dhcp/dns using this 
 motherboard:

 http://www.newegg.com/Product/Product.aspx?Item=N82E16813157417

 As a side question, is that a female usb connector planted vertically right 
 on the motherboard?


 It uses the Intel Atom D2550 1.86GHz 2-Core chip and has dual 1000
 Mbps Intel NICs on the motherboard.  I am running the amd64 binaries
 on it and it's serving its purpose really well.

 How hard have you pushed the network IO?

Re: which netbook not to buy?

[Bryan Everly]

I am using an X220 and it is working wonderfully. Great battery life.
Solid performance compiling large projects like Open JDK.  I upgraded
the display to IPS for less than $100 in parts on eBay and about ten
minutes with a screwdriver.

Thanks,
Bryan

On Jul 12, 2015, at 5:09 PM, Theo de Raadt dera...@cvs.openbsd.org wrote:

 I would suggest x201s for Many reasons. You can find it without hdd on ebay
 for 100usd... + ssd any... but I am not sure about openbsd... with debian
 it just works.

 The x201 works great.

 I used one for about 3 years, and the beatings continued until
 everything worked perfectly.

 Mark Kettenis applied the same pressure to the x220.

 And Mike Larkin to the x230.

 But the general rule is that the upper-class Thinkpads work the best,
 first of all because their BIOS are written by Team-A at Lenovo,
 secondly because we fixed things for ourselves.

Re: Chromium in the latest snapshot packages

[Bryan Everly]

Anything I can do to help diagnose the problem?

Thanks,
Bryan

 On Jun 22, 2015, at 3:24 PM, Marc Espie es...@nerim.net wrote:

 On Mon, Jun 22, 2015 at 02:58:37PM +, Christian Weisgerber wrote:
 On 2015-06-22, Bryan C. Everly br...@bceassociates.com wrote:

 I wiped and re-loaded my laptop over the weekend with the latest
 snapshots and noticed that Chromium isn't in the amd64 snapshot
 package directory on any of the mirrors I checked.  Is there currently
 a problem with the build on that or should I bit the bullet and build
 from source?

 The chromium build is very brittle and fails frequently in quasi-random
 ways.  During the latest amd64 snapshot build, chromium errored out
 twice, in slightly different ways.  I'd be happy to send you the
 voluminous logs.

 It's generally reasonably simple to fix, just takes a while to go thru the
 logs and figure out which dependency was missed.

 That's one feature of ninja: it's geared towards making full parallel
 builds of a given port.  But the gyp frontend that generates the ninja
 files is often incomplete.  The chromium developers are very sloppy, and
 they forget to record lots of interdependencies.

 Figuring out one of these bugs is not complicated, it's just time-consuming.

 - look at the error in the log.
 - figure out which file wasn't generated, match it to the corresponding
 subset A in the gypi/gyp files.
 - figure out which file was being generated, match it to the corresponding
 subset B in the gypi/gyp files.
 - add the missing dependency between B and A in the file.
 - check out the patch works okay.

 If people want things to improve, it's simple: post out the failures you
 got, and ask people to look things over. It's not THAT complicated. Just
 time-consuming (and boring after you've done a few).

 It's something that, conceivably, newbie OpenBSD wannabe developers
 that want to help could try to tackle.