Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
On 2024-03-29 09:01:07-0400, James Huddle wrote: > Exfiltrator. There's an 11-letter word that starts with "ex". X11. After a quick web search, I'm not sure I follow. Is that a reference to a program that exfiltrates data after a computer is compromised? Can you elaborate a little? I realize this is an ignorant question. > On Thu, Mar 28, 2024 at 7:39???PM Luke A. Call wrote: > > > On 2024-03-28 17:28:56+0100, Jan Stary wrote: > > > > (2) I've learned that X11 allows locally running malware to sniff the > > > > keystrokes input to any other X11-using app running under any user. > > > > > > I don't believe that's true. > > > Where have you "learned" that, and how does that work? > > > "Dear X11, what is $user typing into his firefox textarea"? > > > > I'm no X expert, but I think what you are saying is technically correct > > across users, but I believe it is possible for one application to > > sniff the keystrokes input to another app running under the *same* user, at > > least, and under different users in the same X session depending on how > > they connect. Specifically: > > > > 1) Under `man xterm' in the "SECURITY" section it says some related > > things that sound like that is what they are saying. I can't elaborate > > on what it says there but that made me want to be cautious. > > > > 2) running > >xinput list > > ...shows some devices, where on my system the /dev/wskbd has "id=6". > > Then taking that number 6 and doing > >xinput test 6 > > ...and typing in a separate xterm window shows the keystrokes from the > > second window, in the first. I believe the same would be true for any > > X application running as the *same* user. > > > > 3) I did some experimenting in the past with "ssh -X user@..." and > > "ssh -Y user@...", and only when using -Y were keystrokes visible across > > users. Similar things can be done with less cpu overhead using xauth > > and magic cookies etc (I played with that, with help from people on this > > list, scripted it for myself using what they and man pages helped me > > learn, and haven't > > thought about it much since then, except to use the scripts--but it is very > > handy for me to have things running as different users within the same X > > session, because of these boundaries around keyboard sniffing and also > > filesystem etc restrictions across users). > > > > 4) I am under the impression that the clipboard sharing between X users is > > not restricted as the above things are. Ie, one can spy on another > > freely. > > > > Luke Call > > > >
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
On 2024-03-28 17:28:56+0100, Jan Stary wrote: > > (2) I've learned that X11 allows locally running malware to sniff the > > keystrokes input to any other X11-using app running under any user. > > I don't believe that's true. > Where have you "learned" that, and how does that work? > "Dear X11, what is $user typing into his firefox textarea"? I'm no X expert, but I think what you are saying is technically correct across users, but I believe it is possible for one application to sniff the keystrokes input to another app running under the *same* user, at least, and under different users in the same X session depending on how they connect. Specifically: 1) Under `man xterm' in the "SECURITY" section it says some related things that sound like that is what they are saying. I can't elaborate on what it says there but that made me want to be cautious. 2) running xinput list ...shows some devices, where on my system the /dev/wskbd has "id=6". Then taking that number 6 and doing xinput test 6 ...and typing in a separate xterm window shows the keystrokes from the second window, in the first. I believe the same would be true for any X application running as the *same* user. 3) I did some experimenting in the past with "ssh -X user@..." and "ssh -Y user@...", and only when using -Y were keystrokes visible across users. Similar things can be done with less cpu overhead using xauth and magic cookies etc (I played with that, with help from people on this list, scripted it for myself using what they and man pages helped me learn, and haven't thought about it much since then, except to use the scripts--but it is very handy for me to have things running as different users within the same X session, because of these boundaries around keyboard sniffing and also filesystem etc restrictions across users). 4) I am under the impression that the clipboard sharing between X users is not restricted as the above things are. Ie, one can spy on another freely. Luke Call
site terms (was Re: Does openBSD come with a web browser?
On 2023-09-11 23:21:06-0700, Eric Demer wrote: > > > (I am considering getting a laptop with openBSD, but have > > > not yet done so, which is why I can't easily check on my own.) > > > ?? > > > Does openBSD come with a web browser? > > > The "the FAQ and" parts of https://www.openbsd.org/mail.html > > > suggest that it does, but I haven't found any more > > > detail regarding this at https://www.openbsd.org/??. > I left Stackexchange when it adopted Terms according to which, > them changing those terms other than the arbitration clause > as I am scrolling a page on their site would result in > me being bound by whatever they changed the Terms to. > Since the trigger for those Terms was something like, > using their Network in any way, I have never intentionally > gone back there, and have left immediately when I've > accidentally when I've accidentally gone back there. > (In particular, if they no longer have > such Terms then I don't know that.) I'm definitely not a lawyer but I am careful about what terms I agree to, and I save them to diff with later changes, etc. But I'm guessing that just using a site, without ever specifically agreeing to the terms, will not bind you to them. Like, maybe I read something that a site couldn't bind someone to their terms because they couldn't prove that they agreed. Good luck to you, not many people care what they agree to.
Re: heck of a long time
On 2023-08-23 18:06:47+0200, Peter N. M. Hansteen wrote: > On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote: > > If this is a sensitive topic I apologize ahead of time. > > I'm wondering... can we have a change in the OpenBSD front page (to say): > > "Only two remote holes in the default install, in more than 26 years!" > > So a less maintenance intensive version might be > "Only two remote holes in the default install, in more than a quarter > century!" > Then again, this is entirely up to those who maintain the website. Or simply, "...since 1995!" (or 1996, whatever it should be). I find that impressive, and practically zero maintenance.
Re: gdb segfaults setting breakpoint on a Rust test
Thank you! On 2023-03-24 14:10:50-0600, Todd C. Miller wrote: > On Fri, 24 Mar 2023 13:10:08 -0600, "Luke A. Call" wrote: > > > Hi. When I run this on the binary of a test in my Rust > > application, then run these commands in gdb, I get the following output > > which ends with Segmentation Fault: > > The in-tree gdb is old, you should try the egdb package instead. > > - todd >
gdb segfaults setting breakpoint on a Rust test
Hi. When I run this on the binary of a test in my Rust application, then run these commands in gdb, I get the following output which ends with Segmentation Fault: nemodel-ac769fda48f1a333 GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd7.2"... (gdb) start Breakpoint 1 at 0x30f9e4 Starting program: /home/lacall/proj/om/core/target/debug/deps/onemodel-ac769fda48f1a333 Breakpoint 1 at 0xb6d041be9e4 Error while reading shared library symbols: Dwarf Error: wrong version in compilation unit header (is 4, should be 2) [in module /usr/libexec/ld.so] 0x0b6d041be9e4 in main () from /home/lacall/proj/om/core/target/debug/deps/onemodel-ac769fda48f1a333 (gdb) dir /home/lacall/proj/om/core/src/ Source directories searched: /home/lacall/proj/om/core/src:$cdir:$cwd (gdb) dir /home/lacall/proj/om/core/src/model Source directories searched: /home/lacall/proj/om/core/src/model:/home/lacall/proj/om/core/src:$cdir:$cwd (gdb) dir /home/lacall/proj/om/core/src/controllers Source directories searched: /home/lacall/proj/om/core/src/controllers:/home/lacall/proj/om/core/src/model:/home/lacall/proj/om/core/src:$cdir:$cwd (gdb) b util.rs:1057 Segmentation fault @:~/<...>/target/debug/deps $ I'm on obsd 7.2 stable and am not a C programmer, unfortunately. If, prior to setting the breakpoint, I just do the "run" command, it successfully runs the test to completion (which shows an intentional test failure for now). Luke Call Here is /var/run/dmesg.boot (dmesg itself is just messages about my usb mouse attaching/detaching). uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 4 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 4 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 syncing disks... done OpenBSD 7.2 (GENERIC.MP) #7: Sat Feb 25 14:07:58 MST 2023 r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16029159424 (15286MB) avail mem = 15525961728 (14806MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries) bios0: vendor American Megatrends Inc. version "204" date 11/20/2014 bios0: ASUSTeK COMPUTER INC. X550ZA acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT SSDT SSDT SSDT acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) LID_(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.19 MHz, 15-30-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu0: 16KB 64b/line 4-way D-cache, 96KB 64b/line 3-way I-cache cpu0: 2MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 17 (application processor) cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu1: 16KB 64b/line 4-way D-cache, 96KB 64b/line 3-way I-cache cpu1: 2MB 64b/line 16-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 18 (application processor) cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA
Re: Why some mail were lost, is this common?
pair.com also seems to work well as a mail provider (online, pop, or imap, no weird games). On 2023-02-10 12:39:13+0800, Adriel Peng wrote: > Hmm I am the person working for email delivery. > don't use mail.ru who blocks a lot of lists mail every day. > Use gmail instead. If gmail is unavailable in your country, then try > Fastmail/riseup/GMX etc, or even the new one OpenMbox.net > > Regards > > > On Fri, Feb 10, 2023 at 10:06 AM Digua Dong wrote: > > > hello > > new to mailing list > > > > I'm previously using zohomail.cn and some of email from mailing list are > > lost. > > I thought, it is in China, so probably because of GFW? > > And one weird thing: if I delete Notification folder, I can't receive any > > mail. > > > > Then I switched to mail.ru, but still can't get the mailing list full! > > They're not in Spam() folder, just got lost. > > > > I don't want to frequently switch mail service and wait for new mail > > and compare with marc.info to judge if it is ok. > > > > Does anyone have the same issue / is this a common thing? > > What is probably going wrong? > > > > digua > > > >
Re: Script launcher and a suite of basic scripts for music production?
On 2023-01-18 16:51:28+0100, Brian Durant wrote: > On 1/18/23 11:46, Abhishek Chakravarti wrote: > > Brian Durant writes: > > > The only disadvantage that I can see at this point, is that what I am > > > describing would require a number of open terminals on the desktop, > > > which can be confusing to sort through, particularly during a live > > > performance. > > > > Although not a direct answer to your question, perhaps tmux(1) might be > > helpful here? You could have one tmux session window split into several > > panes. Cycling through the panes is quite simple with PREFIX + o (the > > default PREFIX being CTRL+b; in my case it's mapped to CTRL+o > > Thanks for that. I haven't played around with tmux for ages, but you are > correct that could potentially help with terminal clutter. Below are a few > [] FWIW I have my tmux set up to use Alt+# (alt+1, alt+2...) key combinations to switch among tmux panes more easily under X than using Ctrl+b every time, which might be helpful if efficiency is important. It is also easier for me to put in muscle memory. I can provide details off-list if desired.
Re: Configure OpenBSD for remote server rarely used
On 2022-11-27 12:33:18-0500, Nick Holland wrote: > Steady-state is easiest on hw. Powering up and down is large power > surges, and that's generally not good. This is across the board -- > power supply, hard drives, main board, CPU, memory, etc. The only > part that I think gets a benefit from being turned off would be a CRT > monitor, and maybe the HV in an older LCD monitor. Some Corroboration of that: a Ph.D. physicist at a major semiconductor manufacturer told me that power cycles cause more wear damage to memory chips (at least) than heat does (assuming somewhat normal use I imagine). -- Luke Call lukecall.net
Re: sysupdate and space check
On 2022-10-26 11:57:23-, Stuart Henderson wrote: > On 2022-10-24, Peter Fraser wrote: > > I make a stupid mistake; I didn't check partition sizes before doing a > > sysupgrade. > > sysupgrade ran out of space or /usr in the middle of the upgrade. > > I know I should have checked first but it would be nice if sysupgrade did > > warn me. > > The site was a 20-minute drive away, and their down time was a lot longer > > then I expected. > > It would be nice, but it's tough to reliably test this without actually > extracting the files (and a warning with many false triggers wouldn't be > all that much use either ..) Thanks for that info, it is interesting. I'm just me, but would definitely prefer a warning that suggests a potential problem and says what to check to be sure, over having to do a recovery. I do follow the instructions and check it (so far, barring mistakes), but I imagine that the program can still, without extracting the files, check it as well as I would (df -h...), but more reliably.
Re: Libreoffice crashing on Thinkcentre m92p 7.1 FVWM - seems to be a python problem
Details in case it helps: https://marc.info/?l=openbsd-misc=161280915705719=2 https://marc.info/?l=openbsd-bugs=164814366002554=2 On 2022-09-25 08:24:44-0600, Luke A. Call wrote: > I had a similar problem where I could open files with LO if I typed them > on the command line when launching LO, but File / Open would crash when > choosing the file and hitting OK. But I don't think mine was > python-related. It seemed that my cleaning up by removing evidently unused > packages > removed something that was required for LO but not explicitly listed in > its dependencies. Fortunately I had been logging the output whenever I > ran pkd_delete, and could use that for reference. After a long process of > elimination, reinstalling things to see what would happen, I think it was one > of these that made it work again (though probably a different one for > you): > > (from most to least likely): devhelp gsettings-desktop-schemas > glib2-networking > (and probably not, but maybe caused some other package to be installed > that did it: gnome-desktop totem) > > The relevant email thread at the time is probably in the archives; I > never got a reply, IIRC. > > Good luck :) > > > On 2022-09-25 02:23:00+, Cal Ledsham wrote: > > Dear OBSDer's - > > I am running 7.1 with out of the box FVWM. Since this Sunday morning > > libreoffice has crashed whenever I try to either open an existing file or > > create a new file in libreoffice writer. When opening it allows file > > selection but then crashes. > > > > (Below I have put the crash message ex launching terminal, the messages > > from a pkg_add -u, and a dmesg). > > > > I have tried the following remedies with the same result: opening different > > files, updating all packages with doas pkg_add -u (looked promising as > > there was a libreoffice update), rebooting a few times, syspatching again > > (first attempt at using libreoffice since applying patch 10_expat > > yesterday? or Friday?), and also opening the safe mode of libreoffice. The > > same result seems to occur. I tried to run an doas EXPORT PYTHONHOME > > [:] > > but have no idea what should be set as and and how > > the grammar should quite be. > > > > In accord with requested convention, there is a dmesg at the end of the > > file. > > > > Any help gratefully received. > > > > (Sorry if this is a stupid problem or if the information here is > > unhelpfully insufficient.) > > > > regards, > > Cal > > > > message in terminal screen from which libreoffice was invoked: > > > > cfl$ libreoffice > > Warning: failed to launch javaldx - java may not function correctly > > Could not find platform independent libraries > > Consider setting $PYTHONHOME to [:] > > Python path configuration: > > PYTHONHOME = (not set) > > PYTHONPATH = '/usr/local/lib/libreoffice/program/../program' > > program name = 'python3' > > isolated = 0 > > environment = 1 > > user site = 1 > > import site = 1 > > sys._base_executable = '/usr/local/bin/python3' > > sys.base_prefix = '/usr/local' > > sys.base_exec_prefix = '/usr/local' > > sys.platlibdir = 'lib' > > sys.executable = '/usr/local/bin/python3' > > sys.prefix = '/usr/local' > > sys.exec_prefix = '/usr/local' > > sys.path = [ > >'/usr/local/lib/libreoffice/program/../program', > >'/usr/local/lib/python39.zip', > >'/usr/local/lib/python3.9', > >'/usr/local/lib/python3.9/lib-dynload', > > ] > > Fatal Python error: init_fs_encoding: failed to get the Python codec of the > > filesystem encoding > > Python runtime state: core initialized > > LookupError: no codec search functions registered: can't find encoding > > > > Current thread 0x00b1d90594e8 (most recent call first): > > > > pthread_mutex_destroy on mutex with waiters! > > >
Re: Libreoffice crashing on Thinkcentre m92p 7.1 FVWM - seems to be a python problem
I had a similar problem where I could open files with LO if I typed them on the command line when launching LO, but File / Open would crash when choosing the file and hitting OK. But I don't think mine was python-related. It seemed that my cleaning up by removing evidently unused packages removed something that was required for LO but not explicitly listed in its dependencies. Fortunately I had been logging the output whenever I ran pkd_delete, and could use that for reference. After a long process of elimination, reinstalling things to see what would happen, I think it was one of these that made it work again (though probably a different one for you): (from most to least likely): devhelp gsettings-desktop-schemas glib2-networking (and probably not, but maybe caused some other package to be installed that did it: gnome-desktop totem) The relevant email thread at the time is probably in the archives; I never got a reply, IIRC. Good luck :) On 2022-09-25 02:23:00+, Cal Ledsham wrote: > Dear OBSDer's - > I am running 7.1 with out of the box FVWM. Since this Sunday morning > libreoffice has crashed whenever I try to either open an existing file or > create a new file in libreoffice writer. When opening it allows file > selection but then crashes. > > (Below I have put the crash message ex launching terminal, the messages from > a pkg_add -u, and a dmesg). > > I have tried the following remedies with the same result: opening different > files, updating all packages with doas pkg_add -u (looked promising as there > was a libreoffice update), rebooting a few times, syspatching again (first > attempt at using libreoffice since applying patch 10_expat yesterday? or > Friday?), and also opening the safe mode of libreoffice. The same result > seems to occur. I tried to run an doas EXPORT PYTHONHOME > [:] > but have no idea what should be set as and and how the > grammar should quite be. > > In accord with requested convention, there is a dmesg at the end of the file. > > Any help gratefully received. > > (Sorry if this is a stupid problem or if the information here is unhelpfully > insufficient.) > > regards, > Cal > > message in terminal screen from which libreoffice was invoked: > > cfl$ libreoffice > Warning: failed to launch javaldx - java may not function correctly > Could not find platform independent libraries > Consider setting $PYTHONHOME to [:] > Python path configuration: > PYTHONHOME = (not set) > PYTHONPATH = '/usr/local/lib/libreoffice/program/../program' > program name = 'python3' > isolated = 0 > environment = 1 > user site = 1 > import site = 1 > sys._base_executable = '/usr/local/bin/python3' > sys.base_prefix = '/usr/local' > sys.base_exec_prefix = '/usr/local' > sys.platlibdir = 'lib' > sys.executable = '/usr/local/bin/python3' > sys.prefix = '/usr/local' > sys.exec_prefix = '/usr/local' > sys.path = [ >'/usr/local/lib/libreoffice/program/../program', >'/usr/local/lib/python39.zip', >'/usr/local/lib/python3.9', >'/usr/local/lib/python3.9/lib-dynload', > ] > Fatal Python error: init_fs_encoding: failed to get the Python codec of the > filesystem encoding > Python runtime state: core initialized > LookupError: no codec search functions registered: can't find encoding > > Current thread 0x00b1d90594e8 (most recent call first): > > pthread_mutex_destroy on mutex with waiters! >
Re: recommended partitions to backup with dump
On 2022-08-24 12:51:16-0500, Allan Streib wrote: > On Wed, Aug 24, 2022, at 12:28, Shadrock Uhuru wrote: > > i already have /home /etc and /root set for backup, > > are there any other partitions i should bear in mind ? > > I always backup /var The above make sense to me also. Exploring man 7 hier might also be interesting, and possibly seeing what is on a newly installed system, and what is not.
Re: Multiuser security on OpenBSD
On 2022-08-09 12:52:28-0400, Dave Levine wrote:
> I currently use OpenBSD on my laptop for a number of reasons, mainly
> performance and hardware support. However, I have been considering
> setting up a multiuser POWER9 box for some Discord friends and I to
> work on in a hobbyist setting (these things are expensive and I'm the
> one who currently has the machine we want to work on), but need to
> know if OpenBSD is a good option for that. As it apparently lacks
> mitigations for multiple medium-risk hardware side channel attacks, I
> think it is important to ask: What does OpenBSD do to stop an
> unprivileged user with access to a compiler or shell from copy-pasting
> a proof-of-concept exploit to siphon e.g. SSH private keys, root
> passwords and the like, or are these more difficult to exploit than I
> give them credit for with things like (K)ASLR enabled?
I know at least for Intel and AMD there are mitigations against
Spectre/Meltdown-type exploits by disabling speculative execution by
default, but I don't know about POWER9 (or if that is even an issue
there). You might have to do some mail list and other searching to see.
But in general, OpenBSD seems to be the least-likely OS to allow
privilege escalation (see www.openbsd.org under the security link, LH
side near top, only 2 remotely exploitable holes in the default install
since ~1996, etc).
Due to recent reports of a bug allowing key detection based on cpu usage
variations ("turbo boost" etc), I have my system set to keep a steady
cpu frequency.
I'm not an expert; that may or may not help. Best of luck to you.
Re: mg: how to indent using spaces instead of tabs
On 2022-06-12 18:16:15+0300, Mihai Popescu wrote: > > ... mg will use a tab for indentation. > > Use something to replace every TAB occurrence in the source code with > 8 spaces sequence. Well, not every TAB maybe? man expand, unexpand(1) exists.
Re: OpenBSD Home Server + Workstation on same machine?
On 2022-03-22 16:13:47+0100, ??ukasz Moska??a wrote: > Dnia Mon, Mar 21, 2022 at 08:22:36PM -0700, Eric Thomas napisa??(a): > > Hello, > > > > I'd like to learn about secure networking (PKI, x509 certs, DNS, IPS, etc.) > > and generally > > harden my home network using OpenBSD. Can I use OpenBSD services AND have > > it act as a desktop workstation on the same machine? > > Ref: > > https://superuser.com/questions/1712101/openbsd-home-server-workstation-on-same-machine > > You CAN do that, but you shouldn't. > You should run as little services on firewall as possible. Let's say that > there's bug in browser, that causes machine to hang up. Now, because your > browser had bug, your whole network is down, untill you do hard reboot. OpenBSD's reliability seems to make this very unlikely. Still a valid point, but to be balanced for your needs. I guess there could be hardware issues triggered by a browser? > If someone could exploit bug in browser to gain root access (not very likely, > but still), attacker could see traffic from your entire network, not just > your workstation. > Less services running on firewall means smaller attack surface. Best practice > would be to run only network-related services, like DNS, DHCP, VPNs, IDS/IPS > on firewall, and keep everything else away from it. True there is a smaller attack surface on separate machines, but more other costs (machines to deal with, at least). OpenBSD's mitigations (code auditing, pledge/unveil, and the best track record I have ever heard of in a general-purpose posix OS, etc), plus some other things you can do (which I am learning more about now) to limit what browsers can do to other apps in X, & maybe putting a umask of 0077 in the /etc/profile (but with an exception when running pkg_add), make this less likely enough that using a single machine might be worthwhile for you overall. Especially if learning is the goal, and you are not supporting a huge expensive enterprise or some such. Having an extra machine to test upgrades on before doing it in production can be useful. The other points made (which I didn't quote) could be valid for you. Just $.02.
chromium key mappings go crazy under ssh -X
When I run chromium or iridium via ssh -X, after some minutes, or immediately after I switch to a console and back with Ctrl-Alt-Fn, the keystrokes go wild. Suddenly space brings up a dialog asking about caret browsing, Ctrl acts like I right-clicked, most letters work but not m, etc. All is back to normal for a few minutes again after I kill the chrome and relaunch it. The mouse never seems affected, but I can't even type a URL normally, and even if I paste a URL, Enter doesn't work. Nothing in the stdout/stderr from chrome looked interesting, I thought, but I can send that also. (As I recall, there was nothing additional in the output from the time when the keys went crazy, but many things at browser startup.) The problem doesn't happen with ssh -Y apparently(?), unless connecting to run chromium on a remote computer. It doesn't happen if I run it as the same user that is running X, nor with xhost permissions allowing it to run without ssh. And it doesn't seem to happen with any other application, including firefox or libreoffice, or xterm. But I don't want to use open xhost permissions or ssh -Y full-time for this, because then that user can see other users' keystrokes, in X (as shown by the program xinput -test for example). (I am guessing use of xauth would also allow seeing keystrokes of other users, but I haven't tested it, as it looks like xauth is more for remote connections than xhost is.) I do this so I can have multiple browsers simultaneously, as different users, so if one instance of a browser is compromised, it hopefully can't compromise other users' browsers (which are for connecting to more secure things). If I could have multiple simultaneous X servers instead, and if that is considered a reasonable use, that might work better. Pointing out holes in my thinking is much appreciated. (What do other people do for this, if anything?) It didn't happen on OpenBSD 6.8, but I noticed it right after I upgraded to 6.9 then immediately to 7.0. I'm running stable (syspatches but not current). Suggestions? I did something stupid? Should send a bug report? Thanks much! Luke Call Here is /var/run/dmesg.boot. (The dmesg itself is included further down): s0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 [... much more of the above, repeated...] syncing disks... done r OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16033533952 (15290MB) avail mem = 15531577344 (14812MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries) bios0: vendor American Megatrends Inc. version "204" date 11/20/2014 bios0: ASUSTeK COMPUTER INC. X550ZA acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT SSDT SSDT SSDT acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) LID_(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.71 MHz, 15-30-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64,
Re: Missing action list in lesskey man page
On 2021-12-04 12:39:41+, Jason McIntyre wrote: > On Sat, Dec 04, 2021 at 12:19:34PM +0100, Richard Ulmer wrote: > > Hi all, > > I've been reading up on "advanced" less(1) features and came across the > > lesskey(1) man page. In the COMMAND SECTION of the page I read this: > > > > > The action is the name of the less action, from the list below. > > > > However I cannot see this list of available actions. The only thing > > similar I can find is the list of default commands with their actions. > > From this I can deduce some available actions, but I'm not sure if those > > are all the available actions. Maybe there are some actions that are not > > bound by default. I'm also missing a description of what the actions do > > (I don't know all the default less(1) commands off the cuff). > > > > Is the action list missing from the lesskey(1) man page, or am I > > misunderstanding something? > hi. > > the actions do indeed match those in the command list. whether there are > any undocumented ones, i don;t know. i suppose you'd have to go poking > in the source. the actions will roughly match those described in the > less(1) COMMANDS section. so for example in less(1): > [] > > however we still import less. i'd want to make sure that's not stepping > on anyone's toes to make local changes. Pls forgive if I'm missing the important points, but in a way, maybe it is implied by man lesskey that the actions are connected with the command list shown. On ~ line 56-57 (under COMMAND SECTION) it says "The string is the command key(s) which invoke the action", which is easy to miss. Then there follows a list of commands, and one can search the man pages (with /) for everything that mentions "command", type "h" within less, etc. I find I have to do kind of thing that often to get a better idea of things, if one idea is mentioned in one part (or man page) then I need to go read other parts (or pages) that discuss the same thing; I even made a couple of scripts or aliases that quicken the process for me.
Re: Server certs expired higher up the chain, imaps and https
I think I read in some news (slashdot? HN?) semi-recently that a bunch of old-style (?) Let's Encrypt certificates are expiring today. Different software packages may handle it differently, as to how they determine what to accept...? Sorry vague, but I something on my phone with one site that I'm guessing is from the same cause. On 2021-09-30 10:02:17-0700, Chris Bennett wrote: > Hi, > > I'm getting that the certs are expired, but https works fine in Firefox, > including when looking at the full chain. > > > openssl s_client -servername mail.strengthcouragewisdom.rocks -connect > mail.strengthcouragewisdom.rocks:imaps > > openssl s_client -servername mail.strengthcouragewisdom.rocks -connect > mail.strengthcouragewisdom.rocks:https > > However are not happy. I force updated my ssl certs, syspatch, pkg_add > -u and rebooted. > > I didn't rebuild dh.pem for dovecot. > > Is this just a DNS propagation issue? > Or should I do something further myself? > > Thanks > Chris Bennett >
Re: VMM 6.9amd64 host video acceleration
I think there are ways to get what you want w/o VMM, such as a combination of regular X, separate user accounts for different activities, ssh -X/-Y, and rarely, xhost. Email me off-list if you want details; I have described them here at least somewhat, in the past. (Also given the fact that chrome/iridium and I think FF use pledge/unveil now.) On 2021-05-12 18:06:14+, Martin wrote: > Hi Dave, > > Can you recommend any way to see online videos without shuttering? Modern > CPUs can't smoothly play it in software emulation, unfortunately. > > Martin > > ? Original Message ? > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila wrote: > > > Martin writes: > > > > > Hi list, > > > Just wonder how to enable video acceleration on VMM guest's side (Debian) > > > if it was possible. Maybe PCIe passthru should be present for that > > > purpose? > > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or > > video device. vmm(4) doesn't support pass-through to host hardware > > either. > > > > -dv > >
Re: default umask 0077?
One possible correction: login.conf might be a better place than what I suggested earlier. Either way, would require thinking through it by someone more knowledgeable. On 2021-05-01 09:37:51-0600, Luke A. Call wrote: > I have been wondering for a long time (and did some searches) if it > would make sense for obsd to have a default umask of 0077, in the > /etc/profile or /etc/skel files on new installs, or what I'm missing. > > I imagine it helping a new user who hasn't learned yet about umask, to > not create files readable by all other users, until ready for > that, thus being even more secure by default. Maybe the default > permissions on new home directories already covers that issue? Yet > there are possible files in the /tmp folder; I don't know in all cases > which is why I set my own system with 0077. > > I've been running that way and the only problem I've noticed (so far) is > in some uses of pkg_add I had to set the umask back to 0022 first and > reset it after, for some things to work, which I did in a wrapper script. > > Most likely it's just about my ignorance. Thanks. > > ps: thanks for 6.9 etc!
default umask 0077?
I have been wondering for a long time (and did some searches) if it would make sense for obsd to have a default umask of 0077, in the /etc/profile or /etc/skel files on new installs, or what I'm missing. I imagine it helping a new user who hasn't learned yet about umask, to not create files readable by all other users, until ready for that, thus being even more secure by default. Maybe the default permissions on new home directories already covers that issue? Yet there are possible files in the /tmp folder; I don't know in all cases which is why I set my own system with 0077. I've been running that way and the only problem I've noticed (so far) is in some uses of pkg_add I had to set the umask back to 0022 first and reset it after, for some things to work, which I did in a wrapper script. Most likely it's just about my ignorance. Thanks. ps: thanks for 6.9 etc!
Re: Deleting sysupgrade, was: sysupgrade failure logs
On 2021-02-15 09:33:03+, Ottavio Caruso wrote: > On 14/02/2021 23:44, Theo de Raadt wrote: > > When we get reports like this where people "touch the insides", both > > Florian and I regret that sysupgrade ever arrived in the system. > > We want to delete sysupgrade. > > If this is not just a provocative statement, +1 from me. > I've never liked unattended, automatic, Debian-style system upgrades. A lot > of things can go wrong. I think I stay in the box, and definitely appreciate sysupgrade (etc). It has made my openbsd use more secure and easier (given that I am not near your level of expertise here), so, thanks for it being there. Luke Call http://lukecall.net
libreoffice and iridium/chromium crash on openbsd6.8, unless devhelp manually installed
Hi all. The short version is: the package "devhelp" seems required for libreoffice and irid/chromium, but removing/reinstalling those doesn't seem to install devhelp, and the package system doesn't complain when devhelp is removed manually. The programs crash saying things like this, especially the 2nd paragraph that follows: (iridium:82290): Gtk-CRITICAL **: 12:54:02.946: Unable to create user data directory '/home/lacall-secnet2/.local/share' for storing the recently used files list: No such file or directory (iridium:82290): GLib-GIO-ERROR **: 12:54:03.224: No GSettings schemas are installed on the system Trace/BPT trap So should I just submit a bug report, or is it likely my mistake? Details: After upgrading to 6.8, I found many packages that I didn't seem to require any more, and removed them with pkg_delete. Later I found that iridium and chromium crashed whenever I press Ctrl-S to save a file locally or Ctrl-P to print (or save to a .pdf). Also LibreOffice would not allow me to do Ctrl-P, nor Ctrl-O to open a file. Going back now to the packages I removed, I have found that the absence of the "devhelp" package causes these crashes, and when it is present, they do not occur. Its presence also seems to solve a problem where libreoffice would not launch under the name "libreoffice ", but I had to type "soffice " instead, but I haven't really investigated that part further. Installing the binary patches (now through 12) didn't seem to matter, nor running pkg_add -u various times over the weeks. I don't see in pkg_info output for any of these package a dependency on devhelp, or vice-versa (in my naive look at it, anyway). I don't guess it matters, but I am currently running these apps via an ssh -X connection to another user's desktop. I haven't tried it when launching X as the same user that runs the apps. Luke Call http://lukecall.net - Tech,thots,peace.(Updated 2021-01-10. Cmts/sugg welcome. https later.) DMESG: OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16033533952 (15290MB) avail mem = 15532564480 (14813MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries) bios0: vendor American Megatrends Inc. version "204" date 11/20/2014 bios0: ASUSTeK COMPUTER INC. X550ZA acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT SSDT SSDT SSDT acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) LID_(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.72 MHz, 15-30-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 17 (application processor) cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 18 (application processor) cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,
Re: Microsoft's war on plain text email in open source
On 08-26 21:47, Pierre-Philipp Braun wrote: > > Can't get your email to go plain text, attachments work. > > If they don't, why not change providers? > > It's a bit of work, but almost anyone can setup their own email server > > for next to nearly free. > > That is not as easy as it was, mainly because of IP reputation. If you have > your own MX and outbound MTA/MSA you will have to go through painful > processes of getting out of blacklists, and even then your outgoing messages > might end-up in users' spambox. The game has changed, and it's for us > old-timers that life is rough, already. Maybe I am missing the point, but one can change providers without having to manage a mail server, for example just having their own domain (or not) at a provider that manages the email servers, such as with pair.com (just a content user, many conveniences and flexibility, and I feel ~"enough" control over my email, but they run the servers, I can set various kinds of rules or DKIM things etc if memory serves, but don't have to), and maybe pobox.com (but it has been a long time since I used pobox), and I imagine others. Luke Call
multiple simultaneous X sessions?
What would it take for me to run more than one simultanous X session, each as a different user? -- I tried once a few years ago, searching, reading man pages, and chasing error messages, and failed at the time. Is it known whether it is reasonably possible with the current code? (This is so I can take advantage of the privilege separation provided by the OS, while doing different activities and programs programs with different informal trust levels, as separate users, but without the cpu overhead of using "ssh -[X|Y] ...". This was my normal practice in my Debian days, switching among them with Ctrl-Alt-FN.) Either way, thanks much for any info. Luke Call
multiple simultaneous X sessions?
What would it take for me to run more than one simultanous X session, each as a different user? -- I tried once a few years ago and found my config-file-fu was insufficient. Is it known whether it is reasonably possible with the current code? Thanks much. (ps: this is so I can take advantage of the privilege separation provided by the OS, while doing different activities and different programs with different informal trust levels, as different users, but without the cpu overhead of using "ssh -[X|Y] ...". This was my normal practice in my Debian days, switching among them with Ctrl-Alt-FN.) -- Luke Call "...[W]hen the wicked rule the people mourn. Wherefore, honest men and wise men should be sought for diligently, and good men and wise men ye should observe to uphold; otherwise whatsoever is less than these cometh of evil." (Doctrine & Covenants 98:9-10. >From 1833, when I think "men" often meant "persons".) More at my site: >lukecall.net . So: I think *honesty*, the Constitution and the rule of law (as opposed to of individuals), are much more important, relatively, than most or all policy issues.
Re: email attachments in firefox
On 08-21 18:06, James Cook wrote: > On 2020-08-21 16:51, Raymond, David wrote: > > I noticed that trying to load an attachment to Gmail in Firefox leads > > to a basically empty menu for selecting the file to be loaded? What > > gives? Is this something to do with pledge/unveil? Is there a way to > > do this? > In practice, if I want to give Firefox access to a file, I move it to > ~/Downloads and then it will appear in that chooser. > Yes, it's related to unveil. You can configure it. I think there's more > info under /usr/local/share/doc/pkg-readmes (I don't have access to my > OpenBSD system right now but probably look for "firefox" in that directory.) If it is done similarly as in chromium, /tmp will also work in addition to ~/Downloads, as will directories symlinked to those. -- Luke Call "...[W]hen the wicked rule the people mourn. Wherefore, honest men and wise men should be sought for diligently, and good men and wise men ye should observe to uphold; otherwise whatsoever is less than these cometh of evil." (Doctrine & Covenants 98:9-10. >From 1833, when I think "men" often meant "persons".) More at my site: >lukecall.net . I think *honesty*, the Constitution and the rule of law (as opposed to of individuals), are much more important, relatively, than most or all policy issues.
reviewing what is available (was Re: Faking the same LAN over the Internet
On 04-01 12:47, Chris Bennett wrote:
> On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote:
> > have you considered looking at native OpenBSD tools?
> > https://man.openbsd.org/egre.4
>
> Wow! I had no idea about this.
I think you know more about obsd than I do, but in case it's useful to
anyone else:
I didn't know about egre(4) either, but I am trying to go
gradually thru the process of seeing "what is there" by browsing to
man.openbsd.org, putting a single period (".") in the search field,
choose a section, click apropos, and methodically reading. Lots of good
stuff and some surprises (for me at least) in there. If I hadn't
done that once with debian (years ago), I wouldn't know about touch(1),
for example, and a bunch of other things.
Again, you know more than I, so no insult intended. :)
--
Luke Call
Peace, tech, help, ideas: http://lukecall.net
(Updated 2020-03-13. Feedback welcome; https is on todo list.)
Re: Samba on obsd
On 03-25 12:42, Lars Bonnesen wrote: > It seems that Debian is also recommended as an AD replacement. And in my experience with packaging tools internals, policies, standards support, etc (which was not with anything related to AD), far superior to other Linux distros. Ask me off-list if you want any details on that. -Luke (http://lukecall.net)
Re: How to test for FORTIFY_SOURCE?
On 03-18 20:29, Ingo Schwarze wrote: > I have definitely collaborated with at least these NetBSD developers > in the past: And a lame but sincere thanks to Ingo, Theo, and everyone else, for the impressive work freely given, and for patiently tolerating the rest of us.
Re: How to test for FORTIFY_SOURCE?
On 03-18 19:22, Ingo Schwarze wrote: > > Ingo -- I think using man.openbsd.org as a "testbed for all possible > > man page hierarchies" incorrect. > > It was never a testbed, but a production service with several parts > provided nowhere else (well, at least until FreeBSD followed our > lead and started providing something very similar). > > For example, for DragonFly, Illumos, and NetBSD, semantic searching > is neither supported by their native apropos(1) on the command line > nor by their own websites. > > But since you have a point that such services hardly belong > on *.openbsd.org, they are now on *.bsd.lv, where misunderstandings > like the one witnessed above are unlikely to happen. Providing a simple link from the man.openbsd.org page to the services on *.bsd.lv might help those who are used to looking in the old location, while avoiding possible "which bsd" confusion (maybe called "Some other systems' manuals", or such). Especially for those not reading this thread. Just a thought. -- Luke Call My thoughts: http://lukecall.net (updated 2020-03-13)
Re: alacritty build
On 03-11 16:51, Wayn0 wrote: > On Wed, 11 Mar 2020 at 06:21, Wayne Oliver wrote: > > On 2020/03/10 21:09, Justin Muir wrote: > > > Just wishing to give alacritty a go so I git'd the source and did a > cargo > > > build. > > > I get this error after a while: > > > LLVM ERROR: out of memory > > > I tried increasing the dataset-cur and -max to 4000M in login.conf, > didn't > > > seem to work. > > I managed to build this on my laptop about a week ago. I'll happily > > check my settings for you when I get home this evening (SAST) if you > > don't come right before then. > part of the staff group, datasizr-cur=4096M max infinity > during build on my dual core i7 4xxx it took 17m to build RAM usage really > going over 800mb > 35mb binary Just curious: what was the size after running "strip" on the binary, or did you? -- Luke Call My thoughts: http://lukecall.net (updated 2020-02-18)
pkg_outdated binary?
t; rev 1.10/1.22 addr 3 uhidev2: iclass 3/0, 3 report ids uhid0 at uhidev2 reportid 2: input=1, output=0, feature=0 uhid1 at uhidev2 reportid 3: input=2, output=0, feature=0 uhub5 at uhub1 port 1 configuration 1 interface 0 "GenesysLogic USB2.0 Hub" rev 2.00/92.24 addr 2 uhub5: device problem, disabling port 1 uhidev3 at uhub5 port 3 configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/12.07 addr 3 uhidev3: iclass 3/1 ukbd1 at uhidev3: 8 variable keys, 6 key codes wskbd2 at ukbd1 mux 1 uhidev4 at uhub5 port 3 configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/12.07 addr 3 uhidev4: iclass 3/1, 8 report ids ums1 at uhidev4 reportid 2: 16 buttons, Z and W dir wsmouse1 at ums1 mux 0 uhid2 at uhidev4 reportid 3: input=4, output=0, feature=0 uhid3 at uhidev4 reportid 4: input=1, output=0, feature=0 uhid4 at uhidev4 reportid 8: input=1, output=0, feature=0 uhidev5 at uhub5 port 3 configuration 1 interface 2 "Logitech USB Receiver" rev 2.00/12.07 addr 3 uhidev5: iclass 3/0, 33 report ids uhid5 at uhidev5 reportid 16: input=6, output=6, feature=0 uhid6 at uhidev5 reportid 17: input=19, output=19, feature=0 uhid7 at uhidev5 reportid 32: input=14, output=14, feature=0 uhid8 at uhidev5 reportid 33: input=31, output=31, feature=0 uvideo0 at uhub2 port 4 configuration 1 interface 0 "Chicony Electronics USB2.0 VGA UVC WebCam" rev 2.00/99.16 addr 2 video0 at uvideo0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets sd1 at scsibus3 targ 1 lun 0: sd1: 953868MB, 512 bytes/sector, 1953523553 sectors root on sd1a (6759d2c493c65bb1.a) swap on sd1b dump on sd1b initializing kernel modesetting (KAVERI 0x1002:0x130D 0x1043:0x17FD 0x00). radeondrm0: 1366x768, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wskbd2: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev0 detached uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 2 uhidev0: iclass 3/1, 1 report id ums0 at uhidev0 reportid 1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 -- Luke Call My thoughts: http://lukecall.net (updated 2020-02-18)
Re: Hardening browser
On 03-07 19:19, whistlez...@riseup.net wrote: > On Thu, Mar 05, 2020 at 07:32:36AM -0700, Luke A. Call wrote: > > I just leave javascript off for usual browsing, with a tab sitting open > > in chromium or iridium to turn it on for the occasional temporary need, > > or added to the browser's exception list to allow permanently for > > certain sites. This partly because it seems easy, and partly since I > > probably won't know if a browser extension is sold to a malicious entity, or > > otherwise compromised (so, seems a smaller attack surface, but still usually > > convenient.) > As I know many sites without js doesn't work. Anyway I don't understand > how switching off js defend you from 0day browser bug. > Maybe you mean that because many 0day concern javascript ? Yes, as well as the general category of speculative execution CPU attacks, rowhammer-type attacks, evercookies that use javascript, and/or whatever else I don't know about that is enabled by javascript. It just seems to be required for many attacks that one reads about, over time, and given that trend, probably some future ones, all from downloading unknown code to run locally. For those fewer times when I do enable it, I'm glad for OBSD's various protections, to further lower risk. -- Luke Call My thoughts: http://lukecall.net (updated 2020-02-18)
Re: Hardening browser
On 03-05 04:18, Tomasz Rola wrote: > On Wed, Mar 04, 2020 at 02:06:40AM +0100, whistlez...@riseup.net wrote: > > Hi, > > in the following message: > > https://marc.info/?l=openbsd-misc=158110613210895=2 > > Theo discourages to use unveil instead of chroot. > > I asked if he suggests the same for the browser but he asked that chroot > > is onlye for *root*. > > Then what should I do to hardening the most exposed piece of code that > > we use everyday ? > > Now I'm using unveil+chrome... > > Thank you. > [] > As of me, I use the trick with multiple users for different roles > (similar to other person who posted in this thread). I also employ > noscript in some of the roles. I just leave javascript off for usual browsing, with a tab sitting open in chromium or iridium to turn it on for the occasional temporary need, or added to the browser's exception list to allow permanently for certain sites. This partly because it seems easy, and partly since I probably won't know if a browser extension is sold to a malicious entity, or otherwise compromised (so, seems a smaller attack surface, but still usually convenient.) > Actually my browsing routine now employs more primitive browsers. Yes, sometimes, if practical. -- Luke Call My thoughts: http://lukecall.net (updated 2020-02-18)
Re: Hardening browser
On 03-04 12:03, Luke A. Call wrote: > Partly as a possible approach, and partly for feedback/suggestions on > it: [] > multiple user logins and their corresponding X sessions running > at the same time, among which I would switch with Ctrl-Alt-F* keys, > hoping that if one account (where I did most of the general browsing, > etc) was compromised, it would not compromise the other accounts, where > I restricted the activites to more trusted binaries or sites. Then, > text file sitting in /home where different accounts could read/write info. > > Now, on obsd, I do that sort of thing, but with ssh -X across users > in a single X session and a bit of scripted xclip usage where I can, > and a systemwide default of umask 0077, and limit my root access to > run only from a console -- which you can consider. (PS: In doing this multi-account stuff in a single X session, I am careful not to put sensitive info on the clipboard, as then any other account could read it. Same for anything typed while any app requiring "ssy -Y..." is running.)
Re: Hardening browser
On 03-04 02:06, whistlez...@riseup.net wrote: > in the following message: > https://marc.info/?l=openbsd-misc=158110613210895=2 > Theo discourages to use unveil instead of chroot. > I asked if he suggests the same for the browser but he asked that chroot > is onlye for *root*. > Then what should I do to hardening the most exposed piece of code that > we use everyday ? > Now I'm using unveil+chrome... Partly as a possible approach, and partly for feedback/suggestions on it: Back when I used Debian/Devuan Linux more, I isolated things with multiple user logins and their corresponding X sessions running at the same time, among which I would switch with Ctrl-Alt-F* keys, hoping that if one account (where I did most of the general browsing, etc) was compromised, it would not compromise the other accounts, where I restricted the activites to more trusted binaries or sites. Then, lacking copy/paste between them, I had a single "chmod a+rw ..." text file sitting in /home where different accounts could read/write info. Now, on obsd, I do that sort of thing, but with ssh -X across users in a single X session and a bit of scripted xclip usage where I can, and a systemwide default of umask 0077, and limit my root access to run only from a console -- which you can consider. But I've wondered, if obsd were suited to multiple concurrent X sessions, whether that could be interesting as well to address this common issue. -- Luke Call My thoughts: http://lukecall.net (updated 2020-02-18)
Re: Web documentation available offline by default?
Another option I found helpful once is to use wget to download the
FAQs' content to a local copy (unless that puts too much load on the server),
then have a simple local shell alias to view it with links or w3m.
(At the time, it was a quick way for me, to preserve the content
in case I wanted it while offline, or if things like X weren't working.)
There are probably pros & cons of doing that, vs. CVS -- maybe making a
CVS copy is actually cleaner & simpler for this, and for updating it.
I can fish out my old wget line for that, if it is of interest and not
considered harmful.
--
Luke Call
My general thoughts: http://lukecall.net (updated 2020-02-18)
Re: Resource temporarily unavailable: have to recompile?
On 02-01 19:43, Strahil Nikolov wrote: > On February 1, 2020 12:27:40 AM GMT+02:00, "Luke A. Call" > wrote: > >I am still seeing this problem, even after logging out/in and ulimit -u > >shows 712. Running "ps -U myusername|less" yields about 180 lines and > >the system becomes unable to start even another xterm, or in tmux on a > >console, unable to start another shell window (in both cases: "Resource > >temporarily unavailable"). > >On 01-31 13:20, Luke A. Call wrote: > >> Hi misc. > >> I am getting "Resource temporarily unavailable" in > >> /var/log/authlog when I try to open too many "ssh [-X] > >user@localhost" > >> connections, or even "fork: retry: Resource temporarily unavailable" > >when > >> running "$ cat > /tmp/somefile". > >> In "man 3 __tfork" I see: > >> [EAGAIN]Resource temporarily unavailable. The system-imposed > >>limit on the total number of threads under execution > >>would be exceeded. This limit is configuration- > >>dependent. > >> [EAGAIN]Resource temporarily unavailable. The system-imposed > >>limit MAXUPRC on the total number of threads under > >>execution by a single user would be exceeded. MAXUPRC > >>is currently defined in as CHILD_MAX, > >>which is currently defined as 80 in . > >> > >> (If multiple users could simultaneously run X, I might not ssh as > >much; > >> suggestions welcome there also, if you are in the mood.) > >> More details, not sure if needed: > >> [...] > Hi Luke, > Have you tried to reuse ssh connections. > In linux you can use something like this: > ControlMaster auto > ControlPath ~/.ssh/sockets/%r@%h-%p > ControlPersist 600 > > I guess it's still valid for openBSD. Thanks much, Strahil. I plan to try that. After I increased the # of available ptys, I can open enough terminal windows for my needs, but I can still hit the limit if I open ~40 of them with an "ssh user@localhost" (or probably a "cat > filename") in each one, so at this point I guess I am wanting to understand the system better for future reference. As in, which limit am I hitting, and where is that limit set? Thanks again. Luke
Re: Resource temporarily unavailable: have to recompile?
Cancel the cancellation. I am still seeing this problem, even after logging out/in and ulimit -u shows 712. Running "ps -U myusername|less" yields about 180 lines and the system becomes unable to start even another xterm, or in tmux on a console, unable to start another shell window (in both cases: "Resource temporarily unavailable"). On 01-31 13:20, Luke A. Call wrote: > Hi misc. > > Am I running into a limit that will require recompiling the kernel > (or changing my work style I suppose)? Which man pages should I read > next, or should I be thinking about this differently? > > I am getting "Resource temporarily unavailable" in > /var/log/authlog when I try to open too many "ssh [-X] user@localhost" > connections, or even "fork: retry: Resource temporarily unavailable" when > running "$ cat > /tmp/somefile". > > In "man 3 __tfork" I see: > [EAGAIN]Resource temporarily unavailable. The system-imposed > limit on the total number of threads under execution > would be exceeded. This limit is configuration- > dependent. > > [EAGAIN]Resource temporarily unavailable. The system-imposed > limit MAXUPRC on the total number of threads under > execution by a single user would be exceeded. MAXUPRC > is currently defined in as CHILD_MAX, > which is currently defined as 80 in . > > (If multiple users could simultaneously run X, I might not ssh as much; > suggestions welcome there also, if you are in the mood.) > > > More details, not sure if needed: > > When I open a large # of xterms which make ssh -X connections on > my laptop with obsd 6.5 (planning to upgrade, haven't quite yet), they at > first pause saying > -bash: fork: retry: Resource temporarily unavailable > ...then start failing with > shell request failed on channel 0 > ...and in /var/log/authlog I see: > sshd[52954]: error: do_exec_pty: fork: Resource temporarily unavailable > > Also, until recently I would get error messages in ~/.xsession-errors like: > xterm: Error 32, errno 6: Device not configured Reason: > get_pty: not enough ptys > ...but, after creating more ptys by running (as root) > cd /dev; sh MAKEDEV pty1 #then, um, with pty2, pty3, 4, and 5 > > ...I don't seem to get the "not enough ptys" anymore, and can open > all the xters I like, but I get the > above "xterm: Error 32, errno 6: Device not configured Reason: > get_pty: not enough ptys" from authlog, and the "shell request failed > on channel 0" from the ssh client, all even when I do this not under X. > > It's like I can't get beyond about 20-23 "ssh user@localhost" connections > (depending on how they are counted). > > I have expanded limits in /etc/login.conf and kern.maxfiles=3500 now, in > sysctl.conf, but that is just poking in the dark. > > What am I missing? Thanks! > -Luke > > dmesg: > ached > uhidev4 detached > uhid5 detached > uhid6 detached > uhid7 detached > uhid8 detached > uhidev5 detached > uhidev3 at uhub5 port 3 configuration 1 interface 0 "Logitech USB Receiver" > rev 2.00/12.07 addr 3 > uhidev3: iclass 3/1 > ukbd1 at uhidev3: 8 variable keys, 6 key codes > wskbd2 at ukbd1 mux 1 > wskbd2: connecting to wsdisplay0 > uhidev4 at uhub5 port 3 configuration 1 interface 1 "Logitech USB Receiver" > rev 2.00/12.07 addr 3 > uhidev4: iclass 3/1, 8 report ids > ums1 at uhidev4 reportid 2: 16 buttons, Z and W dir > wsmouse1 at ums1 mux 0 > uhid2 at uhidev4 reportid 3: input=4, output=0, feature=0 > uhid3 at uhidev4 reportid 4: input=1, output=0, feature=0 > uhid4 at uhidev4 reportid 8: input=1, output=0, feature=0 > uhidev5 at uhub5 port 3 configuration 1 interface 2 "Logitech USB Receiver" > rev 2.00/12.07 addr 3 > uhidev5: iclass 3/0, 33 report ids > uhid5 at uhidev5 reportid 16: input=6, output=6, feature=0 > uhid6 at uhidev5 reportid 17: input=19, output=19, feature=0 > uhid7 at uhidev5 reportid 32: input=14, output=14, feature=0 > uhid8 at uhidev5 reportid 33: input=31, output=31, feature=0 > uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB > OPTICAL MOUSE" rev 1.10/1.00 addr 3 > uhidev6: iclass 3/1, 1 report id > ums2 at uhidev6 reportid 1: 3 buttons, Z dir > wsmouse2 at ums2 mux 0 > wsmouse2 detached > ums2 detached > uhidev6 detached > uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB > OPTICAL MOUSE" rev 1.10/1.00 addr 3 > uhidev6: iclass 3/1, 1 report id > ums2 at uhidev6 reportid 1: 3 buttons, Z dir &g
Re: Resource temporarily unavailable: have to recompile?
Sorry. It seems to have been just a ulimit and a login.conf value that I had not increased enough. On 01-31 13:20, Luke A. Call wrote: > [] > I am getting "Resource temporarily unavailable" in > /var/log/authlog when I try to open too many "ssh [-X] user@localhost" > connections, or even "fork: retry: Resource temporarily unavailable" when > running "$ cat > /tmp/somefile". > > In "man 3 __tfork" I see: > [EAGAIN]Resource temporarily unavailable. The system-imposed > limit on the total number of threads under execution > would be exceeded. This limit is configuration- > dependent. > > [EAGAIN]Resource temporarily unavailable. The system-imposed > limit MAXUPRC on the total number of threads under > execution by a single user would be exceeded. MAXUPRC > is currently defined in as CHILD_MAX, > which is currently defined as 80 in .
Resource temporarily unavailable: have to recompile?
Hi misc. Am I running into a limit that will require recompiling the kernel (or changing my work style I suppose)? Which man pages should I read next, or should I be thinking about this differently? I am getting "Resource temporarily unavailable" in /var/log/authlog when I try to open too many "ssh [-X] user@localhost" connections, or even "fork: retry: Resource temporarily unavailable" when running "$ cat > /tmp/somefile". In "man 3 __tfork" I see: [EAGAIN]Resource temporarily unavailable. The system-imposed limit on the total number of threads under execution would be exceeded. This limit is configuration- dependent. [EAGAIN]Resource temporarily unavailable. The system-imposed limit MAXUPRC on the total number of threads under execution by a single user would be exceeded. MAXUPRC is currently defined in as CHILD_MAX, which is currently defined as 80 in . (If multiple users could simultaneously run X, I might not ssh as much; suggestions welcome there also, if you are in the mood.) More details, not sure if needed: When I open a large # of xterms which make ssh -X connections on my laptop with obsd 6.5 (planning to upgrade, haven't quite yet), they at first pause saying -bash: fork: retry: Resource temporarily unavailable ...then start failing with shell request failed on channel 0 ...and in /var/log/authlog I see: sshd[52954]: error: do_exec_pty: fork: Resource temporarily unavailable Also, until recently I would get error messages in ~/.xsession-errors like: xterm: Error 32, errno 6: Device not configured Reason: get_pty: not enough ptys ...but, after creating more ptys by running (as root) cd /dev; sh MAKEDEV pty1 #then, um, with pty2, pty3, 4, and 5 ...I don't seem to get the "not enough ptys" anymore, and can open all the xters I like, but I get the above "xterm: Error 32, errno 6: Device not configured Reason: get_pty: not enough ptys" from authlog, and the "shell request failed on channel 0" from the ssh client, all even when I do this not under X. It's like I can't get beyond about 20-23 "ssh user@localhost" connections (depending on how they are counted). I have expanded limits in /etc/login.conf and kern.maxfiles=3500 now, in sysctl.conf, but that is just poking in the dark. What am I missing? Thanks! -Luke dmesg: ached uhidev4 detached uhid5 detached uhid6 detached uhid7 detached uhid8 detached uhidev5 detached uhidev3 at uhub5 port 3 configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/12.07 addr 3 uhidev3: iclass 3/1 ukbd1 at uhidev3: 8 variable keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev4 at uhub5 port 3 configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/12.07 addr 3 uhidev4: iclass 3/1, 8 report ids ums1 at uhidev4 reportid 2: 16 buttons, Z and W dir wsmouse1 at ums1 mux 0 uhid2 at uhidev4 reportid 3: input=4, output=0, feature=0 uhid3 at uhidev4 reportid 4: input=1, output=0, feature=0 uhid4 at uhidev4 reportid 8: input=1, output=0, feature=0 uhidev5 at uhub5 port 3 configuration 1 interface 2 "Logitech USB Receiver" rev 2.00/12.07 addr 3 uhidev5: iclass 3/0, 33 report ids uhid5 at uhidev5 reportid 16: input=6, output=6, feature=0 uhid6 at uhidev5 reportid 17: input=19, output=19, feature=0 uhid7 at uhidev5 reportid 32: input=14, output=14, feature=0 uhid8 at uhidev5 reportid 33: input=31, output=31, feature=0 uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 uhidev6: iclass 3/1, 1 report id ums2 at uhidev6 reportid 1: 3 buttons, Z dir wsmouse2 at ums2 mux 0 wsmouse2 detached ums2 detached uhidev6 detached uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 uhidev6: iclass 3/1, 1 report id ums2 at uhidev6 reportid 1: 3 buttons, Z dir wsmouse2 at ums2 mux 0 wsmouse2 detached ums2 detached uhidev6 detached uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 uhidev6: iclass 3/1, 1 report id ums2 at uhidev6 reportid 1: 3 buttons, Z dir wsmouse2 at ums2 mux 0 wsmouse2 detached ums2 detached uhidev6 detached uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 uhidev6: iclass 3/1, 1 report id ums2 at uhidev6 reportid 1: 3 buttons, Z dir wsmouse2 at ums2 mux 0 wsmouse2 detached ums2 detached uhidev6 detached uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 uhidev6: iclass 3/1, 1 report id ums2 at uhidev6 reportid 1: 3 buttons, Z dir wsmouse2 at ums2 mux 0 wsmouse2 detached ums2 detached uhidev6 detached uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 uhidev6: iclass 3/1, 1 report id ums2 at uhidev6 reportid 1: 3 buttons, Z dir
Re: Question about marketability of OpenBSD Laptops
On 01-26 10:45, Stuart Henderson wrote: > [] > I have non-technical users on OpenBSD > laptops and desktops using GNOME+Chromium+LibreOffice, not everything > is perfect but it works well enough and we didn't have to revert to > Windows. > > It *does* need managing though, it won't work as a "here is the machine, > now you're in charge" setup. For that reason I think in most cases this > type of user would often find that an iPad or ChromeBook would suit them > better. Similar experience here: I had maybe a dozen or more people using openbsd computers in a weekly classroom for several months, where I had set it up to be convenient for their use (basically xfce, & icons pointing to preset browser destinations), and they were happy enough, but they weren't going to manage any of it themselves (with one possible exception). So sometimes it depends on the perceived cost/benefit and how it goes with their personal usage patterns. -- Please pray for our country(ies) and leaders, at this important time. More on this and other topics (a simple site w/o sales): http://lukecall.net (updated 2020-01-23)
Re: pkg_info(1) man page possible error
On 01-25 01:49, Ingo Schwarze wrote: > Andrew Easton wrote on Fri, Jan 24, 2020 at 11:17:20PM +0100: > > I was looking for a list of ports packages > Depending what you really need, try > $ doas pkg_add portslist > $ less /usr/local/share/ports-INDEX > $ doas pkg_add sqlports > $ sqlite3 /usr/local/share/sqlports > https://cvsweb.openbsd.org/ports/ > > and read the man page pkg_info(1). For what it may be worth, another way to get a list of ports is (as root, or maybe should be rewritten with "doas", as Ingo did, but): # cd /usr/ports/ && make print-index > ~root/openbsdports-list-$(uname -r)-$(machine) -Luke -- Please pray for our country(ies) and leaders, at this important time. More on this and other topics (a simple site w/o sales): http://lukecall.net (updated 2020-01-23)
Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System
On 12-31 14:02, Raul Miller wrote: > On Tue, Dec 31, 2019 at 1:32 PM wrote: > > I'm curious to know if there are any languages other than C and perl in > > use in OpenBSD base. > It's pretty easy to download the sources for base, and then: > tar zxf src.tar.gz > find . -type f -name '*.*' | sed 's/^.*\.//' | sort | uniq -c | sort > -n | tail -40 For what it may be worth: another way I use to see "what is available" (sometimes just to learn) is either: "man [1-9] intro" or go to http://man.openbsd.org, optionally choose a section, put "." (without quotes) in the search field, and click the "apropos" button. -- Please pray for our country(ies) and leaders, at this important time. More on this and other topics (a simple, non-JS site w/ no sales): http://lukecall.net (updated 2019-12-8)
Re: ttyC0 floods with error messages
On 12-16 10:48, Raymond, David wrote: > I get similar stuff on console 1 but not on the others on all my > OpenBSD machines. As I use X windows and have clean consoles 2-4 > available if necessary, I just ignore it. I get similar messages in dmesg (used to be on the first console), and every couple of days or so (not a consistent period), the mouse just stops working, sometimes working again a few days after I unplug it, so I switch that way between a wireless and wired mouse until they both stop and when I get tired enough of being mouseless then I reboot. Ending message with dmesg output: OpenBSD 6.5 (GENERIC.MP) #5: Thu Aug 29 20:38:30 CEST 2019 r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16033533952 (15290MB) avail mem = 15537967104 (14818MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries) bios0: vendor American Megatrends Inc. version "204" date 11/20/2014 bios0: ASUSTeK COMPUTER INC. X550ZA acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT SSDT SSDT SSDT acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) LID_(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.48 MHz, 15-30-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 17 (application processor) cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 18 (application processor) cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu2: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 19 (application processor) cpu3: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu3: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 21, 24 pins ioapic1 at mainbus0: apid 1 pa 0xfec01000, version 21, 32 pins acpiec0 at acpi0 acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PB21) acpiprt2 at acpi0: bus -1 (PB22) acpiprt3 at acpi0: bus
hardware security (was Re: Installing OpenBSD on Supermicro A2SDi-4C-HLN4F
And I think I read that Supermicro is moving production out of China because of the perceptions of risk (and/or actual risks) of sensitive electronics manufacturing there. Forgive/ignore if this question is excessive here, but I wonder if anyone has knowledge or educated perspective to share on this: I have avoided Chinese products (like Lenovo) due to government history/means/motive/opportunity to put in backdoors or things with which I might be less comfortable than the backdoors unfortunately inserted by someone else. Just like I've been favoring AMD due to Intel's track record and evident attitude.) Yes, the US government has been reported to waylay hardware during shipping, etc., and Bruce Schneier and/or others have said the problem of vetting hardware is beyond the ability of individuals or most businesses, given the extreme economic and technical complexity involved. (And I realize that suspicion can be carried too far, and cost/benefit estimates can sometimes even favor less caution, but one has to choose whom to work with, given tradeoffs and an imperfect world. I know Theo has said in efffect that hardware security is not a problem OBSD can address, and if that is the final answer, OK.) But I wonder sometimes if anyone knows of a laptop &/or desktop vendor where the odds seem most favorable, maybe why you think so, and where they are likely to work with OBSD. (System76, librem, dell, small/local manufacturers)? (My audio, video, and battery needs are minimal, but *quiet* effective thermal management, & 16GB+ RAM are important, and reliability & compilation speed.) AMD CPUs preferred, as going exotic sounds like more $ and harder to get spare parts. And I probably don't have the ability now or later to become expert at choosing many individual components. Thanks in advance. -- Luke Call Things I want to say to many (a lightly-loading site): http://lukecall.net (updated 2019-06-09) On 06-15 15:11, Stuart Henderson wrote: > On 2019-06-15, ms wrote: > > There were some serious security issues with hardware and software from > > Supermicro (espionage chips, firmware) > > Assuming you mean the allegations in that Bloomberg piece, there was no > evidence found supporting them. > > https://hackaday.com/2019/05/14/what-happened-with-supermicro/ etc > > There are the usual problems with BMC security, cpu bugs, etc, but those > are by no means unique to supermicro. > >
Re: No more KDE's dolphin after upgrade to 6.5
On 04-26 21:47, Rafael Sadowski wrote: > [] > update all packages with the following PKG_PATH example: > > env PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.5/packages/ pkg_add -u -v > -Dinstalled > > It looks like you mixed packages for 6.4 and 6.5 and/or -current. I had to run a pkg_add command equivalent to that, to get mutt and sox play to run. This happened when I upgraded to 6.4 as well, with libreoffice, that not everything required was updated somehow, with just pkg_add -u. - - Things I want to tell people: Free & open personal organizer software, & thoughts on subjects that I consider important (updated 2019-03-18): http://lukecall.net
Re: OpenBSD 6.5
On 04-24 15:31:34+, Mik J wrote: > Thank you for this new release and all of those who contributed. Echoed by many, for past and future work on this excellent system. Thanks very much indeed.
crash report
Hi. I am having laptop crashes, but sendbug hangs so am using email directly. Some web page on bug reports, iirc, suggested emailing misc@ first to see if the email is OK, before sending to bugs@.., so I am sending here for feedback. Sendbug (per pstree) appears to hang in usbdevs -v. (Related ps output is below.) Related issues?: I don't know if I have unsupported hardware. I have had overheating problems (separate issue but mentioned in case this all means I need to replace the laptop; the heat issues haven't necessarily been at times I can correlate with these crashes, but somewhat ongoing). I also don't know if this issue relates to the fact that my mouse stops working anywhere from 0 to 10 days after each reboot (which has been the case I'm guessing since I installed a 6.3 snapshot probably about 1/3 of the way from 6.3 to 6.4). Maybe I need a new laptop. But I'm confident that this happens even when the laptop is cool (like, external fans on, laptop idling overnight). Could a crash be caused by having in sysctl.conf "machdep.allowaperture=1" and running X? I'd like to understand the pros/cons of that setting better than I do from reading the manual page. (My sysctl.conf contents are below.) The crash seems to never happen unless I have been running with X for at least 2 days, maybe more. My stock + syspatched 6.4 system dropped into ddb in a console, several hours after the last syspatch and reboot (the last syspatch prior to 2019-3-22), maybe at a moment when I hit "alt-tab" in X (in xfce). (X had frozen before that syspatch a couple of times recently when I hit "alt-tab", but I was able to get to a console then if memory serves. Something like this has happened maybe every several weeks over the last few months, including during times like at night when I am not using this laptop, so I don't know how to reproduce it on demand. Then it did it again several times. I have captured ddb output from a total of 3 of those; the photos of ddb info was captured before I applied the latest syspatch, but it has continued happening since. After I tried to capture the useful output from ddb, I ran "boot sync" to reboot and it just sat there as if frozen, & the laptop's disk activity light was dark. (Then when I forced a hard power cycle it had to do some automatic disk repairs, and the disk activity light was on during that.) In the 2nd set of ddg screen shots (those from the 2nd crash, on the morning of 2019-3-23), I see it reports 3 CPUs. I don't know why 3, because I had 4 before the spectre/meltdown mitigations changed it to 2 (per top activity: 4 shown, 2 seem active). Then on 2019-03-25 after I had stopped using the computer for the day, there were error messages in /var/log/message and when I checked later the computer had completely frozen with a black screen. I was running xfce but no programs outside a terminal (basically the same as in the last set of ddg screen shots' ps output plus the links browser). I read through much of the change log for 6.4->6.5, but am probably unqualified to know if one of the updates addresses this. Again, the crashes where I took photos of ddb output occurred with openbsd stable as of just prior to the March 27 security fix, but have also happened since (sorry I'm so late sending it, due to personal limitations and competing tasks). So far, I think this has only happened while X was running (using xenodm). After sending this, I think I will stop X and see if it happens over the next few days, without it. This has happened both with varying and without any setting in the /etc/malloc.conf symlink. Sorry if that is not a proper report; feedback sought. Thanks *very* much. Links to photos of ddb info from the crashes: http://lukecall.net/temp-crashInfo/1stCrash-imagesOnOnePage.html http://lukecall.net/temp-crashInfo/2ndCrash-imagesOnOnePage.html http://lukecall.net/temp-crashInfo/3rdCrash-imagesOnOnePage.html http://lukecall.net/temp-crashInfo/allImagesLinks.html http://lukecall.net/temp-crashInfo/ Luke Call - - Things I want to tell people: Free personal organizer software, & thoughts on subjects (updated 2019-03-18): http://lukecall.net (Various info dumps follow; each new section starts with a "description".) ps info of usbdevs that wouldn't exit:- USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 93325 0.0 0.0 296 1148 C0 D+12:58PM0:00.02 usbdevs root 80643 0.0 0.0 720 820 C1 Ip12:52PM0:00.00 sh -c usbdevs -v root 84565 0.0 0.0 256 1088 C1 D 12:52PM0:00.01 usbdevs -v root 8493 0.0 0.0 252 1088 C1 D 12:57PM0:00.00 usbdevs -v root 38138 0.0 0.0 720 816 C1 Ip12:57PM0:00.01 sh -c usbdevs -v root 7392 0.0 0.0 724 824 C1 Ip12:57PM0:00.01 sh -c usbdevs -v root 25561 0.0 0.0 252 1084 C1 D 12:57PM
mouse stops working 2 days after reboot
Hi. On 6.4 (not 6.3 or snapshots i tried), the external mouse just stops working, ~2 days after rebooting, multiple times. A reboot fixes it, but just restarting X with Ctrl-Alt-Bksp does not fix it (though it does seem to close/restart xenodm). I am not using the trackpad and even while this problem occurs, mouse emulation via the keyboard works (using XFCE's accessibility feature). I see that the mouse still has power (lights on). (FWIW: The first time this happened, it was just after I had unplugged both my external keyboard and mouse, and unlike the usual behavior, neither worked when I plugged them back in. Since then, only the mouse has had trouble but I haven't unplugged the keyboard since then.) Thanks much. Ending with the dmesg: 4b/line 16-way L2 cache cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 21, 24 pins ioapic1 at mainbus0: apid 1 pa 0xfec01000, version 21, 32 pins acpiec0 at acpi0 acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PB21) acpiprt2 at acpi0: bus -1 (PB22) acpiprt3 at acpi0: bus -1 (PB31) acpiprt4 at acpi0: bus -1 (PB32) acpiprt5 at acpi0: bus -1 (PB33) acpiprt6 at acpi0: bus -1 (PB34) acpiprt7 at acpi0: bus 2 (PE20) acpiprt8 at acpi0: bus -1 (PE21) acpiprt9 at acpi0: bus 3 (PE22) acpiprt10 at acpi0: bus -1 (PE23) acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpitz0 at acpi0: critical temperature is 103 degC acpicmos0 at acpi0 "AMDC003" at acpi0 not configured acpibat0 at acpi0: BAT0 model "X550E30" serialtype LIon oem "OEM" acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID_ "ATK4001" at acpi0 not configured "PNP0C14" at acpi0 not configured acpibtn2 at acpi0: SLPB "PNP0C14" at acpi0 not configured cpu0: 2496 MHz: speeds: 2500 2300 2100 1700 1400 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "AMD AMD64 15h Root Complex" rev 0x00 radeondrm0 at pci0 dev 1 function 0 "ATI Kaveri Radeon R6" rev 0x00 drm0 at radeondrm0 radeondrm0: msi azalia0 at pci0 dev 1 function 1 "ATI Kaveri HD Audio" rev 0x00: msi azalia0: no supported codecs pchb1 at pci0 dev 2 function 0 "AMD AMD64 15h PCIE" rev 0x00 pchb2 at pci0 dev 3 function 0 "AMD AMD64 15h PCIE" rev 0x00 pchb3 at pci0 dev 4 function 0 "AMD AMD64 15h PCIE" rev 0x00 xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1 ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: msi, AHCI 1.3 ahci0: port 0: 6.0Gb/s ahci0: port 2: 1.5Gb/s scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed naa.539614b041b8 sd0: 953869MB, 512 bytes/sector, 1953525168 sectors cd0 at scsibus1 targ 2 lun 0: ATAPI 5/cdrom removable ohci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1 ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17 usb2 at ehci1: USB revision 2.0 uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1 piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x16: polling iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM spdmem1 at iic0 addr 0x51: 8GB DDR3 SDRAM PC3-12800 SO-DIMM azalia1 at pci0 dev 20 function 2 "AMD Hudson-2 HD Audio" rev 0x01: msi azalia1: codecs: Realtek ALC269 audio0 at azalia1 pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11 ppb0 at pci0 dev 20 function 4 "AMD Hudson-2 PCI" rev 0x40 pci1 at ppb0 bus 1 sdhc0 at pci0 dev 20 function 7 "AMD Hudson-2 SD Host Controller" rev 0x00: apic 0 int 16 sdhc0: SDHC 2.0, 50 MHz base clock sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma ppb1 at pci0 dev 21 function 0 "AMD Hudson-2 PCIE" rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci0 dev 21 function 2 "AMD Hudson-2 PCIE" rev 0x00 pci3 at ppb2 bus 3 re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), msi, address 1c:b7:2c:22:fb:c9 rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0 pchb4 at pci0 dev 24 function 0 "AMD AMD64 15h Link Cfg" rev 0x00 pchb5 at pci0 dev 24 function 1 "AMD AMD64 15h Address Map" rev 0x00 pchb6 at pci0 dev 24 function 2 "AMD AMD64 15h DRAM Cfg" rev 0x00 pchb7
Re: xfce4-terminal crash in openbsd 6.4
Updating with the solution for reference: I was also seeing this problem with LibreOffice which wouldn't even launch past the splash screen. Running pkg_add -u didn't fix it. Un- and re-installing libreoffice did fix it. I discovered this by installing inkscape, which must be providing some dependency. When I removed inkscape and also ran "pkg_delete -avV" the problem returned. Then removing libreoffice, followed by another "pkg_delete -avV", and reinstalling libreoffice made it work again. And probably I should have tried that before posting. Somehow, installing inkscape fixed it. On 11-07 09:53:32-0700, Luke A. Call wrote: > This happens in OpenBSD 6.4 but I'm fairly confident didn't happen in > 6.3 (definitely didn't happen at some point in the recent past; I don't > recall if I tried this while I was using snapshots between 6.3 and 6.4): > > If I start xfce4-terminal (either from xterm or the xfce4 "Run Program" > dialog), and if I try to access the menus (either by clicking or alt-__ > key combination like alt-e), then xfce4-terminal exits. In the xterm > window, I can see that xfce4-terminal has reported this error before > exiting: > > Gtk:ERROR:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion > failed (error == NULL): Failed to load > /usr/local/share/icons/Adwaita/16x16/status/image-missing.png: > Unrecognized image file format (gdk-pixbuf-error-quark, 3) > > (Alternatively, if there is a way to do a text search across the > scrollback buffer in xterm, that would let me stop my intermittent use > of xfce4-terminal, but I haven't found that. I know konsole has that > search feature but it has many more binary dependencies that get > installed with it.) > > Ending with my dmesg which includes content farther down indicating > the upgrade to 6.4. Thanks much! > > OpenBSD 6.4-beta (GENERIC.MP) #327: Wed Sep 26 12:52:56 MDT 2018 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 16033533952 (15290MB) > avail mem = 15538348032 (14818MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries) > bios0: vendor American Megatrends Inc. version "204" date 11/20/2014 > bios0: ASUSTeK COMPUTER INC. X550ZA > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT > SSDT SSDT SSDT SSDT > acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) > EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) > LID_(S5) SLPB(S4) > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 16 (boot processor) > cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.40 MHz, 15-30-01 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT > cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative > cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, IBE > cpu1 at mainbus0: apid 17 (application processor) > cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT > cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative > cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative > cpu1: smt 1, core 0, package 0 > cpu2 at mainbus0: apid 18 (application processor) > cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDT
xfce4-terminal crash in openbsd 6.4
This happens in OpenBSD 6.4 but I'm fairly confident didn't happen in 6.3 (definitely didn't happen at some point in the recent past; I don't recall if I tried this while I was using snapshots between 6.3 and 6.4): If I start xfce4-terminal (either from xterm or the xfce4 "Run Program" dialog), and if I try to access the menus (either by clicking or alt-__ key combination like alt-e), then xfce4-terminal exits. In the xterm window, I can see that xfce4-terminal has reported this error before exiting: Gtk:ERROR:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion failed (error == NULL): Failed to load /usr/local/share/icons/Adwaita/16x16/status/image-missing.png: Unrecognized image file format (gdk-pixbuf-error-quark, 3) (Alternatively, if there is a way to do a text search across the scrollback buffer in xterm, that would let me stop my intermittent use of xfce4-terminal, but I haven't found that. I know konsole has that search feature but it has many more binary dependencies that get installed with it.) Ending with my dmesg which includes content farther down indicating the upgrade to 6.4. Thanks much! OpenBSD 6.4-beta (GENERIC.MP) #327: Wed Sep 26 12:52:56 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16033533952 (15290MB) avail mem = 15538348032 (14818MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries) bios0: vendor American Megatrends Inc. version "204" date 11/20/2014 bios0: ASUSTeK COMPUTER INC. X550ZA acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT SSDT SSDT SSDT acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) LID_(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.40 MHz, 15-30-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 17 (application processor) cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 18 (application processor) cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu2: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 19 (application processor) cpu3: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu3: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu3:
can't start X in 6.4
I was running a snapshot from Sept 26, then upgraded yesterday to 6.4 release, and ran pkg_add -u and syspatch. Fortunately mutt runs without X :) . When I run "startx" I get errors like this (details in log below): [ 78310.256] (EE) No drivers available. [ 78310.256] (EE) Fatal server error: [ 78310.261] (EE) no screens found(EE) [ 78310.267] (EE) The dmesg output seems to include from before the upgrade and after, and contains some radeon errors like these 2 lines. error: [drm:pid0:cik_ring_test] *ERROR* radeon: ring 2 test failed (scratch(0x3010C)=0xCAFEDEAD) error: [drm:pid0:cik_sdma_ring_test] *ERROR* radeon: ring 3 test failed (0xCAFEDEAD) fw_update -i yields: Installed: vmm-firmware-1.11.0p0 uvideo-firmware-1.2p2 radeondrm-firmware-20170119 /etc/sysctl.conf contains only these lines and blank/commented ones: machdep.allowaperture=3 # See xf86(4) machdep.lidaction=0 kern.maxfiles=2 Running as root "X -configure" just outputs the options (which include "-configure", apparently), and says "Unrecognized option: -configure". The dmesg output follows, and then the contents of ~/.local/share/xorg/Xorg.0.log, followed by the file /usr/X11R6/share/X11/xorg.conf.d/10-radeon.conf file, which ends this message. Thanks much for suggestions. dmesg output: --- OpenBSD 6.4-beta (GENERIC.MP) #327: Wed Sep 26 12:52:56 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16033533952 (15290MB) avail mem = 15538348032 (14818MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries) bios0: vendor American Megatrends Inc. version "204" date 11/20/2014 bios0: ASUSTeK COMPUTER INC. X550ZA acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT SSDT SSDT SSDT acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) LID_(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.40 MHz, 15-30-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 17 (application processor) cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 18 (application processor) cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT cpu2: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 19 (application processor) cpu3: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01 cpu3:
Re: Remiss on my personal and server security practices, offering server usage to outsiders
On 09-19 08:32, Chris Bennett wrote: > On Wed, Sep 19, 2018 at 04:14:47PM +0200, Solene Rapenne wrote: > > Chris Bennett wrote: > > > I have not opened up my server before for full usage of email, web, > > > database, etc. before. So I'm a total noob on really good security > > > practices. > > > > > > Proper owner:group all over the place. Not covered in hier (7). > > > > look at security(8), especially the mtree part > > > Thank you. I used it a few times but I never opened the files in > /etc/mtree. Very useful. Although that doesn't cover all of my > owner:group questions, I can see a little better now. I have "umask 0077" set in my /etc/profile so that all users cannot by default see each others' files, unless they want to open them up. This is even though all the users are currently variations of myself with different security profiles. If I were a new user learning to use a system, especially a multiuser one, I would appreciate that default until I learned more. I have wondered if that would be a good systemwide default in new obsd installs (or the reasons not), but have also found that when root has that setting, I have to change it back to "umask 0022" for the duration of running pkg_add (which I do in a script), or some packages have problems. (Corrections welcome.)
ssh -X instead, workarounds (was Re: ssh -Y behaviour change
On 09-12 08:20, Brett Mahar wrote: > I know `ssh -X` is more secure, I use this when I can but use the `ssh -Y` > version when I need ability to copy and paste. While this probably doesn't solve your main problem, it might be useful afterward. For what it's worth, I have used ssh -X extensively and copy/paste successfully, so it is a little more secure than ssh -Y for most things. I have added some config to help it work between apps that used different clipboards, to ease interoperability, in the ~/.Xdefaults of the user running X: XTerm*selectToClipboard: true *VT100*translations:#override \ Ctrl Shift V:insert-selection(CLIPBOARD, CUT_BUFFER1) \n ...and where that doesn't work (depends on which apps and in which direction I copy/paste between them), I have a couple of scripts using the xc command (from ports/packages) to work around that. Then workarounds: I only use ssh -Y occasionally, for a very few apps that seem to only function with it. This is not an area where I have deep understanding, but I did a bunch of web searches, reading and some experimenting. I am also careful what I copy to the clipboard, because any app (probably including those running as different users) can see it, And when that really breaks down (eg, multiline copy/paste from browser to a text-mode app), I just paste into a world-readable text file from one user, and pull it out as the other user. If any of this is bad practice I would appreciate the feedback. (I probably wouldn't use ssh -X much, if I could start more than one X session in different ctrl-alt-fX consoles, as different users, to run at the same time as I used to always do on debian.)
Re: Running your own mail server
On 09-10 13:30, Craig Skinner wrote: > Being a postmaster (email server administrator) and hostmaster (DNS > server administrator) is fun, hectic, and takes about 5 years to learn. > [] > Save yourself the trouble and let them use their gMail > accounts/addresses directly. They'll soon be getting Android or Apple > phones, so let them use their Google/Apple accounts themselves. > Some good points. One could also use a different provider just for mail (pop or webmail) instead of google, if one wants to keep from centralizing more power there. (One example among many is pair.com, for webmail, DNS, domain, some hosting but not OpenBSD that I know of, unless you get a virtual private server).
Re: nmap on routed ip4 networks, openbsd/pf or package/port issue?
On 08-01 10:54, Luke A. Call wrote: > On 08-01 15:08, Henrik Engmark wrote: > > So I set up a new 6.3 with the sole purpose of nmapping, since my older > > OpenBSDs is coremapping on me with nmap. > >[] > > On to the problem, I scan my local LAN with the following: > > nmap -Pn -A -v -v --send-eth -e em0 -stylesheet somestylesheet -oA > > /tmp/nmapout 192.168.1.0/24 > > This works fine, every time i try. Takes about an hour. However, when I try > > it on a remote routed net like so: > > nmap -Pn -A -v -v --send-eth -e em1 -stylesheet somestylesheet -oA > > /tmp/nmapout 10.20.30.192/26 > > > > nmap stops doing anything after a minute or so, it goes to 0% cpu and stays > > there. I waited at least 24 hours without any sign of life. > > top tells me nmap is WAIT/bpf after those first couple of minutes. I am not > > sure what that means exactly, but I figured maybe something with pf, so I > > disabled pf alltogether and tried again, with the same result. > > I am curious what you learn as I have seen similar behavior. I've been > nmapping a printer on my local network, trying different things, and nmap > freezes for me after a short or long time. > > Strangely though, it seems to ~ "unfreeze" if I start another nmap > instance, probing the same address, in a separate terminal window. > Sometimes I have to kill and restart that other instance as it > freezes too, but this workaround has allowed me to continue at least. > > I am on 6.3 stable with latest syspatch. Also curiously, the 2nd nmap running, like the first instance it is intended to "unfreeze", also uses 90+% of a CPU (until it also freezes), even though I passed the "-T2" parameter to slow it down.
Re: nmap on routed ip4 networks, openbsd/pf or package/port issue?
On 08-01 15:08, Henrik Engmark wrote: > So I set up a new 6.3 with the sole purpose of nmapping, since my older > OpenBSDs is coremapping on me with nmap. >[] > On to the problem, I scan my local LAN with the following: > nmap -Pn -A -v -v --send-eth -e em0 -stylesheet somestylesheet -oA > /tmp/nmapout 192.168.1.0/24 > This works fine, every time i try. Takes about an hour. However, when I try > it on a remote routed net like so: > nmap -Pn -A -v -v --send-eth -e em1 -stylesheet somestylesheet -oA > /tmp/nmapout 10.20.30.192/26 > > nmap stops doing anything after a minute or so, it goes to 0% cpu and stays > there. I waited at least 24 hours without any sign of life. > top tells me nmap is WAIT/bpf after those first couple of minutes. I am not > sure what that means exactly, but I figured maybe something with pf, so I > disabled pf alltogether and tried again, with the same result. I am curious what you learn as I have seen similar behavior. I've been nmapping a printer on my local network, trying different things, and nmap freezes for me after a short or long time. Strangely though, it seems to ~ "unfreeze" if I start another nmap instance, probing the same address, in a separate terminal window. Sometimes I have to kill and restart that other instance as it freezes too, but this workaround has allowed me to continue at least. I am on 6.3 stable with latest syspatch.
Re: Questions about crypto and USA laws, concerns today
On 07-24 11:50, Chris Bennett wrote: > What is going on overall with the US and cryptography? > I recently joined an organization that has legitimate concerns about > privacy, so I thought I'd ask those who know and have history with this > issue. I am definitely not any kind of expert on this (including about export rules), but I read the news frequently. For privacy, I have been under the impression that federal law enforcement and legislators mostly were grasping the idea, that encryption backdoors would cause more harm to the public, than good for law enforcement. And it seems reasonable to hope that encryption for privacy will remain legal. But future federal policy or legislative details are very hard to predict right now.
Re: How to search for "hostap" in man pages.
ps: I think apropos/man -k only search the header, not the entire manual page. On 06-16 17:34, Luke A. Call wrote: > I think "man -K" would work on gnu/linux, but on OpenBSD you might have to: > cd /usr/share/man > or > cd /usr/local/man > and > grep -ir hostap *|less > > On 06-16 22:39, Karel Gardas wrote: > > was looking for "hostap" or "Host AP" using man -k and apropos, but this > > somehow does not return expected results: > > > > $ man -k hostap > > hostapd(8) - Host Access Point daemon > > hostapd.conf(5) - configuration file for the Host Access Point daemon > > > > but: > > $ man ral|grep hostap > >mediaopt hostap > > hostname.if(5), hostapd(8), ifconfig(8)
Re: How to search for "hostap" in man pages.
I think "man -K" would work on gnu/linux, but on OpenBSD you might have to: cd /usr/share/man or cd /usr/local/man and grep -ir hostap *|less . Maybe someone else knows a better way though. On 06-16 22:39, Karel Gardas wrote: > > Hello, > > was looking for "hostap" or "Host AP" using man -k and apropos, but this > somehow does not return expected results: > > $ man -k hostap > hostapd(8) - Host Access Point daemon > hostapd.conf(5) - configuration file for the Host Access Point daemon > > but: > > $ man ral|grep hostap >mediaopt hostap > hostname.if(5), hostapd(8), ifconfig(8) > > $ man athn|grep hostap >mediaopt hostap > > $ man ath|grep hostap >mediaopt hostap > hostname.if(5), gpioctl(8), hostapd(8), ifconfig(8) > > > am I missing something or mistakenly expected man -k should return those too? > > Thanks! > Karel > PS: on -current with following dmesg: > > OpenBSD 6.3-current (GENERIC.MP) #14: Thu Jun 14 23:55:47 MDT 2018 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8461684736 (8069MB) > avail mem = 8127451136 (7750MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries) > bios0: vendor LENOVO version "6FET61WW (2.07 )" date 02/13/2009 > bios0: LENOVO 224362G > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA > DMAR SSDT SSDT SSDT > acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) > EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3) EHC1(S3) > HDEF(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiec0 at acpi0 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.35 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN > cpu0: 3MB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges > cpu0: apic clock running at 265MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2.1.3, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.00 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN > cpu1: 3MB 64b/line 8-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins > , remapped to apid 1 > acpimcfg0 at acpi0 addr 0xe000, bus 0-63 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (AGP_) > acpiprt2 at acpi0: bus 2 (EXP0) > acpiprt3 at acpi0: bus 3 (EXP1) > acpiprt4 at acpi0: bus -1 (EXP2) > acpiprt5 at acpi0: bus 5 (EXP3) > acpiprt6 at acpi0: bus 13 (EXP4) > acpiprt7 at acpi0: bus 21 (PCI1) > acpicpu0 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10), > C1(1000@1 mwait.1), PSS > acpicpu1 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10), > C1(1000@1 mwait.1), PSS > acpipwrres0 at acpi0: PUBS, resource for USB0, USB3, USB5, EHC0, EHC1 > acpitz0 at acpi0: critical temperature is 127 degC > acpitz1 at acpi0: critical temperature is 100 degC > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > acpicmos0 at acpi0 > "IBM0057" at acpi0 not configured > "INTC0102" at acpi0 not configured > acpibat0 at acpi0: BAT0 model "42T4619" serial 732 type LION oem "SANYO" > acpiac0 at acpi0: AC unit online > acpithinkpad0 at acpi0 > "PNP0C14" at acpi0 not configured > acpidock0 at acpi0: GDCK not docked (0) > acpivideo0 at acpi0: VID_ > acpivout0 at acpivideo0: LCD0 > acpivideo1 at acpi0: VID_ > cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2401, 2400, 1600, 800 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07 > inteldrm0 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07 > drm0 at inteldrm0 > intagp0 at inteldrm0 > agp0 at intagp0: aperture at 0xd000, size 0x1000 > inteldrm0: msi > inteldrm0: 1280x800, 32bpp > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) > wsdisplay0: screen 1-5 added (std, vt100 emulation) > "Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured > "Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured > em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M AMT" rev 0x03: msi, address > 00:22:68:0a:32:65 > uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: apic 1 int 20 > uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: apic 1 int 21 > uhci2 at pci0 dev 26
Re: Limit CPU usage of a process?
I had that problem but turning off javascript (as someone else said), turning off images most of the time, and bookmarking the tab group then closing as many tabs as I wasn't actually going to use soonest (especially any viewing PDF files), dropped it down to ~4%. On 05-27 12:07:16+0200, Maximilian Pichler wrote: > Is it possible to limit the CPU usage of a given process to, say, 20%? > > I'd like to slow down the web browser since it is draining my laptop's > battery. With enough tabs open it's often consuming ~50% of CPU but > not doing anything productive. Apparently with RLIMIT_CPU in > setrlimit(2) the total CPU time of a process can be limited. Can a > similar limit be set for the percentage? > > Thanks >
