Re: "OpenBSD Doc" App idea
On 2023-09-07 22:47:47+0200, Daniele B. wrote: > > > I don't know if Android has a similar feature, but at least on iOS you > > can save a particular website to your home as a webapp from Safari. > > Thanks for the answer Shokara. My initiative was to call for the development > in the community of a serious app, with commands directory and full-text > search, > working offline on multiple device with different screen orientation. > > Beside the possibility to create an home link of the online site on Android. > If you need full-text search from the desktop, this does the job for me. I put it in my path and call the script "mank" since it resembles Linux's "man -K" well enough for me, and has been useful when I just know I read something but can't remember where well enough to use apropos. It is not fast. It assumes bash is installed from packages, but could easily be changed to use ksh instead. #!/usr/bin/env bash set -eux TMP=$(mktemp -t mank-tmp-output_XX) nice grep -irE -C "$1" /usr/share/man/* 2>&1 > $TMP || true nice grep -irE -C "$1" /usr/local/man/* 2>&1 >> $TMP || true less -p "$1" $TMP rm -f $TMP echo $? I also have used wget a couple of times in the past to locally mirror www.openbsd.org in case I needed something and can't get online, and then one could grep that also (or use google to do a full-text online search of that site), but I don't know whether that wget thing is a great idea.
Re: Howto do "a detailed cleanup with the aid of the sysclean package"?
How about someone simply (better than I) updating the manual page and pkg_info output with warnings and clarifications about the intended use case and risks? Maybe the man page could say (just as an idea): "Warning: this is intended to suggest files for removal, that it guesses are obsolete; if you build software locally or modify other system files, it may mistakenly suggest removal of libraries or other files that you want to keep. It should only be used by those who are familiar with their system and accept the risks involved [and maybe?: or who know for certain they have not changed anything ... in the directories it checks.]" Followed possibly by something like: "It has not (yet) applied the lessons of "find -print0" and "xargs -0", and could recommend removing something you don't expect: review carefully its output before proceeding with file deletions." And in the man page and pkg_info output, wherever "obsolete" is found, something like: < [...] It only reports obsolete > [...] It only reports *possibly* obsolete [...]; see the manual page for > more information. And similarly in the upgrade guide, if it were mentioned there in the future. Another possible step could be making it emit a concise message about the risk and intent, when it runs, if there is a practical way in a comment near the beginning of the output without breaking its function; or comment the output with that included so users have to think before they can use it (passing a switch or something). With some of those, maybe it can remain in the learnable flow, for new or maturing users. Just thoughts; if not helpful, forgive the noise.
Re: Resource temporarily unavailable: have to recompile?
> - Forwarded message from Strahil Nikolov - > From: Strahil Nikolov > To: "Luke A. Call" , misc@openbsd.org > Subject: Re: Resource temporarily unavailable: have to recompile? > On February 1, 2020 12:27:40 AM GMT+02:00, "Luke A. Call" > wrote: > >I am still seeing this problem, even after logging out/in and ulimit -u > >shows 712. Running "ps -U myusername|less" yields about 180 lines and > >the system becomes unable to start even another xterm, or in tmux on a > >console, unable to start another shell window (in both cases: "Resource > >temporarily unavailable"). > > > >On 01-31 13:20, Luke A. Call wrote: > >> Am I running into a limit that will require recompiling the kernel > >> (or changing my work style I suppose)? Which man pages should I read > >> next, or should I be thinking about this differently? > >> > >> I am getting "Resource temporarily unavailable" in > >> /var/log/authlog when I try to open too many "ssh [-X] > >user@localhost" > >> connections, or even "fork: retry: Resource temporarily unavailable" > >when > >> running "$ cat > /tmp/somefile". > >> > >> In "man 3 __tfork" I see: > >> [EAGAIN]Resource temporarily unavailable. The system-imposed > >>limit on the total number of threads under execution > >>would be exceeded. This limit is configuration- > >>dependent. > >> > >> [EAGAIN]Resource temporarily unavailable. The system-imposed > >>limit MAXUPRC on the total number of threads under > >>execution by a single user would be exceeded. MAXUPRC > >>is currently defined in as CHILD_MAX, > >>which is currently defined as 80 in . > >> > >> (If multiple users could simultaneously run X, I might not ssh as > >much; > >> suggestions welcome there also, if you are in the mood.) > >> > Hi Luke, > Have you tried to reuse ssh connections. > In linux you can use something like this: > ControlMaster auto > ControlPath ~/.ssh/sockets/%r@%h-%p > ControlPersist 600 > > I guess it's still valid for openBSD. Hi. Sorry so late at this, but replying to thank you for your suggestions, Strahil. I finally figured out (again, it has been a while, I just failed to reply) that (I think) I needed to (again?) increase maxproc-cur for the default login class (per id -c), in /etc/login.conf and log back in. I have had to do that again after upgrading to 6.9 and 7.0 also, for several values, but fortunatly the email from sysmerge prompted me in a way. And now I can open as many terminal windows as I want. I also don't ssh as much locally, now that I understand xauth better, thanks to info such as found in Part 8 of: https://www.exoticsilicon.com/jay/reckless_guide_to_openbsd/ ...and very helpful pointers from Crystal Kolipe. All the best, -- Luke Call * Are info sources trustworthy? How do we know? Based on identifying, and observing trustworthy behavior over time, of the original eyewitness, and all reporters in the chain to us? And corroboration by other such? * Happy to discuss, or: http://lukecall.net - Tech, many thots, peace amid commotion, fun. (Cmts/sugg welcome. https later.)
Fwd: Re: man netstart(8) OpenBSD-6.8
>- message from pipus - >Date: Mon, 26 Oct 2020 08:29:41 + >From: pipus >To: Theo de Raadt >Cc: "misc@openbsd.org" >Subject: Re: man netstart(8) OpenBSD-6.8 > >I could explain process class priority configuration until my mind is numb but >in the end without seeing the commands that would actually be used it is >really making your life far harder. I liked Theo's idea of having a "such as (possibly) x, y, and z, but see the actual /etc/netstart script for accurate details", as striking a good balance between being briefly informative with examples, and more accurate over time. On Sunday, 25 October 2020 17:44, Theo de Raadt wrote: > Jason McIntyre j...@kerhand.co.uk wrote: > > > On Sun, Oct 25, 2020 at 10:16:54AM -0600, Theo de Raadt wrote: > > > > > Jason McIntyre j...@kerhand.co.uk wrote: > > > > > > > whereas /etc/netstart is actually doing: > > > > > > > > - configure non-physical: (1) > > > > aggr trunk svlan vlan carp pppoe > > > > > > > > - routing (2) > > > > - rest of non-physical: (3) > > > > tun tap gif etherip gre egre mobileip pflow wg > > > > > > > > > > > > we could try to keep this list up to date, but it may be easier to just > > > > generally describe what netstart is doing. > > > > > > I think we goes wrong by trying to maintain these as lists, and part of > > > where this goes wrong is weak definition of the reasons for the > > > ordering. (Meaning, the developers who tweak netstart to handle the > > > concerns I'm about to describe, don't tend to think about the manual > > > page). > > > The (1) list of non-physical can probably be called "link-layer control > > > interfaces". Or let's find a name for this. These devices mutate the > > > presentation of other devices. That's why their configuration needs to > > > be done before the physical device. > > > (2) The physical device is then brought up, including IP addressing. The > > > things in (1) need to be done beforehands, or the physical device is > > > participating in the wrong layer of network. > > > the (3) list of non-physical devices are layer-2 or layer-3 and operate > > > on devices which are already configured with some some sort of > > > "addressing" configured. > > > It would be nice to have our networking people come up with nice names > > > for group (1) and (2); words which succinctly describe the > > > classification like I've done above. We need to increase understanding > > > of this order, rather than just abstractly listing names of devices with > > > complicated behaviours. > > > Once that is done, I still think it is problematic for us to list all > > > devices in each catagory: > > > a) new subsystems will be forgotten > > > b) the order of instantiation will sometimes be listed wrong -- for some > > > of these the order is highly significant. > > > We can try to list as many as possible, but people who want the precise > > > list (and order) should look in the netstart code. The lists will get > > > long and wrong. If we find we cannot maintain the lists correctly > > > because it is duplicated information, man page wording like "such as" > > > could be used, also something which leads people to consider the script > > > source as authoritative, ie. have them go read the script > > > > ok, here is a start. > > i have left the description as "non-physical", because i think that is > > clear. we could easily amend it. ifconfig.8 create talks about "network > > pseudo-devices" - that could be a possibility. > > You've deleted all the interface names, so now there are no examples. > I disagree strongly. That creates a hurdle and people won't learn how > our network pieces are configured into a multi-layer stack. Luke Call "...I, the Lord, justify you...in befriending that law which is the constitutional law of the land Wherefore, when the wicked rule the people mourn. Wherefore, honest men and wise men should be sought for diligently, and good men and wise men ye should observe to uphold; ...whatsoever is less than these cometh of evil." (Doctrine & Covenants 98:6,9-10. >From 1833, when I think "men" often meant "persons". More at my site: >lukecall.net .) I think *honesty*, the Constitution and the rule of law (as opposed to of individuals), are far more important, relatively, than most or all policy issues, even important ones.
Re: multiple simultaneous X sessions?
On 08-25 01:55, Eldritch wrote: > > Rather, I'm looking for a full separation between the users, > > nothing shared but the obsd kernel and hardware, and no more overhead for > > each one than X normally has, since each user is just running > > flat normal X, but fully and independently of the other X user. Am I > > mistaken in how I understand Xnest and Xephyr? > > It's possible to run multiple X servers. As far as I know all you would > have to do is add another line to /etc/X11/xenodm/Xservers and edit > /etc/ttys to not launch a tty on the console window you selected. > > Altough you don't really need multiple X servers for privilege > separation. ssh and vnc open an untrusted connection to the X server, > which you can do manually with xauth. > > I managed to get Firefox running as an untrusted client with the > following snippet in /etc/X11/xenodm/Xsetup_0: > > user=_firefox > auth=/home/$user/.Xauthority > umask 077 > xauth -f $auth generate :0 . untrusted timeout 0 > chown $user:$user $auth > chmod 0600 $auth > > And then starting it as the unprivileged _firefox user. Thank you! I need to spend some time trying your suggestions, including getting my mind around xauth usage, then testing it with things like xinput or xev, to make sure that, like with "ssh -X...", it prevents any user from getting keystrokes sent to apps which run as other users (though I realize ssh -X doesn't hide mouse events or prevent clipboard sharing, or some such IIRC), and that the total attack surface isn't much larger, etc. -- Luke Call "...I, the Lord, justify you...in befriending that law which is the constitutional law of the land Wherefore, when the wicked rule the people mourn. Wherefore, honest men and wise men should be sought for diligently, and good men and wise men ye should observe to uphold; ...whatsoever is less than these cometh of evil." (Doctrine & Covenants 98:6,9-10. >From 1833, when I think "men" often meant "persons". More at my site: >lukecall.net .) I think *honesty*, the Constitution and the rule of law (as opposed to of individuals), are far more important, relatively, than most or all policy issues, even important ones.
Re: multiple simultaneous X sessions?
On 08-24 12:38, Gleydson Soares wrote: > On Mon, Aug 24, 2020 at 09:24:35AM -0600, Luke A. Call wrote: > > What would it take for me to run more than one simultanous X session, each > > as a different user? -- I tried once a few years ago, searching, reading > > man pages, and chasing error messages, and failed at the time. > > Is it known whether it is reasonably possible with the current code? > > (This is so I can take advantage of the privilege separation > > provided by the OS, while doing different activities and programs > > programs with different informal trust levels, as separate > > users, but without the cpu overhead of using "ssh -[X|Y] ...". This was > > my normal practice in my Debian days, switching among them with > > Ctrl-Alt-FN.) > Maybe you are looking for a nested X11 via Xephyr. > See this script as example [1] > [1] https://github.com/gleydsonsoares/xdroprun And on 8-24 16:01:43, James Cook wrote: > I don't know if it's possible to do exactly what you want, but as an > > alternative, maybe you could get a similar effect using Xnest or vnc. Thanks to both for those suggestions. I've used vnc, and looked only briefly at Xnest and Xephr, but it seems they mean having code running as both users at the same time, in one X session, in other words, one user running X, and another running apps inside that same X+plus+stuff). Rather, I'm looking for a full separation between the users, nothing shared but the obsd kernel and hardware, and no more overhead for each one than X normally has, since each user is just running flat normal X, but fully and independently of the other X user. Am I mistaken in how I understand Xnest and Xephyr? (This is not in any way a complaint or criticism, just a question. I like obsd for considered reasons. :) Thanks again, Luke Call
Re: FreeBSD daemon(8)-like command for OpenBSD
The list might not like this but: Under your circumstances, I would collect the various ideas in this thread (including scripting possibly with nohup and/or bash's disown), the "pgrep || " idea somebody wrote, and whatever else is useful from the thread, and just make it work with careful testing of different failure scenarios. I found that when writing a cron job I had to test very carefully if different things failed about it, before I actually got it right. Logs can be done with things like > somefile.log 2>&1 ...or variations, and if you then check it occasionally to see that it is working, learn, move on, things can probably work out. Then if it is ever rewritten in a way that allows doing the things Ingo suggests, use his suggestions. In the meantime, isolate it well to prevent security breaches from affecting other things (ie, considering what could be affected if/when it is compromised, make sure those other things are minimized). Sometimes the cost/benefit realities (or employers) force choices upon us. -- Please pray for our country(ies) and leaders, at this important time. More on this and other topics (a simple site w/o sales): http://lukecall.net (updated 2020-01-23) On 01-30 21:05, Patrick Kristiansen wrote: > Hi Ingo, > > On Thu, Jan 30, 2020, at 18:35, Ingo Schwarze wrote: > > Hi Patrick, > > > > Patrick Kristiansen wrote on Tue, Jan 28, 2020 at 09:29:20AM +0100: > > > > > But another use for daemon(8) is for its ability to detach the child > > > process from the controlling terminal and furthermore redirect its > > > stdout/stderr to syslog. Is there some mechanism to do that from the > > > shell? Perhaps a combination of nohup and starting a background job? > > > > That doesn't strike me as a particularly bright idea either. > > > > Properly starting up a daemon process requires several steps, often > > involving unveil(2), pledge(2), chroot(2), prviledge dropping, > > sometimes fork+exec for privilege separation, and so on. Typically, > > these steps need to be intermixed in exactly the right order with > > option parsing, environment parsing, parsing of configuration files > > and various kinds of initialization. > > The process I need to run is written in Clojure and thus runs on the > Java Virtual Machine. Do you have any suggestions on how to best go > about making it "daemon-like"? I am not sure that I can call unveil(2), > pledge(2) and chroot(2) from Clojure without some strange sorcery. I > read in some blog post, that the way to detach from the controlling > terminal is by closing stdin, stdout and stderr, which I admittedly > haven't tried. > > > Writing wrappers usually just doesn't work, and it seems doubtful to > > me whether daemon(8) is up to what is usually needed. > > If I were writing my program in C, I could fairly easily call daemon(3), > I guess, but I am not. I am starting to think that tmux(1) would be the > easiest way to go about it on OpenBSD... but it feels wrong. > > Best regards, > Patrick >
Re: What is you motivational to use OpenBSD
For what it may be worth, I found xfce very usable and clean, even for someone used to Windows 7 (my wife and some others required very little or no help, as far as the GUI goes anyway). More recently, I took the time to learn about tmux and fvwm and to customize their configs to my tastes, which I haven't regretted (and I now prefer since they are part of base). -- Luke Call Things I want to say to many (a lightly-loading site): http://lukecall.net (updated 2019-08-27) On 09-01 12:18, Strahil Nikolov wrote: > I'm a "linux guy" who wants a little bit more security... > I'm still learning openBSD, but I like the project's idea to build software > with security in mind.Also, PF seems pretty good and I'm willing to learn it > and if possible to deploy a CARP-ed cluster. > > Sadly, I am still hesitant to try the gui... yet, there are a lot of stuff > this BSD can be used for - from a firewall/router to a full blown Laptop > distro. > > And Of course, I love the documentation. > > Best Regards, > Strahil Nikolov > > > > > >I first started using it around version 4.3. I was trying BSD's after > >using Linux for a bit, and tried FreeBSD first. > > > >But OpenBSD was the only one that supported my laptop's WiFi card. And > >getting everything running was much less of a hassle. > > > >It's the best BSD for getting a fine workstation up quickly. > > > >My Thinkpad T60 running OpenBSD got me through college just fine. > > > >It's the first operating system that I was able to do lots of cool > >sysadmin stuff because of how simple it is. > > > >And also the first operating system I found that was easier to find > >answers in the manual, and not through Google. > > > >Also the OS that inspired me to learn C programming. > > > >OpenBSD is the best BSD, and getting better every release. >
Re: Evernote Alternative?
On 06-27 23:32, Chris Humphries wrote: > I keep a lot of my brain in Evernote, and having a replacement is a > big productivity boost for me. I mainly want a way to categorize notes > into categories/labels/notebooks, be able to view all notes in that > category/label/notebook, and be able to search all notes. > [] > Have you made a transition from Evernote/Onenote before? If so, what > did you do? Some people *really* love emacs org-mode, or there is a new GNU (FSF?) product whose name escapes me at the moment but which sounded good (saw it recently on hacker news I think). I wrote and heavily use the (AGPL) product at http://onemodel.org, which I hope to move to Rust and become again more active in adding features. I use it every day and have extensive notes organized in various ways and for meat least, it is the best thing there is. It is all keyboard-based, works in a terminal, has search, exports data to html and outline documents, has a ~"journal" feature (reporting activity by date), has a very basic security model, is very physically efficient and I hope easy to learn (basically everything is on the screen if you read it carefully), and it requires you to install postgres (has detailed instructions, could move to sqlite someday...on the list...), and has no mobile support. I keep in it *everything* write down, from daily routine to calendar/ticklers, notes, and I hope to add anki-like (i.e., smart flashcards) features for study notes in the future. The web site has much more info, including some FAQs with mentions of other products like a to-do list manager that I think is available on OBSD (taskwarrior?), and there is a very low-volume mailing list for questions. The best code is in github (with a few more enhancements on my machine), but there is also a .jar you can download (again, I hope to move it to Rust as a priority). (Currently, when I need to access some of it on a mobile device, I export it and post it as temporary files and view it over .html, though other things would obviously be better in the future I hope.) -- Luke Call Things I want to say to many (a lightly-loading site): http://lukecall.net (updated 2019-06-21)
Re: can't start X in 6.4
On 10-27 13:35, Theo de Raadt wrote: > Switch to using xenodm for startup. That worked; thanks *very* much. (I am guessing that xenodm handles some things well, that could be configured correctly with more difficulty using still-supported startx and related utilities. Feel free to ignore, point, or enlighten.)
Re: new kind of info organizer, on OpenBSD: OneModel
On 01/28/16 02:41, Craig Skinner wrote: > Have a dig about /usr/ports/productivity/ > > I use taskwarrior, which has tasksh. Thanks for the tip. Maybe I'm presenting OneModel in the wrong way. Its vision is much bigger than task management, but I'm not sure how to best make that clear to the right audience. *The vision is this: mankind's knowledge is not well-organized as a whole. I want to see us to fix that, so I have created a plan* which has seemed worth trying, that goes something like this: 1) Create a simple tool for a knowledge base, that uses the necessary principles of organizing atomic *knowledge as an object model* (not mere todos, or predefined anything, or even very-efficient piles of text), and use it as my own organizer [DONE FOR NOW] 2) Pitch it as a GTD thing, since it can also do that, to the kind of people who use org-mode (or taskwarrior), to get some traction and build a community [JUST INITIATING THIS, THOUGH OTHER PRODUCTS ARE MORE MATURE FOR THIS NARROW PART OF THE WHOLE PURPOSE.] 3) Take it to the next levels of broad computable knowledge-related collaboration which include: 3a) cloud support 3b) allow easily attaching code to classes of these structured entities (or nodes in the graph) for computation and custom extensions of the base product: adds very powerful capabilities. I can largely see the code & implementation for this, just need time/bandwidth (money). 3c) sharing OM data (or knowledge) including custom code across instances: letting one OM instance subscribe to changes, link to, or copy things from another model. Making it so easy that people start sharing data between their instances (sort of like gopher + evernote + wikipedia, only computable & more powerful & flexible, and Free, under individual or group control). This requires some work that also seems very exciting to do. Remember these are models of knowledge, like wiki content in a *computable* graph database, but without the limitations of using human language as the primary structure for data on which to do computation. This will take work and time. So to fund dev time on it there's the possibility of selling binaries, or re-sell amazon db storage facilities, or other Free-software business models as discussed elsewhere. But this works most easily if it can be compelling enough in its current form, to build a community of devs and/or users around the Free code and compete with existing tools that have many devs and time in them already. I think OM could be great for some users, but... H. 4) Other work like user friendliness for non-nerds, mobile, make it known to a much wider audience, etc. So a current hurdle seems to be to build a community or validation base, for the vision, who can use the current feature set, while the hopefully more broadly impactful stuff gets developed. Thanks again for your earlier comment! The invitation for feedback, suggestions, or to read more about OM & its vision (like what I mean by "computable"), try it out, & participate on http://onemodel.org site mailing lists also remains. :) Best regards, Luke
new kind of info organizer, on OpenBSD: OneModel
Short version: I have carefully tested OpenBSD installation instructions for an extremely flexible personal organizer program. It does things differently, is text-mode/keyboard only (for now), doesn't require X, and is very efficient to use. It doesn't have pretty knobs and buttons but is very good at what it does. Details on what it is now, what it is not, and plans for future are at http://onemodel.org, especially under the About link and sublinks. Detailed version: If you've ever used emacs org-mode, to-do list programs or the like, this might be of interest. It is Free. It flexibly, easily treats knowledge as data in an object network, instead of just as piles of words, and is physically very efficient to navigate and use (keyboard only). I've tested carefully and used it for some months on OpenBSD. I think it could be useful to some here. It is the best personal organizer I have ever used: I wrote it to suit myself (& hopefully others: that's what I'm trying to find out). It is oriented to those who like the keyboard & can read the screen, and who want to record notes and manipulate them *fast*, in simple or arbitrarily complex structures: basically I try to break knowledge down to an atomic level-- relationships and attributes, aka an object model--as a side effect of simply using the system. Everything one needs to know (or nearly so) is shown on the screen, and ... I hope some of you love it. There's a free .jar file download, or source code and complete instructions at github. The source is AGPL (no offense I hope; I want any mods to come back, for all the work I've put in). I didn't want to package it (put it into ports) yet, until I can see if reaction and interest warrant that More descriptive info & screen shots are at http://www.onemodel.org . Look under "About", "what it is today", "future", through to the FAQs if you're really interested in the thinking behind it. Feedback (or flames?) welcome: this is a learning process and I hope to make it as useful to others as I can. I invite discussion at the OneModel.org mailing lists (under the Community link) to avoid the topic becoming annoying on this list. Best regards, Luke A. Call -- A Free, fast personal organizer for touch typists: if you ever liked to-do list programs, collapsible outlines, or emacs org-mode, you might love this: http://www.onemodel.org (no mobile support yet). Things I'd like to say to more people: (updated 2016-1-9) http://www.onemodel.org/1/e-9223372036854618449.html .