Re: Syspatch failed

2021-11-26 Thread Fabio Martins
On 2021-11-26 13:37, Goetz Schultz wrote: Hello list, I found the issue and have rectified it. All working again. Thanks and regards Goetz R Schultz >8 Quis custodiet ipsos custodes? /"\ \ / ASCII Ribbon Campaign X against HTML e-mail / \

Re: pkg_add with certificate pinning

2021-11-19 Thread Fabio Martins
On 2021-11-19 08:12, Stuart Henderson wrote: On 2021-11-19, Fabio Martins wrote: Sorry if it is a bit off-topic. After reading an article about rogue CA's: https://www.theregister.com/2021/11/19/web_trust_certificates/ I wonder if there is any advantage of using certificate pinning

Re: pkg_add with certificate pinning

2021-11-19 Thread Fabio Martins
On 2021-11-19 06:57, Yifei Zhan wrote: On 21/11/19 06:26AM, Fabio Martins wrote: Sorry if it is a bit off-topic. After reading an article about rogue CA's: https://www.theregister.com/2021/11/19/web_trust_certificates/ I wonder if there is any advantage of using certificate pinning

pkg_add with certificate pinning

2021-11-19 Thread Fabio Martins
Sorry if it is a bit off-topic. After reading an article about rogue CA's: https://www.theregister.com/2021/11/19/web_trust_certificates/ I wonder if there is any advantage of using certificate pinning in the process of pkg_add / sysupgrade / pkg_* while updating OpenBSD packages. -- Fabio

Re: sysupgrade fails due to "CHECK AND RESET DATE" ?

2021-11-12 Thread Fabio Martins
unting root filesystem (mount -o ro /dev/sd0a /mnt)... OK. Force checking of clean non-root filesystems? [no] no umount: /mnt: Device busy Can't umount sd0a! cp: /mnt/var/log/ai.log.27965: Read-only file system chmod: /mnt/var/log/ai.log.27965: No such file or directory /autoinstall: cannot create /mnt/etc/rc.firsttime: Read-only files ystem -- So I upgraded manually with an USB stick. Turns out that the hard drive had a few bad sectors who couldn't be read properly. -- Fabio Martins

Re: Some Thoughts on resolv.conf.tail Deprecation

2021-11-11 Thread Fabio Martins
My solution for an static resolv.conf for a long time has been: chattr +i /etc/resolv.conf .. and now disable resovld, of course. If folks use another solution, would be glad to know. -- Fabio Martins On 2021-11-11 17:28, Zé Loff wrote: On Thu, Nov 11, 2021 at 05:36:07PM +, beebeet

Odd wget --timeout behaviour

2021-02-18 Thread Fabio Martins
/ip.php real hardware: OpenBSD laptop.my.domain 6.8 GENERIC.MP#4 amd64 laptop$ time wget --timeout=5 -q -O - https://www.bitstreet.com.br/ip.php 2m25.46s real 0m00.03s user 0m00.03s system --- -- Fabio Martins GPG: 0xCC59C123 Fingerprint: D06E 24DE 2A72 1BB3 A1A0 C790 E51E 33C4 CC59

Re: ACME client doesn't renew certificate (6.9-beta)

2021-02-16 Thread Fabio Martins
efox I get a warnung because: > > Let's Encrypt > Validity > Not Before 11/1/2020, 9:25:02 PM (Eastern European Standard Time) > Not After 1/30/2021, 9:25:02 PM (Eastern European Standard Time) > > Thank you > Did you restarted httpd? Can you post your acme-client.conf? I usually run like this: # acme-client -f /etc/acme-client.conf MYDOMAIN.com.br Fabio Martins

Re: sysupgrade failure logs

2021-02-16 Thread Fabio Martins
oviders/VPS resellers adoption/offering for instance. Fabio Martins

Re: sysupgrade failure logs

2021-02-16 Thread Fabio Martins
On Mon, February 15, 2021 11:14 am, Ed Ahlsen-Girard wrote: > I am confident that I can speak for for ... a non-zero number of > people who use sysupgrade the way it says to on the box and would miss > it if it went away. > +1 . Its simple to use, stable, convenient, luckly will bring more

Re: pkg_add and an authenticating proxy

2021-02-11 Thread Fabio Martins
t; Thanks alot so far. > > Best regards, > Stephan > > -- Fabio Martins PHOSPHORUS NETWORKS https://phosphorusnetworks.com/

Re: Any plans to support newer Loongson-based systems?

2020-05-12 Thread Fabio Martins
wth, but got no luck. main point of contact inside Loongson, at least for for alpine Linux port, is this one: maybe some others can help: www.loongson.cn be safe. -- Fabio Martins > According to https://www.openbsd.org/loongson.html only some old > Loongson-based systems are sup

Re: chattr on OpenBSD???

2020-04-20 Thread Fabio Martins
ss you are using one of the Linux ext* file systems on >> OpenBSD. For native OpenBSD file systems you can use the BSD >> chflags(8) command. >> >> - todd >> >> > > At least lsattr shows flags set by chflags. > > -- > Henri Järvinen > > -- Fabio Martins

Re: pf-badhost-0.3 released

2020-03-11 Thread Fabio Martins
Hi Jordan, Thanks for the good work. Great solution to replace third-party adblockers addons in browsers. Blocked 100% ads in my tests. Regards, -- Fabio Martins > Hey folks, > > Last time I posted about this, I got a fair bit of interest and I've had > quite a few downloads a

Re: Full disk encryption including /boot, excluding bootloader?

2020-02-17 Thread Fabio Martins
t; This way the evil maid would have nothing to tamper with. They still would have plenty of firmware to target/infect, usually under 3 minutes with a screwdriver and dedicated hardware. If going this path, buy a safe and lock the computer while away from it. -Fabio Martins

Re: Replace PF rule + inetd Proxy with 2 PF rules

2020-02-17 Thread Fabio Martins
Nick, Indeed Working. Thanks. >> >> May be a dumb question, but do you have net.inet.ip.forwarding=1 set? >> > > Neither can I believe had forgotten it, but I think you nailed it. > Will test monday and let know. > > Thanks in advance. > > -fm > >> >> tcpdump of a successful test connection:

Re: Replace PF rule + inetd Proxy with 2 PF rules

2020-02-15 Thread Fabio Martins
> > May be a dumb question, but do you have net.inet.ip.forwarding=1 set? > Neither can I believe had forgotten it, but I think you nailed it. Will test monday and let know. Thanks in advance. -fm > > tcpdump of a successful test connection: > c.c.c.c = remote test client on internet > r.r.r.r

Re: Replace PF rule + inetd Proxy with 2 PF rules

2020-02-14 Thread Fabio Martins
r_open tag n_traffic #block all to start block all pass quick tagged RDR pass quick tagged n_traffic pass out on $ext_if > > > On 2/14/2020 6:30 AM, Fabio Martins wrote: >> Hi Nick, >> >> Thanks. I applied both rules below, unfortunately I am still only >> hittin

Re: Replace PF rule + inetd Proxy with 2 PF rules

2020-02-14 Thread Fabio Martins
00.200.200 port #2 match out on $ext_if proto tcp to 200.200.200.200 port received-on \ $ext_if nat-to ($ext_if) -- Fabio Martins > Hi Fabio, > > I believe this will do what you want, seemed to work in quick testing > here, adjust to suit your environment. > > > mat

Replace PF rule + inetd Proxy with 2 PF rules

2020-02-13 Thread Fabio Martins
s out on $int_if proto tcp to $server port 80 received-on $int_if nat-to $int_if Without success. Thanks! -- Fabio Martins

Re: Advices on AD implementation with OpenBSD

2020-01-05 Thread Fabio Martins
tr. After that, see what the core dump is about. If I found out, future discussion @ports Thanks. -- Fabio Martins http://www.nabundapode.com.br/ > Hello! > > fm+obsd+misc+l...@phosphorusnetworks.com (Fabio Martins), 2019.12.26 (Thu) > 20:26 (CET): >> I am drawing a scena

Advices on AD implementation with OpenBSD

2019-12-26 Thread Fabio Martins
on logins, and no GPO are needed at all. Is it possible with the current samba+winbind? Anyone has done it before? Thanks for 6.6! -- Fabio Martins http://www.nabundapode.com.br/

Re: Moving a system disk from one server to another

2018-07-25 Thread Fabio Martins
I would go for: #pkg_info -a # @ old machine clean install on new machine #pkg_add (with list from old machine) #rsync # (config files + home directories + /var/) cheers. -- Fabio Martins PHOSPHORUS NETWORKS https://phosphorusnetworks.com/en/ > Hello al, > > Ju