Re: A branded USB stick as an alternative to the CD set?

[J Sisson]

Software development.  :D

More importantly, what can users do to make it easier for developers to
write code? That is the important question to ask when a thought like this
comes up.  Is it more efficient of developer time for me to purchase my own
usb stick and deal with it myself, or request developers offer a usb
alternative?
On Nov 30, 2015 12:17 PM, "Theo de Raadt"  wrote:

> > I would buy an official release on USB or preferably sd card, if it
> > was on offer.  Presumably the production costs would be less as well.
>
>  ^
>
> How do you figure that?
>
> We put everything on the internet.  Thousands upon thousands upon
> thousands of downloads happen, and the more convenient it becomes the
> fewer sales occur.  That is the nature of the situation.  USB devices
> will be the same, except you cannot farm out "writing them" to just
> anyone.
>
> Production costs are not the problem.  The problem is that there
> is ZERO RETURN on the effort taken.
>
> I thank the crowd for once again suggesting we (me? people I know?)
> should spend time on doing something which a very small handful of
> people want.
>
> I was going to work on some source code today, but I'll get right on
> this task, pricing out USB sticks and trying to find a way to make
> this work.  /sarc
>
> > (And also..  not liking to complain, but the last two CD releases
> > have had irritating bugs in them.  Disc 2 of 5.7 was fubar, and had to
> > be replaced, and the source tree on 5.8 wasn't correct either.  At
> > least on flash memory, problems could be cheaply and easily corrected
> > at the last minute ;-) )
>
> So you have a solution already.  But still, I should invest my time
> at finding a good USB stick, oh it should have a write protect switch
> that actually works, oh we need to use epoxy to glue it, oh and people
> who will write each of them, and god help us if the usb sticks are bad
> and have `irritating bugs'.  Come on people.  What do you want us to do?
>
> Product manufacture, or software development?
>
> Make up your mind.

Re: OT: Exists some problem with dnscrypt-proxy package?

[J Sisson]

With dnscrypt-proxy running, can you resolve hostnames?

dig @127.0.0.1 -p 4553 somehostname.com

If you can, do you have "do-not-query-localhost" set to "no" in your
unbound configuration?

On Sun, Sep 20, 2015 at 10:04 AM, C.L. Martinez 
wrote:

> Hi all,
>
>  I have installed an openbsd 5.7 VM today to do some tests with pf rules.
> One of the components to I need to enable in this gateway is
> unbound+dnscrypt-proxy.
>
>  I have configured forwarding in unbound.conf:
>
>  forward-zone:
> name: "."
> forward-addr: 127.0.0.1@4553
>
>  And I have started dnscypt-proxy with the following arguments:
>
> -d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>
>  Output:
>
> 32032 ??  Is  0:00.00 /usr/sbin/ftp-proxy -m 25
> 32411 ??  Is  0:00.00 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  5667 ??  I   0:00.03 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  1256 ??  Is  0:00.00 /usr/sbin/cron
> 17818 ??  Ss  0:00.12 sshd: root@ttyp0 (sshd)
>   527 ??  Is  0:00.05 unbound -c /var/unbound/etc/unbound.conf
> 30164 p0  Ss  0:00.02 -ksh (ksh)
>  7382 p0  R+  0:00.00 ps -xa
> 16881 C0  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC0
>  3047 C1  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC1
>
>  And it doesn't works. But if I change unbound's forward section to:
>
> forward-zone:
> name: "."
> #forward-addr: 127.0.0.1@4553
> forward-addr: 8.8.8.8
>
>  Works ok. Removing all forward seciton, unbound works ok also. Then, I am
> doing something wrong but I don't know which.
>
>  Any idea??
>
>  Thanks.
>
>


-- 
"BSD is what happens when Unix programmers port Unix to the x86.
Linux is what happens when x86 programmers write a Unix-like.
Windows is what happens when x86 programmers run all of their
programming textbooks through a blender, eat the ground up
remains of the text, and then code up what they can read in the
toilet 3 days later."

Re: best armv7 device for fw

[J Sisson]

On Apr 13, 2015 6:49 AM, Scarlett scarlett@entering.space wrote:

 On 13/04/2015 12:25, 14hza0+dyfkiq2k2l...@guerrillamail.com wrote:

 Howdy misc,

 Wondering if anyone has any advice for a OpenBSD armv7 device that has.

 2 gb nic (1 could be ok)
 builtin wifi

 With working networking + storage etc.

 / J





 
 Sent using GuerrillaMail.com
 Block or report abuse:
https://www.guerrillamail.com/abuse/?a=TEhnBi0PU7Ebih2wvnENdQ%3D%3D


 The PandaBoard has built-in wifi, but the ethernet is 10/100 and
singular. Same with the Cubieboard.

 Some models of the Wandboard seem to meet your requirements (besides
having one ethernet port).

 Likewise with the Nitrogen6X and SABRE Lite (though afaik the SABRE has
no wifi). They're expensive. You can get an amd64 PC Engines APU with three
gigabit ports and a mSATA SSD for less.

 However, even if it's there, I don't know if the built-in wifi of any
armv7 device will work properly on OpenBSD, especially as an AP or with
11a. I don't own one with wifi, and it's not mentioned on the port's page.
Some USB NICs (wired and wireless) are supported and can be used with imx
or panda boards. See usb(4) for a list.

 This brings me to my question.

 Why does the firewall need to be an armv7 device? I've played with the
armv7 port extensively and don't think it's useful for anyone who is not
interested in hacking on the platform.


If the banana pi r1 were fully supported, it would be a reasonably priced
candidate, but that still begs the question of why it has to be armv7.
There are a lot of low cost low power amd64 boards on the market and if you
run stable and have an existing build infrastructure (like I do), you can
build considerably faster on a big amd64 box and roll out updates quicker
(compared to building on, say, a beaglebone black).

Re: Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=` in rc.conf.local?

[J Sisson]

On Wed, Jan 28, 2015 at 4:05 PM,  openda...@hushmail.com wrote:
 Indeed, `daemon_flags=YES` wouldn't make any sense at all. What I'd like to 
 see is:

 ntpd_enable=YES
 ntpd_flags=-s

 Considering we're talking about two different things here (one for enabling 
 it and one for configuring it), one could argue that this would be more in 
 line with the core Unix philosophy (1) of doing one thing and doing it well.


This is one of those cat $file | grep $pattern arguments.  Sure, you
can split it out, but if it can be done with grep $pattern $file,
why bother?


 Thanks.

 O.D.

 (1) http://en.wikipedia.org/wiki/Unix_philosophy


On Wed, Jan 28, 2015 at 5:33 PM,  openda...@hushmail.com wrote:
 Hello,

 On 28. januar 2015 at 11:02 PM, Ingo Schwarze
schwa...@usta.de wrote:

When you do need flags, it needs only one variable instead of
two,
which means less complexity.

 Due to OpenBSD's excellent convention over configuration (1),
most people don't need flags.

 Your argument that the current scheme leads to less complexity
is nonsensical at best. Less characters maybe, but are we really
joining together two different variables (startup and
configuration) for the sake of saving space?

 Like Einstein said, things should be as simple as possible, but
not any simpler. `daemon_flags` carries absolutely no indication
of whether this daemon is to be enabled or not. Like my teacher
used to say, good design should, where possible, make immediate
sense to the user (2). In the case of `rc.conf.local`, this is
possible by splitting the current variable into
`daemon_enable=YES` and `daemon_flags=` respectively.

 As for `pkg_scripts`, I'm also a fan of the way FreeBSD handles
this by letting you specify `pkg_enable=YES` directly in order
to keep things consistent.

 Having said that, this is pretty much where my admiration of
FreeBSD ends :-)

 Many thanks!

 O.D.

 (1) https://en.wikipedia.org/wiki/Convention_over_configuration
 (2) http://www.amazon.com/Dont-Make-Think-Revisited-
Usability/dp/0321965515




--
James R. Miller




-- 
BSD is what happens when Unix programmers port Unix to the x86.
Linux is what happens when x86 programmers write a Unix-like.
Windows is what happens when x86 programmers run all of their
programming textbooks through a blender, eat the ground up
remains of the text, and then code up what they can read in the
toilet 3 days later.

Re: openhttpd

[J Sisson]

OpenHTTPD is under active development and not part of the OpenBSD Project.

I could be mistaken, but it would seem this is the wrong list?

On Sat, Dec 20, 2014 at 6:33 PM, Edgar Pettijohn pettijo...@hotmail.com wrote:
 Is there a mailing list for openhttpd?  Also all the links on openhttpd.net 
 are broken.

 thanks




-- 
BSD is what happens when Unix programmers port Unix to the x86.
Linux is what happens when x86 programmers write a Unix-like.
Windows is what happens when x86 programmers run all of their
programming textbooks through a blender, eat the ground up
remains of the text, and then code up what they can read in the
toilet 3 days later.

Re: Shadow TCP stacks

[J Sisson]

On Fri, Oct 17, 2014 at 9:13 AM, Ian Grant ian.a.n.gr...@googlemail.com wrote:
 On Fri, Oct 17, 2014 at 4:24 AM, Bret Lambert bret.lamb...@gmail.com wrote:
 On Thu, Oct 16, 2014 at 02:48:22PM +0200, Martin Schr??der wrote:
 2014-10-16 13:16 GMT+02:00 Kevin Chadwick ma1l1i...@yahoo.co.uk:
 The impossibility to scan for services - which the NSA/GHCQ/... do.

 It's a good thing that traffic analysis isn't a thing, then. Otherwise
 they'd be able to check if traffic purporting to go to port 80/443
 doesn't look like HTTP traffic, or something.

 They don't have any clue which traffic to analyze though, so this
 traffic is a needle in a haystack. Also, the VPN could be tunneled
 over HTTP if necessary.

 Ian


Right.  Because the NSA/GHCQ don't have the resources to accomplish
such a goal.

Re: openbsdstore: enable javascript and buy something or gtfo

[J Sisson]

On Fri, Oct 3, 2014 at 9:53 AM, ludovic coues cou...@gmail.com wrote:
 2014-10-03 16:09 GMT+02:00  david...@ling.ohio-state.edu:
 In my browser of choice, configured sensibly, this is all that can be
 seen at openbsdstore.com and openbsdeurope.com:

 | The OpenBSD Store

 | If you have JavaScript disabled you will not be able to order from
 | this site...


 I'm curious, how did you get this message ?

 --

 Cordialement, Coues Ludovic
 +336 148 743 42


$ curl openbsdstore.com
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 /
titleThe OpenBSD Store/title
/head

bodyscript!--
window.location=https://www.openbsdstore.com/cgi-bin/live/ecommerce.pl?site=shop_openbsdeurope_comstate=department;;
--/script

noscript
If you have JavaScript disabled you will not be able to order from this site...
/noscript
/body
/html

Re: openbsdstore: enable javascript and buy something or gtfo

[J Sisson]

On Fri, Oct 3, 2014 at 12:01 PM, Matti Karnaattu mkarnaa...@gmail.com wrote:

 No, you choosed that web page to visit.

http://www.w3schools.com/xml/xml_http.asp

If the javascript contains an XMLHTTPRequest object, it can call out
to a different server (than the one you are visiting) without your
explicit knowledge, download content, and do basically whatever the
user the browser is running as can do, barring browser sandboxing,
etc...and that's not the only way javascript can be used maliciously,
as has been pointed out by others.

There is good reason not to explicitly trust javascript or any other
browser plugin that allow the remote site to execute code on your
machine.

Granted, it doesn't necessarily take javascript:

http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/

Re: Question regarding hearbleed patch (002) for OpenBSD 5.5...

[J Sisson]

On Thu, May 8, 2014 at 9:03 PM, staticsafe m...@staticsafe.ca wrote:
 man ldd
 http://www.openbsd.org/cgi-bin/man.cgi?query=lddsektion=1

ldd won't help with statically linked binaries.

# gcc -o dynamic_test test.c
# ldd dynamic_test
dynamic_test:
StartEnd  Type Open Ref GrpRef Name
8000 00021000 exe  10   0  dynamic_test
40ebe000 40fad000 rlib 01   0  /usr/lib/libc.so.73.1
42a7d000 42a7d000 rtld 01   0  /usr/libexec/ld.so

# gcc -o static_test --static test.c
# ldd static_test
ldd: static_test: not a dynamic executable


-- 
Computers are like air conditioners...
They quit working when you open Windows.

EdgeRouter 8 port model

[J Sisson]

I have some questions regarding the EdgeRouter 8 port (not the POE or
PRO, and obviously not the LITE model, as it's already supported).

I was curious if the relevant developers have had a chance to get
their hands on one of these, and if so, how similar are they to the
EdgeRouter LITE?  I know manufacturers using the same names for
devices in no way implies the devices are internally similar, so I was
curious.

-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: OpenBSD packages extremely outdated?

[J Sisson]

OpenBSD ports build the base packages that are used to install, so saying
packages are out of date, but ports are not is nonsense, and more likely
due to running RELEASE (which doesn't get version updates backported to
it).  If you run CURRENT, the packages there are the latest that ports have
been updated to (chromium 32, for example, is available in CURRENT, but on
my STABLE laptop (RELEASE + security backports) lists chromium 28).

It helps to know the software at least on a big picture view before you
criticize it.


On Sat, Feb 8, 2014 at 1:17 PM, openda...@hushmail.com wrote:

 Hello,

 Are OpenBSD's packages extremely outdated? What would you say to this
 guy?

 At least with Linux I don't have to wait 6 hours for all my software
 to finish compiling. Think about all the trees that are unnecessarily
 cut down because of all that compiling. [...snip...] OpenBSD only has
 a small number of precompiled packages, and usually extremely
 outdated. If you want to get anything useful you have to compile
 ports.

  https://news.ycombinator.com/item?id=7196494

 Thanks!

 O.D.




-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: Question about caching system

[J Sisson]

On Tue, Jun 25, 2013 at 2:42 AM, Philip Guenther guent...@gmail.com wrote:

 First of all, a plain cache is a *poor* means of increasing
 availability, as it provides no guarantees.


nscd does an awesome job of increasing the non-availability of user info =)

I mean, it comes with an automatic service restart option...yes a CACHE
that restarts itself to avoid hangs.

Epic.  Fail.

ttyV0 on sparc64 without vcc(4)?

[J Sisson]

I was reading:

http://www.openbsd.org/papers/eurobsdcon2011-kettenis.pdf

and noted the section about vcc.  I read the vcc man page, and saw FILES
/dev/ttyV[0-9a-zA-Z].  Looking at an Ultra5, I noted that ttyV0 existed
(fresh install of latest snapshot + build of -CURRENT checked out
yesterday).  I realize the Ultra5 (400 MHz UltraSparc IIi) is not a
T1/2...but I couldn't resist running the following to see what it would do
(non production machine, so if it breaks anything no worries):

cu -l ttyV0

It immediately panic'd the machine.  I grabbed trace/ps from the panic
(dmesg at bottom):

# cu -l ttyV0
panic: kernel data fault: pc=150db04 addr=0
kdb breakpoint at 146d380
Stopped at  Debugger+0x4:   nop
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb trace
data_access_fault(40008dfd600, 30, 150db04, 0, 0, 800809) at
data_access_fault+
0x294
trapbase_sun4v(0, 0, 0, 0, 0, 40008dfdc70) at trapbase_sun4v+0x8790
VOP_UNLOCK(7f00, 7, 2000, 40004899d40, 40004882805, 20c044) at
VOP_UNLOCK+0x20
spec_open(181fcc0, 2180, 0, 0, 80, 400048ac500) at spec_open+0x270
VOP_OPEN(40004787b30, 7, 400048ac500, 40004899d40, 1, 40008dfd980) at
VOP_OPEN+
0x24
vn_open(0, 7, 40004787b30, 93b8b03454, 0, 85) at vn_open+0x110
doopenat(0, ff9c, 0, 7, 40, 40008dfde00) at doopenat+0xb0
syscall(40008dfded0, 405, 93b5705a38, 93b5705a3c, 0, 91afc0d230) at
syscall+0x3
18
softtrap(93b1aed5a0, 6, 40, 91b000f0e0, 0, 93b0f78000) at softtrap+0x19c
ddb ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
*27403  26124  27403  0  7   0cu
 26124  1  26124  0  30x88  pause ksh
 30887  1  30887  0  30x80  selectcron
 12040  1  12040 99  30x80  poll  sndiod
  9978  1   9978  0  30x80  selectinetd
  1775  1   1775  0  30x80  selectsendmail
  4950  1   4950  0  30x80  selectsshd
 15327  26460  13216 83  30x80  poll  ntpd
 26460  13216  13216 83  30x80  poll  ntpd
 13216  1  13216  0  30x80  poll  ntpd
 11569  31544  31544 74  30x80  bpf   pflogd
 31544  1  31544  0  30x80  netio pflogd
 18240   8831   8831 73  30x80  poll  syslogd
  8831  1   8831  0  30x80  netio syslogd
 27203  1  27203 77  30x80  poll  dhclient
 27706  1   9832  0  30x80  poll  dhclient
11  0  0  0  30x100200  aiodoned  aiodoned
10  0  0  0  30x100200  syncerupdate
 9  0  0  0  30x100200  cleaner   cleaner
 8  0  0  0  30x100200  reaperreaper
 7  0  0  0  30x100200  pgdaemon  pagedaemon
 6  0  0  0  30x100200  bored crypto
 5  0  0  0  30x100200  pftm  pfpurge
 4  0  0  0  30x100200  bored syswq
 3  0  0  0  3  0x40100200idle0
 2  0  0  0  30x100200  kmalloc   kmthread
 1  0  1  0  30x80  wait  init
 0 -1  0  0  3   0x200  scheduler swapper


I guess the real question I have is: what purpose does ttyV0 serve on an
Ultra5 if not for the vcc driver (that the Ultra5 doesn't support?)?  Have
I missed something, or do I need to go back to RTFM some more?  A cursory
grepping through /usr/src for ttyV shows etc/etc.sparc64/MAKEDEV{,.md},
which doesn't appear to check for vcc before creating ttyV*.


dmesg:

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2012 OpenBSD. All rights reserved.
http://www.OpenBSD.org

OpenBSD 5.2-current (GENERIC) #1: Thu Oct 18 20:37:09 CDT 2012
root@:/usr/src/sys/arch/sparc64/compile/GENERIC
real mem = 268435456 (256MB)
avail mem = 251494400 (239MB)
mainbus0 at root: Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 400MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIi (rev 9.1) @ 400 MHz
cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 2048K external
(64 b/l)
psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0
psycho0: bus range 0-2, PCI bus 0
psycho0: dvma map c000-dfff
pci0 at psycho0
ppb0 at pci0 dev 1 function 1 Sun Simba PCI-PCI rev 0x13
pci1 at ppb0 bus 1
ebus0 at pci1 dev 1 function 0 Sun PCIO EBus2 rev 0x01
auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003,
72c000-72c003, 72f000-72f003
power0 at ebus0 addr 724000-724003 ivec 0x25
SUNW,pll at ebus0 addr 504000-504002 not configured
sab0 at ebus0 addr 40-40007f ivec 0x2b: rev 3.2
sabtty0 at sab0 port 0: console
sabtty1 at sab0 port 1
comkbd0 at ebus0 addr 

Re: how to gain high performance with big memory

[J Sisson]

On Thu, Nov 3, 2011 at 4:24 AM, Bentley, Dain dbent...@nas.edu wrote:

 Take a look at this:
 http://www.packetmischief.ca/openbsd-compact-flash-firewall/
 http://blog.spoofed.org/2007/12/openbsd-on-soekris-cheaters-guide.html


Why send people to third party documentation that won't be properly
maintained over time?

What can you learn there with regards to memory filesystems that
man mount_mfs doesn't cover?

Re: GCC 4.2.4?

[J Sisson]

On Thu, Sep 15, 2011 at 4:59 PM, Jeffrey Walton noloa...@gmail.com wrote:

 I sometimes wonder about the whole free software, free beer thing. Its
 kind of like trying to figure out how US politicians claim to balance
 a budget, yet the US is trillions in debt.

 Here's a hint:  Someone is *lying*.

Re: Thanks a lot to all devs of OpenBSD

[J Sisson]

On Sun, Aug 28, 2011 at 2:43 PM, Loganaden Velvindron logana...@devio.uswrote:

 If other BSDs worked this way, they would have been
 successful in attracting a larger userbase. They
 have the means to do it with their larger developer
 community.

 This begs the question of whether or not their developer community
would be as large if they held higher standards...

Re: If I install OpenBSD 4.9, when will I have to upgrade to 5.0?

[J Sisson]

On Mon, Jul 11, 2011 at 6:25 AM, lancebaynes87 lancebayne...@zoho.comwrote:

 The worlds most secure os, and it doesn't have any docs regarding the
 different versions security support time.

 Surprisingly, people expect to use the worlds most secure OS without
reading anything about it.  (hint: no OS will save you from yourself).

http://www.openbsd.org/faq/faq5.html#Flavors

You will also note that in the above example, the *4.6-stable* branch came
to an end with *4.8-release*, and the *4.7-stable* branch came to an end
with *4.9-release* -- old releases are typically supported up to two
releases back.

Re: How does OpenBSD compare to Ubuntu Server?

[J Sisson]

On Mon, Jul 11, 2011 at 6:58 PM, Juan Miscaro jmisc...@gmail.com wrote:

 On 7 July 2011 15:06, jirib ji...@devio.us wrote:

 Are you kidding? Ubuntu? Where installed daemons are running by default,
  where there is no command to disable shitty upstart daemons?

 Which daemons are those again?

 apt-get install some_insecure_daemon

Oh look, some_unsecure_daemon is running before I have a chance to
configure it and lock it down the way I see fit.  sarcasmGood thing we all
know those Ubuntu/Debian guys are so damned smart and all.../sarcasm

Re: How does OpenBSD compare to Ubuntu Server?

[J Sisson]

On Mon, Jul 11, 2011 at 7:36 PM, Andres Perera andre...@zoho.com wrote:

 why would you install a daemon and not run it? how is it any different
 than X listening on localhost by default in obsd? if you install a
 daemon in debian/ubuntu and it listens on 0.0.0.0 by default, the
 package isn't following distro policy


Why would you start a daemon before you have had a chance to
configure it for your environment?  Is it really that hard to run
update-rc.d after you edit a config file?

OpenBSD asks if X should run by default when you install the system.
On top of that, the default firewall rules explicitly block traffic to X.
It's quite different in fact.

Policy?  Well thank heavens for that...I guess I should run Ubuntu on
all of my critical infrastructure...their policy will protect me.

Re: More softraid0 problems on current

[J Sisson]

On Sat, Jun 4, 2011 at 6:41 PM, Josh Rickmar joshua_rick...@eumx.netwrote:

 Thanks for the quick fix! The July 4 snapshot boots up perfectly
 here.

 Yeah, talk about a quick fix...it's available a month early!   :)

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[J Sisson]

On Thu, Apr 21, 2011 at 4:55 PM, Paul M l...@no-tek.com wrote:
 Just order as many as you want and bin the excess.

Order 1 with your shipping address, then order N - 1 with Richard
Stallman's address.

Problem solved.

Re: new upper limit with BIGMEM

[J Sisson]

On Mon, Apr 4, 2011 at 6:59 PM, Miod Vallat m...@online.fr wrote:
 The limit of profanity comments in the kernel source code?


I think this is the truly important metric here.  When will this limit
have to be bumped?

Re: Choosing a window manager...

[J Sisson]

On Tue, Mar 15, 2011 at 1:50 PM, marc li...@drwx.org wrote:
 Hi all,

 I'm deciding between kde, xfce, gnome, and fluxbox (in order of
 preference). Any experiences? Any relevant security issues on any of them?

 Thanks,
 Marc

I'd suggest kde, xfce, gnome, and then fluxbox, according to your preference.

Re: Old IPSEC bug

[J Sisson]

On Fri, Dec 17, 2010 at 10:24 AM, Theo de Raadt dera...@cvs.openbsd.orgwrote:

 This project -- with it's limited manpower -- is going to remain
 deeply inconsistant at (a) realizing the impact of a bug fix and (b)
 making an errata available.

 That's the beauty of OpenBSD, though...a dev sees a bug, so the dev fixes
it.
Dev doesn't worry about exploitability or severity or whatever...just fix
the bug
and move on.

That's a feature, not a...well, you get the point.

Re: symbol ( - - - - ) size mismatch, relink your program

[J Sisson]

On Sat, Dec 11, 2010 at 10:04 AM, Mihai Popescu B.S. mihai...@gmail.comwrote:

 I did a snapshot install and I got many warnings like this one. What
 could be this warning, is it about mismatch on .so files ?

 Was it a clean install of a snapshot or an upgrade?

If upgrade, did you sysmerge and pkg_add -u after the upgrade?

Re: sha256 hash for /bsd

[J Sisson]

On Thu, Dec 9, 2010 at 11:29 PM, OpenBSD Geek open...@e-solutions.rewrote:

 So how can i proceed ?


 http://ftp.openbsd.org/pub/OpenBSD/4.7/i386/SHA256

That file contains the correct sha256 for all the install sets, including
bsd.

Re: sha256 hash for /bsd

[J Sisson]

On Thu, Dec 9, 2010 at 12:38 PM, OpenBSD Geek open...@e-solutions.rewrote:

 When i want to install an other OpenBSD Box, using my ftp i have this
 error :
 The SHA256 hash ... for bsd did not match what this bsd.rd expected.
 Installation are done, reboot the machine, and it stops after the PBR. The
 file /bsd have certainly an error ?

 Did you boot from a 4.7-RELEASE bsd.rd?

Re: sha256 hash for /bsd

[J Sisson]

On Thu, Dec 9, 2010 at 10:08 PM, OpenBSD Geek open...@e-solutions.rewrote:

 Yes i booted on 4.7-RELEASE CD.
 And want to install with my files located on my FTP (*.tgz,site47.tgz).
 But i have an error in sha256 Hash for my /bsd (ftp)
 Any idea ?


 If it's different from the sha256 on bsd from an official mirror,
then yes, your ftp's /bsd is bad.  =)

Re: suggestion for a new/additional OpenBSD release media option

[J Sisson]

On Mon, Nov 1, 2010 at 11:11 AM, Michal mic...@sharescope.co.uk wrote:

 You can have CD's with multiple types of OS and you have a choice screen.
 MS MSDN CD's often have different versions; server OS cd's have web,
 stranded and enterprise and you just get a choice screen. But again, its all
 time and effort at the end of the day

 There's a huge difference between one OS - multiple license schemes and
one OS - multiple hardware architectures.

Re: Tips of bash on command substitution ?

[J Sisson]

On Tue, Oct 26, 2010 at 9:02 AM, Aaron Lewis the.warl0ck.1...@gmail.comwrote:

 Hi,
Suppose last command was cd cd , and i've remembered that it could
 be
 replaced to ls ls simply with ^cd^ls^ , but only first entry was
 replaced , thus i finally got ls cd

 But i want ls ls , anyway to work it out ?


!!:gs/cd/ls/

Re: ports/root/make install

[J Sisson]

On Thu, Oct 21, 2010 at 12:20 PM, Jay K jay.kr...@cornell.edu wrote:

  ssh r...@localhost cd `pwd`  make install


From man mk.conf:

 SUDO   Command run by make(1) when doing certain
operations requiring root privileges (e.g. the
make install portion of make build).  If set
to /usr/bin/sudo, this allows one to run make
build as a user other than root (assuming sudo
is
set up for that user).

Re: insecure scheduler in OpenBSD 4.7

[J Sisson]

On Mon, Oct 11, 2010 at 5:09 PM, Dmitry-T dmitr...@yandex.ru wrote:

 dd only example.
 Look around: Linux, Mac OS X, FreeBSD... why defend a design error?


Because Linux/Mac OS X/FreeBSD are the yardsticks that
all Unix systems must measure up to, right?

Re: Trouble with FTP install on virtual machine

[J Sisson]

On Thu, Sep 16, 2010 at 1:03 PM, li...@telus.net wrote:

 I would welcome further suggestions anyone cares to offer.


Is something stopping you from using install48.iso to install?

http://ftp5.usa.openbsd.org/pub/OpenBSD/snapshots/i386/install48.iso

I know that doesn't solve the problem, but at least that will get you to a

fully functional OpenBSD install that you can try Mark's sysctl fix...

Re: blank virtual consoles, blank screen after exiting X11

[J Sisson]

On Mon, Sep 6, 2010 at 1:25 PM, Chris Palmer ch...@noncombatant.org wrote:

 11:23 /usr/src/usr.bin/mg ; diff -u theo.c.orig theo.c
 --- theo.c.orig Mon Sep  6 11:23:44 2010
 +++ theo.c  Mon Sep  6 11:23:13 2010
 @@ -159,7 +159,8 @@
I'm not very reliable,
I don't like control,
You aren't being conservative -- you are trying to be a caveman.,
 -   nfs loves everyone
 +   nfs loves everyone,
 +   I cannot put enough stress ... on the poohole X can be.
  };

  static const int ntalk = sizeof(talk)/sizeof(talk[0]);


+1  haha

Re: Dhcp client problem

[J Sisson]

On Wed, Aug 11, 2010 at 12:08 PM, wolk w...@jablko.one.pl wrote:

 I installed openbsd 4.7, during installation i get ip address(192.168.1.47)

snip

 After reboot my new openbsd can't get address from server


Same problem here.  I have two machines at home that act the same.
Those machines are running 4.7-sparc64 and 4.8-beta(aug 9)-i386,
respectively.

dhcp servers are: netgear cheap WAP/router and my ISP's dhcp.  Both
of them work with both servers on the ramdisk installer but do not
work on the installed machine.  tcpdump shows the initial request and
initial response from the server, but nothing after that.

At work I am unable to replicate the issue with the Aug 7 snapshot for
amd64...ramdisk and installed machine are fine either way.

Is it possible this is related to ARPCHECK that is performed after receiving
a DHCPOFFER?  I've started looking over dhclient.c but I can't seem to find
a solid block of time to read it in depth.

Re: UTF-8

[J Sisson]

On Thu, Aug 5, 2010 at 10:15 PM, Marco Peereboom sl...@peereboom.us wrote:

 Easy!

 vim
 BSD
 mutt
 7 bit

 no controversy at all because everyone else is wrong and they know it.


That looks like a good combo, yep.

Re: dual screen X

[J Sisson]

On Tue, Jul 27, 2010 at 9:22 PM, CTE b...@phonicsea.com wrote:

 Can someone do me a favor and post a Xinerama configuration for X.  I've
 got a dual port Nvidia card and have been messing about with X configs
 for the last day and a half.


The easiest dual route for nvidia that I've found is

Option Dualhead True

Under the device section for driver nv.  (man nv).

Re: mount ffs as msdos, system hangs

[J Sisson]

On Mon, Jul 26, 2010 at 3:50 AM, frantisek holop min...@obiit.org wrote:

 so sending half-baked crappy diffs will estabilish one
 as a useful, non-whining member of the community, right?


Oh...you're on the paid support plan?  My bad.

You get OpenBSD for free.  That's pretty amazing, isn't it?  Why is it hard
to believe that reframing a potential solution as here's a diff instead of
I
broke my system as root and you need to take time out of your day to help
me will get better results?  Sure, the diff may get rejected, but at least
you're
showing a touch bit more effort than the effort it takes to fire up your
e-mail
client.

Re: mount ffs as msdos, system hangs

[J Sisson]

On Sun, Jul 25, 2010 at 8:01 PM, frantisek holop min...@obiit.org wrote:

 well done misc@, living up to your name.
 the bootcamp of the internet.


It's better to create a crappy diff that gets rejected than whine
incessantly on a mailing
list that by your own admission has a reputation for being like boot camp.

You claim to know a decent amount about the situation, why not at least take
a crack
at a fix?

Re: PTY allocation error

[J Sisson]

On Mon, Jul 12, 2010 at 2:46 PM, Leonardo Carneiro - Veltrac 
lscarne...@veltrac.com.br wrote:

 I ONLY run the sshd that are allowed to connect from the Internet in
 non-standard ports. Anyone that matters to know knows on witch port the sshd
 is running.

 Well, them and anyone who knows how to half-assed run nmap or any other
numerous service fingerprinting utilities.

Re: OpenBSD as a laptop OS

[J Sisson]

On Fri, Jun 18, 2010 at 4:04 PM, VICTOR TARABOLA CORTIANO 
vt...@c3sl.ufpr.br wrote:

  My question is simple, is OpenBSD convenient enough for a daily usage ?
  What are the experiences about that ?

 I use OpenBSD exclusively as an desktop and I can do everything I want.

 Same here.  OpenBSD makes for a very stable and capable desktop.

Re: PF

[J Sisson]

On Sat, Jun 5, 2010 at 11:44 AM, Kleber Rocha kli...@gmail.com wrote:

 On OpenBSD 4.7 I need to rewrite all of my old pf.conf, why this happens in
 the PF?


This has been discussed repeatedly since pf changes hit CURRENT.  Search the
archives.

Re: mouse cursor keeps jumping up and left in latest snapshot

[J Sisson]

On Thu, Jun 3, 2010 at 9:46 AM, Christopher Zimmermann
madro...@zakweb.dewrote:

 Does anyone else have a similar experience? Any ides? The only idea I have
 is reinstalling the whole system :(


I experienced the same thing yesterday.  I've been working on a different
machine since then because I haven't had time to look into it.

Re: OpenBSD 4.7 as VPN Gateway for Road Warriors, Preferred Configuration

[J Sisson]

2010/5/21 Martin Pelikan martin.peli...@gmail.com:
 What's the preferred method in the day of OpenBSD 4.7?

 To search before typing?

+1

Re: reporting a bug in ports/net/flow-tools?

[J Sisson]

On Tue, Apr 27, 2010 at 9:36 AM, Antti Harri i...@openbsd.fi wrote:
 You should symlink one of the pythonX.Y binaries to 'python',
 as post install message for python packages suggest.

Regardless of the symlink issue (which should be done anyways, IMO),
/bin/env doesn't exist in the default OpenBSD install.

The port should use /usr/bin/env.

Re: OpenBSD culture?

[J Sisson]

On Fri, Apr 16, 2010 at 11:28 AM,  trustlevel-...@yahoo.co.uk wrote:
 You can actually have MANY more than 4 OS on one drive, but it does get rather
 complicated and not worth the effort which certainly wouldn't help here.

The point was that OpenBSD requires a primary partition.

Re: OpenBSD culture?

[J Sisson]

On Wed, Apr 14, 2010 at 1:19 PM, Matthias Kilian k...@outback.escape.de
wrote:
 On Wed, Apr 14, 2010 at 12:38:56PM -0500, Ron McDowell wrote:
 Yup, nowhere in that goals page does it say anything about don't be
 rude to the casual users.  Maybe that is why OpenBSD is so far down the
 list at http://bsdstats.org/ .

 What detail in the original reply Theo sent to the OP (and quoted
 it later on this list) was rude?

I think that implication was aimed at the OP who claimed Theo was rude.
Doesn't make it so, but the OP apparently took it that way.

Re: RouterBOARD RB600A support

[J Sisson]

On Tue, Mar 23, 2010 at 2:50 PM, Otto Moerbeek o...@drijf.net wrote:

 If two things happen after another, it does not imply that the first
 caused the second.

-Otto

If not for correlation and causation, we wouldn't have conspiracy
theories.  Quit speaking the truth!

Re: softdeps enabled = poor concurrent access?

[J Sisson]

On Wed, Feb 24, 2010 at 12:02 PM, Noah McNallie n...@n0ah.org wrote:
 it is very fast for single process tasks, but when another process would
 like to use the disk it seems to just let one hog everything

I do believe that's Artur's response explained earlier.

Re: OpenBSD insecure OS?

[J Sisson]

http://old.nabble.com/The-insecurity-of-OpenBSD-td27268082.html

Re: Postgresql and Memory Usage

[J Sisson]

On Wed, Jan 27, 2010 at 3:13 PM, Jeff Ross jr...@openvistas.net wrote:
 max_connections = 200 # pgtune wizard 2010-01-27

Silly question, but have you tried any kind of connection pooling?  If
you can drop max_connections down you can reduce the shared memory
footprint postgresql has.

Re: The insecurity of OpenBSD

[J Sisson]

On Thu, Jan 21, 2010 at 8:56 PM, Zamri Besar zam4e...@gmail.com wrote:
 The insecurity of OpenBSD
 http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/

 -zamri-



That's a great article...I mean, I'd rather go get shots the day after
hiring a hooker instead of wearing a condom in the first place
because, you know, condoms fail all the time, right?  And shots from
the doctor are infallible, right?

Re: self educating q

[J Sisson]

On Fri, Jan 22, 2010 at 9:55 AM, Ted Unangst ted.unan...@gmail.com wrote:
 I think it comes down to x86 doesn't do as much to save you from
 broken software as some other architectures.  This doesn't by itself
 make it insecure, you need to be running insecure software too.

Good thing there's a shortage of insecure x86 software, eh?  haha.

Re: What does your environment look like?

[J Sisson]

OpenBSD-STABLE with fluxbox on my work desktop.  I have a laptop with a
busted LCD and keyboard, so I use it as a WinXP slave via rdesktop for
running IE (checking websites, as I work in IT for a hosting company).  The
XP box runs in seamless mode, so fluxbox looks a bit weird with a Windows
task bar across the top...but it works haha.

At home I have OpenBSD-CURRENT running on my desktop...fluxbox there as
well.

Both have conky running as my monitor, with three instances:  Left one is
RSS feeds (undeadly, milw0rm, etc...), middle is CPU/RAM/etc, right is
network-related stuff.  I sometimes run GeoXPlanet as my wallpaper setter,
but it takes some tweaks to get it running on OpenBSD and I haven't uploaded
the fixed version to sourceforge for that (not trying to advertise, but if
anyone is interested I'll upload the fixed code).

That's pretty much it.

Re: ComixWall terminated

[J Sisson]

On Fri, Dec 11, 2009 at 6:37 PM, Eric Furman ericfur...@fastmail.netwrote:

 It is simple. ComixWall was a *Distribution*.
 It directly competes with OpenBSD.
 People could obtain ComixWall directly from his web site.
 This means *less* CD sales.
 CD sales are the main source of income for OpenBSD.
 Therefore ComixWall *hurts* OpenBSD.
 Theo's hostility is completely understandable.
 What do you people not get?

 I could see two approaches here that are ok.  The first has already been
mentioned (create a port and submit it so everyone can benefit).  The second
approach would be to sell ComixWall CD's and donate at least the cost of the
OpenBSD CD's to the OpenBSD project.  Sure, that means ComixWall will cost
$55+, but that way the OpenBSD team doesn't lose CD sales and ComixWall
makes a little profit for writing the frontend.

Re: ComixWall terminated

[J Sisson]

On Fri, Dec 11, 2009 at 9:54 PM, acam...@the00z.org wrote:

 This isn't about money, is about spam.

 Two separate issues, boss.

1)  spam.  Theo and the OpenBSD team own this list.  Just because OpenBSD is
free to use as you see fit doesn't mean the mailing lists are too.  Theo
said stop it, and the OP challenged Theo's decision.  Theo had every right
to be pissed.  I'm not disagreeing there.

2) money.  I was responding to a post about the OpenBSD team losing CD sales
due to ComixWall.  I fail to see how that doesn't concern money.

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

[J Sisson]

On Wed, Dec 9, 2009 at 11:37 AM, Bob Beck b...@ualberta.ca wrote:

 the point is simple:

 * Release Announcements For things that are not OpenBSD do not belong
 on OpenBSD lists *


In both quoted responses Theo specifically mentioned the lists and for the
OP to quit posting ads.  I thought the message was quite clear.

I'm not sure how the OP missed that.

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

[J Sisson]

On Wed, Dec 9, 2009 at 1:01 PM, Christopher Zimmermann
madro...@zakweb.dewrote:

 If this is true, it's a pity. Then comixwall just died.

 Theo told Soner to cease.  Soner came back with if you don't tell me you
were just joking, I'm going to terminate the Comixwall project.  It was
Soner's choice.  He threw his ass like a 5 year old.

Comixwall just died because Soner couldn't take being told to do things
differently, not because of the attitude of Theo and the OpenBSD devs.

If you're looking for something to point at and call stupid, I'd say Soner's
decision is a good starting place.

Re: How to redirect output from /etc/rc.shutdown

[J Sisson]

On Tue, Dec 1, 2009 at 3:58 PM, Abel Abraham Camarillo Ojeda 
acam...@the00z.org wrote:

 Or don't give to your useless staff root access...


Indeed.  Many problems can be solved with this simple concept.

Re: OpenBSD blog software

[J Sisson]

 On Wed, Nov 18, 2009 at 07:37:48PM +0100, Bret S. Lambert wrote:
  On Wed, Nov 18, 2009 at 12:00:21PM -0600, Marco Peereboom wrote:
   now a wiki
 
  And before you know, it, a social networking site.
 
  I want you to be my friend on Dixonspace!!!
 


Gotta have realtime plaintext chat for it to be a *true* social networking
site...

Re: openbsd programming resources?

[J Sisson]

In terms of secure programming, The Art of Software Security Assessment:
Identifying and Preventing Software Vulnerabilities, while not purely about
C, is recommended on the openbsd site (Books that help section), so I
purchased it.  It's a really good book, and I second the recommendation on
it.

On Fri, Nov 13, 2009 at 8:35 AM, elias r. obs...@crudp.ath.cx wrote:

 Hey out there!
 I started thinking about improving my C-programming knowledge, especially
 towards OpenBSD (and unix in general) -programming as well as secure
 programming.

 Does anyone have a hint which resources are worth reading (e.g. which books
 about the unix api?)

 Hope this isn't worst question ever (yeah, i know internet searches)...
 I'd simply like some advice where to start ..

 greetings,

 elias




-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: Ports isn't working for me...

[J Sisson]

On Wed, Sep 30, 2009 at 3:03 PM, Chris cjd...@brokensolstice.com wrote:

 Hi,

 I'm using obsd4.5, following current.


4.5 is -release.  4.6 is -current.


 # make install
 ===  Installing php5-core-5.2.10 from /usr/ports/packages/amd64/all/
 Can't install php5-core-5.2.10 because of conflicts
 (partial-php5-core-5.2.10)


When you compile a port, you're creating a package and then installing the
package.

pkg_delete partial-php5-core

should clear up the conflict you're getting.

-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: Ports isn't working for me...

[J Sisson]

On Wed, Sep 30, 2009 at 3:40 PM, Chris cjd...@brokensolstice.com wrote:


 What I compiled doesn't actually install, because it does not have the
 configure option compiled into it that I dictated.  I'm not sure where
 it is pulling its php binary from...


Read your error message:

===  Installing php5-core-5.2.10 from /usr/ports/packages/amd64/all/

You need to delete that package tarball and make install from ports again.


-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[J Sisson]

On Wed, May 27, 2009 at 10:58 AM, Bob Beck b...@obtuse.com wrote:

 Oh please. like the address coming from openbsd.org matters... It's
 *email*...


You seem to have misunderstood my comment.

If e-mail address A is in the set {legit, potentially spoofed}, then
you have to have additional measures to determine which set it's in.

If e-mail address B is not in the set {legit, potentially spoofed},
then you certainly shouldn't assume it's legit.

The quoted e-mail wasn't from openbsd.org.  Assuming it's legit is nonsense.

-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[J Sisson]

On Tue, May 26, 2009 at 1:02 PM, Kevin Wilcox kevin.wil...@gmail.comwrote:

 2009/5/26 Sam Fourman Jr. sfour...@gmail.com:

  Sam Fourman Jr.
  sfour...@gmail.com
  rlz686

 Now that's funny.

 kmw


That's not *just* funny...it makes my sides hurt.

To others thinking about responding:

Check the OP's email address.  Note that it doesn't end with openbsd.org
or similar.


-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[J Sisson]

On Tue, May 26, 2009 at 10:30 PM, Ted Unangst ted.unan...@gmail.com wrote:

 On Tue, May 26, 2009 at 9:58 PM, J Sisson sisso...@gmail.com wrote:
  Check the OP's email address.  Note that it doesn't end with 
 openbsd.org
  or similar.

 b...@openbsd.org doesn't end with openbsd.org?  You need to work on
 your regex skills.


Indeed I do.  I meant the e-mail address from the quote by the OP.

-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: Why so cool OS doesn't have vuln database?

[J Sisson]

select dmesg, custom_options from last_post.[my configuration].

2009/5/15 Yuriy Grishin grishin-mailing-li...@minselhoz.samara.ru

 Hello!

 I've installed OpenBSD 4.5 on my home gateway.
 Random pids and critical files permission are really cool.
 I just confused a little bit because I haven't found any way to check the
 vulnerabilities of my configuration.
 Are there any?




-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: Why so cool OS doesn't have vuln database?

[J Sisson]

Sorry, I meant your_last_post.[your configuration].

In other words, it'd help people make recommendations if we knew the
hardware you were running and what changes you'd made to the base system.

On Fri, May 15, 2009 at 12:55 PM, Yuriy Grishin 
grishin-mailing-li...@minselhoz.samara.ru wrote:

 J Sisson wrote:

 select dmesg, custom_options from last_post.[my configuration].

 sorry, I've just subscribed.
 Can't see your previous post.




-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: Oddly high load average

[J Sisson]

On Fri, Nov 7, 2008 at 1:49 PM, Duncan Patton a Campbell 
[EMAIL PROTECTED] wrote:

 Ok.  So considering the speed with which this patch appeared I'm going
 to assume there's more here than meets the eye.  Just the same it looked
 like a sampling (when/where) issue to me.


 Take note of the OP's name, then read the patch.  The patch was pure
sarcasm.  Theo's point (if I'm not mistaken) is that the code is operating
as intended.