Re: The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege
On Thu, Jun 25, 2015 at 05:39:46PM -0400, Jean-Philippe Ouellet wrote: And an intel microcode update: https://downloadcenter.intel.com/download/24290 Oops, I read the date wrong on that page. Still though. And microsoft (yup) pushed an update for it: https://support.microsoft.com/en-ca/kb/3064209 Waiting to get the new ucode through bios updates (which will realistically never come) sounds like a recipie for disaster. Does somebody smarter than me want to look into this before shit hits the fan for real? Does this sound like something for our fw_update infrastructure or similar? 40 days until the 0day drops.
Re: The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege
And an intel microcode update: https://downloadcenter.intel.com/download/24290 And microsoft (yup) pushed an update for it: https://support.microsoft.com/en-ca/kb/3064209 Waiting to get the new ucode through bios updates (which will realistically never come) sounds like a recipie for disaster. Does somebody smarter than me want to look into this before shit hits the fan for real? Does this sound like something for our fw_update infrastructure or similar? 40 days until the 0day drops. On Fri, Jun 05, 2015 at 09:21:27AM -0400, ertetlen barmok wrote: Hello, just a fyi, august 5-6 https://www.blackhat.com/us-15/briefings.html#the-memory-sinkhole-unleashing-an-x86-design-flaw-allowing-universal-privilege-escalation https://news.ycombinator.com/item?id=9663249 In x86, beyond ring 0 lie the more privileged realms of execution, where our code is invisible to AV, we have unfettered access to hardware, and can trivially preempt and modify the OS. The architecture has heaped layers upon layers of protections on these negative rings, but 40 years of x86 evolution have left a labyrinth of forgotten backdoors into the ultra-privileged modes. Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a design flaw that's gone unnoticed for 20 years. In one of the most bizarre and complex vulnerabilities we've ever seen, we'll release proof-of-concept code exploiting the vast, unexplored wasteland of forgotten x86 features, to demonstrate how to jump malicious code from the paltry ring 0 into the deepest, darkest realms of the processor. Best of all, we'll do it with an architectural 0-day built into the silicon itself, directed against a uniquely vulnerable string of code running on every single system. presented by Christopher Domas https://www.blackhat.com/us-15/speakers/Christopher-Domas.html
Re: running multiple simultaneous X sessions as different users
On Sun, Mar 15, 2015 at 07:12:23PM -0400, Ted Unangst wrote: luke...@onemodel.org wrote: The goal: I'd like to run multiple simultaneous X sessions and switch among them with Ctrl-Alt-F8, Ctrl-Alt-F9, etc, each one as a different user (separation of privileges, like general browsing vs. admin programming, vs. banking, etc, so that if one is compromised by a browser flaw etc, the other user accounts are unaffected. I would probably start with Xnest here. I've had better luck with a slightly hacked up Xephyr for this purpose. Just be aware that screen locking at the top level won't work while nested sessions grabbed exclusive focus (unless you patch it to work differently), and window resizing can be annoying at times. Be sure to actually isolate the different X server processes across different users and such and preferably chroot them and tell pf to block everything for those users. It's annoying and probably doesn't really gain you much anyway.
Re: immutable-ish version control repo?
It sounds like you're approaching this the wrong way. What property are you actually trying to attain? If you're giving people filesystem access then you're probably not worried about people changing the contents of whatever your repo has in its notion of the HEAD state. It sounds more like you're after some kind of audit trail. Is that what you really want? Instead of forcing people to use some obscure revision control system that they will probably hate, look into better access controls on whatever server your repos are stored on, and log commits. Something like gitolite with logging in the post-receive hook script comes to mind. If you really insist on forcing your users to use some (obscure?) source code management system that they're probably going to hate, even if just because it's not what they're used to in 2014 (hey CVS anybody? :P jk), then fossil sounds like it's what you're looking for. See section 3.8 (Audit Trail) of http://www.fossil-scm.org/index.html/doc/tip/www/fossil-v-git.wiki Still... with write access to the filesystem the repo is stored on, nothing prevents you from flipping the bits you want to flip. If you really want something immutable, embed your commits in a blockchain or something. I was going to jokingly suggest you create a new cryptocurrency called SourceCoin for this purpose, however upon googling it, it appears one already exists with that name! I'm not even kidding... although it has nothing to do with source code :/ http://www.coinssource.com/sourcecoin/ https://bitcointalk.org/index.php?topic=688494.0
INSTALL.macppc link moved
Apple is annoying and likes to shuffle their documentation around every few years. Maybe it's worth linking to archive.org instead. Index: distrib/notes/macppc/prep === RCS file: /cvs/src/distrib/notes/macppc/prep,v retrieving revision 1.22 diff -u -p -r1.22 prep --- distrib/notes/macppc/prep 27 Nov 2013 13:12:48 - 1.22 +++ distrib/notes/macppc/prep 17 Jul 2014 02:04:51 - @@ -31,7 +31,7 @@ up in sequence (similar to KITT from Kni press the System Identifier button until the seventh LED from the right is highlighted on the lower bank. Now hold the System Identifier button for two seconds. For more details, read: -http://docs.info.apple.com/article.html?artnum=75489 +http://support.apple.com/kb/TA26930 dnl XXX Move the boot commands to install in sections (booting from network, dnl XXX booting from cd-rom, etc)
Re: libmessage (New crazy sh*t)
What you are trying is not new, but crazy and sh*t seem pretty spot on. Your description, not mine. There's even a wikipedia article dedicated to how dumb this is! From http://en.wikipedia.org/wiki/Database-as-IPC: In computer programming, Database-as-IPC is an anti-pattern where a database is used as the message queue for routine interprocess communication in a situation where a lightweight IPC mechanism such as sockets would be more suitable. Using a database for this kind of message passing is extremely inefficient compared to other IPC methods and often introduces serious long-term maintenance issues, but this method enjoys a measure of popularity because the database operations are more widely understood than 'proper' IPC mechanisms.[1] On Tue, Jul 08, 2014 at 06:59:57PM +0200, Gustav Fransson Nyvell wrote: mmap seems very low-level and dangerous ... I want to add to the kernel is this easy to use style of messaging so that common programs can use it, immediately. Right... mmap is low-level and dangerous, so lets add large arbitrary shit to the kernel instead! So like kdbus, except implemented in the worst way possible? Please stop. think libmessage would be a good fit it just needs a better backend. No, it needs to disappear, and this conversation needs to end. The system you are proposing is not at all the system you need, nor the system you'd want if you understood the problem better. I think this is sorely needed, as well. Some other people have agreed with you, which is why this problem has already been tackled (in ways MUCH better than you are proposing) by people who put actual thought into the design phase before writing the dozens of different messaging queue/bus systems out there. A lot of bug tracking becomes much easier - I have seen ktrace. It is much like ktrace, yet can be used for applications too. It's quite obvious that you have no idea what you're talking about. It's like an internal network for the kernel. First of all, this has nothing to do with networks. Second of all, this has nothing to do with the kernel. I know that message queues are frowned upon yet they are very UNIX, remember JMS is from Java which is from Sun, which you know... created Solaris, SunOS? UNIX is supposed to be big and slow. Good bye, troll.
Re: openbsd live-cd?
On Mon, Jun 16, 2014 at 03:47:14PM -0400, Brian McCafferty wrote: Install it to a usb stick. And then try to not get banned from the store you're trying the new hardware in for uploading malware (apparently that's what the dmesg scolling by looks like to the untrained eye :P), even if you got the managers permission first.
Re: running cvs update as root (www patch?)
On Mon, Jun 09, 2014 at 03:07:17PM -0700, Jonathan Thornburg wrote: http://www.openbsd.org/anoncvs.html shows the 'cvs update' command being run by root (# shell prompt) One example (the latest one added) in the Using CVS to ... section uses $, as do all the examples in the Example usages ... section. Perhaps they should all be $? I'm not sure, but diff at the end if so. I wouldn't expect any non-root user to have write permission to /usr/src anyway. Just add a non-root user to the wsrc group and $ sudo chmod -R g+w /usr/{src,obj,ports,whatever} The relevant dirs should be group-writable by default anyway, but if you've checked out as root on top of it without a proper umask, then it would cause issues. why is doing the cvs-update as root a bad idea? Why would you run it as root if you don't need to? It takes potentially-malicious input from the network and isn't super-tiny. Just general principle of least priveledge, it's not like you /can't/ run it as root (lest your source tree be corrupted or something). If this change were to be made, should there also be a note about wsrc, umask 002, and the rationale for not running as root? Tar examples are also #, perhaps those should be changed as well? Index: build/mirrors/anoncvs.html.head === RCS file: /cvs/www/build/mirrors/anoncvs.html.head,v retrieving revision 1.35 diff -u -p -r1.35 anoncvs.html.head --- build/mirrors/anoncvs.html.head 9 May 2014 14:02:39 - 1.35 +++ build/mirrors/anoncvs.html.head 10 Jun 2014 00:45:26 - @@ -221,14 +221,14 @@ If you don't have a CD handy, use the me p (If you are following icurrent/i): pre - # strongcd /usr/strong - # strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P src/strong + $ strongcd /usr/strong + $ strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P src/strong /pre p (If you are following the patch branch for 5.5): pre - # strongcd /usr/strong - # strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P src/strong + $ strongcd /usr/strong + $ strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P src/strong /pre !-- DO NOT EDIT ANONCVS.HTML MANUALLY - IT IS GENERATED FROM TEMPLATES! -- @@ -258,14 +258,14 @@ Confirm this, and the fingerprint will t li Anytime afterwards, to `update' this tree: p (If you are following icurrent/i): pre - # strongcd /usr/src/strong - # strongcvs -q up -Pd/strong + $ strongcd /usr/src/strong + $ strongcvs -q up -Pd/strong /pre p (If you are following the patch branch for 5.5): pre - # strongcd /usr/src/strong - # strongcvs -q up -rOPENBSD_5_5 -Pd/strong + $ strongcd /usr/src/strong + $ strongcvs -q up -rOPENBSD_5_5 -Pd/strong /pre Every time you ran this it would synchronize your /usr/src tree. @@ -278,8 +278,8 @@ If you are updating a source tree that y from a different server, or from a CD, you strongmust/strong add the em-d [cvsroot]/em option to cvs. pre - # strongcd /usr/src/strong - # strongcvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd/strong + $ strongcd /usr/src/strong + $ strongcvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd/strong /pre /ul @@ -289,24 +289,24 @@ it is similar to src: ulli p (If you are following icurrent/i): pre - # strongcd /usr/strong - # strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports/strong + $ strongcd /usr/strong + $ strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports/strong /pre p (If you are following the patch branch for 5.5): pre - # strongcd /usr/strong - # strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P ports/strong + $ strongcd /usr/strong + $ strongcvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P ports/strong /pre li Anytime afterwards, to `update' this tree: p (If you are following icurrent/i): pre - # strongcd /usr/ports/strong - # strongcvs -q up -Pd/strong + $ strongcd /usr/ports/strong + $ strongcvs -q up -Pd/strong /pre p (If you are following the patch branch for 5.5): pre - # strongcd /usr/ports/strong - # strongcvs -q up -rOPENBSD_5_5 -Pd/strong + $ strongcd /usr/ports/strong + $ strongcvs -q up -rOPENBSD_5_5 -Pd/strong /pre /ul @@ -318,8 +318,8 @@ For those who like to see screenfulls of To make a diff of a locally patched module (here icd.c/i) to include with a bug report: pre - # strongcd /usr/strong - # strongcvs diff -u src/sys/scsi/cd.c gt; /tmp/patch/strong + $ strongcd /usr/strong + $ strongcvs diff -u src/sys/scsi/cd.c gt; /tmp/patch/strong /pre p
Re: issues with amd64 on Apple MacPro
I've been using one (early 2008 model?) for several weeks now. Suspend works, hw.setperf works, radeondrm works for X, internal audio doesn't seem to work, but I can't say I've spent a long time trying to make it work. There are a few minor issues, like the console framebuffer doesn't take up the whole screen [1] (although it does expand to more than 80x24), and sometimes in the consoles, all keyboard entry is garbled, and an (obviously incorrect, although possibly what it would be if I held alt) keypress is registered on both keyup and kendown, which makes it impossible to login or even switch back to X. [2] But overall, it's pretty nice. It builds the kernel from scratch in just over 5 minutes, and hardware support is good enough for what I need. [1] https://i.imgur.com/BAoPCKM.jpg [2] https://i.imgur.com/O4XE8Gp.jpg OpenBSD 5.5-current (CAPSICUM.MP) #16: Sun Jun 8 20:01:35 EDT 2014 r...@macpro.home:/usr/src/sys/arch/amd64/compile/CAPSICUM.MP real mem = 8563191808 (8166MB) avail mem = 8326459392 (7940MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0e60 (94 entries) bios0: vendor Apple Inc. version MP31.88Z.006C.B05.0802291410 date 02/29/08 bios0: Apple Inc. MacPro3,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT DMAR SSDT SSDT acpi0: wakeup devices P2P5(S4) P2P3(S4) ARPT(S4) RP04(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) EHCI(S3) AC9M(S4) EC__(S3) NRP5(S4) NRP1(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.40 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu0: 6MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 398MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.0, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu1: 6MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu2: 6MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu3: 6MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 5 (application processor) cpu4: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.00 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu4: 6MB 64b/line 16-way L2 cache cpu4: smt 0, core 1, package 1 cpu5 at mainbus0: apid 4 (application processor) cpu5: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.00 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu5: 6MB 64b/line 16-way L2 cache cpu5: smt 0, core 0, package 1 cpu6 at mainbus0: apid 6 (application processor) cpu6: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.00 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu6: 6MB 64b/line 16-way L2 cache cpu6: smt 0, core 2, package 1 cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz, 2793.00 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF cpu7: 6MB 64b/line 16-way L2 cache cpu7: smt 0, core 3, package 1 ioapic0 at mainbus0: apid 8
Re: Install iwn driver Lenovo X1 Carbon
On Fri, Apr 18, 2014 at 10:32:08AM +0200, Axel wrote: Today I will download the package from another machine and another Internet connection, and I will use another USB pen. Oh, are you installing the driver from a USB storage device because this is actually rather an internet bootstrapping problem because the x1 is too thin to have an ethernet port? I've never attempted to do that, I have a little usb-ethernet dongle thing that came with the laptop, it's recognized by axe(4) and works no problem. I use that when I am at home, which is where I do most of my upgrades, so I always just run fw_update from the laptop, already connected to the internet. If you are instead trying to install it by downloading the file yourself, perhaps you forgot to download the signatures too? That would explain it. Try downloading http://firmware.openbsd.org/firmware/5.5/SHA256.sig too :)
Re: Install iwn driver Lenovo X1 Carbon
That happens to me when I upgrade on a connection with one of those stupid captive web portal things. Is that the case for you by any chance? I can confirm on almost the exact same hardware that it does work no problem with a not-stupid internet connection. (At least as of a few days ago. I had linking errors with openssl and decided to stop upgrading daily on my laptop for a little while until things calm down a bit and packages rebuild.)
Re: taking a screenshot through cwm shortcut.
Maybe it's because you commented half of it out? On Sun, Mar 30, 2014 at 07:52:52PM -0400, marst wrote: #!/bin/sh scrot -s '%Y-%m-%d_$wx$h.png' # -e 'mv $f ~/documents/shots' -e 'feh $f' ^^^ Another thing that looks like an issue is the two -e args. It doesn't work like you think it does, that mv isn't going to happen. Quickly looking through the source of scrot, it appears that later -e args just override earlier -e args, they do not both take effect. From src/options.c line 86 (in a getopt loop) case 'e': opt.exec = gib_estrdup(optarg); break; That behavior is pretty common.
Re: w...@openbsd.org bounces
On Sun, Mar 30, 2014 at 05:15:36PM -0400, Jean-Philippe Ouellet wrote: $ grep -rF w...@openbsd.org www | wc -l 2558 Perhaps those should be changed then? I'd send a patch, but I think it'd be silly since it'd just be a mechanical change, and a pretty huge diff. I was informed off-list that this statement was viewed as not caring enough to do the work, and just telling the devs what to do. That is certainly not what I intended, I just figured since it was basically just a regex anyway it'd be less effort for a committer to generate the changes themeslves than review my 4k line diff. Unfortunately, the mail with the patch included inline seems to have been silently rejected (length limit on misc@ or something perhaps?) so here it is externally: http://pastebin.com/raw.php?i=eufdaMcB
Re: w...@openbsd.org bounces
On Mon, Mar 31, 2014 at 03:15:43AM -0400, Jean-Philippe Ouellet wrote: On Sun, Mar 30, 2014 at 05:15:36PM -0400, Jean-Philippe Ouellet wrote: $ grep -rF w...@openbsd.org www | wc -l 2558 Perhaps those should be changed then? I'd send a patch, but I think it'd be silly since it'd just be a mechanical change, and a pretty huge diff. I was informed off-list that this statement was viewed as not caring enough to do the work, and just telling the devs what to do. That is certainly not what I intended, I just figured since it was basically just a regex anyway it'd be less effort for a committer to generate the changes themeslves than review my 4k line diff. Unfortunately, the mail with the patch included inline seems to have been silently rejected (length limit on misc@ or something perhaps?) so here it is externally: http://pastebin.com/raw.php?i=eufdaMcB Stupid --not-dash-escaped. Here it is not mangled: http://pastebin.com/raw.php?i=SfPQwrUF Sorry for the noise.
Re: w...@openbsd.org bounces
On Sun, Mar 30, 2014 at 12:39:10PM -0400, Ted Unangst wrote: On Sun, Mar 30, 2014 at 13:27, Raf Czlonka wrote: Hi all, I just tried sending an email to www@ and I got a bounce: http://marc.info/?l=openbsd-cvsm=139557902002995w=2 $ grep -rF w...@openbsd.org www | wc -l 2558 Perhaps those should be changed then? I'd send a patch, but I think it'd be silly since it'd just be a mechanical change, and a pretty huge diff.
Re: ipsec.conf parsing
On 3/19/14 6:22 AM, Zé Loff wrote: As far as I can tell, if a commented line on ipsec.conf ends with \ then the following line will also be considered a comment (if the next line also ends with \ the commenting is propagated). For example #ike esp from A.A.A.A to C.C.C.C \ ike esp from A.A.A.A to B.B.B.B \ srcid foo.example.com dstid bar.example.com is treated as a commented block, instead of setting up a tunnel from A.A.A.A to B.B.B.B. I find this a bit surprising... What should be fixed: the parser, ipsec.conf.5 or my expectations? All the best Zé In my totally-not-in-depth analysis (I don't have much time before I need to run to class), it seems to be because lgetc (src/sbin/pfctl/parse.y line 5556) pastes \\\n together, which happens before lines are evaluated for comments in yylex on line 5655, which calls the not-comment-aware lgetc which just blindly joins lines ending with \ making it appear to the comment-evaluating code that the whole thing is indeed one line that begins with a comment. I'm not sure if that's the desired behavior. fparseln(3) behaves in the way you probably expected, so I'm inclined to say that it isn't.
Re: OpenBSD email provider
On 3/17/14 3:25 PM, Jean-Francois Simon wrote: Just to mention, I'm looking for a more private ESP. As I know that OpenBSD conveys an idea of security, I tend to trust a provider relying on this OS. Not necessarily a safe assumption. I'm also using own server today, essentially, I have'nt check deeply, but seems gmail does use automated bots who check the mail content for purpose I don't know about. That will continue to happen, whether in your mailbox, or the mailboxes of the people you are communicating with. No I don't need absolute privacy about this topic, I mean that needs encryption etc ... Yes I want things done, I keep the gmail account, yet I'm interested in a more private solution where I can be absolutely sure that privacy is totally respected. I don't see a way to interpret that statement such that it doesn't contradict itself. Do you want privacy? or not... Sounds like maybe you want privacy by entrusting all your data to others that you can't even audit, all without any crypto??? Yeah... good luck with that :P Also, absolutely sure privacy is totally respected??? Let me know when you find a jurisdiction in which you can reasonably expect that to even be possible to begin with. Absolute and totally are pretty strong words, especially in this era of mass-infrastructure- sabotage and involuntary key disclosure, not to mention the difficulties of implementing a reasonably secure system to begin with.
Re: ffs2
On 3/17/14 10:19 PM, Adam Thompson wrote: OK, obviously I missed something. How do you resize ffs filesystems without a dump/restore step? -Adam http://www.openbsd.org/cgi-bin/man.cgi?query=growfs
Re: OpenBSD email provider
On 3/15/14 12:54 PM, Jean-Francois Simon jfsimon1...@gmail.com wrote: I'm looking for a secure mail provider, i fpossible using OpenBSD, also wondering if OpenBSD itself provides it for interested people. If anybody has informations thanks would be interesting to share. https://github.com/mailserv/mailserv comes to mind, although I've never tried it or read its source. I think a better question might be what qualities you're actually looking for in your mail provider as your question seems to indicate a misguided approach towards some notion of secure email. As far as I'm concerned, the only difference between 3rd party email services is reliability. I wouldn't trust any of them anyway. I see you have a pgp key on the keyservers, but it seems somewhat neglected since all your sigs have expired and dsa/elgamal (especially with 1024 bit keys) hasn't been recommended for quite some time. I think revisiting that would be a more productive use of your time than abandoning your gmail account. Although, don't read the above as pgp solves your problems, you haven't explained your problems, and pgp has its issues too, some of which are unavoidable because of problems inherent to email to begin with. If what you're after is something more along the lines of private communication, I'd say email probably isn't what you're looking for to begin with. Maybe something more like OTR [1], or pond once it gets reviewed more. [1] https://otr.cypherpunks.ca/ [2] https://github.com/agl/pond If you want absolute privacy, don't use computers. If you want to get things done, keep your gmail. If you want to read documentation, become your own mail provider using OpenBSD.
[patch] update FAQ for signify(1)
Hello, From section 3.5: The OpenBSD project does not digitally sign releases. The above command only detects accidental damage, not malicious tampering. If the men in black suits are out to get you, they're going to get you. It seems the men in black /are/ out to get everyone after all. Anyway... we have signfiy now and the FAQ still says otherwise. Index: faq3.html === RCS file: /cvs/www/faq/faq3.html,v retrieving revision 1.83 diff -u -p -r1.83 faq3.html --- faq3.html 1 Nov 2013 22:59:01 - 1.83 +++ faq3.html 14 Mar 2014 09:01:53 - @@ -33,9 +33,10 @@ lia href= #ISO 3.3 - Does OpenBSD provide an ISO image for download?/a lia href= #Download 3.4 - Downloading via HTTP, FTP, RSYNC or AFS/a -lia href=#Verify 3.5 - Verifying your download/a -lia href=#SelectHW 3.6 - Selecting Hardware/a -lia href=#FirstSys 3.7 - What is an appropriate first system +lia href= #Verify3.5 - Verifying your download/a +lia href= #Trust 3.6 - But how can I trust the public keys!?/a +lia href= #SelectHW 3.7 - Selecting Hardware/a +lia href= #FirstSys 3.8 - What is an appropriate first system to learn OpenBSD on?/a /ul @@ -161,22 +162,130 @@ CD is always closer than any mirror. Acc h23.5 - Verifying your download/h2 p -In the same directory as the installation sets, each mirror includes a file -named SHA256 which contains checksums of the various installation files. You -can confirm that none of the downloaded files were mangled in transit using -the sha256(1) command: +The OpenBSD project wrote +a href= http://www.openbsd.org/cgi-bin/man.cgi?query=signifyamp;sektion=1;signify(1)/a +to cryptographically sign all releases, packages, and firmware. +In the same directory as the installation sets, each mirror includes two files +named SHA256 and SHA256.sig which contain the checksums of the various +installation files, and are cryptographically signed by the private key of the +corresponding release. + +p +The signify(1) utility was first introduced in OpenBSD 5.5, however it has also +been backported to older OpenBSD releases, as well as other operating systems +such as Mac OS X to be able to verify OpenBSD (and anything else that uses +signify) without already having an OpenBSD system. + +p +There are several ways to get the public keys. If you already have a machine +running OpenBSD 5.5 or later, the public keys for the release can be found in +/etc/signify/openbsd-XX-base.pub, where XX is the version of the release you +wish to verify. If you do not already have a trusted post-5.5 OpenBSD system, +you need some way to bootstrap your trust. + +p +A great way to get the keys is by +a href= http://www.openbsd.org/orders.html;buying a CD set/a. + +p +Another way if you already trust the ssh fingerprint of the main CVS server +is with something like: + +table border=0 width=90%trtd nowrap bgcolor=#EEpre + $ bcvs -d anon...@anoncvs.openbsd.org:/cvs get src/etc/signify/b + cvs server: Updating src/etc/signify + U src/etc/signify/openbsd-55-base.pub + i[...]/i + $ bsudo mv src/etc/signify/openbsd-*.pub /etc/signify//b +/pre/td/tr/table + +p +Once you have the signify utility, the public key, a file you want to verify +(for example install55.iso), and its corresponding SHA256.sig, verifying it +would look something like: table border=0 width=90%trtd nowrap bgcolor=#EEpre - $ bsha256 -c SHA256/b + $ bsignify -C -p /etc/signify/openbsd-55-base.pub -x SHA256.sig install55.iso/b + Signature Verified + install55.iso: OK /pre/td/tr/table -The OpenBSD project does not digitally sign releases. The above command only -detects accidental damage, not malicious tampering. If the men in black suits -are out to get you, they're going to get you. +p +Please refer to the +a href= http://www.openbsd.org/cgi-bin/man.cgi?query=signifyamp;sektion=1;signify(1) man page/a +for more information and other usage. + +p +Note that you need only verify the authenticity of the checksums manifest (via +SHA256.sig) with signify(1). You can manually (visually) compare the actual +checksum of the file to be verified (for example a recently-downloaded bsd.rd +on some remote server you're about to upgrade) against the known-good signed +checksum as verified by signify(1) on your trusted computer to achieve the +same measure of authenticity. + +p +To compute the raw SHA256 checksum of a given file (for example bsd.rd), simply +type: +table border=0 width=90%trtd nowrap bgcolor=#EEpre + $ bsha256 bsd.rd/b + SHA256 (bsd.rd) = d3db7e7dca79f133665f0e8ef5eaabbf17269673dcd2ca6698c74c57892ad0be +/pre/td/tr/table + +p +a name= Trust/a +h23.6 - But how can I trust the public keys!?/h2 + +p +This question is often phrased as Why don't you just use GnuPG? + +p +No matter what, you always need to make isome/i assumption of trust +eventually. To what extent you should go to verify your install depends only
Re: [patch] update FAQ for signify(1)
On 3/14/14 5:09 AM, Jean-Philippe Ouellet wrote: Hello, ... Anyway... we have signfiy now and the FAQ still says otherwise. Oh, I forgot these: tedu's backport http://www.tedunangst.com/flak/post/signify-backport my osx port https://github.com/jpouellet/signify-osx
FAQ 11.1.2 outdated? (framebuffer support)
Hello, 11.1.2 - Can I have any kind of graphics without X? Assuming you won't accept ASCII graphics, that requires some kind of framebuffer console driver. Some operating systems provide this, but there is not currently one for OpenBSD, nor is there much interest among developers for one. Except doesn't drm(4) enable console framebuffer stuff now? Maybe we can't do vesa/fbdev or whatever like linux can, but I'm not sure this answer is still correct. Thoughts? - Jean-Philippe
Re: proposal for ports
The MacPorts project does this well with their 'livecheck', and it is indeed a very valuable feature, especially for maintainers of many ports. I have mine on a cron job, and I get emails when new versions are released, and I know a few others who have done the same for their respective ports. MacPorts' livecheck feature allows you to specify a url and a regex just for the livecheck (with sane defaults of-course). For every match of the regex, the capture-group is intelligently compared against the current version of the port, and if outdated, the current and alleged new versions are displayed for manual verification. I can't seem to find concrete examples right now, but I'm fairly certain that there have been cases where a regex was really necessary to extract the version, and certainly cases where semi-intellegent (at least more than !=) comparison is necessary to differentiate between new and different versions, especially for small software which only has one page with all the information about the project. Another thing they did was to define a mapping between common places that distribute software (github, sourceforge, freecode, bitbucket, savannah, etc.) and default version-information-containing-pages relative to the project page - often some kind of machine-friendly download index or rss-feed of version updates or such. This seems to work well and de-duplicates much effort on the part of porters, as often these indexes for common distributors are the most reliable, and non-obvious. So, I realize it's adding more complexity, but I would suggest taking the lessons learned from them and making this system slightly more flexible. I think the distributor mapping may be too much against KISS, but the regex and smarter version comparison is imho definitely worthwhile. Regardless of the implementation, I still think it's a good idea. That said, I'm not (yet) an OpenBSD porter, so take this all with a grain of salt as I don't fully understand the needs of OpenBSD's porting ecosystem. On 1/19/14 8:38 AM, Sergey Bronnikov wrote: Hi OpenBSD project has ports tree which contains a lot of applications (about 8k in latest release). I believe it is a lot of pain for maintainers of these ports to keep port in 'up to date' state and not less pain to keep eyes on the latest version of applications. I suggest to implement target in bsd.port.mk which allows to check availability of new app version for each port. It is based on fact that developers publish archives with latest version but archive has fixed name. Patch implements that idea is attached. It is a little bit ugly, but it can say more than words above. I have found al least 7 projects where developers publish such archives. They are: redis, samba, gnu tar, webmin, ruby, videolan, mercurial. Patches for database/redis and net/samba ports are attached. And now it looks like: $ make check-latest === Checking files for redis-2.8.3 `/usr/ports/distfiles/redis-2.8.3.tar.gz' is up to date. === Checking files for redis-2.8.3 `/usr/ports/distfiles/redis-stable.tar.gz' is up to date. File redis-2.8.3.tar.gz has newer version Sergey B. Index: bsd.port.mk === RCS file: /cvs/ports/infrastructure/mk/bsd.port.mk,v retrieving revision 1.1255 diff -u -p -r1.1255 bsd.port.mk --- bsd.port.mk 9 Jan 2014 10:44:33 - 1.1255 +++ bsd.port.mk 19 Jan 2014 13:13:33 - @@ -399,6 +399,9 @@ CONFIGURE_ENV += CCACHE_DIR=${CCACHE_DIR BUILD_DEPENDS += devel/ccache .endif +DISTNAME_LATEST ?= +MASTER_SITES_LATEST ?= + ALL_FAKE_FLAGS= ${MAKE_FLAGS:N-j[0-9]*} ${DESTDIRNAME}=${WRKINST} ${FAKE_FLAGS} .if ${LOCALBASE:L} != /usr/local @@ -2240,7 +2243,7 @@ _internal-fetch: . if !empty(CHECKSUMFILES) @${_MAKE} ${CHECKSUMFILES:S@^@${DISTDIR}/@} . endif -# End of FETCH +# End of FETCH: _internal-checksum: _internal-fetch @@ -3298,6 +3301,26 @@ _recurse-show-run-depends: exit 1; \ fi; \ done + +check-latest: makesum +.if !empty(DISTNAME_LATEST) + @${MAKE} fetch DISTFILES=${DISTNAME_LATEST}${EXTRACT_SUFX} \ + MASTER_SITES=${MASTER_SITES_LATEST} + + @for c in ${_CIPHERS:U}; do \ + fgrep ${DISTNAME} ${CHECKSUM_FILE} | \ + fgrep $$c | awk '{ print $$NF }' | \ + while read f; do \ + cd ${DISTDIR} cksum -b -q -a $$c ${DISTNAME_LATEST}${EXTRACT_SUFX} | \ + while read k; do \ + if test $$f != $$k; then \ + echo 12 File ${DISTFILES} has newer version; \ + exit; \ + fi; \ + done; \ + done; \ + done; +.endif show-run-depends: .if !empty(_RUN_DEP) Index: Makefile
Re: MacBook Pro
On 3/19/13 2:23 AM, Claudio Jeker wrote: On Mon, Mar 18, 2013 at 05:33:12PM -0600, Alvaro Mantilla Gimenez wrote: Hi, I would like to know if anyone is using OpenBSD on MacBook pro (intel based) and how well the system works on it. Is there any hardware issue? Performance? It depends which version you get. I have a MacBook Pro that has Intel graphics and it works fine (apart from an issue with the IDE/AHCI controller and the fact it only has a single mouse button). I still prefer my Thinkpad over it since there it just works and I don't need some magic bootcamp to get OpenBSD installed. You don't need bootcamp. It's a convenient tool if you're trying to set up multibooting and you already have stuff on disk you don't want to lose, but as long as you can set up a GPT partition table and have a working efi bootloader you can just install directly to disk like any other machine. I ran it on a MacBook Pro 5,3 a year or so ago. From what I recall, X and suspend worked, audio from line out worked, audio from speakers didn't but I probably just never took enough time to configure it right, and I don't know about the webcam because I've never tried to use it. Quite oddly they keyboard had some trouble so I had to use an external USB keyboard to install, but eventually it magically worked, (I don't remember what I did). Support has probably improved since, as it often does as hardware ages. It ran rather hot and battery life wasn't great but I suspect that's because it has two graphics cards and wasn't powering them down when not in use, but again, that's something that can probably just be configured, but I didn't have the time to figure it out. It's a shame I didn't keep the dmesg. One time I walked into an apple store with a live CD hoping to test hardware support on new machines, only to realize I hadn't thought about the fact that most don't have CD drives anymore, and when I booted it on a Mac Pro they kicked me out claiming I was trying to upload malware even though I asked the manager first and he said it was okay. :( Another time I brought a live USB stick hoping to be allowed to test it, but the guy said that the usb interfaces are highly locked down and secured but if I told him the exact kernel version of the OS I was trying to test (he was probably used to linux guys) he would test it for me and email me the results. I never heard back from him. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Current isolation best practices?
Hello misc@, I'm researching locking things down, and I'm wondering what the current best practice is for isolating risky programs. It seems this community has traditionally shunned virtualization as a solution, and also called exclusively chrooting insufficient. Okay, sure. But what is better then? Say, for example, I'm running firefox, and I don't trust it. Running it as-is straight out of pkg_add doesn't run it as its own user: $ ps -o user,command | grep firefox jpouellet firefox As I understand it, the next time a remote code execution vulnerability comes along, it could, among many many other things, read my ~/.ssh/id_rsa and then it's game over. A chroot or even just a separate user would seem to fix that problem, assuming they couldn't easily break out of it (probably not a safe assumption), but that still leaves many other issues, for example it would still be able to send network traffic originating from my machine, which would be extremely valuable to an attacker. The historical solution (as of 2005) [1] to this seems to have been to use systrace. But then vulnerabilities for that were found (in 2007) [2]. So, unless I'm missing something, it seems that virtualization remains the most wholesome solution, but if that's broken, then we're back at square one! So what do you guys recommend? Should I just chroot a vm who's network traffic all goes through a local filter, and hope for the best? I'm really at a loss for what to do here. Many thanks, Jean-Philippe [1] http://marc.info/?l=openbsd-miscm=113459984810732w=2 [2] http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf
High performance IO (sendfile(), caching, and libev(ent))
Hello, I'm trying to learn about writing high performance servers, and I have a few questions not clearly answered by any documentation I can find. I'm comfortable with select(), poll(), and kqueue(), but that only goes so far. I'm currently looking into how to send static files (over a network) with the least amount of overhead. There was a post [1] on misc@ asking about the status of a sendfile() call, but nobody replied (and it seems that splice(2) and tee(2) are just GNUisms). It appears that there's been some work on socket splicing (see sosplice() in [2]), but there's still no sendfile (or if it's there, I must not be looking in the right place [3]). If I want to serve a bunch of files often, is it fine to rely on the kernel's filesystem caching? or should I mmap() them into my address space and madvise() them to not be swapped out? Is it reasonable to stat() the file each time it is served (from my cached copy) to compare the file's modification time to the time it was cached? Would this actually hit the disk each time? or does the kernel keep that cached? It seems obvious to me that it should be be cached, but I can't actually find the relevant code. I spent a while digging through the kernel, but I don't really know where to look, and I'm not sure I'd recognize what I'm looking for if I found it anyway. The closest thing I found to something I think might be relevant was some cryptic vfs stuff. :( I'm no kernel dev, I don't pretend to understand OpenBSD internals nearly as well as I'd like to. Lastly, What's the OpenBSD community's current opinion on libevent / libev. Are they secure / stable enough that they should be considered for new code in base? Are they worth using instead of just using select/poll/kqueue/event(3) directly? [1] http://marc.info/?l=openbsd-miscm=112690025715479w=2 [2] http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/uipc_socket.c [3] http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.c Many thanks for any and all advice, Jean-Philippe Ouellet
Re: High performance IO (sendfile(), caching, and libev(ent))
On 12/20/12 3:53 AM, Jean-Philippe Ouellet wrote: and madvise() them to not be swapped out? Oops, I think I might have misinterpreted the meaning of MADV_WILLNEED. I think I meant mlock().
Re: High performance IO (sendfile(), caching, and libev(ent))
On 12/20/12 4:20 AM, Otto Moerbeek wrote: On Thu, Dec 20, 2012 at 04:06:52AM -0500, Jean-Philippe Ouellet wrote: On 12/20/12 3:53 AM, Jean-Philippe Ouellet wrote: and madvise() them to not be swapped out? Oops, I think I might have misinterpreted the meaning of MADV_WILLNEED. I think I meant mlock(). Why trying to be smarter than the kernel? Mlocking pages will kill you if there's memory shortage. The kernel will try to keep much used pages in mem anyway. -Otto Okay, yeah. That's a terrible idea. But still, the question of direct file-to-socket sending vs. keeping copies in my address space and write()ing those to the socket still remains. Normally I would just write both and profile them, but I can't figure out how to do the first on OpenBSD.
What IRCD is preferred among true security minded folk?
Dear Misc, This is somewhat off topic, but it's been on my mind for quite some time, and someone just brought up irc, so I thought I'd ask. I've been looking to set up an irc server for some time now. It would be mostly for personal use and I don't plan on having more than a handful of concurrent users nor connecting said server to any IRC network. My primary criteria are: - Good security track record - Runs on OpenBSD (port or package) - Clean code (Preferably C) - Supports encrypted connections I've read some atrocious IRCd source, I believe I even read one (an old version of hybrid?) where all configuration had to be done at compile time with #define statements instead of using a configuration file. I would prefer C over C++ (hence I'm not too fond of inspIRCd (also because they recently had an exploit in one of their default modules)). As I cannot trust the integrity of others' connections, I wish for connections to be encrypted in some form or another. Multiple irc servers support encryption via SSL, such a feature would be desirable. I would like to have channels guaranteed to be private, where private is defined by exclusively comprised of explicitly allowed users, (allowed by me, in some configuration file,) who must have authenticated via PASS or something to ensure that they are not impostors, and either be using *encrypted* connections from *unspecified*, changing, origins (as in the case of my phone, laptop, and friends' computers) or *unencrypted* connections from *known*, fixed, origins (as in the case of my bots). *IF THE ABOVE IS NOT POSSIBLE*, I want to prevent anyone from connecting to my server except for myself, my friends, and my bots. Normally I would accomplish this via PF, however in this case I cannot because I don't have a list of IPs to allow. I frequently use IRC via my phone whose IP very often changes and is in a range much bigger than I'd like to allow. The problem of my phone could be solved by using a bouncer, however such a service would also need to be locked down, thus bringing me back to block 0. My friends also use varying (unpredictable) locations, and whitelisting each one on an as-needed basis would be infeasible. One potential solution I have sought is preventing users from doing anything until a proper NICK/USER/PASS has been provided, with all accounts created by myself and told to the intended user in a secure/prearranged manner, and patching my bots to authenticate as such would be rather trivial. Features of the IRCd are not as important to me as its security. Sure, nickserv chanserv friends would be nice, but I'm more concerned about keeping outsiders/snoopers out of private channels and keeping my/friends connections secure, and less concerned about preventing chat flooding, opless channels, etc. So far I have looked into: * ngIRCd - so far my favorite * UnrealIRCd } * IRCD-Hybrid } - all forks from the same giant nightmare * Ratbox IRCd } * inspIRCd - written in C++, and doesn't have a great track-record but I am completely open to anything. Many thanks, Jean-Philippe
Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)
On 4/21/11 6:49 PM, J Sisson wrote: Order 1 with your shipping address, then order N - 1 with Richard Stallman's address. Problem solved. Brilliant! I hadn't thought of that, it's almost as good as http://xkcd.com/225
Re: OpenBSD 4.9 pre-orders
On 3/15/11 5:10 PM, Theo de Raadt wrote: I've turned on OpenBSD 4.9 pre-orders. Support us by buying something please. These sales are a part of keeping the project going. As for clothing... there's going to be a black hoodie this time. Of course there is an OpenBSD 4.9 song to go with the new artwork. That is at: http://www.openbsd.org/lyrics.html Enjoy! Awesome! Thank-you all very much for a great OS. The hoodie is really cool too (go go OpenBSDSpaceShipFish)! and yay, the commentary is back :D
Murmur (Mumble server) or alternative on OpenBSD?
Greetings o' fellows of misc@, Inspired by my refusal to run Skype, I'm looking to set up a voice chat server to run on OpenBSD, and I came across murmur a few weeks ago. It meets my requirements of being able to encrypt traffic, being BSD licensed, and having a client for windows so that my not-yet-enlightened friends would be able to chat with me on my server. I looked for an OpenBSD port, but the only thing I found was hs-murmur-hash, but this is a good, fast, general purpose, non-cryptographic hashing function. (Not what I'm looking for.) I see that murmur runs on FreeBSD and based on the archives it appears to have run on OpenBSD under linux emulation in the past (although linux emulation has just been removed?). Has anyone had any recent success with murmur? Or perhaps could someone suggest alternative/better voice chat software? Any insight is much appreciated.
Re: LLVM build
On 8/23/10 7:16 PM, Rodrigo Mosconi wrote: Dears, Anyone tried to build the openbsd using the llvm compiler, like http://wiki.freebsd.org/BuildingFreeBSDWithClang? Also, the same concept could be ported to OpenBSD? In my opinion, the openbsd want to be a GPL-free OpenSource OS, and the BSD-licensed C compiler provided by the LLVM can help. []'s Rodrigo Mosconi What about PCC? http://pcc.ludd.ltu.se/ http://tinyurl.com/2b8s2jw (google cache because undeadly is down) It is BSD licensed, and already builds OpenBSD.
Re: OpenBSD culture?
On 4/14/10 5:11 AM, Zachary Uram wrote: As a long time Linux user I will soon try out OpenBSD, I have been reading the list emails and contacted 1 OpenBSD top person who was very rude. There is some of the RTFM or get lost attitude in Linux, but if a questioner seems sincere there is usually a certain level of friendliness in Linux community towards them. Just what I have briefly observed the OpenBSD community is more abrupt and less interested in helping newbies, they prefer one find the answer solely on their own if possible. I must say I detect a certain attitude that smacks of superiority and even condescension at times. Is this a fair assessment of 6the OpenBSD culture? Zach http://www.fidei.org It has been been my experience that if you are willing to read the relevant documentation and honestly try to fix your problem on your own but simply cannot, the OpenBSD community will be *extremely* responsive and help you. However, if you ask something that can be resolved by a simple search on google/the mailing list archives, then you obviously are not willing to make an effort, and you will get a response like you did. The amount of effort you put in before asking your question here is greatly amplified in the response of the community, but unfortunately for lazy people, 0 * 100 is still 0.
Re: Howto Create a Auto-Extract Package with Shell Script tar ?
On 4/9/10 9:17 PM, Aaron Lewis wrote: Hi, I'm trying to make a small binary package , which aims to install some X11 fonts to /usr/share/fonts/truetype. Creating such a binary package will allow me to port it on any UNIX/Linux system , very useful. Firstly i need to compress my fonts to a Font_Name.tar.bz2 , if i want to put the extract script and Font_Name.tar.bz2 together , a single bundle , howto archive it ? Right now , i tried to append the Archive to the script file , Then try to read through the `setup file' except for the first 5 lines. #!/bin/bash tail +5 $0 | tar xvf - -C /tmp exit 0 # //Append Tar.Bz2 file Doesn't looks like a good way indeed. In this case, your shell script relies on the destination machine already having the utilities needed to decompress the files. From the man page of tar(1): -jCompress archive using bzip2. The bzip2 utility must be in- stalled separately. In the case of OpenBSD, bzip2 is not installed by default. So if the interest here is portability, you are not going down the right path. I would suggest something else, like gzip. Again from the man page of tar: -zCompress archive using gzip(1). Creating such a package will *not* allow you to port it to any UNIX/Linux system for 2 reasons (that I can think of). 1) bzip2 might not be present. 2) I could be wrong (having never needed to install fonts from their vendors), but I'd be willing to bet that fonts don't go in the same place on every system. If you are really only trying to distribute a package of fonts, you're better off just distributing it as is, and telling people where to extract it on a given system. If you look at most bundles of files in unix, they are .tar.gz or .tgz. If everybody does it, there must be a reason for it. Simpler is always better.
Re: OT: javascript deobfuscator?
On 4/7/10 4:47 PM, bofh wrote: Anyone know of a good standalone javascript deobfuscator? We want to run it against something like the results from tcpflow. Thanks. Standalone... not really, but I use a firefox plugin[1] and that has worked nicely for everything I've had to do so far. I looked for a good standalone deobfuscator a while back, but couldn't find one, and came to the conclusion that it was because you'd need a javascript engine anyway, and to make sure the code was properly reverse engineered to what is done in the browser, it would be best to actually use a browser and trace what is done. I know this isn't standalone, but I still hope it helps in your scenario. [1] https://addons.mozilla.org/en-US/firefox/addon/10345
Re: macbook pro 5,5
On 3/24/10 11:24 PM, Jacob Meuser wrote: On Wed, Mar 24, 2010 at 10:26:59PM -0400, Jean-Philippe Ouellet wrote: Here is a new mixerctl -v: do any of the inputs.dac-?:?_mute change to 'on' when you plug in the headphones? Nope, only outputs.hp_sense goes from unplugged to plugged.
Re: macbook pro 5,5
On 3/24/10 11:37 PM, Jacob Meuser wrote: On Wed, Mar 24, 2010 at 10:26:59PM -0400, Jean-Philippe Ouellet wrote: In the 3/9 kernel, there is no sound output anywhere. In the 3/23 kernel, I get output in headphones. Here is a new mixerctl -v: outputs.hp_source=dac-2:3 [ dac-2:3 ] outputs.hp_boost=off [ off on ] outputs.spkr_source=dac-4:5 [ dac-4:5 ] outputs.spkr2_source=dac-0:1 [ dac-0:1 ] actually, this still doesn't look right. I expect: outputs.hp_source=dac-0:1 [ dac-0:1 ] outputs.hp_boost=off [ off on ] outputs.spkr_source=dac-4:5 [ dac-4:5 ] outputs.spkr2_source=dac-2:3 [ dac-2:3 ] can you build a kernel with AZALIA_DEBUG defined and send me a dmesg from that? OpenBSD 4.7-current (GENERIC.MP) #0: Thu Mar 25 16:49:45 EDT 2010 r...@opentop.realconnect.com:/usr/src/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2925703168 (2790MB) avail mem = 2839818240 (2708MB) RTC BIOS diagnostic error d7clock_battery,ROM_cksum,memory_size,invalid_time mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (44 entries) bios0: vendor Apple Inc. version MBP53.88Z.00AC.B03.0906151647 date 06/15/09 bios0: Apple Inc. MacBookPro5,3 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP HPET APIC APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices ADP1(S3) LID0(S3) EC__(S3) GMUX(S3) OHC1(S3) EHC1(S3) OHC2(S3) EHC2(S3) GIGE(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2500 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 2786.47 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu0: 6MB 64b/line 16-way L2 cache cpu0: apic clock running at 265MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 2786.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu1: 6MB 64b/line 16-way L2 cache ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 255 (IXVE) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpiac0 at acpi0: AC unit offline acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 3545797981023400290 type 3545797981528607052 oem 3545797981528673619 cpu0: Enhanced SpeedStep 2786 MHz: speeds: 2793, 2660, 2394, 2128, 1862, 1596 MHz memory map conflict 0xffc0/0x40 pci0 at mainbus0 bus 0 mem address conflict 0xe740/0x8 pchb0 at pci0 dev 0 function 0 NVIDIA MCP79 Host rev 0xb1 NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 0 function 1 not configured pcib0 at pci0 dev 3 function 0 NVIDIA MCP79 ISA rev 0xb3 NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 3 function 1 not configured nviic0 at pci0 dev 3 function 2 NVIDIA MCP79 SMBus rev 0xb1 iic0 at nviic0 spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-8500 SO-DIMM spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-8500 SO-DIMM iic1 at nviic0 iic1: addr 0x2c 00=ff 02=08 03=f9 07=60 0d=70 71=06 86=5e 90=73 91=58 92=b4 93=77 94=32 95=8c 96=78 97=90 9f=0c a0=3d a1=3f a2=3d a3=3f a4=3d a5=3f a6=3d a7=3d a8=3d a9=3d aa=3d ab=3d ac=3d ad=3d ae=3d af=3d b0=3d b1=3d b2=3d b3=3d b4=3d b5=3d b6=3d b7=3d b8=3d b9=3d ba=3d bb=39 bc=3d bd=3d be=3d bf=3d words 00=ff00 01=0008 02=08f9 03=f900 04= 05= 06=0060 07=6000 NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 3 function 3 not configured vendor NVIDIA, unknown product 0x0a98 (class memory subclass RAM, rev 0xb1) at pci0 dev 3 function 4 not configured NVIDIA MCP79 Co-processor rev 0xb1 at pci0 dev 3 function 5 not configured ohci0 at pci0 dev 4 function 0 NVIDIA MCP79 USB rev 0xb1: apic 1 int 11 (irq 11), version 1.0, legacy support ehci0 at pci0 dev 4 function 1 NVIDIA MCP79 USB rev 0xb1: apic 1 int 10 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1 ohci1 at pci0 dev 6 function 0 NVIDIA MCP79 USB rev 0xb1: apic 1 int 7 (irq 7), version 1.0, legacy support ehci1 at pci0 dev 6 function 1 NVIDIA MCP79 USB rev 0xb1: apic 1 int 5 (irq 5) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 NVIDIA EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 8 function 0 NVIDIA MCP79 HD Audio rev 0xb1: apic 1 int 15 (irq 15) azalia_reset: resetting azalia_reset: reset counter = 5000 azalia_reset: reset counter = 4991 azalia0: host: High Definition Audio rev. 1.0 azalia0: host: 4 output, 4 input, and 0 bidi streams azalia0: found a codec at #0 azalia_init_corb: CORB allocation succeeded. azalia_init_corb: CORBWP=0; size=256 azalia_init_rirb: RIRB allocation succeeded. azalia_init_rirb: RIRBRP=0
Re: macbook pro 5,5
On 3/25/10 12:44 PM, Ted Roby wrote: On Thu, Mar 25, 2010 at 3:45 AM, Lars Noodenlars.cura...@gmail.com wrote: On 3/24/10 21:02 , Pau wrote: I was also wondering whether it is possible to have openbsd on the laptop as the only OS. I am guessing that the EFI could give trouble. I've done that with the older macbook pros. I'm sure the openfirmware could be set to boot straight into OpenBSD, but would need a good OF reference first. If you leave it as-is, the firmware takes a long time to find the system. Leaving a minimal OS X partition and using rEFIt to boot 'legacy first', it quickly goes into openbsd as the default.If you leave off all the language variants and excess printer drivers, then OS X is about 20 GB. /Lars Actually, a default install of OSX without localizations and printer support is only 4.5 GB. You can reduce the partition it is installed on to that, plus the size of your memory. So, OSX allowed me to shrink my HFS+ partition (with 4 GB ram) down to 9.5 GB. I used diskutil resize to do this after install. Actually, if you're not going to use OSX, you shouldn't need to have it on your disk at all because you can put rEFIt on a small EFI partition at the beginning of your disk and use bless(8) from an OSX dvd or whatever to set it to boot. Such an EFI partition was silently created if you used Disk Utility to set up your disk (and exists by default on macs when you buy them). I had it set up like this on my old MacBook1,1 but have not tried it on my MacBookPro5,3 although I see no reason why it wouldn't work.
Re: macbook pro 5,5
I run OpenBSD amd64 current (as of 2 weeks ago) on my MacBookPro5,3 (the latest 15 inch). Overall, the hardware is pretty well supported. I'm dual booting between OpenBSD and OSX 10.6.2. For the last year or so I've been meaning to write a dual-booting guide to send to nick for the faq, but never got around to it, it's still on my todo list though. apmd works ok, although suspend is not supported. 4.6 did not regulate processor speed properly, but that's been fixed in current. The biggest obstacle in running OpenBSD on the MacBook Pro is that the wireless card is not supported. For now I'm using a little usb wireless card I got at microcenter. The usb wireless (run0) is the only thing in my dmesg that is not part of the default hardware. I can confirm the problem about not all the ram being recognized, I have 8g installed and only about 2g can be used. X works well, I have no complaints (other than its insecure nature). I'm running scrotwm (marco's wonderful lightweight window manager) and have yet to find something in X that doesn't work on my hardware. Sound seems to not work, despite azalia showing up in the dmesg, but I can't say that I've thoroughly tested it either. I have yet to find a way to detect when the lid of the laptop is closed, if anyone knows anything about this, please do share. Here's my dmesg, again run0 is an external usb wireless card: OpenBSD 4.7 (GENERIC.MP) #128: Tue Mar 9 09:54:33 MST 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2925703168 (2790MB) avail mem = 2839826432 (2708MB) RTC BIOS diagnostic error d7clock_battery,ROM_cksum,memory_size,invalid_time mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (44 entries) bios0: vendor Apple Inc. version MBP53.88Z.00AC.B03.0906151647 date 06/15/09 bios0: Apple Inc. MacBookPro5,3 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP HPET APIC APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices ADP1(S3) LID0(S3) EC__(S3) GMUX(S3) OHC1(S3) EHC1(S3) OHC2(S3) EHC2(S3) GIGE(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2500 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 2786.47 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 6MB 64b/line 16-way L2 cache cpu0: apic clock running at 265MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 2786.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 6MB 64b/line 16-way L2 cache ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 255 (IXVE) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpiac0 at acpi0: AC unit offline acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 3545797981023400290 type 3545797981528607052 oem 3545797981528673619 cpu0: Enhanced SpeedStep 2786 MHz: speeds: 2793, 2660, 2394, 2128, 1862, 1596 MHz memory map conflict 0xffc0/0x40 pci0 at mainbus0 bus 0 mem address conflict 0xe740/0x8 pchb0 at pci0 dev 0 function 0 NVIDIA MCP79 Host rev 0xb1 NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 0 function 1 not configured pcib0 at pci0 dev 3 function 0 NVIDIA MCP79 ISA rev 0xb3 NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 3 function 1 not configured nviic0 at pci0 dev 3 function 2 NVIDIA MCP79 SMBus rev 0xb1 iic0 at nviic0 spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-8500 SO-DIMM spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-8500 SO-DIMM iic1 at nviic0 iic1: addr 0x2c 00=ff 02=08 03=f9 07=60 0d=6e 71=06 86=5e 90=73 91=58 92=b4 93=77 94=32 95=8c 96=78 97=90 9f=0c a0=3d a1=3d a2=3d a3=3d a4=7d a5=3d a6=3d a7=3d a8=3d a9=3d aa=3d ab=3d ac=3c ad=3d ae=3d af=7d b0=3d b1=3d b2=3d b3=3f b4=3d b5=3c b6=3d b7=3d b8=3d b9=3d ba=3d bb=3d bc=3d bd=3d be=3d bf=3d words 00=ff00 01=0008 02=08f9 03=f900 04= 05= 06=0060 07=6000 NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 3 function 3 not configured vendor NVIDIA, unknown product 0x0a98 (class memory subclass RAM, rev 0xb1) at pci0 dev 3 function 4 not configured NVIDIA MCP79 Co-processor rev 0xb1 at pci0 dev 3 function 5 not configured ohci0 at pci0 dev 4 function 0 NVIDIA MCP79 USB rev 0xb1: apic 1 int 11 (irq 11), version 1.0, legacy support ehci0 at pci0 dev 4 function 1 NVIDIA MCP79 USB rev 0xb1: apic 1 int 10 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1 ohci1 at pci0 dev 6 function 0 NVIDIA MCP79 USB rev 0xb1: apic 1 int 7
Re: macbook pro 5,5
On 3/24/10 8:10 PM, Jacob Meuser wrote: On Wed, Mar 24, 2010 at 07:12:13PM -0400, Jean-Philippe Ouellet wrote: On 3/24/10 6:49 PM, Jacob Meuser wrote: On Wed, Mar 24, 2010 at 06:19:31PM -0400, Jean-Philippe Ouellet wrote: I run OpenBSD amd64 current (as of 2 weeks ago) on my MacBookPro5,3 (the latest 15 inch). Sound seems to not work, despite azalia showing up in the dmesg, but I can't say that I've thoroughly tested it either. yeah, more stupid GPIO quirks needed. way to go, Apple. send me a `mixerctl -v` please. inputs.dac-2:3_mute=off [ off on ] inputs.dac-2:3=126,126 inputs.dac-4:5_mute=off [ off on ] inputs.dac-4:5=126,126 inputs.dac-0:1_mute=off [ off on ] inputs.dac-0:1=126,126 record.adc-2:3_source=line-in [ line-in ] record.adc-2:3_mute=off [ off on ] record.adc-2:3=124,124 record.adc-0:1_source=mic [ mic ] record.adc-0:1_mute=off [ off on ] record.adc-0:1=124,124 record.dig-adc-0:1_sou=SPDIF-in [ SPDIF-in ] outputs.hp_source=dac-2:3 [ dac-2:3 ] outputs.hp_boost=off [ off on ] outputs.spkr_source=dac-4:5 [ dac-4:5 ] outputs.spkr2_source=dac-0:1 [ dac-0:1 ] hmm. I committed patches to deal with 2 speaker sets a few days ago (3/21). is the kernel newer than that? please make sure it is an see if you get sound on either headphones or built-in speakers. inputs.line-in=85,85 inputs.mic=85,85 outputs.mic_dir=input-vr80 [ none input input-vr0 input-vr50 input-vr80 ] outputs.SPDIF_source=dig-dac-0:1 [ dig-dac-0:1 ] outputs.hp_sense=unplugged [ unplugged plugged ] outputs.line-in_sense=unplugged [ unplugged plugged ] outputs.SPDIF-in_sense=unplugged [ unplugged plugged ] outputs.spkr_muters=hp,line-in,SPDIF-in { hp line-in SPDIF-in } outputs.master=126,126 outputs.master.mute=off [ off on ] outputs.master.slaves=dac-4:5,dac-0:1 { dac-2:3 dac-4:5 dac-0:1 } record.volume=124,124 record.volume.mute=off [ off on ] record.volume.slaves=adc-2:3,adc-0:1 { adc-2:3 adc-0:1 line-in mic } outputs.mode=analog [ analog digital ] record.mode=analog [ analog digital ] Thanks for looking into this, and sorry for replying to you directly, I meant to send it to the list as it could be useful to somebody in the future. In the 3/9 kernel, there is no sound output anywhere. In the 3/23 kernel, I get output in headphones. Here is a new mixerctl -v: inputs.dac-2:3_mute=off [ off on ] inputs.dac-2:3=126,126 inputs.dac-4:5_mute=off [ off on ] inputs.dac-4:5=126,126 inputs.dac-0:1_mute=off [ off on ] inputs.dac-0:1=126,126 record.adc-2:3_source=line-in [ line-in ] record.adc-2:3_mute=off [ off on ] record.adc-2:3=124,124 record.adc-0:1_source=mic [ mic ] record.adc-0:1_mute=off [ off on ] record.adc-0:1=124,124 record.dig-adc-0:1_sou=SPDIF-in [ SPDIF-in ] outputs.hp_source=dac-2:3 [ dac-2:3 ] outputs.hp_boost=off [ off on ] outputs.spkr_source=dac-4:5 [ dac-4:5 ] outputs.spkr2_source=dac-0:1 [ dac-0:1 ] inputs.line-in=85,85 inputs.mic=85,85 outputs.mic_dir=input-vr80 [ none input input-vr0 input-vr50 input-vr80 ] outputs.SPDIF_source=dig-dac-0:1 [ dig-dac-0:1 ] outputs.hp_sense=unplugged [ unplugged plugged ] outputs.line-in_sense=unplugged [ unplugged plugged ] outputs.SPDIF-in_sense=unplugged [ unplugged plugged ] outputs.spkr_muters=hp,line-in,SPDIF-in { hp line-in SPDIF-in } outputs.master=126,126 outputs.master.mute=off [ off on ] outputs.master.slaves=dac-4:5,dac-0:1 { dac-2:3 dac-4:5 dac-0:1 } record.volume=124,124 record.volume.mute=off [ off on ] record.volume.slaves=adc-2:3,adc-0:1 { adc-2:3 adc-0:1 line-in mic } outputs.mode=analog [ analog digital ] record.mode=analog [ analog digital ] and there's no change in the dmesg with respect to azalia.
ftp.openbsd.org welcome message out of date
When logging into the ftp server I get the nice ascii puffy, but it also says OpenBSD 4.4 is available for pre-order! Now that 4.4 is out the CDs are not *pre-ordered* but ordered. This is not a problem, but since nobody has brought it up before nor has the ftp server been updated, i'm letting you know. If this does not belong on misc, then please point me in the right direction. If you didn't allready pre-order the cd, please remember to order your CDs to support the project.
Re: ftp.openbsd.org welcome message out of date
and yes i sent this to beck too. (I think that's who would be incharge of updating it). Jean-Philippe Ouellet wrote: When logging into the ftp server I get the nice ascii puffy, but it also says OpenBSD 4.4 is available for pre-order! Now that 4.4 is out the CDs are not *pre-ordered* but ordered. This is not a problem, but since nobody has brought it up before nor has the ftp server been updated, i'm letting you know. If this does not belong on misc, then please point me in the right direction. If you didn't allready pre-order the cd, please remember to order your CDs to support the project.