Re: OT: hardware war with manufacturers (espionage claims)
On Tue, 2 Jul 2019 10:07:59 +0300 Mihai Popescu wrote: > Hello, > > I keep finding articles about some government bans against some > hardware manufacturers related to some backdoor for espionage. I know > this is an old talk. Most China manufacturers are under the search: > Huawei, ZTE, Lenovo, etc. It seems painfully obvious what's driving all the bans and vilification of Chinese hardware and software is that the USA wants exclusive rights to spy on you and won't tolerate any competition. Does anybody think maybe the reason Google and Facebook don't pay taxes anywhere might have something to do with what they do with all that info they collect? Is the "new" talk about USA banning any meaningful encryption proof of how seriously they take security and privacy? > What do you think and do when using OpenBSD on this kind of hardware? Lemote boxes are kinda neat but they're not the fastest in the world. It beats the hell out of the alternatives if you can live with the limitations. > Do you prefer Dell, HP and Fujitsu? Your only choice is probably to pick the least objectionable entity to spy on you. If you buy Intel you know you're getting broken, insecure crap no matter whose box it comes in. Sure it runs fast, but... in that case everybody is going to spy on you. /jl
Fujitsu Xeon box running 6.4 + all sypatches doesn't power off for halt -p
I am not sure when this changed since I don't reboot the box often but halt -p no longer powers off this box. It used to work, now it doesn't. Any idea what the problem could be? Thanks, /jl
Re: When will be created a great desktop experience for OpenBSD?
On Tue, 7 May 2019 19:02:57 + Kent Watsen wrote: > Probably not what the OP is looking for, but `tmux` is my current > "window manager" of choice ;) Along those lines I find i3 is the perfect wm companion to tmux :) /jl
Re: When will be created a great desktop experience for OpenBSD?
On Tue, 7 May 2019 08:47:18 +0200 Denis Fondras wrote: > > user-friendly and easy-to-use > > > > Sounds like the exact description of current OpenBSD... +100 This is exactly why I like and use it.
Re: Good options for SAS HBA or SATA expansion cards?
On Mon, 15 Apr 2019 09:37:05 +0300 li...@wrant.com wrote: > Thu, 11 Apr 2019 07:50:36 +0000 John Long > > [...] > > but they can be slow. They also have a card based on the Silicon > > Image SiI3114 chipset. I didn't find much info on this one except > > for Windows victims claiming it was great or sucked. > > Hi John, > > Don't get this. I have a controller of this chipset on one mainboard > and found out it works very unreliable, generates errors on regular > light use and our driver for it in OpenBSD turned out to be stuck > before its second version as it is found in other operating kernels. > Skip or fix drivers.. > > Kind regards, > Anton Lazarov > Thank you, Anton! I found a lot of problems with various chipsets which is why I asked on the list here to see what is supported well by OpenBSD. It turns out several guys have all mentioned good results with cards based on one of the Marvell chipsets. My local shops don't have that card, they only have a card based on a chipset that seems to be problematical. I'll look for the recommended one online. /jl
Re: Good options for SAS HBA or SATA expansion cards?
On Sun, 14 Apr 2019 15:35:22 -0400 gwes wrote: > >> I'll second the LSI Logic/Avago/Broadcom? SAS/SATA controllers. > >> They run as many disks as I want at full speed. As previously > >> mentioned they can be quite inexpensive if you buy one relabelled > >> as (for instance) an IBM card. > >> > >> They do need to be flashed to a recent firmware version. > >> Older firmware versions limit themselves to 32-bit block numbers. > > Can I flash one of these cards without installing it in a Windows > > box? Because I don't have one ;) > They can be flashed from Linux. I think a USB drive formatted right > with the appropriate files & running Linux from a cd-rom would > suffice. I did something like that. Thanks.
Re: Good options for SAS HBA or SATA expansion cards?
On Sun, 14 Apr 2019 14:53:34 -0400 gwes wrote: > >> > >>>>> On 2019-04-11, John Long wrote: > >>>>>> I have a Dell server that was advertised to support 4x3.5 + > >>>>>> 2x2.5 drives but when I popped it open I found there are only > >>>>>> 4 SATA ports on the motherboard total. So of the 6 claimed > >>>>>> drives, I can actually only install 3 drives because the stock > >>>>>> DVD drive consumes a mobo port. > >>>>>> > >>>>>> Yeah T30 PowerEdge. The local shop has the card Dell > >>>>>> recommended, but I'm not sure I trust them since it's unlikely > >>>>>> Dell tests anything but a thousand variants of Windows and > >>>>>> *maybe* RedHat. > >>>>>> > >>>>>> /jl > >>>>>> > [ lots of good stuff snipped ] > I'll second the LSI Logic/Avago/Broadcom? SAS/SATA controllers. > They run as many disks as I want at full speed. As previously > mentioned they can be quite inexpensive if you buy one relabelled > as (for instance) an IBM card. > > They do need to be flashed to a recent firmware version. > Older firmware versions limit themselves to 32-bit block numbers. Can I flash one of these cards without installing it in a Windows box? Because I don't have one ;) > A probably obvious note: > PC type boxes have unfortunate limitations unless one > is prepared to spend $$$ for high end or Xeon/Opteron. > PCI lanes and memory subsystems can saturate :-( It is a Xeon box, but low end. It was not expensive and it shows. I prefer my other low-end Xeon box, the Fujitsu TX1310 M3 is a much better box with easier access to everything, runs 4x3.5 drives without requiring an addon card and has a 1225 v6 Xeon as opposed to the v5 that came in this Dell box I'm fighting with. /jl
Re: Good options for SAS HBA or SATA expansion cards?
On Sun, 14 Apr 2019 11:13:55 - (UTC) Stuart Henderson wrote: > On 2019-04-13, John Long wrote: > > On Sat, 13 Apr 2019 08:05:29 - (UTC) > > Stuart Henderson wrote: > > > >> On 2019-04-11, John Long wrote: > >> > I have a Dell server that was advertised to support 4x3.5 + 2x2.5 > >> > drives but when I popped it open I found there are only 4 SATA > >> > ports on the motherboard total. So of the 6 claimed drives, I can > >> > actually only install 3 drives because the stock DVD drive > >> > consumes a mobo port. > >> > >> You missed the important information of *which* server. > > > > Ah sorry. > > > >> If it's one of the usual poweredge then you're usually better off > >> with whatever they normally use for RAID systems (you can usually > >> find them second-hand). > > > > Yeah T30 PowerEdge. The local shop has the card Dell recommended, > > but I'm not sure I trust them since it's unlikely Dell tests > > anything but a thousand variants of Windows and *maybe* RedHat. > > > > /jl > > > > > > Ah ok. You might as well treat this as a whitebox PC then as there > aren't any standard hardware RAID/etc options for these (and you > don't need to worry about cables from card to backplane) > > Had it been a Txx0 or Rxx0 then there would be a more obvious choice. Dell does have a part number for this since they did this on purpose apparently so they can sell a half-baked server and then sell you a card which they know you will need...but I am not sure if it is a good choice.. Anyway thanks to everybody who answered. :) /jl
Re: Good options for SAS HBA or SATA expansion cards?
On Sat, 13 Apr 2019 08:05:29 - (UTC) Stuart Henderson wrote: > On 2019-04-11, John Long wrote: > > I have a Dell server that was advertised to support 4x3.5 + 2x2.5 > > drives but when I popped it open I found there are only 4 SATA > > ports on the motherboard total. So of the 6 claimed drives, I can > > actually only install 3 drives because the stock DVD drive consumes > > a mobo port. > > You missed the important information of *which* server. Ah sorry. > If it's one of the usual poweredge then you're usually better off with > whatever they normally use for RAID systems (you can usually find them > second-hand). Yeah T30 PowerEdge. The local shop has the card Dell recommended, but I'm not sure I trust them since it's unlikely Dell tests anything but a thousand variants of Windows and *maybe* RedHat. /jl
Re: Good options for SAS HBA or SATA expansion cards?
Thank you Paul and Johann! /jl
Re: Good options for SAS HBA or SATA expansion cards?
Thank you! /jl On Fri, 12 Apr 2019 10:22:14 +0200 Marco Nuessgen wrote: > On Thu, Apr 11, 2019 at 07:50:36AM +0000, John Long wrote: > [...] > > Can anybody recommend some good 2 or 4 port SATA (internal) > > expansion cards or a SAS HBA that works well with OpenBSD? > > Have a look at the IBM ServeRaid M1015 SAS 6.0gbps SATA III. HBA. It > is based on the LSI SAS2008 chip and can be crossflashed to: > LSI9211-IT Straight pass through no RAID > LSI9211-IR Pass through, RAID 0, 1, 1e, 10 > > https://www.servethehome.com/ibm-serveraid-m1015-part-4/ > > > Marco. >
Re: Good options for SAS HBA or SATA expansion cards?
On Fri, 12 Apr 2019 07:00:15 +0200 Robert wrote: > On Thu, 11 Apr 2019 07:50:36 + > John Long wrote: > > Speaking with Dell, they are recommending their part number PEXSAT32 > > which is a rebadged StarTech product based on the Marvell 88SE9123 > > chipset. From posts I saw from people running various OS, that > > chipset is flaky on everything but Windows. > > > > Can anybody recommend some good 2 or 4 port SATA (internal) > > expansion cards or a SAS HBA that works well with OpenBSD? > > I am using two of these in my server: > > ahci0 at pci3 dev 0 function 0 "Marvell 88SE9230 AHCI" rev 0x11: msi, > AHCI 1.2 Thank you! So far two votes for this chipset. Somebody contacted me offline to say he was using a HighPoint Rocket 640L card. Is this the same card you have? /jl
Good options for SAS HBA or SATA expansion cards?
Hi, I have a Dell server that was advertised to support 4x3.5 + 2x2.5 drives but when I popped it open I found there are only 4 SATA ports on the motherboard total. So of the 6 claimed drives, I can actually only install 3 drives because the stock DVD drive consumes a mobo port. Speaking with Dell, they are recommending their part number PEXSAT32 which is a rebadged StarTech product based on the Marvell 88SE9123 chipset. From posts I saw from people running various OS, that chipset is flaky on everything but Windows. My local shop has several el-cheapo no-brand cards based on the ASMedia ASM1061 chipset. From what I could find on the net those cards work ok but they can be slow. They also have a card based on the Silicon Image SiI3114 chipset. I didn't find much info on this one except for Windows victims claiming it was great or sucked. Can anybody recommend some good 2 or 4 port SATA (internal) expansion cards or a SAS HBA that works well with OpenBSD? Thanks, /jl
Possible to create softraid device from existing disk(s)?
Hi, I have a server running OpenBSD. It has slots for 4 drives. I have the OS and web content on one drive and media files on another drive. I have been running rsync to backup these drives to identically-sized drives in the same box. Basically 2 drives are used to run the services (dlna, Samba, http) and the other 2 drives are backups. I would like to use softraid so that I don't have to run backups manually or on a schedule with cron etc. I understand RAID is not a backup strategy but at the same time my threat model is failing hardware rather than anything else. Is there a way to use softraid to create 2 separate RAID mirrors of the two main drives that are already populated with data? Thanks, /jl
Re: Best way to change disk layout?
Hello Nick, Thanks for your reply. I figured everyone was busy so I played around trying a few things. I was able to copy /var to a new directory, unmount -f /var and rename the new directory to /var. So far so good... Changed my fstab to not mount the filesystems I wanted to delete, and rebooted. This worked fine but then when I went to disklabel I was having a hard time figuring out why, after deleting the unwanted partitions disklabel was not in a helpful mood about adding a new partition in the right area. I had two large free areas with some used space in the middle. The disklabel add wanted to add after the last used partition, not in between in the dead space, and I couldn't figure out how to do it. And then I realized I was still going to end up with a suboptimal layout, so I just copied my user directories and /etc to another box and installed a new 6.4 over my old upgraded 6.4 system and did the layout again. Took about an hour to get everything straightened out. Are smbd and nmbd supposed to run as root? httpd changes to www but I don't see anything like that for samba. I can't remember how it was working before. Thanks, /jl > This is again why I argue, just because you got a 500g drive on your > firewall doesn't mean you need to allocate all of it. Give me 20g > spare space and there isn't much I couldn't shuffle on a system, even > remotely (I can't move /. I can't necessarily save data without > someplace else to put it). Agreed. I had space, I just didn't like the way it was arranged. I would have had to move /usr and /usr/X11R6 and it was just not worth the effort given the drive in question is pretty much just the system whereas the content for the services it runs is on other drives. > > Nick. >
Best way to change disk layout?
I'm running release instead of stable like I did years ago. Syspatch is a better solution for me than building from source. I want to change my disk layout because when I set up this box I was thinking of building from source like the old days. I want to eliminate some filesystems and move /var and resize it. I can't growfs where /var is right now, the filesystems I want to get rid of precede it. Is it better to do this kind of thing single-user (is it even possible to run without /var) or is it better to boot the installer disk and do it from a shell without anything mounted? Thanks, /jl
Re: Persistent flags for disabled daemons?
On Mon, 2018-11-05 at 11:55 +, Stuart Henderson wrote: > On 2018-11-04, John Long wrote: > > On Sun, 2018-11-04 at 10:46 +0100, Antoine Jacoutot wrote: > > > On Sun, Nov 04, 2018 at 03:57:30AM +0100, Klemens Nanni wrote: > > > > On Sun, Nov 04, 2018 at 12:41:17AM +, John Long wrote: > > > > > If I use rcctl set to set minidlna's flags to -R it seems it > > > > > will > > > > > only > > > > > allow me to do it when minidlna is enabled. I would like the > > > > > flags to > > > > > survive disablement because I don't want to start the > > > > > minidlna > > > > > server > > > > > every time the box comes up. > > > > > > > > Settings flags for disabled daemons is not possible as rcctl > > > > tells > > > > you. > > > > > > > > Keeping flags when disabling daemons with rcctl is currently > > > > not > > > > possible. The only way to do so is by commenting the > > > > rc.conf.local > > > > line > > > > manually. > > > > > > Note that it would be easy for rcctl to save the flags > > > (basically > > > only remove > > > minidlna from the pkg_scripts variable). But that would make the > > > behavior > > > inconsistent with how base rc.d scripts behave. When you disable > > > a > > > base script, > > > you must remove the foo_flags from rc.conf.local (and can't > > > retain > > > the flags). > > > I prefer to have a consistent behavior, this is why rcctl works > > > this > > > way. > > > > I did not understand why it worked this way. Thanks for the > > explanation! > > > > /jl > > > > > > > > In order to do what you're asking for, set minidlna_flags=-R in > rc.conf.local by hand, then you can use "rcctl start minidlna" > as normal. As long as you don't use enable/disable you won't > need to change it again. Thank you, that works. I tried various flavors of this but I probably shot myself in the behind trying the sample commands in the manpage ;) /jl
Re: Persistent flags for disabled daemons?
On Sun, 2018-11-04 at 03:57 +0100, Klemens Nanni wrote: > On Sun, Nov 04, 2018 at 12:41:17AM +0000, John Long wrote: > > If I use rcctl set to set minidlna's flags to -R it seems it will > > only > > allow me to do it when minidlna is enabled. I would like the flags > > to > > survive disablement because I don't want to start the minidlna > > server > > every time the box comes up. > > Settings flags for disabled daemons is not possible as rcctl tells > you. > > Keeping flags when disabling daemons with rcctl is currently not > possible. The only way to do so is by commenting the rc.conf.local > line > manually. Hi, rcctl does not seem to respect the flag in rc.conf.local, so I don't understand how it would help to comment it out. If I have a flag specified in rc.conf.local it does not seem to be respected when I start the daemon using rcctl. It seems like it would make sense for the status of the daemon (enabled/disabled) to be separate from the flags. /jl
Re: Persistent flags for disabled daemons?
On Sun, 2018-11-04 at 10:46 +0100, Antoine Jacoutot wrote: > On Sun, Nov 04, 2018 at 03:57:30AM +0100, Klemens Nanni wrote: > > On Sun, Nov 04, 2018 at 12:41:17AM +0000, John Long wrote: > > > If I use rcctl set to set minidlna's flags to -R it seems it will > > > only > > > allow me to do it when minidlna is enabled. I would like the > > > flags to > > > survive disablement because I don't want to start the minidlna > > > server > > > every time the box comes up. > > > > Settings flags for disabled daemons is not possible as rcctl tells > > you. > > > > Keeping flags when disabling daemons with rcctl is currently not > > possible. The only way to do so is by commenting the rc.conf.local > > line > > manually. > > Note that it would be easy for rcctl to save the flags (basically > only remove > minidlna from the pkg_scripts variable). But that would make the > behavior > inconsistent with how base rc.d scripts behave. When you disable a > base script, > you must remove the foo_flags from rc.conf.local (and can't retain > the flags). > I prefer to have a consistent behavior, this is why rcctl works this > way. I did not understand why it worked this way. Thanks for the explanation! /jl
Persistent flags for disabled daemons?
Hi, I am not understanding how to get rcctl to use the flags in /etc/rc.conf.local for minidlna rcctl get minidlna shows minidlna_flags=NO even though rc.conf.local has minidlna_flags=-R If I use rcctl set to set minidlna's flags to -R it seems it will only allow me to do it when minidlna is enabled. I would like the flags to survive disablement because I don't want to start the minidlna server every time the box comes up. Thanks, /jl
Re: The Ultimate OpenBSD Media Server
On Sat, 2018-08-11 at 21:55 -0700, Jordan Geoghegan wrote: > Hi Folks, > > I found a viable Plex alternative that runs perfectly on OpenBSD > called > 'Serviio'. It does DLNA with on the fly media transcoding / remuxing > and > also has an HTML5 media player. Thanks for the info. I have been using minidlna and sambad which are both fine so far for my purposes. The only thing that is missing from minidlna for me is the ability to stream .dss and .dsf audio. Somebody has been maintaining a patch tree to support this for a few years but for some reason it has not been incorporated into whatever the main branch is. I don't get why anybody would want transcoding in 2018. My own use case is high res audio and I absolutely don't want to kill sound quality by transcoding. I don't do much video but I also don't get it why anybody would be happy about reducing video quality given how cheap bandwidth is these days. > I've rewritten the install guide from the official Serviio website > to > instead run Serviio as a separate user, use a better install > location > and not grab the full jdk. I mentioned Serviio a few days ago on a > ports@ thread and several people messaged me privately asking for my > write up on Serviio; I hope others can get some use and enjoyment out > of > this, so I thought I would share it here for others to see as well. > > Link to Guide: > > www.geoghegan.ca/serviio.html Thanks. I will definitely look at it! /jl
Re: Q: Systems with Skylake based XEON silver CPUs supported by OpenBSD 6.3 amd64
Hello Peter, On Wed, 2018-07-18 at 12:40 +, Steiner Peter wrote: > Hello folks, > > we are currently looking for new server hardware compatible with > OpenBSD 6.3 amd64. > I couldn't find a compatibility list for current systems. > > We'd like to use Skylake based XEONs (e.g. Xeon Silver 4108) in > current dual (or single) socket systems > like "Dell PowerR640", "Fujitsu RX2530M4" (maybe "ProLiant DL360 > Gen10" or "Lenovo ThinkSystem SR550") I just brought up 6.3 on a new Fujitsu Primergy TX1310 M3 which runs the Xeon E3-1225 v6 Kaby Lake (low-end Xeon) in the last couple of weeks. It works fine, the biggest PITA was figuring out what the BIOS is calling legacy boot, I didn't want to use UEFI. I did see a failure to load i915 firmware in the dmesg or log, I didn't follow up on it because I ASSumed it was for the display adapter- which btw works fine over VGA enough to install and get it minimally set up. Since then I'm running it headless. 6.3 has been totally stable (no surprise) and what's interesting is sometimes a terminal running top over SSH looks like the box is dead. I don't ever remember seeing an OS that idled so well. Only the clock on tmux changing lets you know the system is alive. Just outstanding. /jl > > > Does anybody have hints for me where to look for information about > hardware compatibility? > > If someone actually runs OpenBSD 6.3 on a current XEON (or even an > AMD EPIC) please let me know ;-) > > > Thanks in advance! > > > greetings from Austria > -Peter > > > PS: btw. our current OpenBSD systems have Broadwell-EP Xeon CPUs (for > example E5-2620v4 in "Lenovo x3550M5" and "Fujitsu PRIMERGY RX2530 > M2") with several Intel 82599 10Gbit NICs, running perfectly with > OpenBSD 6.3 > > PPS: I already got the information that 6.3 boots into kernel panic > on a "Fujitsu RX2530M4" with Xeon Silver 4110 >
[OT] Roon discussion
Hi Marcus, On Wed, 2018-07-18 at 18:19 +0200, Marcus MERIGHI wrote: > codeb...@inbox.lv (John Long), 2018.07.18 (Wed) 13:51 (CEST): > > I have minidlna working fine on OpenBSD. However this doens't help > > with > > Roon media software since they don't have anything for OpenBSD, > > unsurprisingly. Roon doesn't want to support dlna. > > What network access is officially supported? As far as I know just native filesystems depending on the client and whatever qualifies as a Windows Network Fileshare. The all-in-one Roon package is only for Win/MacOS. I didn't want to start complicating things. > I've seen a RPi based media player that supported sftp. That would be > an easy and secure way. chrooted user, sftp access. Yeah but I don't need another media player and having to sftp each file to play it is unmanageable. foobar2000 on Windows is better than anything else until now for this purpose because nothing that runs on the Pi can use the device drivers for my audio hardware, it's all Windows-only. What Roon does is cooperate with Roon-enabled devices and you can direct music to play on them. It works. > > > I have my Windows foobar2000 appliance roped-off from my LAN > > because I > > don't trust Windows boxes on my network. So I would like to set up > > some > > I see Roon downloads for windows, android, macos, ios. What is your > Roon > running on? Just saying... It is kinda complicated and I just started looking into it. There are a few pieces. I am running the whole thing on Windows. The Android and ios versions are display and controller apps but the media is hosted somewhere else. On Windows and Mac you can host and control from one device. On Linux I think you can't do everything either, just host the data. The media is already living on OpenBSD. I guess one option would be to try to get Linux running in a VM under OpenBSD, if it's possible to access data outside the VM. Then I could use anything for a Roon controller clien. > > > way to serve the files to Windows from OpenBSD. I guess that is > > CIFS/SAMBA? > > If your Roon machine formerly accessed the windows server then it was > SMB/CIFS, almost for sure. This is a new Roon setup a couple of hours old. It didn't formerly access anything ;) > > > Is this secure over the network? I have not done this before and I > > don't know what's involved. Is there an approved CIFS > > implementation to > > use? > > There's only samba. Isn't the Roon box the weakest point? Sure, Windows is always the weakest point. But for music playback there isn't any real option since all the device drivers are for Windows only. Some of the work somewhat on Mac or Linux but mostly not very well and not all the features are there. /jl
[Now OT] Re: Best way to serve files to Windows?
On Wed, 2018-07-18 at 16:57 +0100, Tom Smyth wrote: > Hi John, > > I would just follow the SAMBA documentation in setting up the share, > /shared folders, > > then on the windows clients you may have to tweak the security > settings > in the local security policy manager, (but windows out of the box > for domestic > settings) if your windows boxes are controlled by a Windows > Domain then you may need to talk to the windows admin to relax / > enhance > authentication settings and SMB signing settings in the group policy > ) > but a typical windows setup > should just ask you for a username and password to connect to the > setup > samba share > Thanks Tom. It's my box and I'm the incompetent sysadmin, so no worries other than those self-inflicted ;) I got spoiled years ago by ssh and RSA authentication and I don't like the idea of username/password in general.. but the traffic doesn't go to the outside world in my setup so I guess it is ok. > keep it simple for now > the eventlog (system event log) with the following > windows command > eventvwr > will spew errors if there are a mismatches in your security settings > and you will get hints by looking up errors as you see them, Thanks, this is good info! Not sure if I'll keep Roon or not. It has some nice features but it is still pretty rough on things I would have thought it should handle. /jl
Re: Best way to serve files to Windows?
@tom @solene Thanks guys. I'll look into Samba. I hope it won't turn out to be a typical Windows nightmare. Are there any reliable setup guides on the net? I will basically want to just make a couple of directory trees available read-only. Thanks, /jl
Best way to serve files to Windows?
Hi, I have minidlna working fine on OpenBSD. However this doens't help with Roon media software since they don't have anything for OpenBSD, unsurprisingly. Roon doesn't want to support dlna. I have my Windows foobar2000 appliance roped-off from my LAN because I don't trust Windows boxes on my network. So I would like to set up some way to serve the files to Windows from OpenBSD. I guess that is CIFS/SAMBA? Is this secure over the network? I have not done this before and I don't know what's involved. Is there an approved CIFS implementation to use? Thanks, /jl
Re: httpd setup info?
On Mon, 2018-07-02 at 08:10 -0700, Scott Vanderbilt wrote: > On 7/2/2018 8:03 AM, John Long wrote: > > On Mon, 2018-07-02 at 17:18 +0300, IL Ka wrote: > > > > > What's the appropriate way to let the browser > > > > > know it should open it in Acrobat > > > > > > See "Content-Disposition" header. > > > https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content > > > -Dis > > > position > > > > > > It tells client to download document or open it inline. > > > > Thanks, how do I translate this info into something httpd can use? > > https://man.openbsd.org/httpd.conf#TYPES Thanks/sorry. I saw that somewhere and couldn't remember where until this recent clue-stick ;) /jl
Re: httpd setup info?
On Mon, 2018-07-02 at 08:11 -0700, Scott Vanderbilt wrote: > On 7/2/2018 8:05 AM, John Long wrote: > > What userid does httpd run under? > > > > I have some kind of permission problem, httpd can't serve some of > > the > > content. > > ps aux|grep httpd Thanks again. /jl
Re: httpd setup info?
What userid does httpd run under? I have some kind of permission problem, httpd can't serve some of the content. Thank you. /jl
Re: httpd setup info?
On Mon, 2018-07-02 at 17:18 +0300, IL Ka wrote: > >>What's the appropriate way to let the browser > >> know it should open it in Acrobat > See "Content-Disposition" header. > https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Dis > position > > It tells client to download document or open it inline. Thanks, how do I translate this info into something httpd can use? /jl
Re: httpd setup info?
On Mon, 2018-07-02 at 06:27 -0500, ed...@pettijohn-web.com wrote:
> chroot "/var/content"
> server "example.com" {
> listen on * port 80
> listen on :: port 80
> root "/webserver/htdocs"
> directory auto index
> }
Thanks, this works. Actually I pushed things down one level and used
chroot "/var/content/webserver"
and then I can take the default for the root macro and omit it.
When I click on a PDF doc file, my browser (on Linux) wants to download
it instead of opening it. What's the appropriate way to let the browser
know it should open it in Acrobat (or default app set in the browser)
instead of downloading the file?
/jl
Re: httpd setup info?
On Mon, 2018-07-02 at 06:38 -0500, ed...@pettijohn-web.com wrote:
> On Jul 2, 2018 6:30 AM, John Long wrote:
> >
> > On Mon, 2018-07-02 at 06:27 -0500, ed...@pettijohn-web.com wrote:
> > > On Jul 2, 2018 5:58 AM, John Long wrote:
> > > >
> > > > Hi,
> > > >
> > > > I read the man pages for httpd and httpd.conf but I remain
> > > > clueless.
> > > >
> > > > I would like to serve static content (directory listings and
> > > > contents).
> > > > Must I use a chroot for httpd? If so, how do I set it up?
> > > >
> > > > I have my content in /var/content/webserver/.. I would like
> > > > httpd
> > > > to
> > > > automatically index the contents.
> > > >
> > > > Trying to massage the example/httpd.conf didn't work. I get a
> > > > 403
> > > > when
> > > > I try to access my website.
> > > >
> > > > # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
> > > >
> > >
> > > Try:
> > > chroot "/var/content"
> > > server "example.com" {
> > > listen on * port 80
> > > listen on :: port 80
> > > root "/webserver/htdocs"
> > > directory auto index
> > > }
> >
> > Thank you. What has to be in the chroot besides the content I want
> > to
> > serve?
> >
>
> Nothing for static content. If you add Perl or other such things you
> will have to add a lot of stuff.
Ah great, thanks, I'll try it asap.
/jl
Re: httpd setup info?
On Mon, 2018-07-02 at 06:27 -0500, ed...@pettijohn-web.com wrote:
> On Jul 2, 2018 5:58 AM, John Long wrote:
> >
> > Hi,
> >
> > I read the man pages for httpd and httpd.conf but I remain
> > clueless.
> >
> > I would like to serve static content (directory listings and
> > contents).
> > Must I use a chroot for httpd? If so, how do I set it up?
> >
> > I have my content in /var/content/webserver/.. I would like httpd
> > to
> > automatically index the contents.
> >
> > Trying to massage the example/httpd.conf didn't work. I get a 403
> > when
> > I try to access my website.
> >
> > # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
> >
>
> Try:
> chroot "/var/content"
> server "example.com" {
> listen on * port 80
> listen on :: port 80
> root "/webserver/htdocs"
> directory auto index
> }
Thank you. What has to be in the chroot besides the content I want to
serve?
>
> I think the listen directive changed recently, so if it fails look
> into that as the cause.
Thanks, ok.
/jl
httpd setup info?
Hi,
I read the man pages for httpd and httpd.conf but I remain clueless.
I would like to serve static content (directory listings and contents).
Must I use a chroot for httpd? If so, how do I set it up?
I have my content in /var/content/webserver/.. I would like httpd to
automatically index the contents.
Trying to massage the example/httpd.conf didn't work. I get a 403 when
I try to access my website.
# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
server "example.com" {
listen on * port 80
listen on :: port 80
location "/var/content/webserver/htdocs/*" {
directory auto index
}
}
Thanks
/jl
dmesg for Fujitsu PRIMERGY TX1310 M3
OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8389017600 (8000MB) avail mem = 8127692800 (7751MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7bef (69 entries) bios0: vendor FUJITSU // American Megatrends Inc. version "V5.0.0.11 R1.17.0 for D3521-A1x" date 02/19/2018 bios0: FUJITSU PRIMERGY TX1310 M3 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET LPIT SSDT SSDT DBGP DBG2 SSDT UEFI SSDT DMAR EINJ ERST BERT HEST acpi0: wakeup devices PEGP(S4) PEG0(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) RP12(S4) PXSX(S4) RP13(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E3-1225 v6 @ 3.30GHz, 3293.89 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E3-1225 v6 @ 3.30GHz, 3292.39 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E3-1225 v6 @ 3.30GHz, 3292.39 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E3-1225 v6 @ 3.30GHz, 3292.39 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 2399 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (RP13) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus -1 (RP05) acpiec0 at acpi0: not present acpicpu0 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: WRST acpipwrres2 at acpi0: WRST acpipwrres3 at acpi0: WRST acpipwrres4 at acpi0: WRST acpipwrres5 at acpi0: WRST acpipwrres6 at acpi0: WRST acpipwrres7 at acpi0: WRST acpipwrres8 at acpi0: WRST acpipwrres9 at acpi0: WRST acpipwrres10 at acpi0: WRST acpipwrres11 at acpi0: WRST acpipwrres12 at acpi0: WRST acpipwrres13 at acpi0: WRST acpipwrres14 at acpi0: WRST acpipwrres15 at acpi0: WRST acpipwrres16 at acpi0: WRST acpipwrres17 at acpi0: WRST acpipwrres18 at acpi0: WRST acpipwrres19 at acpi0: WRST acpipwrres20 at acpi0: WRST acpipwrres21 at acpi0: PG01, resource for PEG1 "INT3F0D" at acpi0 not configured "INT345D" at acpi0 not configured
Re: Is Intel PRO/1000 CT Desktop Adapter supported on amd64?
On Thu, 2018-06-28 at 09:32 +0300, Manolis Tzanidakis wrote: > On Wed (27/06/18), Vijay Sankar wrote: > > > > Quoting John Long : > > > I found a lot of PRO/1000 adapters listed in the em driver man > > > page but > > > CT version is not included. > > > > Since the CT version uses the Intel 82574L Controller, I think it > > will work. > > Indeed. I've got a couple of those and work just fine: > > $ sysctl kern.version > kern.version=OpenBSD 6.3 (GENERIC.MP) #4: Sun Jun 17 11:22:20 CEST > 2018 > r...@syspatch-63-amd64.openbsd.org:/usr/src/sys/arch/amd64/compil > e/GENERIC.MP > > $ dmesg | grep ^em > em0 at pci2 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address > xx:xx:xx:xx:xx:xx Thanks Manolis, the card will be here hopefully in the next week or two. /jl >
Is Intel PRO/1000 CT Desktop Adapter supported on amd64?
I found a lot of PRO/1000 adapters listed in the em driver man page but CT version is not included. Does anybody know? Thanks /jl
Re: Partitioning recommendations for 6.3?
> > Seems to me, after trying to install OpenBSD on a new box, a lot of > > the helpful in the FAQ is totally AWOL now and I find it hard to > > get all the info together. > > Hi John, > > Person came from somewhere and cut out a lot of the useful hardware > info. > At least now it's maintainable and can be carefully rewritten again, > duh. > > The frequent questions will probably go away over time as things > improve. > Sound advice should have stayed however if you ask an enthusiast > opinion. > > The cvsweb shows historic versions of the pages if you want to reread > it. Thanks, Anton. I understood from Stuart how to find old web versions. It's good to know. I started with OpenBSD at 3.6 or 3.7 and installed everything until around 5.2. I still have two boxes running 5.X, they just work and they're not internet-facing so they'll run until they die. But it seems like there was a lot more info in the FAQ in those days. Now I find it more difficult to get info. > Ideally, the auto partition could have templates, for the cases you > have. I think this is a good idea but I guess a lot of people will bang you on the head for suggesting it ;) I don't know that I have ever seen the one-size fits all approach work in any installer I have used, so I think templates make sense. Let the flames begin... Thanks for the other links. I will read all the stuff you and the other guys have pointed me at. /jl
Re: Partitioning recommendations for 6.3?
Thanks @bryanharris and @bruno Thanks guys, I will check out the links. /jl
Re: Partitioning recommendations for 6.3?
On Mon, 2018-06-25 at 10:15 -0500, Vijay Sankar wrote: > Here is my df -h output -- Just as an FYI I was testing some > workarounds for the samba virusfilter issue and then made some > mistakes that screwed up KDE etc. So decided to build it from > scratch > and have about 5000 packages built right now with the following > disk > usage. > > $ df -h > Filesystem SizeUsed Avail Capacity Mounted on > /dev/sd0a 1005M102M852M11%/ > /dev/sd0l 3.9G1.8G2.0G48%/builds > /dev/sd0k 127G1.3G119G 1%/home > /dev/sd0d 3.9G7.2M3.7G 0%/tmp > /dev/sd0f 5.9G1.9G3.8G33%/usr > /dev/sd0g 2.0G185M1.7G10%/usr/X11R6 > /dev/sd0h 19.7G9.4G9.3G50%/usr/local > /dev/sd0j 5.9G3.3G2.3G59%/usr/obj > /dev/sd0i 2.0G990M929M52%/usr/src > /dev/sd0e 31.5G 57.9M 29.9G 0%/var > /dev/sd0m 243G 83.7G147G36%/usr/ports Thanks, this is good info. I am trying to find out about /usr/xenocara if it is still needed and also whether it's still recommended to build from source and track -stable or whether syspatch does away with that. What is the recommended http server these days? I remember the transition from apache to nginx. What's the conventional wisdom? My plan for this box is sftp, http, and minidlna server. Thank you, /jl
Re: Partitioning recommendations for 6.3?
On Mon, 2018-06-25 at 09:25 -0500, Vijay Sankar wrote: > Quoting John Long : > > > Been a while and don't have my other OpenBSD boxes accessible. > > > > What are the recommended partitions and appropriate sizes for > > people > > who want to track stable and possibly build the whole ports tree? > > > > Thanks, > > > > /jl > > However, for the past year or so, I have had to increase the size of > /usr to 6G and /usr/local to 20G to build all the packages. I can't remember now.. ports go under /usr/local, correct? What goes in /usr that would require 6G? Thanks, /jl
Re: Partitioning recommendations for 6.3?
On Mon, 2018-06-25 at 17:16 +0300, IL Ka wrote: > Do you want to really build all ports or just fetch skeletons and > build some of them? Not sure, but I don't want to rule out building them all for a couple or reasons. I have a new box which is probably fast enough to make it worthwhile to build packages for some slower boxes I have. Second thing is rebuilding the system from source and then building all the ports is a good stability test. Bottom line is probably that I would rather plan to have the space available and not need it then to need it and not have it. Seems like in the past this was a problem for me. > For skeletons, automatic layout is good enough, but I recommend to > increase /usr/src a little and decrease /home. > Make sure you have ~ 5GB for /usr/src/ and /usr/obj. > Thanks, this helps. The automatic layout didn't include /usr/xenocara There used to be a recommendation in the past to have that as a separate filesystem. How large should it be? Is there any reason to track -stable anymore or has syspatch done away with the need for that? Seems to me, after trying to install OpenBSD on a new box, a lot of the helpful in the FAQ is totally AWOL now and I find it hard to get all the info together. /jl > > > > > On Mon, Jun 25, 2018 at 3:17 PM, John Long wrote: > > Been a while and don't have my other OpenBSD boxes accessible. > > > > What are the recommended partitions and appropriate sizes for > > people > > who want to track stable and possibly build the whole ports tree? > > > > Thanks, > > > > /jl > > > >
Partitioning recommendations for 6.3?
Been a while and don't have my other OpenBSD boxes accessible. What are the recommended partitions and appropriate sizes for people who want to track stable and possibly build the whole ports tree? Thanks, /jl
Anybody have any experience with Fujitsu PRIMERGY TX1310 M3?
There are two variants of the Fujitsu PRIMERGY TX1310 M3 available here for about the same price I was paying for the Lenovo m710q. Does anybody have any comments about these Fujitsu boxes running OpenBSD? Also, I remember there was a section in the FAQ about setting up an ftp server on OpenBSD. I can't find it on the website any more. Is there an archive and why was it removed? Thanks, /jl
Re: OpenBSD on Lenovo m710q running minidlna?
On Wed, 2018-06-06 at 12:10 +, Stuart Henderson wrote: > On 2018-06-05, John Long wrote: > > I have a Lenovo m710q foobar2000 appliance under Windows 10. I like > > the > > box, it's about 1 1/2 as wide as a Lemote Fuloong Mini and about as > > deep and tall, but has slots for two, 2.5 inch drives. I thought > > about > > buying another one to use as a minidlna host under OpenBSD. > > > > Does anybody on the list have any experience with OpenBSD and > > minidlna > > on this box? > > Nothing in dmesglog, it would be nice if you could boot the one you > have > from a USB stick and email in to dmesg@. I'm up to my ass in alligators with work right now so it will take a few days. How do I capture the output? It's been a while since I installed OpenBSD... maybe it gives me an option to mail directly from the installer? I have only a vague memory about it. > Seems it may have a real serial port, if so that's a nice thing to > have on such a small machine. It appears to yes, but since I'm running Windows on it I haven't used it. They're not cheap and the hardware is just kinda meh. The one I bought has 4G of RAM, a 256G SSD (not sure which brand, it's buried in the chassis and hard to get to) and cost 500 Euros. The one I want for the minidlna server will cost about 600 Euros and have 8G of RAM. The box I have has the i3-7100T, it's a two-banger with hyperthreading, good single CPU clocks, 3.4GHz. For the same price you can get a i5- 7400T which is a four banger but no hyperthreading, and significantly slower clocks, 2.4 GHz. Not sure what the benefit to that would be. The disk tray is a flimsy, loose-fitting piece of plastic, not very reassuring. It feels like if you swap disks and out of there a dozen times you're going to be buying a new tray. I'm sure there is better hardware around, maybe even for the same price, but these boxes are readily available from my local shop in a few different variations, and have a nice form factor and some nice features. So far I'm satisfied with it. They advertised mine with a DVD drive, and it doesn't have one of course...when I complained they sent me a USB DVD drive. The enclosure is substantial aluminum, quite sturdy. Feels like you could stack them in a big pile of other gear and nothing would go wrong. And it comes with a separate aluminum tray case with rubber feet that wraps around the bottom and goes up and over both sides (the computer slides into it) and which has a slot for a separate aluminum holder (also included) that holds the power brick. It's a nice package if you don't open it up and look inside. Not sure about the cooling. The fan is tiny. > > > Or any experience in general running minidlna on OpenBSD? > > I used to run this on OpenBSD, it worked reasonably well with the > devices I tried accessing it from. I stopped running it after I moved > my > fileshares to a separate NAS box. > > We don't have inotify and minidlna doesn't have kqueue support for > file > monitoring; run it with the -r flag to do an incremental rescan if > you > add files. Thanks, this is good news. I would prefer not to have code doing things "for" me. I tend to rip a lot of discs in big batches and then move a lot of files at once. It would be ideal to update manually. > I had some problems with the multicast bits after the routing > table change to ART, but others couldn't replicate this, maybe it was > because the machine I was running it on was multihomed. I am clueless about networking but I don't anticipate any issues. I have the Windows box roped-off from my LAN so I can't move files around easily, can't use rsync or any convenient *NIX tools etc. It will be very convenient to have OpenBSD running dlna. Thanks, /jl
OpenBSD on Lenovo m710q running minidlna?
I have a Lenovo m710q foobar2000 appliance under Windows 10. I like the box, it's about 1 1/2 as wide as a Lemote Fuloong Mini and about as deep and tall, but has slots for two, 2.5 inch drives. I thought about buying another one to use as a minidlna host under OpenBSD. Does anybody on the list have any experience with OpenBSD and minidlna on this box? Or any experience in general running minidlna on OpenBSD? Thanks, /jl
Re: CVE-2018-8897
On Thu, 2018-05-10 at 18:54 -0600, Theo de Raadt wrote: > > Dare I ask what lead to OpenBSD not being affected. > > > > Sorry if it is a dumb question but since this hit FreeBSD as well I > > am > > wondering > > what OpenBSD did differently. > > > > Was this caught in an audit? > > > > I am just curious about causality that kept OpenBSD in the clear of > > this one > > that made such headlines yesterday. > > > We didn't chase the fad of using every Intel cpu feature. This goes into the achive! Thank you for the slice of sanity in an insane word. /jl
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
On Wed, Jul 20, 2016 at 12:05:42PM -0400, Brian B wrote: > Run an ??ber cheap VM (or a pair for HA) in AWS or Azure and use their > underlying cloud storage, albeit at a cost premium. > > That way you can setup any number of protocols to access the storage. Thanks, that's actually a _really_ good idea. I'll have to check on pricing and disk space but that might be the answer. In a lot of ways. Thank you! /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
On Wed, Jul 20, 2016 at 02:31:16PM +, Sam Hays wrote: > 2016-07-20 11:27 GMT+02:00 John Long <codeb...@inbox.lv>: > > Can anybody recommend a good cloud storage provider that has access > > via sftp or rsync tunneled through ssh? Everything I have found seems > > targeted at Windows, Linux, phones etc. with no platform-agnostic interface. > > > > Consider AWS / S3? I believe there is an OpenBSD port for aws-cli. I do > realize this isn't 1:1 for what you asked, hard to beat the pricing and > flexibility, though. > Thanks but I need something accessible at a minimum from sftp, and ideally via rsync. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
On Wed, Jul 20, 2016 at 04:01:21PM +0200, matteo filippetto wrote: > 2016-07-20 11:27 GMT+02:00 John Long <codeb...@inbox.lv>: > > Can anybody recommend a good cloud storage provider that has access via sftp > > or rsync tunneled through ssh? Everything I have found seems targeted at > > Windows, Linux, phones etc. with no platform-agnostic interface. > > > > http://www.tarsnap.com I saw that when it first came out and had forgotten about it. It's a neat concept and the price is right but it will not work for what I am looking for now. I want to be able to access individual files from multiple clients. Thanks. /jl
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
On Wed, Jul 20, 2016 at 01:53:23PM +0200, Morten Liebach wrote: > Check rsync.net. That's the type of thing I'm looking for but their prices are totally out of line with anything I've seen. I can pay 100 bucks a year for 1T of storage. I can't pay 1,100 bucks a year for 300G of storage. I'm hoping to find something reasonably priced that somebody on the list can personally recommend. Aside from the few big names I have no way of knowing if the lesser-known ones are any good. Thanks. /jl
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
On Wed, Jul 20, 2016 at 01:53:20PM +0200, Sol??ne wrote: > Le 2016-07-20 11:27, John Long a ??crit??: > >Can anybody recommend a good cloud storage provider that has > >access via sftp > >or rsync tunneled through ssh? Everything I have found seems > >targeted at > >Windows, Linux, phones etc. with no platform-agnostic interface. > > > >Thanks. > > > >/jl > > hello > > ownCloud / NextCloud supports webdav I'm looking for a cloud storage provider other than myself ;-) /jl
[OT] Cloud storage accessible via sftp or rsync/ssh?
Can anybody recommend a good cloud storage provider that has access via sftp or rsync tunneled through ssh? Everything I have found seems targeted at Windows, Linux, phones etc. with no platform-agnostic interface. Thanks. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: OT: True hardware UNIX terminal
On Mon, Apr 04, 2016 at 04:40:20PM -0600, Nick Bender wrote: > I wonder if any FORTRAN programmers out there remember the trick of putting > line numbers after column 72 so the card sort could sort your program back > into order when you dropped your card deck? This was not limited to FORTRAN. We always used sequence numbers in 73-80 for exactly this reason. To this day the MVS (z/OS) editor will place them for you in those colums automatically when you say "num on" or "renum". This works for assembler, COBOL, and PL/I too. And yeah you won't understand unless you ever dropped a box of cards or saw the look of horror on somebody else's face when he did. > Finally I'll never get back the three days I spent finding the zero I had > mistakenly put in place of the letter O in my JCL at the front of the card > deck. Good times... We're still keeping the faith! /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: How full can a ffs filesystem be?
On Wed, Feb 24, 2016 at 10:50:41AM +0100, Otto Moerbeek wrote: > On Wed, Feb 24, 2016 at 05:43:06AM +0000, John Long wrote: > > > On Tue, Feb 23, 2016 at 09:48:44PM -0500, Nick Holland wrote: > > > On 02/23/16 14:42, John Long wrote: > > > > Is there any rule of thumb as to how full an ffs filesystem can be > > > > without > > > > impacting performance or integrity issues? > > > > > > The people who wrote the code set the limit at 95%...so if you are > > > looking for a "Rule of Thumb"...that's it, provided by the People Who > > > Know Best. > > > > > > Most of us have managed to fill a partition completely with no harm to > > > the system (no promises on the file!). But performance isn't our > > > concern at that point. File integrity isn't an issue until you try to > > > write when there is no space. > > > > > > But really, if you are dancing over the 95% point and are happy about > > > it, you have entered Special Case Land, rules of thumb don't apply and > > > you are responsible for your own situation. > > > > Thanks, this is good info. I need to get move some files around then. These > > little Lemote boxes are such nifty ftp servers I tend to keep piling things > > up on them. > > But note the minfree reserve for root only (see tunefs(8)) is > already set at 5% by default. If df(1) reports the fs is 100% full, > actually 5% room is left, for root only. I remember that, thanks. Nice safety valve. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: How full can a ffs filesystem be?
On Tue, Feb 23, 2016 at 09:48:44PM -0500, Nick Holland wrote: > On 02/23/16 14:42, John Long wrote: > > Is there any rule of thumb as to how full an ffs filesystem can be without > > impacting performance or integrity issues? > > The people who wrote the code set the limit at 95%...so if you are > looking for a "Rule of Thumb"...that's it, provided by the People Who > Know Best. > > Most of us have managed to fill a partition completely with no harm to > the system (no promises on the file!). But performance isn't our > concern at that point. File integrity isn't an issue until you try to > write when there is no space. > > But really, if you are dancing over the 95% point and are happy about > it, you have entered Special Case Land, rules of thumb don't apply and > you are responsible for your own situation. Thanks, this is good info. I need to get move some files around then. These little Lemote boxes are such nifty ftp servers I tend to keep piling things up on them. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
How full can a ffs filesystem be?
Is there any rule of thumb as to how full an ffs filesystem can be without impacting performance or integrity issues? Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: How to tune network on Qemu-system-i386
Dmitry, On Thu, Feb 11, 2016 at 10:06:34AM +0500, dmitry.sensei wrote: > Can you give generic guide to setting up a network in Qemu (OpenBSD)? > I have one physical re0 interface, which looks to the Internet. #!/bin/ksh ifconfig tun0 create ifconfig tun0 link0 ifconfig tun0 up ifconfig bridge0 create #ifconfig bridge0 fwddelay 4 ifconfig bridge0 add re0 add tun0 ifconfig bridge0 up I can't remember where I found the above but I have been using it with SIMH. It may have been in the example where somebody shows how to run OpenBSD VAX under SIMH. In the SIMH .conf you use at xq tap:tap0 I ASSume you would use a similar syntax in QEMU's config. That is, use tap:tap0 as your network interface name instead of re0. I commented out the fwddelay to see if it affected anything and it doesn't seem to in this application. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Paris..
Miod, are you ok? Condolences and hoping for the best for you guys. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: SPARC minimum hardware specification
On Sun, Jul 19, 2015 at 05:59:17PM +, Christian Weisgerber wrote: On 2015-07-19, John Long codeb...@inbox.lv wrote: OpenBSD mips64el runs oustandingly well on the Lemote boxes. See here: http://www.openbsd.org/loongson.html Given that only about 2/3 of the ports tree can be built on loongson, I'm questioning this outstandingly well. I tested my first Lemote Mini by doing about 5 complete builds back to back of OpenBSD over a period of a couple of weeks with no failures and no issues of any kind. The box remained nearly silent and was cool to the touch the whole time. Whether LinTel apps compile may be one thing but OpenBSD certainly runs outstandingly well on these boxes. I have one setup as an FTP server and it pushes 9+ MB/s out the door with the stock 160G SATA. I think for what you get for how much you pay these boxes are a screaming deal. As I said I don't think anybody is going to want to use one as a desktop but as tiny green servers they are a great value and work fantastically. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: SPARC minimum hardware specification
On Sun, Jul 19, 2015 at 01:51:34PM -0400, Raul Miller wrote: On Sun, Jul 19, 2015 at 11:03 AM, John Long codeb...@inbox.lv wrote: Sun Fire servers are cheap to buy but not to run. A V210 is a 1U box and with dual 1.35 CPUs it is fast enough for desktop use. It's not something most people with families or without a flightline headset are going to want sitting next to their desk though and you will need some air conditioning. Could you clarify this? http://www.andovercg.com/datasheets/sun-fire-v210-server.pdf Suggests that we're talking 320 watts, and 7.3 db acoustic noise. The power figure is correct but I guess the noise must be 73 db? I would guess the average power consumption of a V210 would be higher than that of your P4 but I haven't tested it. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: SPARC minimum hardware specification
On Sun, Jul 19, 2015 at 09:09:56PM +0200, ludovic coues wrote: 2015-07-19 17:03 GMT+02:00 John Long codeb...@inbox.lv: OpenBSD mips64el runs oustandingly well on the Lemote boxes. See here: http://www.openbsd.org/loongson.html I don't think anybody will be happy with a Loongson as a desktop box but they do shine tiny servers. /jl Where could one acquire one of the machines mentioned on the link ? I've seen no option to buy one on their site and I got no luck on ebay. As far as I know the only way left is directly through Lemote. They have an Aliexpress shop but it is usually offline. If you email them they open their shop again. If you can't find the address on their website let me know offline and I'll scrounge up some contact info. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: SPARC minimum hardware specification
On Mon, Jul 20, 2015 at 09:53:13AM +0100, Graham Stephens wrote: Another thing to bear in mind is the pitch of the noise; I find that loudish but low-frequency sound (like from 4-inch+ fans) isn't that uncomfortable, but the whine from 1U 1 inch fans get unbearable REALLY quickly. I agree with this. The 1U units are very shrill and annoying. I have 4U machines and they are louder but somehow easier to tolerate. You get to choose boiling whistling tea kettle or Hoover... /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: SPARC minimum hardware specification
On Fri, Jul 17, 2015 at 11:15:14AM -0500, BSD wrote: On Thu, 16 Jul 2015 21:09:30 +0300 Mihai Popescu mih...@gmail.com wrote: Hello, I never used a SPARC machine but I recall there are some people on the list doing this. What are the minimum requirements for a decent SPARC machine? I mean by that a machine who is able to run OpenBSD as a desktop. I am currently use a Pentium 4 3.2GHz with 2 GB DDR and it barely meets my needs. Tell me please the CPU or the machine name, I will search the prices :-). Sun Fire servers are cheap to buy but not to run. A V210 is a 1U box and with dual 1.35 CPUs it is fast enough for desktop use. It's not something most people with families or without a flightline headset are going to want sitting next to their desk though and you will need some air conditioning. You didn't say much about your needs so it's hard to know why your current setup isn't satisfactory but 2G of RAM is often not enough for a desktop these days. All it takes is a fairly recent version of Firefox with a bunch of tabs open and a few big PDFs open in Acroreadto use up that amount of RAM. The replies to the OP seem discouraging. If not Oracle, and not Fujitsu, then what? If not a sparc desktop, then what about a sparc router? A RISC anything?? OpenBSD mips64el runs oustandingly well on the Lemote boxes. See here: http://www.openbsd.org/loongson.html I don't think anybody will be happy with a Loongson as a desktop box but they do shine tiny servers. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Whooda thunkit?
On Wed, Jun 03, 2015 at 10:31:26AM +1000, Rod Whitworth wrote: Microsoft To Support SSH In Windows and Contribute To OpenSSH Seen on /. this morning (Australia EST) I hope the contributations are generous.. I hope the contributions are money rather than code... /jl
Re: Phone suggestion.
On Sun, May 24, 2015 at 12:51:39PM +0530, Jay Patel wrote: Blackberry for security? or something else. BlackBerry has notably fewer exploits than other platforms, especially Android-anything. I haven't bought a new one recently but the older ones were actually good phones as in they don't drop calls and the people you are talking to can hear you and vice versa. They work where other phones have no coverage. They put good radios in them. The platform has been a good platform. It has a lot of nice features and a lot of security features. It has user-selectable cipher choices and a secure messenger. It has a built in VPN and there is at least one good SSH client available for it. BB is certainly not secure in the sense anybody believes BlackBerry hasn't been coopted by the NBA like any other major carrier. You are posting from gmail so presumably that doesn't bother you. As far as the handset goes it offers good encryption options for your phone RAM and is contents selectable including the micro SD card. You can set it to wipe on excess password tries (you decide how many that is) and with the management software for BB Enterprise you can wipe or provision phones remotely. You can easily set it up so if your phone is lost or stolen it will be wiped and worthless. Every BB has a unique PIN and unless you release yours the stolen phone will never get onto the BB network again. The email is the best reason to get a BB. It's a true push-email, no polling. There is another security hole though since you have to give your passwords to the BB software at your carrier to access your email accounts. When somebody emails you you get notified right away. I don't know if they fixed it but the notification only used to be for 10 minutes or something like that. An app for 5 bucks fixes that and you'll never miss an email or phone call again. It's just superb for business and makes you look good when you get back to people promptly and don't bobble emails like some teenage kid with an iPhone. Oh sorry man, I never knew you emailed me. There was a 3M limit for file attachments. That is a pain in the ass if you need to read big manuals etc. but honestly the phone is not a tablet and reading doc on it gets old fast. The physical keyboards are great and you can compose emails almost normally. The browsers suck. There are some third party browsers but they're still not good compared to what else is available for other platforms. The multimedia stuff also is very basic. They are not gamer's phones. All in all the BB is a good platform with a lot of nice features, is designed with some understanding of security issues and priority given to that. I like the sane design and lack of Tokyo-by-night features just to say they have something. It's basic non-glamorous stuff that just works. If you want a reasonbly secure phone that is really a good phone and a superb tiny mobile email platform with very few exploits then BB is a top choice. As soon as you want to do web stuff, watch movies, or play games it goes way down the list. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Why generate SSH keys at startup?
On Thu, Mar 12, 2015 at 08:27:03PM +, Christian Weisgerber wrote: On 2015-03-12, John Long codeb...@inbox.lv wrote: By setting PubkeyAcceptedKeyTypes accordingly in sshd_config. Thanks, I looked and looked and could not find it in the man page. It appears to be only in -current? Is this possible in prior versions (i.e. undocumented but works) or is it totally new? Unfortunately, it is quite new. It was added ... *checks CVS history* ... eight weeks ago. Thank you. Motivation for keeping boxes current ;-) /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Why generate SSH keys at startup?
On Thu, Mar 12, 2015 at 07:19:25PM +, Stuart Henderson wrote: On 2015-03-12, John Long codeb...@inbox.lv wrote: On Thu, Mar 12, 2015 at 04:20:47PM +, Christian Weisgerber wrote: On 2015-03-12, John Long codeb...@inbox.lv wrote: You can simply configure HostKey in /etc/ssh/sshd_config. With that done a client can still do pubkey auth with a DSA key. (How) can I stop sshd from accepting client keys a user might include in ~/.ssh/authorized_keys other than RSA keys? By setting PubkeyAcceptedKeyTypes accordingly in sshd_config. Thanks, I looked and looked and could not find it in the man page. It appears to be only in -current? Is this possible in prior versions (i.e. undocumented but works) or is it totally new? By looking with cvs blame sshd_config.5 | grep PubkeyAcceptedKeyTypes and examine the cvs log, you can see that it was added on 2015/01/13. Thanks for the info and tip! /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Why generate SSH keys at startup?
On Thu, Mar 12, 2015 at 04:00:30PM -0400, Josh Grosse wrote: On Thu, Mar 12, 2015 at 07:19:25PM +, Stuart Henderson wrote: By looking with cvs blame sshd_config.5 | grep PubkeyAcceptedKeyTypes and examine the cvs log, you can see that it was added on 2015/01/13. Blame? Blame? When did this wonderful, utterly brilliant but undocumented synonym for annotate get added to cvs? And then I found the commit: CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org 2010/07/22 04:31:10 Good one :-) Thanks. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Why generate SSH keys at startup?
On Wed, Mar 11, 2015 at 11:13:20PM +, Christian Weisgerber wrote: On 2015-03-10, John Long codeb...@inbox.lv wrote: But /etc/rc appears to generate all missing key types every startup. Only if you delete them! Yes, that's what I said. You can simply configure HostKey in /etc/ssh/sshd_config. As soon as you set it to any value, the complete defaults are gone. For instance, if there are no further HostKey statements, HostKey /etc/ssh/ssh_host_ed25519_key will make the server only load that Ed25519 key. No ECDSA, RSA, or DSA. Try it. With that done a client can still do pubkey auth with a DSA key. (How) can I stop sshd from accepting client keys a user might include in ~/.ssh/authorized_keys other than RSA keys? What problems do I cause by commenting out the ssh-keygen? Well, you would be making a change you obviously don't understand. Well, I think it's obvious I'm open to that possibility or I wouldn't have asked the question in the first place. Given I do understand that if ssh-keygen -A isn't run at startup none of the keys I deleted will come back, and given that's what I really want even if new ciphers get added in the future, are there any other issues to be aware of regarding removing ssh-keygen -A from the startup? /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Why generate SSH keys at startup?
On Thu, Mar 12, 2015 at 04:20:47PM +, Christian Weisgerber wrote: On 2015-03-12, John Long codeb...@inbox.lv wrote: You can simply configure HostKey in /etc/ssh/sshd_config. With that done a client can still do pubkey auth with a DSA key. (How) can I stop sshd from accepting client keys a user might include in ~/.ssh/authorized_keys other than RSA keys? By setting PubkeyAcceptedKeyTypes accordingly in sshd_config. Thanks, I looked and looked and could not find it in the man page. It appears to be only in -current? Is this possible in prior versions (i.e. undocumented but works) or is it totally new? This has _nothing_ to do with the server keys. Understood. I want to do an RSA-only setup. After the server key issue was resolved I looked at what the clients can do. /etc/rc isn't a configuration file. When you upgrade OpenBSD, /etc/rc will be overwritten and your changes will be lost. I realize that. I keep track of local customizations in a notebook. Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Console overrun with SPARC64 on Sun V210
Hi, I just installed 5.6 on a Sun V210. The console doesn't seem to know how big the terminal emulator screen is. Whether I use cu or minicom too many lines are displayed. For example top loses all the lines until about the 4th task line. All the CPU, mem stuff etc. rolls off. vi is also unusable on part of the screen. This all automagically works with Solaris but it's been a while since I had OpenBSD running on a V210 and I can't remember if this worked before or not or what I had to do. How do I fix this, please?? Thanks. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Console overrun with SPARC64 on Sun V210
On Wed, Mar 11, 2015 at 10:12:46AM -0600, Abel Abraham Camarillo Ojeda wrote: On Wed, Mar 11, 2015 at 10:05 AM, John Long codeb...@inbox.lv wrote: Hi, I just installed 5.6 on a Sun V210. The console doesn't seem to know how big the terminal emulator screen is. Whether I use cu or minicom too many lines are displayed. For example top loses all the lines until about the 4th task line. All the CPU, mem stuff etc. rolls off. vi is also unusable on part of the screen. This all automagically works with Solaris but it's been a while since I had OpenBSD running on a V210 and I can't remember if this worked before or not or what I had to do. How do I fix this, please?? Are you running cu inside an xterm? If so I think you can run resize(1)... Muchas gracias, amigo! Works fine now. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Console overrun with SPARC64 on Sun V210
On Wed, Mar 11, 2015 at 05:45:48PM +, Christian Weisgerber wrote: On 2015-03-11, John Long codeb...@inbox.lv wrote: I just installed 5.6 on a Sun V210. The console doesn't seem to know how big the terminal emulator screen is. Whether I use cu or minicom too many lines are displayed. By default TERM is set to sun, which is for an 80x34 Sun video console. Yes, I saw that but it doesn't seem to be the problem. If you connect from, say, an xterm, you'll need TERM=xterm. I tried TERM=xterm and TERM=vt100 before I sent my initial mailing list post. Nothing changed. And if you're using unusual terminal sizes, you need to set rows and columns with stty(1). This isn't SSH, where the protocol transmits those terminal parameters to the remote side. Noted, thanks. Not sure what the problem was, the emulator is a standard size and it doesn't work on cu or minicom and not with xterm or rxvt. Anyway resize fixes it on bothxterm and rxvt so I'm good. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Why generate SSH keys at startup?
Hi, What's the reason for generating all the various SSH key types every startup? Given the source of all the new elliptical crypto I don't want to use it so I changed the cipher list in sshd_config. But /etc/rc appears to generate all missing key types every startup. What problems do I cause by commenting out the ssh-keygen? Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Anybody replace the disk drive in a Lemote Fuloong?
On Mon, Jan 26, 2015 at 02:28:35PM +0100, Otto Moerbeek wrote: Unscrew the four screws on the side VGA connector side. Slide the logic board out. Unscrew the three black screws that hold the disk bracket. The screws are unmarked but they are near R164, C174 and U32. You can then slide the disk and bracket out of the connector. Replace the disk in the bracket and reverse the steps. It's a 5 minute job when somebody points out which screws are the right ones and you find the right tiny screwdriver. Back on the air! Thanks, Otto! /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Anybody replace the disk drive in a Lemote Fuloong?
One of my little friends has a dead drive. Unfortunately it is shoehorned in there pretty good. Has anybody on the list replaced the disk drive on one of these and if so would you explain how you did it? Is anybody using a regular USB stick as a primary disk drive for OpenBSD and if so how well do they work and how long do they last? Is this a reasonable solution for an appliance or dev box and are there better alternatives that will work over USB or the network? Specifically this box can boot and run from USB but I don't know if it can run diskless or how well it would run. Thanks. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Does portable NTPD use a drift file?
Does portable NTPD use a drift file? I didn't see one in the previous version and a new install of 5.7p1 doesn't seem to have one either. I didn't see any discussion of a drift file in the manpage for ntpd nor for ntpd.conf in the portable version, though it is mentioned in the man pages for the OpenBSD version. Also, what is the purpose of /var/empty/ntp in the portable version? It's empty ;) Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Does portable NTPD use a drift file?
Hi, On Tue, Jan 20, 2015 at 08:21:32AM -0600, Brent Cook wrote: On Tue, Jan 20, 2015 at 5:46 AM, John Long codeb...@inbox.lv wrote: Does portable NTPD use a drift file? I didn't see one in the previous version and a new install of 5.7p1 doesn't seem to have one either. I didn't see any discussion of a drift file in the manpage for ntpd nor for ntpd.conf in the portable version, though it is mentioned in the man pages for the OpenBSD version. It is mentioned in the ntpd(8) man page at the bottom Some confusion on my part because when I removed the distro's ntp package it left the man pages. And the ntpd and ntpd.conf man pages say the first version was for OpenBSD 3.6 at the bottom so I thought those were the right pages! Once I ripped them out the correct ntp* man pages show up. And there it is. though I should fix the the portable version to adjust the manpage to point where it actually gets configured for installation. Some packagers have already been patching this for their distributions. By default, it should get written to: LOCALSTATEDIR /db/ntpd.drift Thanks, this helps. It was there, just not where I wanted since I install addons in /usr/local. Unfortunately now that I fixed the build to use /var like everything else I see there is a problem because /var/db is only root writeable and I believe the _ntp user is the one trying to write the drift file. It would be unfortunate to have to create a whole directory hierachy no matter how small just to have a place the _ntp user could write his drift file. I think I would even prefer /var/tmp to that. Any suggestions? Also, what is the purpose of /var/empty/ntp in the portable version? It's empty ;) Thanks for bringing that up. This is a privilege-separation directory that the unprivileged ntpd processes chroot to on startup. It is intentionally empty and unwritable by the unprivileged processes. Having this directory empty and unwritable prevents the processes from having access to any files or file system privileges that they do not need to do their jobs. Since /var/empty might not exist, e.g. Debian does not provide it, your OS's package may have altered the privilege separation user directory to be somewhere else, like '/var/run/openntpd'. But, that should also be empty and unwritable. Ok, this was also fixed, presumably, when I set localstatedir for the build. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Does portable NTPD use a drift file? [fixed]
On Tue, Jan 20, 2015 at 12:26:35PM -0600, Brent Cook wrote: Note that a new drift file is not written immediately on start, only after the proper frequency adjustment has been determined. That might take a long time depending on the stability of your systems's clock (e.g. VMs) and how quickly time can be synced, etc. Give it an hour or ten :) Bingo! Thanks again. What a relief to have something that actually works, is written by skilled people who give a damn, and compiles so fast I thought the build must be broken or missing a few thousand programs ;-) /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Does portable NTPD use a drift file?
On Tue, Jan 20, 2015 at 12:26:35PM -0600, Brent Cook wrote: On Jan 20, 2015, at 9:59 AM, John Long codeb...@inbox.lv wrote: LOCALSTATEDIR /db/ntpd.drift Thanks, this helps. It was there, just not where I wanted since I install addons in /usr/local. Unfortunately now that I fixed the build to use /var like everything else I see there is a problem because /var/db is only root writeable and I believe the _ntp user is the one trying to write the drift file. It would be unfortunate to have to create a whole directory hierachy no matter how small just to have a place the _ntp user could write his drift file. I think I would even prefer /var/tmp to that. Any suggestions? That's OK. Nothing will be written as the _ntp user. The unprivileged process instead sends a message to the privileged process, which actually does the writing of the drift file. You want it to be some place persistent, not /var/tmp. Note that a new drift file is not written immediately on start, only after the proper frequency adjustment has been determined. That might take a long time depending on the stability of your systems's clock (e.g. VMs) and how quickly time can be synced, etc. Give it an hour or ten :) Ah, ok. Thanks I will watch it. Also, what is the purpose of /var/empty/ntp in the portable version? It's empty ;) Thanks for bringing that up. This is a privilege-separation directory that the unprivileged ntpd processes chroot to on startup. It is intentionally empty and unwritable by the unprivileged processes. Having this directory empty and unwritable prevents the processes from having access to any files or file system privileges that they do not need to do their jobs. Since /var/empty might not exist, e.g. Debian does not provide it, your OS's package may have altered the privilege separation user directory to be somewhere else, like '/var/run/openntpd'. But, that should also be empty and unwritable. Ok, this was also fixed, presumably, when I set localstatedir for the build. Oops, no, that's not what I meant: I think this might be more likely: 'make install' checks to see if you have a properly configured unprivileged user and gives instructions if none is found. If you already have one configured, it does not display the instructions again. I don't remember that happening in 3.9 and by the time I ran this one I already had the user and group defined on this particular box. What I should have written was after reading your first email I deleted the ntp dir from /var/empty which I had created according to the INSTALL instructions from 3.9, and specified --with-privsep-path=/var/empty on the config, along with other options appropriate for my setup and then recompiled and reinstlled. ntpd 5.7p1 runs and responds to ntpctl so presumably it works with /var/empty otherwise I would expect ntpd to sqwak or fail on startup. Thank you. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: DigitalOcean's BSD debut is FreeBSD only
On Tue, Dec 16, 2014 at 03:10:00PM +, openda...@hushmail.com wrote: Plonk.
Re: missing packages for SPARC
On Wed, Dec 03, 2014 at 04:36:43PM +, Christian Weisgerber wrote: On 2014-12-02, Riccardo Mottola riccardo.mott...@libero.it wrote: I was pkg_add'ing some essential packages on a freshly installed SPARC machine. I noticed that several packages are missing. I thought it was the mirror, but they are missing on the master ftp too. I know that some packages might not build on sparc or do not have sense on that platform, however I was looking for pretty general stuff: libxmsl, libxslt or subversion. They didn't build. I can't tell whether that's due to the package building process (the sparc build machines are very unstable) or problems with the ports themselves. Peter Hessler may be able to comment. How much time is necessary to build packages during and for a release? How much time for snapshots? And how often does this need to be done? I'm trying to get an idea how much uptime you would need if somebody who is able to take this on doesn't have a suitable box to build on. I have a few boxes that could host this but I cannot run them for days on end simply because they're in my office and would deafen/burn me alive. We keep having this tail of zombie architectures. Long obsolete hardware, run by few people, with pitiful best effort package builds happening each release and with luck once between. They slowly sink under the accumulating bitrot that nobody cares to fix, but at the same time people can't bring themselves to completely abandon those archs. *shrug* Agh /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: missing packages for SPARC
I had forgotten OpenBSD has SPARC and SPARC64 ports. I don't have any SPARC boxes, sorry for missing the point here. If SPARC64 builds become an issue I hope I can help in some way. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: missing packages for SPARC
On Thu, Dec 04, 2014 at 10:43:29AM +0100, Peter Hessler wrote: On 2014 Dec 04 (Thu) at 07:11:48 + (+), John Long wrote: :How much time is necessary to build packages during and for a release? How :much time for snapshots? And how often does this need to be done? I'm trying :to get an idea how much uptime you would need if somebody who is able to :take this on doesn't have a suitable box to build on. 32bit sparc packages take 3-5 weeks on a cluster of 5 machines, depending on how many crashes happen. Wow, ok. Thanks. My emails are taking a while to hit the list but I remembered after sending the first one OpenBSD has SPARC and SPARC64 ports and I only have SPARC64 boxes so I can't help here after all. face palm /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Where is this device attached?
Jonathan, this looks promising. David Coppa had said It should expose a ucom*, e.g.: ucom0 at uftdi0 portno 1 The dmesg now shows: moscom0 at uhub1 port 3 HP Company HPx9G+ Device rev 1.10/1.00 addr 2 ucom0 at moscom0 portno 0 How do I relate this to a filename? Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Where is this device attached?
On Mon, Mar 24, 2014 at 01:23:32PM -0500, Adam Thompson wrote: See ucom(4) man page. Short answer: /dev/ttyU0 (ucom? should match up with /dev/ttyU?) -Adam Thank you! /jl
Re: Where is this device attached?
On Fri, Mar 21, 2014 at 03:08:31AM +1100, Jonathan Gray wrote: It seems this needs a new driver, here is a quick test that modifies an existing one that might work: snip Your patch works great. Kermit is talking to the device. Thank you so much for the help! /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Where is this device attached?
On Fri, Mar 21, 2014 at 02:50:17PM +1100, Jonathan Gray wrote: On Thu, Mar 20, 2014 at 04:33:01PM +, John Long wrote: On Fri, Mar 21, 2014 at 03:08:31AM +1100, Jonathan Gray wrote: Thanks. How do I build this? You need to build and install a new kernel. After checking out the src tree via cvs and saving the patch to a file. cd /usr/src/sys/dev/usb patch -p0 /path/to/file then build and install a kernel as described in http://www.openbsd.org/faq/faq5.html#BldKernel Thanks. I didn't know how much of the system had to be rebuilt to get your changes in. It takes a full day or more to rebuild the kernel and userland on this box, so knowing I only have to rebuild the kernel will be a big help. I'll get back to you. Thanks a lot, Jonathan! /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Where is this device attached?
Hi, I am trying to use a USB device with a Loongson 5.3 stable box. The line from dmesg for the device is ugen0 at uhub1 port 3 HP Company HPx9G+ Device rev 1.10/1.00 addr 2 and the usbdevs -vd output is Controller /dev/usb0: addr 1: high speed, self powered, config 1, EHCI root hub(0x), AMD(0x1022), rev 1.00 uhub0 port 1 powered port 2 powered port 3 powered port 4 powered Controller /dev/usb1: addr 1: full speed, self powered, config 1, OHCI root hub(0x), AMD(0x1022), rev 1.00 uhub1 port 1 powered port 2 powered port 3 addr 2: full speed, power 50 mA, config 1, HPx9G+ Device(0x0121), HP Company(0x03f0), rev 1.00 ugen0 port 4 powered How do I correlate this info to a /dev filename so I can tell Kermit which line to open? Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Where is this device attached?
David- sorry, I meant to reply to the list, here it is again for public consumption with the topic threading borked, probably. On Thu, Mar 20, 2014 at 04:14:13PM +0100, David Coppa wrote: On Thu, Mar 20, 2014 at 2:31 PM, John Long codeb...@inbox.lv wrote: Hi, I am trying to use a USB device with a Loongson 5.3 stable box. The line from dmesg for the device is ugen0 at uhub1 port 3 HP Company HPx9G+ Device rev 1.10/1.00 addr 2 Is this a usb-to-serial thingie? I don't think so, but I don't know if it is a standard USB device either. It comes up as /dev/ttyUSB0 on that _other_ OS and will talk to Kermit but I can't get it working on OpenBSD yet. I would prefer to use it with the Loongson box if possible. If this is the case, then it's not properly recognized by the kernel. It should expose a ucom*, e.g.: ucom0 at uftdi0 portno 1 Any other ideas? Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Where is this device attached?
On Fri, Mar 21, 2014 at 03:08:31AM +1100, Jonathan Gray wrote: Thanks. How do I build this? /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Where is this device attached?
On Thu, Mar 20, 2014 at 04:45:12PM +, Fred wrote: On 03/20/14 16:33, John Long wrote: On Fri, Mar 21, 2014 at 03:08:31AM +1100, Jonathan Gray wrote: Thanks. How do I build this? /jl http://www.openbsd.org/faq/faq5.html should answer most of your questions. Nah, most of my questions have nothing to do with OpenBSD. The one you responded to could be clarified. My bad. Do I need to go through steps of rebuilding all of the kernel, userland, etc.? Since I don't know what has to happen to get this into the system. I figured Jonathan would know since he's the one who was nice enough to offer a test patch. hth Don't get too far ahead of yourself ;-) /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Anybody using Kermit on loongson?
This is my first try with Kermit and with this hardware on the other end so I don't know where the problem is. Kermit does not want to talk to my device either by kermit -l /dev/cua00 # /dev/cua00 works on this port for cu # but not for Kermit kermit -l /dev/tty00 # also no signs of life Anybody have kermit talking to/from loongson willing to share the info? Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Anybody using Kermit on loongson?
Replying to myself: I found the .kermrc file below in a websearch and modified it to use /dev/tty00 ; ; kermit settings ; set modem type direct set port /dev/tty00 set speed 9600 set carrier-watch off set flow none set parity none set block 3 set protocol kermit ; End Although it connected after that, Kermit from 5.3 packages was core dumping on certain file transfers. Looking for info on the core dump I found this: http://www.columbia.edu/kermit/ckdaily.html 23 Aug 2011 A patch that fixes a core dump when transferring a file on 9.0.303 OpenBSD on Sparc64 (some inconsistencies in declarations between modules). The same problem could occur elsewhere but has not been noted or reported. Not marked as a test version since it will probably be released as-is, but I don't have time to do it right now. After compiling from the Kermit daily build source it is not dumping and works fine for what I have been using it for transferring files back and forth between the Loongson box and the device. Hope this might be useful to somebody else. /jl
Re: Are there OpenBSD users who are not IT professionals?
On Tue, Nov 19, 2013 at 04:37:25PM +0100, za...@gmx.com wrote: Are there any significant drawbacks to my adoption of OpenBSD (such as OpenBSD being too technical and too difficult, as compared, say, to Linux distros)? One of the things that makes code good and secure is simplicity. That focus on keeping things simple is a way of life that make OpenBSD a good choice for people with a low bullshit tolerance. And I think it makes it more approachable, not less, than Linux and certain other not to be named GUI malware with a EULA parading around as an OS. OpenBSD makes a clear separation between the OS and most of the applications that run on it. That is not true of many other OS and OS-like systems. If you go to one of the mirrors and find the packages for your architecture (presumably you're using either 32 or 64 bit Intel) you can see which applications are available. A desktop means different things to different people. If all the apps you need and want are available then there is no reason why you won't be happy with OpenBSD. If they aren't, you'll have to do a little more thinking and research. You can build many apps on OpenBSD but there is a general problem of Linux people not realizing there is more to the world than Linux and not everything that builds on Linux will build without changes on OpenBSD. Please, give me some advice. If OpenBSD is not for me, I would rather know it sooner than later. I don't really think you can make a decision on paper unless your goals and requirements are pretty clear. If you have to have apps that only run on Linux or Windows that's an easy decision. Otherwise it's worth looking into your options and trying them out. If you overcommit you can always buy another box. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Sorry OpenBSD people, been a bit busy
On Wed, Oct 09, 2013 at 12:41:07PM +0100, sbienddr...@googlemail.com wrote: Am I being monitored for receiving these emails? No, you're being monitored for using google, stupid. Did anybody consider the possibility Theo didn't start this thread? The email headers looked ok at a quick glance but that didn't sound very much like him.
Re: OpenBSD crypto and NSA/Bruce Schneier
On Wed, Sep 11, 2013 at 10:49:46AM +0200, Martin Schr?der wrote: 2013/9/11 Marc Espie es...@nerim.net: Second, low hanging fruit. There's so much crappy software and hardware out there that you have to be REALLY paranoid to think the NSA would target us. I mean, come on, there You think openssh isn't a valuable target? You think they need to target protocols? There are much easier ways of doing things. Strong crypto works if you do all the management stuff. Most people have no idea what's involved with that. Like Espie says there's plenty low hanging fruit. If you're somebody they want to know about the methods they use don't have anything to do with technology. You think openbsd isn't used in commercial firewall/vpn appliances? You think that government doesn't cultivate healthy relationships with security product vendors that makes whatever protocol or OS they claim to run irrelevant? Do you really believe they only got google, yahoo, gmx, msn/hotmail/aol/skype to open up their services but not router and vpn and appliance vendors? Don't be so naive... any company that has an office in the U.S. that wants to stay in business is going to bend over. How many Lavabit stories did we read about where somebody had the integrity to say NO and lose his ass? Exactly one. Guess what happened to the rest. You want security, run OpenBSD on a Chinese router or SBC or fab your own chips and build your own hardware. And stay the hell off the net. Think again. Your turn. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: Modern C++ Compiler for OpenBSD
On Tue, Sep 10, 2013 at 06:21:56PM -0400, Brad Smith wrote: On 10/09/13 6:10 PM, Gregor Best wrote: On Tue, Sep 10, 2013 at 05:40:19PM -0400, Jeffrey Walton wrote: [...] Does anyone have a C++ compiler recommendation for OpenBSD? [...] What about GCC? Clang++'s C++11 support is spotty at best, at least it was the last time I tried. Clang's C++11 support doesn't work properly because it isn't using the proper release of libstdc++. @Brad since he does a lot of the MIPS stuff, or anybody else who might know, is there going to be a newish gcc and gfortran for mips64el in 5.4? /jl
Re: Why I abandoned OpenBSD, and why you should too...
On Thu, Jul 04, 2013 at 11:56:50PM -0400, Thomas Jennings wrote: [drug / alcohol withdrawal-induced rant elided] I don't know where you get the idea OpenBSD is involved. I heard a few interviews including the one here http://www.youtube.com/watch?v=ISXYITh09TA and she clearly said she has an Apple system. She also said for someone to come into my home so apparently this was not only an over the network hack but somebody had physical access to her computers. No consumer computer is safe when somebody else has physical access to it. Security 101. Intel's new BIOS would seem to provide new attack vectors. See the comments to the video and elsewhere, old news. Don't use it, no problem. Atkisson also admits she doesn't know much about computers- her own words. That's an unlikely OpenBSD user profile considering she was talking about her home and company machines. Why do you believe OpenBSD is involved at all? Are you confused by the fact Apple's OSX is based on some (Free) BSD pieces? From the interviews it's a simple case of somebody getting access to a few PCs and installing some spyware. Can you name a consumer device and common desktop OS that can't be compromised in that situation? OpenBSD is open source and you can build the whole OS and userland from source. It seems real unlikely there is compromise or people would have noticed it. So far all the screaming and accusations haven't resulted in one reference by anybody to the alleged bad code. On the other hand the system mentioned by Atkisson is a notorious high walled garden and the people who put it out have already been implicated in collusion with the anti-freedom lobby by everybody's favorite fugitive Snowden. You really need to get a clue and you really need to apologize to Theo, all the OpenBSD developers, and everybody unfortunate enough to read your rant on these lists. As usual for people slinging accusations like you, you failed to cite anything or back up your claims. Pure FUD. To paraphase Benny Hill, everyone's entitled to be stupid, but some people abuse the privilege.
