Re: chromium and firefox - myths and facts?

Maybe this time mail will be encoded properly. >Chrome and Safari both derive from Apple WebKit which itself is a fork >of the KHTML rendering engine developed by the KDE project, and has >*always* been, LGPL licensed code since its first release in 1998. >Yet today, Firefox is held up as the

Re: chromium and firefox - myths and facts?

Chrome and Safari both derive from Apple WebKit which itself is a forkof the KHTML rendering engine developed by the KDE project, and has*always* been, LGPL licensed code since its first release in 1998.Yet today, Firefox is held up as the open-source darling andChrome/Safari is seen as the

Re: Can SSH report successful connections to pf?

>At the end of a "pass" rule in pf.conf, the author adds: > > max‐src‐conn 3, max‐src‐conn‐rate 2/5, overload flush global > >which means: > > "any source can only have a total of three connections, > and they may not create them at a rate faster than two > every five minutes. If

Re: For a FFS on an SSD, which of "-o" nil, "sync" &/ "softdep" is more data-safe and fast?

> Hi! > > If I understand mount(8) (http://man.openbsd.org/mount) right, FFS > mounts have a metadata I/O mode and a data I/O mode. By default, > metadata is accessed synchronously and data is accessed > asynchronously. > > "-o sync" will force both to synchronous mode, and "-o softdep" would >

Re: Kernel memory leaking on Intel CPUs?

Intel provided stable microcode for Skylake mitigating Spectre variant 2. Current status https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf When it comes to Meltdown: Does OpenBSD is going to release patches for 6.2? I don't see anything related to

Re: Kernel memory leaking on Intel CPUs?

There are some claims about Raspberry Pi: Here you go: We do not believe any generation of Raspberry Pi hardware is susceptible to either the Spectre or Meltdown vulnerabilities. https://twitter.com/EbenUpton/status/948999181309530116 Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown

Re: Kernel memory leaking on Intel CPUs?

Intel is probably waiting for Microsoft, Red Hat, Apple and major cloud companies to update OSes until release of Intel Security Advisory. I am also curious does OpenBSD also maps kernel to userspace memory of processes? Could pledge protect against some scenarios exploiting these kinds of bugs?

JRE, Java and JavaFX

Hello, I would like to know whether is possible to execute GUI app based on JavaFX using OpenBSD's package for JRE. I had tried to compile and run but Maven says it can't find JavaFX classes. I also tried to compile on Windows and then copy target directory to OpenBSD, but again I see something

Re: For the super paranoid

News from Reddit: "AMD Listened to us, and added a PSP disable option in their new AGESA version!" Not my picture (Credit to u/repo_code), but https://drive.google.com/file/d/1b4p3d-gtHbFvkUbHYC8HSIviL-1ssC7V/view My Gigabyte AB350 Gaming 3 also has a bios based on the new agesa version,

Re: Intel's Management Technology is indeed vulnerable

Intel's firmware bugs: Intel SA-00086 Intel ID: INTEL-SA-00086 Product family: Various Impact of vulnerability:Elevation of Privilege Severity rating:Important Original release: Nov 20, 2017 Last revised: Nov 21, 2017

Re: Guess what today is

Happy birthday and live long OpenBSD!

Re: About WPA2 compromised protocol

Stefan Sperling: > Also this was *NOT* a protocol bug. > arstechnica claimed such nonesense without any basis in fact and > now everybody keeps repeating it :( Actually, the researcher claimed that are in the standard itself. https://www.krackattacks.com/ The weaknesses are in the Wi-Fi standard

softraid i/o error 5 @ CRYPTO block

Hello During recent update from older -current amd64 to newest -current amd64 kernel printed softraid/CRYPTO error. This error message was printed after re-linking of kernel which failed. What does this mean? Small part of dmesg: sd1 at scsibus1 targ 1 lun 0: SCSI2

Re: Flaw resides in BTB helps bypass ASLR

> if you read the paper, you will notice that they only tested on Ubuntu and > OSX, > neither of which actually ship with ASLR enabled by default if I remember > correctly. https://wiki.ubuntu.com/Security/Features

Re: VMM test

>> Hi Everybody, >> >> I would like to give a try to vmm. If I do so, which os can I expect >> to make it work? openbsd ok I guess. Linux? Windows? >OpenBSD only, as of now. Does it support both i386 and amd64 OpenBSDs guests?

Re: Unexpected behavior in su/doas

> > This is just one mechanism on tty, there are others. On other > > descriptors there are other abilities. > > > > Would you mind explaining this a little bit. I don't really mean the > sudo/doas part. > > How to do operations without retaining access to a tty? > > What other descriptors?

Re: 6.0-stable panic

dhill () mindcry ! org also posted message to bugs mailing list probably about this issue. Title/subject: KASSERT((sk->inp == NULL) || (sk->inp->inp_pf_sk == NULL)); http://marc.info/?l=openbsd-bugs=147472138723508=2 I also can confirm that relayd is triggering this kernel panic on my system by

Re: Dual booting - can't boot OpenBSD from Windows 10 bootloader

>Thank you all for your asnwers. I cannot use grub or lilo as some of >you pointed out beaceuse grub is i386 only and lilo isn't even in >ports, and I don't have linux installed. Neither do I, but I have Grub2 (from Debian amd64) and OpenBSD amd64 ;) You don't need to install any Gnu/Linux system

Dual booting - can't boot OpenBSD from Windows 10 bootloader

I have installed OpenBSD before it had UEFI support, so I installed in Legacy Boot mode (I have UEFI capable laptop). I personally use Grub2 installed via debian live amd64 standard image. I don't have Gnu/Linux installed. I only have bootloader from Debian. I have Windows 8.1 and OpenBSD

Re: graphics acceleration, DRI2, DRM problem

I think that actual, real job is done by: aml_evalname(sc, node, "_OFF", 0, NULL, ) or aml_evalinteger(sc, node, "_OFF", 0, NULL, ) inside acpi.c file. The only good thing about this patch is that it works for me.

Re: graphics acceleration, DRI2, DRM problem

> > +filedev/pci/nvdsbl.c > > can you include this file? and any new .h files as well? I think that this was just for registering a dummy driver for that Nvidia device. It does nothing useful itself. # cat /usr/src/sys/dev/pci/nvdsbl.c /* $OpenBSD: nvdsbl.c,v 0.1 2015/07/28 12:00:01

Re: graphics acceleration, DRI2, DRM problem

This is totally fucked up code, but if you like hazard... I mean that I really just called some random ACPI (aml) methods not knowing what they should do. Additionally this code is for my laptop. I have GEFORCE 620M GPU, so I added this to pcidevs. Another thing is that patched code recognizes my

Re: graphics acceleration, DRI2, DRM problem

I have trimmed lspci output, but actually it was important. I have not only Intel GPU but also Nvidia GPU. A year ago I have written ugly hack to disable Nvidia GPU year ago for power saving. I am sure that is too ugly to commit to repository and I am not programming professional so I need a lot

graphics acceleration, DRI2, DRM problem

Hello I have: $ sysctl kern.version kern.version=OpenBSD 6.0-current (GENERIC.MP) #2353: Sat Aug 13 11:34:33 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP # sysctl hw.model hw.model=Intel(R) Pentium(R) CPU B960 @ 2.20GHz # lspci -nn | grep VGA 00:02.0 VGA

Re: /usr/ and wxallowed

I have upgraded base system. I am going to update ports when mirror will be in sync with main. wxallowed on /usr works as expected $ mount | grep /usr /dev/sd2e on /usr type ffs (local, noatime, nodev, wxallowed, softdep) $ grep wxallowed /etc/fstab

/usr/ and wxallowed

Hello,I have non-standard partitioned OpenBSD-current installation dated before 05/27.I don't have separate filesystem/disklabel partition for /usr/local/.I have /usr/ on separate ffs filesystem. Can I add wxallowed to /usr/ filesystem or I must repartition/reinstall OpenBSD?

Breakthrough in distributed rngs

Theoretical breakthrough in distributed random number generation.David Zuckerman, a computer science professor, and Eshan Chattopadhyay, a graduate student, published a paper in March that will be presented in June at the Symposium on Theory of Computing.“We show that if you have two low-quality

Re: mfs vs tmpfs: advantages and disadvantages

And what about performance? Is tmpfs or mfs faster? Is one or another more resource hungry? -- Furthermore, I consider that systemd must be destroyed Latin oratorical phrase

today amd64 snapshot libpthread segfault

What exactly is version of base system? $ sysctl kern.version Have you also updated packages/ports? On: http://www.openbsd.org/faq/current.html is info about recent ABI break.

Re: Mail : MRA MDA LDA e-mail processors in OpenBSD

>I don't know what "MRA" means, but for fetching: According to Wikipedia's "Email agent" there are: Mail user agent (MUA) Mail submission agent (MSA) Mail access agent (MAA) Mail transfer agent (MTA) Mail delivery agent (MDA) Mail retrieval agent (MRA)

Mail : MRA MDA LDA e-mail processors in OpenBSD

Hello, I am casual OpenBSD user. I use it on laptop. I don't have servers and do *not* want to create my own mail service. I use what crowd uses: I have Yahoo, Gmail, Yandex mail accounts. I would like to use mutt and shell scripts for mail notification etc. To accomplish this I want to have

Re: Relayd TLS client mode CA verification

I have reported problem to bugs mailing list. Thanks for checking that and response.

Re: Relayd TLS client mode CA verification

When it works fine, but without certificate verification: $ cat /etc/relayd.conf tcp protocol proto_wp { #tls ca file "/etc/ssl/cert.pem" tls tlsv1.1 pass } relay connect_to_mail_wp { protocol proto_wp listen on 127.0.0.1 port forward with tls to imap.wp.pl port 993

Re: Relayd TLS client mode CA verification

Maybe I will post example of what I am doing. OpenBSD-current amd64 March 16th, 2016. Getmail and imap over TLS. $ cat /etc/relayd.conf tcp protocol proto_wp { tls ca file "/etc/ssl/cert.pem" pass } relay connect_to_mail_wp { protocol proto_wp listen on

Relayd TLS client mode CA verification

Hello, OpenBSD current amd64 march 16 snapshot. I am using relayd as client for encrypted https connections. I would like to make relayd verification of CA. Now I have without verification: web browser encrypted stream -> 1 relayd in server mode -> unencrypted stream -> privoxy and divert using

Why this pf rule is not enough?

I have rdomain 1 and default rdomain pair1 is in rdomain 1 pair2 is in default rdomain Inside rdomain1 there is not loopback interface network is 172.10.0.2/24 In /etc/resolv.conf I have nameserver 127.0.0.1 so all DNS (UDP 53) packets should go to 127.0.0.1 Default route in rdomain1 is pair2

Re: What are the disadvantages of soft updates?

Hello Given that one could change options for filesystem such as sync to async without remounting using mount -u -o options /what /where is this possible to disable softdep on the fly (without unmounting)? Second question: Does mounting fs with softdep *and* sync options is secure? For example

Re: Firefox W^X isn't a part of Pwn2Own contest

About X.Org isolation I have heard of Xpra - "screen for X11" but haven't used this yet.

Re: bug in pair ?

What you see in ifconfig? I have line like that: ifconfig pair1 pair1: flags=8843 rdomain 1 mtu 1500 and the content of config file for interface: cat /etc/hostname.pair1

Softraid crypto header key backup

Hello I am using OpenBSD amd64 with FDE. I wonder if there is possibility of making backup of header/key used by softraid crypto like in LUKS/dm-crypt solution for Gnu/Linux? I know that backup is relevant and do backup, but if there is possibility for add one more additional easy step to be more

Re: Firefox W^X isn't a part of Pwn2Own contest

Do you also sandbox the browser with some sort of remote desktop, or run under a separate X session? AFAIK X allows any program to meddle with any other program under the same display. No, I don't. Setup is easy. In the easiest scenario just create user, add to /etc/sudoers line which lets you

Firefox W^X isn't a part of Pwn2Own contest

Does original Firefox compiled by Mozilla running on Windows have W^X? I bet: no, it doesn't. I run browsers on the other user account in OpenBSD.

Re: Network isolation of process using rdomain rtable

It seems it is starting to work. Server command: /usr/local/bin/sudo -u user /usr/bin/nc -4 -k -l 172.10.0.2 9191 Commands for programs I would like to intercept/redirect: #!/bin/sh /usr/local/bin/sudo /sbin/route -T1 exec /usr/local/bin/sudo \ -u user /usr/bin/nc -4 -n -v 172.10.0.2 9191

Network isolation of process using rdomain rtable

012345678901234567890123456789012345678901234567890123456789 Hello, OpenBSD current amd64 I would like to isolate application from network and also to make sure that every packet goes to certain port at certain IP address. On Linux I achieved that using network namespace, veth, iptables

Ntpd's confusing log messages

012345678901234567890123456789012345678901234567890123456789 It is probably just aesthetics. When I have clock not synchronized and differs a few seconds, I have following output: grep ntpd /var/log/daemon | tail -n 30 Feb 6 17:57:00 host ntpd[7585]: constraint reply from ip: offset 8.928573 Feb

Re: xz: (stdin): Cannot allocate memory

d: "Christian Weisgerber" <na...@mips.inka.de> Do: "Lampshade" <lampsh...@poczta.fm>; Wysłane: 16:25 Sobota 2016-01-30 Temat: Re: xz: (stdin): Cannot allocate memory > Lampshade: > > > I have following error: > > cat archive.tar | xz -zf --format=xz -9e

Re: xz: (stdin): Cannot allocate memory

This xz command worked in past so I think something must have been changed in past. Indeed, this command worked when I had 4G of DDR3@1333Mhz RAM. Now I have 6GB DDR3 on the same laptop so I have even more. I will look at ulimit -d this evening. I didn't changed them manually, so they must have

xz: (stdin): Cannot allocate memory

Hello I have this OS with packages as of yesterday (Jan 29): kern.version=OpenBSD 5.9-beta (GENERIC.MP) #1865: Thu Jan 28 20:18:15 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP and also tested on with packages around Jan 17: kern.version=OpenBSD 5.9-beta

codepage and iocharset in fat32 aka msdos filesystem

Hello, I am from Poland. I am using Windows 8.1 64-bit and OpenBSD-current amd64. When I used Gnu/Linux I mounted fat32 partitions with these options: iocharset=iso8859-2,codepage=852 However OpenBSD's mount tells me: mount -t msdos -o codepage=852 /dev/sd0f /mnt/partycjaFat/ mount_msdos: -o

Re: Relayd as a HTTPS client

I have posted this message also to bugs mailing lists with subject Relayd in TlsClient mode accepts TLSv1 and TLSv1.1 today, January 10, 2016

Relayd as a HTTPS client

Hi, I am using following configuration to connect to TLS websites: Chromium <-> relayd as a server <-> privo- xy <-> relayd as a client <-> hostile Internet I want to focus on relayd as a client in this mailing list thread. I want to instruct relayd as a client to only connect using TLS versions

Re: Failed to boot after upgrading to Dec. 23 snapshot

Similar problem: Upgrade history: Dec 18 2015 - ok Dec 19 2015 - ok Dec 23 2015 - can not boot after that partial outputs from commands: disklabel sd0 size offset fstype a: 146805807 829967361 RAID other not related to OpenBSD disklabel sd1 size

Re: Failed to boot after upgrading to Dec. 23 snapshot

Topic should go to tech.. and is actually solved.

Browsers in OpenBSD with W^X support

Hello, I would like to know if there are others browsers using W^X except Firefox, which I know to have this enabled. I am especially interested in Chromium package.

Mono and GTK on OpenBSD

Hello, I would like to learn programming in C# using Mono on OpenBSD. Is it possible to easily use GtkSharp GTK# to prepare environment to create Hello World program using GTK?

Re: I have problem compiling libgdamm

It was the root cause of problem. When I downloaded release tarball instead of something from git.gnome.org it compiled successfully. Thanks for help. Od: "Callum Davies" <calrog...@gmail.com> Do: "Lampshade" <lampsh...@poczta.fm>; Wysłane: 17:31 Niedziela 2015

I have problem compiling libgdamm

Hello, I want to compile libgdamm from source. I have tried with 3 releases and I have the same error after I type: gmake. libgdamm have been extracted to: /home/open/kompilacje/libgdamm/kod/ gmake[1]: Entering directory '/home/open/kompilacje/libgdamm/kod/libgdamm-4.99.8/libgda/src'

Re: Is it possible to use pledge(2) to make something similar to firejail?

Thanks for answers. @dan mclaughlin. But how to prevent attacker going out of chroot? Do you think that this is possible to prevent this using pledge(2)? Thanks for links. Especially Jonathan's "Re: making firefox less insecure" mail dated 2014-11-23 is worth reading for me. I wonder if

Is it possible to use pledge(2) to make something similar to firejail?

Is it possible, in theory, to use pledge(2) to make something similar to firejail? https://packages.debian.org/sid/main/firejail Firejail is a Gnu/Linux's program which executes Firefox as it's descendant with reduced privilages. For example I would like to restrict Firefox to not write and read

Re: pf change destination port for outgoing traffic

match out on bge0 inet proto tcp to any port 80 user "_relayd" tag przekierujNaPort443 pass out quick log (all, to pflog0) inet proto tcp tagged przekierujNaPort443 rdr-to 0.0.0.0/0 port 443 bitmask Indeed it works. Thank you very much.

Re: pf change destination port for outgoing traffic

Does anything changed during these years? I would like to do the same thing the author of topic wanted. I want it because I am playing with relayd, privoxy and pf. I have done chain Firefox -> relayd1-> privoxy -> relayd2, but relayd2 seems to try estabilish tls connection to 80 port rather than

Re: TLS intercepting proxy [MitM]

Thanks Uwe Werler! I have not yet estabilished chain described in first message, but it is due to lack of time I didn't tried. Firefox runs as firefox user. I have actually MitM on relayd *using divert* with this pf-magic: cat /etc/pf_kop.conf

Re: TLS intercepting proxy [MitM]

Ok, I know that relayd can decrypt traffic, then log, then encrypt. The thing is that I want to send decrypted traffic to another process (privoxy), and then re-encrypt it. I have also problem with Reyk's config because I can not divert outgoing traffic using pf. I have tried with rdr-to and

TLS intercepting proxy [MitM]

Hello, I would like to use privoxy to scrub/delete some informations in application layer (HTTP) going out from my PC. Problem is that a lot of connections are secured with TLS, so privoxy can not filter them. Is there any way to do something like that: Firefox -> decrypt [MitM] -> privoxy ->

Changing directory for fetching source code

Hi, I would like sometimes experiment with some options/custom config in kernel. On the other hand that is not supported by OpenBSD. Suppose I need to reproduce problem with original kernel. I think good solution for me would be to have two directories for OpenBSD's code. Instead of

Rust programming language

Hello May 15 2015 have been a release date for Rust 1.0. What is your opinion on Rust? Does it have any chances to be some day popular programming language? Do you think that learning Rust can be good for educational purposes?

Software for time management calendar

What software you use for this purposes?

Re: Raspberry Pi 2 Model B

Hello I haven't know that Raspberry Pi is so closed that it requires closed source blob to even boot. Thanks for responses. I am not going to buy Raspberry Pi 2 any more (or at least when blob will be open source). Have a good day.

Raspberry Pi 2 Model B

Hi New version of Raspberry Pi is announced. Its SoC have four cores in Cortex-A7 microarchitecture so it is compatible with ARMv7. It also have 1 GB of RAM. Have the same GPU as its predecessor: VideoCore IV 3d. For some time GPU have open documentation and open (BSD licence) driver in Linux

Does the OpenBSD support well AMD's APU hardware?

Hello, I am a student from Poland (country in Central Europe) and I would love to use OpenBSD everyday. I must have Windows operating system too. I must have it because of Autodesk's Inventor and Autocad software (in future probably also SolidWorks) and Ansys and so on. For that software I need

Does the OpenBSD support well AMD's APU hardware?

Hello, I am a student from Poland (country in Central Europe) and I would love to use OpenBSD everyday. I must have Windows operating system too. I must have it because of Autodesk's Inventor and Autocad software (in future probably also SolidWorks) and Ansys and so on. For that software I need

Is there any chance to implement switch to turn off for example PCI-Express devices?

Hello I have in laptop many devices that I don't use. For example DVD writer. But my greates problem is the unability to turn off under OpenBSD Nvidia GPU. Unfortunately I have Optimus laptop, so I don't have normal, independent hardware multiplexer. I have Intel and Nvidia GPUs, and Intel GPU