Re: OpenBSD Home Server + Workstation on same machine?

2022-03-22 Thread Luke A. Call
On 2022-03-22 16:13:47+0100, ??ukasz Moska??a  wrote:
> Dnia Mon, Mar 21, 2022 at 08:22:36PM -0700, Eric Thomas napisa??(a):
> > Hello,
> > 
> > I'd like to learn about secure networking (PKI, x509 certs, DNS, IPS, etc.)
> > and generally
> > harden my home network using OpenBSD. Can I use OpenBSD services AND have
> > it act as a desktop workstation on the same machine?
> > Ref:
> > https://superuser.com/questions/1712101/openbsd-home-server-workstation-on-same-machine
> 
> You CAN do that, but you shouldn't.
> You should run as little services on firewall as possible. Let's say that 
> there's bug in browser, that causes machine to hang up. Now, because your 
> browser had bug, your whole network is down, untill you do hard reboot.

OpenBSD's reliability seems to make this very unlikely.  Still a valid
point, but to be balanced for your needs.  I guess there could be
hardware issues triggered by a browser? 

> If someone could exploit bug in browser to gain root access (not very likely, 
> but still), attacker could see traffic from your entire network, not just 
> your workstation.
> Less services running on firewall means smaller attack surface. Best practice 
> would be to run only network-related services, like DNS, DHCP, VPNs, IDS/IPS 
> on firewall, and keep everything else away from it.

True there is a smaller attack surface on separate machines, but more
other costs (machines to deal with, at least).  OpenBSD's 
mitigations (code auditing, pledge/unveil, and the best track record
I have ever heard of in a general-purpose posix OS, etc), plus some other
things you can do (which I am learning more about now) to limit what 
browsers can do to other apps in X, & maybe putting a umask of 0077 
in the /etc/profile (but with an exception when running pkg_add), 
make this less likely enough that using a single machine might be
worthwhile for you overall.  Especially if learning is the goal, and you
are not supporting a huge expensive enterprise or some such.  

Having an extra machine to test upgrades on before doing it in
production can be useful.

The other points made (which I didn't quote) could be valid for you.

Just $.02.



chromium key mappings go crazy under ssh -X

2022-03-18 Thread Luke A. Call
When I run chromium or iridium via ssh -X, after some minutes, or
immediately after I switch to a console and back with Ctrl-Alt-Fn, the
keystrokes go wild.  Suddenly space brings up a dialog asking about caret
browsing, Ctrl acts like I right-clicked, most letters work but not m,
etc.  All is back to normal for a few minutes again after I kill the
chrome and relaunch it.  The mouse never seems affected, but I can't
even type a URL normally, and even if I paste a URL, Enter doesn't work.
Nothing in the stdout/stderr from chrome looked interesting, I thought, but I
can send that also.  (As I recall, there was nothing additional in the
output from the time when the keys went crazy, but many things at browser
startup.)

The problem doesn't happen with ssh -Y apparently(?), unless connecting
to run chromium on a remote computer.  It doesn't happen if I run it
as the same user that is running X, nor with xhost permissions allowing
it to run without ssh.  And it doesn't seem to happen with any other
application, including firefox or libreoffice, or xterm.  But I don't
want to use open xhost permissions or ssh -Y full-time for this, 
because then that user can see other users' keystrokes, in X (as shown by
the program  xinput -test  for example).  (I am guessing use of xauth would
also allow seeing keystrokes of other users, but I haven't tested it, as it
looks like xauth is more for remote connections than xhost is.)

I do this so I can have multiple browsers simultaneously, as different
users, so if one instance of a browser is compromised, it
hopefully can't compromise other users' browsers (which are for connecting
to more secure things).  If I could have multiple simultaneous X servers
instead, and if that is considered a reasonable use, that might work
better.  Pointing out holes in my thinking is much appreciated.
(What do other people do for this, if anything?)

It didn't happen on OpenBSD 6.8, but I noticed it right after I
upgraded to 6.9 then immediately to 7.0.  I'm running stable (syspatches
but not current).

Suggestions?  I did something stupid?  Should send a bug report?
Thanks much!

Luke Call


Here is /var/run/dmesg.boot.  (The dmesg itself is included further down):

s0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical 
Mouse" rev 2.00/72.00 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical 
Mouse" rev 2.00/72.00 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical 
Mouse" rev 2.00/72.00 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "Logitech USB Optical 
Mouse" rev 2.00/72.00 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
[... much more of the above, repeated...]

syncing disks... done
r
OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022

r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16033533952 (15290MB)
avail mem = 15531577344 (14812MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries)
bios0: vendor American Megatrends Inc. version "204" date 11/20/2014
bios0: ASUSTeK COMPUTER INC. X550ZA
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT 
SSDT SSDT SSDT
acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) 
EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) 
LID_(S5) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.71 MHz, 15-30-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, 

Re: Missing action list in lesskey man page

2021-12-04 Thread Luke A. Call
On 2021-12-04 12:39:41+, Jason McIntyre  wrote:
> On Sat, Dec 04, 2021 at 12:19:34PM +0100, Richard Ulmer wrote:
> > Hi all,
> > I've been reading up on "advanced" less(1) features and came across the
> > lesskey(1) man page. In the COMMAND SECTION of the page I read this:
> > 
> > > The action is the name of the less action, from the list below.
> > 
> > However I cannot see this list of available actions. The only thing
> > similar I can find is the list of default commands with their actions.
> > From this I can deduce some available actions, but I'm not sure if those
> > are all the available actions. Maybe there are some actions that are not
> > bound by default. I'm also missing a description of what the actions do
> > (I don't know all the default less(1) commands off the cuff).
> > 
> > Is the action list missing from the lesskey(1) man page, or am I
> > misunderstanding something?
> hi.
> 
> the actions do indeed match those in the command list. whether there are
> any undocumented ones, i don;t know. i suppose you'd have to go poking
> in the source. the actions will roughly match those described in the
> less(1) COMMANDS section. so for example in less(1):
>  []
> 
> however we still import less. i'd want to make sure that's not stepping
> on anyone's toes to make local changes.

Pls forgive if I'm missing the important points, but in a way, maybe it is 
implied by  man lesskey  that the actions are
connected with the command list shown.  On ~ line 56-57 (under COMMAND
SECTION) it says "The string is the command key(s) which invoke the 
action", which is easy to miss.  Then there follows a list of commands,
and one can search the man pages (with /) for everything that mentions 
"command",
type "h" within less, etc.  I find I have to do kind of thing that often to get 
a
better idea of things, if one idea is mentioned in one part (or man
page) then I need to go read other parts (or pages) that discuss the
same thing; I even made a couple of scripts or aliases that quicken the
process for me.



Re: Server certs expired higher up the chain, imaps and https

2021-09-30 Thread Luke A. Call
I think I read in some news (slashdot? HN?) semi-recently that a bunch
of old-style (?) Let's Encrypt certificates are expiring today.  
Different software packages may handle it differently, as to how 
they determine what to accept...?  Sorry vague, but I something 
on my phone with one site that I'm guessing is from the same cause.

On 2021-09-30 10:02:17-0700, Chris Bennett  
wrote:
> Hi,
> 
> I'm getting that the certs are expired, but https works fine in Firefox,
> including when looking at the full chain.
> 
> 
> openssl s_client -servername mail.strengthcouragewisdom.rocks -connect 
> mail.strengthcouragewisdom.rocks:imaps
> 
> openssl s_client -servername mail.strengthcouragewisdom.rocks -connect 
> mail.strengthcouragewisdom.rocks:https
> 
> However are not happy. I force updated my ssl certs, syspatch, pkg_add
> -u and rebooted.
> 
> I didn't rebuild dh.pem for dovecot.
> 
> Is this just a DNS propagation issue?
> Or should I do something further myself?
> 
> Thanks
> Chris Bennett
> 



Re: VMM 6.9amd64 host video acceleration

2021-05-12 Thread Luke A. Call
I think there are ways to get what you want w/o VMM, such as a
combination of regular X, separate user accounts for different
activities, ssh -X/-Y, and rarely, xhost.  Email me off-list if you want
details; I have described them here at least somewhat, in the past.

(Also given the fact that chrome/iridium and I think FF use
pledge/unveil now.)

On 2021-05-12 18:06:14+, Martin  wrote:
> Hi Dave,
> 
> Can you recommend any way to see online videos without shuttering? Modern 
> CPUs can't smoothly play it in software emulation, unfortunately.
> 
> Martin
> 
> ? Original Message ?
> On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:
> 
> > Martin writes:
> >
> > > Hi list,
> > > Just wonder how to enable video acceleration on VMM guest's side (Debian) 
> > > if it was possible. Maybe PCIe passthru should be present for that 
> > > purpose?
> >
> > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > video device. vmm(4) doesn't support pass-through to host hardware
> > either.
> >
> > -dv
> 
> 



Re: default umask 0077?

2021-05-01 Thread Luke A. Call
One possible correction: login.conf might be a better place than what I
suggested earlier.  Either way, would require thinking through it by
someone more knowledgeable.

On 2021-05-01 09:37:51-0600, Luke A. Call  wrote:
> I have been wondering for a long time (and did some searches) if it
> would make sense for obsd to have a default umask of 0077, in the
> /etc/profile or /etc/skel files on new installs, or what I'm missing.  
> 
> I imagine it helping a new user who hasn't learned yet about umask, to
> not create files readable by all other users, until ready for
> that, thus being even more secure by default.  Maybe the default
> permissions on new home directories already covers that issue?  Yet
> there are possible files in the /tmp folder; I don't know in all cases
> which is why I set my own system with 0077.
> 
> I've been running that way and the only problem I've noticed (so far) is
> in some uses of pkg_add I had to set the umask back to 0022 first and
> reset it after, for some things to work, which I did in a wrapper script.
> 
> Most likely it's just about my ignorance.  Thanks.
> 
> ps: thanks for 6.9 etc!



default umask 0077?

2021-05-01 Thread Luke A. Call
I have been wondering for a long time (and did some searches) if it
would make sense for obsd to have a default umask of 0077, in the
/etc/profile or /etc/skel files on new installs, or what I'm missing.  

I imagine it helping a new user who hasn't learned yet about umask, to
not create files readable by all other users, until ready for
that, thus being even more secure by default.  Maybe the default
permissions on new home directories already covers that issue?  Yet
there are possible files in the /tmp folder; I don't know in all cases
which is why I set my own system with 0077.

I've been running that way and the only problem I've noticed (so far) is
in some uses of pkg_add I had to set the umask back to 0022 first and
reset it after, for some things to work, which I did in a wrapper script.

Most likely it's just about my ignorance.  Thanks.

ps: thanks for 6.9 etc!



Re: Deleting sysupgrade, was: sysupgrade failure logs

2021-02-15 Thread Luke A. Call
On 2021-02-15 09:33:03+, Ottavio Caruso  
wrote:
> On 14/02/2021 23:44, Theo de Raadt wrote:
> > When we get reports like this where people "touch the insides", both
> > Florian and I regret that sysupgrade ever arrived in the system.
> > We want to delete sysupgrade.
> 
> If this is not just a provocative statement, +1 from me.
> I've never liked unattended, automatic, Debian-style system upgrades. A lot
> of things can go wrong.

I think I stay in the box, and definitely appreciate sysupgrade (etc).  It
has made my openbsd use more secure and easier (given that I am not near
your level of expertise here), so, thanks for it being there.

Luke Call 
http://lukecall.net



libreoffice and iridium/chromium crash on openbsd6.8, unless devhelp manually installed

2021-02-08 Thread Luke A. Call
Hi all. The short version is: the package "devhelp" seems required for
libreoffice and irid/chromium, but removing/reinstalling those doesn't
seem to install devhelp, and the package system doesn't complain
when devhelp is removed manually.  The programs crash saying
things like this, especially the 2nd paragraph that follows:

(iridium:82290): Gtk-CRITICAL **: 12:54:02.946: Unable to create user
data directory '/home/lacall-secnet2/.local/share' for storing the
recently used files list: No such file or directory

(iridium:82290): GLib-GIO-ERROR **: 12:54:03.224: No GSettings schemas
are installed on the system
Trace/BPT trap

So should I just submit a bug report, or is it likely my mistake?


Details:
After upgrading to 6.8, I found many packages that I didn't seem to
require any more, and removed them with pkg_delete.  Later I found that
iridium and chromium crashed whenever I press Ctrl-S to save a file
locally or Ctrl-P to print (or save to a .pdf).  Also LibreOffice would
not allow me to do Ctrl-P, nor Ctrl-O to open a file.

Going back now to the packages I removed, I have found that the
absence of the "devhelp" package causes these crashes,
and when it is present, they do not occur.  Its presence also
seems to solve a problem where libreoffice would not launch under the
name "libreoffice ", but I had to type "soffice "
instead, but I haven't really investigated that part further.

Installing the binary patches (now through 12) didn't seem to matter,
nor running  pkg_add -u  various times over the weeks.

I don't see in pkg_info output for any of these package a dependency
on devhelp, or vice-versa (in my naive look at it, anyway).

I don't guess it matters, but I am currently running these apps via an
ssh -X connection to another user's desktop.  I haven't tried it when
launching X as the same user that runs the apps.

Luke Call 
http://lukecall.net - Tech,thots,peace.(Updated 2021-01-10. Cmts/sugg welcome. 
https later.)


DMESG:

OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021

r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16033533952 (15290MB)
avail mem = 15532564480 (14813MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries)
bios0: vendor American Megatrends Inc. version "204" date 11/20/2014
bios0: ASUSTeK COMPUTER INC. X550ZA
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT 
SSDT SSDT SSDT
acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) 
EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) 
LID_(S5) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.72 MHz, 15-30-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 18 (application processor)
cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,

Re: Microsoft's war on plain text email in open source

2020-08-26 Thread Luke A. Call
On 08-26 21:47, Pierre-Philipp Braun wrote:
> > Can't get your email to go plain text, attachments work.
> > If they don't, why not change providers?
> > It's a bit of work, but almost anyone can setup their own email server
> > for next to nearly free.
> 
> That is not as easy as it was, mainly because of IP reputation.  If you have
> your own MX and outbound MTA/MSA you will have to go through painful
> processes of getting out of blacklists, and even then your outgoing messages
> might end-up in users' spambox.  The game has changed, and it's for us
> old-timers that life is rough, already.
 
Maybe I am missing the point, but one can change providers without
having to manage a mail server, for example just having their own domain
(or not) at a provider that manages the email servers, such as with pair.com 
(just
a content user, many conveniences and flexibility, and I feel ~"enough"
control over my email, but they run the servers, I can set various kinds
of rules or DKIM things etc if memory serves, but don't have to), and
maybe pobox.com (but it has been a long time since I used pobox), and I
imagine others.

Luke Call



multiple simultaneous X sessions?

2020-08-24 Thread Luke A. Call
What would it take for me to run more than one simultanous X session, each 
as a different user? -- I tried once a few years ago, searching, reading
man pages, and chasing error messages, and failed at the time.
Is it known whether it is reasonably possible with the current code?

(This is so I can take advantage of the privilege separation
provided by the OS, while doing different activities and programs
programs with different informal trust levels, as separate
users, but without the cpu overhead of using "ssh -[X|Y] ...".  This was
my normal practice in my Debian days, switching among them with
Ctrl-Alt-FN.)
 
Either way, thanks much for any info.

Luke Call



multiple simultaneous X sessions?

2020-08-22 Thread Luke A. Call
What would it take for me to run more than one simultanous X session, each as a
different user? -- I tried once a few years ago and found my
config-file-fu was insufficient.  Is it known whether it is reasonably
possible with the current code?
Thanks much.

(ps: this is so I can take advantage of the privilege separation
provided by the OS, while doing different activities and different
programs with different informal trust levels, as different
users, but without the cpu overhead of using "ssh -[X|Y] ...".  This was
my normal practice in my Debian days, switching among them with
Ctrl-Alt-FN.)
-- 
Luke Call

"...[W]hen the wicked rule the people mourn.  Wherefore, honest men and wise men
should be sought for diligently, and good men and wise men ye should observe to 
uphold;
otherwise whatsoever is less than these cometh of evil."  (Doctrine & Covenants 
98:9-10.
>From 1833, when I think "men" often meant "persons".)  More at my site: 
>lukecall.net .
So: I think *honesty*, the Constitution and the rule of law (as opposed to of 
individuals), 
are much more important, relatively, than most or all policy issues.



Re: email attachments in firefox

2020-08-21 Thread Luke A. Call
On 08-21 18:06, James Cook wrote:
> On 2020-08-21 16:51, Raymond, David wrote:
> > I noticed that trying to load an attachment to Gmail in Firefox leads
> > to a basically empty menu for selecting the file to be loaded?  What
> > gives?  Is this something to do with pledge/unveil?  Is there a way to
> > do this?
> In practice, if I want to give Firefox access to a file, I move it to
> ~/Downloads and then it will appear in that chooser.
> Yes, it's related to unveil. You can configure it. I think there's more
> info under /usr/local/share/doc/pkg-readmes (I don't have access to my
> OpenBSD system right now but probably look for "firefox" in that directory.)

If it is done similarly as in chromium, /tmp will also work in
addition to ~/Downloads, as will directories symlinked to those.
-- 
Luke Call
"...[W]hen the wicked rule the people mourn.  Wherefore, honest men and wise men
should be sought for diligently, and good men and wise men ye should observe to 
uphold;
otherwise whatsoever is less than these cometh of evil."  (Doctrine & Covenants 
98:9-10.
>From 1833, when I think "men" often meant "persons".)  More at my site: 
>lukecall.net .
I think *honesty*, the Constitution and the rule of law (as opposed to of 
individuals), 
are much more important, relatively, than most or all policy issues.



reviewing what is available (was Re: Faking the same LAN over the Internet

2020-04-01 Thread Luke A. Call
On 04-01 12:47, Chris Bennett wrote:
> On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote:
> > have you considered looking at native OpenBSD tools?
> > https://man.openbsd.org/egre.4
> 
> Wow! I had no idea about this.

I think you know more about obsd than I do, but in case it's useful to
anyone else:

I didn't know about egre(4) either, but I am trying to go
gradually thru the process of seeing "what is there" by browsing to
man.openbsd.org, putting a single period (".") in the search field,
choose a section, click apropos, and methodically reading.  Lots of good
stuff and some surprises (for me at least) in there.  If I hadn't
done that once with debian (years ago), I wouldn't know about touch(1),
for example, and a bunch of other things.

Again, you know more than I, so no insult intended.  :)
-- 
Luke Call
Peace, tech, help, ideas:  http://lukecall.net 
(Updated 2020-03-13. Feedback welcome; https is on todo list.)



Re: Samba on obsd

2020-03-25 Thread Luke A. Call
On 03-25 12:42, Lars Bonnesen wrote:
> It seems that Debian is also recommended as an AD replacement.

And in my experience with packaging tools internals, policies,
standards support, etc (which was not with anything related to AD),
far superior to other Linux distros.  Ask me off-list if you want 
any details on that.
-Luke  (http://lukecall.net)
 



Re: How to test for FORTIFY_SOURCE?

2020-03-18 Thread Luke A. Call
On 03-18 20:29, Ingo Schwarze wrote:
> I have definitely collaborated with at least these NetBSD developers
> in the past:

And a lame but sincere thanks to Ingo, Theo, and everyone else, 
for the impressive work freely given, and for patiently tolerating 
the rest of us.



Re: How to test for FORTIFY_SOURCE?

2020-03-18 Thread Luke A. Call
On 03-18 19:22, Ingo Schwarze wrote:
> > Ingo -- I think using man.openbsd.org as a "testbed for all possible
> > man page hierarchies" incorrect.
> 
> It was never a testbed, but a production service with several parts
> provided nowhere else (well, at least until FreeBSD followed our
> lead and started providing something very similar).
> 
> For example, for DragonFly, Illumos, and NetBSD, semantic searching
> is neither supported by their native apropos(1) on the command line
> nor by their own websites.
> 
> But since you have a point that such services hardly belong
> on *.openbsd.org, they are now on *.bsd.lv, where misunderstandings
> like the one witnessed above are unlikely to happen.

Providing a simple link from the man.openbsd.org page to the services
on *.bsd.lv might help those who are used to looking in the old
location, while avoiding possible "which bsd" confusion (maybe called 
"Some other systems' manuals", or such).  Especially for those not
reading this thread.  Just a thought.


-- 
Luke Call
My thoughts:  http://lukecall.net  (updated 2020-03-13)



Re: alacritty build

2020-03-11 Thread Luke A. Call
On 03-11 16:51, Wayn0 wrote:
> On Wed, 11 Mar 2020 at 06:21, Wayne Oliver  wrote:
> > On 2020/03/10 21:09, Justin Muir wrote:
> > > Just wishing to give alacritty a go so I git'd the source and did a
> cargo
> > > build.
> > > I get this error after a while:
> > > LLVM ERROR: out of memory
> > > I tried increasing the dataset-cur and -max to 4000M in login.conf,
> didn't
> > > seem to work.
> > I managed to build this on my laptop about a week ago. I'll happily
> > check my settings for you when I get home this evening (SAST) if you
> > don't come right before then.
> part of the staff group, datasizr-cur=4096M max infinity
> during build on my dual core i7 4xxx it took 17m to build RAM usage really
> going over 800mb
> 35mb binary

Just curious: what was the size after running "strip" on the binary, or did you?

-- 
Luke Call
My thoughts:  http://lukecall.net  (updated 2020-02-18)



pkg_outdated binary?

2020-03-09 Thread Luke A. Call
t; rev 1.10/1.22 addr 3
uhidev2: iclass 3/0, 3 report ids
uhid0 at uhidev2 reportid 2: input=1, output=0, feature=0
uhid1 at uhidev2 reportid 3: input=2, output=0, feature=0
uhub5 at uhub1 port 1 configuration 1 interface 0 "GenesysLogic USB2.0 Hub" rev 
2.00/92.24 addr 2
uhub5: device problem, disabling port 1
uhidev3 at uhub5 port 3 configuration 1 interface 0 "Logitech USB Receiver" rev 
2.00/12.07 addr 3
uhidev3: iclass 3/1
ukbd1 at uhidev3: 8 variable keys, 6 key codes
wskbd2 at ukbd1 mux 1
uhidev4 at uhub5 port 3 configuration 1 interface 1 "Logitech USB Receiver" rev 
2.00/12.07 addr 3
uhidev4: iclass 3/1, 8 report ids
ums1 at uhidev4 reportid 2: 16 buttons, Z and W dir
wsmouse1 at ums1 mux 0
uhid2 at uhidev4 reportid 3: input=4, output=0, feature=0
uhid3 at uhidev4 reportid 4: input=1, output=0, feature=0
uhid4 at uhidev4 reportid 8: input=1, output=0, feature=0
uhidev5 at uhub5 port 3 configuration 1 interface 2 "Logitech USB Receiver" rev 
2.00/12.07 addr 3
uhidev5: iclass 3/0, 33 report ids
uhid5 at uhidev5 reportid 16: input=6, output=6, feature=0
uhid6 at uhidev5 reportid 17: input=19, output=19, feature=0
uhid7 at uhidev5 reportid 32: input=14, output=14, feature=0
uhid8 at uhidev5 reportid 33: input=31, output=31, feature=0
uvideo0 at uhub2 port 4 configuration 1 interface 0 "Chicony Electronics USB2.0 
VGA UVC WebCam" rev 2.00/99.16 addr 2
video0 at uvideo0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd1 at scsibus3 targ 1 lun 0: 
sd1: 953868MB, 512 bytes/sector, 1953523553 sectors
root on sd1a (6759d2c493c65bb1.a) swap on sd1b dump on sd1b
initializing kernel modesetting (KAVERI 0x1002:0x130D 0x1043:0x17FD 0x00).
radeondrm0: 1366x768, 32bpp
wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
wskbd1: connecting to wsdisplay0
wskbd2: connecting to wsdisplay0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 3 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 2
uhidev0: iclass 3/1, 1 report id
ums0 at uhidev0 reportid 1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
-- 
Luke Call
My thoughts:  http://lukecall.net  (updated 2020-02-18)



Re: Hardening browser

2020-03-07 Thread Luke A. Call
On 03-07 19:19, whistlez...@riseup.net wrote:
> On Thu, Mar 05, 2020 at 07:32:36AM -0700, Luke A. Call wrote:
> > I just leave javascript off for usual browsing, with a tab sitting open
> > in chromium or iridium to turn it on for the occasional temporary need,
> > or added to the browser's exception list to allow permanently for
> > certain sites.  This partly because it seems easy, and partly since I 
> > probably won't know if a browser extension is sold to a malicious entity, or
> > otherwise compromised (so, seems a smaller attack surface, but still usually
> > convenient.)  
> As I know many sites without js doesn't work. Anyway I don't understand
> how switching off js defend you from 0day browser bug.
> Maybe you mean that because many 0day concern javascript ?

Yes, as well as the general category of speculative execution CPU
attacks, rowhammer-type attacks, evercookies that use javascript, 
and/or whatever else I don't know about that is enabled by javascript.
It just seems to be required for many attacks that one reads about, over
time, and given that trend, probably some future ones, all from
downloading unknown code to run locally.  For those fewer times when I do
enable it, I'm glad for OBSD's various protections, to further lower
risk.
-- 
Luke Call
My thoughts:  http://lukecall.net  (updated 2020-02-18)



Re: Hardening browser

2020-03-05 Thread Luke A. Call
On 03-05 04:18, Tomasz Rola wrote:
> On Wed, Mar 04, 2020 at 02:06:40AM +0100, whistlez...@riseup.net wrote:
> > Hi,
> > in the following message:
> > https://marc.info/?l=openbsd-misc=158110613210895=2
> > Theo discourages to use unveil instead of chroot.
> > I asked if he suggests the same for the browser but he asked that chroot
> > is onlye for *root*.
> > Then what should I do to hardening the most exposed piece of code that
> > we use everyday ?
> > Now I'm using unveil+chrome...
> > Thank you.
> []
> As of me, I use the trick with multiple users for different roles
> (similar to other person who posted in this thread). I also employ
> noscript in some of the roles. 

I just leave javascript off for usual browsing, with a tab sitting open
in chromium or iridium to turn it on for the occasional temporary need,
or added to the browser's exception list to allow permanently for
certain sites.  This partly because it seems easy, and partly since I 
probably won't know if a browser extension is sold to a malicious entity, or
otherwise compromised (so, seems a smaller attack surface, but still usually
convenient.)  

> Actually my browsing routine now employs more primitive browsers. 

Yes, sometimes, if practical.

-- 
Luke Call
My thoughts:  http://lukecall.net  (updated 2020-02-18)



Re: Hardening browser

2020-03-04 Thread Luke A. Call
On 03-04 12:03, Luke A. Call wrote:
> Partly as a possible approach, and partly for feedback/suggestions on
> it:
[]
> multiple user logins and their corresponding X sessions running 
> at the same time, among which I would switch with Ctrl-Alt-F* keys, 
> hoping that if one account (where I did most of the general browsing, 
> etc) was compromised, it would not compromise the other accounts, where
> I restricted the activites to more trusted binaries or sites.  Then, 
> text file sitting in /home where different accounts could read/write info.
> 
> Now, on obsd, I do that sort of thing, but with ssh -X across users 
> in a single X session and a bit of scripted xclip usage where I can,
> and a systemwide default of umask 0077, and limit my root access to
> run only from a console -- which you can consider.

(PS:  In doing this multi-account stuff in a single X session, I am
careful not to put sensitive info on the clipboard, as then any other
account could read it.  Same for anything typed while any app
requiring "ssy -Y..." is running.)



Re: Hardening browser

2020-03-04 Thread Luke A. Call
On 03-04 02:06, whistlez...@riseup.net wrote:
> in the following message:
> https://marc.info/?l=openbsd-misc=158110613210895=2
> Theo discourages to use unveil instead of chroot.
> I asked if he suggests the same for the browser but he asked that chroot
> is onlye for *root*.
> Then what should I do to hardening the most exposed piece of code that
> we use everyday ?
> Now I'm using unveil+chrome...

Partly as a possible approach, and partly for feedback/suggestions on
it:

Back when I used Debian/Devuan Linux more, I isolated things with 
multiple user logins and their corresponding X sessions running 
at the same time, among which I would switch with Ctrl-Alt-F* keys, 
hoping that if one account (where I did most of the general browsing, 
etc) was compromised, it would not compromise the other accounts, where
I restricted the activites to more trusted binaries or sites.  Then, 
lacking copy/paste between them, I had a single "chmod a+rw ..." 
text file sitting in /home where different accounts could read/write info.

Now, on obsd, I do that sort of thing, but with ssh -X across users 
in a single X session and a bit of scripted xclip usage where I can,
and a systemwide default of umask 0077, and limit my root access to
run only from a console -- which you can consider.

But I've wondered, if obsd were suited to multiple concurrent X 
sessions, whether that could be interesting as well to address 
this common issue.  
-- 
Luke Call
My thoughts:  http://lukecall.net  (updated 2020-02-18)



Re: Web documentation available offline by default?

2020-02-28 Thread Luke A. Call
Another option I found helpful once is to use wget to download the
FAQs' content to a local copy (unless that puts too much load on the server),
then have a simple local shell alias to view it with links or w3m.
(At the time, it was a quick way for me, to preserve the content
in case I wanted it while offline, or if things like X weren't working.)
There are probably pros & cons of doing that, vs. CVS -- maybe making a 
CVS copy is actually cleaner & simpler for this, and for updating it.

I can fish out my old wget line for that, if it is of interest and not
considered harmful.

--  
     
Luke Call   
 
My general thoughts:  http://lukecall.net  (updated 2020-02-18)



Re: Resource temporarily unavailable: have to recompile?

2020-02-03 Thread Luke A. Call
On 02-01 19:43, Strahil Nikolov wrote:

> On February 1, 2020 12:27:40 AM GMT+02:00, "Luke A. Call" 
>  wrote:
> >I am still seeing this problem, even after logging out/in and ulimit -u
> >shows 712.   Running "ps -U myusername|less" yields about 180 lines and
> >the system becomes unable to start even another xterm, or in tmux on a
> >console, unable to start another shell window (in both cases: "Resource
> >temporarily unavailable").

> >On 01-31 13:20, Luke A. Call wrote:
> >> Hi misc.  
> >> I am getting "Resource temporarily unavailable" in
> >> /var/log/authlog when I try to open too many "ssh [-X]
> >user@localhost"
> >> connections, or even "fork: retry: Resource temporarily unavailable"
> >when
> >> running "$ cat > /tmp/somefile".  
> >> In "man 3 __tfork" I see:
> >> [EAGAIN]Resource temporarily unavailable.  The system-imposed
> >>limit on the total number of threads under execution
> >>would be exceeded.  This limit is configuration-
> >>dependent.
> >> [EAGAIN]Resource temporarily unavailable.  The system-imposed
> >>limit MAXUPRC on the total number of threads under
> >>execution by a single user would be exceeded.  MAXUPRC
> >>is currently defined in  as CHILD_MAX,
> >>which is currently defined as 80 in .
> >> 
> >> (If multiple users could simultaneously run X, I might not ssh as
> >much;
> >> suggestions welcome there also, if you are in the mood.)
> >> More details, not sure if needed:
> >> [...]

> Hi  Luke,
> Have you tried to reuse  ssh connections.
> In linux you can use something like this:
> ControlMaster auto 
> ControlPath ~/.ssh/sockets/%r@%h-%p
> ControlPersist 600
> 
> I guess it's  still valid for openBSD.

Thanks much, Strahil.  I plan to try that.  After I increased the # of 
available ptys, I can open enough terminal windows for my needs, 
but I can still hit the limit if I open ~40
of them with an "ssh user@localhost" (or probably a "cat > filename") 
in each one, so at this point I
guess I am wanting to understand the system better for future reference.
As in, which limit am I hitting, and where is that limit set?

Thanks again.
Luke



Re: Resource temporarily unavailable: have to recompile?

2020-01-31 Thread Luke A. Call
Cancel the cancellation.
I am still seeing this problem, even after logging out/in and ulimit -u
shows 712.   Running "ps -U myusername|less" yields about 180 lines and
the system becomes unable to start even another xterm, or in tmux on a
console, unable to start another shell window (in both cases: "Resource
temporarily unavailable").

On 01-31 13:20, Luke A. Call wrote:
> Hi misc.  
> 
> Am I running into a limit that will require recompiling the kernel
> (or changing my work style I suppose)?  Which man pages should I read
> next, or should I be thinking about this differently?
> 
> I am getting "Resource temporarily unavailable" in
> /var/log/authlog when I try to open too many "ssh [-X] user@localhost"
> connections, or even "fork: retry: Resource temporarily unavailable" when
> running "$ cat > /tmp/somefile".  
> 
> In "man 3 __tfork" I see:
> [EAGAIN]Resource temporarily unavailable.  The system-imposed
>   limit on the total number of threads under execution
>   would be exceeded.  This limit is configuration-
>   dependent.
> 
> [EAGAIN]Resource temporarily unavailable.  The system-imposed
>   limit MAXUPRC on the total number of threads under
>   execution by a single user would be exceeded.  MAXUPRC
>   is currently defined in  as CHILD_MAX,
>   which is currently defined as 80 in .
> 
> (If multiple users could simultaneously run X, I might not ssh as much;
> suggestions welcome there also, if you are in the mood.)
> 
> 
> More details, not sure if needed:
> 
> When I open a large # of xterms which make ssh -X connections on
> my laptop with obsd 6.5 (planning to upgrade, haven't quite yet), they at 
> first pause saying
>   -bash: fork: retry: Resource temporarily unavailable
> ...then start failing with 
>   shell request failed on channel 0
> ...and in /var/log/authlog I see:
>   sshd[52954]: error: do_exec_pty: fork: Resource temporarily unavailable
> 
> Also, until recently I would get error messages in ~/.xsession-errors like:
>   xterm: Error 32, errno 6: Device not configured   Reason: 
>   get_pty: not enough ptys
> ...but, after creating more ptys by running (as root)
>   cd /dev; sh MAKEDEV pty1  #then, um, with pty2, pty3, 4, and 5
> 
> ...I don't seem to get the "not enough ptys" anymore, and can open
> all the xters I like, but I get the
> above "xterm: Error 32, errno 6: Device not configured   Reason:
> get_pty: not enough ptys" from authlog, and the "shell request failed
> on channel 0" from the ssh client, all even when I do this not under X.  
> 
> It's like I can't get beyond about 20-23 "ssh user@localhost" connections
> (depending on how they are counted).
> 
> I have expanded limits in /etc/login.conf and kern.maxfiles=3500 now, in
> sysctl.conf, but that is just poking in the dark.
> 
> What am I missing? Thanks!
> -Luke
> 
> dmesg:
> ached
> uhidev4 detached
> uhid5 detached
> uhid6 detached
> uhid7 detached
> uhid8 detached
> uhidev5 detached
> uhidev3 at uhub5 port 3 configuration 1 interface 0 "Logitech USB Receiver" 
> rev 2.00/12.07 addr 3
> uhidev3: iclass 3/1
> ukbd1 at uhidev3: 8 variable keys, 6 key codes
> wskbd2 at ukbd1 mux 1
> wskbd2: connecting to wsdisplay0
> uhidev4 at uhub5 port 3 configuration 1 interface 1 "Logitech USB Receiver" 
> rev 2.00/12.07 addr 3
> uhidev4: iclass 3/1, 8 report ids
> ums1 at uhidev4 reportid 2: 16 buttons, Z and W dir
> wsmouse1 at ums1 mux 0
> uhid2 at uhidev4 reportid 3: input=4, output=0, feature=0
> uhid3 at uhidev4 reportid 4: input=1, output=0, feature=0
> uhid4 at uhidev4 reportid 8: input=1, output=0, feature=0
> uhidev5 at uhub5 port 3 configuration 1 interface 2 "Logitech USB Receiver" 
> rev 2.00/12.07 addr 3
> uhidev5: iclass 3/0, 33 report ids
> uhid5 at uhidev5 reportid 16: input=6, output=6, feature=0
> uhid6 at uhidev5 reportid 17: input=19, output=19, feature=0
> uhid7 at uhidev5 reportid 32: input=14, output=14, feature=0
> uhid8 at uhidev5 reportid 33: input=31, output=31, feature=0
> uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB 
> OPTICAL MOUSE" rev 1.10/1.00 addr 3
> uhidev6: iclass 3/1, 1 report id
> ums2 at uhidev6 reportid 1: 3 buttons, Z dir
> wsmouse2 at ums2 mux 0
> wsmouse2 detached
> ums2 detached
> uhidev6 detached
> uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB 
> OPTICAL MOUSE" rev 1.10/1.00 addr 3
> uhidev6: iclass 3/1, 1 report id
> ums2 at uhidev6 reportid 1: 3 buttons, Z dir
&g

Re: Resource temporarily unavailable: have to recompile?

2020-01-31 Thread Luke A. Call
Sorry.  It seems to have been just a ulimit and a login.conf value
that I had not increased enough.

On 01-31 13:20, Luke A. Call wrote:
> []
> I am getting "Resource temporarily unavailable" in
> /var/log/authlog when I try to open too many "ssh [-X] user@localhost"
> connections, or even "fork: retry: Resource temporarily unavailable" when
> running "$ cat > /tmp/somefile".  
> 
> In "man 3 __tfork" I see:
> [EAGAIN]Resource temporarily unavailable.  The system-imposed
>   limit on the total number of threads under execution
>   would be exceeded.  This limit is configuration-
>   dependent.
> 
> [EAGAIN]Resource temporarily unavailable.  The system-imposed
>   limit MAXUPRC on the total number of threads under
>   execution by a single user would be exceeded.  MAXUPRC
>   is currently defined in  as CHILD_MAX,
>   which is currently defined as 80 in .



Resource temporarily unavailable: have to recompile?

2020-01-31 Thread Luke A. Call
Hi misc.  

Am I running into a limit that will require recompiling the kernel
(or changing my work style I suppose)?  Which man pages should I read
next, or should I be thinking about this differently?

I am getting "Resource temporarily unavailable" in
/var/log/authlog when I try to open too many "ssh [-X] user@localhost"
connections, or even "fork: retry: Resource temporarily unavailable" when
running "$ cat > /tmp/somefile".  

In "man 3 __tfork" I see:
[EAGAIN]Resource temporarily unavailable.  The system-imposed
limit on the total number of threads under execution
would be exceeded.  This limit is configuration-
dependent.

[EAGAIN]Resource temporarily unavailable.  The system-imposed
limit MAXUPRC on the total number of threads under
execution by a single user would be exceeded.  MAXUPRC
is currently defined in  as CHILD_MAX,
which is currently defined as 80 in .

(If multiple users could simultaneously run X, I might not ssh as much;
suggestions welcome there also, if you are in the mood.)


More details, not sure if needed:

When I open a large # of xterms which make ssh -X connections on
my laptop with obsd 6.5 (planning to upgrade, haven't quite yet), they at 
first pause saying
  -bash: fork: retry: Resource temporarily unavailable
...then start failing with 
  shell request failed on channel 0
...and in /var/log/authlog I see:
  sshd[52954]: error: do_exec_pty: fork: Resource temporarily unavailable

Also, until recently I would get error messages in ~/.xsession-errors like:
  xterm: Error 32, errno 6: Device not configured   Reason: 
  get_pty: not enough ptys
...but, after creating more ptys by running (as root)
  cd /dev; sh MAKEDEV pty1  #then, um, with pty2, pty3, 4, and 5

...I don't seem to get the "not enough ptys" anymore, and can open
all the xters I like, but I get the
above "xterm: Error 32, errno 6: Device not configured   Reason:
get_pty: not enough ptys" from authlog, and the "shell request failed
on channel 0" from the ssh client, all even when I do this not under X.  

It's like I can't get beyond about 20-23 "ssh user@localhost" connections
(depending on how they are counted).

I have expanded limits in /etc/login.conf and kern.maxfiles=3500 now, in
sysctl.conf, but that is just poking in the dark.

What am I missing? Thanks!
-Luke

dmesg:
ached
uhidev4 detached
uhid5 detached
uhid6 detached
uhid7 detached
uhid8 detached
uhidev5 detached
uhidev3 at uhub5 port 3 configuration 1 interface 0 "Logitech USB Receiver" rev 
2.00/12.07 addr 3
uhidev3: iclass 3/1
ukbd1 at uhidev3: 8 variable keys, 6 key codes
wskbd2 at ukbd1 mux 1
wskbd2: connecting to wsdisplay0
uhidev4 at uhub5 port 3 configuration 1 interface 1 "Logitech USB Receiver" rev 
2.00/12.07 addr 3
uhidev4: iclass 3/1, 8 report ids
ums1 at uhidev4 reportid 2: 16 buttons, Z and W dir
wsmouse1 at ums1 mux 0
uhid2 at uhidev4 reportid 3: input=4, output=0, feature=0
uhid3 at uhidev4 reportid 4: input=1, output=0, feature=0
uhid4 at uhidev4 reportid 8: input=1, output=0, feature=0
uhidev5 at uhub5 port 3 configuration 1 interface 2 "Logitech USB Receiver" rev 
2.00/12.07 addr 3
uhidev5: iclass 3/0, 33 report ids
uhid5 at uhidev5 reportid 16: input=6, output=6, feature=0
uhid6 at uhidev5 reportid 17: input=19, output=19, feature=0
uhid7 at uhidev5 reportid 32: input=14, output=14, feature=0
uhid8 at uhidev5 reportid 33: input=31, output=31, feature=0
uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 3
uhidev6: iclass 3/1, 1 report id
ums2 at uhidev6 reportid 1: 3 buttons, Z dir
wsmouse2 at ums2 mux 0
wsmouse2 detached
ums2 detached
uhidev6 detached
uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 3
uhidev6: iclass 3/1, 1 report id
ums2 at uhidev6 reportid 1: 3 buttons, Z dir
wsmouse2 at ums2 mux 0
wsmouse2 detached
ums2 detached
uhidev6 detached
uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 3
uhidev6: iclass 3/1, 1 report id
ums2 at uhidev6 reportid 1: 3 buttons, Z dir
wsmouse2 at ums2 mux 0
wsmouse2 detached
ums2 detached
uhidev6 detached
uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 3
uhidev6: iclass 3/1, 1 report id
ums2 at uhidev6 reportid 1: 3 buttons, Z dir
wsmouse2 at ums2 mux 0
wsmouse2 detached
ums2 detached
uhidev6 detached
uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 3
uhidev6: iclass 3/1, 1 report id
ums2 at uhidev6 reportid 1: 3 buttons, Z dir
wsmouse2 at ums2 mux 0
wsmouse2 detached
ums2 detached
uhidev6 detached
uhidev6 at uhub0 port 4 configuration 1 interface 0 "vendor 0x USB OPTICAL 
MOUSE" rev 1.10/1.00 addr 3
uhidev6: iclass 3/1, 1 report id
ums2 at uhidev6 reportid 1: 3 buttons, Z dir

Re: Question about marketability of OpenBSD Laptops

2020-01-26 Thread Luke A. Call
On 01-26 10:45, Stuart Henderson wrote:
>  [] >  I have non-technical users on OpenBSD
> laptops and desktops using GNOME+Chromium+LibreOffice, not everything
> is perfect but it works well enough and we didn't have to revert to
> Windows.
> 
> It *does* need managing though, it won't work as a "here is the machine,
> now you're in charge" setup. For that reason I think in most cases this
> type of user would often find that an iPad or ChromeBook would suit them
> better.

Similar experience here: I had maybe a dozen or more people using
openbsd computers in a weekly classroom for several months, where
I had set it up to be convenient for their use (basically xfce, & icons
pointing to preset browser destinations), and they were happy enough,
but they weren't going to manage any of it themselves (with one 
possible exception).  So sometimes it depends on the perceived 
cost/benefit and how it goes with their personal usage patterns.

-- 
Please pray for our country(ies) and leaders, at this important time.
More on this and other topics (a simple site w/o sales):
http://lukecall.net  (updated 2020-01-23)



Re: pkg_info(1) man page possible error

2020-01-25 Thread Luke A. Call
On 01-25 01:49, Ingo Schwarze wrote:
> Andrew Easton wrote on Fri, Jan 24, 2020 at 11:17:20PM +0100:
> > I was looking for a list of ports packages
> Depending what you really need, try
>   $ doas pkg_add portslist
>   $ less /usr/local/share/ports-INDEX
>   $ doas pkg_add sqlports
>   $ sqlite3 /usr/local/share/sqlports
>   https://cvsweb.openbsd.org/ports/
> > and read the man page pkg_info(1).

For what it may be worth, another way to get a list of ports is 
(as root, or maybe should be rewritten with "doas", as Ingo 
did, but):

# cd /usr/ports/ && make print-index > ~root/openbsdports-list-$(uname 
-r)-$(machine) 

-Luke
-- 
Please pray for our country(ies) and leaders, at this important time.
More on this and other topics (a simple site w/o sales):
http://lukecall.net  (updated 2020-01-23)



Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

2019-12-31 Thread Luke A. Call
On 12-31 14:02, Raul Miller wrote:
> On Tue, Dec 31, 2019 at 1:32 PM  wrote:
> > I'm curious to know if there are any languages other than C and perl in
> > use in OpenBSD base.
> It's pretty easy to download the sources for base, and then:
> tar zxf src.tar.gz
> find . -type f -name '*.*' | sed 's/^.*\.//' | sort | uniq -c | sort
> -n | tail -40

For what it may be worth: another way I use to see "what is available"
(sometimes just to learn) is either: "man [1-9] intro" or go to 
http://man.openbsd.org, optionally choose a section, put "." (without
quotes) in the search field, and click the "apropos" button.  

-- 
Please pray for our country(ies) and leaders, at this important time.
More on this and other topics (a simple, non-JS site w/ no sales):
http://lukecall.net  (updated 2019-12-8)



Re: ttyC0 floods with error messages

2019-12-16 Thread Luke A. Call
On 12-16 10:48, Raymond, David wrote:
> I get similar stuff on console 1 but not on the others on all my
> OpenBSD machines.  As I use X windows and have clean consoles 2-4
> available if necessary, I just ignore it.

I get similar messages in dmesg (used to be on the first console),
and every couple of days or so (not a consistent period), the mouse
just stops working, sometimes working again a few days after I 
unplug it, so I switch that way between a wireless and wired mouse
until they both stop and when I get tired enough of being mouseless 
then I reboot.

Ending message with dmesg output:

OpenBSD 6.5 (GENERIC.MP) #5: Thu Aug 29 20:38:30 CEST 2019

r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16033533952 (15290MB)
avail mem = 15537967104 (14818MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries)
bios0: vendor American Megatrends Inc. version "204" date 11/20/2014
bios0: ASUSTeK COMPUTER INC. X550ZA
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT 
SSDT SSDT SSDT
acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) 
EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) 
LID_(S5) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.48 MHz, 15-30-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 18 (application processor)
cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu2: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 19 (application processor)
cpu3: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu3: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 1 pa 0xfec01000, version 21, 32 pins
acpiec0 at acpi0
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PB21)
acpiprt2 at acpi0: bus -1 (PB22)
acpiprt3 at acpi0: bus 

hardware security (was Re: Installing OpenBSD on Supermicro A2SDi-4C-HLN4F

2019-06-16 Thread Luke A. Call
And I think I read that Supermicro is moving production 
out of China because of the perceptions of risk (and/or actual 
risks) of sensitive electronics manufacturing there. 

Forgive/ignore if this question is excessive here, but I 
wonder if anyone has knowledge or educated perspective to share 
on this:  I have avoided Chinese products (like Lenovo) due to 
government history/means/motive/opportunity to put in backdoors
or things with which I might be less comfortable than the
backdoors unfortunately inserted by someone else.  Just like I've 
been favoring AMD due to Intel's track record and evident attitude.)
Yes, the US government has been reported to waylay hardware 
during shipping, etc., and Bruce Schneier and/or others
have said the problem of vetting hardware is beyond
the ability of individuals or most businesses, given the 
extreme economic and technical complexity involved.  (And 
I realize that suspicion can be carried too far, and cost/benefit 
estimates can sometimes even favor less caution, but one has to
choose whom to work with, given tradeoffs and an imperfect world.
I know Theo has said in efffect that hardware security is not 
a problem OBSD can address, and if that is the final answer, OK.)

But I wonder sometimes if anyone knows of a laptop &/or desktop
vendor where the odds seem most favorable, maybe why you 
think so, and where they are likely to work with OBSD. (System76, 
librem, dell, small/local manufacturers)?  (My audio, video, and 
battery needs are minimal, but *quiet* effective thermal management, &
16GB+ RAM are important, and reliability & compilation speed.)  
AMD CPUs preferred, as going exotic sounds like more $ and 
harder to get spare parts.  And I probably don't have the ability
now or later to become expert at choosing many individual 
components.  Thanks in advance.
-- 
Luke Call
Things I want to say to many (a lightly-loading site):
http://lukecall.net  (updated 2019-06-09)


On 06-15 15:11, Stuart Henderson wrote:
> On 2019-06-15, ms  wrote:
> > There were some serious security issues with hardware and software from 
> > Supermicro (espionage chips, firmware)
> 
> Assuming you mean the allegations in that Bloomberg piece, there was no
> evidence found supporting them.
> 
> https://hackaday.com/2019/05/14/what-happened-with-supermicro/ etc
> 
> There are the usual problems with BMC security, cpu bugs, etc, but those
> are by no means unique to supermicro.
> 
> 



Re: No more KDE's dolphin after upgrade to 6.5

2019-04-26 Thread Luke A. Call
On 04-26 21:47, Rafael Sadowski wrote:
> []
> update all packages with the following PKG_PATH example:
> 
> env PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/6.5/packages/ pkg_add -u -v 
> -Dinstalled
> 
> It looks like you mixed packages for 6.4 and 6.5 and/or -current.

I had to run a pkg_add command equivalent to that, to get mutt and sox play
to run.  This happened when I upgraded to 6.4 as well, with libreoffice,
that not everything required was updated somehow, with just pkg_add -u.

- -
Things I want to tell people: Free & open personal organizer software,
& thoughts on subjects that I consider important (updated 2019-03-18):
http://lukecall.net  



Re: OpenBSD 6.5

2019-04-25 Thread Luke A. Call
On 04-24 15:31:34+, Mik J wrote:
> Thank you for this new release and all of those who contributed.

Echoed by many, for past and future work on this excellent
system.  Thanks very much indeed. 



crash report

2019-04-22 Thread Luke A. Call
Hi.  I am having laptop crashes, but sendbug hangs so am using email
directly.  Some web page on bug reports, iirc, suggested emailing misc@
first to see if the email is OK, before sending to bugs@.., so I am
sending here for feedback.

Sendbug (per pstree) appears to hang in usbdevs -v.  (Related ps output
is below.)

Related issues?:  I don't know if I have unsupported hardware.  I have
had overheating problems (separate issue but mentioned in case this all
means I need to replace the laptop; the heat issues haven't necessarily
been at times I can correlate with these crashes, but somewhat ongoing).
I also don't know if this issue relates to the fact that my mouse stops
working anywhere from 0 to 10 days after each reboot (which has been the
case I'm guessing since I installed a 6.3 snapshot probably about 1/3 of
the way from 6.3 to 6.4).  Maybe I need a new laptop.  But I'm confident
that this happens even when the laptop is cool (like, external fans on, 
laptop idling overnight).

Could a crash be caused by having in sysctl.conf
"machdep.allowaperture=1" and running X?  I'd like to understand the
pros/cons of that setting better than I do from reading the manual page. 
(My sysctl.conf contents are below.)  The crash seems to never happen
unless I have been running with X for at least 2 days, maybe more.

My stock + syspatched 6.4 system dropped into ddb in a console, several
hours after the last syspatch and reboot (the last syspatch prior to
2019-3-22), maybe at a moment when I hit "alt-tab" in X (in xfce).  (X
had frozen before that syspatch a couple of times recently when I hit
"alt-tab", but I was able to get to a console then if memory serves.
Something like this has happened maybe every several weeks over the last
few months, including during times like at night when I am not using
this laptop, so I don't know how to reproduce it on demand.

Then it did it again several times.  I have captured ddb output from a
total of 3 of those; the photos of ddb info was captured before I
applied the latest syspatch, but it has continued happening since.
After I tried to capture the useful output from ddb, I ran "boot sync"
to reboot and it just sat there as if frozen, & the laptop's disk
activity light was dark.  (Then when I forced a hard power cycle it had
to do some automatic disk repairs, and the disk activity light was on
during that.)

In the 2nd set of ddg screen shots (those from the 2nd crash, on the
morning of 2019-3-23), I see it reports 3 CPUs.  I don't know why 3,
because I had 4 before the spectre/meltdown mitigations changed it to 2
(per top activity: 4 shown, 2 seem active).

Then on 2019-03-25 after I had stopped using the computer for the day,
there were error messages in /var/log/message and when I checked later
the computer had completely frozen with a black screen.  I was running
xfce but no programs outside a terminal (basically the same as in the
last set of ddg screen shots' ps output plus the links browser).

I read through much of the change log for 6.4->6.5, but am probably
unqualified to know if one of the updates addresses this.

Again, the crashes where I took photos of ddb output occurred with
openbsd stable as of just prior to the March 27 security fix, but have
also happened since (sorry I'm so late sending it, due to personal
limitations and competing tasks).

So far, I think this has only happened while X was running (using
xenodm).  After sending this, I think I will stop X and see if it
happens over the next few days, without it.

This has happened both with varying and without any setting in the
/etc/malloc.conf symlink.

Sorry if that is not a proper report; feedback sought. Thanks *very* 
much.

Links to photos of ddb info from the crashes:
http://lukecall.net/temp-crashInfo/1stCrash-imagesOnOnePage.html
http://lukecall.net/temp-crashInfo/2ndCrash-imagesOnOnePage.html
http://lukecall.net/temp-crashInfo/3rdCrash-imagesOnOnePage.html
http://lukecall.net/temp-crashInfo/allImagesLinks.html
http://lukecall.net/temp-crashInfo/

Luke Call
- -
Things I want to tell people: Free personal organizer 
software, & thoughts on subjects (updated 2019-03-18):
http://lukecall.net  


(Various info dumps follow; each new section starts with a 
"description".)

ps info of usbdevs that wouldn't exit:-
USER   PID %CPU %MEM   VSZ   RSS TT  STAT  STARTED   TIME COMMAND
root 93325  0.0  0.0   296  1148 C0  D+12:58PM0:00.02 usbdevs
root 80643  0.0  0.0   720   820 C1  Ip12:52PM0:00.00 sh -c usbdevs 
-v
root 84565  0.0  0.0   256  1088 C1  D 12:52PM0:00.01 usbdevs -v
root  8493  0.0  0.0   252  1088 C1  D 12:57PM0:00.00 usbdevs -v
root 38138  0.0  0.0   720   816 C1  Ip12:57PM0:00.01 sh -c usbdevs 
-v
root  7392  0.0  0.0   724   824 C1  Ip12:57PM0:00.01 sh -c usbdevs 
-v
root 25561  0.0  0.0   252  1084 C1  D 12:57PM

mouse stops working 2 days after reboot

2018-11-15 Thread Luke A. Call
Hi.  On 6.4 (not 6.3 or snapshots i tried), the external mouse just
stops working, ~2 days after rebooting, multiple times.  A reboot fixes
it, but just restarting X with Ctrl-Alt-Bksp does not fix it (though it
does seem to close/restart xenodm).  I am not using the trackpad and
even while this problem occurs, mouse emulation via the keyboard works
(using XFCE's accessibility feature).  I see that the mouse still
has power (lights on).  

(FWIW: The first time this happened, it was just 
after I had unplugged both my external keyboard and mouse, and 
unlike the usual behavior,  neither worked when I plugged them back in.
Since then, only the mouse has had trouble but I haven't unplugged
the keyboard since then.)

Thanks much.

Ending with the dmesg:
4b/line 16-way L2 cache
cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 1 pa 0xfec01000, version 21, 32 pins
acpiec0 at acpi0
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PB21)
acpiprt2 at acpi0: bus -1 (PB22)
acpiprt3 at acpi0: bus -1 (PB31)
acpiprt4 at acpi0: bus -1 (PB32)
acpiprt5 at acpi0: bus -1 (PB33)
acpiprt6 at acpi0: bus -1 (PB34)
acpiprt7 at acpi0: bus 2 (PE20)
acpiprt8 at acpi0: bus -1 (PE21)
acpiprt9 at acpi0: bus 3 (PE22)
acpiprt10 at acpi0: bus -1 (PE23)
acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpitz0 at acpi0: critical temperature is 103 degC
acpicmos0 at acpi0
"AMDC003" at acpi0 not configured
acpibat0 at acpi0: BAT0 model "X550E30" serialtype LIon oem "OEM"
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID_
"ATK4001" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpibtn2 at acpi0: SLPB
"PNP0C14" at acpi0 not configured
cpu0: 2496 MHz: speeds: 2500 2300 2100 1700 1400 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 15h Root Complex" rev 0x00
radeondrm0 at pci0 dev 1 function 0 "ATI Kaveri Radeon R6" rev 0x00
drm0 at radeondrm0
radeondrm0: msi
azalia0 at pci0 dev 1 function 1 "ATI Kaveri HD Audio" rev 0x00: msi
azalia0: no supported codecs
pchb1 at pci0 dev 2 function 0 "AMD AMD64 15h PCIE" rev 0x00
pchb2 at pci0 dev 3 function 0 "AMD AMD64 15h PCIE" rev 0x00
pchb3 at pci0 dev 4 function 0 "AMD AMD64 15h PCIE" rev 0x00
xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 
addr 1
ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 2: 1.5Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct 
fixed naa.539614b041b8
sd0: 953869MB, 512 bytes/sector, 1953525168 sectors
cd0 at scsibus1 targ 2 lun 0:  ATAPI 5/cdrom 
removable
ohci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, 
version 1.0, legacy support
ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 
addr 1
ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, 
version 1.0, legacy support
ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 
addr 1
piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x16: polling
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM
spdmem1 at iic0 addr 0x51: 8GB DDR3 SDRAM PC3-12800 SO-DIMM
azalia1 at pci0 dev 20 function 2 "AMD Hudson-2 HD Audio" rev 0x01: msi
azalia1: codecs: Realtek ALC269
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
ppb0 at pci0 dev 20 function 4 "AMD Hudson-2 PCI" rev 0x40
pci1 at ppb0 bus 1
sdhc0 at pci0 dev 20 function 7 "AMD Hudson-2 SD Host Controller" rev 0x00: 
apic 0 int 16
sdhc0: SDHC 2.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
ppb1 at pci0 dev 21 function 0 "AMD Hudson-2 PCIE" rev 0x00
pci2 at ppb1 bus 2
ppb2 at pci0 dev 21 function 2 "AMD Hudson-2 PCIE" rev 0x00
pci3 at ppb2 bus 3
re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), 
msi, address 1c:b7:2c:22:fb:c9
rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
pchb4 at pci0 dev 24 function 0 "AMD AMD64 15h Link Cfg" rev 0x00
pchb5 at pci0 dev 24 function 1 "AMD AMD64 15h Address Map" rev 0x00
pchb6 at pci0 dev 24 function 2 "AMD AMD64 15h DRAM Cfg" rev 0x00
pchb7 

Re: xfce4-terminal crash in openbsd 6.4

2018-11-09 Thread Luke A. Call
Updating with the solution for reference:

I was also seeing this problem with LibreOffice which wouldn't
even launch past the splash screen.  
Running pkg_add -u didn't fix it.

Un- and re-installing libreoffice did fix it.
I discovered this by installing inkscape, which must be 
providing some dependency.  When I removed inkscape and
also ran "pkg_delete -avV" the problem returned.  Then removing
libreoffice, followed by another "pkg_delete -avV", and
reinstalling libreoffice made it work again.

And probably I should have tried that before posting.


Somehow, installing inkscape fixed it. 
On 11-07 09:53:32-0700, Luke A. Call wrote:
> This happens in OpenBSD 6.4 but I'm fairly confident didn't happen in
> 6.3 (definitely didn't happen at some point in the recent past; I don't
> recall if I tried this while I was using snapshots between 6.3 and 6.4):
> 
> If I start xfce4-terminal (either from xterm or the xfce4 "Run Program"
> dialog), and if I try to access the menus (either by clicking or alt-__
> key combination like alt-e), then xfce4-terminal exits.  In the xterm
> window, I can see that xfce4-terminal has reported this error before
> exiting:
> 
>   Gtk:ERROR:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion
>   failed (error == NULL): Failed to load
>   /usr/local/share/icons/Adwaita/16x16/status/image-missing.png:
>   Unrecognized image file format (gdk-pixbuf-error-quark, 3)
> 
> (Alternatively, if there is a way to do a text search across the
> scrollback buffer in xterm, that would let me stop my intermittent use
> of xfce4-terminal, but I haven't found that.  I know konsole has that
> search feature but it has many more binary dependencies that get
> installed with it.)
> 
> Ending with my dmesg which includes content farther down indicating 
> the upgrade to 6.4.  Thanks much!
> 
> OpenBSD 6.4-beta (GENERIC.MP) #327: Wed Sep 26 12:52:56 MDT 2018
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 16033533952 (15290MB)
> avail mem = 15538348032 (14818MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries)
> bios0: vendor American Megatrends Inc. version "204" date 11/20/2014
> bios0: ASUSTeK COMPUTER INC. X550ZA
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT 
> SSDT SSDT SSDT SSDT
> acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) 
> EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) 
> LID_(S5) SLPB(S4)
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 16 (boot processor)
> cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.40 MHz, 15-30-01
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
> cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
> cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, IBE
> cpu1 at mainbus0: apid 17 (application processor)
> cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
> cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
> cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 18 (application processor)
> cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDT

xfce4-terminal crash in openbsd 6.4

2018-11-07 Thread Luke A. Call
This happens in OpenBSD 6.4 but I'm fairly confident didn't happen in
6.3 (definitely didn't happen at some point in the recent past; I don't
recall if I tried this while I was using snapshots between 6.3 and 6.4):

If I start xfce4-terminal (either from xterm or the xfce4 "Run Program"
dialog), and if I try to access the menus (either by clicking or alt-__
key combination like alt-e), then xfce4-terminal exits.  In the xterm
window, I can see that xfce4-terminal has reported this error before
exiting:

  Gtk:ERROR:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion
  failed (error == NULL): Failed to load
  /usr/local/share/icons/Adwaita/16x16/status/image-missing.png:
  Unrecognized image file format (gdk-pixbuf-error-quark, 3)

(Alternatively, if there is a way to do a text search across the
scrollback buffer in xterm, that would let me stop my intermittent use
of xfce4-terminal, but I haven't found that.  I know konsole has that
search feature but it has many more binary dependencies that get
installed with it.)

Ending with my dmesg which includes content farther down indicating 
the upgrade to 6.4.  Thanks much!

OpenBSD 6.4-beta (GENERIC.MP) #327: Wed Sep 26 12:52:56 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16033533952 (15290MB)
avail mem = 15538348032 (14818MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries)
bios0: vendor American Megatrends Inc. version "204" date 11/20/2014
bios0: ASUSTeK COMPUTER INC. X550ZA
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT 
SSDT SSDT SSDT
acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) 
EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) 
LID_(S5) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.40 MHz, 15-30-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 18 (application processor)
cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu2: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 19 (application processor)
cpu3: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu3: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu3: 

can't start X in 6.4

2018-10-27 Thread Luke A. Call
I was running a snapshot from Sept 26, then upgraded yesterday to 6.4 
release, and ran pkg_add -u and syspatch.  Fortunately mutt runs 
without X  :) .

When I run "startx" I get errors like this (details in log below):
[ 78310.256] (EE) No drivers available.
[ 78310.256] (EE) 
Fatal server error:
[ 78310.261] (EE) no screens found(EE) 
[ 78310.267] (EE) 
 
The dmesg output seems to include from before the upgrade and after, and 
contains some radeon errors like these 2 lines.
  error: [drm:pid0:cik_ring_test] *ERROR* radeon: ring 2 test failed 
(scratch(0x3010C)=0xCAFEDEAD)
  error: [drm:pid0:cik_sdma_ring_test] *ERROR* radeon: ring 3 test failed 
(0xCAFEDEAD)

fw_update -i yields:
Installed: vmm-firmware-1.11.0p0 uvideo-firmware-1.2p2 
radeondrm-firmware-20170119

/etc/sysctl.conf contains only these lines and blank/commented ones:
machdep.allowaperture=3 # See xf86(4)
machdep.lidaction=0
kern.maxfiles=2

Running as root "X -configure" just outputs the options (which include 
"-configure", apparently), and says "Unrecognized option: -configure".

The dmesg output follows, and then the contents of 
~/.local/share/xorg/Xorg.0.log, followed by the file 
/usr/X11R6/share/X11/xorg.conf.d/10-radeon.conf file, which ends this 
message.

Thanks much for suggestions.


dmesg output:
---
OpenBSD 6.4-beta (GENERIC.MP) #327: Wed Sep 26 12:52:56 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16033533952 (15290MB)
avail mem = 15538348032 (14818MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf90 (49 entries)
bios0: vendor American Megatrends Inc. version "204" date 11/20/2014
bios0: ASUSTeK COMPUTER INC. X550ZA
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ECDT MCFG MSDM HPET UEFI SSDT SSDT CRAT SSDT 
SSDT SSDT SSDT
acpi0: wakeup devices LOM_(S4) SBAZ(S4) ECIR(S4) OHC1(S4) EHC1(S4) OHC2(S4) 
EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) ODD8(S3) GLAN(S4) 
LID_(S5) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2496.40 MHz, 15-30-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu1: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 18 (application processor)
cpu2: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.34 MHz, 15-30-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
cpu2: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 19 (application processor)
cpu3: AMD A10-7400P Radeon R6, 10 Compute Cores 4C+6G, 2495.35 MHz, 15-30-01
cpu3: 

Re: Remiss on my personal and server security practices, offering server usage to outsiders

2018-09-19 Thread Luke A. Call
On 09-19 08:32, Chris Bennett wrote:
> On Wed, Sep 19, 2018 at 04:14:47PM +0200, Solene Rapenne wrote:
> > Chris Bennett  wrote:
> > > I have not opened up my server before for full usage of email, web,
> > > database, etc. before. So I'm a total noob on really good security
> > > practices.
> > > 
> > > Proper owner:group all over the place. Not covered in hier (7).
> > 
> > look at security(8), especially the mtree part
> > 
> Thank you. I used it a few times but I never opened the files in
> /etc/mtree. Very useful. Although that doesn't cover all of my
> owner:group questions, I can see a little better now.

I have "umask 0077" set in my /etc/profile so that all users cannot by default 
see each others' files, unless they want to open them up.  This is even though 
all the users are currently variations of myself with different security 
profiles.  If I were a new user learning to use a system, especially a 
multiuser one, I would appreciate that default until I learned more.

I have wondered if that would be a good systemwide default in new obsd installs 
(or the reasons not), but have also found that when root has that setting, I 
have to change it back to "umask 0022" for the duration of running pkg_add 
(which I do in a script), or some packages have problems.

(Corrections welcome.)  



ssh -X instead, workarounds (was Re: ssh -Y behaviour change

2018-09-12 Thread Luke A. Call
On 09-12 08:20, Brett Mahar wrote:
> I know `ssh -X` is more secure, I use this when I can but use the `ssh -Y` 
> version when I need ability to copy and paste.

While this probably doesn't solve your main problem, it might be useful 
afterward.  For what it's worth, I have used ssh -X extensively and copy/paste 
successfully, so it is a little more secure than ssh -Y for most things.  I 
have added some config to help it work between apps that used different 
clipboards, to ease interoperability, in the ~/.Xdefaults of the user running X:

XTerm*selectToClipboard: true
 *VT100*translations:#override \
   Ctrl Shift V:insert-selection(CLIPBOARD, CUT_BUFFER1) \n

...and where that doesn't work (depends on which apps and in which direction I 
copy/paste between them), I have a couple of scripts using the xc command (from 
ports/packages) to work around that.

Then workarounds:  I only use ssh -Y occasionally, for a very few apps that 
seem to only function with it.  This is not an area where I have deep 
understanding, but I did a bunch of web searches, reading and some 
experimenting.  I am also careful what I copy to the clipboard, because any app 
(probably including those running as different users) can see it,   And when 
that really breaks down (eg, multiline copy/paste from browser to a text-mode 
app), I just paste into a world-readable text file from one user, and pull it 
out as the other user.

If any of this is bad practice I would appreciate the feedback.  

(I probably wouldn't use ssh -X much, if I could start more than one X session 
in different ctrl-alt-fX consoles, as different users, to run at the same time 
as I used to always do on debian.)



Re: Running your own mail server

2018-09-10 Thread Luke A. Call
On 09-10 13:30, Craig Skinner wrote:
> Being a postmaster (email server administrator) and hostmaster (DNS
> server administrator) is fun, hectic, and takes about 5 years to learn.
> [] 
> Save yourself the trouble and let them use their gMail
> accounts/addresses directly. They'll soon be getting Android or Apple
> phones, so let them use their Google/Apple accounts themselves.
> 

Some good points.

One could also use a different provider just for mail (pop or webmail) 
instead of google, if one wants to keep from centralizing more power there.  

(One example among many is pair.com, for webmail, DNS, domain, some hosting 
but not OpenBSD that I know of, unless you get a virtual private server).



Re: nmap on routed ip4 networks, openbsd/pf or package/port issue?

2018-08-01 Thread Luke A. Call
On 08-01 10:54, Luke A. Call wrote:
> On 08-01 15:08, Henrik Engmark wrote:
> > So I set up a new 6.3 with the sole purpose of nmapping, since my older 
> > OpenBSDs is coremapping on me with nmap.
> >[] 
> > On to the problem, I scan my local LAN with the following:
> > nmap -Pn -A -v -v --send-eth -e em0 -stylesheet somestylesheet -oA 
> > /tmp/nmapout 192.168.1.0/24
> > This works fine, every time i try. Takes about an hour. However, when I try 
> > it on a remote routed net like so:
> > nmap -Pn -A -v -v --send-eth -e em1 -stylesheet somestylesheet -oA 
> > /tmp/nmapout 10.20.30.192/26
> > 
> > nmap stops doing anything after a minute or so, it goes to 0% cpu and stays 
> > there. I waited at least 24 hours without any sign of life.
> > top tells me nmap is WAIT/bpf after those first couple of minutes. I am not 
> > sure what that means exactly, but I figured maybe something with pf, so I 
> > disabled pf alltogether and tried again, with the same result.
> 
> I am curious what you learn as I have seen similar behavior.  I've been
> nmapping a printer on my local network, trying different things, and nmap
> freezes for me after a short or long time.  
> 
> Strangely though, it seems to ~ "unfreeze" if I start another nmap 
> instance, probing the same address, in a separate terminal window.  
> Sometimes I have to kill and restart that other instance as it 
> freezes too, but this workaround has allowed me to continue at least.
> 
> I am on 6.3 stable with latest syspatch.

Also curiously, the 2nd nmap running, like the first instance it
is intended to "unfreeze", also uses 90+% of a CPU (until it also
freezes), even though I passed the "-T2" parameter to slow it down.



Re: nmap on routed ip4 networks, openbsd/pf or package/port issue?

2018-08-01 Thread Luke A. Call
On 08-01 15:08, Henrik Engmark wrote:
> So I set up a new 6.3 with the sole purpose of nmapping, since my older 
> OpenBSDs is coremapping on me with nmap.
>[] 
> On to the problem, I scan my local LAN with the following:
> nmap -Pn -A -v -v --send-eth -e em0 -stylesheet somestylesheet -oA 
> /tmp/nmapout 192.168.1.0/24
> This works fine, every time i try. Takes about an hour. However, when I try 
> it on a remote routed net like so:
> nmap -Pn -A -v -v --send-eth -e em1 -stylesheet somestylesheet -oA 
> /tmp/nmapout 10.20.30.192/26
> 
> nmap stops doing anything after a minute or so, it goes to 0% cpu and stays 
> there. I waited at least 24 hours without any sign of life.
> top tells me nmap is WAIT/bpf after those first couple of minutes. I am not 
> sure what that means exactly, but I figured maybe something with pf, so I 
> disabled pf alltogether and tried again, with the same result.


I am curious what you learn as I have seen similar behavior.  I've been
nmapping a printer on my local network, trying different things, and nmap
freezes for me after a short or long time.  

Strangely though, it seems to ~ "unfreeze" if I start another nmap 
instance, probing the same address, in a separate terminal window.  
Sometimes I have to kill and restart that other instance as it 
freezes too, but this workaround has allowed me to continue at least.

I am on 6.3 stable with latest syspatch.



Re: Questions about crypto and USA laws, concerns today

2018-07-24 Thread Luke A. Call
On 07-24 11:50, Chris Bennett wrote:
> What is going on overall with the US and cryptography?
> I recently joined an organization that has legitimate concerns about
> privacy, so I thought I'd ask those who know and have history with this
> issue.

I am definitely not any kind of expert on this (including about export rules), 
but I read the news frequently.  For privacy, I have been under the impression 
that federal law enforcement and legislators mostly were grasping the idea, 
that encryption backdoors would cause more harm to the public, than good for 
law enforcement.  And it seems reasonable to hope that encryption for privacy 
will remain legal.  But future federal policy or legislative details are very 
hard to predict right now.



Re: How to search for "hostap" in man pages.

2018-06-16 Thread Luke A. Call
ps: I think apropos/man -k only search the header, not the entire manual page.

On 06-16 17:34, Luke A. Call wrote:
> I think "man -K" would work on gnu/linux, but on OpenBSD you might have to:
>   cd /usr/share/man
> or 
>   cd /usr/local/man
> and
>   grep -ir hostap *|less
> 
> On 06-16 22:39, Karel Gardas wrote:
> > was looking for "hostap" or "Host AP" using man -k and apropos, but this 
> > somehow does not return expected results:
> > 
> > $ man -k hostap
> > hostapd(8) - Host Access Point daemon
> > hostapd.conf(5) - configuration file for the Host Access Point daemon
> > 
> > but:
> > $ man ral|grep hostap  
> >mediaopt hostap
> >  hostname.if(5), hostapd(8), ifconfig(8)



Re: How to search for "hostap" in man pages.

2018-06-16 Thread Luke A. Call
I think "man -K" would work on gnu/linux, but on OpenBSD you might have to:
  cd /usr/share/man
or 
  cd /usr/local/man
and
  grep -ir hostap *|less
.

Maybe someone else knows a better way though.

On 06-16 22:39, Karel Gardas wrote:
> 
> Hello,
> 
> was looking for "hostap" or "Host AP" using man -k and apropos, but this 
> somehow does not return expected results:
> 
> $ man -k hostap
> hostapd(8) - Host Access Point daemon
> hostapd.conf(5) - configuration file for the Host Access Point daemon
> 
> but:
> 
> $ man ral|grep hostap  
>mediaopt hostap
>  hostname.if(5), hostapd(8), ifconfig(8)
> 
> $ man athn|grep hostap 
>mediaopt hostap
> 
> $ man ath|grep hostap  
>mediaopt hostap
>  hostname.if(5), gpioctl(8), hostapd(8), ifconfig(8)
> 
> 
> am I missing something or mistakenly expected man -k should return those too?
> 
> Thanks!
> Karel
> PS: on -current with following dmesg:
> 
> OpenBSD 6.3-current (GENERIC.MP) #14: Thu Jun 14 23:55:47 MDT 2018
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8461684736 (8069MB)
> avail mem = 8127451136 (7750MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
> bios0: vendor LENOVO version "6FET61WW (2.07 )" date 02/13/2009
> bios0: LENOVO 224362G
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA 
> DMAR SSDT SSDT SSDT
> acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) 
> EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3) EHC1(S3) 
> HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.35 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
> cpu0: 3MB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
> cpu0: apic clock running at 265MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2.1.3, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.00 MHz
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
> cpu1: 3MB 64b/line 8-way L2 cache
> cpu1: smt 0, core 1, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
> , remapped to apid 1
> acpimcfg0 at acpi0 addr 0xe000, bus 0-63
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (AGP_)
> acpiprt2 at acpi0: bus 2 (EXP0)
> acpiprt3 at acpi0: bus 3 (EXP1)
> acpiprt4 at acpi0: bus -1 (EXP2)
> acpiprt5 at acpi0: bus 5 (EXP3)
> acpiprt6 at acpi0: bus 13 (EXP4)
> acpiprt7 at acpi0: bus 21 (PCI1)
> acpicpu0 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10), 
> C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10), 
> C1(1000@1 mwait.1), PSS
> acpipwrres0 at acpi0: PUBS, resource for USB0, USB3, USB5, EHC0, EHC1
> acpitz0 at acpi0: critical temperature is 127 degC
> acpitz1 at acpi0: critical temperature is 100 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> acpicmos0 at acpi0
> "IBM0057" at acpi0 not configured
> "INTC0102" at acpi0 not configured
> acpibat0 at acpi0: BAT0 model "42T4619" serial   732 type LION oem "SANYO"
> acpiac0 at acpi0: AC unit online
> acpithinkpad0 at acpi0
> "PNP0C14" at acpi0 not configured
> acpidock0 at acpi0: GDCK not docked (0)
> acpivideo0 at acpi0: VID_
> acpivout0 at acpivideo0: LCD0
> acpivideo1 at acpi0: VID_
> cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2401, 2400, 1600, 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07
> inteldrm0 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07
> drm0 at inteldrm0
> intagp0 at inteldrm0
> agp0 at intagp0: aperture at 0xd000, size 0x1000
> inteldrm0: msi
> inteldrm0: 1280x800, 32bpp
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> "Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured
> "Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured
> em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M AMT" rev 0x03: msi, address 
> 00:22:68:0a:32:65
> uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: apic 1 int 20
> uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: apic 1 int 21
> uhci2 at pci0 dev 26 

Re: Limit CPU usage of a process?

2018-05-27 Thread Luke A. Call
I had that problem but turning off javascript (as someone else said), turning 
off images most of the time, and bookmarking the tab group then closing as many 
tabs as I wasn't actually going to use soonest (especially any viewing PDF 
files), dropped it down to ~4%.

On 05-27 12:07:16+0200, Maximilian Pichler wrote:
> Is it possible to limit the CPU usage of a given process to, say, 20%?
> 
> I'd like to slow down the web browser since it is draining my laptop's
> battery. With enough tabs open it's often consuming ~50% of CPU but
> not doing anything productive. Apparently with RLIMIT_CPU in
> setrlimit(2) the total CPU time of a process can be limited. Can a
> similar limit be set for the percentage?
> 
> Thanks
>