Can lmdb library linked C code be profiled?

2021-06-10 Thread Luke Small
I’ve discovered that C source code only seems to be able to be profiled by gprof profiled with gcc (or egcc from gcc package) and with the “-static” flag to static link the program. But statically linked code which uses lmdb with lmdb.a from the lmdb package will throw compile-time errors. Is

Re: I can’t get veb/vport to work with vmd.

2021-05-06 Thread Luke Small
I got it working. I have a pretty hefty amount of vether0 and vether0:network in my pf.conf that I changed to vport0 and vport0:network. That fixed every single thing! I somehow completely forgot about all the vether0 pf rules which isolates the the various local systems so VMs are isolated from

I can’t get veb/vport to work with vmd.

2021-05-05 Thread Luke Small
There seems to be ZERO examples of using veb/vport vs bridge/vether. I am running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0 so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-02 Thread Luke Small
ect "disk" and type in the location of the mount > On Sun May 2, 2021 at 12:34 PM CST, Luke Small wrote: > > There has to be a valid partition to install it to. When I have an > > encrypted drive, that doesn’t exist using usb…chudazoid. > > > > On Sun, May 2, 2021 at 1:

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-02 Thread Luke Small
That change to undo the “supersede” command to look at the local unbound server in dhclient.conf fixed it. Downloading 6.9 release as we speak. On Sun, May 2, 2021 at 1:34 PM Luke Small wrote: > There has to be a valid partition to install it to. When I have an > encrypted drive, that d

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-02 Thread Luke Small
ur file location > > On Sat May 1, 2021 at 7:37 PM CST, Luke Small wrote: > > I would do that, but I’ll have to figure out how to manually mount my > > encrypted partition, which sysupgrade and bsd.rd takes care if for me > > automatically. > > > > On Sat, Ma

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-01 Thread Luke Small
"disk" at the prompt. once you go current you can't go back, and its > very clearly said in the FAQ as ashton said > > On Sat May 1, 2021 at 6:25 PM CST, Luke Small wrote: > > I tried that by the way. I even mv’ed my pf.conf to nullify it and > > tried > > and it coul

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-01 Thread Luke Small
aks to this matter. > > Noone else has anything more to say. > > Please stop begging for personal handholding, everyone is getting > embarrassed. > > > > Luke Small wrote: > > > I tried that by the way. I even mv’ed my pf.conf to nullify it and tried > > and it co

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-01 Thread Luke Small
enough. On Sat, May 1, 2021 at 5:26 PM jpeg bild wrote: > If you want to move back to stable, you would have to boot bsd.rd and > select "Upgrade" in the prompt, then install from http with the correct > path for 6.9-stable > > On Fri Apr 30, 2021 at 9:49 PM CST, Lu

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-01 Thread Luke Small
an iso) to make that change? On Fri, Apr 30, 2021 at 11:01 PM Theo de Raadt wrote: > Luke Small wrote: > > > We’re there major irreversible changes made to the following snapshot: > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 02:26:53 > MDT &

Can I do 4-26 snapshot to 6.9-stable safely?

2021-04-30 Thread Luke Small
We’re there major irreversible changes made to the following snapshot: kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 02:26:53 MDT 2021 which would render in incapable of a downgrade? -- -Luke

Can I shorten fw_update download timeout?

2021-04-08 Thread Luke Small
I make unbound connect to dnscrypt-proxy and after an update, it’ll just sit there for what seems like 2 minutes while fw_update inevitably fails before turning on dnscrypt-proxy. I’ve been running snapshots and that’s really dumb. Or is there a way to have unbound connect to a failover server

Re: FVWM terminal emulator transparency issue in -current

2021-02-17 Thread Luke Small
Thanks! I just made it run at opacity .55 and I LOVE IT! Thanks! On Mon, Feb 15, 2021 at 11:25 PM Thomas Frohwein wrote: > On Mon, Feb 15, 2021 at 05:03:55PM -0600, Luke Small wrote: > > I'm running fvwm window manager and I just switched to -current. Roxterm > is > > totall

FVWM terminal emulator transparency issue in -current

2021-02-15 Thread Luke Small
I'm running fvwm window manager and I just switched to -current. Roxterm is totally messed up, won't do transparent background and I tried xfce4-terminal and it says it won't do transparent backgrounds because compositing is disabled Sure first-world problems, but I REALLY want fvwm to do

Snort for httpd’s https sessions?!

2021-01-06 Thread Luke Small
Is there a way for a hook(?) for snort to read plaintext https sessions in OpenBSD’s httpd?! That’d be SUPER SWEET!-- -Luke

pf and Wireguard

2020-09-26 Thread Luke Small
... Change: match out on egress from (wg0:network) to any nat-to (egress:0) To: match on egress from (wg0:network) to any nat-to (egress:0) tag “wireguard” pass tagged “wireguard” keep state -- -Luke

USA kernel hackers looking for a $120k+ job?

2020-08-18 Thread Luke Small
I’m applying for federal grant which will hopefully start about March or April and I’m looking for somebody who can work on OpenBSD and in C (perhaps with a touch of python) to do the server side of an extraordinary dating app which will be able to prove STD uninfectiousness! -- -Luke

fullscreen iridium stops me scrolling to another fvwm virt. desktop!

2020-07-14 Thread Luke Small
fullscreen iridium browser often stops letting me scroll to another fvwm virtual desktop, but I never have that problem with firefox! Whats the deal? On iridium, I either have to click on the browser window border or I have to unmaximize the browser window to leave space between the browser window

Re: strlcpy version speed tests?

2020-07-01 Thread Luke Small
Are you clinging to traditions for some purpose? I gave two different versions. strlcpy3 is clearly more easily understood and even slightly faster and strlcpy4 which sets up the following workhorse lines which through timing the functions is hands down faster on my Xeon chips: strlcpy4: while

Re: strlcpy version speed tests?

2020-06-30 Thread Luke Small
I suppose this strlcpy4 without a goto is more elegant -Luke On Tue, Jun 30, 2020 at 10:07 PM Luke Small wrote: > I made it SUPER easy to test my assertion. The code is there. No > configuration needed. > > On Tue, Jun 30, 2020 at 9:59 PM Theo de Raadt wrote: > >&

strlcpy version speed tests?

2020-06-30 Thread Luke Small
I made a couple different versions if anybody is interested! -Luke #include #include #include #include #include #include /* cc strlcpy_test.c -pipe -O2 -o strlcpy_test && ./strlcpy_testfast */ /* * Copy string src to buffer dst of size dsize. At most dsize-1 * chars will be copied.

why isn't strlcpy written like this:

2020-06-30 Thread Luke Small
strlcpy is: size_t strlcpy(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; /* Copy as many bytes as will fit. */ if (nleft != 0) { while (--nleft != 0) { if ((*dst++ = *src++) == '\0') break; } } /* Not enough room in dst, add NUL

Re: Filling a 4TB Disk with Random Data

2020-06-10 Thread Luke Small
if you have access to packages, you could "pkg_add pv" and: "dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m" It will show you in real time how much random data has been written to disk. -Luke On Wed, Jun 10, 2020 at 11:43 AM Luke Small wrote: > I mean: "

realpath(3) to unveil() symbolic links!

2020-06-04 Thread Luke Small
You can use unveil() on both a symbolic link and the value recovered by putting it in realpath(3)! I used it in what I submitted for unveiling ftp(1) -- -Luke

Re: I unveil()ed ftp(1)!

2020-06-04 Thread Luke Small
I made symbolic links “ln -s /etc/ssl/cert.pem ”. I used the realpath command and it worked in the software I submitted. On Thu, Jun 4, 2020 at 11:06 AM Theo de Raadt wrote: > No. > > I'm guessing you don't understand symbolic links. > > Look, this is a waste of time. > >

Re: I unveil()ed ftp(1)!

2020-06-04 Thread Luke Small
In the case of 1 URLs couldn’t you at least merely unveil “./“ as “cw”; make any specified cafile/capath including shortcut resolution as “r” (perhaps with the shell “x”) so that at worst, current directory files could be overwritten, but not read? On Wed, Jun 3, 2020 at 10:39 AM Theo de

Re: I unveil()ed ftp(1)!

2020-06-03 Thread Luke Small
there was tiny error I created. -Luke On Wed, Jun 3, 2020 at 2:24 PM Luke Small wrote: > There! It doesn't use an unveil list. It has 2 dry runs as proposed. > It could just have a dry run to see if it goes into interactive mode > and then unveil as we go! but I like to see all t

Re: I unveil()ed ftp(1)!

2020-06-03 Thread Luke Small
There! It doesn't use an unveil list. It has 2 dry runs as proposed. It could just have a dry run to see if it goes into interactive mode and then unveil as we go! but I like to see all the unveil calls before the ftp output statements myself! -Luke On Wed, Jun 3, 2020 at 11:30 AM Luke Small

Re: I unveil()ed ftp(1)!

2020-06-03 Thread Luke Small
Or you could have 2 dry runs. One to merely see that it won't head into interactive mode and a second one to start the unveiling directly in fetch.c. Unless unveil itself will have too many entries! -Luke On Wed, Jun 3, 2020 at 11:12 AM Luke Small wrote: > I figure if it took up that m

Re: I unveil()ed ftp(1)!

2020-06-03 Thread Luke Small
I figure if it took up that much stack space from before, it'd start needing to dang near run the stack into on-disk virtual memory anyway. At that point, it'd perhaps be a better design choice to break up your ftp calls into slightly smaller chunks to avoid massively poor performance, yeah? LOL

Re: I unveil()ed ftp(1)!

2020-06-03 Thread Luke Small
ean it is amusing, because this is never going to fly. > > This increase in complexity is completely unacceptable, what I see is > completely amateurish, and I also see overflows, a lack of testing > for edge conditions, and a lack of attention to how unveil works. > > > Luke Sm

Re: I unveil()ed ftp(1)!

2020-06-03 Thread Luke Small
you for the laugh. > > > Luke Small wrote: > > > I think I'm done tinkering. try these out in ftp folder. I left in some > > fprintf(ttyout,...) in main.c > > to show what is being unveiled. It resolves shortcuts in SSL_CAFILE > > and SSL_PATH variables. &

I unveil()ed ftp(1)!

2020-06-03 Thread Luke Small
I think I'm done tinkering. try these out in ftp folder. I left in some fprintf(ttyout,...) in main.c to show what is being unveiled. It resolves shortcuts in SSL_CAFILE and SSL_PATH variables. It leaves in place the functionality of the original functions, but adds the availability to perform a

Re: Could somebody please put unveil() in ftp(1)?

2020-06-03 Thread Luke Small
files below vs the originals since I last updated the source files. -Luke On Tue, Jun 2, 2020 at 12:43 PM Kevin Chadwick wrote: > On 2020-06-02 17:28, Luke Small wrote: > > I don’t have experience doing diffs. Are there flags I should be using > in diff > > or should I do

Re: Could somebody please put unveil() in ftp(1)?

2020-06-02 Thread Luke Small
I missed something. -Luke On Sat, May 30, 2020 at 2:53 PM Luke Small wrote: > I’ll get to looking at ftp(1) more when I get some physical contact with > my server. I’m quaranteaming with my girlfriend’s folks. > > I have a pkg_ping program (OpenBSD-specific, dns caching, l

Re: Could somebody please put unveil() in ftp(1)?

2020-05-30 Thread Luke Small
May 29, 2020 at 8:50 AM Stuart Henderson wrote: > On 2020/05/29 08:30, Luke Small wrote: > > You mention a lot of files that need to be read, but a program like > pkg_add can make it the > > _pkgfetch (57) user which has no directory and I’m guessing not in > interactive mode. At t

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Luke Small
You mention a lot of files that need to be read, but a program like pkg_add can make it the _pkgfetch (57) user which has no directory and I’m guessing not in interactive mode. At the very least, in noninteractive mode you could unveil(“/“, “rx”); and change the specified output file discover the

Could somebody please put unveil() in ftp(1)?

2020-05-28 Thread Luke Small
unveil is nowhere to be found in the ftp program source code. There’s probably another way to do it, but I wrote a program and searched all files in /usr/src/usr.bin/ftp/ contain no mention of “unveil”, but It mentions “pledge” It could take 3 lines at line 389 in /usr/src/usr.bin/ftp/main.c: if

Can root C program call to sysctl be pledge()ed?

2019-09-21 Thread Luke Small
I have need to call sysctl() in a C program to read “sysctl kern.version”. Will there be a pledge() to prohibit further calls to sysctl()? I’m kinda afraid that putting a sysctl call could conceivably leave it vulnerable to calling it again in the case the mitigations fail and sysctl() is run to

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Luke Small
Yay! -Luke On Sun, Sep 8, 2019 at 8:07 PM David Gwynne wrote: > I think I see the problem. We're going to try and test this locally and > will hopefully have something committed in a few hours time. > > dlg > > > On 9 Sep 2019, at 10:33, Luke Small wrote: > > >

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Luke Small
I have mfii too: dmesg | grep mfii: mfii0 at pci11 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache scsibus1 at mfii0: 64 targets scsibus2 at mfii0: 256 targets > On 8.9.2019.

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Luke Small
is installed soon af...“ On Sun, Sep 8, 2019 at 11:19 AM Luke Small wrote: > It doesn’t work for me on the > ftp.hostserver.de/archive/2019-08-29-0105/amd64/ > bsd.rd! > > On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote: > >> Mine works on 8-27 >> -- >> -Luke >> > -- > -Luke > -- -Luke

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Luke Small
It doesn’t work for me on the ftp.hostserver.de/archive/2019-08-29-0105/amd64/ bsd.rd! On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote: > Mine works on 8-27 > -- > -Luke > -- -Luke

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Luke Small
Mine works on 8-27 -- -Luke

Re: Who has an ancient -current snapshot

2019-09-07 Thread Luke Small
Thanks, Somebody else directed me to it too! I got my server working again!!! -Luke On Sat, Sep 7, 2019 at 3:52 AM Marcus MERIGHI wrote: > Hello Luke, > > lukensm...@gmail.com (Luke Small), 2019.09.07 (Sat) 00:56 (CEST): > > I need an old kernel image older than maybe a coup

Who has an ancient -current snapshot

2019-09-06 Thread Luke Small
I need an old kernel image older than maybe a couple weeks old. I have the x8dth-6f motherboard and newer snapshots broke it. I made the mistake of trying to downgrade to 6.5 and now I can boot my machine! I made a not-bright decision. -- -Luke

Re: Can unveil pledge to only reduce?

2018-09-11 Thread Luke Small
of a pledge command? It apparently knows if it is an increase in permissions, can't it be set to only permit them? On Thu, Aug 16, 2018 at 2:00 PM Luke Small wrote: > Ok. Thanks. > On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote: > >> Luke Small wrote: >> >

Make new OpenBSD 2.5 daemon art!!!

2018-09-11 Thread Luke Small

Re: Can unveil pledge to only reduce?

2018-08-16 Thread Luke Small
Ok. Thanks. On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote: > Luke Small wrote: > > Could you have a promise for unveil reductions only? > > That won't actually help much, and people will fall into some > pretty significant traps. > > Sorry it would require a really long explanation. >

Can unveil pledge to only reduce?

2018-08-16 Thread Luke Small
Could you have a promise for unveil reductions only?

anybody installed angr, eg. pip install angr

2018-08-10 Thread Luke Small
It doesn't natively support OpenBSD.

This a good place to find a Sr. C coder 4 app server?

2018-07-24 Thread Luke Small
I have what I feel to be a profound idea that is in need of someone with a strong resume. I have a patent. I want to use it to enable users to get tested for sexually transmitted diseases, then use iris scanning smartphones to compare their disease sets. There is a strong epidemiological component

Re: Can SSH report successful connections to pf?

2018-05-05 Thread Luke Small
Cool! On Sat, May 5, 2018 at 3:17 AM Andreas Kusalananda Kähäri < andreas.kah...@icm.uu.se> wrote: > On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote: > > > > You might want to parse /var/log/authlog and the logrotated > authlog.[0-9].gz > > for successful and unsuccessful

Can SSH report successful connections to pf?

2018-05-04 Thread Luke Small
Can SSH and possibly other programs more easily able to report successful connections so pf can make stricter bruteforce connection rejecting even better?

Wouldn't it be cool...!

2018-04-06 Thread Luke Small
What if you could set up a pf rule to: overload an ip address into a table if they tried to access the wrong port on an address and overload flush global immediately into a blocklist ( max-src-states 0)! or with max-src-conn-rate 2/60 when sshd behaves in such a manner as to confirm that a

Re: Automatically restarting services/daemons after crash

2017-10-14 Thread Luke Small
/Blind_return_oriented_programming seems to state so. I dont fully trust wikipedia. On Sat, Oct 14, 2017 at 3:06 AM Philip Guenther <guent...@gmail.com> wrote: > On Sat, Oct 14, 2017 at 12:49 AM, Luke Small <lukensm...@gmail.com> wrote: > >> If that's true, then why has Theo been speaking of th

Re: Automatically restarting services/daemons after crash

2017-10-14 Thread Luke Small
If that's true, then why has Theo been speaking of the brop problems, when they begin with an incremental canary discovery that becomes all but impossible to guess when it becomes a random 4 byte datum each time rather than a datum that remains the same each restart? Braille should already be

Re: Automatically restarting services/daemons after crash

2017-10-14 Thread Luke Small
I am not versed in operating systems as well as you, but I would think that stack and buffer canaries would differ from each execution.

Re: Automatically restarting services/daemons after crash

2017-10-13 Thread Luke Small
Maybe more things should be randomized like the stack canaries. Is that a new idea? On Fri, Oct 13, 2017 at 11:34 PM Theo de Raadt wrote: > > I read "hacking blind." Can you restart a daemon with another forked > > process that's only job is to monitor a pipe or a

Re: Automatically restarting services/daemons after crash

2017-10-13 Thread Luke Small
I read "hacking blind." Can you restart a daemon with another forked process that's only job is to monitor a pipe or a waitpid()-like operation and if the parent dies, it exec's to restart it, or even execs "rcctl restart ntpd" If the mitigations are successful at limiting execution to let's say,

pkg_add ignores -m

2017-10-09 Thread Luke Small
Using the -m flag it still gets warnings from pulseaudio and redis that I didn't use the -m flag

Pledge paths[ ]

2017-06-14 Thread Luke Small
Is paths[] going to have permissions defined for each path? Like: char *paths[], int *mode, where mode is the same as in dbopen(3). Maybe so you don't have to clean up previous pledge calls, any pledge calls with a NULL paths argument doesn't have anything specified for mode. for simplicity,

How do you use EV_DISPATCH in kqueue(2)

2017-06-07 Thread Luke Small
Is EV_DISPATCH somehow like EV_ONESHOT or EVDISABLE ? What is a use case? If you have an open socket file descriptor with a EVEFILT_READ, does it close the socket upon getting some data? I don't run current.

why does unbound listen as root

2017-05-12 Thread Luke Small
pf rule execution says it listens as root, but it connects as the _unbound user, when configured to run as _unbound. Why doesn't it listen, bind, etc. as root, drop privileges and pledge away privilege escalation? Is it to avoid more #ifdef hell? Or can you not listen to a privileged port if you

Re: list all system users, eg. _x11

2017-05-09 Thread Luke Small
if I need to identify all > the user accounts (to recreate them on a new system or something), I > exclude uids under 1000 as a starting point. > > > On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI <mcmer-open...@tor.at> > wrote: > >> and...@msu.edu (STeve Andre'),

list all system users, eg. _x11

2017-05-06 Thread Luke Small
Is there a way to determine all users on a system that the users command doesn't seem to show? like _x11 and _ntpd

Pf with secondary DNS resolution

2017-05-03 Thread Luke Small
Four words Peter..."dynamic IP address". I'm sure that there are folks that ssh into machines that are on a dynamic IP address that don't have a modem on a power backup, or even possibly on an ISP that may down, possibly when they are out of town. I don't know if it is possible or already done,

Re: Pf with secondary DNS resolution

2017-05-03 Thread Luke Small
ready done, but you could have a computer check into a target machine that often changes the ip address or system while the firewall is locked down to only send messages to that remote machine and if it is compromised, can't send it anywhere else. On Wed, May 3, 2017 at 3:16 PM Luke Small <lukensm

Pf with secondary DNS resolution

2017-05-03 Thread Luke Small
Is it worthwhile to set up a hook for pf to load rules that have URLs after the network services that can resolve them come into effect?

80 users

2017-04-29 Thread Luke Small
As I recall, there is a build configuration of 80 users for some kernel components. What happens if the system exceeds that number?

Re: pledge for sockets

2017-04-29 Thread Luke Small
a different user through pf (and when I get a more serious machine, possibly through a unique interface). Most importantly, I need it for session cache for multiple processes. On Sat, Apr 29, 2017 at 10:02 AM Luke Small <lukensm...@gmail.com> wrote: > I have a program that I believe needs ine

Re: pledge for sockets

2017-04-29 Thread Luke Small
AM Reyk Floeter <r...@openbsd.org> wrote: > > > Am 26.04.2017 um 13:38 schrieb Luke Small <lukensm...@gmail.com>: > > > > Pledge will presumably have per process (including fork()ed process) > **path > > limitations on rpath rpath and wpath calls, why not

Re: pledge for sockets

2017-04-26 Thread Luke Small
Pledge will presumably have per process (including fork()ed process) **path limitations on rpath rpath and wpath calls, why not limitations on inet and unix? On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson <icepic...@gmail.com> wrote: > 2017-04-26 13:19 GMT+02:00 Luke Small <lukensm.

Re: pledge for sockets

2017-04-26 Thread Luke Small
I'm not saying to alter pledge necessarily, maybe make new system call like pledge. There aren't any per-process pf rules that are applied. When a socket connects to a remote or local server and pf makes a state, it has the originating randomized port. Pf rules can be made that target those

pledge for sockets?

2017-04-26 Thread Luke Small
Would it be a good idea to make a pledge like call that limits a process from connecting to ports and/or hosts? Maybe it could be done in way that the kernel is made aware of the limitations like in a pledge call and while the process is alive, the kernel spawns pf rules based upon the socket

Re: kqueue

2017-04-19 Thread Luke Small
It looks like you will be limited to 4096 timers and to valid file descriptors that don't exceed INT_MAX. My guess is that if you need more, you could run another kqueue for more timers or different kevents on identical file descriptors. Otherwise, the man page says: kevent() returns the number

kqueue

2017-04-18 Thread Luke Small
I suspect that you will sooner run out of file descriptors. but I assume that if it runs into a problem, kevent() will return -1 and it may be unrecoverable. I suspect that it would first occur because the kernel is being overutilized. The information that is being created, I suspect, is being

Re: Why isn't OpenBSD in Google Summer of Code 2017?...

2017-04-05 Thread Luke Small
nful > and much more effective to rewrite from scratch. So what's the point of > having that previous iteration? > > On 5 Apr 2017 at 13:10, Luke Small wrote: > > > I imagine there are some projects that need some love that are on the > back > > burner at the moment that

Re: Why isn't OpenBSD in Google Summer of Code 2017?...

2017-04-05 Thread Luke Small
Bring on the Flaming Theo! On Wed, Apr 5, 2017 at 3:55 PM Flipchan <flipc...@riseup.net> wrote: > Ping Theo, couldnt someone create a needs improvments list n put it on > like OpenBSD.org? > > Luke Small <lukensm...@gmail.com> skrev: (2 april 2017 16:54:39 CEST) >

Re: Why isn't OpenBSD in Google Summer of Code 2017?...

2017-04-05 Thread Luke Small
org <owner-m...@openbsd.org> on behalf of Bob > Beck > > <b...@obtuse.com> > > Sent: April 2, 2017 10:16:21 PM > > To: Luke Small > > Cc: openbsd-misc > > Subject: Re: Why isn't OpenBSD in Google Summer of Code 2017?... > > > > We tried it fo

I can't connect to openbsd.org in most cases.

2017-04-04 Thread Luke Small
I have an openbsd vm on a windows 7 host, windows 7 asus, iPhone, and Android phone. Only the iPhone 7+ seems to be able to connect to openbsd.org correctly without getting a https validation error. they are all going through the same wifi router. I am running firefox on everything. Safari also

Re: Why isn't OpenBSD in Google Summer of Code 2017?...

2017-04-02 Thread Luke Small
p especially if it > was a group effort/friendly competition. > > > From: owner-m...@openbsd.org <owner-m...@openbsd.org> on behalf of Bob > Beck <b...@obtuse.com> > Sent: April 2, 2017 10:16:21 PM > To: Luke Small > Cc: openbsd

Re: Topics for revised PF and networking tutorial

2017-04-02 Thread Luke Small
It might be a fun idea to share what a really locked down desktop system pf.conf would look like like if you are running a chain of DNS services (or something that would be good to tightly control) like local ntpd, unbound, and dnscrypt_proxy where you have local traffic locked down as well so

Why isn't OpenBSD in Google Summer of Code 2017?...

2017-04-02 Thread Luke Small

Is there something to replace zaurus?

2017-03-29 Thread Luke Small
I thought I read that there is an arm7 based mobile device, but I can't find anything about it.

Re: For the super paranoid

2017-03-11 Thread Luke Small
are.intel.com/en-us/blogs/2016/02/26/memory-encryption-an-intel-sgx-underpinning-technology > > The Intel SGX Memory Encryption Engine: > > > You just have to ask yourself, Intel, who has the keys to the Intel ME... > Paranoia^2 > There is no perfect security, especially when on

For the super paranoid

2017-03-11 Thread Luke Small
Is there a way to encrypt memory and keep the key on the CPU like a transparent partition so that if the ram cards are physically accessed, hey can't be read? Is it reasonable?

make pf allow out on lo per user

2017-01-24 Thread Luke Small
if I have: "pass out quick on lo0 from self port 6379 to \ any user luke block out quick on lo0 from self port 6379 to any pass quick on lo0 from any to any" a local connection to port 6379 will go to the last rule... isn't this a useful feature to allow one of the first two rules to take

Re: Pf on lo0

2017-01-18 Thread Luke Small
ut quick on lo0 inet proto udp from 127.0.0.1 port = 6380 to any label "Rule 1h" [ Evaluations: 0 Packets: 0 Bytes: 0States: 0 ] [ Inserted: uid 0 pid 89214 State Creations: 0 ] @28 block drop out quick on lo0 inet proto udp from 10.0.2.15 port = 638

Re: Pf on lo0

2017-01-17 Thread Luke Small
It doesn't. The "pass in quick on lo0 proto {tcp,udp}from any port 6379 to self port 6379 user luke" works. On Mon, Jan 16, 2017, 23:48 Sebastien Marie <sema...@online.fr> wrote: > On Mon, Jan 16, 2017 at 11:04:48PM +, Luke Small wrote: > > I'm trying to have pf

Pf on lo0

2017-01-16 Thread Luke Small
I'm trying to have pf limit sending TCP packets over lo0 from a specific user. I made some rules, but they seem to be ignored when I check on pfctl -vvvs rules it goes to the default lo0 pass rule: "pass out quick on lo0 proto { tcp, udp } from self port 6379 to any port 6379 user luke" and "block

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

2017-01-05 Thread Luke Small
You could possibly make a separate "event" or "wait" pledge to register new events or NOTE_EXIT calls, but I suspect that that would complicate things, making the large presumption that that could be desired. On Thu, Jan 5, 2017, 15:42 Theo de Raadt wrote: > > I imagine

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

2017-01-05 Thread Luke Small
Registering a EVFILT_PROC, NOTE_EXIT kevent requires proc On Thu, Jan 5, 2017, 15:25 Ted Unangst <t...@tedunangst.com> wrote: > Theo de Raadt wrote: > > > Luke Small wrote: > > > > What if I want to prevent a process from forking while I want to > create ne

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

2017-01-05 Thread Luke Small
ose it may be difficult to turn back now after pledging so much in a certain way. On Thu, Jan 5, 2017, 14:41 Ted Unangst <t...@tedunangst.com> wrote: Luke Small wrote: > What if I want to prevent a process from forking while I want to create new > EVFILT_PROC events? Say, to accept the pid

Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

2017-01-05 Thread Luke Small
What if I want to prevent a process from forking while I want to create new EVFILT_PROC events? Say, to accept the pid of a sibling fork from a pipe and load it into a kqueue. Is there a reason why waitpid() isn't beholden to this, or is there a reason that EVFILT_PROC is?

fresh install to i386 kde4 only has UTC on clock...

2016-10-08 Thread Luke Small

odd microsoft mouse mappings

2016-10-08 Thread Luke Small
Can I change usbhidctrl to change how it is mapped. the middle scroll moves the mouse up. the left-right movement on the mouse works, but the up and down seems to right click. I don't know what the rest does.

Re: might it be better to have three paths lists

2016-09-03 Thread Luke Small
, 04:41 ludovic coues <cou...@gmail.com> wrote: > 2016-09-03 11:04 GMT+02:00 Luke Small <lukensm...@gmail.com>: > > > > > > Sorry I was in the middle of something, but pledge can be a broad brush, > > unless you are dealing with one file, whether it is execut

Re: might it be better to have three paths lists

2016-09-03 Thread Luke Small
wrote: > What is the use case ? > > 2016-09-03 4:15 GMT+02:00 Luke Small <lukensm...@gmail.com>: > > wouldn't it be more secure to have a write, read, and execute capable > paths > > lists in pledge() > > > > > > -- > > Cordialement, Coues Ludovic > +336 148 743 42

might it be better to have three paths lists

2016-09-02 Thread Luke Small
wouldn't it be more secure to have a write, read, and execute capable paths lists in pledge()

  1   2   >