Re: Release schedule/general product engineering

2021-04-22 Thread Martin Schröder
Am Do., 22. Apr. 2021 um 09:28 Uhr schrieb Andrew Grillet
:
> I wanted to know approximately when the next release would be available

http://www.openbsd.org/faq/faq1.html#WhatIs

"The OpenBSD team makes a new release approximately every six months,
with the target release dates in May and November."

Best
Martin



Re: Impact of 002_icmp6.patch

2020-10-30 Thread Martin Schröder
Am Fr., 30. Okt. 2020 um 13:36 Uhr schrieb Florian Obser :
> On Fri, Oct 30, 2020 at 11:58:41AM +0100, Martin Schröder wrote:
> > I'd much prefer that the project adopted a" v6 first, vintage ip
> > second" approach.
> > But I'm not a dev.
>
> ... you are saying if you were a dev things would be better?

Now who's putting words in whose mouth? :-)

I respect your decisions. And since I'm not a dev, my words don't
carry much value here.

> Thanks for ignoring all the hard work we put into making IPv6 better
> in OpenBSD.

I'm not. Thanks for your work.

Best
Martin



Re: Impact of 002_icmp6.patch

2020-10-30 Thread Martin Schröder
Am Fr., 30. Okt. 2020 um 11:54 Uhr schrieb Denis Fondras :
> Please, fix your tweet. The default install answer for IPv6 is 'none'.

This borders on "switch off v6 for security reasons", which would be just wrong.

I'd much prefer that the project adopted a" v6 first, vintage ip
second" approach.
But I'm not a dev.

Best
Martin



Re: It's been awhile

2020-06-17 Thread Martin Schröder
Am Mi., 17. Juni 2020 um 17:06 Uhr schrieb Rasmus Liland :
> Try to buy sticker_40_w for 7€ from here:
> https://kd85.com/notforsale.html

Note that the project will probably get no money from that site.
If you want more context, search the list.

Best
Martin



Re: How do I set up a Wi-Fi access point (using APU2)?

2020-06-05 Thread Martin Schröder
Am Fr., 5. Juni 2020 um 19:14 Uhr schrieb infoomatic :
> it seems you skipped the firewall part of the document you were
> referring, you need NAT connections.

Or you do IPv6 instead of vintage-IP.

Best
Martin



Re: Filling a 4TB Disk with Random Data

2020-06-05 Thread Martin Schröder
Am Fr., 5. Juni 2020 um 09:21 Uhr schrieb Roderick :
> Is not there a SCSI command "sanitize" for that?

Secure erase: 
https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security

Or you encrypt your device and throw away the key.

Best
Martin



/bsd: atascsi_passthru_done, timeout

2020-06-01 Thread Martin Schröder
Hi,
my firewall (APU2 with 6.7) shows this in messages ca. every other day.

smartctl shows the only disc is healthy, system is behaving fine.
Should I be worried?

dmesg is at https://paste.opensuse.org/11922555

Best
Martin



Re: Convert ffs1 to ffs2?

2020-05-20 Thread Martin Schröder
Am Mi., 20. Mai 2020 um 11:41 Uhr schrieb Михаил Попов :
> What is the best method to harden OpenBSD in a diskless mode?

Manually converting the fs to FFS2 using ed. That's what you are
interested in, right?



Re: More than 16 partitions

2020-04-23 Thread Martin Schröder
Am Do., 23. Apr. 2020 um 21:31 Uhr schrieb :
> No problem. Would it be too crude a suggestion that we go back to the
> content now...?

You didn't provide any patch.



Re: Wine for OpenBSD?

2020-04-11 Thread Martin Schröder
Am Sa., 11. Apr. 2020 um 13:19 Uhr schrieb Nikita Stepanov
:
> Wine for OpenBSD?

Your patch?



Re: FreeBSD daemon(8)-like command for OpenBSD

2020-01-30 Thread Martin Schröder
Am Do., 30. Jan. 2020 um 21:06 Uhr schrieb Patrick Kristiansen
:
> The process I need to run is written in Clojure and thus runs on the
> Java Virtual Machine. Do you have any suggestions on how to best go
> about making it "daemon-like"? I am not sure that I can call unveil(2),

There is jsvc/apache commons daemon.
Don't know how good that works on OpenBSD, though.

Best
Martin



Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

2019-12-30 Thread Martin Schröder
Am Di., 31. Dez. 2019 um 01:08 Uhr schrieb :
> Would it be desirable for the OpenBSD project to replace Perl with Lua
> in the base system? A smaller base afforded to by Lua will reduce the

IMNSHO no.

You are welcome to fork your OpenLuaBSD project, though.

Looking forward to your first release.

Best
Martin



Re: Tape drive

2019-11-17 Thread Martin Schröder
Am So., 17. Nov. 2019 um 23:56 Uhr schrieb Pietro Paolini
:
> OpenBSD .my.domain 6.3 GENERIC.MP#9 amd64

Not supported anymore; upgrade to at least 6.5

Best
Martin



Re: Tools for writers

2019-11-06 Thread Martin Schröder
Am Sa., 2. Nov. 2019 um 16:06 Uhr schrieb Oliver Leaver-Smith
:
> What tools do people find useful for writing on OpenBSD? By writing I mean 
> long form such as novels and technical books, including plot and character 
> development, outlining, and formatting for publishing (not all the same 
> application necessarily)

Some writers swear on Scrivener. It's proprietary and Mac/Win only, though.

Best
Martin



Re: Tools for writers

2019-11-05 Thread Martin Schröder
Am Mo., 4. Nov. 2019 um 09:39 Uhr schrieb Roderick :
> TeX produces dvi, a well documented and simple page description language.
> Then it is transformed to postscript or pdf.

Nope. pdfTeX was developed 25 years ago, LuaTeX 12 years ago. Both
write PDF directly.

Best
Martin



Re: IPv4 & IPv6 CIDR subnet calculator

2019-09-25 Thread Martin Schröder
Am Mi., 25. Sept. 2019 um 13:16 Uhr schrieb Mark Jamsek :
> Or use the -6 switch for IPv6 addresses:

Please make v6 the default and Vintage-IP available via -4. It's 2019 after all.

Best
Martin



Re: Prometheus node_exporter on OpenBSD - anyone managed ?

2019-09-20 Thread Martin Schröder
Am Fr., 20. Sept. 2019 um 10:36 Uhr schrieb Rachel Roch :
> pkg_add node_exporter ?

It's in current so 6.6 will have it.

Best
   Martin



want.html reachable from homepage?

2018-08-28 Thread Martin Schröder
Hi,
is there a clickpath from www.openbsd.org to want.html?

I had to use Google to find the page.

Best
Martin



Re: ISDN Card /PRI Card support on OpenBSD

2018-07-11 Thread Martin Schröder
2018-07-11 21:30 GMT+02:00 Paul de Weerd :
> Eicon was the brand, DIVA the model of one particular example I've
> actually had the "pleasure" of working with.  You can still find
> references on the web.  The web 1.0, that is.
>
> Now if you could get those to work using ppp, I have no clue.  But I
> think it's your best bet if you want to use your ISDN connectivity on
> OpenBSD in 2018 (which you don't).

I would try our an ISDN to USB adapter.
Or a Cisco 876, which seems to do ISDN to Ethernet. :-)

Best
   Martin



Re: ISDN Card /PRI Card support on OpenBSD

2018-07-11 Thread Martin Schröder
2018-07-11 18:48 GMT+02:00 Christian Weisgerber :
> (Once upon a time there was something called isdn4bsd, but I don't
> think it was ever officially integrated into OpenBSD, and that's
> from, oh, twenty years ago.)

IIRC it was one of the reasons for the start of MirBSD (which did ISDN).

Best
   Martin



Re: Date of yesterday

2018-04-09 Thread Martin Schröder
2018-04-09 20:58 GMT+02:00 Stephane HUC "PengouinBSD" :
> get the current timestamp, subtracting 86400 seconds is not reliable to
> get yesterday's date to the nearest second?

Did they teach leap seconds in your school yet?

Best
Martin



Re: UNIX Stackexchange - Community Promotion Ads - 2018

2018-02-25 Thread Martin Schröder
2018-02-25 18:29 GMT+01:00 Ingo Schwarze :
>  And no, i'm not going to create an account on some
> random site just for such a petty thing.

Stackoverflow is "some random website". :-)

Thanks. YMMD.

Best
Martin



Re: NAT for dual-WAN with public and private LAN

2018-02-19 Thread Martin Schröder
2018-02-17 15:08 GMT+01:00 miraculli . :
> I just got an second ADSL-uplink installed and now I try to reconfigure my
> pf.conf to load-balance NAT over both connections.

Just a reminder: NAT is not security and IPv6 should be the default.

https://youtu.be/v26BAlfWBm8

Best
Martin



Re: For a FFS on an SSD, which of "-o" nil, "sync" &/ "softdep" is more data-safe and fast?

2018-02-10 Thread Martin Schröder
2018-02-10 7:28 GMT+01:00 Rupert Gallagher :
> The only problem I've encountered is rsync unable to preserve the original 
> time of files: copied files have the time of the copy.

man rsync

-t, --times preserve modification times

You want
-a, --archive   archive mode; equals -rlptgoD (no -H,-A,-X)

Best
Martin



Re: [OT] how secure is 2 factor auth with a smartphone?

2017-12-14 Thread Martin Schröder
2017-12-14 3:16 GMT+01:00 Alceu Rodrigues de Freitas Junior
:
> What do you guys think about? Do you agree with the article author opinion?

It's probably more secure than your typical RSA token, which had
numerous security issues (including opening up the seeds!) in the last
years.

Best
   Martin



Re: Chip cheaper than chips

2017-12-04 Thread Martin Schröder
2017-12-04 11:05 GMT+01:00 Kevin Chadwick :
> dealing with Intel ME or AMD Ryzens bloat. Should I wait for everything
> to be ported to RISC and hope it is as stable and secure or wait for an
> ARM CISC chip, which probably won't happen?

I'll bite: Patches for a RISC-V port would probably be welcome.



Re: Any advice on a dedicated remote access server

2017-11-23 Thread Martin Schröder
2017-11-23 5:26 GMT+01:00  :
> https://www.soyoustart.com/us/essential-servers/

IPv4 only.



Re: OpenBSD 6.1 Release Notes

2017-04-19 Thread Martin Schröder
2017-04-19 21:00 GMT+02:00  :
> I'd like to help write them! What's your process/format for doing so?
>
> - Sent from Outlook for Android

Hint: It uses OpenBSD



Re: Why isn't OpenBSD in Google Summer of Code 2017?...

2017-04-05 Thread Martin Schröder
2017-04-05 22:55 GMT+02:00 Flipchan :
> Ping Theo, couldnt someone create a needs improvments list n put it on like
> OpenBSD.org?

No. You've got an itch to scratch, fix that.

Best
   Martin



Re: Is randomizing UID/GUID would make sense?

2017-01-23 Thread Martin Schröder
2017-01-23 15:37 GMT+01:00 andrew fabbro <and...@fabbro.org>:
> On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder <mar...@oneiros.de>
wrote:
>> 2017-01-20 8:43 GMT+01:00 minek van <minek...@mail.com>:
>> > Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it
>> > only do pain?
>>
>> Yes.
>
> Not sure about that...it would certainly be a headache to change UIDs/GIDs
> if you already have them in place, but for setting up a new server/new
> accounts, nfs doesn't care what number you are (well, 0 excepted).  Whether
> the algorithm is "last used +1" or arc4random, you have the same
> sync/directory problems regardless.  That's for user accounts...service
> accounts might need a bit more thought.

And what if my UID/GUIDs are random on every host and server? Would
nfs handle that?

Best
   Martin



Re: Is randomizing UID/GUID would make sense?

2017-01-20 Thread Martin Schröder
2017-01-20 8:43 GMT+01:00 minek van :
> Could it bring more security if the UIDs/GUIDs would be random?

Why? What's the attack you want to defend against?

> Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it only 
> do pain?

Yes.



Re: OpenJDK and support for JCE Unlimited Strength Jurisdiction Policy

2016-12-14 Thread Martin Schröder
2016-12-14 14:09 GMT+01:00 Rubén Llorente :
> I used to think that OpenJDK already included the Unlimited Strength
Policies,
> so this is a bit confusing.

http://stackoverflow.com/q/1179672/821436 :-)

Best
   Martin



Re: Dell R930 server

2016-11-09 Thread Martin Schröder
2016-11-09 9:06 GMT+01:00 ludovic coues :
> I would say big data.
>
> Stackexchange have a pair of SQL Server, with 384Go of memory for
> stackoverflow and 768 for everything else, a Redis server with 256, a
> server for elasticsearch with 192 and same quantity for an HAProxy
> server.

None of this is the domain of OpenBSD and nobody in his right mind
wants to run Stackexchange on OpenBSD.

Or are you suggesting that SAP should port HANA to OpenBSD?

Best
   Martin



Re: OT: shell / terminal / console / tty / cua / getty

2016-10-21 Thread Martin Schröder
2016-10-21 12:04 GMT+02:00 Mihai Popescu :
> terminal: physical stuff, keyboard + screen + serial port for
> mainframe connection

Relevant: https://www.jwz.org/blog/2016/10/export-termaaa-60/

> enough. Also a link or a book indication for all this stuff will be
> fine.

We have man pages and wikipedia exists. :-)

Best
   Martin



Re: 4th nic for pcengines apu2

2016-10-19 Thread Martin Schröder
2016-10-19 14:24 GMT+02:00 Marko Cupać :
> Any other words of wisdom regarding my idea?

Safe yourself the trouble and get a similar machine with more NICs,
e.g. from Lanner.

Best
   Martin



Re: ARM64:s finally on the market, and flooding it. OpenBSD support?

2016-09-22 Thread Martin Schröder
2016-09-22 13:51 GMT+02:00 Tinker :
> What about running OpenBSD on these, do you have any idea when this should
> be possible?

https://www.openbsd.org/armv7.html
"A mailing list for ARM-based ports is available at a...@openbsd.org."

The devs are looking forward to getting the boards you are sending them.

Best
   Martin



Re: DigitalOcean and OpenBSD

2016-08-24 Thread Martin Schröder
2016-08-24 21:50 GMT+02:00  <li...@wrant.com>:
> Wed, 24 Aug 2016 20:37:22 +0200 Martin Schröder <mar...@oneiros.de>
>> You're not helping.
>>
> Neither are you, of course, needless to say.  Because you just won't get

Did you actually read his first mail? Do again and try to understand it.
Since you have no actual experience with DIgitalOcean and OpenBSD, you
should not have answered.

You don't have to prove that he is wrong, you know.



Re: DigitalOcean and OpenBSD

2016-08-24 Thread Martin Schröder
2016-08-24 16:48 GMT+02:00  :
> You did not provide any sensible detail, so consider this guess work.

You're not helping.



Re: LibreSSL on old OpenBSD

2016-08-13 Thread Martin Schröder
2016-08-12 23:28 GMT+02:00 Philip Guenther :
> Yes, the previous situation with  and 
> was confusing (code was including the wrong header and not getting the

Thanks. Finally an answer after days of shouting.

Best
   Martin



Re: Question about NTP server

2016-06-30 Thread Martin Schröder
2016-06-30 21:24 GMT+02:00 Leonardo Santagostini :
> 1) Is there some calculus for making those ntp boxes efficient in terms of
> not overstate (sorry, but english is not my mothers tongue) or right size
> the hardware.

A Rasberry Pi would suffice (but it's not supported by OpenBSD).
Any old server you have lying around will be more than enough.

> 2) Im wondering also to set up this boxes virtualized using KVM. I know
> that using RTC its a really pain in the ass, but maybe you can give me some
> advice for this config.

Don't virtualize your ntp servers.

Best
   Martin



Re: TLS now supported on openbsd.org?

2016-05-09 Thread Martin Schröder
2016-05-09 18:57 GMT+02:00  :
> - I don't know in modern browsers, but Links 2.12 say that the
> certificate is not valid. It's just old browsers, or firefox also
> have this same problem?

All's good. See
https://www.ssllabs.com/ssltest/analyze.html?viaform=on=www.openbsd.org



Re: openbsd.org, openssh.com server(s) down

2016-03-15 Thread Martin Schröder
2016-03-15 14:31 GMT+01:00 Rudolf Sykora :
> is it only I who cannot connect to either
> of openbsd.org and openssh.com, or

Nope.
http://www.downforeveryoneorjustme.com/openbsd.org

Best
   Martin



Re: Small FW boxes for CORP use (was: T40E APU?)

2016-03-11 Thread Martin Schröder
2016-03-11 22:42 GMT+01:00 Alan McKay :
> Ideally I'd like to get a redundant pair of FWs in 1U.
> But I need 4 NICs on each as a bare min.

Lanner FW-7525

Best
   Martin



Re: What hardware spec would I need to push 20 gigabit of network traffic on an OpenBSD server?

2015-10-27 Thread Martin Schröder
2015-10-27 20:24 GMT+01:00 Adam Thompson :
> You talk about storing the data - *writing* data to disk at 10Gbps
> (sustained) is currently in the realm of high-energy physics, with
> multi-million-dollar budgets for the storage arrays.  A 7200rpm disk can

And then there are SSDs. PCIE SSDs do up to 3000 MB/s write throughput.
https://www-ssl.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-dc-p3608-series.html

And I'm sure there are tape libraries that can write that, too. :-)

Best
   Martin



Re: Recommended Industrial PCs?

2015-08-27 Thread Martin Schröder
2015-08-27 12:26 GMT+02:00 Martin Haufschild martin.haufsch...@uni-rostock.de:
 I forgot to say that we are looking for a fanless IPC.

You forgot to say a lot of things...

E.g. how fast will your communication line be? 1kb or 100gb?

Best
   Martin



Re: Firewall question: is using a NIC with multiple jacks considered insecure?

2015-07-27 Thread Martin Schröder
2015-07-27 11:46 GMT+02:00 Quartz qua...@sneakertech.com:
 turning out rather difficult to find a case that's small enough to fit. I'd
 really like to use an itx system with multiple onboard ethernet jacks and
 cram it into something like a MiniBox M350 or Antec ISK110, but I'm not sure

A Lanner FW7525 or even an Alix APU don't seem to be much larger...

Best
   Martin



Re: Blob-free OpenBSD kernel needed

2015-06-09 Thread Martin Schröder
2015-06-09 18:48 GMT+02:00 Elias Diem li...@webconect.ch:
 I just wonder: Is there really such microcode available that
 is open source?

No.



Re: Robustness in ports fetch program?

2015-05-17 Thread Martin Schröder
2015-05-17 14:18 GMT+02:00 Alan Corey alan01...@gmail.com:
 I don't think it did this back in 5.0 days or maybe earlier.  I started
 with OpenBSD 2.7, I just usually attributed problems to being my fault.
 And I've always used the ports tree, not packages. Distfiles are often
 useful across OpenBSD versions, sometimes in FreeBSD, I've even built some
 under Linux.

 I didn't look at what FETCH_CMD was defined as by default, I just assumed
 defining something non-null changed it.  I did notice that when it retries
 it's wrongly assumed there's a problem with the first source and gone to
 another.

 Does every developer have perfect internet?  That's very frustrating, maybe
 counterproductive in testing.  Try a modem, you can probably find a free
 one.  Connection interruptions and resets happen many times a day.
 On May 17, 2015 1:22 AM, Marc Espie es...@nerim.net wrote:

 On Sat, May 16, 2015 at 10:31:24PM -0400, Alan Corey wrote:
  I'd seen this happen in 5.6 too, but I just caught an example of it in
  5.7.  My connection leaves a lot to be desired, but there's nothing I
  can do about that.  I normally have FETCH_CMD set to use wget once I
  get it installed but this was in doing a standard make install of a
  port.
 
  The first time the connection gets interrupted, but something thinks
  it should be done and checks the size.  That's wrong so it downloads
  it over again instead of just resuming the download.  It should only
  download it over again if the size matches but the CRC is wrong.
  Seems like anyway.
 
  ===  Verifying install for tcl-8.5.16 in lang/tcl/8.5
  ===  Checking files for tcl-8.5.16p0
   Fetch
   http://downloads.sourceforge.net/sourceforge/tcl/tcl8.5.16-src.tar.gz
  tcl8.5.16-src.tar.gz  60% |*|  2696 KB
 00:00
   Size does not match for tcl8.5.16-src.tar.gz
   Fetch
 http://ftp.openbsd.org/pub/OpenBSD/distfiles//tcl8.5.16-src.tar.gz
  tcl8.5.16-src.tar.gz  23% |**   |  1024 KB
 00:03 ETA

 The problem lies in ftp(1).

 Logic in the ports tree is fine. But there's nothing it can do there:
 somehow
 your ftp returns 0 (e.g., success), so the partial file gets removed.

 If you want to get it fixed, you may have to provide more input, as we
 obviously do not see that problem... First thing would be to override
 FETCH_CMD to remove the -V, so that you can show us what ftp says about
 things.  Tracing the code thru the program would help.



Re: my experience with openbsdstore.com

2015-04-12 Thread Martin Schröder
2015-04-12 20:12 GMT+02:00 Jason Adams adams...@gmail.com:
 On 04/11/2015 06:01 AM, IMAP List Administration wrote:
 The trouble began immediately. I chose electronic wire transfer as the 
 payment
 method,

 Its not 1929 any more. I'm utterly suprised the store still offers
 wire transfer.

Not everyone lives in a country that still believes mailing paper
scraps is the best way to transfer money.

In Europe electronic transfer is the norm. It's fast and cheap (note:
In the EU an electronic transfer in Euros across countries MAY NOT
cost more than a national transfer - which often is free. And if one
party is in a non-Euro country (like the UK) no exchange cost will be
added).

https://en.wikipedia.org/wiki/Wire_transfer#Regulation_and_price

Best
   Martin



Re: my experience with openbsdstore.com

2015-04-11 Thread Martin Schröder
2015-04-11 17:08 GMT+02:00 Bernd Schoeller ber...@fams.de:
 As a little defence to the OpenBSD store guys: the banking system in the UK
 is by far the crappiest I have seen in whole of Europe. The banks are all

Small wonder since Airstrip One seems to believe it's not in Europe.

Maybe the OpenBSD store should move to Europe proper.

Best
   Martin



Re: Exploiting PCI-based DMA in OpenBSD

2015-04-04 Thread Martin Schröder
2015-04-04 13:08 GMT+02:00 Артур Истомин art.is...@yandex.ru:
 https://github.com/carmaa/inception/blob/master/README.md

 Is OpenBSD susceptible to this attack? I mean not tool themself,
 I mean vector of attack.

There is no Firewrire support in OpenBSD, so no.
Btw: This is old news.



Re: Executable signing - a proposal

2015-03-31 Thread Martin Schröder
2015-03-31 9:52 GMT+02:00 Gareth Nelson gar...@garethnelson.com:
 2 - All executables on the system must be signed with that public key
 3 - Any executable not signed is essentially chmod -x

How does this help with interpreted code (e.g. shell, perl, python, java)?

Best
   Martin



Re: Very-small fully-functional systems?

2015-03-09 Thread Martin Schröder
2015-03-09 9:35 GMT+01:00 Alexandre Ratchov a...@caoua.org:
 The RasberyPi is said (search linux audio lists) to be unusable
 because of the poor quality hardware.

There's additional hardware that is said to work quite well:
https://www.hifiberry.com/

Best
   Martin



Re: CPU criteria for OpenBSD firewall

2015-02-19 Thread Martin Schröder
2015-02-19 10:58 GMT+01:00 Alexander Salmin alexan...@salmin.biz:
 Good luck, when you have time I also recommend that you read this.
 https://calomel.org/network_performance.html

The consensus here seems to be to warn against any tweaks etc. by calomel.



Re: CPU criteria for OpenBSD firewall

2015-02-19 Thread Martin Schröder
2015-02-19 16:33 GMT+01:00 Dmitrij D. Czarkoff czark...@gmail.com:
 It would be nice if someone with expertise could write a detailed
 explanation of the issues with that article...

Thou art not supposed to twiddle with your config.



Re: FAQ: My mission is to make it up into /src/lib/libssl/...

2015-01-11 Thread Martin Schröder
2015-01-11 22:39 GMT+01:00 David Christensen dpchr...@holgerdanske.com:
 Is this a statement by the OpenBSD project, or has the page been defaced?

It's intentional:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/www/faq/index.html.diff?r1=1.374r2=1.375

Best
   Martin



Re: OpenBSD projects

2014-12-26 Thread Martin Schröder
2014-12-26 18:42 GMT+01:00, jungle Boogie jungleboog...@gmail.com:
 Here's a list of projects that I'm aware of that openBSD created. Is
 that correct? (p) is for portable. What else am I missing?

opencvs

Best
Martin



Re: OpenBSD Trademark Policy

2014-12-07 Thread Martin Schröder
2014-12-06 9:45 GMT+01:00 Riley Baird
bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch:
 I have a few questions about OpenBSD's trademark policy. (I tried
 looking, but I couldn't find a document.)

Is OpenBSD actually a registered trademark? The USPTO doesn't list it.
FreeBSD is, though.

Best
   Martin



Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)

2014-12-03 Thread Martin Schröder
2014-12-03 18:49 GMT+01:00 Alan McKay alan.mc...@gmail.com:
 Does anyone know of a similar device with 2 NICs that might be
 suitable as a home firewall?

Yes. There are archives of this list.



Re: 64-bit amd64 : actual memory limitations?

2014-10-26 Thread Martin Schröder
2014-10-26 20:02 GMT+01:00 Mayuresh Kathe mayur...@devio.us:
 64-bit supposedly supports upto 16 exabytes of memory ('ram').

Current hardware supports only 2^48...

https://en.wikipedia.org/wiki/X86-64#Physical_address_space_details

Best
   Martin



Re: Wireless PCIe (Host AP mode) recommendations

2014-10-26 Thread Martin Schröder
2014-10-26 22:31 GMT+01:00 Gordon Turner tur...@ftn.net:
 Rosewill RNX-G300LX
 (http://www.newegg.ca/Product/Product.aspx?Item=N82E16833166021)
 - Up to 54Mbps
 - Chipset RaLink RT2561/RT61
 - Supported by ral
 http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ral.4?query=ralsec=4

That's PCI, not PCIe.

Best
   Martin



Re: 64-bit amd64 : actual memory limitations?

2014-10-26 Thread Martin Schröder
2014-10-27 1:56 GMT+01:00 Mayuresh Kathe mayur...@devio.us:
 if the intended application actually requires larger memory to be
 accessible, would it be better to go for a non-x86-64 64-bit hardware?

256TB (2^48) should be good enough till 2020.



Re: 64-bit amd64 : actual memory limitations?

2014-10-26 Thread Martin Schröder
2014-10-27 3:37 GMT+01:00 Mayuresh Kathe mayur...@devio.us:
 From owner-misc+m143...@openbsd.org  Sun Oct 26 22:22:57 2014

Fix your mail client, please.

 256TB (2^48) should be good enough till 2020.

 it is for a lot of records (data-sets) to held in memory instead
 of approaching the disk every time that data is requested.
 the use-case is primarily for financial system, but, will also
 hold 'gis' data going forward.
 the owner of the system isn't rich enough to afford an 'ibm'
 mainframe, hence a unix based system written in c89 under openbsd.
 i am just the adviser/consultant. :)

Then think a second about how large 256 TB are. And how long your
machine will need to load 256 TB of data. And what 256 TB of RAM will
cost.

Today we see machines with 2TB.

SGI UV 2000 goes up to 64TB with 256 CPUs. I seriously doubt that we
will see OpenBSD in production on these machines. :-)

What exactly is your application?

Best
   Martin



Re: libressl

2014-10-22 Thread Martin Schröder
2014-10-22 16:33 GMT+02:00 Gregory Edigarov ediga...@qarea.com:
 openssl(1) is? For example ressl(1) would be the new high level interface
 with very few selected frequently used  functions, and openssl(1) with low
 level interface as it is  now

http://www.openbsd.org/papers/eurobsdcon2014-libressl.html

Best
   Martin



Re: Shadow TCP stacks

2014-10-17 Thread Martin Schröder
2014-10-17 10:24 GMT+02:00 Bret Lambert bret.lamb...@gmail.com:
 On Thu, Oct 16, 2014 at 02:48:22PM +0200, Martin Schr??der wrote:
 The impossibility to scan for services - which the NSA/GHCQ/... do.

 It's a good thing that traffic analysis isn't a thing, then. Otherwise
 they'd be able to check if traffic purporting to go to port 80/443
 doesn't look like HTTP traffic, or something.

That's not the scenario here. The scenario is defense against port scans.

You look like a fool who hasn't read the original paper.



Re: Shadow TCP stacks

2014-10-17 Thread Martin Schröder
2014-10-17 20:49 GMT+02:00 Bret Lambert bret.lamb...@gmail.com:
 Well, if, as Herr Schroeder seems to be implying, this is used to
 avoid port scans, I'd look for traffic to/from address:port which
 don't show up on scans.

That's certainly possible but more expensive than find all ssh servers.

Best
   Martin



Re: Shadow TCP stacks

2014-10-16 Thread Martin Schröder
2014-10-16 13:16 GMT+02:00 Kevin Chadwick ma1l1i...@yahoo.co.uk:
 I still don't see the benefit though but do see added complexity or
 more code to audit.

 Reducing DDOS against a visible SSH service maybe? Reduce password
 attempts on your logs allowing them to go after targets that might
 actually use passwords (port change also works there, I find)?

The impossibility to scan for services - which the NSA/GHCQ/... do.

Best
   Martin



Re: [Bulk] Re: Shadow TCP stacks

2014-10-15 Thread Martin Schröder
2014-10-16 2:22 GMT+02:00 Ian Grant ian.a.n.gr...@googlemail.com:
 Perhaps I have missed something but if you have a ssh tunnel or
 something then just put that in front of the service without increasing

 Moved to misc.

 Yes, you missed something: the point :-)

 The idea is that the existence of this entire 'ultranet' is
 undetectable by even someone snooping all national traffic. So a TCP
 port 80 connection looks to the snooper _exactly_ like an HTTP
 connection handshake. Only the ISN and the source address mark the

Or a service on a port is invisible unless a magic SYN packet appears.

Best
   Martin



Re: openbsdstore: enable javascript and buy something or gtfo

2014-10-03 Thread Martin Schröder
2014-10-03 16:09 GMT+02:00  david...@ling.ohio-state.edu:
 Strangely enough, this doesn't incline me to enable javascript.

Why?

Don't you trust the store?



Re: How to follow -stable and verify it with signify?

2014-10-01 Thread Martin Schröder
2014-10-01 3:02 GMT+02:00 Giancarlo Razzolini grazzol...@gmail.com:
 OpenBSD do not have any secure way to get things.

Buy a CD. If you don't trust the shop, have it somehow signed by a dev.

Best
   Martin



Re: OpenBSD 5.5: question regarding pf syntax

2014-09-28 Thread Martin Schröder
2014-09-28 22:49 GMT+02:00 Jack Woehr jwo...@softwoehr.com:
 BTW 3rd edition about to be released.

The ebook _has_ been released. :-)

Best
   Martin



Re: rsync -a doesnt keep owner and permissions

2014-08-21 Thread Martin Schröder
2014-08-21 8:47 GMT+02:00 Markus Rosjat ros...@ghweb.de:
 Just a short heads up how I did it now and you guys might want to share your
 opinion on the security with this scenario.

 maschine A (from were I want to pull files):
 - root cant login over ssh
 - sync user can only connect with auth key and from host B
 - sync user is allowed to run rsync without pw (sudoer file)

The setup I use
- a separate non-privileged user
- a forced command (via the ssh key without password) to a script that
  checks the incoming command and then calls sudo rsync

So someone controlling machine B can _read_ everything, but write
nothing.

Best
   Martin

#!/usr/bin/env bash
# $Id: rrsync.sh,v 1.3 2007/07/01 12:40:14 remote-backup Exp $
case $SSH_ORIGINAL_COMMAND in
  *rsync --server --sender*)
logger -t rrsync $SSH_ORIGINAL_COMMAND
sudo $SSH_ORIGINAL_COMMAND
;;
  *)
echo Sorry, command rejected
exit 1
;;
esac
# vim: syntax=csh



Re: PDF FAQ [Was: Donations to OpenBSD]

2014-08-18 Thread Martin Schröder
2014-08-18 0:22 GMT+02:00 Joel Rees joel.r...@gmail.com:
 But they own the format, and 3rd party cleanroom implementations still have

No. ISO does this 2007.

Best
   Martin



Re: [Bulk] Re: Donations to OpenBSD

2014-08-14 Thread Martin Schröder
2014-08-14 19:13 GMT+02:00 Theo de Raadt dera...@cvs.openbsd.org:
 Which then get shared, and reproduced by any asshole company on the
 net, much like ixsoft.de has been doing for years?

?
ixsoft.de is still listed as reseller on http://www.openbsd.org/orders.html

Did I miss something?

Best
   Martin



Re: OpenBSD 5.5 on mSATA SSD unit in PC Engines APU.1C - bad dir ino 2 at offset 0: mangled entry kernel panic

2014-06-25 Thread Martin Schröder
2014-06-25 22:25 GMT+02:00 noah pugsley noah.pugs...@gmail.com:
 On Wed, Jun 25, 2014 at 9:51 AM, Chris Cappuccio ch...@nmedia.net wrote:
 That's what the thermal pads are for. Going from 6W/mK to 17W/mK will
 conduct more heat to the sink, but the sink might need to be larger
 for some situations. Also even pressure around the pads is going to be
 critical as the box's designer says.

 Perhaps a stupid question, but what about grease or a pad between the
 sink and the case?

You mean the thermal pads already deployed?



BoringSSL

2014-06-20 Thread Martin Schröder
quote src=https://www.imperialviolet.org/2014/06/20/boringssl.html;
Earlier this year, before Apple had too many goto fails and GnuTLS had
too few, before everyone learnt that TLS heart-beat messages were a
thing and that some bugs are really old, I started a tidy up of the
OpenSSL code that we use at Google.

We have used a number of patches on top of OpenSSL for many years.
Some of them have been accepted into the main OpenSSL repository, but
many of them don’t mesh with OpenSSL’s guarantee of API and ABI
stability and many of them are a little too experimental.

But as Android, Chrome and other products have started to need some
subset of these patches, things have grown very complex. The effort
involved in keeping all these patches (and there are more than 70 at
the moment) straight across multiple code bases is getting to be too
much.

So we’re switching models to one where we import changes from OpenSSL
rather than rebasing on top of them. The result of that will start to
appear in the Chromium repository soon and, over time, we hope to use
it in Android and internally too.

There are no guarantees of API or ABI stability with this code: we are
not aiming to replace OpenSSL as an open-source project. We will still
be sending them bug fixes when we find them and we will be importing
changes from upstream. Also, we will still be funding the Core
Infrastructure Initiative and the OpenBSD Foundation.

But we’ll also be more able to import changes from LibreSSL and they
are welcome to take changes from us. We have already relicensed some
of our prior contributions to OpenSSL under an ISC license at their
request and completely new code that we write will also be so
licensed.

(Note: the name is aspirational and not yet a promise.)
/quote



Re: Wrong Shutdown

2014-05-26 Thread Martin Schröder
2014-05-26 15:52 GMT+02:00 Walter Souza wsouz...@gmail.com:
 Why OpenBSD has no interest in using journal file system?

http://www.openbsd.org/faq/faq8.html#Journaling

Please read the FAQ.

Best
   Martin



Re: Linux Foundation raising money for Core Infrastructure

2014-04-24 Thread Martin Schröder
2014-04-24 15:51 GMT+02:00 Alejandro b...@b4ka.com.ar:
 hit and for other crucial software on the Internet... What are the chances
 of things like OpenSSH getting founding from them for example? (I mention

quote src=http://www.openssh.com/;
Please take note of our Who uses it page, which list just some of the
vendors who incorporate OpenSSH into their own products -- as a
critically important security / access feature -- instead of writing
their own SSH implementation or purchasing one from another vendor.
This list specifically includes companies like NetApp, NETFLIX, EMC,
Juniper, Cisco, Apple, Red Hat, and Novell; but probably includes
almost all router, switch or unix-like operating system vendors. In
the 10 years since the inception of the OpenSSH project, these
companies have contributed not even a dime of thanks in support of the
OpenSSH project (despite numerous requests).
/quote



Re: prices of cdset in eu

2014-03-03 Thread Martin Schröder
2014-03-03 22:01 GMT+01:00 Axel Scheepers axel.scheep...@xs4all.nl:
 Can anyone tell me about the difference in price regarding a cdset in EU?

 original ca $50   36.41 (CA)
 mensys eur 50,- vat incl. 60.50 (NL)
 comcol.nl same as mensys, 60,50 (NL)
 getdigital(de)39,00 (DE)
 lehmanns media39,95 (DE)

You're missing openbsd europe: ca. 40 EURO.

Best
   Martin



Re: calendar.birthday - fathers of full-beard look (Marx, Engels)

2014-02-11 Thread Martin Schröder
2014-02-10 22:04 GMT+01:00 Jiri B ji...@devio.us:
  11/26  Norbert Weiner born, 1894

s/Weiner/Wiener/

Check also March 18th.

Best
   Martin



Re: Request for Funding our Electricity

2014-01-19 Thread Martin Schröder
2014/1/19 Denis read-and-th...@yandex.ru:
 I will be first in line to pay 2x of what I am paying now to host my
 domain on OpenBSD platform in Canada, knowing that it is looked after (or at
 least periodically checked) by core developers.

You want the developers to stop developing.

 ---
 2. Security reinforcement of Sun Solaris.

 Oracle seems bleeding when it comes to get their OS over the security audit
 lines etc. If approached properly, nobody (even Oracle) should refuse paid
 help of a team of highly professional security experts, running their own
 OS for 20 years as portfolio :-)

You want the developers to stop developing OpenBSD.

Go away.



Re: Request for Funding our Electricity

2014-01-15 Thread Martin Schröder
2014/1/15 Sia Lang silverlangu...@gmail.com:
 That small donation wouldn't have amounted to much, but I am positive you
 being the leader of this project is the very reason no one wants to step up
 with serious funding.

Him being the leader is the very reason this project still exists.

Best
   Martin



Re: NSA spy catalog (was: Re: apologies for the noise (interesting article)!)

2014-01-02 Thread Martin Schröder
2014/1/1 Erling Westenvik erling.westen...@gmail.com:
 Anyway: When can we expect OpenBSD support for these devices?

When devs detect them.

Best
   Martin



Re: BackupPC

2013-12-09 Thread Martin Schröder
2013/12/9 Peter N. M. Hansteen pe...@bsdly.net:
 The only backup system I've actually ever enjoyed working with is
 Bacula (in packages, and it supports a wide range of systems,
 including the Seattle-area ones). More complicated than tar or rsync
 for sure, but it scales and is in my experience at least a very
 admin-friendly solution.

quote src=https://en.wikipedia.org/wiki/Bacula#History;
In 2010, a fork named Bareos was established, the project published
first packages in February 2013.[7] Bareos introduces many new
features and eases configuration.[8]
/quote

^7 https://www.bareos.org/en/faq/items/why_fork.html
^8 http://www.admin-magazine.com/Articles/Free-Enterprise-Backup-with-Bareos

I've used neither.

Best
   Martin



Re: Sorry OpenBSD people, been a bit busy

2013-10-08 Thread Martin Schröder
2013/10/8 Kyle R W Milz k...@getaddrinfo.net:
 I guess if the NSA has coerced with CSIS or whatever the Canadian
 equivalent is then there might be cause for worry there (quite likely as
 we parrot almost everything the US does).

YYCIX is subject to canadian laws.
It likely must have a lawful interception interface for the canadian
police/whatever.
Canada is a member of Five Eyes.

Best
   Martin



Re: How does one use adduser in OpenBSD (stuck inEnter username[] loop)?

2013-09-14 Thread Martin Schröder
2013/9/15 Jeffrey Walton noloa...@gmail.com:
 I wanted to add myself to the sudo group.

man sudo
man visudo
man adduser
man group

Best
   Martin



Re: How does one use adduser in OpenBSD (stuck inEnter username[] loop)?

2013-09-14 Thread Martin Schröder
2013/9/15 Jeffrey Walton noloa...@gmail.com:
 man visudo
 I don't know vi. I do known emacs, but its not on this system so I

Then learn it. This is unix.
You really should use visudo to edit /etc/sudoers, not an editor.

Best
   Martin

PS: su - should also work.



Re: OpenBSD crypto and NSA/Bruce Schneier

2013-09-11 Thread Martin Schröder
2013/9/11 Jiri B ji...@devio.us:
 neither I want to troll, but my curiousity is if OpenBSD devs
 follow Bruce Schneier arguments and whole topic and if they
 have done, do or will do some re-evaluation of crypto in OpenBSD
 to minimalize being vulnerable to describe attacks.

The monkeys will probably keep on masturbating. :-)

http://article.gmane.org/gmane.linux.kernel/706950

Best
 Martin



Re: OpenBSD crypto and NSA/Bruce Schneier

2013-09-11 Thread Martin Schröder
2013/9/11 Marc Espie es...@nerim.net:
 Second, low hanging fruit.

 There's so much crappy software and hardware out there that you have to be
 REALLY paranoid to think the NSA would target us. I mean, come on, there

You think openssh isn't a valuable target?
You think openbsd isn't used in commercial firewall/vpn appliances?

Think again.

Best
 Martin



Re: Some general security questions

2013-09-08 Thread Martin Schröder
2013/9/8 Petrus petr...@gmail.com:
 My third question is a little more sensitive.  I have read about claims
 in the media recently that there may not be any form of cryptography in
 existence which is unbreakable by...certain parties.  Given that I am
 less than a novice in the subject myself, I wanted to ask if there were
 any particularly robust algorithms that could be recommended for
 keeping certain files private.

https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html

Best
   Martin



Re: How to mark a block as invalid ?

2013-08-17 Thread Martin Schröder
2013/8/17 Mik J mikyde...@yahoo.fr:
 I used the badblocks utility an checked the whole disk
 and only this block number is faulty.

What do the smartmontools tell you?

 Since I believe my disk is ok

It is not. Do you have backups?

Best
   Martin



Re: Post-quantum cryptography

2013-08-10 Thread Martin Schröder
2013/8/10 Mirco Richter mirco.rich...@email.de:
 say, that from the OBSD POV, the project wants to wait until someone else
 implements such a cypher and has proofen, that the implementation is
 practically as secure as the mathematical model already predicts ?

Yes. Now show us your cypher or go away.



Re: 10GbE (Intel X540) performance on OpenBSD 5.3

2013-08-07 Thread Martin Schröder
2013/8/7 Maxim Khitrov m...@mxcrypt.com:
 I've read the Network Tuning and Performance Guide @ calomel.org,

Ignore that site and search the list archives.

Best
   Martin



Re: Default software in the base

2013-07-30 Thread Martin Schröder
2013/7/30  h...@riseup.net:
 than the Apple+Google co-owned Clang stuff.

Source for that claim? All I can find is
 Copyright (c) 2007-2013 University of Illinois at Urbana-Champaign.
http://llvm.org/viewvc/llvm-project/cfe/trunk/LICENSE.TXT?revision=171342view=markup

Best
   Martin



Re: Java on OpenBSD 5.3

2013-07-19 Thread Martin Schröder
2013/7/19  openda...@hushmail.com:
 % df -h
 Filesystem SizeUsed   Avail Capacity  Mounted on
 /dev/wd0a  985M   50.8M885M 5%/
 /dev/wd0k  9.2G434M8.3G 5%/home
 /dev/wd0d  1.5G   12.0K1.5G 0%/tmp
 /dev/wd0f  1.8G404M1.3G24%/usr
 /dev/wd0g 1005M192M763M20%/usr/X11R6
 /dev/wd0h  3.7G1.8G1.7G52%/usr/local
 /dev/wd0j  2.0G2.0K1.9G 0%/usr/obj
 /dev/wd0i  1.3G2.0K1.3G 0%/usr/src
 /dev/wd0e  2.4G   77.5M2.2G 3%/var

Buy a harddisc from this decade, please.

Best
   Martin



Re: Fuse on OpenBSD

2013-07-05 Thread Martin Schröder
2013/7/4 Henning Brauer lists-open...@bsws.de:
 * openda...@hushmail.com openda...@hushmail.com [2013-07-04 05:09]:
 Why do we need FUSE anyway?

 it's a firewall between filesystem code written by people who

It's also a firewall for licenses.

Best
   Martin



Re: Is openbsd.org down??

2013-06-13 Thread Martin Schröder
http://www.downforeveryoneorjustme.com/www.openbsd.org

Hrm.



Re: rsync too slow between two disks with softraid crypto

2013-06-05 Thread Martin Schröder
2013/6/5 Henning Brauer lists-open...@bsws.de:
 * Nick n...@holland-consulting.net [2013-03-02 04:09]:
 Atom = low power consumption for low performance processing.

 err, no. the current atoms are blazingly fast really. and

Current being Cedarview? Because the network appliances I've seen
till today (e.g. from Lanner or Bytemine) still have the Pineview
(D510) CPUs.

Best
   Martin



Re: Precisions on ZFS (was: Millions of files in /var/www inode / out of space issue.)

2013-02-22 Thread Martin Schröder
2013/2/22 Juan Francisco Cantero Hurtado i...@juanfra.info:
 Here in the BSD world, we have HAMMER, a good alternative with a license
 compatible and a reasonable requirements.

Here in the OpenBSD world we don't have HAMMER.

Best
   Martin



Re: Precisions on ZFS (was: Millions of files in /var/www inode / out of space issue.)

2013-02-22 Thread Martin Schröder
2013/2/22 Eric Furman ericfur...@fastmail.net:
 but Martin Schröder is not a developer. So what is his word worth???

http://www.openbsd.org/faq/faq8.html#Journaling

Now go and fuck yourself.



  1   2   3   4   5   >