Re: Adding encryption support to vi(1)

2014-12-26 Thread thornton . richard 
I live in NJ. Should I be‎ this paranoid, that every file I edit should be 
encrypted?
Who has time for this type of craziness?


Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: andrew fabbro
Sent: Friday, December 26, 2014 1:25 AM
To: misc@openbsd.org
Subject: Adding encryption support to vi(1)

vim (in ports) offers an encryption option (
http://vimdoc.sourceforge.net/htmldoc/editing.html#encryption)

Invoking vim with -x prompts for a key and then encrypts the file on save.
It appears to do the right thing as far as encrypting the .swp (temporary
recovery) file as well. If you later edit the file (without the -x option)
it will detect the file is encrypted based on a magic it prepends and
prompt for a key.

Unfortunately, by default vim uses the 'zip' algorithm which is quite
insecure, though you can optionally specify blowfish as your preferred
algorithm.

The nice thing about this versus a gpg decrypt/edit/re-encrypt cycle is
that you don't have an unencrypted file temporarily lying around (or an
unencrypted vi-recover file for that matter).

I'm wondering if there is any interest in adding this feature to vi(1)
given OpenBSD's interest in integrated crypto?

Unfortunately, as a US citizen/resident, it's not clear to me that I would
be able to contribute code (beyond an implementation that uses the zip
algorithm) so it is probably a moot point unless one of the devs is
interested but...I figured there was no harm in mentioning it.


-- 
andrew fabbro
and...@fabbro.org
blog: https://raindog308.com

Re: OT:Password strength

2014-11-30 Thread thornton . richard 
Where do you store these passwords? On a napkin?

  Original Message  
From: Ted Unangst
Sent: Sunday, November 30, 2014 3:21 PM
To: Eric Furman
Cc: OpenBSD Misc
Subject: Re: OT:Password strength

On Sat, Nov 29, 2014 at 22:07, Eric Furman wrote:
 OFF TOPIC. This has nothing to do with OpenBSD,
 but a lot of guys here know about this stuff.
 I've done some reading, but still not sure.
 OK, at the risk of looking stupid,which of these passwords is better;
 kMH65?3
 or
 mylittlelambjumpedovertenredbarns

I think it's a mistake to reverse a password into entropy. If your
pool of possible passwords is sentences from common nursery rhymes,
for example, they may look awesome but in reality there are only a few
thousand possibilities.

Instead, pick a generating algorithm. It can be random letters, random
symbols, whatever. Random words. Random fake words consisting of
alternating consonants and vowels. You know how big the search space
is for each atom. Divide desired password strength (e.g. 64 bits) by
bits per atom to determine required number of atoms.

For the consonant/vowel example, here's a luajit script that makes
passwords. Even though they are all lower case, they are at least 64
bits hard.

local letters = {
c, k, t, tr, rt, p, pr, d,
v, n, l, nd, z, g, th, s }
local vowels = { a, e, i, o, u, y, oo, ee }

local letterbits = 4
local vowelbits = 3

local wantedbits = 64

local bits = 0

local ffi = require ffi
ffi.cdef[[uint32_t arc4random_uniform(uint32_t);]]
local function rand(max)
return ffi.C.arc4random_uniform(max) + 1
end 

local atoms = { }
while bits  wantedbits do
table.insert(atoms, letters[rand(16)])
table.insert(atoms, vowels[rand(8)])
bits = bits + letterbits + vowelbits
end 
print(table.concat(atoms))

Examples:

treetykaveprethicooputhedu
soonataviceenoopatecoge
gootrozapiceelytrithunula
preezypeendothanundipeesooka

Re: OT:Password strength

2014-11-30 Thread thornton . richard 
I get why network admins and CIO types live and breath security and hardened 
passwords, but the average user has gone mad. I like leading alpha characters 
in combination with an old phone number, with a few non-alpha‎ characters, 
leading and trailing. Thus a password that I can remember, but not something 
easy to guess. Example: I worked at Empire Blue Cross 20 years ago. My phone 
was x3699.   212 476 3699. Thus say, =EmpBC3699 would be fairly good, and I 
could recall it without writing it down.    One could say that 3699 is too 
easy, perhaps, buts its a quick example of a easy analog way to create a 
password which is ok, and easy to remember.

  Original Message  
From: Ted Unangst
Sent: Sunday, November 30, 2014 4:21 PM
To: thornton.rich...@gmail.com
Cc: Eric Furman; OpenBSD Misc
Subject: Re: OT:Password strength

On Sun, Nov 30, 2014 at 15:37, thornton.rich...@gmail.com wrote:
 Where do you store these passwords? On a napkin?

Wherever you like. A shorter password with all the o's turned into 0's
is hardly more secure.

Re: Sorry OpenBSD people, been a bit busy

2013-10-08 Thread thornton . richard 
I used to work at empire blue cross. I had many friends who worked in the
Trade Towers.I lived for a time in Battery Park nearby.So go to hell
asshole, the USA will neverLet another 9/11 happen again, And Snowden is
quite the jerk. These guys were recently planning attacks on Toronto as a
matter of fact and were discovered in time, maybe thanks to the NSA.
So sit in your tea house pouring over your netbook,Fuckin around, and
hide. And go to hell.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: Zé LoffSent: Tuesday, October 8, 2013 6:08 PMTo: Richard ThorntonCc:
Scott McEachern; misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been
a bit busy

 The Middle Eastern terrorism threat is
 real and we need to be able to stop them anyway necessary.

 All it takes is one of them to hit every Walmart in the neighborhood,
 buy every pay-as-you-go phone they have, then pass them out to their
 friends in every Mosque.

Well fuck you and your fucking stereotypes, you fucking bigot.

And thank you for validating the quote on Scott's signature, btw.

Re: Sorry OpenBSD people, been a bit busy

2013-10-08 Thread thornton . richard 
I love OpenBSD, seriously, and developers of it are clearly geniuses. And
any chance I get I promote it.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: Scott McEachernSent: Tuesday, October 8, 2013 7:17 PMTo:
misc@openbsd.orgSubject: Re: Sorry OpenBSD people, been a bit busy

On 10/08/13 17:38, Richard Thornton wrote:
 I am not flippant enough to say that the NSA revelations do not matter,
 but what are we supposed to do? The Middle Eastern terrorism threat is
 real and we need to be able to stop them anyway necessary.

 All it takes is one of them to hit every Walmart in the neighborhood,
 buy every pay-as-you-go phone they have, then pass them out to their
 friends in every Mosque. Now you have a new terrorism threat. So,
 welcome to the real world my friend, and wake up.

Seriously, after everything I've said so far (I see you just replied
privately to my most recent post), you're suggesting that *I* wake up to
the real world? I suggest you take that message to the ignorant,
complacent, apathetic masses. Please.

Take a look at the prime-time TV lineup on the major US networks, and
the cable stations like Showcase, HBO, etc. What are their plots
mostly focussed on? Terrorism. Top-rated shows like NCIS, NCIS: LA,
and the like: Terrorism. My point is that the media is feeding the
viewers a non-stop diet of potential terrorist plots. It's ridiculously
pervasive, and the fear is taking over peoples' minds.

Why do you think Bruce Schneier calls the TSA's actions security
theatre? They're reactive, not proactive. Maybe the NSA/CIA/FBI are
trying to be proactive, but what's their track record?

The intelligence agencies each had a piece of the 9/11 puzzle. Due to
infighting and protecting their respective turf, they didn't share
information, and 9/11 happened. Hindsight is 20/20, but it was revealed
that if they had only cooperated, 9/11 could have been prevented.

Look at the Boston bombings. The FBI received intel from the Russians,
of all people, beforehand that the two brothers were up to something.
How did that work out for them?

The Times Square bomber was stopped by a curious NYPD cop, not an
three-letter agency.

How about those US soldiers that converted to Islam, raising red flags
with their unusual behaviour and behavioural changes, going on shooting
rampages? How did the FBI do there?

Maybe they have foiled attacks, but you'd think they'd be shouting that
from the rooftops saying, Look! We're doing good! Our Billion dollar
budgets are justified! People know about PRISM now, but even if they
wanted to keep the source of their intel under wraps, I'm sure they
could find a way to parallel construct a plausible explanation without
revealing too much.

Like you said in a fresh post, maybe the NSA was helpful in stopping the
potential attacks on Toronto and various rail lines. Who knows. Read
my previous paragraph again.

And for the record, both you and Ze Loff should stick to facts and
rational discussion. Bigots and morons are best defeated with those,
and they'll show their true colours, debasing their own opinions.
There's no need for insults and ad hominem attacks.

You feel that Snowden is quite the jerk? You're entitled to that
opinion, but there are a great many people, myself included, that think
he is a hero for exposing blantant lies and violations of the law and
constitution. Snowden, and some other previous NSA employees, saw the
insanity of this, and the future of it. They were appalled, and went
public. They are heroes.

Privately, you casually dismissed Wolf as another blow hard, the
liberal version of Ann Coulter. Maybe so, but attacking her personally
does not negate the validity of her points. Watch the video, and think
about it with an open mind, if you can.

You asked, What are we supposed to do? There are no easy answers
here. I fully realize that there are shades of grey involved. But you
aren't looking at the thin end of the wedge; we've long passed that
point, and you are ceding your rights to allow it to not only continue,
but to expand. Remeber what Ben Franklin said: Those who would give
up essential liberty to purchase a little temporary safety deserve
neither liberty nor safety.

His point in that quote speaks directly to the nature of government. It
hasn't changed since then. Government will take a mile when you give
them an inch. You've probably heard the glib comments that more people
in the US have died from choking on fishbones/car accidents/etc. in the
last 12 years than have died from terrorism.

But at what price, both financially (military spending) and in terms of
rights in a growing surveillance state? Where does it end, and what is
the logical conclusion?

I just don't have the answers, but I can repeat the suggestions of Bruce
Schneier: Trust the math. Trust the crypto. Be careful with the
implementation. The NSA isn't so much working on breaking the crypto
(for now), as they are attacking the end points. That's why

Re: Claws-mail frequently dumps core on 5.3R

2013-09-28 Thread thornton . richard 
I have experienced same behaviour, on sparc, openbsd, version 5.3, kernel
#40.

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: Stefan WollnySent: Saturday, September 28, 2013 6:20 PMTo: Stefan
WollnyCc: Erwin Geerdink; OpenBSDSubject: Re: Claws-mail frequently dumps
core on 5.3R

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Sun, 5 May 2013 15:12:07 +0200
schrieb Stefan Wollny ste...@wollny.de:

 On Sat, 4 May 2013 21:18:35 +0200
 Erwin Geerdink m...@erwingeerdink.com wrote:

  Hi,
 
  Since I upgraded to OpenBSD 5.3 Release (following the upgrade guide
  on the website), I have experienced the following problem with
  claws-mail v3.8.1: Every time I try to fetch mail, a dialog 'Changed
  SSL certificate' pops up, for each of my mailboxes. No matter if I
  choose 'Cancel connection' or 'Accept and Save certificates', both
  frequently result in a core dump.
  Even when claws does not crash, the certs are not properly saved,
  for the dialog shows up every subsequent fetch. The SSL certs are
  stored to disk (~/.claws-mail/certs/), but information about owner
  and signer is 'not in certificate'.
 
  Core dumps also occur when sending mail.
  As you understand, this makes usage quite a pain.
 
  Does anyone experience this issue as well?
 Hi Erwin,
 Hi misc@!

 I do experience this behaviour as well - as of this morning I use the
 latest 5.3-current (#148) and claws-mail hasn't crashed for an hour.
 Yet it keeps complaining about the SSL certs being changed.

 I just did a fresh install of my system based on 5.3-current (#147).

 The ./claws-mail/certs folder has permissions 700 while the certs
 within have 644 - I have no idea if this has an effect on claws-mail.

 If I can help with any other info or testing just drop me a line.

 Cheers,
 STEFAN

 OpenBSD 5.3-current (GENERIC.MP) #148: Tue Apr 30 11:41:58 MDT 2013
 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz (GenuineIntel
 686-class) 1.83 GHz cpu0:

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,
MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,PERF
 real mem = 3219517440 (3070MB) avail mem = 3155484672 (3009MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 08/27/09, BIOS32 rev. 0 @
 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO
 version 79ETE5WW (2.25 ) date 08/27/2009 bios0: LENOVO 200855G
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT
 SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3)
 DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3)
 USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz,
 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT
 compat cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: apic clock running at 166MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz (GenuineIntel
 686-class) 1.83 GHz cpu1:

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,
MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,PERF
 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at
 acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (AGP_)
 acpiprt2 at acpi0: bus 2 (EXP0)
 acpiprt3 at acpi0: bus 3 (EXP1)
 acpiprt4 at acpi0: bus 4 (EXP2)
 acpiprt5 at acpi0: bus 12 (EXP3)
 acpiprt6 at acpi0: bus 21 (PCI1)
 acpicpu0 at acpi0: C2, C1, PSS
 acpicpu1 at acpi0: C2, C1, PSS
 acpipwrres0 at acpi0: PUBS
 acpitz0 at acpi0: critical temperature is 127 degC
 acpitz1 at acpi0: critical temperature is 99 degC
 acpibtn0 at acpi0: LID_
 acpibtn1 at acpi0: SLPB
 acpibat0 at acpi0: BAT0 model 92P1139 serial 6480 type LION oem
 Panasonic acpibat1 at acpi0: BAT1 not present
 acpiac0 at acpi0: AC unit online
 acpithinkpad0 at acpi0
 acpidock0 at acpi0: GDCK not docked (0)
 bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000
 0xdc000/0x4000! 0xe/0x1! cpu0: Enhanced SpeedStep 1829 MHz:
 speeds: 1833, 1333, 1000 MHz pci0 at mainbus0 bus 0: configuration
 mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev
 0x03 ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03:
 apic 1 int 16 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility X1300 M52-64 rev
 0x00 radeondrm0 at vga1: apic 1 int 16
 drm0 at radeondrm0
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02:
 msi azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using
 Analog Devices AD1981HD audio0 at azalia0
 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 1

Re: Verified OS concerns

2013-09-19 Thread thornton . richard 
Interesting thread...
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: josef.winger@email.deSent: Thursday, September 19, 2013 4:30 PMTo:
misc@openbsd.orgSubject: Verified OS concerns

Does OpenBSD plan to varify its (main) components, to
reach the level of zero-bug software?

If not, isn't there any concern that (future) varified OS
will render OBSD redundant one day?

/jo

Re: general ports question

2013-09-18 Thread thornton . richard 
Ok, thanks for the help.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: Marc EspieSent: Wednesday, September 18, 2013 6:24 PMTo: Richard
ThorntonReply To: espie@nerim.netCc: OpenBSD general usage listSubject:
Re: general ports question

On Wed, Sep 18, 2013 at 06:16:20PM -0400, Richard Thornton wrote:
 So if one has a 5.3 release system running, but finds a desired package
in
 say 5.1, will pkg_add work on this, assuming I adjust the PKG_PATH to
point
 to a 5.1 package folder? Or will doing this cause other instabilities?

The dependency mechanisms in pkg_add apply to the library of the base
system.

Meaning that if you manage to install a package from 5.1 on a pure 5.3
machine, your package has *no* dependency at all on any shared library
whatsoever from the base system.

So, yeah, you can install the books from 5.1. And some of the fonts.
That's about it.

Re: Feedback about Desktop Environments

2013-09-16 Thread thornton . richard 
Definitely XFCE 4.10.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: James GriffinSent: Monday, September 16, 2013 6:20 AMTo:
misc@openbsd.orgSubject: Feedback about Desktop Environments

I need to install a Dektop Environment for my partner.

I thought about KDE or xfce, i've tried neither on OpenBSD before. Which
of the 3 main main DE's (gnome, KDE, XFCE) do you feel work best on
OpenBSD.

I would need things like removable media mounting from within the
graphical environment, good sound support and multimedia applications.

Any advice would be helpful from those using any of these Desktop's. I
thought i'd ask on this list before installing loads of packages.

Cheers, Jamie.

Re: user can not shutdown PC in xfce

2013-08-30 Thread thornton . richard 
When I want to shut down, I use on/off switch. No permissions needed.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: James GriffinSent: Friday, August 30, 2013 6:00 AMTo:
misc@openbsd.orgSubject: Re: user can not shutdown PC in xfce

!-- On Fri 30.Aug'13 at 9:08:05 BST, Fung (fungm...@qq.com), wrote:
 -- Original --
 From: Tomas Bodzartomas.bod...@gmail.com;

 On Tue, Aug 27, 2013 at 2:34 PM, Fung fungm...@qq.com wrote:

  1. root login xfce can shutdown the pc smoothly using mouse.
  2. other user in xfce can not shutdown the pc, why?
 
  # visudo
  ...
  %wheel ALL=(ALL) SETENV: ALL
  share ALL=NOPASSWD: /usr/local/lib/xfce4/session/xfsm-shutdown-helper
  ...
 
  # id share
  uid=1000(share) gid=1000(share) groups=1000(share), 0(wheel)
 
 
  # sysctl kern.version
  kern.version=OpenBSD 5.4-current (GENERIC.MP) #48: Sat Aug 24
20:31:41
  MDT 2013
  dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 
 
  # cat /usr/local/share/doc/pkg-readmes/xfce-4.10p0
  said
  Logging out and shutting down the computer
  ==
  If your installation supports complete shutdown, clicking on the
logout
  button on panel will permit you to either logout, rebooting or halt
  the computer, provided you have the needed sudo credentials.
  If you don't want to have to enter your password, simply add this
line
  to the /etc/sudoers file using visudo:
  $your_username ALL=NOPASSWD:
  /usr/local/lib/xfce4/session/xfsm-shutdown-helper
  ==
 

 are you in operator group? ;-)

 $ ls -l /sbin/shutdown
 -r-sr-x--- 1 root operator 222416 Aug 20 00:46 /sbin/shutdown
 $

 .


 hi, tomas,

 Shutdown in xfce not work with operator group .

 BTW, from terminal , user share can halt -p/ shutdown the system.


You could use a better Window Manager/Desktop. The cwm in base is
excellent. Also, fvwm2 in packages is excellent (I use that one), so are
some tiling WM's, like dwm and spectrwm.

--

James Griffin: jmz at kontrol.kode5.net

A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38

Re: Compiling BOINC/Seti at Home for OpenBSD 5.3 Sparc64

2013-08-30 Thread thornton . richard 
You are right. I am using a virtual installation right now until I figure
it all out.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.

From: Daniel OuelletSent: Thursday, August 29, 2013 6:19 PMTo:
misc@openbsd.orgSubject: Re: Compiling BOINC/Seti at Home for OpenBSD
5.3 Sparc64

On 8/29/2013 4:15 PM, Alexey E. Suslikov wrote:
 Christian Weisgerber naddy at mips.inka.de writes:

 Richard Thornton thornton.richard at gmail.com wrote:

 My Sun Blade 100, has a fresh install of 5.3, and its very good, much
 better than 5.1; XFCE is very stable and R is much better than prior
 ports. you guys did a great job! Now this computer sits running
actively,
 with nothing to do!

 Use apm -L or -C and save 10 W.

 Wonder why keep running something doing nothing ;)


Still happily married I see. (: