Re: OpenBSD support for Lenovo ThinkPad X230?
On Fri, Nov 23, 2012 at 6:34 AM, Anil Madhavapeddy wrote: > On 23 Nov 2012, at 03:13, Byron Klippert wrote: > >> I picked up one recently; went with the following options. >> >> - Intel Core i5-3360M >> - 128GB SSD (SATA3) >> - 8GB PC3-12800 DDR3 >> - Intel Centrino WL-N 2200 >> >> >> >> Had to use the Nov. 3 snapshot to take advantage of the recent ivy >> bridge graphic changes (affecting Intel HD Graphics 4000). >> >> http://marc.info/?l=openbsd-tech&m=134909742604779&w=2 >> >> X is usable, although I've had issues switching between console >> (Ctl-Alt-F1) and back to X. Also had issues when display goes to sleep. >> ie: display resumes with strange effects on display (vertical lines - >> like bad resolution or refresh rate). This can sometimes be remedied by >> switch between console and back to X several times. > > I see the same issues with the X1 Carbon (along with the occasional hard > freeze when switching X displays, but more often you get a white noise > overlay). Not had a chance to track it down yet. [...] Thanks for the feedback - my Dec 5 snapshot behaves the same. White noise, 100% brightness, x6050 error on changing the brightness, etc. fw_update pulled the latest 5.7 version of iwn firmware, and my wireless works fine (Intel Centrino Advanced-N 6205). Also, xbacklight does not work - basically no output on any set, get commands. Anyone got this working, so I can have the brightness adjusted? Thanks. -Amarendra
Re: BSD licensed gnupg replacement question
On Mon, Dec 10, 2012 at 10:20:08PM -0500, Nick Holland wrote: | On 12/10/12 21:45, Maximo Pech wrote: | ... | > Well, with the information you have given me so far, I think the answer is | > something like "nobody has written it because we have more important things | > to do and nobody believes there is a real need for that". Am I right? | > | | I have lived a long time and never used PGP, GNUpg, NetPGP...whatever on | my own systems. Never had a reason to, never had the desire to. Got a | task at work where this may be requested, and in that case, it's because | they are "doing it wrong", trying to make e-mail into a secure | communications channel. In my mind, e-mail is a non-secure | communications channel, and I'm not fond of trying to bolt-on gadgets to | make non-secure things look secure. There's a fallacy here. IP is a non-secure communications channel. Using tools like IPsec or SSH can secure your communications over such a non-secure channel. There's nothing wrong with bolting that on (well, it could be argued that ipsec is a layering violation, but that's another subject entirely). There's a use for tools like pgp - it solves secure communications in a different way than ipsec/ssh do, for when your requirements are different. Also, pgp can be used for more than just e-mail (much like ssh can be used for more than just 'secure remote logins'; don't dismiss a solution because you've not run into a problem that's fixed by it yet. | You seem to have a problem you expect all of us to have that requires a | PGP-equivalent to solve. Apparently, we don't all share this problem. | You have not told us what this problem is you are trying to solve...but | in general, naming the tool rather than naming the problem you are | attempting to solve is bad process. Well, in all honesty, I think the problem PGP solves is quite well known and understood. If ten years ago people asked 'is there SMP in OpenBSD', you wouldn't have asked the same question, would you ? | You are coming in as if you are trying to sound high-and-mighty and | pointing out what fools we are for not having (yet again) reinvented | your favorite tool in base. You have yet to make a case for: | 1) why such a tool should be in base, when obviously no developers seem | to think it should be. | 2) why such a tool should be reinvented Yet Again, when there are | multiple varying degrees of free implementations out there already. | 3) why you care. What are you doing that could possibly be improved | drastically by a BSD-licensed PGP implementation in base? In fact, your | question appears to misunderstand the /reason/ we would want a BSD | licensed anything in base -- it isn't over a "my license is better than | your license" pissing match, it's about what you could DO with that. | The GNU license on GNUgp puts limitations on your ability to modify and | redistribute it in a commercial product. Being that PGP is sorta a | standardized product...do you want people distributing modified versions | of PGP? anyone who has reason to do that will find plenty of crypto | libraries and tools in OpenBSD, they won't need to tear apart and | rebuild a PGP tool. These are (imo) far better arguments. Here are some possible answers: 3: OpenBSD solutions tend to be better implementations (ssh.com vs OpenSSH) 2: See 3, but also so it can be put under a 'better' license allowing for 1. 1: I'm not sure there are no developers that would like to see this in base, but they could have other priorities; wanting something not necessarily means having (time) to do the work. The important difference is that you don't hear them. | Yes, the OpenBSD project cares a lot about cryptography, but using it | where it makes sense using as few tools as possible to do it right. | Hey, why don't we have a crypto-ls? It's really important! What if | someone is looking over your shoulder when you do an 'ls'? Now you're just being facetious ;) Paul 'WEiRD' de Weerd (who's using gnupg now but wouldn't mind something better (which, in the case of gnupg, can't be very hard) in either base or ports) -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: BSD licensed gnupg replacement question
On 12/10/12 21:45, Maximo Pech wrote: ... > Well, with the information you have given me so far, I think the answer is > something like "nobody has written it because we have more important things > to do and nobody believes there is a real need for that". Am I right? > I have lived a long time and never used PGP, GNUpg, NetPGP...whatever on my own systems. Never had a reason to, never had the desire to. Got a task at work where this may be requested, and in that case, it's because they are "doing it wrong", trying to make e-mail into a secure communications channel. In my mind, e-mail is a non-secure communications channel, and I'm not fond of trying to bolt-on gadgets to make non-secure things look secure. You seem to have a problem you expect all of us to have that requires a PGP-equivalent to solve. Apparently, we don't all share this problem. You have not told us what this problem is you are trying to solve...but in general, naming the tool rather than naming the problem you are attempting to solve is bad process. You are coming in as if you are trying to sound high-and-mighty and pointing out what fools we are for not having (yet again) reinvented your favorite tool in base. You have yet to make a case for: 1) why such a tool should be in base, when obviously no developers seem to think it should be. 2) why such a tool should be reinvented Yet Again, when there are multiple varying degrees of free implementations out there already. 3) why you care. What are you doing that could possibly be improved drastically by a BSD-licensed PGP implementation in base? In fact, your question appears to misunderstand the /reason/ we would want a BSD licensed anything in base -- it isn't over a "my license is better than your license" pissing match, it's about what you could DO with that. The GNU license on GNUgp puts limitations on your ability to modify and redistribute it in a commercial product. Being that PGP is sorta a standardized product...do you want people distributing modified versions of PGP? anyone who has reason to do that will find plenty of crypto libraries and tools in OpenBSD, they won't need to tear apart and rebuild a PGP tool. Yes, the OpenBSD project cares a lot about cryptography, but using it where it makes sense using as few tools as possible to do it right. Hey, why don't we have a crypto-ls? It's really important! What if someone is looking over your shoulder when you do an 'ls'? Nick.
Re: BSD licensed gnupg replacement question
2012/12/9 Nico Kadel-Garcia > On Fri, Dec 7, 2012 at 4:24 PM, Chris Cappuccio wrote: > > Maximo Pech [mak...@gmail.com] wrote: > >> I said I can't code that. > > > > If you already knew the answer was "write it", then you asked the wrong > > question. > I already knew an answer (not the only one) could be "write it". > > > >> I know that gnupg is in the ports tree, but it > >> just seems strange to me that it isn't on the base system, because for > me > >> it sounds logical that if one of the key points of openbsd is > cryptography, > >> it would have a bsd tool like gnupg. The netpgp thing looks very cool, I > >> didn't know about it. > >> > > > > Do you have any idea how abusrd this is? > > > No I don't, if you don't mind please explain why that's absurd. > >> So my question is why there isn't a tool like that on base, I'm asking > out > >> of curiosity, maybe some historical, reason, technical... I'm not > trying to > >> point this as a fault, I just want to understand better the fact that > gnupg > >> or a bsd licensed equivalent isn't in the base system. > >> > > > > The original PGP program was mostly public domain. As time went on, it > went to a > > highly restrictive license. GnuPG, and later, NetPGP represent the > people who > > had desires to fix that problem. If you want to do it again, nobody will > stop you. > > > > OpenSSH and OpenBSD IPsec represent the OpenBSD solutions to the quality > and > > licensing problems in those areas. OpenSSH is still the gold standard, > OCF/IPsec, > > maybe not. PGP worked, was public domain, encrypts files, and solved one > problem. > > Network layer encryption is an entirely different, and for many, a much > more > > important problem. > That's completely subjective and also it is a problem that has more work behind than the "problem" I think there is with the non existence of bsd tools like gnupg on *base* not on ports and not openssl. What I say is simply that it would be cool if by default on the *base* system OpenBSD had a tool called opgp, opengp, puffypg or whatever, to encrypt files like gnupg does and I was wondering why it does not exist if OpenBSD cares a lot about cryptography. Well, with the information you have given me so far, I think the answer is something like "nobody has written it because we have more important things to do and nobody believes there is a real need for that". Am I right?
Re: [PF 5.1] strange unreachable icmp reply from firewall
I've been having the same problem for the past few days now and my research has turned up a few people experiencing the exact same thing that you are, across different versions of pf on different operating systems. A few references I found off hand: http://www.mail-archive.com/misc@openbsd.org/msg30646.html http://openbsd.7691.n7.nabble.com/PF-question-set-block-policy-drop-spoofed-ip-NAT-ed-elicits-icmp-unreachable-tt14709.html As well as a thread I started myself: http://forum.pfsense.org/index.php/topic,56558.msg302461.html None of the responses were too helpful though as far as I could find as in actually getting around this. -- View this message in context: http://openbsd.7691.n7.nabble.com/PF-5-1-strange-unreachable-icmp-reply-from-firewall-tp97656p220119.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: bsd.sp and bsd.mp kernels, how to compile?
On Sun Dec 9 2012 11:59, John Long wrote: > On Sun, Dec 09, 2012 at 12:21:34PM +0100, Paul de Weerd wrote: > > Alternatively, you can `make` GENERIC and `make install` GENERIC.MP. > > Or just skip making the SP kernel, you don't need to have it around > > per se ;) > > I didn't know if make generic would leave a finished bsd.sp kernel in / > Not sure what the kernel make install target does, since I wasn't paying > attention after building the kernel a bunch of times on my Fuloong box. In both cases, whether it's GENERIC or GENERIC.MP, `make install` installs the kernel to /bsd: rm -f /obsd ln /bsd /obsd cp bsd /nbsd mv /nbsd /bsd > If make builds a kernel and leaves it in / and just doesn't point the > bootloader at it that will be enough and I'll just make install the mp > kernel like I think you are saying. The bootloader loads /bsd by default. So, if you're about to provide both versions, and you generally want GENERIC.MP to be loaded, you'd `make install` GENERIC.MP, and than manually copy the binary from GENERIC to /bsd.sp. At the boot prompt, you may choose the SP kernel by typing `boot bsd.sp`.
Re: Terminal emulators can't read .profile
On 12/10/2012 12:02 PM, Feng Zhou wrote: > I was trying out st and urxvt as a replacement for xterm, and it > turned out that all the settings I put in ~/.profile are not > recognised when I use either st or urxvt. Have you set up st/urxvt so that they start a login shell?
Re: Terminal emulators can't read .profile
f...@zhou.es (Feng Zhou), 2012.12.10 (Mon) 12:02 (CET): > I was trying out st and urxvt as a replacement for xterm, and it > turned out that all the settings I put in ~/.profile are not > recognised when I use either st or urxvt. > > Is this a bug or an expected behaviour that I need to do something > about to use other terminals? The shell was not changed, it was the > default ksh. At first I thought it was a problem of st, but it > happened to urxvt too. So I thought it's best to ask here. Any help is > much appreciated. I am guessing here, but from the times I used rxvt there's still: Rxvt*loginShell: TRUE in my .Xdefaults. Bye, Marcus > !DSPAM:50c5c16d184522009013524!
Terminal emulators can't read .profile
Hi, I was trying out st and urxvt as a replacement for xterm, and it turned out that all the settings I put in ~/.profile are not recognised when I use either st or urxvt. Is this a bug or an expected behaviour that I need to do something about to use other terminals? The shell was not changed, it was the default ksh. At first I thought it was a problem of st, but it happened to urxvt too. So I thought it's best to ask here. Any help is much appreciated. Cheers Feng