Re: OpenBSD support for Lenovo ThinkPad X230?

2012-12-10 Thread Amarendra Godbole
On Fri, Nov 23, 2012 at 6:34 AM, Anil Madhavapeddy  wrote:
> On 23 Nov 2012, at 03:13, Byron Klippert  wrote:
>
>> I picked up one recently; went with the following options.
>>
>> - Intel Core i5-3360M
>> - 128GB SSD (SATA3)
>> - 8GB PC3-12800 DDR3
>> - Intel Centrino WL-N 2200
>>
>>
>>
>> Had to use the Nov. 3 snapshot to take advantage of the recent ivy
>> bridge graphic changes (affecting Intel HD Graphics 4000).
>>
>> http://marc.info/?l=openbsd-tech&m=134909742604779&w=2
>>
>> X is usable, although I've had issues switching between console
>> (Ctl-Alt-F1) and back to X. Also had issues when display goes to sleep.
>> ie: display resumes with strange effects on display (vertical lines -
>> like bad resolution or refresh rate). This can sometimes be remedied by
>> switch between console and back to X several times.
>
> I see the same issues with the X1 Carbon (along with the occasional hard
> freeze when switching X displays, but more often you get a white noise
> overlay).  Not had a chance to track it down yet.
[...]

Thanks for the feedback - my Dec 5 snapshot behaves the same. White
noise, 100% brightness, x6050 error on changing the brightness, etc.
fw_update pulled the latest 5.7 version of iwn firmware, and my
wireless works fine (Intel Centrino Advanced-N 6205).

Also, xbacklight does not work - basically no output on any set, get
commands. Anyone got this working, so I can have the brightness
adjusted? Thanks.

-Amarendra



Re: BSD licensed gnupg replacement question

2012-12-10 Thread Paul de Weerd
On Mon, Dec 10, 2012 at 10:20:08PM -0500, Nick Holland wrote:
| On 12/10/12 21:45, Maximo Pech wrote:
| ...
| > Well, with the information you have given me so far, I think the answer is
| > something like "nobody has written it because we have more important things
| > to do and nobody believes there is a real need for that". Am I right?
| > 
| 
| I have lived a long time and never used PGP, GNUpg, NetPGP...whatever on
| my own systems.  Never had a reason to, never had the desire to.  Got a
| task at work where this may be requested, and in that case, it's because
| they are "doing it wrong", trying to make e-mail into a secure
| communications channel.  In my mind, e-mail is a non-secure
| communications channel, and I'm not fond of trying to bolt-on gadgets to
| make non-secure things look secure.

There's a fallacy here.  IP is a non-secure communications channel.
Using tools like IPsec or SSH can secure your communications over such
a non-secure channel.  There's nothing wrong with bolting that on
(well, it could be argued that ipsec is a layering violation, but
that's another subject entirely).

There's a use for tools like pgp - it solves secure communications in
a different way than ipsec/ssh do, for when your requirements are
different.

Also, pgp can be used for more than just e-mail (much like ssh can be
used for more than just 'secure remote logins'; don't dismiss a
solution because you've not run into a problem that's fixed by it yet.

| You seem to have a problem you expect all of us to have that requires a
| PGP-equivalent  to solve.  Apparently, we don't all share this problem.
|  You have not told us what this problem is you are trying to solve...but
| in general, naming the tool rather than naming the problem you are
| attempting to solve is bad process.

Well, in all honesty, I think the problem PGP solves is quite well
known and understood.  If ten years ago people asked 'is there SMP in
OpenBSD', you wouldn't have asked the same question, would you ?

| You are coming in as if you are trying to sound high-and-mighty and
| pointing out what fools we are for not having (yet again) reinvented
| your favorite tool in base.  You have yet to make a case for:
| 1) why such a tool should be in base, when obviously no developers seem
| to think it should be.
| 2) why such a tool should be reinvented Yet Again, when there are
| multiple varying degrees of free implementations out there already.
| 3) why you care.  What are you doing that could possibly be improved
| drastically by a BSD-licensed PGP implementation in base?  In fact, your
| question appears to misunderstand the /reason/ we would want a BSD
| licensed anything in base -- it isn't over a "my license is better than
| your license" pissing match, it's about what you could DO with that.
| The GNU license on GNUgp puts limitations on your ability to modify and
| redistribute it in a commercial product.  Being that PGP is sorta a
| standardized product...do you want people distributing modified versions
| of PGP?  anyone who has reason to do that will find plenty of crypto
| libraries and tools in OpenBSD, they won't need to tear apart and
| rebuild a PGP tool.

These are (imo) far better arguments.  Here are some possible answers:

3: OpenBSD solutions tend to be better implementations (ssh.com vs
   OpenSSH)
2: See 3, but also so it can be put under a 'better' license allowing
   for 1.
1: I'm not sure there are no developers that would like to see this in
   base, but they could have other priorities; wanting something not
   necessarily means having (time) to do the work.  The important
   difference is that you don't hear them.

| Yes, the OpenBSD project cares a lot about cryptography, but using it
| where it makes sense using as few tools as possible to do it right.
| Hey, why don't we have a crypto-ls?  It's really important!  What if
| someone is looking over your shoulder when you do an 'ls'?

Now you're just being facetious ;)

Paul 'WEiRD' de Weerd
(who's using gnupg now but wouldn't mind something better (which, in
the case of gnupg, can't be very hard) in either base or ports)

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 



Re: BSD licensed gnupg replacement question

2012-12-10 Thread Nick Holland
On 12/10/12 21:45, Maximo Pech wrote:
...
> Well, with the information you have given me so far, I think the answer is
> something like "nobody has written it because we have more important things
> to do and nobody believes there is a real need for that". Am I right?
> 

I have lived a long time and never used PGP, GNUpg, NetPGP...whatever on
my own systems.  Never had a reason to, never had the desire to.  Got a
task at work where this may be requested, and in that case, it's because
they are "doing it wrong", trying to make e-mail into a secure
communications channel.  In my mind, e-mail is a non-secure
communications channel, and I'm not fond of trying to bolt-on gadgets to
make non-secure things look secure.

You seem to have a problem you expect all of us to have that requires a
PGP-equivalent  to solve.  Apparently, we don't all share this problem.
 You have not told us what this problem is you are trying to solve...but
in general, naming the tool rather than naming the problem you are
attempting to solve is bad process.

You are coming in as if you are trying to sound high-and-mighty and
pointing out what fools we are for not having (yet again) reinvented
your favorite tool in base.  You have yet to make a case for:
1) why such a tool should be in base, when obviously no developers seem
to think it should be.
2) why such a tool should be reinvented Yet Again, when there are
multiple varying degrees of free implementations out there already.
3) why you care.  What are you doing that could possibly be improved
drastically by a BSD-licensed PGP implementation in base?  In fact, your
question appears to misunderstand the /reason/ we would want a BSD
licensed anything in base -- it isn't over a "my license is better than
your license" pissing match, it's about what you could DO with that.
The GNU license on GNUgp puts limitations on your ability to modify and
redistribute it in a commercial product.  Being that PGP is sorta a
standardized product...do you want people distributing modified versions
of PGP?  anyone who has reason to do that will find plenty of crypto
libraries and tools in OpenBSD, they won't need to tear apart and
rebuild a PGP tool.

Yes, the OpenBSD project cares a lot about cryptography, but using it
where it makes sense using as few tools as possible to do it right.
Hey, why don't we have a crypto-ls?  It's really important!  What if
someone is looking over your shoulder when you do an 'ls'?

Nick.



Re: BSD licensed gnupg replacement question

2012-12-10 Thread Maximo Pech
2012/12/9 Nico Kadel-Garcia 

> On Fri, Dec 7, 2012 at 4:24 PM, Chris Cappuccio  wrote:
> > Maximo Pech [mak...@gmail.com] wrote:
> >> I said I can't code that.
> >
> > If you already knew the answer was "write it", then you asked the wrong
> > question.
>

I already knew an answer (not the only one) could be "write it".


> >
> >> I know that gnupg is in the ports tree, but it
> >> just seems strange to me that it isn't on the base system, because for
> me
> >> it sounds logical that if one of the key points of openbsd is
> cryptography,
> >> it would have a bsd tool like gnupg. The netpgp thing looks very cool, I
> >> didn't know about it.
> >>
> >
> > Do you have any idea how abusrd this is?
> >
>

No I don't, if you don't mind please explain why that's absurd.


> >> So my question is why there isn't a tool like that on base, I'm asking
> out
> >> of curiosity, maybe some historical, reason, technical... I'm not
> trying to
> >> point this as a fault, I just want to understand better the fact that
> gnupg
> >> or a bsd licensed equivalent isn't in the base system.
> >>
> >
> > The original PGP program was mostly public domain. As time went on, it
> went to a
> > highly restrictive license. GnuPG, and later, NetPGP represent the
> people who
> > had desires to fix that problem. If you want to do it again, nobody will
> stop you.
> >
> > OpenSSH and OpenBSD IPsec represent the OpenBSD solutions to the quality
> and
> > licensing problems in those areas. OpenSSH is still the gold standard,
> OCF/IPsec,
> > maybe not. PGP worked, was public domain, encrypts files, and solved one
> problem.
> > Network layer encryption is an entirely different, and for many, a much
> more
> > important problem.
>

That's completely subjective and also it is a problem that has more work
behind than the "problem" I think there is with the non existence of bsd
tools like gnupg on *base* not on ports and not openssl.

What I say is simply that it would be cool if by default on the *base*
system OpenBSD had a tool called opgp, opengp, puffypg or whatever, to
encrypt files like gnupg does and I was wondering why it does not exist if
OpenBSD cares a lot about cryptography.

Well, with the information you have given me so far, I think the answer is
something like "nobody has written it because we have more important things
to do and nobody believes there is a real need for that". Am I right?



Re: [PF 5.1] strange unreachable icmp reply from firewall

2012-12-10 Thread pvz
I've been having the same problem for the past few days now and my research
has turned up a few people experiencing the exact same thing that you are,
across different versions of pf on different operating systems.

A few references I found off hand:

http://www.mail-archive.com/misc@openbsd.org/msg30646.html
http://openbsd.7691.n7.nabble.com/PF-question-set-block-policy-drop-spoofed-ip-NAT-ed-elicits-icmp-unreachable-tt14709.html

As well as a thread I started myself:
http://forum.pfsense.org/index.php/topic,56558.msg302461.html

None of the responses were too helpful though as far as I could find as in
actually getting around this.



--
View this message in context: 
http://openbsd.7691.n7.nabble.com/PF-5-1-strange-unreachable-icmp-reply-from-firewall-tp97656p220119.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: bsd.sp and bsd.mp kernels, how to compile?

2012-12-10 Thread Norman Golisz
On Sun Dec  9 2012 11:59, John Long wrote:
> On Sun, Dec 09, 2012 at 12:21:34PM +0100, Paul de Weerd wrote:
> > Alternatively, you can `make` GENERIC and `make install` GENERIC.MP.
> > Or just skip making the SP kernel, you don't need to have it around
> > per se ;)
> 
> I didn't know if make generic would leave a finished bsd.sp kernel in /
> Not sure what the kernel make install target does, since I wasn't paying
> attention after building the kernel a bunch of times on my Fuloong box.

In both cases, whether it's GENERIC or GENERIC.MP, `make install` installs
the kernel to /bsd:

rm -f /obsd
ln /bsd /obsd
cp bsd /nbsd
mv /nbsd /bsd

> If make builds a kernel and leaves it in / and just doesn't point the
> bootloader at it that will be enough and I'll just make install the mp
> kernel like I think you are saying.

The bootloader loads /bsd by default. So, if you're about to provide
both versions, and you generally want GENERIC.MP to be loaded, you'd
`make install` GENERIC.MP, and than manually copy the binary from
GENERIC to /bsd.sp.

At the boot prompt, you may choose the SP kernel by typing `boot bsd.sp`.



Re: Terminal emulators can't read .profile

2012-12-10 Thread Dustin Fechner
On 12/10/2012 12:02 PM, Feng Zhou wrote:
> I was trying out st and urxvt as a replacement for xterm, and it
> turned out that all the settings I put in ~/.profile are not
> recognised when I use either st or urxvt.

Have you set up st/urxvt so that they start a login shell?



Re: Terminal emulators can't read .profile

2012-12-10 Thread MERIGHI Marcus
f...@zhou.es (Feng Zhou), 2012.12.10 (Mon) 12:02 (CET):
> I was trying out st and urxvt as a replacement for xterm, and it
> turned out that all the settings I put in ~/.profile are not
> recognised when I use either st or urxvt. 
> 
> Is this a bug or an expected behaviour that I need to do something
> about to use other terminals? The shell was not changed, it was the
> default ksh. At first I thought it was a problem of st, but it
> happened to urxvt too. So I thought it's best to ask here. Any help is
> much appreciated.

I am guessing here, but from the times I used rxvt there's still:

Rxvt*loginShell: TRUE

in my .Xdefaults.

Bye, Marcus

> !DSPAM:50c5c16d184522009013524!



Terminal emulators can't read .profile

2012-12-10 Thread Feng Zhou
Hi,

I was trying out st and urxvt as a replacement for xterm, and it turned out 
that all the settings I put in ~/.profile are not recognised when I use either 
st or urxvt. 

Is this a bug or an expected behaviour that I need to do something about to use 
other terminals? The shell was not changed, it was the default ksh. At first I 
thought it was a problem of st, but it happened to urxvt too. So I thought it's 
best to ask here. Any help is much appreciated.

Cheers
Feng