Re: is my dns server/ routing borked??, i could need some advice

[lists]

> >  For some reasons, i notice that i am not able to access some website in
> >  the first 10 minutes when i have my machine turned on.  
> > >>>
> > >>> If you have a broadband on premises equipment like a converter, modem,
> > >>> router, switch etc, you may consider replacing these, as with age some
> > >>> of them degrade (in capacitors, solder joints, jacks) and such devices
> > >>> have trouble working reliably until it warms up (or when they overheat).
> > >>>
> > >>> To report further details to the list, please start a new empty 
> > >>> message.  
> > >>
> > >> Well,the modem hardware is new.
> > >> my switches are ok, i have a local server that is up for 24/7, en even
> > >> that machine is loosing contact to the website.
> > > 
> > > So you're absolutely sure the hardware environment is fine.  There are
> > > two important tactics to employ then in troubleshooting.  First one is
> > > to bypass every equipment and connect the troubleshooting device direct
> > > to the upstream connection.  Then ensure you have full connectivity and
> > > move down the line to the point you find your issue.  You would follow
> > > this with the second tactic, drop the configuration from zero and make
> > > sure you have working connectivity and then start adding each piece of
> > > the software set up, until you find the part that generates the issues.
> > > 
> > >> it is pure a dns isue, but what i can resolv, i rewrote the complete
> > >> named stuff, added even the DNS server pool from that website, heck,
> > >> still no result...
> > > 
> > > Try unbound / nsd and see if this gives you a different result.  It is
> > > often just such a simple common issue, that it's hidden in plain sight.
> > > 
> > > Once you have found it, please report to the list your process+results.  
> > 
> > This gonna be fun for me.
> > But i will do it.  
> 
> I know very well what you mean.  Then, if you want to cut time short,
> you can preemptively start looking direct into the suspected trouble
> zone, either hardware, equipment configuration and/or software set up.
> 
> With this second approach, you can ask a direct question once you find
> the point of hesitation and/or concern.  Just walking the trouble path
> is often enough to get you out of the "unseeing" mode and find it quick.

One more important thing, if you are using the ISP provided name servers
or name service from the broadband equipment (duh), you can bypass these
and use own local direct resolving recursive name server on your gateway.

Re: is my dns server/ routing borked??, i could need some advice

[Ton Muller]

On 23-5-2016 8:10, li...@wrant.com wrote:
> Mon, 23 May 2016 07:40:27 +0200 Ton Muller 
>> On 22-5-2016 15:45, li...@wrant.com wrote:
>>> Sun, 22 May 2016 10:42:52 +0200 Ton Muller   

 For some reasons, i notice that i am not able to access some website in
 the first 10 minutes when i have my machine turned on.  
>>>
>>> If you have a broadband on premises equipment like a converter, modem,
>>> router, switch etc, you may consider replacing these, as with age some
>>> of them degrade (in capacitors, solder joints, jacks) and such devices
>>> have trouble working reliably until it warms up (or when they overheat).
>>>
>>> To report further details to the list, please start a new empty message.
>>>
>>> Regards,
>>> Anton
>>>   
>>
>> Well,the modem hardware is new.
>> my switches are ok, i have a local server that is up for 24/7, en even
>> that machine is loosing contact to the website.
> 
> So you're absolutely sure the hardware environment is fine.  There are
> two important tactics to employ then in troubleshooting.  First one is
> to bypass every equipment and connect the troubleshooting device direct
> to the upstream connection.  Then ensure you have full connectivity and
> move down the line to the point you find your issue.  You would follow
> this with the second tactic, drop the configuration from zero and make
> sure you have working connectivity and then start adding each piece of
> the software set up, until you find the part that generates the issues.
> 
>> it is pure a dns isue, but what i can resolv, i rewrote the complete
>> named stuff, added even the DNS server pool from that website, heck,
>> still no result...
> 
> Try unbound / nsd and see if this gives you a different result.  It is
> often just such a simple common issue, that it's hidden in plain sight.
> 
> Once you have found it, please report to the list your process+results.
> 

This gonna be fun for me.
But i will do it.


Tony...

Re: is my dns server/ routing borked??, i could need some advice

[lists]

Mon, 23 May 2016 07:40:27 +0200 Ton Muller 
> On 22-5-2016 15:45, li...@wrant.com wrote:
> > Sun, 22 May 2016 10:42:52 +0200 Ton Muller   
> >>
> >> For some reasons, i notice that i am not able to access some website in
> >> the first 10 minutes when i have my machine turned on.  
> > 
> > If you have a broadband on premises equipment like a converter, modem,
> > router, switch etc, you may consider replacing these, as with age some
> > of them degrade (in capacitors, solder joints, jacks) and such devices
> > have trouble working reliably until it warms up (or when they overheat).
> > 
> > To report further details to the list, please start a new empty message.
> > 
> > Regards,
> > Anton
> >   
> 
> Well,the modem hardware is new.
> my switches are ok, i have a local server that is up for 24/7, en even
> that machine is loosing contact to the website.

So you're absolutely sure the hardware environment is fine.  There are
two important tactics to employ then in troubleshooting.  First one is
to bypass every equipment and connect the troubleshooting device direct
to the upstream connection.  Then ensure you have full connectivity and
move down the line to the point you find your issue.  You would follow
this with the second tactic, drop the configuration from zero and make
sure you have working connectivity and then start adding each piece of
the software set up, until you find the part that generates the issues.

> it is pure a dns isue, but what i can resolv, i rewrote the complete
> named stuff, added even the DNS server pool from that website, heck,
> still no result...

Try unbound / nsd and see if this gives you a different result.  It is
often just such a simple common issue, that it's hidden in plain sight.

Once you have found it, please report to the list your process+results.

Re: is my dns server/ routing borked??, i could need some advice

[Ton Muller]

On 22-5-2016 15:45, li...@wrant.com wrote:
> Sun, 22 May 2016 10:42:52 +0200 Ton Muller 
>>
>> For some reasons, i notice that i am not able to access some website in
>> the first 10 minutes when i have my machine turned on.
> 
> If you have a broadband on premises equipment like a converter, modem,
> router, switch etc, you may consider replacing these, as with age some
> of them degrade (in capacitors, solder joints, jacks) and such devices
> have trouble working reliably until it warms up (or when they overheat).
> 
> To report further details to the list, please start a new empty message.
> 
> Regards,
> Anton
> 

Well,the modem hardware is new.
my switches are ok, i have a local server that is up for 24/7, en even
that machine is loosing contact to the website.
it is pure a dns isue, but what i can resolv, i rewrote the complete
named stuff, added even the DNS server pool from that website, heck,
still no result...

Re: SMTPD - Auth Error 535 5.7.8

[Gilles Chehade]

On Sun, May 22, 2016 at 05:04:02PM -0500, Patrick Dohman wrote:
> After migrating to a new ISP SMTPD relay TLS Auth no longer functions as
> expected.
> 
> Essentially the same configuration in conjunction with a different mail server
> works as needed.
> 
> Hoping to clarify if cipher type is an issue & if so how a cipher list is
> configured.
> 

nope, the problem seems to be that you credentials are rejected:

> May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Connecting to
> tls://205.219.233.9:587 (mail.centurylink.net) on session 678c450539abbe1e...
> May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Connected on session
> 678c450539abbe1e
> May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Started TLS on session
> 678c450539abbe1e: version=TLSv1/SSLv3, cipher=AES256-GCM-SHA384, bits=256
> May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Server certificate
> verification succeeded on session 678c450539abbe1e

here the connection has been established and TLS negotiated


> May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Error on session
> 678c450539abbe1e: AUTH rejected: 535 5.7.8 Sorry.

here the remote server replied that it didn't accept your AUTH
which is basically your credentials

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

SMTPD - Auth Error 535 5.7.8

[Patrick Dohman]

After migrating to a new ISP SMTPD relay TLS Auth no longer functions as
expected.

Essentially the same configuration in conjunction with a different mail server
works as needed.

Hoping to clarify if cipher type is an issue & if so how a cipher list is
configured.

Please see below for more info:

sudo cat /etc/mail/smtpd.conf
#   $OpenBSD: smtpd.conf,v 1.7 2014/03/12 18:21:34 tedu Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# To accept external mail, replace with: listen on all
#
listen on lo0 hostname ###-##-##-##.###.qwest.net

table aliases db:/etc/mail/aliases.db
table secrets db:/etc/mail/secrets.db

# Uncomment the following to accept external mail for domain "example.org"
#
# accept from any for domain "example.org" alias  deliver to mbox
accept for local alias  deliver to mbox
#accept from local for any relay
accept for any relay via tls+auth://la...@smtp.centurylink.net:587 \ auth



#
##

$mail -s "Firewall weekly output" -r root@###-##-###-##.###.qwest.net
###@centurylink.net < test.txt

sudo tail -f /var/log/maillog

May 22 14:49:41 Firewall smtpd[5565]: smtp-in: New session 678c45026c0fd8f5
from host ## [local]
May 22 14:49:41 Firewall smtpd[5565]: smtp-in: Accepted message 6e845123 on
session 678c45026c0fd8f5: from=,
to=<###_@centurylink.net>, size=242, ndest=1, proto=ESMTP
May 22 14:49:41 Firewall smtpd[5565]: smtp-in: Closing session
678c45026c0fd8f5
May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Connecting to
tls://205.219.233.9:587 (mail.centurylink.net) on session 678c450539abbe1e...
May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Connected on session
678c450539abbe1e
May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Started TLS on session
678c450539abbe1e: version=TLSv1/SSLv3, cipher=AES256-GCM-SHA384, bits=256
May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Server certificate
verification succeeded on session 678c450539abbe1e
May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Error on session
678c450539abbe1e: AUTH rejected: 535 5.7.8 Sorry.
May 22 14:49:41 Firewall smtpd[5565]: smtp-out: Disabling route [] <->
205.219.233.9 (mail.centurylink.net) for 800s
May 22 14:49:43 Firewall smtpd[5565]: smtp-out: No valid route for
[connector:[]->[relay:smtp.centurylink.net,port=587,starttls,smtps,auth=secre
ts:label,mx],0x0]

Re: httpd and php fastcgi in OpenBSD 5.9

[Stuart Henderson]

On 2016-05-22, andreas  wrote:
> On 2016-05-22 16:52, Josh Grosse wrote:
>> On Sun, May 22, 2016 at 02:45:44PM +, andreas wrote:
>>> Hi all,
>>> 
>>> I'm struggling to set up php under httpd in 5.9.
>>> 
>>> The example in the man page of httpd.conf use php-fpm, but the php-fpm
>>> package seems to have disappeared from the package list between
>>> versions 5.8 and 5.9.
>> 
>> php-fpm is no longer a *separate* package.  It is included in the base
>> package for the php version you are using.
>> 
>> Try:
>> 
>> $ pkg_info -L php | grep fpm
>
> Aha. Sorry, and thank you for clarifying!

Also see /usr/local/share/doc/pkg-readmes/php-* (pkg_add directed you there
when you installed php).

Re: If FreeBSD isn't free, who is free?

[Sou Ava]

Jorge Luis  gmail.com> writes:

> 
> I am posting just for fun.
> 
> FreeBSD isn't Free.
> 
>  * 4.3. Licensee shall not export, either directly or indirectly, any of
> this
>  * software or system incorporating such software without first obtaining
> any
>  * required license or other approval from the U. S. Department of Commerce
> or
>  * any other agency or department of the United States Government.  In the
>  * event Licensee exports any such software from the United States or
>  * re-exports any such software from a foreign destination, Licensee shall
>  * ensure that the distribution and export/re-export of the software is in
>  * compliance with all laws, regulations, orders, or other restrictions of
> the
>  * U.S. Export Administration Regulations. Licensee agrees that neither it
> nor
>  * any of its subsidiaries will export/re-export any technical data,
> process,
>  * software, or service, directly or indirectly, to any country for which
> the
>  * United States government or any agency thereof requires an export
> license,
>  * other governmental approval, or letter of assurance, without first
> obtaining
>  * such license, approval or letter.
> 
>
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/dev/acpica/hardware/hwsleep.c?rev=1.2
> 
> If FreeBSD isn't free, who is free?
> 
> Linux?
> 
> NetBSD?
> 
> DragonflyBSD?
> 
> I want to program and use software and hardware just a hobby, but I not
> want to waste my money on a false ideal.
> 
> 

Not even OpenBSD is Free because it requires time, patience, hardware,
skill, money, community, and other parts.
This old license has been superseded by another.
If you want to make a difference, see about having the BSDs work together
instead of catering to the vanity of another. You would not try to approach
someone in real life with such an attitude unless you were a fool or a man
looking for revenge. Either which way, both are displays of pure stupidity.
You present yourself in such a way without researching the other side of the
argument. Had this been reversed, you would have been offended by such
behavior, words, and actions.
It is interesting that you would waste this much energy in trying to start a
fight than you would in solving a problem and creating something beneficial
and useful to yourself and others. 
So, where did you go wrong?
By believing without thinking or by acting without taking anything into
retrospect?
It is very questionable, now isn't it?

Re: OpenBSD on Mikrotik/RouterBoard hardware ?

[Christophe H. STux]

Hi Stuart, Jakub , ...

Stuart Henderson wrote :

On 2016-05-21, Jakub Skrzypnik  wrote:

I'll be mostly interested in any efforts to keep OpenBSD on ARM
based SOHO routers by MikroTik, like RB951G and its family.


I don't think MikroTik have any ARM boxes. Like most of their smaller
boxes (and many other small routers) the RB951G is a 32-bit MIPS74k
design.  Their bigger boxes (CCR) are Tilera Tile-GX designs.

ARM hasn't been all that popular for router designs in general,
Firebrick FB2700/FB6000 and the in-development Turris Omnia use them
but I can't think of any others offhand.



No ARM boxes indeed,

:( .

Does it really mean none of the Routerboard archs could be handled using 
an OpenBSD ?


Maybe ( I try :) ) http://routerboard.com/RB1100AHx2 (using macppc or 
socppc) ?


Christophe.

Re: Can't use sshfs as user

[Ray Lai]

I've fixed "sshfs -o idmap=user", please test and give feedback:

https://marc.info/?l=openbsd-tech&m=146383589632694&w=2

Index: fuse_opt.c
===
RCS file: /home/cvs/src/lib/libfuse/fuse_opt.c,v
retrieving revision 1.15
diff -u -p -r1.15 fuse_opt.c
--- fuse_opt.c  19 Oct 2015 17:24:07 -  1.15
+++ fuse_opt.c  21 May 2016 12:53:57 -
@@ -247,13 +247,14 @@ parse_opt(const struct fuse_opt *o, cons
ret = f(data, &val[idx], o->val, arg);
else
ret = f(data, val, o->val, arg);
-   }
-
-   if (o->off != ULONG_MAX && data && o->val >= 0) {
-   ret = f(data, val, o->val, arg);
-   int *addr = (int *)(data + o->off);
-   *addr = o->val;
-   ret = 0;
+   /* exact match, e.g. "idmap=user" (instead of 
"idmap=%s") */
+   } else if (keyval && strcmp(val, o->templ) == 0) {
+   if (data && o->val >= 0) {
+   ret = f(data, val, o->val, arg);
+   int *addr = (int *)(data + o->off);
+   *addr = o->val;
+   ret = 0;
+   }
}
 
if (ret == -1)

Re: httpd and php fastcgi in OpenBSD 5.9

[Josh Grosse]

On Sun, May 22, 2016 at 02:45:44PM +, andreas wrote:
> Hi all,
> 
> I'm struggling to set up php under httpd in 5.9.
> 
> The example in the man page of httpd.conf use php-fpm, but the php-fpm
> package seems to have disappeared from the package list between
> versions 5.8 and 5.9.

php-fpm is no longer a *separate* package.  It is included in the base
package for the php version you are using.

Try:   

$ pkg_info -L php | grep fpm

Re: httpd and php fastcgi in OpenBSD 5.9

[Edgar Pettijohn]

On 05/22/16 09:45, andreas wrote:

Hi all,

I'm struggling to set up php under httpd in 5.9.

The example in the man page of httpd.conf use php-fpm, but the php-fpm
package seems to have disappeared from the package list between
versions 5.8 and 5.9.

I've tried to dig out information about why php-fpm might have been
rejected, but I haven't found anything.

Included, however, in the packages list, is php-fastcgi, but that
doesn't seem to be able to handle connections over a unix domain
socket, which in turn seems to be a requirement of httpd.

Is there a reason why php-fpm was excluded from the OpenBSD 5.9
packages list?

Should I rather use php-fastcgi? If so, are there any resources I can
use to learn how to configure it?

Best regards
Andreas


$ pkg_info -L php-5.6.21 | grep fpm
/usr/local/man/man8/php-fpm-5.6.8
/usr/local/sbin/php-fpm-5.6
/usr/local/share/examples/php-5.6/php-fpm.conf
/etc/rc.d/php56_fpm

install php and it will be included

Re: httpd and php fastcgi in OpenBSD 5.9

[andreas]

On 2016-05-22 16:52, Josh Grosse wrote:

On Sun, May 22, 2016 at 02:45:44PM +, andreas wrote:

Hi all,

I'm struggling to set up php under httpd in 5.9.

The example in the man page of httpd.conf use php-fpm, but the php-fpm
package seems to have disappeared from the package list between
versions 5.8 and 5.9.


php-fpm is no longer a *separate* package.  It is included in the base
package for the php version you are using.

Try:

$ pkg_info -L php | grep fpm


Aha. Sorry, and thank you for clarifying!

httpd and php fastcgi in OpenBSD 5.9

[andreas]

Hi all,

I'm struggling to set up php under httpd in 5.9.

The example in the man page of httpd.conf use php-fpm, but the php-fpm
package seems to have disappeared from the package list between
versions 5.8 and 5.9.

I've tried to dig out information about why php-fpm might have been
rejected, but I haven't found anything.

Included, however, in the packages list, is php-fastcgi, but that
doesn't seem to be able to handle connections over a unix domain
socket, which in turn seems to be a requirement of httpd.

Is there a reason why php-fpm was excluded from the OpenBSD 5.9
packages list?

Should I rather use php-fastcgi? If so, are there any resources I can
use to learn how to configure it?

Best regards
Andreas

Re: OpenBSD on Mikrotik/RouterBoard hardware ?

[Jakub Skrzypnik]

On Sun, May 22, 2016 at 01:18:11PM +, Stuart Henderson wrote:
> I don't think MikroTik have any ARM boxes. Like most of their smaller
> boxes (and many other small routers) the RB951G is a 32-bit MIPS74k
> design.  Their bigger boxes (CCR) are Tilera Tile-GX designs.


That was obviously meant to be MIPS! Sorry for that mistake, Ive recently
talking with someone else about ARM CPUs, so I did that unintentionally.
But yeah, you're right - they doesn't have any ARM boxes, and that
Atheros SoC was indeed based on MIPS arch.

Sorry for any misleading.

Re: OpenBSD on Mikrotik/RouterBoard hardware ?

[Stuart Henderson]

On 2016-05-21, Jakub Skrzypnik  wrote:
> I'll be mostly interested in any efforts to keep OpenBSD on ARM
> based SOHO routers by MikroTik, like RB951G and its family.

I don't think MikroTik have any ARM boxes. Like most of their smaller
boxes (and many other small routers) the RB951G is a 32-bit MIPS74k
design.  Their bigger boxes (CCR) are Tilera Tile-GX designs.

ARM hasn't been all that popular for router designs in general,
Firebrick FB2700/FB6000 and the in-development Turris Omnia use them
but I can't think of any others offhand.

Re: Suggestion: new webpage for openbsd.org

[lists]

Sun, 22 May 2016 19:21:13 +1000 
>
> Using XHTML 1.0 Strict wouldn't be a bad idea, since this is supported

This is not so convincing proof, nor reasoning.  Any document type is
just as good as the other when the internals match the definition, as
long as the type is the intended one, and has majority of web browsers
supporting it as common denominator.  Lots of noise and little signal.

> on all modern browsers, and even Dillo and Lynx support it. At the
> moment the page triggers the browsers' "quirks" modes.
> Just some food for thought.

Re: how is a table of blocked addresses synchronized between redundant firewalls

[Stuart Henderson]

On 2016-05-22, niya levi  wrote:
> hi everyone
> i have two firewalls tied together with carp,
> i understand that state tables are synchronized between the firewalls
> with pfsync,
> are user created tables also synchronized,

No.

> if not how is this done ?

It normally involves ssh by one means or another.

Re: can't find books.html link

[lists]

Sun, 22 May 2016 11:53:24 +0800 Teng Zhang 
> Could you please tell me where can i find the link which corresponding to
> books.html on the www.openbsd.org.

It is right there on the left navigation pane in OpenBSD Resources
section after the Mailing Lists link, on the main OpenBSD homepage
index.html r1.664, waiting for a reentry orbit (please include it)

[http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/www/index.html?rev=1.664]

> thanks

Re: Secure PKG_PATH for doas

[lists]

Sat, 21 May 2016 12:34:58 +0100 Raf Czlonka 
> On Sat, May 21, 2016 at 08:55:37AM BST, Marc Espie wrote:
> > On Fri, May 20, 2016 at 03:37:48PM +0100, Raf Czlonka wrote:  
> > > On Fri, May 20, 2016 at 12:39:46PM BST, Igor Mironov wrote:
> > >   
> > > > Thank you Mart, Ted and Stuart--I understood that installpath in
> > > > pkg.conf provides a secure default, and PKG_PATH should probably
> > > > be used for overrides only (if at all).  
> > > 
> > > PKG_PATH is essential - installpath= in pkg.conf(5) won't suffice
> > > - if you don't want to build ports' dependencies and prefer to
> > > simply have them install as packages, by using:
> > > 
> > >   FETCH_PACKAGES=Yes
> > > 
> > > in mk.conf(5).
> > 
> > But that one completely does not require doas since it's run in -n mode.  
> 
> Sure, me reply was to the "if at all" part and I was merely pointing
> out that 'installpath' doesn't work everywhere and sometimes one must
> set PKG_PATH.

A suggestion would be to add /etc/mymirror plus related dangling block
accessories.  It would not work yet without tool propagation to honour
this file.  Who knows, it may never work, if this idea is quite silly.

NSA addition to ifconfig

[Fred]

Following this tweet:
https://twitter.com/_mcbride/status/733766997343883264

I thought I would add the nsa option to ifconfig:

port:fred ~/code/c/stuff/ifconfig> doas ./ifconfig iwn0 lladdr nsa

which results in:

port:fred ~/code/c/stuff/ifconfig> ifconfig iwn0
iwn0: flags=8802 mtu 1500
lladdr 00:20:91:9d:48:06
index 2 priority 4
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid ""

The following patch updates ifconfig.c and ifconfig.8 to add the nsa 
option :~)


Enjoy

Fred

--- /usr/src/sbin/ifconfig/ifconfig.c   Mon May  9 23:03:20 2016
+++ ./ifconfig.cSun May 22 11:04:30 2016
@@ -5189,7 +5189,14 @@ setiflladdr(const char *addr, int param)
 {
struct ether_addr *eap, eabuf;

-   if (!strcmp(addr, "random")) {
+   if (!strcmp(addr, "nsa")) {
+   arc4random_buf(&eabuf, sizeof eabuf);
+   /* NSA hardware address */
+   eabuf.ether_addr_octet[0] = 0x00;
+   eabuf.ether_addr_octet[1] = 0x20;
+   eabuf.ether_addr_octet[2] = 0x91;
+   eap = &eabuf;
+   } else if (!strcmp(addr, "random")) {
arc4random_buf(&eabuf, sizeof eabuf);
/* Non-multicast and claim it is a hardware address */
eabuf.ether_addr_octet[0] &= 0xfc;
--- /usr/src/sbin/ifconfig/ifconfig.8   Mon May  9 23:03:20 2016
+++ ./ifconfig.8Sun May 22 11:01:14 2016
@@ -323,10 +323,11 @@ of this is to select the connector type for some Ether
 Refer to the man page for the specific driver for more information.
 .It Fl link[0-2]
 Disable special processing at the link level with the specified interface.
-.It Cm lladdr Ar etheraddr Ns | Ns Cm random
+.It Cm lladdr Ar etheraddr Ns | Ns Cm random | Ns Cm nsa
 Change the link layer address (MAC address) of the interface.
-This should be specified as six colon-separated hex values, or can
-be chosen randomly.
+This should be specified as six colon-separated hex values, can
+be chosen randomly, or first three octets of 00:20:91 and random
+last three octets.
 .It Cm media Op Ar type
 Set the media type of the interface to
 .Ar type .

Re: Suggestion: new webpage for openbsd.org

[Gilles Chehade]

On Sun, May 22, 2016 at 07:34:19PM +1000, bytevolc...@safe-mail.net wrote:
> On Fri, 20 May 2016 03:50:51 +0300
> li...@wrant.com wrote:
> 
> > Interesting, the moment some other systems started swapping designs,
> > the moment their public knew they've sold out and commercialised in.
> 
> This is a good point; I have certainly noticed this on a lot of other
> sites and projects. As soon as they "upgrade" to "Web 2.0" (with all
> the image-buttons-for-links, rounded corners, low-contrast text,
> JavaScript galore, etc), it's easy to predict the fate of that project.
> 

aren't you guys even slightly tired of the bullshit ?

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: Suggestion: new webpage for openbsd.org

[Reinhold Straub]

On 22.05.16 11:21, bytevolc...@safe-mail.net wrote:

On Sun, 22 May 2016 09:32:47 +0200
Reinhold Straub  wrote:




It doesn't seem like this change offers any merit whatsoever.


For narrow windows 'height="100%" width="100%"' scales the puffy image 
down. Scaling reduces the width of the second column, so text below the 
image reflows.


'style="max-height:199;max-width:599"' prevents unnecessary scaling on 
wide windows.



It could even be simplified:




This keeps the current behavior: for narrow windows, horizontal 
scrolling becomes necessary to read the text below the image.

Re: Suggestion: new webpage for openbsd.org

[bytevolcano]

On Fri, 20 May 2016 03:50:51 +0300
li...@wrant.com wrote:

> Interesting, the moment some other systems started swapping designs,
> the moment their public knew they've sold out and commercialised in.

This is a good point; I have certainly noticed this on a lot of other
sites and projects. As soon as they "upgrade" to "Web 2.0" (with all
the image-buttons-for-links, rounded corners, low-contrast text,
JavaScript galore, etc), it's easy to predict the fate of that project.

> > For instance, AsiaBSDCon is listed 12 times. Maybe it would be a
> > better layout to group by that event.  
> 
> No, historic list it is, these things happen over time.  You want
> reorder, do it local after retrieval, think before posting please.

To add to that, they *are* grouped by event. AsiaBSDCon 2015 is not the
same as AsiaBSDCon 2012, for example. And the list is in chronological
order anyway, which is probably the best order for this kind of list.

> 
> > As I said, I'm no web dev--just a user of it for a long time.  
> 
> Other users exist, and they go back many years in time with the
> system.
> 

And on that note, there are over 7 billion people on this planet. You
can't please everyone. Change the website, and people will complain.
Keep the website the way it was before, people will complain.

Re: Suggestion: new webpage for openbsd.org

[bytevolcano]

On Sun, 22 May 2016 09:32:47 +0200
Reinhold Straub  wrote:

> On 21.05.16 01:12, Theo de Raadt wrote:
> 
> > I think the site is fine.  Thanks for the table above.  I agree
> > there would be value in small tweaks to improve the view for narrow
> > displays.  
> 
> Wouldn't it suffice to replace
> 
>  alt="[OpenBSD 5.9]">
> 
> with
> 
>  style="max-height:199;max-width:599" alt="[OpenBSD 5.9]">

It doesn't seem like this change offers any merit whatsoever.
It could even be simplified:



Using XHTML 1.0 Strict wouldn't be a bad idea, since this is supported
on all modern browsers, and even Dillo and Lynx support it. At the
moment the page triggers the browsers' "quirks" modes.
Just some food for thought.

> 
> ?
> 
> And insert
> 
>  a {text-decoration:none} a:hover {text-decoration:underline} 
> 
> 
> to get a more pleasant appearance of the hyperlinks?
> 

Because that would confuse users; is conventional to have links as
underlined text all the time.

Re: can't find books.html link

[Raf Czlonka]

On Sun, May 22, 2016 at 04:53:24AM BST, Teng Zhang wrote:
> Could you please tell me where can i find the link which corresponding to
> books.html on the www.openbsd.org.
> thanks
> 

What happens if you swap these two around... like so:

http://www.openbsd.org/books.html

;^)

R

Re: can't find books.html link

[David Lou]

I found this by trial and error
http://www.openbsd.org/books.html

I wonder why the link was removed from the homepage though.

Re: Suggestion: new webpage for openbsd.org

[Reinhold Straub]

On 21.05.16 01:12, Theo de Raadt wrote:


I think the site is fine.  Thanks for the table above.  I agree there
would be value in small tweaks to improve the view for narrow
displays.


Wouldn't it suffice to replace

alt="[OpenBSD 5.9]">


with

style="max-height:199;max-width:599" alt="[OpenBSD 5.9]">


?

And insert

 a {text-decoration:none} a:hover {text-decoration:underline} 



to get a more pleasant appearance of the hyperlinks?


Regards,
Reinhold Straub