Broadcom Wifi Chip Datasheets
https://twitter.com/marcan42/status/798720961562361857 "Cypress bought Broadcom's WiFi business and apparently published all their formerly unobtainium datasheets": http://www.cypress.com/search/all?f[0]=meta_type%3Atechnical_documents&f[1]=resource_meta_type%3A575&f[2]=field_related_products%3A110101
Unable to disable UDP ports 623 and 4500
Hi All, I am exploring locking down an OpenBSD 6.0 server running on a Thinkpad w510 with a i7-q720 processor. I believe I have turned off everything except dhcp and sshd. When I run a netstat I don't see any services running. I have set everything =NO in the rc.conf.local (except dhcp and ssh). However, when I port scan the machine I still see UDP ports 623 and 4500 open. I found this article that recommended disabling using mobike=NO in ipsec.conf but I cannot find anything in man page and tried it anyway and no change. Any thoughts or ideas? Below are the port scan and the netstat from the server: Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-15 21:28 PST Nmap scan report for 192.168.0.127 Host is up (0.0042s latency). Not shown: 998 closed ports PORT STATE SERVICE 623/udp open|filtered asf-rmcp 4500/udp open|filtered nat-t-ike MAC Address: F0:DE:F1:48:D2:10 (Wistron InfoComm (Kunshan)Co) Nmap done: 1 IP address (1 host up) scanned in 173.95 seconds # netstat -a Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip 0 0 *.* *.* 17 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 192.168.0.127.ssh 192.168.0.112.33356 ESTABLISHED tcp 0 0 *.ssh *.* LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp6 0 0 *.ssh *.* LISTEN Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 0x803a2b00 stream 0 0 0x0 0x803a2b80 0x0 0x0 0x805d4800 stream 0 0 0x0 0x805d4200 0x0 0x0 0x805d4200 stream 0 0 0x0 0x805d4800 0x0 0x0 0x803a2b80 stream 0 0 0x0 0x803a2b00 0x0 0x0 #
Re: Mr. Turritopsis Dohrnii Teo En Ming (Zhang Enming) is Looking for Information Technology-related Job Opportunities World Wide
Wt*. This is not a job listings mailing list. Get lost. On 2016-11-16 11:54, Turritopsis Dohrnii Teo wrote: Dear Sir/Madam,
Mr. Turritopsis Dohrnii Teo En Ming (Zhang Enming) is Looking for Information Technology-related Job Opportunities World Wide
Dear Sir/Madam, My academic and educational qualifications are now reflected in my email signature. I am an entry level/junior/beginner Information Technology (IT) Specialist/Systems Engineer/Linux Server Administrator/Helpdesk Support/Computer Technician/Android Enthusiast available for hire anywhere in the world!!! Prospective employers, businesses and companies in any part of the world please feel free to contact me for my curriculum vitae/resume. I am also aspiring to be a network engineer. On-job-training (OJT) opportunities are greatly appreciated. Thank you very much! Yours sincerely, Mr. Turritopsis Dohrnii Teo En Ming (Zhang Enming) @ Time Traveller Former old abandoned name: Mr. Teo En Ming (Zhang Enming) SINGAPORE CITIZEN Bachelor of Engineering (2nd Class Lower Honours) in Mechanical Engineering with Aeronautics and Astronautics Option (Graduated from National University of Singapore in December 2006) Diploma in Mechatronics Engineering with Merit (Graduated from Singapore Polytechnic in 1998) Currently learning CISCO Switches and Routers, CISCO Internetworking Operating System (IOS), Computer Networking, Network Operating Systems, Microsoft Windows Server 2012 R2, Active Directory, DNS Server and DHCP Server as a *hobby* at Singapore Polytechnic (information accurate as at 16 November 2016) Mobile Phone #1: +65-8692-1024 (M1 Mobile Postpaid) Mobile Phone #2: +65-8712-7323 (Singtel Mobile Prepaid) Email Address #1: teo.en.m...@gmail.com Email Address #2: turritopsis.dohrnii@gmail.com Age: 38 years old 16th November 2016 Wednesday 11:25 AM Singapore Time *I am an entry level/junior/beginner Information Technology (IT) Specialist/Systems Engineer/Linux Server Administrator/Helpdesk Support/Computer Technician/Android Enthusiast available for hire anywhere in the world!!! Prospective employers, businesses and companies in any part of the world please feel free to contact me for my curriculum vitae/resume. I am also aspiring to be a network engineer. On-job-training (OJT) opportunities are greatly appreciated. Thank you very much.*
OpenBSD Ports "Libraries in packing-lists in the ports tree and libraries from installed packages don't match"
Hi all, I've recently started using OpenBSD, installing it on an old Lemote Yeeloong, largely because of uncertainty in where Debian Linux is headded with this port. So far so good, it's been largely smooth sailing. I'm in the process of installing what I'd normally use on Linux. Prior to this I was running Gentoo Linux with a n32 userland on the device, and some packages are seemingly incompatible with n32 (and also have problems on x86-64's x32 userland). I note OpenBSD/mips64 uses n64, so we'll see how that goes. This was something I was unable to achieve directly with Gentoo. (And yes, I recognise OpenBSD is not Linux, not expecting it to work like Linux either.) I initially installed Ports from the snapshot, but then encountered some 404 errors where package sources were no longer available. Thus, I figured I'd grab a version off the git mirror (github). So I have a couple of packages (maybe about a dozen) installed via the snapshot ports and some via git ports. This might be the root of my problems. I now have seen the following a couple of times: > ===> Building package for py-cairo-1.10.0p1 > Create /usr/local/ports/packages/mips64el/all/py-cairo-1.10.0p1.tgz > Error: Libraries in packing-lists in the ports tree >and libraries from installed packages don't match > --- /tmp/dep_cache.5mrOMvzTf/portstree-py-cairo-1.10.0p1Wed Nov 16 > 09:11:03 2016 > +++ /tmp/dep_cache.5mrOMvzTf/inst-py-cairo-1.10.0p1 Wed Nov 16 09:11:04 > 2016 > @@ -13,8 +13,8 @@ > -W expat.11.0 > -W fontconfig.10.0 > -W freetype.25.0 > --W glib-2.0.4200.4 > --W gobject-2.0.4200.4 > +-W glib-2.0.4200.3 > +-W gobject-2.0.4200.3 > -W m.9.0 > -W pcre.3.0 > -W pixman-1.32.6 > *** Error 1 in /usr/ports/graphics/py-cairo > (/usr/ports/infrastructure/mk/bsd.port.mk:3157 'wantlib-args') > *** Error 1 in /usr/ports/graphics/py-cairo > (/usr/ports/infrastructure/mk/bsd.port.mk:1888 > '/usr/local/ports/packages/mips64el/all/py-cairo-1.10.0p1.tgz') I understand this is due to a discrepancy between the versions normally used in packages and those actually installed. I've been able to work around these using PKG_CREATE_NO_CHECKS=yes but I sense this is not a good idea long-term. What's the best way of fixing the underlying problem? Would manually updating (in this case) the glib and gobject ports fix it, or is there some other fix? Regards, -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: Saw-shaped load on idle computer
| I'm just curious: what is it in the kernel that wakes up about every minute to do some | work even on a completely idle machine? Puffy is testing its spikes. http://www.openbsd.org/images/cdaudio-m.gif http://www.openbsd.org/images/fanza_right.jpg
Re: Why on earth would online voting be insecure?
| Is this an OpenBSD mailing list? Yes, it is. The simple fact is that some peple cannot get an idea on a subject. Two examples are security and randomization. Something inside them tells them "you didn't get it" or " you almost got it" and they want to show this is not true. Hence the venting on misc@ for approval.
Re: Laptop Recommendations?
Mihai Popescu [mih...@gmail.com] wrote: > Folks, pay attention, please! The OP asked about a laptop. > Pansonic Thoughbook is not a laptop! It's a real desktop. > I was talking about the Panasonic _Toughbook_ which is definitely a laptop. The CF-C1 and CF-19MK3/MK4/MK5 models are all very portable. The CF-19 is a bit rugged. My CF-C1 fans, even on very high hour units, are all fine, the CF-19 has no fans at all. There are lots of other models and they are all pretty cheap once you get to 2012 or earlier models. Panasonic makes more parts in-house than any other manufacturer, and they seem to be pretty high quality. The cheap used stuff is a great match for me. Chris
Re: Saw-shaped load on idle computer
Does /var/log/* have any clues? Philippe Meunier wrote on 11/15/16 06:11: Hello, I'm just curious: what is it in the kernel that wakes up about every minute to do some work even on a completely idle machine? I'm asking because xload shows some curious looking saw shaped load like this: http://www.ccis.northeastern.edu/home/meunier/xload.jpg That's on an idle Thinkpad T43 running OpenBSD 6.0-release. At first I thought it might be something like cupsd, but even after killing daemons one by one and going to single user mode these regular peaks still continue. So I guess it's due to some kernel thread? I tried to use "top -S" but couldn't figure out the source. Does anyone have any idea of how to find it? Thanks, Philippe
Re: Because in this day and age, there’s no one else doing what OpenBSD is doing?
Hi, On Tue, Nov 15, 2016 at 07:14:23PM -0200, SOUL_OF_ROOT 55 wrote: > [...] > *Because in this day and age, there???s no one else doing what OpenBSD is > doing?* > [...] I'm not sure if you're aware of that but your sentence structure is really really confusing. "Because" signifies the start of the answer to a question that used the word "why". It's not a synonym. > [...] > I wonder what Theo de Raadt would say about it. > [...] I'd say if you want to interview Theo, misc@ isn't the best avenue. -- Gregor
Because in this day and age, there’s no one else doing what OpenBSD is doing?
Theo de Raadt wrote: "The first thing to recognize about OpenBSD is that there are about 80 developers and we do OpenBSD for ourselves only. Lots of other people use OpenBSD, but we use it for ourselves. Itâs just for ourselvesâand that means I want OpenBSD to run on everything Iâve got. I want OpenBSD to work no matter what things come along in the future. This means that we have to have an outside community that will help us with supporting new devices and new technologies. We canât be too âfringe.â So that means we have to have a user community. But we have a user community only because it benefits us, ourselves. Then along come all of our users, and it turns out that many of our users are much like us; they have the same needs as us. We donât particularly care that they have the same needs, but itâs sort of cool. The result is that we end up with additional support because of them. Some of them write device drivers, or some of them create pressure against vendors and then things become free. And in the end, the whole goal is that we can keep on running on stuff that is completely open so that we can see it so that we can check it. In this day and age, thereâs no one else doing what weâre doing. FreeBSD is not doing this; theyâre incorporating binary device drivers all the way through their tree now when itâs more convenient. Theyâre saying convenience over freedom. The Linux people are now the kings of loadable device drivers, from all sorts of vendors. If OpenBSD stops doing this, I would basically bet that within five years from now there wouldnât be anybody trying to write a completely free operating system because it would not be possible." reference: http://www.theepochtimes.com/n3/1415548-interview-theo-de-raadt-on-industry-a nd-free-so *ftwar*e */* *Because in this day and age, thereâs no one else doing what OpenBSD is doing?* I wonder what Theo de Raadt would say about it. Thank you
Re: Running OpenSMTPD at home behind a cloud proxy
Using OpenSMTPD on the VPS actually sounds like a good idea. It could use a pf blacklist + spamd to block a large amount of spam and reduce strain on my home connection. I'm still waiting for hardware to arrive and I'll test this out. relay via sounds like a simple option, but I'll have to investigate what happens if my home server is unavailable. @Jiri - I have never heard of "paused remote delivery" ? > On 14 Nov 2016, at 13:28, ludovic coues wrote: > > Why not use opensmtpd on the VPS to relay your mail ? > > A rule like "accept for domain example.com relay via > secure://you.dynamic.dns" should do what you want if I read the man > correctly > > 2016-11-13 23:25 GMT+01:00 Jiri B : >> On Sun, Nov 13, 2016 at 10:51:22PM +0100, Joris Vanhecke wrote: >>> Hey all, >>> >>> I'd like to pull my emails out of the cloud and run them on a local >>> server (pcengines APU2 looks good). >>> My ISP blocks tcp ports below 1024 and sending email from a residential >>> (dynamic) IP might mark my email as spam. >>> >>> Right now I'm thinking of renting a cheap VPS and using it as a proxy >>> for my home server which would use a dynamic DNS. >>> I don't really want a copy of the email on the VPS so I was planning to >>> use relayd or socat to route incoming traffic to my local OpenSMTPD >>> server. >>> >>> But I don't really see a way to proxy outgoing connections from smtpd... >>> >>> Any ideas? >> >> What about to have paused remote delivery on cloud proxy (and deliver >> on request initiated from home server) and paused remote delivery on home >> mail server as well and unpause the queue when you do tcp port forwardning >> to cloud host as well. >> >> Or just run VPN between cloud host and home host. If either of them won't >> be available your mail will stay in queue. >> >> j. >> > > > > -- > > Cordialement, Coues Ludovic > +336 148 743 42
Re: Why on earth would online voting be insecure?
Apologies for speaking out of turn. Is this an OpenBSD mailing list? Vivek Sent from my BlackBerry 10 smartphone. Original Message From: Joel Wirāmu Pauling Sent: Tuesday 15 November 2016 20:46 To: gwes Cc: misc@openbsd.org Subject: Re: Why on earth would online voting be insecure? On 15 November 2016 at 09:47, gwes wrote: > On 11/15/2016 00:55, Joel Wir��mu Pauling wrote: > >> So yes, back to my original point. A Civic's blockchain, one that does not >> rely on the integrity (or rather is resilient to) the system it runs on, >> or >> the security of the transmission media ; as a platform for use in civic's >> - >> needs to exist first. >> >> > Combining two systems entirely separate in concept, implementation, > and space increases the probability of a correct answer. Three > would be better. Using the electronic system as a supplement to > the traditional one could be good as long as it does not compromise > the virtues of the old system. > > The blockchain starts after the votes are entered. Two physically > separate systems composed of entirely different CPUs and peripherals > at the voting place would be good. > > You still haven't addressed the problems of privacy while casting > the vote. > > I think that your concepts for the technical parts of the > system are good. You haven't addressed some serious problems > where your system can be subverted. > > Suggesting weekly votes is a very bad idea. Search science > fiction, for instance, to see very plausible predictions > of voter burnout. > > I think this is no longer a computer systems discussion. > > ���This. Once you start to think about the problem further in terms of distributing the ledger via a public blockchain - as the datastore and mechanism for recording and verification, and that the blockchain exists entirely independently of the systems it runs on you are at least in the right place to start tackling this issue.
Re: Why on earth would online voting be insecure?
On 15 November 2016 at 09:47, gwes wrote: > On 11/15/2016 00:55, Joel WirÄmu Pauling wrote: > >> So yes, back to my original point. A Civic's blockchain, one that does not >> rely on the integrity (or rather is resilient to) the system it runs on, >> or >> the security of the transmission media ; as a platform for use in civic's >> - >> needs to exist first. >> >> > Combining two systems entirely separate in concept, implementation, > and space increases the probability of a correct answer. Three > would be better. Using the electronic system as a supplement to > the traditional one could be good as long as it does not compromise > the virtues of the old system. > > The blockchain starts after the votes are entered. Two physically > separate systems composed of entirely different CPUs and peripherals > at the voting place would be good. > > You still haven't addressed the problems of privacy while casting > the vote. > > I think that your concepts for the technical parts of the > system are good. You haven't addressed some serious problems > where your system can be subverted. > > Suggesting weekly votes is a very bad idea. Search science > fiction, for instance, to see very plausible predictions > of voter burnout. > > I think this is no longer a computer systems discussion. > > âThis. Once you start to think about the problem further in terms of distributing the ledger via a public blockchain - as the datastore and mechanism for recording and verification, and that the blockchain exists entirely independently of the systems it runs on you are at least in the right place to start tackling this issue.
Re: Why on earth would online voting be insecure?
On 11/15/2016 00:55, Joel Wirāmu Pauling wrote: So yes, back to my original point. A Civic's blockchain, one that does not rely on the integrity (or rather is resilient to) the system it runs on, or the security of the transmission media ; as a platform for use in civic's - needs to exist first. Combining two systems entirely separate in concept, implementation, and space increases the probability of a correct answer. Three would be better. Using the electronic system as a supplement to the traditional one could be good as long as it does not compromise the virtues of the old system. The blockchain starts after the votes are entered. Two physically separate systems composed of entirely different CPUs and peripherals at the voting place would be good. You still haven't addressed the problems of privacy while casting the vote. I think that your concepts for the technical parts of the system are good. You haven't addressed some serious problems where your system can be subverted. Suggesting weekly votes is a very bad idea. Search science fiction, for instance, to see very plausible predictions of voter burnout. I think this is no longer a computer systems discussion. Geoff Steckel
Saw-shaped load on idle computer
Hello, I'm just curious: what is it in the kernel that wakes up about every minute to do some work even on a completely idle machine? I'm asking because xload shows some curious looking saw shaped load like this: http://www.ccis.northeastern.edu/home/meunier/xload.jpg That's on an idle Thinkpad T43 running OpenBSD 6.0-release. At first I thought it might be something like cupsd, but even after killing daemons one by one and going to single user mode these regular peaks still continue. So I guess it's due to some kernel thread? I tried to use "top -S" but couldn't figure out the source. Does anyone have any idea of how to find it? Thanks, Philippe
Re: OSPFD over IPSEC
14 novembre 2016 22:50 "Remi Locherer" a écrit: > On Mon, Nov 14, 2016 at 04:50:21PM +, Comète wrote: > >> 14 novembre 2016 14:50 "Remi Locherer" a écrit: >> On >> 2016-11-14 12:48, Comète wrote: >> >> Hi, >> I'm trying to run OSPFD over >> IPSEC with OpenBSD 6.0 stable, so I first >> start looking at > >> http://undeadly.org/cgi?action=article&sid=20131105075303 >> Now that etherip >> has it's own interface in 6.0, I tried to replace gif > with >> etherip like >> this: > > [...] > >> Can >> you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump? >> >> But why do you want to have Ethernet frames tunneled? If you use gif >> interfaces >> and make ospfd beeing active on it you save a few bits. That way >> you can make >> the MTU bigger. >> https://cway.cisco.com/tools/ipsec-overhead-calc can give you >> and idea how >> big your MTU can be (needs an account but is free). >> >> Be careful when >> configuring gif interfaces. ospfd only recognizes that it is a >> >> point-to-point interface when you configure the netmask as 255.255.255.255. >> I finally got it working. I forgot the 'link2' option in /etc/hostname.bridge0 >> : >> >> -=>> cat /etc/hostname.bridge0 >> add etherip0 add vether0 >> up link2 >> >> but it >> wasn't enough... >> I had to set 'net.inet.etherip.allow=1' in sysctl.conf >> despite what it is said in the 'etherip' man page: >> >> "The sysctl(3) variable >> net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to >> protect the traffic." >> >> This is what I don't understand, is there any >> particular case in this configuration or maybe something changed in 6.0 ? >> thanks > > I can not tell you what is wrong with your configuration. Im not using > etherip. But why do you think you need to tunnel Ethernet? You don't need it > for ospf. rWWith gif interfaces you're doing ip-over-ip and don't need > bridge and vether. Then just add the gif interface to ospfd.conf. I've made another test with GIF and vether interfaces following this tutorial: http://undeadly.org/cgi?action=article&sid=20131105075303 (the author talked about multicast problems when using only gif...). It works too and I can see a bandwith gain of 13 Mbps, with ipsec (aes-128-gcm) and pf enabled, compared to the same setup with etherip interfaces. But again I needed to set net.inet.etherip.allow=1 to make it work.
OT Fwd: Alertbox: Distribution of Users' Computer Skills: Worse Than You Think
Begin forwarded message: Across 33 rich countries, only 5% of the population has high computer-related abilities, and only a third of people can complete medium-complexity tasks: https://www.nngroup.com/articles/computer-skill-levels/ Cheers, -- Craig Skinner | http://linkd.in/yGqkv7