Re: l2tp and openbsd 6.1

2017-10-02 Thread Vijay Sankar 


Quoting Stuart Henderson :


On 2017-10-02, Charles Amstutz  wrote:

Hello Sterling,

Thanks for the response. I changed it to

ike passive esp transport \
   proto udp from $public_ip to any port 1701 \
   main auth "hmac-sha1" enc "aes-256" group modp1024\
   quick auth "hmac-sha1" enc "aes-256" \
   PSK "PSK-GOES-HERE"

and still no luck. I found out that Android 8 will connect (using  
aes).   I am dumpping pflog0 and seeing no blocks. However, that  
doesn't mean it still isn't a potential pf problem I guess.  
However, if IOS and android 8 would connect, I would think that  
would rule a pf problem?


Is there a way to turn on additional debugging?  I'm using isakmpd  
-K in rc.conf.local, so not using isakmpd.policy/.conf  (from my  
understanding)
Everything in /var/log/messages is just from npppd. Unless I'm  
reading it wrong, there doesn't appear to be any errors.


I have "isakmpd_flags=-Kv -D0=29 -D1=49 -D2=10 -D3=30 -D5=20 -D6=30
-D8=30 -D9=30 -D10=20" in rc.conf.local as a general-purpose debugging
config, then if there's a particular area I look at isakmpd source to
see if I need to bump one of them up a little. These end up in
/var/log/daemon (or start it by hand to run in the foreground
using -d).

1)  Can you have more than one ike line in ipsec.conf? from my  
presumption of looking at sites on the internet, you can, however,  
I am not sure.


You can, *but* only one "default peer" ("to any" line) will take effect.


https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless
it is just two examples


That site makes it look like you can use the two, but it won't work  
like that.

One config will override the other.


I don't know about Android 8 but have been able to use iPhones as well  
as Android tablets with the following on an older version on OpenBSD.  
Hope this is helpful and not sending the OP in the wrong direction.


In npppd.conf, I am using

interface tun0  address 10.0.0.1 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to tun0

instead of

interface pppx0 address 10.0.0.1 ipcp IPCP
bind tunnel from L2TP authenticated by LOCAL to pppx0

and in pf.conf, I have

pass in quick on tun0 inet proto tcp from 10.0.0.0/24







--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
vsan...@foretell.ca

Re: l2tp and openbsd 6.1

2017-10-02 Thread Stuart Henderson 
On 2017-10-02, Charles Amstutz  wrote:
> Hello Sterling,
>
> Thanks for the response. I changed it to 
>
> ike passive esp transport \
>proto udp from $public_ip to any port 1701 \
>main auth "hmac-sha1" enc "aes-256" group modp1024\
>quick auth "hmac-sha1" enc "aes-256" \
>PSK "PSK-GOES-HERE"
>
> and still no luck. I found out that Android 8 will connect (using aes).   I 
> am dumpping pflog0 and seeing no blocks. However, that doesn't mean it still 
> isn't a potential pf problem I guess. However, if IOS and android 8 would 
> connect, I would think that would rule a pf problem? 
>
> Is there a way to turn on additional debugging?  I'm using isakmpd -K in 
> rc.conf.local, so not using isakmpd.policy/.conf  (from my understanding) 
> Everything in /var/log/messages is just from npppd. Unless I'm reading it 
> wrong, there doesn't appear to be any errors. 

I have "isakmpd_flags=-Kv -D0=29 -D1=49 -D2=10 -D3=30 -D5=20 -D6=30
-D8=30 -D9=30 -D10=20" in rc.conf.local as a general-purpose debugging
config, then if there's a particular area I look at isakmpd source to
see if I need to bump one of them up a little. These end up in
/var/log/daemon (or start it by hand to run in the foreground
using -d).

>> 1)  Can you have more than one ike line in ipsec.conf? from my 
>> presumption of looking at sites on the internet, you can, however, I am not 
>> sure.

You can, *but* only one "default peer" ("to any" line) will take effect.

>> https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless 
>> it is just two examples

That site makes it look like you can use the two, but it won't work like that.
One config will override the other.

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

2017-10-02 Thread Stuart Henderson 
> The error is missing when I do a reboot

Oh, I missed this bit before... That's rather unexpected. Please set
LD_DEBUG= in the environment as well (or instead?) and see if you get
anything useful from the output there (there will be a couple of screens
full, but should fit within the dmesg -s buffer).

You might be out of luck for new snapshots for a little while..

Re: l2tp and openbsd 6.1

2017-10-02 Thread Charles Amstutz 
Hello Sterling,

Thanks for the response. I changed it to 

ike passive esp transport \
   proto udp from $public_ip to any port 1701 \
   main auth "hmac-sha1" enc "aes-256" group modp1024\
   quick auth "hmac-sha1" enc "aes-256" \
   PSK "PSK-GOES-HERE"

and still no luck. I found out that Android 8 will connect (using aes).   I am 
dumpping pflog0 and seeing no blocks. However, that doesn't mean it still isn't 
a potential pf problem I guess. However, if IOS and android 8 would connect, I 
would think that would rule a pf problem? 

Is there a way to turn on additional debugging?  I'm using isakmpd -K in 
rc.conf.local, so not using isakmpd.policy/.conf  (from my understanding) 
Everything in /var/log/messages is just from npppd. Unless I'm reading it 
wrong, there doesn't appear to be any errors. 



-Original Message-
From: Sterling Archer [mailto:deb...@gmail.com] 
Sent: Monday, October 2, 2017 5:35 PM
To: Charles Amstutz 
Cc: misc@openbsd.org
Subject: Re: l2tp and openbsd 6.1

On Mon, Oct 2, 2017 at 10:03 PM, Charles Amstutz  
wrote:
> Hello everyone,
>
> I'm new to this list and l2tp/openbsd (but do have working UNIX/Linux 
> knowledge).  After searching the previous forum posts (and the internet) I 
> have found a lot of information on l2tp ipsec.conf connection strings. 
> However, I can't get android to connect. I keep getting IKE negotiation 
> failed errors.
>
> I've looked at sites such as:
>
> http://bluepilltech.blogspot.com/2017/02/openbsd-l2tp-over-ipsec-andro
> id-601-ios.html
> https://www.authbsd.com/blog/?p=20
> http://daemonforums.org/showthread.php?t=10326
> https://rzemieniecki.wordpress.com/2014/05/28/debugging-ipsec-on-openb
> sd-invalid_cookie/
> https://man.openbsd.org/npppd.conf.5
> https://blog.gordonturner.com/2016/12/10/openbsd-6-0-vpn-endpoint-for-
> ios-and-osx/
> https://marc.info/?l=openbsd-misc=145922338026396=2
> https://marc.info/?l=openbsd-misc=145614573528471=2
> https://www.mail-archive.com/misc@openbsd.org/msg145747.html
> ... etc
>
>
> I can get IOS to connect, but I can't get android 7 to connect.  I've 
> read that android has bugs with the vpn client in 6.x and 7.x (not 
> sure if it is fixed in 8 or not). However, what is confusing is it 
> connections just fine To my windows l2tp server.  Bug tracker: 
> https://issuetracker.google.com/issues/37074640#c35
>
>
> My goal: Setup openbsd to work with IOS/android/windows/whatever.
>
> My questions.
>
>
> 1)  Can you have more than one ike line in ipsec.conf? from my 
> presumption of looking at sites on the internet, you can, however, I am not 
> sure.
>
> https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless 
> it is just two examples
>
>
> 2)  Every time I read a site that says, "this configuration worked for me 
> on android", it doesn't work for me. I presume it is my lack of 
> understanding, though, I'm not ruling out the possible android bug.
>
>
> I appreciate any help.
>
>
>
> Here is my ipsec.conf (this allows IOS to connect)
>
> public_ip = "x.x.x.x"
>
>
>
> ike passive esp transport \
>
>   proto udp from $public_ip to any port 1701 \
>
>   main auth "hmac-sha1" enc "aes" group modp1024\
>
>   quick auth "hmac-sha1" enc "aes" \
>
>   psk "PSK-GOES-HERE"
>
> Here is my npppd.conf
>
>
>
> authentication LOCAL type local {
>
> users-file "/etc/npppd/npppd-users"
>
> }
>
>
>
> tunnel L2TP protocol l2tp {
>
> listen on 0.0.0.0
>
> listen on ::
>
> }
>
>
>
> ipcp IPCP {
>
> pool-address 10.0.0.101-10.0.0.254
>
> dns-servers x.x.x.x
>
> }
>
>
>
> # use pppx(4) interface.  use an interface per a ppp session.
>
> interface pppx0 address 10.0.0.1 ipcp IPCP
>
> bind tunnel from L2TP authenticated by LOCAL to pppx0

I'm able to connect using a similar setup, but using aes-256 instead of aes as 
encoding in ipsec.conf.

--
:wq!

Re: l2tp and openbsd 6.1

2017-10-02 Thread Sterling Archer 
On Mon, Oct 2, 2017 at 10:03 PM, Charles Amstutz
 wrote:
> Hello everyone,
>
> I'm new to this list and l2tp/openbsd (but do have working UNIX/Linux 
> knowledge).  After searching the previous forum posts (and the internet) I 
> have found a lot of information on l2tp ipsec.conf connection strings. 
> However, I can't get android to connect. I keep getting IKE negotiation 
> failed errors.
>
> I've looked at sites such as:
>
> http://bluepilltech.blogspot.com/2017/02/openbsd-l2tp-over-ipsec-android-601-ios.html
> https://www.authbsd.com/blog/?p=20
> http://daemonforums.org/showthread.php?t=10326
> https://rzemieniecki.wordpress.com/2014/05/28/debugging-ipsec-on-openbsd-invalid_cookie/
> https://man.openbsd.org/npppd.conf.5
> https://blog.gordonturner.com/2016/12/10/openbsd-6-0-vpn-endpoint-for-ios-and-osx/
> https://marc.info/?l=openbsd-misc=145922338026396=2
> https://marc.info/?l=openbsd-misc=145614573528471=2
> https://www.mail-archive.com/misc@openbsd.org/msg145747.html
> ... etc
>
>
> I can get IOS to connect, but I can't get android 7 to connect.  I've read 
> that android has bugs with the vpn client in 6.x and 7.x (not sure if it is 
> fixed in 8 or not). However, what is confusing is it connections just fine
> To my windows l2tp server.  Bug tracker: 
> https://issuetracker.google.com/issues/37074640#c35
>
>
> My goal: Setup openbsd to work with IOS/android/windows/whatever.
>
> My questions.
>
>
> 1)  Can you have more than one ike line in ipsec.conf? from my 
> presumption of looking at sites on the internet, you can, however, I am not 
> sure.
>
> https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless it is 
> just two examples
>
>
> 2)  Every time I read a site that says, "this configuration worked for me 
> on android", it doesn't work for me. I presume it is my lack of 
> understanding, though, I'm not ruling out the possible android bug.
>
>
> I appreciate any help.
>
>
>
> Here is my ipsec.conf (this allows IOS to connect)
>
> public_ip = "x.x.x.x"
>
>
>
> ike passive esp transport \
>
>   proto udp from $public_ip to any port 1701 \
>
>   main auth "hmac-sha1" enc "aes" group modp1024\
>
>   quick auth "hmac-sha1" enc "aes" \
>
>   psk "PSK-GOES-HERE"
>
> Here is my npppd.conf
>
>
>
> authentication LOCAL type local {
>
> users-file "/etc/npppd/npppd-users"
>
> }
>
>
>
> tunnel L2TP protocol l2tp {
>
> listen on 0.0.0.0
>
> listen on ::
>
> }
>
>
>
> ipcp IPCP {
>
> pool-address 10.0.0.101-10.0.0.254
>
> dns-servers x.x.x.x
>
> }
>
>
>
> # use pppx(4) interface.  use an interface per a ppp session.
>
> interface pppx0 address 10.0.0.1 ipcp IPCP
>
> bind tunnel from L2TP authenticated by LOCAL to pppx0

I'm able to connect using a similar setup, but using aes-256 instead of
aes as encoding in ipsec.conf.

-- 
:wq!

l2tp and openbsd 6.1

2017-10-02 Thread Charles Amstutz 
Hello everyone,

I'm new to this list and l2tp/openbsd (but do have working UNIX/Linux 
knowledge).  After searching the previous forum posts (and the internet) I have 
found a lot of information on l2tp ipsec.conf connection strings. However, I 
can't get android to connect. I keep getting IKE negotiation failed errors.

I've looked at sites such as:

http://bluepilltech.blogspot.com/2017/02/openbsd-l2tp-over-ipsec-android-601-ios.html
https://www.authbsd.com/blog/?p=20
http://daemonforums.org/showthread.php?t=10326
https://rzemieniecki.wordpress.com/2014/05/28/debugging-ipsec-on-openbsd-invalid_cookie/
https://man.openbsd.org/npppd.conf.5
https://blog.gordonturner.com/2016/12/10/openbsd-6-0-vpn-endpoint-for-ios-and-osx/
https://marc.info/?l=openbsd-misc=145922338026396=2
https://marc.info/?l=openbsd-misc=145614573528471=2
https://www.mail-archive.com/misc@openbsd.org/msg145747.html
... etc


I can get IOS to connect, but I can't get android 7 to connect.  I've read that 
android has bugs with the vpn client in 6.x and 7.x (not sure if it is fixed in 
8 or not). However, what is confusing is it connections just fine
To my windows l2tp server.  Bug tracker: 
https://issuetracker.google.com/issues/37074640#c35


My goal: Setup openbsd to work with IOS/android/windows/whatever.

My questions.


1)  Can you have more than one ike line in ipsec.conf? from my presumption 
of looking at sites on the internet, you can, however, I am not sure.

https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless it is 
just two examples


2)  Every time I read a site that says, "this configuration worked for me 
on android", it doesn't work for me. I presume it is my lack of understanding, 
though, I'm not ruling out the possible android bug.


I appreciate any help.



Here is my ipsec.conf (this allows IOS to connect)

public_ip = "x.x.x.x"



ike passive esp transport \

  proto udp from $public_ip to any port 1701 \

  main auth "hmac-sha1" enc "aes" group modp1024\

  quick auth "hmac-sha1" enc "aes" \

  psk "PSK-GOES-HERE"

Here is my npppd.conf



authentication LOCAL type local {

users-file "/etc/npppd/npppd-users"

}



tunnel L2TP protocol l2tp {

listen on 0.0.0.0

listen on ::

}



ipcp IPCP {

pool-address 10.0.0.101-10.0.0.254

dns-servers x.x.x.x

}



# use pppx(4) interface.  use an interface per a ppp session.

interface pppx0 address 10.0.0.1 ipcp IPCP

bind tunnel from L2TP authenticated by LOCAL to pppx0

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

2017-10-02 Thread Atanas Vladimirov 

On 2017-10-02 21:54, Jeremie Courreges-Anglas wrote:

On Mon, Oct 02 2017, Atanas Vladimirov  wrote:

On 2017-10-02 18:47, Stuart Henderson wrote:

On 2017-10-01, Atanas Vladimirov  wrote:

I'm running -current and I'm seeing that error on first boot when
upgrading to a newer snapshot:


..

em0: DHCPACK from 95.87.227.225 (64:87:88:58:b2:b8)
em0: bound to 95.87.227.232 -- renewal in 300 seconds
ld.so: openvpn: can't load library 'liblzo2.so.1.0'
Killed


OpenVPN started here ^^


reordering libraries: done.
starting early daemons: syslogd pflogd nsd unbound ntpd isakmpd 
npppd.

starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.


but ldconfig runs here ^^

liblzo2.so.1.0 isn't reachable until the above is run.

Try something like "env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib" when
starting openvpn from hostname.if.

If this used to work, there is a chance that maybe this changed in
libexec/ld.so/path.c r1.7.


I'm not sure that I did it in the right way:

~$ cat /etc/hostname.tun4
up
description dn42-w0h
!env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
!/usr/local/sbin/openvpn --daemon --config /etc/dn42-w0h.ovpn


This should rather be

!env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib /usr/local/sbin/openvpn
--daemon --config /etc/dn42-w0h.ovpn


Thank you. I'll wait for a newer snapshot and will let you know the 
result.

Re: vmm issues - vioblk_notifyq: unsupported command 0x8

2017-10-02 Thread Carlos Cardenas 
On 2017-10-02 11:57, Jiri B wrote:
> On Mon, Oct 02, 2017 at 02:56:18PM -0400, Josh Grosse wrote:
>> Hey Jiri.
>>
>>> I started this vm with:
>>>
>>> vmctl start suse01 -c -d $iso -d $disk -L
>>>
>>> where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1].
>>>
>>> Any idea what's going on?
>>
>> I'll bet it's because you are attempting to boot a DVD image,
>> which doesn't have an MBR.  Bootable DVDs use the El Torito
>> standard for booting.[1]
>>
>> Tho the best of my recollection, vmm(4) guests must boot from disk images
>> with the seabios or from BSD kernels with -b.
> 
>  -b path   Boot the VM with the specified kernel or BIOS image.
>If not specified, the default is to boot using the BIOS
>image in /etc/firmware/vmm-bios.
> 
> IIUC you do not need to define anything, if not specified it is using
> seabios.
> 
> I was able to boot opensuse from that dvd, although later on I got an
> error in the installer :/

This was because the installer couldn't locate the "dvd", correct?

> j.
>  
>> [1] https://en.wikipedia.org/wiki/El_Torito_(CD-ROM_standard)
> 


+--+
Carlos

Re: vmm issues - vioblk_notifyq: unsupported command 0x8

2017-10-02 Thread Carlos Cardenas 
On 2017-10-02 11:34, Jiri B wrote:
> Hello,
> 
> I'm playing with vmm and I got these in daemon log:
> 
> Oct  2 20:12:14 t440s vmd[13344]: startup
> Oct  2 20:12:14 t440s vmd[53680]: SIOCBRDGADD: No such file or directory
> Oct  2 20:12:24 t440s vmd[13344]: suse01: started vm 1 successfully, tty 
> /dev/ttyp3
> Oct  2 20:13:12 t440s vmd[98531]: vcpu_process_com_data: guest reading com1 
> when not ready
> Oct  2 20:13:18 t440s last message repeated 5 times
> Oct  2 20:13:19 t440s vmd[98531]: vioblk_notifyq: unsupported command 0x8
> Oct  2 20:13:19 t440s last message repeated 3 times
>
Do you have a /etc/vm.conf file?  
Trying to identify why you would get an error adding an interface to a bridge
before you started your vm.
> I started this vm with:
> 
> vmctl start suse01 -c -d $iso -d $disk -L

I didn't see in your vm console output, that you told the ISO to redirect your 
console to /dev/ttyS0 (but I'm guessing you did otherwise, I don't think you 
would have gotten the boot log info).

Does the installer know it's going to do a text mode install? I'm guessing so.

> where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1].
> 
> Any idea what's going on? dmesg and suse boot log below.
> 
> [1] 
> https://download.opensuse.org/distribution/leap/42.3/iso/openSUSE-Leap-42.3-DVD-x86_64.iso
> 
> Jiri
> 
> OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 12540866560 (11959MB)
> avail mem = 12153765888 (11590MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
> bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014
> bios0: LENOVO 20ARS19C0B
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT 
> SSDT SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR
> acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.10 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: TSC frequency 2694099150 Hz
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
> cpu3: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG_)
> acpiprt2 at acpi0: bus 2 (EXP1)
> acpiprt3 at acpi0: bus 3 (EXP2)
> acpiprt4 at acpi0: bus -1 (EXP3)
> acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
> C1(1000@1

[solved]httpd.conf authenticate with question

2017-10-02 Thread rosjat 

hi,

was my mistake I forgot the evaluation order is diffrent in httpd.conf!
put the auth location for the general wildcard location.

regards

Markus

Am 02.10.2017 um 19:13 schrieb Michael Hekeler:

location "/some/secret/location/*" {
  directory index index.php
  authenticate with "/path/to/the/htpasswd/file"
  }



Can we use "authenticate [realm] with htpasswd" in a location?

 From httpd.conf(5) I thought http-Auth is enabled in server
section and only disabled in location. No?



--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: vmm issues - vioblk_notifyq: unsupported command 0x8

2017-10-02 Thread Jiri B 
On Mon, Oct 02, 2017 at 02:56:18PM -0400, Josh Grosse wrote:
> Hey Jiri.
> 
> >I started this vm with:
> >
> >vmctl start suse01 -c -d $iso -d $disk -L
> >
> >where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1].
> >
> >Any idea what's going on?
> 
> I'll bet it's because you are attempting to boot a DVD image,
> which doesn't have an MBR.  Bootable DVDs use the El Torito
> standard for booting.[1]
> 
> Tho the best of my recollection, vmm(4) guests must boot from disk images
> with the seabios or from BSD kernels with -b.

 -b path   Boot the VM with the specified kernel or BIOS image.
   If not specified, the default is to boot using the BIOS
   image in /etc/firmware/vmm-bios.

IIUC you do not need to define anything, if not specified it is using
seabios.

I was able to boot opensuse from that dvd, although later on I got an
error in the installer :/

j.
   
> [1] https://en.wikipedia.org/wiki/El_Torito_(CD-ROM_standard)

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

2017-10-02 Thread Jeremie Courreges-Anglas 
On Mon, Oct 02 2017, Atanas Vladimirov  wrote:
> On 2017-10-02 18:47, Stuart Henderson wrote:
>> On 2017-10-01, Atanas Vladimirov  wrote:
>>> I'm running -current and I'm seeing that error on first boot when
>>> upgrading to a newer snapshot:
>>>
>> ..
>>> em0: DHCPACK from 95.87.227.225 (64:87:88:58:b2:b8)
>>> em0: bound to 95.87.227.232 -- renewal in 300 seconds
>>> ld.so: openvpn: can't load library 'liblzo2.so.1.0'
>>> Killed
>>
>> OpenVPN started here ^^
>>
>>> reordering libraries: done.
>>> starting early daemons: syslogd pflogd nsd unbound ntpd isakmpd npppd.
>>> starting RPC daemons:.
>>> savecore: no core dump
>>> checking quotas: done.
>>> clearing /tmp
>>> kern.securelevel: 0 -> 1
>>> creating runtime link editor directory cache.
>>
>> but ldconfig runs here ^^
>>
>> liblzo2.so.1.0 isn't reachable until the above is run.
>>
>> Try something like "env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib" when
>> starting openvpn from hostname.if.
>>
>> If this used to work, there is a chance that maybe this changed in
>> libexec/ld.so/path.c r1.7.
>
> I'm not sure that I did it in the right way:
>
> ~$ cat /etc/hostname.tun4
> up
> description dn42-w0h
> !env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
> !/usr/local/sbin/openvpn --daemon --config /etc/dn42-w0h.ovpn

This should rather be

!env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib /usr/local/sbin/openvpn --daemon 
--config /etc/dn42-w0h.ovpn

> And after upgrade to the newest snap:
> ...
> _=/usr/bin/env
> INRC=1
> HOME=/
> PATH=/sbin:/bin:/usr/sbin:/usr/bin
> LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
> ld.so: openvpn: can't load library 'liblz4.so.2.0'
> Killed
> ...
>
> Thanks.
>

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

vmm issues - vioblk_notifyq: unsupported command 0x8

2017-10-02 Thread Jiri B 
Hello,

I'm playing with vmm and I got these in daemon log:

Oct  2 20:12:14 t440s vmd[13344]: startup
Oct  2 20:12:14 t440s vmd[53680]: SIOCBRDGADD: No such file or directory
Oct  2 20:12:24 t440s vmd[13344]: suse01: started vm 1 successfully, tty 
/dev/ttyp3
Oct  2 20:13:12 t440s vmd[98531]: vcpu_process_com_data: guest reading com1 
when not ready
Oct  2 20:13:18 t440s last message repeated 5 times
Oct  2 20:13:19 t440s vmd[98531]: vioblk_notifyq: unsupported command 0x8
Oct  2 20:13:19 t440s last message repeated 3 times

I started this vm with:

vmctl start suse01 -c -d $iso -d $disk -L

where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1].

Any idea what's going on? dmesg and suse boot log below.

[1] 
https://download.opensuse.org/distribution/leap/42.3/iso/openSUSE-Leap-42.3-DVD-x86_64.iso

Jiri

OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 12540866560 (11959MB)
avail mem = 12153765888 (11590MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014
bios0: LENOVO 20ARS19C0B
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.10 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2694099150 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
acpipwrres1 at acpi0: NVP3, resource for PEG_
acpipwrres2 at acpi0: NVP2, resource for PEG_
acpitz0 at acpi0: critical temperature is 200 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"LEN0071" at acpi0 not configured
"LEN0036" at acpi0 not configured

Re: boot> does not "time out" after failed PXE boot

2017-10-02 Thread Theo de Raadt 
Only one boot attempt occurs, whether network or disk.

It is expected behaviour.

> After a failed/aborted PXE boot (e.g., hitting a key or no network)
> a laptop is "hanging" at the (OpenBSD 6.2 snapshot)
> >boot
> prompt which normally (AFAICT) times out and just boots after a few
> seconds (from disk); it boots fine after hitting "Return".
> 
> Can someone please clarify if this is known/expected behaviour or
> a problem with the software or the hardware?
> 
> dmesg from the laptop (running a recent snapshot)
> 
> OpenBSD 6.2 (GENERIC.MP) #123: Sat Sep 30 22:51:56 MDT 2017
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8495951872 (8102MB)
> avail mem = 8231452672 (7850MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf2440 (67 entries)
> bios0: vendor Dell Inc. version "A12" date 05/09/2012
> bios0: Dell Inc. Latitude E6510
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC TCPA MCFG HPET BOOT SLIC SSDT
> acpi0: wakeup devices AGP_(S4) P0P1(S4) HDEF(S4) PXSX(S4) RP01(S4) PXSX(S4) 
> RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) 
> RP07(S4) PXSX(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2660.43 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: TSC frequency 2660428950 Hz
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 132MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
> cpu1 at mainbus0: apid 4 (application processor)
> cpu1: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 0, core 2, package 0
> cpu2 at mainbus0: apid 1 (application processor)
> cpu2: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 1, core 0, package 0
> cpu3 at mainbus0: apid 5 (application processor)
> cpu3: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
> cpu3: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 2, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (AGP_)
> acpiprt2 at acpi0: bus 10 (P0P1)
> acpiprt3 at acpi0: bus 1 (RP01)
> acpiprt4 at acpi0: bus -1 (RP02)
> acpiprt5 at acpi0: bus 2 (RP03)
> acpiprt6 at acpi0: bus 4 (RP04)
> acpiprt7 at acpi0: bus -1 (RP05)
> acpiprt8 at acpi0: bus -1 (RP07)
> acpiprt9 at acpi0: bus -1 (RP08)
> acpiprt10 at acpi0: bus -1 (PEG3)
> acpiprt11 at acpi0: bus -1 (PEG5)
> acpiec0 at acpi0
> acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
> C1(1000@3 mwait.1), PSS
> acpicpu1 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
> C1(1000@3 mwait.1), PSS
> acpicpu2 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
> C1(1000@3 mwait.1), PSS
> acpicpu3 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
> C1(1000@3 mwait.1), PSS
> "PNP0401" at acpi0 not configured
> "DLL040B" at acpi0 not configured
> "SMO8800" at acpi0 not configured
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: PBTN
> acpibtn2 at acpi0: SBTN
> acpiac0 at acpi0: AC unit offline
> acpibat0 at acpi0: BAT0 model "DELL RG04908" serial 7861 type LION oem "Sanyo"
> acpibat1 at acpi0: BAT1 not present
> "*pnp0c14" at acpi0 not configured
> acpivideo0 at acpi0: VID_
> acpivideo1 at acpi0: VID_
> acpivideo2 at acpi0: VID_
> acpivout0 at acpivideo2: LCD_
> cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266, 
> 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev

boot> does not "time out" after failed PXE boot

2017-10-02 Thread Claus Assmann 
After a failed/aborted PXE boot (e.g., hitting a key or no network)
a laptop is "hanging" at the (OpenBSD 6.2 snapshot)
>boot
prompt which normally (AFAICT) times out and just boots after a few
seconds (from disk); it boots fine after hitting "Return".

Can someone please clarify if this is known/expected behaviour or
a problem with the software or the hardware?

dmesg from the laptop (running a recent snapshot)

OpenBSD 6.2 (GENERIC.MP) #123: Sat Sep 30 22:51:56 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8495951872 (8102MB)
avail mem = 8231452672 (7850MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf2440 (67 entries)
bios0: vendor Dell Inc. version "A12" date 05/09/2012
bios0: Dell Inc. Latitude E6510
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC TCPA MCFG HPET BOOT SLIC SSDT
acpi0: wakeup devices AGP_(S4) P0P1(S4) HDEF(S4) PXSX(S4) RP01(S4) PXSX(S4) 
RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) 
RP07(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2660.43 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2660428950 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 132MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 2, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 2, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 10 (P0P1)
acpiprt3 at acpi0: bus 1 (RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus 2 (RP03)
acpiprt6 at acpi0: bus 4 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG3)
acpiprt11 at acpi0: bus -1 (PEG5)
acpiec0 at acpi0
acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu1 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu2 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu3 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
"PNP0401" at acpi0 not configured
"DLL040B" at acpi0 not configured
"SMO8800" at acpi0 not configured
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model "DELL RG04908" serial 7861 type LION oem "Sanyo"
acpibat1 at acpi0: BAT1 not present
"*pnp0c14" at acpi0 not configured
acpivideo0 at acpi0: VID_
acpivideo1 at acpi0: VID_
acpivideo2 at acpi0: VID_
acpivout0 at acpivideo2: LCD_
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266, 2133, 
1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0: msi
inteldrm0: 1920x1080, 32bpp
wsdisplay0 at inteldrm0 mux 1:

question on proper ownership and permissions of /var/spool and /var/spool/output for printing

2017-10-02 Thread soko.tica 
Hello list,

Please advise about proper ownership and permissions of /var/spool and
/var/spool/output. After every syspatch upgrade I need to set it again to
enable printing.

Present ownership and permissions after the syspatch upgrade are:

Script started on Mon Oct  2 20:10:21 2017
$ ls -lh /var/spool/
total 16
dr-xr-xr-x  5 root  wheel512B Apr  1  2017 ftp
drwxrwxr-t  3 root  dialer   512B Apr  1  2017 lock
drwxr-xr-x  3 root  wheel512B Sep 19 17:54 output
drwx--x--x  8 root  wheel512B Oct  2 18:53 smtpd
$ ls -lh /var/spool/output/
total 12
-rw-r-  1 daemon  daemon27B Sep 19 17:54 lock
drwxrwxr-x  2 rootdaemon   512B Apr 1  2017 lpd
-rw-rw  1 rootdaemon25B Sep 19 17:53 status
$ id branislav
uid=1001(branislav) gid=1001(branislav) groups=1001(branislav), 1(daemon),
5(operator), 9(wsrc), 117(dialer), 553(_saned)
$ dmesg
OpenBSD 6.1 (GENERIC.MP) #21: Wed Aug 30 08:21:38 CEST 2017
rob...@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
GENERIC.MP

$ ^D

Script done on Mon Oct2 20:10:51 2017

Regards,

Soko Tica

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

2017-10-02 Thread Atanas Vladimirov 

On 2017-10-02 18:47, Stuart Henderson wrote:

On 2017-10-01, Atanas Vladimirov  wrote:

I'm running -current and I'm seeing that error on first boot when
upgrading to a newer snapshot:


..

em0: DHCPACK from 95.87.227.225 (64:87:88:58:b2:b8)
em0: bound to 95.87.227.232 -- renewal in 300 seconds
ld.so: openvpn: can't load library 'liblzo2.so.1.0'
Killed


OpenVPN started here ^^


reordering libraries: done.
starting early daemons: syslogd pflogd nsd unbound ntpd isakmpd npppd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.


but ldconfig runs here ^^

liblzo2.so.1.0 isn't reachable until the above is run.

Try something like "env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib" when
starting openvpn from hostname.if.

If this used to work, there is a chance that maybe this changed in
libexec/ld.so/path.c r1.7.


I'm not sure that I did it in the right way:

~$ cat /etc/hostname.tun4
up
description dn42-w0h
!env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
!/usr/local/sbin/openvpn --daemon --config /etc/dn42-w0h.ovpn

And after upgrade to the newest snap:
...
_=/usr/bin/env
INRC=1
HOME=/
PATH=/sbin:/bin:/usr/sbin:/usr/bin
LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
ld.so: openvpn: can't load library 'liblz4.so.2.0'
Killed
...

Thanks.

Re: httpd.conf authenticate with question

2017-10-02 Thread Michael Hekeler 
> location "/some/secret/location/*" {
>  directory index index.php
>  authenticate with "/path/to/the/htpasswd/file"
>  }
> 

Can we use "authenticate [realm] with htpasswd" in a location?

From httpd.conf(5) I thought http-Auth is enabled in server
section and only disabled in location. No?

Re: Apollo Lake

2017-10-02 Thread Chris Cappuccio 
The Asrock J3710 is supported with inteldrm and ethernet etc...

Predrag Punosevac [punoseva...@gmail.com] wrote:
> Hi Misc,
> 
> The motherboard on my desktop machine just died. I would like to go
> fanless embedded. Something like ASRock J3455-ITX. 
> 
> https://www.newegg.com/Product/Product.aspx?Item=N82E16813157728=1
> 
> However I am bit concern about Apollo Lake family of products. Can
> anyone post a dmesg? I am open for any suggestions.
> 
> Best,
> Predrag

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

2017-10-02 Thread Stuart Henderson 
On 2017-10-01, Atanas Vladimirov  wrote:
> I'm running -current and I'm seeing that error on first boot when 
> upgrading to a newer snapshot:
>
..
> em0: DHCPACK from 95.87.227.225 (64:87:88:58:b2:b8)
> em0: bound to 95.87.227.232 -- renewal in 300 seconds
> ld.so: openvpn: can't load library 'liblzo2.so.1.0'
> Killed

OpenVPN started here ^^

> reordering libraries: done.
> starting early daemons: syslogd pflogd nsd unbound ntpd isakmpd npppd.
> starting RPC daemons:.
> savecore: no core dump
> checking quotas: done.
> clearing /tmp
> kern.securelevel: 0 -> 1
> creating runtime link editor directory cache.

but ldconfig runs here ^^

liblzo2.so.1.0 isn't reachable until the above is run.

Try something like "env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib" when
starting openvpn from hostname.if.

If this used to work, there is a chance that maybe this changed in
libexec/ld.so/path.c r1.7.

Re: Fw: cwm questions

2017-10-02 Thread rick 
On Mon, 02 Oct 2017 08:22 +, Dell Sanders wrote:
> Is there a way to bind a key to move a window to specified position on
> the screen (for example coordinates 0,0)? 

Might have to resort to an external program like xdotool.

httpd.conf authenticate with question

2017-10-02 Thread rosjat 

Hi there,

I can protecat a location with a password like so:

location "/some/secret/location/*" {
directory index index.php
authenticate with "/path/to/the/htpasswd/file"
}

this works if I request

https://my.domain.tld/some/secret/location/

and it will ask for the password but if I request

https://my.domain.tld/some/secret/location/index.php

It will simply load the site without asking for credentials.

So how do I prevent the access over a full url ???

Regards
--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: du algorithm to calculate diskspace

2017-10-02 Thread Otto Moerbeek 
On Mon, Oct 02, 2017 at 12:11:21PM +0200, Peter Hessler wrote:

> hardlinks will not duplicate disk space.
> 
> scp doesn't understand hardlinks.
> 
> 
> On 2017 Oct 02 (Mon) at 12:08:28 +0200 (+0200), rosjat wrote:
> :hi there,
> :
> :I just noticed, while copying stuf from a very old OpenBSD 4.2 to a OpenBSD
> :6.1 that du on both systems gives me different results. Did something change
> :in the calculation from 4.2 to 6.1 ?
> :
> :for example
> :
> :4.2 calculates ~ 136MB
> :6.1 calculates ~ 148MB
> :
> :I copied the files with scp
> :
> :regards
> :
> :-- 
> :Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
> :
> :G+H Webservice GbR Gorzolla, Herrmann
> :Königsbrücker Str. 70, 01099 Dresden
> :
> :http://www.ghweb.de
> :fon: +49 351 8107220   fax: +49 351 8107227
> :
> :Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
> :print it, think about your responsibility and commitment to the ENVIRONMENT
> :
> 
> -- 
> Indifference will be the downfall of mankind, but who cares?

It is also posisble that your new system uses a larger blocksize for
the filesystem. Some time ago defaults changed.  A larger blocksize
allows for larger filesystems and better performance in most cases,
but it will waste some space.

-Otto

Re: du algorithm to calculate diskspace

2017-10-02 Thread Peter Hessler 
hardlinks will not duplicate disk space.

scp doesn't understand hardlinks.


On 2017 Oct 02 (Mon) at 12:08:28 +0200 (+0200), rosjat wrote:
:hi there,
:
:I just noticed, while copying stuf from a very old OpenBSD 4.2 to a OpenBSD
:6.1 that du on both systems gives me different results. Did something change
:in the calculation from 4.2 to 6.1 ?
:
:for example
:
:4.2 calculates ~ 136MB
:6.1 calculates ~ 148MB
:
:I copied the files with scp
:
:regards
:
:-- 
:Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
:
:G+H Webservice GbR Gorzolla, Herrmann
:Königsbrücker Str. 70, 01099 Dresden
:
:http://www.ghweb.de
:fon: +49 351 8107220   fax: +49 351 8107227
:
:Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
:print it, think about your responsibility and commitment to the ENVIRONMENT
:

-- 
Indifference will be the downfall of mankind, but who cares?

du algorithm to calculate diskspace

2017-10-02 Thread rosjat 

hi there,

I just noticed, while copying stuf from a very old OpenBSD 4.2 to a 
OpenBSD 6.1 that du on both systems gives me different results. Did 
something change in the calculation from 4.2 to 6.1 ?


for example

4.2 calculates ~ 136MB
6.1 calculates ~ 148MB

I copied the files with scp

regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: stickers

2017-10-02 Thread Daniel Gracia 
Secondary sticker sources (like Red Bubble et al) are very low quality
compared to the original art and make no money for the project; I wouldn't
waste my time on that.

I have supplies for my next two laptops, so I suppose we have a year to
persuade you on how good would be making stickers again.

Regards,


2017-10-02 5:21 GMT+02:00 Theo de Raadt :

> > Now that there are no CDs, are stickers also gone?
>
> I guess many people didn't think through what happened when CD
> production stopped.
>
> Stickers, posters, etc. were subsidized by the sales of CDs.
>
> With CDs gone, of course there isn't an efficient way to sell
> stickers, and make even a few pennies in return for producing art.
>
> Some shops now print our older stickers or newer (minimal) release
> art, and there's nothing we can do about it.  We can complain but it
> solves nothing.  The project and I don't get a single penny.
>
> Sure those of you who want the stickers benefit, but that's selfish
> isn't it.
>
> The OpenBSD Foundation never participated in making artwork.  It was
> always done by me, out of CD income.  It was a tremendous amount of
> effort twice a year, coming up with the ideas and completing them.
> When CDs stopped returning at least some income, that process had to
> stop for everything.
>
>

Re: cwm questions

2017-10-02 Thread Kapfhammer, Stefan 
Hello Dell,

the current key bindings are displayed in cwm(1),
your settings in cwmrc(5) override these.

There is currently no way to move windows, to
a specified position, with a keyboard shortcut.

You can still move windows with ALT+M1 or resize with ALT+M1+M3. This is a 
faster way, than with
keyboard shortcuts.

Regards,

Stefan


Von: test1dellb...@yahoo.co.uk
Gesendet: 2. Oktober 2017 10:27 vorm.
An: misc@openbsd.org
Antworten: test1dellb...@yahoo.co.uk
Betreff: Fw: cwm questions


Thanks Stefan, but even after a reboot, CM-r (window-vtile) does not work. 
Perhaps CM-r is not bound to anything. Is there anyway to display the current 
key bindings in cwm?
Is there a way to bind a key to move a window to specified position on the 
screen (for example coordinates 0,0)?

On Sunday, 1 October 2017, 13:13, "Kapfhammer, Stefan"  
wrote:


 Hey Dell,

I am working with cwm since OpenBSD 5.8

I inserted the command you mentioned in my
~/.cwmrc and restarted cwm with CMS-r
(The default for restarting cwm)

CM-r works as expected and moves the window,
the mouse cursor is in, to the left half of the screen.

Did you move the mouse cursor to the background
and then press the CMS-r to restart cwm?
Maybe some programs own keybindings surpress
the desired action in cwm.

I am using OpenBSD 6.1-stable.

There is a little difference with windows-vtile
between -current and 6.1-stable, as mentioned
below:



Current:  http://man.openbsd.org/amd64/cwmrc.5#BIND_FUNCTION_LIST

"Current window is placed on the left of the screen, maximized vertically and 
resized to half of the horizontal screen space. Other windows in its group 
share remaining screen space."



6.1-stable:  http://man.openbsd.org/OpenBSD-6.1/amd64/cwmrc.5#BIND_FUNCTION_LIST

"Current window is placed on the left of the screen and maximized vertically, 
other windows in its group share remaining screen space."



Regards,

Stefan

Von: test1dellb...@yahoo.co.uk
Gesendet: 1. Oktober 2017 9:07 vorm.
An: misc@openbsd.org
Antworten: test1dellb...@yahoo.co.uk
Betreff: cwm questions


Hello,
I have recently installed OpenBSD snapshot 6.2.I created a simple ~/.cwmrc with 
a single line -
bind-key CM-r window-vtile
then I restarted cwm, opened a few windows and hit CTRL-ALT-r.
I expected the current window to move to the left half of the screen but it did 
not work.I tried this with xterm, firefox, keepassx and vim as current windows 
but nothing happened.Does anyone know why?
Is there a way to bind a key to move a window to specified position on the 
screen (for example coordinates 0,0)?

Fw: cwm questions

2017-10-02 Thread Dell Sanders 
Thanks Stefan, but even after a reboot, CM-r (window-vtile) does not work. 
Perhaps CM-r is not bound to anything. Is there anyway to display the current 
key bindings in cwm?
Is there a way to bind a key to move a window to specified position on the 
screen (for example coordinates 0,0)? 

On Sunday, 1 October 2017, 13:13, "Kapfhammer, Stefan"  
wrote:
 

 Hey Dell,

I am working with cwm since OpenBSD 5.8

I inserted the command you mentioned in my
~/.cwmrc and restarted cwm with CMS-r
(The default for restarting cwm)

CM-r works as expected and moves the window,
the mouse cursor is in, to the left half of the screen.

Did you move the mouse cursor to the background
and then press the CMS-r to restart cwm?
Maybe some programs own keybindings surpress
the desired action in cwm.

I am using OpenBSD 6.1-stable.

There is a little difference with windows-vtile
between -current and 6.1-stable, as mentioned
below:



Current:  http://man.openbsd.org/amd64/cwmrc.5#BIND_FUNCTION_LIST

"Current window is placed on the left of the screen, maximized vertically and 
resized to half of the horizontal screen space. Other windows in its group 
share remaining screen space."



6.1-stable:  http://man.openbsd.org/OpenBSD-6.1/amd64/cwmrc.5#BIND_FUNCTION_LIST

"Current window is placed on the left of the screen and maximized vertically, 
other windows in its group share remaining screen space."



Regards,

Stefan

Von: test1dellb...@yahoo.co.uk
Gesendet: 1. Oktober 2017 9:07 vorm.
An: misc@openbsd.org
Antworten: test1dellb...@yahoo.co.uk
Betreff: cwm questions


Hello,
I have recently installed OpenBSD snapshot 6.2.I created a simple ~/.cwmrc with 
a single line -
bind-key CM-r window-vtile
then I restarted cwm, opened a few windows and hit CTRL-ALT-r.
I expected the current window to move to the left half of the screen but it did 
not work.I tried this with xterm, firefox, keepassx and vim as current windows 
but nothing happened.Does anyone know why?
Is there a way to bind a key to move a window to specified position on the 
screen (for example coordinates 0,0)?

Re: the whole greylisting, spam filtering thing

2017-10-02 Thread rosjat 

Hi there again,

so I will try to ask the question about implementing rspam on a 
dedicated machine oder at the mailsystem again because I don't know if 
it was lost in the converstion :).


Is there some effort in NOT run rspamd on the same machine as the 
mailsystem? I was just wondering because it could make some 
transitioning a little easier but if the amount of "workarounds" to 
relays mails through another instance is not worth it then I will go 
with spamfilterting on the mailsystem.


regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT