Re: OpenBSD logo on my private hompage. It is allowed?
at 11:41 PM, Johannes Krottmayer wrote: But i haven't a animated GIF with "under construction" on my site. :) Like the sites from the good old geocities. :) On Fri, Jun 08, 2018 At 05:37:08 +0200, Johannes Krottmayer wrote: On Thu, Jun 07, 2018 At 21:32:55 -0600, Base Pr1me wrote: Not to be a Debbie Downer, but wasn't "under construction" banned from the internet a couple of decades a go? ;) LOL :) Just make sure you embed it in a tag.
Re: OpenBSD logo on my private hompage. It is allowed?
>I???d I say you certainly can. You can???t claim the image as yours or sell it/profit from the image. Just using it on your site should be fine. I wrote the statement to ensure OpenBSD images aren't misused and abused. I have personally worked on and paid for OpenBSD artwork to be produced. Did I waste my time and money? Am I expected to allow anyone to do anything with it? Why? I believe if is very fair that the interpretation Johannes Krottmayer made should apply strictly and firmly to Johannes Krottmayer. I should probably create something to track violations by Johannes Krottmayer. For kicks. Who is Johannes Krotchmayer anyways? Are we done here?
Re: OpenBSD logo on my private hompage. It is allowed?
I’d I say you certainly can. You can’t claim the image as yours or sell it/profit from the image. Just using it on your site should be fine. -Ken On Jun 7, 2018, 8:27 PM -0700, Johannes Krottmayer , wrote: > Okay, > > My homepage is for non-profit purpose. I want create a little blog > where I can present my open-source projects. > > So i can use the logo? Is this correct? > Or should I ask deRaadt for this plan? > > Thanks in advance! > > Best regards, > Johannes > > On Thu, Jun 007, 2018 At 22:39:36 -0400, Eric Furman wrote: > > On Thu, Jun 7, 2018, at 10:10 PM, justina colmena wrote: > > > On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III > > web.com> wrote: > > > > > > > > > > > > On 06/07/18 18:51, justina colmena wrote: > > > > > On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer > > > > wrote: > > > > > > Hallo, > > > > > > > > > > > > Thanks! I have read over that. > > > > > > > > > > > > Best regards, > > > > > > Johannes Krottmayer > > > > > > > > > > > > On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin > > > > wrote: > > > > > > > On 7 June 2018 at 17:36, Johannes Krottmayer > > > > > > wrote: > > > > > > > > Can I use the OpenBSD logo on my homepage? It is allowed? > > > > > > > > I can't find any information about this plan. > > > > > > > http://www.openbsd.org/art1.html has all the details. > > > > > > > > > > > > > > C. > > > > > > > > > > > > " ... it is our intent that anyone be able to use these images to > > > > represent OpenBSD in a positive light -- but do not make profit from > > > > them" > > > > > > > > > > The no-profit clause is new. Sounds like I'd better dump OpenBSD > > > > entirely if I want to make a profit at any sort of business or keep any > > > > of my private information private or retain any of MY intellectual > > > > property for my own use. There's a giant hole in my pocket that needs > > > > to be sewn up. Not sure where to go. The lawyers are coming out like > > > > alligators from the Florida swamps. This is as bad as SCO and groklaw. > > > > > > > > > > OpenBSD is for non-profit use only. Thank you for bringing that to my > > > > attention. > > > > > -- > > > > > https://www.colmena.biz/~justina/contacto.php > > > > > > > > > I hope your joking. Obviously they don't want rogue people selling > > > > merchandise with these images since it would detract from legitimate > > > > sales that support the project. The operating system's license info is > > > > here: > > > > https://www.openbsd.org/policy.html > > > > > > Straw that broke the camel's back. There are a few other issues, namely > > > people getting foreign psych degrees and prescribing "benzedrine" and > > > such. I don't do drugs, and no, I am most certainly not joking. I am not > > > happy with that kind of stuff, and I personally do not want to support > > > it on MY web page. > > > > Just the image itself is copyright deRaadt. > > He just doesn't want you selling stickers or t-shirts or mugs or or or... > > You can make and sell any product you want using OBSD. > > No fee or questions asked. Even Baby-Mulching Machines. > > If you want to include the OBSD logo in/on your product just write > > and ask Theo's permission. Depending on what it is I'm pretty certain > > he will give you permission. > > Of course if you did make a profit from something you developed using > > OBSD a donation would be greatly appreciated, but not required. > > Many Big Corporations do it all the time. > > (Use OBSD developed software and not give anything back, that is) > > Your tinfoil hat is on too tight. > >
Re: OpenBSD logo on my private hompage. It is allowed?
>On Thu, 07 Jun 2018 15:51:24 -0800, justina colmena > wrote: > >> The no-profit clause is new. > >That's not true. It was added with >revision 1.8 >date: 2005/03/24 01:31:13; author: deraadt; state: Exp; lines: +4 -3; >note do not sell > >(on github: >https://github.com/openbsd/www/commit/46f3713db1ab0fa2183699928305b8b0a29f8683) > you've all been trollolololololololo'd Why don't you all find out who 'justina colmena' is?
Re: OpenBSD logo on my private hompage. It is allowed?
On 08/06/18 13:44, Base Pr1me wrote: > Hahahahahaha, I dare you! I'm now visualising Puffy in a hard hat busy with a spade. Maybe that could be the default index.html for OpenHTTPD? -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: OpenBSD logo on my private hompage. It is allowed?
On 08/06/18 09:51, justina colmena wrote: > " ... it is our intent that anyone be able to use these images to represent > OpenBSD in a positive light -- but do not make profit from them " > > The no-profit clause is new. Sounds like I'd better dump OpenBSD entirely if > I want to make a profit at any sort of business or keep any of my private > information private or retain any of MY intellectual property for my own use. > There's a giant hole in my pocket that needs to be sewn up. Not sure where to > go. The lawyers are coming out like alligators from the Florida swamps. This > is as bad as SCO and groklaw. > > OpenBSD is for non-profit use only. Thank you for bringing that to my > attention. I am not a lawyer, but I read that as: don't use the logo or OpenBSD name in a manner that implies the OpenBSD project endorses your product or implies that your product is a product of the OpenBSD project. Nowhere does it say "don't use OpenBSD". That's my understanding though, I cannot, and will not, speak for the OpenBSD development team. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: OpenBSD logo on my private hompage. It is allowed?
Hahahahahaha, I dare you! On Thu, Jun 7, 2018, 21:42 Johannes Krottmayer wrote: > But i haven't a animated GIF with "under construction" on my site. :) > Like the sites from the good old geocities. :) > > On Fri, Jun 08, 2018 At 05:37:08 +0200, Johannes Krottmayer wrote: > > On Thu, Jun 07, 2018 At 21:32:55 -0600, Base Pr1me wrote: > >> Not to be a Debbie Downer, but wasn't "under construction" banned from > >> the internet a couple of decades a go? ;) > > > > LOL :) > > >
Re: OpenBSD logo on my private hompage. It is allowed?
But i haven't a animated GIF with "under construction" on my site. :) Like the sites from the good old geocities. :) On Fri, Jun 08, 2018 At 05:37:08 +0200, Johannes Krottmayer wrote: > On Thu, Jun 07, 2018 At 21:32:55 -0600, Base Pr1me wrote: >> Not to be a Debbie Downer, but wasn't "under construction" banned from >> the internet a couple of decades a go? ;) > > LOL :) >
Re: OpenBSD logo on my private hompage. It is allowed?
On Thu, Jun 07, 2018 At 21:32:55 -0600, Base Pr1me wrote: > Not to be a Debbie Downer, but wasn't "under construction" banned from > the internet a couple of decades a go? ;) LOL :)
Re: OpenBSD logo on my private hompage. It is allowed?
Not to be a Debbie Downer, but wasn't "under construction" banned from the internet a couple of decades a go? ;) On Thu, Jun 7, 2018, 21:26 Johannes Krottmayer wrote: > Okay, > > My homepage is for non-profit purpose. I want create a little blog > where I can present my open-source projects. > > So i can use the logo? Is this correct? > Or should I ask deRaadt for this plan? > > Thanks in advance! > > Best regards, > Johannes > > On Thu, Jun 007, 2018 At 22:39:36 -0400, Eric Furman wrote: > > On Thu, Jun 7, 2018, at 10:10 PM, justina colmena wrote: > >> On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III >> web.com> wrote: > >>> > >>> > >>> On 06/07/18 18:51, justina colmena wrote: > On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer > >>> wrote: > > Hallo, > > > > Thanks! I have read over that. > > > > Best regards, > > Johannes Krottmayer > > > > On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin > >>> wrote: > >> On 7 June 2018 at 17:36, Johannes Krottmayer > > wrote: > >>> Can I use the OpenBSD logo on my homepage? It is allowed? > >>> I can't find any information about this plan. > >> http://www.openbsd.org/art1.html has all the details. > >> > >> C. > >> > " ... it is our intent that anyone be able to use these images to > >>> represent OpenBSD in a positive light -- but do not make profit from > >>> them" > > The no-profit clause is new. Sounds like I'd better dump OpenBSD > >>> entirely if I want to make a profit at any sort of business or keep any > >>> of my private information private or retain any of MY intellectual > >>> property for my own use. There's a giant hole in my pocket that needs > >>> to be sewn up. Not sure where to go. The lawyers are coming out like > >>> alligators from the Florida swamps. This is as bad as SCO and groklaw. > > OpenBSD is for non-profit use only. Thank you for bringing that to my > >>> attention. > -- > https://www.colmena.biz/~justina/contacto.php > > >>> I hope your joking. Obviously they don't want rogue people selling > >>> merchandise with these images since it would detract from legitimate > >>> sales that support the project. The operating system's license info is > >>> here: > >>> https://www.openbsd.org/policy.html > >> > >> Straw that broke the camel's back. There are a few other issues, namely > >> people getting foreign psych degrees and prescribing "benzedrine" and > >> such. I don't do drugs, and no, I am most certainly not joking. I am > not > >> happy with that kind of stuff, and I personally do not want to support > >> it on MY web page. > > > > Just the image itself is copyright deRaadt. > > He just doesn't want you selling stickers or t-shirts or mugs or or or... > > You can make and sell any product you want using OBSD. > > No fee or questions asked. Even Baby-Mulching Machines. > > If you want to include the OBSD logo in/on your product just write > > and ask Theo's permission. Depending on what it is I'm pretty certain > > he will give you permission. > > Of course if you did make a profit from something you developed using > > OBSD a donation would be greatly appreciated, but not required. > > Many Big Corporations do it all the time. > > (Use OBSD developed software and not give anything back, that is) > > Your tinfoil hat is on too tight. > > > >
Re: OpenBSD logo on my private hompage. It is allowed?
Okay, My homepage is for non-profit purpose. I want create a little blog where I can present my open-source projects. So i can use the logo? Is this correct? Or should I ask deRaadt for this plan? Thanks in advance! Best regards, Johannes On Thu, Jun 007, 2018 At 22:39:36 -0400, Eric Furman wrote: > On Thu, Jun 7, 2018, at 10:10 PM, justina colmena wrote: >> On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III > web.com> wrote: >>> >>> >>> On 06/07/18 18:51, justina colmena wrote: On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer >>> wrote: > Hallo, > > Thanks! I have read over that. > > Best regards, > Johannes Krottmayer > > On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin >>> wrote: >> On 7 June 2018 at 17:36, Johannes Krottmayer > wrote: >>> Can I use the OpenBSD logo on my homepage? It is allowed? >>> I can't find any information about this plan. >> http://www.openbsd.org/art1.html has all the details. >> >> C. >> " ... it is our intent that anyone be able to use these images to >>> represent OpenBSD in a positive light -- but do not make profit from >>> them" The no-profit clause is new. Sounds like I'd better dump OpenBSD >>> entirely if I want to make a profit at any sort of business or keep any >>> of my private information private or retain any of MY intellectual >>> property for my own use. There's a giant hole in my pocket that needs >>> to be sewn up. Not sure where to go. The lawyers are coming out like >>> alligators from the Florida swamps. This is as bad as SCO and groklaw. OpenBSD is for non-profit use only. Thank you for bringing that to my >>> attention. -- https://www.colmena.biz/~justina/contacto.php >>> I hope your joking. Obviously they don't want rogue people selling >>> merchandise with these images since it would detract from legitimate >>> sales that support the project. The operating system's license info is >>> here: >>> https://www.openbsd.org/policy.html >> >> Straw that broke the camel's back. There are a few other issues, namely >> people getting foreign psych degrees and prescribing "benzedrine" and >> such. I don't do drugs, and no, I am most certainly not joking. I am not >> happy with that kind of stuff, and I personally do not want to support >> it on MY web page. > > Just the image itself is copyright deRaadt. > He just doesn't want you selling stickers or t-shirts or mugs or or or... > You can make and sell any product you want using OBSD. > No fee or questions asked. Even Baby-Mulching Machines. > If you want to include the OBSD logo in/on your product just write > and ask Theo's permission. Depending on what it is I'm pretty certain > he will give you permission. > Of course if you did make a profit from something you developed using > OBSD a donation would be greatly appreciated, but not required. > Many Big Corporations do it all the time. > (Use OBSD developed software and not give anything back, that is) > Your tinfoil hat is on too tight. >
Re: OpenBSD logo on my private hompage. It is allowed?
On Thu, Jun 7, 2018, at 10:10 PM, justina colmena wrote: > On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III web.com> wrote: > > > > > >On 06/07/18 18:51, justina colmena wrote: > >> On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer > > wrote: > >>> Hallo, > >>> > >>> Thanks! I have read over that. > >>> > >>> Best regards, > >>> Johannes Krottmayer > >>> > >>> On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin > >wrote: > On 7 June 2018 at 17:36, Johannes Krottmayer > >>> wrote: > > Can I use the OpenBSD logo on my homepage? It is allowed? > > I can't find any information about this plan. > http://www.openbsd.org/art1.html has all the details. > > C. > > >> " ... it is our intent that anyone be able to use these images to > >represent OpenBSD in a positive light -- but do not make profit from > >them" > >> > >> The no-profit clause is new. Sounds like I'd better dump OpenBSD > >entirely if I want to make a profit at any sort of business or keep any > >of my private information private or retain any of MY intellectual > >property for my own use. There's a giant hole in my pocket that needs > >to be sewn up. Not sure where to go. The lawyers are coming out like > >alligators from the Florida swamps. This is as bad as SCO and groklaw. > >> > >> OpenBSD is for non-profit use only. Thank you for bringing that to my > >attention. > >> -- > >> https://www.colmena.biz/~justina/contacto.php > >> > >I hope your joking. Obviously they don't want rogue people selling > >merchandise with these images since it would detract from legitimate > >sales that support the project. The operating system's license info is > >here: > >https://www.openbsd.org/policy.html > > Straw that broke the camel's back. There are a few other issues, namely > people getting foreign psych degrees and prescribing "benzedrine" and > such. I don't do drugs, and no, I am most certainly not joking. I am not > happy with that kind of stuff, and I personally do not want to support > it on MY web page. Just the image itself is copyright deRaadt. He just doesn't want you selling stickers or t-shirts or mugs or or or... You can make and sell any product you want using OBSD. No fee or questions asked. Even Baby-Mulching Machines. If you want to include the OBSD logo in/on your product just write and ask Theo's permission. Depending on what it is I'm pretty certain he will give you permission. Of course if you did make a profit from something you developed using OBSD a donation would be greatly appreciated, but not required. Many Big Corporations do it all the time. (Use OBSD developed software and not give anything back, that is) Your tinfoil hat is on too tight.
Re: OpenBSD logo on my private hompage. It is allowed?
On June 7, 2018 4:44:21 PM AKDT, Edgar Pettijohn III wrote: > > >On 06/07/18 18:51, justina colmena wrote: >> On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer > wrote: >>> Hallo, >>> >>> Thanks! I have read over that. >>> >>> Best regards, >>> Johannes Krottmayer >>> >>> On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin >wrote: On 7 June 2018 at 17:36, Johannes Krottmayer >>> wrote: > Can I use the OpenBSD logo on my homepage? It is allowed? > I can't find any information about this plan. http://www.openbsd.org/art1.html has all the details. C. >> " ... it is our intent that anyone be able to use these images to >represent OpenBSD in a positive light -- but do not make profit from >them" >> >> The no-profit clause is new. Sounds like I'd better dump OpenBSD >entirely if I want to make a profit at any sort of business or keep any >of my private information private or retain any of MY intellectual >property for my own use. There's a giant hole in my pocket that needs >to be sewn up. Not sure where to go. The lawyers are coming out like >alligators from the Florida swamps. This is as bad as SCO and groklaw. >> >> OpenBSD is for non-profit use only. Thank you for bringing that to my >attention. >> -- >> https://www.colmena.biz/~justina/contacto.php >> >I hope your joking. Obviously they don't want rogue people selling >merchandise with these images since it would detract from legitimate >sales that support the project. The operating system's license info is >here: >https://www.openbsd.org/policy.html Straw that broke the camel's back. There are a few other issues, namely people getting foreign psych degrees and prescribing "benzedrine" and such. I don't do drugs, and no, I am most certainly not joking. I am not happy with that kind of stuff, and I personally do not want to support it on MY web page. -- https://www.colmena.biz/~justina/contacto.php
Re: Reboot loop
On 08/06/18 11:36, IL Ka wrote: >> For a system console (with access to DDB etc.) you need a "standard" com > port. > Do you mean I can use "com", but not "ucom(4)", right? Using USB serial would require enumeration of the serial bus then selection of the appropriate protocol (there's at least a dozen competing standards for USB serial) based on the VID/PID. Not trivial to do in the early boot phase. I don't know of many operating systems that can do this. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: Reboot loop
> OpenBSD doesn't use ACPI to find an isa UART, it only looks in the fixed > locations compiled in to the kernel. Ok, I see that "com.c" does it by reading register, it even has comment "Probe for all known forms of UART" > For a system console (with access to DDB etc.) you need a "standard" com port. Do you mean I can use "com", but not "ucom(4)", right? Thank you, Ilya.
Re: OpenBSD logo on my private hompage. It is allowed?
On 06/07/18 18:51, justina colmena wrote: On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer wrote: Hallo, Thanks! I have read over that. Best regards, Johannes Krottmayer On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin wrote: On 7 June 2018 at 17:36, Johannes Krottmayer wrote: Can I use the OpenBSD logo on my homepage? It is allowed? I can't find any information about this plan. http://www.openbsd.org/art1.html has all the details. C. " ... it is our intent that anyone be able to use these images to represent OpenBSD in a positive light -- but do not make profit from them" The no-profit clause is new. Sounds like I'd better dump OpenBSD entirely if I want to make a profit at any sort of business or keep any of my private information private or retain any of MY intellectual property for my own use. There's a giant hole in my pocket that needs to be sewn up. Not sure where to go. The lawyers are coming out like alligators from the Florida swamps. This is as bad as SCO and groklaw. OpenBSD is for non-profit use only. Thank you for bringing that to my attention. -- https://www.colmena.biz/~justina/contacto.php I hope your joking. Obviously they don't want rogue people selling merchandise with these images since it would detract from legitimate sales that support the project. The operating system's license info is here: https://www.openbsd.org/policy.html
Re: OpenBSD logo on my private hompage. It is allowed?
On Thu, 07 Jun 2018 15:51:24 -0800, justina colmena wrote: > The no-profit clause is new. That's not true. It was added with revision 1.8 date: 2005/03/24 01:31:13; author: deraadt; state: Exp; lines: +4 -3; note do not sell (on github: https://github.com/openbsd/www/commit/46f3713db1ab0fa2183699928305b8b0a29f8683)
Re: OpenBSD logo on my private hompage. It is allowed?
On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer wrote: >Hallo, > >Thanks! I have read over that. > >Best regards, >Johannes Krottmayer > >On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin wrote: >> On 7 June 2018 at 17:36, Johannes Krottmayer >wrote: >>> Can I use the OpenBSD logo on my homepage? It is allowed? >>> I can't find any information about this plan. >> >> http://www.openbsd.org/art1.html has all the details. >> >> C. >> " ... it is our intent that anyone be able to use these images to represent OpenBSD in a positive light -- but do not make profit from them " The no-profit clause is new. Sounds like I'd better dump OpenBSD entirely if I want to make a profit at any sort of business or keep any of my private information private or retain any of MY intellectual property for my own use. There's a giant hole in my pocket that needs to be sewn up. Not sure where to go. The lawyers are coming out like alligators from the Florida swamps. This is as bad as SCO and groklaw. OpenBSD is for non-profit use only. Thank you for bringing that to my attention. -- https://www.colmena.biz/~justina/contacto.php
Re: OpenBSD logo on my private hompage. It is allowed?
Hallo, Thanks! I have read over that. Best regards, Johannes Krottmayer On Thu, Jun 07, 2018 At 18:23:31 -0500, Constantine A. Murenin wrote: > On 7 June 2018 at 17:36, Johannes Krottmayer wrote: >> Can I use the OpenBSD logo on my homepage? It is allowed? >> I can't find any information about this plan. > > http://www.openbsd.org/art1.html has all the details. > > C. >
Re: OpenBSD logo on my private hompage. It is allowed?
On 7 June 2018 at 17:36, Johannes Krottmayer wrote: > Can I use the OpenBSD logo on my homepage? It is allowed? > I can't find any information about this plan. http://www.openbsd.org/art1.html has all the details. C.
Re: OpenBSD logo on my private hompage. It is allowed?
On 06/07/18 23:36, Johannes Krottmayer wrote: Hallo, Can I use the OpenBSD logo on my homepage? It is allowed? I can't find any information about this plan. My homepage with logo (currently under construction): https://krottmayer.com Best regards, Johannes Krottmayer http://www.openbsd.org/art1.html has the following statement: Most images provided here are copyright by OpenBSD, by Theo de Raadt, or by other members or developers of the OpenBSD group. However, it is our intent that anyone be able to use these images to represent OpenBSD in a positive light -- but do not make profit from them. Our primary distributors make T-shirts. So enjoy them and let the world see them, if that is your wish. So yes you can, but they are still copyrighted works. Cheers Fred
OpenBSD logo on my private hompage. It is allowed?
Hallo, Can I use the OpenBSD logo on my homepage? It is allowed? I can't find any information about this plan. My homepage with logo (currently under construction): https://krottmayer.com Best regards, Johannes Krottmayer
Re: "Halted" firewall - is it a good idea as feature? or just a fun story
I'm not loving it. For silly firewalls, I'd rather prefer a FPGA with a PHY. But then, you have managed switches with L3 routing... 2018-06-07 20:48 GMT+02:00 Jacqueline Jolicoeur : > > Because this method does ensure that no user will ever gain controlling > access to the firewall itself, there is definitely a huge security benefit. > > I do not believe this is true. > > > a degree in Philosophy. > > This firewall setup reminds me of the minimalism art movement. > >
Re: "Halted" firewall - is it a good idea as feature? or just a fun story
> Because this method does ensure that no user will ever gain controlling > access to the firewall itself, there is definitely a huge security benefit. I do not believe this is true. > a degree in Philosophy. This firewall setup reminds me of the minimalism art movement.
dovecot confusing default ssl configuration
I think this is since 6.3. Qhen installin dovecot package, a few files are created. The problem is that /etc/dovecot/conf.d/10-ssl.conf contains : ssl_cert =
Initial Coin Offerings Laws and Regulations
Subject: Initial Coin Offerings Laws and regulations We help businesses with Initial Coin Offerings. We furthermore take firms public. The president of our company is a very specialized securities lawyer. The SEC has basically stated that all Initial Coin Offerings are financial instruments and governed by United States of America securities rules and regulations. We enjoy paying for referral fees when appropriate. If you please, send out this email to a friend, relative or business associate that may consider going public in the future. When executing an ICO it is useful to be guided by a knowledgeable securities law professional. We can also support you with the technical aspects of blockchain technology. You do not have to become a publicly traded enterprise in order to attract funding for your coin offering. Nonetheless, you must perform some sophisticated filings with the Securities and Exchange Commission as well as provide documentation in great detail to the SEC and investors before raising capital. Failure to do so may result in the SEC penalizing you and forcing the disgorgement of funding. This means for example if you raise $20 million and spend it on legitimate business expenses but have not followed securities law then you will owe the SEC $20 million. The SEC is like the IRS they will hound you the rest of your life until they collect. Now, you do not have to worry if you follow all the securities laws. Here is more about our other service which is taking companies public: In addition to taking companies public we can form a new public shell company for attorneys, CPA's and investment bankers. A public company can be a very valuable tool in many ways. As a public company, you can do a private placement at a discount to the open market price. Under certain circumstances, if you register the offering and follow other guidelines, you can advertise to the general public that you are a public company. You also may be able to trade stock for advertising, employee compensation, to acquire companies and other tangibles. Our services also include introductions to our network of broker dealers, investment banks, brokerage firms and other financial institutions. We also provide investor relations consulting which assists with investor awareness as well as consulting on how to create more interest in your company in the Wall Street and investment communities. There are no asset, revenue or time in business requirements to go public in the United States. This means even a development stage company can go public. If you are involved with a US or foreign companies, an attorney, a CPA or other advisor that may be aware of a company that one day may consider going public, please contact us or pass this information on to them. We believe in developing long term relationships. We thank you and look forward to hearing from you regarding how we can best help and work with you. We look forward to your reply. Sincerely, Fred Jansen All Financial Network 9454 Wilshire Blvd Beverly Hills, CA 90212 Phone: (646) 205-3835 If you do not wish to receive further correspondence, please click here to send us your request. Otherwise you may reply to this email with the words "No Longer" in the subject line.
"Halted" firewall - is it a good idea as feature? or just a fun story
Hello, http://www.drdobbs.com/halted-firewalls/199101324 What do you think of it? :) any similar feature in OpenBSD? :D copied the short text: = Halted Firewalls By Mike Murray, January 08, 2002 Murray shows how to configure a Linux box so the firewall will continue to filter packets after the machine has been shut down. Halted Firewalls Mike Murray As systems administrators, it’s often funny how new and interesting information ends up in our hands. Sometimes, it’s through an intentional course of study; other times, it seems to arrive by accident. That’s exactly how the concept of using a halted Linux computer as a firewall occurred to me. I was at work, perusing an internal corporate mailing list and saw a message about something that was once present in Linux. The message referred to a method for shutting down a Linux box while ipchains is still running, and having the box continue to perform firewall tasks. My first response was to stifle a laugh — a firewall that works while in a halted state? I contacted the author (with a bit too much sarcasm in my letter), and was sent a link to an old discussion thread on the Firewalls list about a rumored feature in the 2.0.x kernels. This feature allowed you to run shutdown -h (halt) on the machine, and the firewall would remain active but with no drives mounted and no processes running. That is, the firewall would be in run level 0, but still be filtering packets. However, the list mentioned that this no longer worked in the 2.2.x series kernels. I knew that I couldn’t leave it alone, however. I set out to make a 2.2.x box perform a similar function, and I hoped that I would be able to do it without having to patch the kernel in any way. It turns out that I can. Perfect Security? I realized the security implications of such a possibility. Assuming that the firewall could be cleanly shut down, having removed all process space and file systems, there would be no way for any attacker to gain access to the system. This is because there is a complete lack of process space, and there are no drives mounted. Thus, an attacker could not run code on the system outside of code that he or she could directly introduce into kernel space. This would require writing shell code to produce the desired results, which would not be a trivial task. Note that this doesn’t make the firewall invulnerable to denial of service-type attacks. In fact, with respect to denial of service and resource-exhaustion attacks, this machine is no more secure than any ordinary Linux-based firewall. However, it can also be said that it is not significantly more vulnerable to that type of attacks. Because this method does ensure that no user will ever gain controlling access to the firewall itself, there is definitely a huge security benefit. It’s a step in the direction of the old adage that the only perfectly secure machine is one turned off and locked in a room. Implementation My test machine was an x86-based Red Hat 6.2 machine with two Ethernet cards. No special system or kernel modifications were made. To begin, I searched the run control scripts, thinking they would be the most likely place to find a hint of what was to come. Specifically, I focused upon the scripts for rc0 (the script that runs when halting the machine). It turns out that this was all I had to do. I started removing scripts, working entirely by trial-and-error. After a relatively short period of time, I concluded that for Red Hat Linux 6.2, removing the following scripts will allow this behavior to occur: /etc/rc.d/rc0.d/S00killall /etc/rc.d/rc0.d/K90network /etc/rc.d/rc0.d/K92ipchains Removing these three scripts keeps the network up, and keeps ipchains running. Note that removal of the killall script is necessary because its task is to recurse through the /etc/rc.d/rc0.d/ directory and run all scripts that start with a K. This script would run the K90 network and K92 ipchains scripts, which would kill the network and ipchains. Explanation The design of Linux is as a monolithic kernel. When the machine is halted, the kernel still resides in memory, even when the machine runs through the shutdown process. The usual method to prevent this from being evident is to kill all possible access to the kernel during the shutdown process, which is accomplished by killing all running processes, shutting down all of the machine’s network interfaces, and unmounting the filesystems. This prevents the kernel from performing any intentional tasks while the machine is “halted”. However, the kernel is still running as a scheduler and memory manager at that point. Because the kernel is still running, any kernel-based tasks that we can run in normal use can be run while halted. Of course, most tasks require some form of input and output, either through the shell (user input), the file system, or the network (as in
Re: Reboot loop
On 2018-06-06, IL Ka wrote: > There is >> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > in your dmesg. > > So, I assume your box reports com port somehow (via ACPI probably) OpenBSD doesn't use ACPI to find an isa UART, it only looks in the fixed locations compiled in to the kernel. Seeing ns16550a in the output suggests that it did actually find one. > Some boxes may have comport built into chipset but no external cable for it. > I have one, I bought cable separately. It's also possible that the UART is present (as part of a superio chip usually) but it isn't even brought ought to a header on the board. > Another option is to use UART that connects to USB For a system console (with access to DDB etc.) you need a "standard" com port. A standard DOS-compatible one at the usual com1/com2 address are easy. PCI/PCIe *might* be possible in some cases but awkward to setup. USB is not possible.
Re: i915 witness log
Ingo Feinerer wrote: > with > > $ sysctl kern.version > kern.version=OpenBSD 6.3-current (GENERIC.MP) #88: Wed Jun 6 20:07:00 MDT > 2018 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > I observe following messages (…) Not exactly the same message but also somewhat i915 related with a snapshot one day older than yours : sysctl kern.version kern.version=OpenBSD 6.3-current (GENERIC.MP) #84: Tue Jun 5 19:22:09 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP lock order reversal: 1st 0x81da5108 _lock (_lock) @ /usr/src/sys/kern/kern_synch.c:444 2nd 0x800ff9f0 _priv->uncore.lock (_priv->uncore.lock) @ /usr/src/sys/dev/pci/drm/i915/intel_uncore.c:811 lock order "_priv->uncore.lock"(mutex) -> "_lock"(sched_lock) first seen at: #0 witness_checkorder+0x4b4 #1 ___mp_lock+0x70 #2 schedclock+0x30 #3 hardclock+0xe3 #4 lapic_clockintr+0x3d #5 Xresume_lapic_ltimer+0x22 #6 gen6_write32+0x120 #7 ironlake_irq_handler+0x7e #8 intr_handler+0x74 #9 Xintr_ioapic_edge16_untramp+0x13d #10 acpicpu_idle+0x166 #11 cpu_idle_cycle+0x10 lock order "_lock"(sched_lock) -> "_priv->uncore.lock"(mutex) first seen at: #0 witness_checkorder+0x4b4 #1 _mtx_enter+0x31 #2 gen6_read32+0x8f #3 gen6_ring_get_seqno+0x3a #4 __i915_wait_request+0x232 #5 i915_gem_object_wait_rendering__nonblocking+0x1d6 #6 i915_gem_set_domain_ioctl+0xdb #7 drm_do_ioctl+0x221 #8 drmioctl+0xf9 #9 VOP_IOCTL+0x5a #10 vn_ioctl+0x6b #11 sys_ioctl+0x457 #12 syscall+0x32a #13 Xsyscall_untramp+0xc0 lock order reversal: 1st 0x81da5108 _lock (_lock) @ /usr/src/sys/kern/kern_synch.c:444 2nd 0x80106270 _priv->irq_lock (_priv->irq_lock) @ /usr/src/sys/dev/pci/drm/i915/intel_ringbuffer.c:1787 lock order "_priv->irq_lock"(mutex) -> "_lock"(sched_lock) first seen at: #0 witness_checkorder+0x4b4 #1 ___mp_lock+0x70 #2 wakeup_n+0x39 #3 task_add+0x93 #4 gen6_rps_boost+0x129 #5 __i915_wait_request+0x155 #6 i915_gem_object_wait_rendering__nonblocking+0x1d6 #7 i915_gem_set_domain_ioctl+0xdb #8 drm_do_ioctl+0x221 #9 drmioctl+0xf9 #10 VOP_IOCTL+0x5a #11 vn_ioctl+0x6b #12 sys_ioctl+0x457 #13 syscall+0x32a #14 Xsyscall_untramp+0xc0 lock order "_lock"(sched_lock) -> "_priv->irq_lock"(mutex) first seen at: #0 witness_checkorder+0x4b4 #1 _mtx_enter+0x31 #2 gen6_ring_put_irq+0x36 #3 __i915_wait_request+0x367 #4 i915_gem_object_wait_rendering__nonblocking+0x1d6 #5 i915_gem_set_domain_ioctl+0xdb #6 drm_do_ioctl+0x221 #7 drmioctl+0xf9 #8 VOP_IOCTL+0x5a #9 vn_ioctl+0x6b #10 sys_ioctl+0x457 #11 syscall+0x32a #12 Xsyscall_untramp+0xc0 on OpenBSD 6.3-current (GENERIC.MP) #84: Tue Jun 5 19:22:09 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8451125248 (8059MB) avail mem = 8117297152 (7741MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries) bios0: vendor LENOVO version "8DET70WW (1.40 )" date 05/14/2015 bios0: LENOVO 42919Y5 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.55 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges using xsaveopt cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.42 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.42 MHz cpu2:
Re: rtadvd bug ?
Le mercredi 06 juin 2018 à 17:11 +0200, Bastien Durel a écrit : > Le mercredi 06 juin 2018 à 13:55 +0200, Bastien Durel a écrit : > > Hello, > > > > I run rtadvd on a router, which also run ospfd (on 6.3). > > [...] > > if an ospf neighbour start advertising a new network (in my case > > 2001:41d0:fe4b:ecf1::/64), a route is inserted in the kernel: > > > > fremen# route -n show -inet6|grep ecf1 > > 2001:41d0:fe4b:ecf1::/64 fe80::225:22ff:fe1e:bb7%em1U > > G > > 0 594 -32 em1 > > but rtadvd starts advertising it on the link with the said > > neighbour. > > [...] I looked at the code, and see rtadvd monitors the routing table and add new prefix when new route appears. shouldn't it check the rtm_priority to be RTP_LOCAL or RTP_CONNECTED ?? it make no sense to start advertising prefix on an interface if the prefix is over a gateway. I can always put a -s in rtadvd_flags for my use case, I'd prefer a fix ;) Thanks, -- Bastien Durel
Re: i915 witness log
Same here. Everything *seems* to be working fine. $ sysctl kern.version kern.version=OpenBSD 6.3-current (GENERIC.MP) #84: Tue Jun 5 19:22:09 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP OpenBSD 6.3-current (GENERIC.MP) #81: Tue Jun 5 07:23:00 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16972566528 (16186MB) avail mem = 16318361600 (15562MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9c000 (68 entries) bios0: vendor LENOVO version "G2ETB2WW (2.72 )" date 04/11/2018 bios0: LENOVO 23252Q7 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! UEFI UEFI POAT SSDT SSDT DMAR UEFI DBG2 acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.53 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges using xsaveopt cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus 4 (EXP3) acpicpu0 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1, EHC2 acpitz0 at acpi0: critical temperature is 103 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpicmos0 at acpi0 "LEN0071" at acpi0 not configured "LEN0020" at acpi0 not configured "SMO1200" at acpi0 not configured acpibat0 at acpi0: BAT0 model "45N1172" serial 10155 type LION oem "SANYO" acpiac0 at acpi0: AC unit online "LEN0078" at acpi0 not configured acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured acpidock0 at acpi0: GDCK not docked (0) acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not configured acpivideo1 at acpi0: VID_ cpu0: Enhanced SpeedStep 2594 MHz: speeds: 2601, 2600, 2500, 2400, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09 drm0 at inteldrm0 inteldrm0: msi inteldrm0: 1366x768, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100
Re: OpenBSD on Lenovo m710q running minidlna?
On Wed, 6 Jun 2018 12:10:06 + (UTC) Stuart Henderson wrote: > We don't have inotify and minidlna doesn't have kqueue support for file > monitoring; I've been in impression that devel/libinotify is enough for "inotify" feature...
Re: mg(1) man page about regular expressions
On Thu, Jun 07, 2018 at 01:33:01PM +0300, Leonid Bobrov wrote: > On Thu, Jun 07, 2018 at 12:14:00PM +0200, Andreas Kusalananda Kähäri wrote: > > Reading the source (/usr/src/usr.bin/mg/re_search.c), it seems as if it > > uses regcomp() to compile extended regular expressions. > > > > So that ought to mean that it too supports (extended) regular > > expressions as described by re_format(7). > > > > Thank you for clear answer. But in that case manual page is useless > because source code is the best documentation available xD I would not call the manual "useless" unless it's *wrong* in some way. But it's true that the source code is the best documentation for what a program *actually* does, provided that one is able and willing to read it. For someone who is not proficient in C, the source code is often lousy documentation. I'll leave it to others to decide whether this is a "documentation bug" for mg(1) or not. Cheers, -- Andreas Kusalananda Kähäri, National Bioinformatics Infrastructure Sweden (NBIS), Uppsala University, Sweden. När du har kontakt med oss på Uppsala universitet med e-post så innebär det att vi behandlar dina personuppgifter. För att läsa mer om hur vi gör det kan du läsa här: https://mp.uu.se/c/perm/link?p=178072158 E-mailing Uppsala University means that we will process your personal data. For more information on how this is performed, please read here: https://mp.uu.se/c/perm/link?p=178072158
Re: Fwd: [OT] EU copyright reform
Quoting from [1]: <> Comments: We neved had the freedom to upload (distribute) the property of someone else without explicit licence. We do have the licence to quote, however. Sharing a link is the internet version of citing a publication. However, links are used to point at pirated copies if someone else's property. The new regulation aims at suppressing pirates, not our freedom of expression. Having said this, there is hardly any awareness of the ongoing debate on European media. On Thu, Jun 7, 2018 at 12:41, Craig Skinner wrote: > Begin forwarded message: Date: Wed, 06 Jun 2018 21:03:38 + From: Greg > Sutcliffe via Falkirk To: Falkirk User Group Subject: [Falkirk] EU > copyright reform - links from my talk Last night I gave a quick talk on the > proposed EU Copyright Reform, and the awful state it's in. We *all* need to > care about this - in it's current form it's going to wreck the internet as we > know it, and I don't sling phrases like that about lightly. You can read more > about the issues with the reform on Julia Reda's blog[1] and the Open Rights > Group have a post on it as well[2]. Both contain links to speaking with your > MEP, but I'd suggest hitting up https://www.TheyWorkForYou.com/ and getting > in touch with your MP as well - member states get a say in this as well as > the MEP parties. This is looking like a very tight vote (currently just 1 > vote in favour of it). Let's change that. Thanks Greg [1] > https://juliareda.eu/2018/06/saveyourinternet/ [2] > https://www.openrightsgroup.org/blog/2018/filters-are-for-coffee-and-water-not-copyright > @mailman.lug.org.uk> @mailman.lug.org.uk>
i915 witness log
Hi, with $ sysctl kern.version kern.version=OpenBSD 6.3-current (GENERIC.MP) #88: Wed Jun 6 20:07:00 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP I observe following messages error: [drm:pid66464:intel_pipe_update_start] *ERROR* Potential atomic update failure on pipe B lock order reversal: 1st 0x81d9ef60 _lock (_lock) @ /usr/src/sys/kern/kern_synch.c:444 2nd 0x80153270 _priv->irq_lock (_priv->irq_lock) @ /usr/src/sys/dev/pci/drm/i915/intel_lrc.c:1645 lock order "_priv->irq_lock"(mutex) -> "_lock"(sched_lock) first seen at: #0 witness_checkorder+0x4b4 #1 ___mp_lock+0x70 #2 wakeup_n+0x39 #3 task_add+0x93 #4 gen6_rps_boost+0x129 #5 __i915_wait_request+0x155 #6 i915_wait_request+0x97 #7 i915_gem_object_wait_rendering+0x19c #8 i915_gem_object_sync+0x6c #9 i915_gem_object_pin_to_display_plane+0x2e #10 intel_pin_and_fence_fb_obj+0x1cd #11 intel_prepare_plane_fb+0xb4 #12 drm_atomic_helper_prepare_planes+0x6b #13 intel_atomic_commit+0x52 #14 drm_atomic_helper_set_config+0x80 #15 drm_mode_setcrtc+0x36f #16 drm_do_ioctl+0x221 #17 drmioctl+0xf9 #18 VOP_IOCTL+0x5a lock order "_lock"(sched_lock) -> "_priv->irq_lock"(mutex) first seen at: #0 witness_checkorder+0x4b4 #1 _mtx_enter+0x31 #2 gen8_logical_ring_put_irq+0x36 #3 __i915_wait_request+0x367 #4 i915_gem_object_wait_rendering__nonblocking+0x1d6 #5 i915_gem_set_domain_ioctl+0xdb #6 drm_do_ioctl+0x221 #7 drmioctl+0xf9 #8 VOP_IOCTL+0x5a #9 vn_ioctl+0x6b #10 sys_ioctl+0x457 #11 syscall+0x32a #12 Xsyscall_untramp+0xc0 error: [drm:pid66464:intel_pipe_update_start] *ERROR* Potential atomic update failure on pipe B The system works fine. Just saw the messages in the log ... Best regards, Ingo
Re: Reboot loop
IL Ka, Thanks for pointing it out. It will take a few days before I can capture the output through the com port. Until then folks, - Mensaje original - De: IL Ka Para: francis dos santos CC: OpenBSD General Misc Enviado: Wed, 06 Jun 2018 19:32:32 -0300 (ART) Asunto: Re: Reboot loop There is > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo in your dmesg. So, I assume your box reports com port somehow (via ACPI probably) Some boxes may have comport built into chipset but no external cable for it. I have one, I bought cable separately. Another option is to use UART that connects to USB
Re: Reboot loop
Oops, spoke to soon. I'll have to break the box open/read manual to see if there is a com1 option through a header. - Mensaje original - De: IL Ka Para: francis dos santos CC: OpenBSD General Misc Enviado: Wed, 06 Jun 2018 18:45:07 -0300 (ART) Asunto: Re: Reboot loop Ok, then try to follow Stuart Longland's advice: use serial console. Connect your PC using null-modem cable to another pc, and in boot(8) prompt type: boot> set tty com0 On another PC run cu(1) or minicom or screen (or for Windows you may use PuTTY), connect to OpenBSD and you will see all your console output which you should be able to capture.
Re: Reboot loop
There is no com port on this machine. Thanks for the assistance. - Mensaje original - De: IL Ka Para: francis dos santos CC: OpenBSD General Misc Enviado: Wed, 06 Jun 2018 18:45:07 -0300 (ART) Asunto: Re: Reboot loop Ok, then try to follow Stuart Longland's advice: use serial console. Connect your PC using null-modem cable to another pc, and in boot(8) prompt type: boot> set tty com0 On another PC run cu(1) or minicom or screen (or for Windows you may use PuTTY), connect to OpenBSD and you will see all your console output which you should be able to capture.
Re: Reboot loop
I'll be more specific. I was talking about a 'loop' where the system reboots automatically and there is also a tighter loop that does not cause the system to reboot automatically. The inescapable loop is the tighter loop which causes the boot process to display uvm_fault(...) indefinitely. Needless to say, if something gets displayed before entering the tighter loop, I won't be able to see it. I do not see a kernel panic. - Mensaje original - De: IL Ka Para: francis dos santos CC: OpenBSD General Misc Enviado: Wed, 06 Jun 2018 17:29:55 -0300 (ART) Asunto: Re: Reboot loop ddb(4): "ddb is invoked upon a kernel panic when the sysctl(8) ddb.panic is set to 1". I belive this value is default. So, kernel should be dropped into ddb on panic. Does it happen? What exactly do you see on screen along with uvm_fault? Do you see whole stacktrace? Check https://www.openbsd.org/ddb.html for "Minimum information for kernel problems" section
Fwd: [OT] EU copyright reform
Begin forwarded message: Date: Wed, 06 Jun 2018 21:03:38 + From: Greg Sutcliffe via Falkirk To: Falkirk User Group Subject: [Falkirk] EU copyright reform - links from my talk Last night I gave a quick talk on the proposed EU Copyright Reform, and the awful state it's in. We *all* need to care about this - in it's current form it's going to wreck the internet as we know it, and I don't sling phrases like that about lightly. You can read more about the issues with the reform on Julia Reda's blog[1] and the Open Rights Group have a post on it as well[2]. Both contain links to speaking with your MEP, but I'd suggest hitting up https://www.TheyWorkForYou.com/ and getting in touch with your MP as well - member states get a say in this as well as the MEP parties. This is looking like a very tight vote (currently just 1 vote in favour of it). Let's change that. Thanks Greg [1] https://juliareda.eu/2018/06/saveyourinternet/ [2] https://www.openrightsgroup.org/blog/2018/filters-are-for-coffee-and-water-not-copyright
Re: Send public IP / Alias / Reported in Round Robin manner
Hi Berry,
That "round robin" behavior of your OpenVPN is probably due to having a domain
name in your client configuration file. (e.g, your clients are getting/resolving
the IP(s) of your server via DNS.)
The result that you get from ipinfo is normal, simply because your "default" IP
(the one that the OS is using for sending the network packets) is still your
primary("A") address. (You can think of that "alias" thing as "In addition to
my default IP address, which is A, I also respond to the packets that are
designated for my alias/secondary IP address, which is B.")
On Tue, Jun 5, 2018 at 7:52 PM, Berry Wendermouth wrote:
> Hi.
>
> Some days ago I received a second public IP address ("B") for my VPS /
> OpenBSD system. In order for this ip to be available I added it as an
> alias to my first public IP "A" as described in [1].
>
> I am also running an OpenVPN server on this machine.
>
> When I check for the public ip [2] the original IP "A" is constantly
> reported.
>
> When I check from a connected VPN client the public IP is returned in
> a "Round Robin" manner, switching between "A" and "B" for each check.
>
> As I understand this problem is likely related to my pf.conf.
> Before I go into that I'm wondering how this "round robin" behavior is
> even possible in the first place.
>
> Thank you for your feedback and comments.
>
> B.W.
>
> ---
> [1] "Setting up aliases on an interface"
> https://www.openbsd.org/faq/faq6.html
> [2] for example with `curl ipinfo.io/ip`
>
--
Best regards
Sohrab Monfared
Re: mg(1) man page about regular expressions
On Thu, Jun 07, 2018 at 12:14:00PM +0200, Andreas Kusalananda Kähäri wrote: > Reading the source (/usr/src/usr.bin/mg/re_search.c), it seems as if it > uses regcomp() to compile extended regular expressions. > > So that ought to mean that it too supports (extended) regular > expressions as described by re_format(7). > Thank you for clear answer. But in that case manual page is useless because source code is the best documentation available xD
Re: mg(1) man page about regular expressions
Note: I'm not a mg user. Reading the source (/usr/src/usr.bin/mg/re_search.c), it seems as if it uses regcomp() to compile extended regular expressions. So that ought to mean that it too supports (extended) regular expressions as described by re_format(7). Cheers, On Thu, Jun 07, 2018 at 10:51:38AM +0300, Leonid Bobrov wrote: > Hi! > > ex, vi(1) man page says that it supports regular expressions as > documened in re_format(7). > > But what about mg(1)? Its man page doesn't say anything about > re_format(7). Is everything from re_format(7) true to mg(1) commands > which use regular expressions? If not, where can I find documentation > for regular expressions which mg(1) commands use? > -- Andreas Kusalananda Kähäri, National Bioinformatics Infrastructure Sweden (NBIS), Uppsala University, Sweden. När du har kontakt med oss på Uppsala universitet med e-post så innebär det att vi behandlar dina personuppgifter. För att läsa mer om hur vi gör det kan du läsa här: https://mp.uu.se/web/info/stod/dataskyddsforordningen E-mailing Uppsala University means that we will process your personal data. For more information on how this is performed, please read here: https://mp.uu.se/web/info/stod/dataskyddsforordningen
Re: OpenBSD on Lenovo m710q running minidlna?
On 2018-06-06, John Long wrote: > On Wed, 2018-06-06 at 12:10 +, Stuart Henderson wrote: >> On 2018-06-05, John Long wrote: >> > I have a Lenovo m710q foobar2000 appliance under Windows 10. I like >> > the >> > box, it's about 1 1/2 as wide as a Lemote Fuloong Mini and about as >> > deep and tall, but has slots for two, 2.5 inch drives. I thought >> > about >> > buying another one to use as a minidlna host under OpenBSD. >> > >> > Does anybody on the list have any experience with OpenBSD and >> > minidlna >> > on this box? >> >> Nothing in dmesglog, it would be nice if you could boot the one you >> have >> from a USB stick and email in to dmesg@. > > I'm up to my ass in alligators with work right now so it will take a > few days. How do I capture the output? It's been a while since I > installed OpenBSD... maybe it gives me an option to mail directly from > the installer? I have only a vague memory about it. Interesting job you have there! >From the installer, basically see the floppy disk section of http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/www/faq/faq4.html?rev=1.421=text/html#getdmesg but you can use a USB stick with the relevant device (/dev/sd0i, /dev/sd1i, etc). A dmesg from a booted system is more useful though. You can just install to a USB stick as if it was a hard drive and most BIOSes will be able to just boot from that. > They're not cheap and the hardware is just kinda meh. The one I bought > has 4G of RAM, a 256G SSD (not sure which brand, it's buried in the > chassis and hard to get to) and cost 500 Euros. The one I want for the > minidlna server will cost about 600 Euros and have 8G of RAM. Looks like there are a few for about half that if you don't need a new one.
Re: IKED with multiple clients and nat
On 2018-06-02, J Vans <3...@startmail.com> wrote: > I am posting a less complicated setup, it is the configs from > http://puffysecurity.com/wiki/openikedoffshore.html So now I've looked at this page and I see this is where the config issues are coming from. I realise they're trying to help by posting a guide, but really they're not helping, and I wish they wouldn't rip the off www.openbsd.org site design and artwork as it makes them seem authoritative.
Re: IKED with multiple clients and nat
On 2018-06-02, J Vans <3...@startmail.com> wrote:
> Basically I have a vpn server on the public internet, and I want to be able to
> be anywhere and route my traffic through that server.
>
> CLIENT A ---\
>> VPN > INTERNET
> CLIENT B ---/
So this is purely traffic from the client devices? Your config covers all the
RFC1918 addresses not just the client IP, so one client connects, sets up
flows for (all rfc1918) to 0.0.0.0/0. Then another client connects and tries
to setup the same flows.
> ikev2 passive ipcomp esp \
Maybe simplify things by getting rid of ipcomp until you have it working.
> from 0.0.0.0/0 to 10.0.0.0/8 \
> from 0.0.0.0/0 to 172.16.0.0/12 \
> from 0.0.0.0/0 to 192.168.0.0/16 \
> local $vpn_server_ip peer any \
> srcid $vpn_server_ip \
> tag IKED
Try the server side with just "from 0.0.0.0/0 to 0.0.0.0/0", I'll talk about
client below.
> set skip on { lo, enc }
You probably at least want some PF processing on enc, even if it's only for
the scrub...max-mss rule.
> match in all scrub (no-df random-id max-mss 1440)
If PF was processing enc so this did take effect there, 1440 would be a bit
high. The actual limit depends on overhead which depends on which settings
get negotiated, I normally use 1310 which might be a bit lower than needed
but hasn't given me any problems.
> block in quick from urpf-failed label uRPF
With enc removed from "set skip", check this doesn't trip you up. On
OpenBSD, IPsec is only done via flows not standard route entries, which
might fail the urpf check (which is a route lookup).
> pass out all modulate state
This shouldn't hurt but I'd try without "modulate state".
> pass out on egress \
> from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } \
> to { ! 10.0.0.0/8, ! 172.16.0.0/12, ! 192.168.0.0/16 } \
> nat-to (egress)
This definitely isn't doing what you expect. Paste it into "pfctl -nvf
-" and see how it expands but basically this ends up as "pass out from
{...} to any nat-to ...".
PF can do multiple negations but they need to be wrapped in a table.
> pass in quick inet proto icmp icmp-type { echoreq, unreach }
>
> pass in quick proto tcp from any \
> to (egress) port ssh \
> flags S/SA modulate state \
> (max-src-conn 15, max-src-conn-rate 15/5, overload
> flush global)
You don't have a "pass in" for your regular traffic, only icmp/ssh.
>
> sysctl.conf
>
> net.inet.ip.forwarding=1
> net.inet.ipcomp.enable=1
>
>
>
> CLIENT CONFIGS (A and B are identical except $client_hostname)
>
> iked.conf
>
> ikev2 active ipcomp esp \
> from 10.0.0.0/8 to 0.0.0.0/0 \
> from 172.16.0.0/12 to 0.0.0.0/0 \
> from 192.168.0.0/16 to 0.0.0.0/0 \
> peer $vpn_server_ip \
> srcid $client_hostname \
> tag IKED
This is where it starts getting complex, iked doesn't have many features
client-side.
For this setup I'd probably put a static address on a dummy interface (vether
or a new loopback interface, just to hold the address) and use that as the
"from" address in config. When the vpn is up with that you should be able
to connect from multiple clients at the same time without them stomping
on each other's flows *but* you need to make sure packets have the right
source address in order to match the addresses in the flow so they can be
sent over the vpn.
You can test with ping -I $srcip, nc -s $srcip, ssh -b $srcip
but for software where you can't set this you'll need some PF nat or route
tricks on the client side that I'm not goimg to be able to figure out
without a test setup.
> pf.conf
Some similar problems as with the server one.
mg(1) man page about regular expressions
Hi! ex, vi(1) man page says that it supports regular expressions as documened in re_format(7). But what about mg(1)? Its man page doesn't say anything about re_format(7). Is everything from re_format(7) true to mg(1) commands which use regular expressions? If not, where can I find documentation for regular expressions which mg(1) commands use?
Re: Pf syntax, need help understanding an example
2018-06-06 13:55 GMT+02:00 Stuart Henderson : > On 2018-06-06, Johan Mellberg wrote: > with ext_if="re0", $ext_if expands to re0. > > If this if used in place of an address in a PF rule, re0's address is > looked up when pfctl is run and that is used. > > If "(re0)" is used instead, that lookup is done when the firewall state > is created rather than during rule load. So if you have an address which > does *not* change, using () is unnecessary overhead at runtime for every > new state which has to evaluate this. > Got it, thanks. I guessed something like that, just did not get the further expansion from interface name to IP address. > > () is only for places which take an address. "set skip" takes an "ifspec" > instead. The interface name itself is valid but "set skip on (em0)" is not. Ah! Thank you! That clears it up for me. > > I realise this is just testing but will mention just in case: you don't > usually want to set skip on the external *or* internal interface. > > Heh, yes. That was why I was just testing the syntax, I never actually loaded the file. I could have used another file to play with, but I was lazy - and the test lines have been removed. Also, it's being tested in a VM running on a laptop that is usually connected to known and sort of trusted networks so it's not terribly exposed. And it will probably be deleted when I'm done practising. Many thanks (to all who replied), /Johan
