OCaml/Opam and parsexp ( or num)
Hi All I am trying to install mirage[1] with opam install mirage but building parsexp v0.11.0 fails with SEGV [2]. This is on an amd64/current machine. I am trying this with an OPAM 2 built from source. I tried with chrisz@ patch for ocaml 4.07 et al [3] but num fails to build when the patches can not be applied, opam looks like it hangs, but then eventually returns with a failure. #=== ERROR while compiling num.1.1 # These patches didn't apply at /home/asteen/.opam/default/.opam-switch/build/num.1.1: - findlib-install.patch: "/usr/local/bin/gpatch -p1 -E -i /home/asteen/.opam/log/processed-patch-32042-70a526" exited with code 1 Any tips on where to look into next would be appreciated? Cheers Adam [1] https://mirage.io/ [2] https://github.com/ocaml/opam-repository/issues/12559 [3] https://marc.info/?l=openbsd-ports&m=153216412010547&w=2
Re: Equipment for OBSD based firewall
for APU it’s worth mentioning there are 2 versions in regards of network performance: i210 and i211 NIC chip. i210 (apu2c4) suppose to be faster and more feature-rich, while i211 is “value product”. But since i have only i210AT version and never see head-to-head comparisons there is nothing to backup that claims… Ref (there are nice tables comparing chips): https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i210-ethernet-controller-datasheet.pdf?asset=9573 https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i211-ethernet-controller-datasheet.pdf?asset=9567 https://www.intel.com/content/dam/www/public/us/en/documents/faqs/ethernet-controller-i210-i211-faq.pdf?asset=9597 > Wiadomość napisana przez Shawn Webb w dniu > 04.09.2018, o godz. 02:00: > > The PC-Engines APU devices are wildly popular among the BSD networking > folk, and for good reason. I have a number of APU2 and APU3 systems > deployed. I have one APU4 device deployed. I'll likely deploy another > APU4 device within the next month or two. _ Zbyszek Żółkiewski
Re: Add $daemon_nice to rc.subr
why ? well all interactive process get a quarter range nice priority advance compared to all daemon tasks, at least for a laptop environment it really makes sense. sndiod and ntpd are unaffected by this change. you're right to criticize in that I did not document my code, the point of this new variable is that an amendment to daemon priority is no more than putting one line in /etc/rc.conf.local eg. sshd_nice=1 or in the rc.d/ file daemon_nice=whatever why, because it is a whole lot more readable and usable than inheriting a whole new login class just to change one parameter, but if you don't like it nobody foces you huh ? Le mar. 4 sept. 2018 à 07:57, Alexandre Ratchov a écrit : > > On Tue, Sep 04, 2018 at 04:58:53AM +0200, Thomas de Grivel wrote: > > > > And I still feel the default nice priority of 10 is rather a good > > idea. > > why? -- Thomas de Grivel http://b.lowh.net/billitch/
Re: Add $daemon_nice to rc.subr
and it's like 6 new lines in rc.subr no big deal Le mar. 4 sept. 2018 à 10:53, Thomas de Grivel a écrit : > > why ? well all interactive process get a quarter range nice priority > advance compared to all daemon tasks, at least for a laptop > environment it really makes sense. sndiod and ntpd are unaffected by > this change. > > you're right to criticize in that I did not document my code, the > point of this new variable is that an amendment to daemon priority is > no more than putting one line in /etc/rc.conf.local eg. > sshd_nice=1 > > or in the rc.d/ file > daemon_nice=whatever > > why, because it is a whole lot more readable and usable than > inheriting a whole new login class just to change one parameter, but > if you don't like it nobody foces you huh ? > > Le mar. 4 sept. 2018 à 07:57, Alexandre Ratchov a écrit : > > > > On Tue, Sep 04, 2018 at 04:58:53AM +0200, Thomas de Grivel wrote: > > > > > > And I still feel the default nice priority of 10 is rather a good > > > idea. > > > > why? > > > > -- > Thomas de Grivel > http://b.lowh.net/billitch/ -- Thomas de Grivel http://b.lowh.net/billitch/
Re: Add $daemon_nice to rc.subr
On Tue, Sep 04, 2018 at 10:53:17AM +0200, Thomas de Grivel wrote: > why ? well all interactive process get a quarter range nice priority > advance compared to all daemon tasks, at least for a laptop > environment it really makes sense. sndiod and ntpd are unaffected by > this change. > > you're right to criticize in that I did not document my code, the > point of this new variable is that an amendment to daemon priority is > no more than putting one line in /etc/rc.conf.local eg. > sshd_nice=1 > > or in the rc.d/ file > daemon_nice=whatever > > why, because it is a whole lot more readable and usable than > inheriting a whole new login class just to change one parameter, but > if you don't like it nobody foces you huh ? You're not inheriting a whole new login class, you're just modifying the daemon one and give it a new name. Feel free to keep your diff locally, I don't see any value in integrating it. > Le mar. 4 sept. 2018 à 07:57, Alexandre Ratchov a écrit : > > > > On Tue, Sep 04, 2018 at 04:58:53AM +0200, Thomas de Grivel wrote: > > > > > > And I still feel the default nice priority of 10 is rather a good > > > idea. > > > > why? > > > > -- > Thomas de Grivel > http://b.lowh.net/billitch/ > -- Antoine
Re: Add $daemon_nice to rc.subr
On Tue, Sep 04, 2018 at 10:53:17AM +0200, Thomas de Grivel wrote: > why ? well all interactive process get a quarter range nice priority > advance compared to all daemon tasks, at least for a laptop > environment it really makes sense. sndiod and ntpd are unaffected by > this change. > > you're right to criticize in that I did not document my code, the > point of this new variable is that an amendment to daemon priority is > no more than putting one line in /etc/rc.conf.local eg. > sshd_nice=1 Yes, it would be simpler. However: - The functionality already exists, if somewhat more cumbersome - For the majority of users, it's not needed. - Antoine wasn't convinced. That said, if you want your desktop swift, maybe just set priority 10 in the overall daemon class itself in login.conf? (And do you really run that CPU intense daemons on your laptop?) > > or in the rc.d/ file > daemon_nice=whatever > > why, because it is a whole lot more readable and usable than > inheriting a whole new login class just to change one parameter, but > if you don't like it nobody foces you huh ? Skip the tone. /Alexander > > Le mar. 4 sept. 2018 à 07:57, Alexandre Ratchov a écrit : > > > > On Tue, Sep 04, 2018 at 04:58:53AM +0200, Thomas de Grivel wrote: > > > > > > And I still feel the default nice priority of 10 is rather a good > > > idea. > > > > why? > > > > -- > Thomas de Grivel > http://b.lowh.net/billitch/ >
Re: make(1) and multiple outputs
On Mon, Sep 03, 2018 at 12:14:45PM -0900, Philip Guenther wrote:
> On Mon, Sep 3, 2018 at 5:23 AM Marc Espie wrote:
>
> > Our make is perfectly happy generating several targets with one rule.
> >
> > The only thing we're actually missing wrt % is suffixes rules with
> > multiple results.
> >
> > See any Makefile that generates .h and .c file from .y, for instance
> > lib/libkeynote/Makefile
> >
> > a line like:
> >
> > k.tab.c k.tab.h: keynote.y keynote.h signature.h
> > $(YACC.y) $(YACCFLAGS) ${.CURDIR}/keynote.y
> >
> > looks exactly like what you want.
> >
>
> Classically, a rule like that doesn't mean one invocation will generate
> both targets, but rather that the same recipe can be invoked for each
> target (with different values for $@, etc). In default single-job mode (no
> -jN) this works out fine as after the first invocation 'make' will notice
> the second file is already up-to-date, but with -jN some makes could decide
> to build both of the targets at the same time and invoke yacc twice,
> possibly resulting in truncated/corrupted output files.
>
> Does our make have some logic in the -jN handling to detect and prevent
> that, Marc?
Philip, is that a rhetorical question ?
You know quite well it does.
There's code that looks at the target line for presence of $@, to
desambiguate multiple targets rules from "macro-like" behavior, and the
other targets get locked out while one target is built, so that in effect all
targets get updated at once.
Oh, and it's documented in the man page RTFM.
It was actually somebody from NetBSD (not remembering who) who pointed out
that make extended description in POSIX changed at some point to actually
allow for sane behavior wrt multiple targets.
> Otherwise, the workaround has been as Geoff noted: have all the target
> files depend on a timestamp file which has the real recipe and
> prerequisites. That's still recommended for GNU make users when there's no
> reasonable set of patterns that can match the generated files. People
> occasionally pine for the SunOS 4.x 'make' feature of "targ1 + targ2 [+
> targN...]" functionality, but it's not a great syntax and no one has done
> the work.
I used to think so before the above changes were pointed out to me.
Re: OCaml/Opam and parsexp ( or num)
Sorry for the noise, this was a stack size problem, fixed with ulimit. Now to figure why the patch fails to apply with the ocaml patch. Cheers Adam ‐‐‐ Original Message ‐‐‐ On September 4, 2018 3:31 PM, Adam Steen wrote: > Hi All > > I am trying to install mirage[1] with opam install mirage but building > parsexp v0.11.0 fails with SEGV [2]. This is on an amd64/current machine. > > I am trying this with an OPAM 2 built from source. > > I tried with chrisz@ patch for ocaml 4.07 et al [3] but num fails to build > when the patches can not be applied, opam looks like it hangs, but then > eventually returns with a failure. > > #=== ERROR while compiling num.1.1 > # > These patches didn't apply at > /home/asteen/.opam/default/.opam-switch/build/num.1.1: > > - findlib-install.patch: "/usr/local/bin/gpatch -p1 -E -i > /home/asteen/.opam/log/processed-patch-32042-70a526" exited with code 1 > > Any tips on where to look into next would be appreciated? > > Cheers > Adam > > [1] https://mirage.io/ > [2] https://github.com/ocaml/opam-repository/issues/12559 > [3] https://marc.info/?l=openbsd-ports&m=153216412010547&w=2 >
cc: dereference NULL pointer inside switch brackets and no exception
> As far as I know, since there is no explicit cases in the switch > statement, the value is not used at all, and the compiler never generates code to dereference the pointer. ... That is true. Thank you all for answers and for link. http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html
Re: alpine linux under vm? freezes
Hello, On Thu, 30 Aug 2018 at 21:07, Rudolf Sykora wrote: > > On Thu, 30 Aug 2018 at 20:43, Rudolf Sykora wrote: > > I connect to the console with the 'vmctl console' command. > > At various moments I am no longer able to write anything, > > the alpine system as if freezes. > > It seems to be a problem with the console. > I still can ssh to the system, and it is > working. so is there anything I could do to be able to use the console? [I managed to install alpine linux, but only because I could get ssh connection soon enough (and the console gave me the necessary time before breaking). Now, with slackware I am not so lucky... Thanks Ruda
Re: Lesser evil
On Tue, 4 Sep 2018, Peter N. M. Hansteen wrote: There is a specific piece of software that turned out to be available only on Windows and MacOS, Linux was not an option, neither (of course) was OpenBSD. Or, for example, only in Windoze, because it is a very specific software delivered with a very specific product of a very specific company. If you need Windoze, you will have to use Windoze. I am lucky and do not need it (till now). Rodrigo
Re: Lesser evil
On Mon, 3 Sep 2018 18:03:06 -0400 > I would not try to dual boot Windows and OpenBSD. There are too > many disgusting viri out that smash parts of partitions. OpenBSD > or anything else on the disk is a sitting duck once not active. Don't > do it. The AV situation on Windows is out of control--a conservative > estimate is that there are 4M pieces of malware out for Windows. Personally I feel this is a red herring. If you are finding viri on your system then OpenBSD helps but could be hacked too. Viri are unlikely with a security conscious OpenBSD user. You are doing something wrong or need to silo your actions.
Re: Lesser evil
On Mon, 3 Sep 2018 14:42:39 -0400 (EDT) > Does it make sense to accept such compromises and run Linux for > security and privacy OR is the better security and privacy of Linux > more or less a myth and running Windows would be almost the same in > that respect? > > I understand that any response is to be just an opinion. https://www.openbsd.org/papers/ru13-deraadt/mgp00030.html Now, I used to think Linux had a more secure package system or userland but then you are relying on debian or communities for that and there are plenty of threads that suggest that these repositories aren't as secure as you may think. Atleast with Windows you have a good idea before you install what risks you are taking even in a bad case of some ancient sha1 signed file from a http link. With OpenBSD, I hope that the packaging community is security conscious. I tried OpenBSD with Linux for a work package but have found that OpenBSD gives me great UNIX and security for most and all general tasks and Windows gets best support, latest software features/options and actually with Windows 10 a more secure kernel than Linux and with a smart user, a reliable secure system. It also comes with native OpenSSH and LibreSSL! by default in version 1803 and has the built-in option of windows subsystem for linux. Windows updates do still take way too long though and perhaps they are gathering usage information, not that I care much. I hear they are working on the speed in insider previews. I enabled as many additional mitigations for Chrome as possible in Windows 10 but Chrome broke with the latest update...doh. As for MAC, I have little experience but I know someone who shelled out a small fortune and I had to spend time working out how to manually update the thing from/to Lion or something (no obvious warnings and no upto date browser could be installed) only to find out support would stop far sooner than if he had gone with Windows. Windows 7 update used to fail, though browser support far less likely to be pulled. I am yet to see update failure with Windows 10. A blue screen may be more likely with Windows supporting so much hardware, of course.
Re: DRM without X
On 03/09/2018, Thomas de Grivel wrote: > Is there any way to use the DRM drivers without X11 ? Probably not. The X sets in base are an integral part of the whole operating system. You install them whether or not you use X.
Re: DRM without X
On September 4, 2018 2:11:11 PM UTC, Maurice McCarthy wrote: >On 03/09/2018, Thomas de Grivel wrote: > >> Is there any way to use the DRM drivers without X11 ? > >Probably not. The X sets in base are an integral part of the whole >operating system. You install them whether or not you use X. Well, there are other display servers like Wayland, or projects like Arcan (https://github.com/letoram/arcan). Haven't heard of any of them running outside X11 on OpenBSD though.
Re: Lesser evil
Kevin Chadwick writes: > Windows updates do still take way too long though and perhaps they are > gathering usage information, not that I care much. I hear they are > working on the speed in insider previews. Windows 10 has a lot of telemetry and data collection that sends information back to Microsoft. It can be disabled. This is easier with Enterprise Edition. You might consider the LTSB branch if you are under a volume license agreement. Those releases do not include Windows Store, Cortana, or most of the pre-installed applications. They get security updates, but no new features. Allan
serial for softraid devices
Hi,
I have couple of softraid devices available in a box and when I do upgrade
I always have to check and not to make mistake which softraid device
I want to use as root disk.
If OpenBSD would have serial for softraid device I would just need to remember
the serial for my root disk.
This is similar output what install.sub's diskinfo() returns in installer:
# bioctl softraid0 | awk '$NF == "RAID1" { cmd=sprintf("bioctl -q %s",$(NF-1));
system(cmd); }'
sd5: , serial (unknown)
sd6: , serial (unknown)
sd7: , serial (unknown)
sd8: , serial (unknown)
sd9: , serial (unknown)
Is it because bd_serial is not implemented for softraid devices?
$ ag bd_serial /usr/src/sys/
/usr/src/sys/dev/ic/ami.c
2037: strlcpy(bd->bd_serial, ser, sizeof(bd->bd_serial));
2268: bzero(&bd->bd_serial, sizeof(bd->bd_serial));
2287: strlcpy(bd->bd_serial, ser,
2288: sizeof(bd->bd_serial));
/usr/src/sys/dev/ic/ciss.c
1068: bd->bd_serial[0] = '\0';
1090: strlcpy(bd->bd_serial, pdid->serial,
1091: sizeof(bd->bd_serial));
/usr/src/sys/dev/ic/mpi.c
3386: /* bd_serial[32]; */
/usr/src/sys/dev/pci/arc.c
2256: strlcpy(bd->bd_serial, serial, sizeof(bd->bd_serial));
/usr/src/sys/dev/pci/mpii.c
3596: scsi_strvis(bd->bd_serial, ppg->serial, sizeof(ppg->serial));
/usr/src/sys/dev/biovar.h
111:charbd_serial[32]; /* serial number */
Jiri
Re: serial for softraid devices
On Tue, Sep 04, 2018 at 03:04:15PM +, Jiri B. wrote:
> Hi,
>
> I have couple of softraid devices available in a box and when I do upgrade
> I always have to check and not to make mistake which softraid device
> I want to use as root disk.
FWIW, the upgrade won't proceed until you pick a disk that has something
like a root file system on it. There is a fair chance that you can find
the proper disk by just pressing enter a number of times, unless you
have multiple root filesystems (as I assume could be the case with
diskless setups).
See is_rootdisk() in /usr/src/distrib/miniroot/install.sub:
$ sed '/^is_rootdisk/,/^}$/!d' /usr/src/distrib/miniroot/install.sub
is_rootdisk() {
local _d=$1 _rc=1
(
make_dev $_d
if disklabel $_d | grep -q '^ a: .*4\.2BSD ' &&
mount -t ffs -r /dev/${_d}a /mnt; then
ls -d /mnt/{bin,dev,etc,home,mnt,root,sbin,tmp,usr,var}
_rc=$?
umount -f /mnt
fi
rm -f /dev/{r,}$_d?
return $_rc
) >/dev/null 2>&1
}
/Alexander
> If OpenBSD would have serial for softraid device I would just need to remember
> the serial for my root disk.
>
> This is similar output what install.sub's diskinfo() returns in installer:
>
> # bioctl softraid0 | awk '$NF == "RAID1" { cmd=sprintf("bioctl -q
> %s",$(NF-1)); system(cmd); }'
> sd5: , serial (unknown)
> sd6: , serial (unknown)
> sd7: , serial (unknown)
> sd8: , serial (unknown)
> sd9: , serial (unknown)
>
> Is it because bd_serial is not implemented for softraid devices?
>
> $ ag bd_serial /usr/src/sys/
> /usr/src/sys/dev/ic/ami.c
> 2037: strlcpy(bd->bd_serial, ser, sizeof(bd->bd_serial));
> 2268: bzero(&bd->bd_serial, sizeof(bd->bd_serial));
> 2287: strlcpy(bd->bd_serial, ser,
> 2288: sizeof(bd->bd_serial));
>
> /usr/src/sys/dev/ic/ciss.c
> 1068: bd->bd_serial[0] = '\0';
> 1090: strlcpy(bd->bd_serial, pdid->serial,
> 1091: sizeof(bd->bd_serial));
>
> /usr/src/sys/dev/ic/mpi.c
> 3386: /* bd_serial[32]; */
>
> /usr/src/sys/dev/pci/arc.c
> 2256: strlcpy(bd->bd_serial, serial, sizeof(bd->bd_serial));
>
> /usr/src/sys/dev/pci/mpii.c
> 3596: scsi_strvis(bd->bd_serial, ppg->serial, sizeof(ppg->serial));
>
> /usr/src/sys/dev/biovar.h
> 111:charbd_serial[32]; /* serial number */
>
> Jiri
>
Re: Lesser evil
On Tue, Sep 04, 2018 at 01:35:05PM +, Kevin Chadwick wrote: > Atleast with Windows you have a good idea before you install what risks > you are taking even in a bad case of some ancient sha1 signed file from > a http link. With OpenBSD, I hope that the packaging community is > security conscious. > > I tried OpenBSD with Linux for a work package but have found that > OpenBSD gives me great UNIX and security for most and all general tasks > and Windows gets best support, latest software features/options and > actually with Windows 10 a more secure kernel than Linux and with a > smart user, a reliable secure system. It also comes with native OpenSSH > and LibreSSL! by default in version 1803 and has the built-in option of > windows subsystem for linux. > > Windows updates do still take way too long though and perhaps they are > gathering usage information, not that I care much. I hear they are > working on the speed in insider previews. > Yes, not only do they take way too long, but each major update has failed about 15 times before success (for me at least) . That has cost me hours and hours of wasted time. Even working in the background, it uses up all of my bandwidth so completely that I am unable to even get any other work done, i.e. YouTubeTV through Chrome, forget it. More disturbing, I have absolutely no choice about when an update is actually started. Just turn it on and wait hours for access. Especially if I wanted to just start Putty, check email and fly out the door. Windows 10 does send a lot of usage data, but they still refuse to fully disclose what that exactly is or to whom they share it with. No, no, bad Microsoft! Plus, being closed source, why assume that they can't fully read and write ALL filesystems? They don't need to tell us that. That would, from a fully business point of view (not a paranoid view), possibly reduce Windows usage. More people, due to the file sharing problem, would be likely to just stay with Windows. That is good business and I don't blame them for that at all. But security-wise, it's also worrisome. I first heard about them working on speeding up updates, but that was a long time ago and still nothing done. So, both for financial (as in not a lot of disposable income) and really wanting the speed of the built-in hard drive in my laptop, I successfully ditched Windows 10 yesterday. I'm thrilled about how great OpenBSD -current is running. I'm also sad that I can't run things like Netflix, YouTubeTV, Amazon Prime Video and some other stuff now. But between my Android phone and Amazon Fire 5 tablet, I can do that stuff anyway, so not really a big loss. I'm a bit paranoid, too. I freely admit it. I also might be too paranoid. Oh well. But I also agree, if you need to run a particular OS for your software, go for it. We all need to get things done at home and at work. Use whatever works. Never forget, OpenBSD had two remote access bugs. What will number three turn out to be? Could be serious or still unknown right now. So, no OS is perfect and no hardware is perfect either. IMHO, I'm very happy with my choice, but you don't need to follow my choices at all. Good luck and have good success, Chris Bennett
Re: Lesser evil
On Tue, 4 Sep 2018 09:00:11 -0700 > Amazon > Prime Video and some other stuff now. But between my Android phone and > Amazon Fire 5 tablet, I can do that stuff anyway, so not really a big > loss. If I can get it done easily on OpenBSD, I do. WRT Amazon prime I have found that they drop the video quality options significantly for Android no matter what monitor is connected... really annoying. Not sure about firestick. I guess they think there is no point on a tiny phone screen but you really see the compression on a big screen. Some like ALL4 don't allow casting and Sky only allow HDMI out on Windows. I find Linux browser GPU support (Netflix) to be quite poor too even when h264 acceleration is meant to be supported and I have tried Intel a long time ago as well as AMD and Nvidia GPUs more recently.
CVE-2018-15473 ssh user enumeration vulnerability in OpenBSD 6.3
Hi, Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable to username existance checking by remote systems. OpenBSD current has a patch. https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 Demonstration code is found here: https://bugfuzz.com/stuff/ssh-check-username.py Those not familiar with Python can follow these steps to confirm vulnerability existance: # Python version 2.7 may have a different name on your system. virtualenv -p python2.7 sshenum_venv ./sshenum_venv/bin/pip install paramiko ./sshenum_venv/bin/python ssh-check-username.py host.example.com testuser More information can be found in the attached emails previously sent to secur...@openbsd.org. Regards, Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability Description: Binary data Re: CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability Description: Binary data
Re: resize /usr
Ken M [k...@mack-z.com] wrote: > > $ df -h > Filesystem SizeUsed Avail Capacity Mounted on > /dev/sd0a 1005M245M710M26%/ > /dev/sd0h 62.9G 21.7G 38.1G36%/home > /dev/sd0d 3.9G302K3.7G 0%/tmp > /dev/sd0f 14.8G 11.6G2.5G82%/usr > /dev/sd0g 19.7G1.1G 17.6G 6%/usr/ports > /dev/sd0e 11.2G 56.1M 10.6G 1%/var > > Above is my current disk setup, what I would like to do is shrink /usr/ports > to > grow /usr. > Just move /usr/ports back to /usr and remount /dev/sd0g as /usr/local
Re: CVE-2018-15473 ssh user enumeration vulnerability in OpenBSD 6.3
On Tue, 4 Sep 2018 12:05:01 -0500, "Karl O. Pinc" wrote: > Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable > to username existance checking by remote systems. It was already discussed on the list: https://marc.info/?l=openbsd-misc&m=153512055014488&w=2 Cheers, Daniel
Re: Cloud-Storage & OpenBSD
Hey there, I personally use restic https://restic.net/ together with Wasabi https://wasabi.com/ with their S3 API. Give it a try, it's super cheap and reliable. It's also in the ports tree, although I take the latest version from the Homepage. Regards, Stephan On 9/2/18 4:43 PM, Kurtis wrote: Hey all, I'm just wondering if anyone has any suggestions with any Online File Backup / Synchronization services? I used Dropbox for a long time but decided to drop it in favor of pCloud. It's about time to do another annual subscription so I'm looking at options. I use the same service for backing up photos from my phone, backing up documents from computers, and syncing files between multiple machines (Mac, Windows, and Linux, Android). Specifically, I'm looking for a service that is compatible with the major operating systems but also has a good client for OpenBSD. Bonus feature would be the ability to share the service with my family using different accounts. The ability to generate credentials that can only access certain folders would be _really_ cool. For example, my machines could generate reports and store them in my sync'd service so I could simplify viewing them from any machine. Thanks!
Re: CVE-2018-15473 ssh user enumeration vulnerability in OpenBSD 6.3
On Tue, 4 Sep 2018 13:16:26 -0400 Daniel Jakots wrote: > On Tue, 4 Sep 2018 12:05:01 -0500, "Karl O. Pinc" > wrote: > > > Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable > > to username existance checking by remote systems. > > It was already discussed on the list: > https://marc.info/?l=openbsd-misc&m=153512055014488&w=2 Thank you. I'd looked for "ssh" in past emails, but not the CVE number when looking to see if this was discussed. Regards, Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
Re: network connectivity problem (ifconfig, arp, ...)
Re-hello, The trunk is working fine at my office (between cable and wifi). I will need more time to better evaluate it. But this sounds indeed matching the need. But With this trunk now configured, I'm no more able to select the wifi at customer site. Indeed, at customer, I have 2 different nwid, and I'm used to switch from one to the other via simple ifconfig commands. When I will have time, I'll read some faq or man pages, to solve this situation via few ifconfig commands. In fact, I remain with my initial question: why arp having an entry with address "incomplete" on em0 does not perform the task when iwm0 is triggered and request a connection to my firewall ? The fw is running on the same address, just the path (netif) that change. regards On Mon, Sep 3, 2018 at 10:58 PM Vincent wrote: > Hello stefan, > > Hum... it could be similar situations. > > I've found an article combining the "join" and the trunk: > https://dataswamp.org/~solene/2018-08-30-openbsd-trunk.html > > I'll do same setup and will see > > Thanks. > > V. > > > > > > > > On 3 September 2018 20:26:27 CEST, Stefan Sperling wrote: >> >> On Mon, Sep 03, 2018 at 07:46:09PM +0200, vincent delft wrote: >> >>> Hello, >>> >>> I'm running -current and enjoy the new "join" feature of hostname.if. >>> >>> Nevertheless, I have sometime issues to have an internet connection. >>> >>> The context: >>> I have wifi and cable possibilities to connect the same network. Normaly I >>> prefer the network connection, so at my desk I plug the cable and use it. >>> But in some cases, I disconnect my laptop and use the wifi connection. >>> >>> Problem: >>> The wifi is well connected to my nwid, but the connectivity is not working >>> (cannot ping my main firewall to connect internet). >>> I think the problem is linked to wrong arp table (cfr here under) >>> >>> Why the arp entry for my firewall remains "expired" so long (could be more >>> than 10 minuntes) ? >>> Why a "doas arp -ad" does not remove this bad fw entry from the table ? >>> What could I do to solve the issue without rebooting the laptop ? (If I >>> reboot the laptop, this solve the problem). >>> >>> >>> >>> e5450:~$ arp -a >>> Host Ethernet AddressNetif Expire >>> Flags >>> fw (incomplete) em0 expired >>> 192.168.3.15 10:02:b5:83:40:41iwm0 permanent l >>> 192.168.3.16 f8:ca:b8:50:84:15 em0 permanent l >>> >> >> Didn't we already discuss the same question back in July? >> https://marc.info/?l=openbsd-misc&m=153220020618146&w=2 >> >> Again, try trunk(4). >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. >
Re: network connectivity problem (ifconfig, arp, ...)
On Tue, Sep 04, 2018 at 09:35:38PM +0200, vincent delft wrote: > In fact, I remain with my initial question: > why arp having an entry with address "incomplete" on em0 does not perform > the task when iwm0 is triggered and request a connection to my firewall ? > The fw is running on the same address, just the path (netif) that change. Generally, having two interfaces in the same subnet is never a good idea unless you really know what you are doing. So when you switch from em0 to iwm0 and they both end up having addresses on the same IP network, then you should delete the IP address from the interface which you aren't using: ifconfig em0 delete IP addresses are managed by tools like ifconfig and dhclient, they are not managed automatically by drivers such as em and iwm. To change IP addresses you need to run commands; either manually or in some automated way. For instance, you could configure ifstated(8) to run ifconfig when the em0 interface goes down.
Re: Lesser evil
On 09/04/18 09:09, Kevin Chadwick wrote: On Mon, 3 Sep 2018 18:03:06 -0400 I would not try to dual boot Windows and OpenBSD. There are too many disgusting viri out that smash parts of partitions. OpenBSD or anything else on the disk is a sitting duck once not active. Don't do it. The AV situation on Windows is out of control--a conservative estimate is that there are 4M pieces of malware out for Windows. Personally I feel this is a red herring. If you are finding viri on your system then OpenBSD helps but could be hacked too. Viri are unlikely with a security conscious OpenBSD user. You are doing something wrong or need to silo your actions. Um, maybe I'm not writing well. I'm talking about a dual-boot Windows OpenBSD system, which gets a Windows virus, which wipes out the disk. Effectively asleep, OpenBSD gets creamed. That's what I mean about dual-booting being a risk. --STeve Andre'
Re: alpine linux under vm? freezes
> so is there anything I could do to be able to use the console? Try setting a lower baud rate in Alpine’s /etc/inittab. (and in the linux kernel command line) That’s how I worked around the same issue. Regards, Joe
Re: Lesser evil
--Gesendet: Dienstag, 04. September 2018 um 23:00 Uhr Von: "STeve Andre'" An: "Kevin Chadwick" , misc@openbsd.org Betreff: Re: Lesser evil On 09/04/18 09:09, Kevin Chadwick wrote: Um, maybe I'm not writing well. I'm talking about a dual-boot Windows OpenBSD system, which gets a Windows virus, which wipes out the disk. Effectively asleep, OpenBSD gets creamed. That's what I mean about dual-booting being a risk. Hi, I understand you in that way, but I thougt win10 can�t read/write ufs-partitions.Maybe I�am wrong. I use Windows for one program (PsyPrax), cause I won�t run it in an emulation.I only trust in OpenBSD. Lean and clean code shifts security - plus the extra worklike pledge, KARL, w^x etc. ... and the most reviews praise the high quality codeof OpenBSD. Sometimes I use win10 or mac high sierra for amazon prime. best wishes,Heinz
Re: Change Windows10 disk to OpenBSD, but not sure what disklabel and fdisk mean
On Mon, 3 Sep 2018 15:35:04 -0700 Chris Bennett wrote: > OK > I see that i needed to use fdisk -v > > Any need to preserve any existing stuff? (and how if so?) > > > Primary GPT: > Disk: sd0 Usable LBA: 34 to 1953525134 [1953525168 Sectors] > GUID: 0b27fac9-4c45-460c-b321-f6ba7ccacfb9 >#: type [ start: > size ] guid name > >0: EFI Sys [2048: > 532480 ] ea1f79db-2bee-4ade-9b7c-017de2787211 EFI system > partition 1: e3c9e316-0b5c-4db8-817d-f92df00215ae > [ 534528:32768 ] 4aeb925c-5204-441c-b69a-1c834c45f14a > Microsoft reserved partition 2: FAT12 > [ 567296: 1898479616 ] 71338e9f-73de-47e5-af24-f4dd9ffe124a > Basic data partition 3: FAT12 > [ 1899046912: 52428800 ] 2ed3bbc7-5870-4fc0-be04-ba6cfaf9284c > Basic data partition 4: Win Recovery > [ 1951475712: 2048000 ] 11ab734a-6c45-4b61-b15b-3fad264c92d2 > Basic data partition > > Secondary GPT: > Disk: sd0 Usable LBA: 34 to 1953525134 [1953525168 Sectors] > GUID: 0b27fac9-4c45-460c-b321-f6ba7ccacfb9 >#: type [ start: > size ] guid name > >0: EFI Sys [2048: > 532480 ] ea1f79db-2bee-4ade-9b7c-017de2787211 EFI system > partition 1: e3c9e316-0b5c-4db8-817d-f92df00215ae > [ 534528:32768 ] 4aeb925c-5204-441c-b69a-1c834c45f14a > Microsoft reserved partition 2: FAT12 > [ 567296: 1898479616 ] 71338e9f-73de-47e5-af24-f4dd9ffe124a > Basic data partition 3: FAT12 > [ 1899046912: 52428800 ] 2ed3bbc7-5870-4fc0-be04-ba6cfaf9284c > Basic data partition 4: Win Recovery > [ 1951475712: 2048000 ] 11ab734a-6c45-4b61-b15b-3fad264c92d2 > Basic data partition > > MBR: > Disk: sd0 geometry: 121601/255/63 [1953525168 Sectors] > Offset: 0 Signature: 0xAA55 > Starting Ending LBA Info: > #: id C H S - C H S [ start:size ] > --- > 0: EE 0 0 2 - 267349 89 4 [ 1: 4294967295 ] > EFI GPT 1: 00 0 0 0 - 0 0 0 > [ 0: 0 ] unused 2: 00 0 0 0 - 0 > 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - > 0 0 0 [ 0: 0 ] unused > > Microsoft reserved partition would be what? > I just don't want to end up with a non-bootable drive. > Windows 10 sticks it's fingers into changing BIOS settings, especially > after a big update. > > And now I go searching for lot's of stuff on Gurgle.com. > Which really get's me pretty worthless crap for about 2 years now. > > Thanks, > Chris Bennett > > The Microsoft reserved partition is involved in booting and/or repairing Windows: you don't care. The key thing is to ensure that your firmware is not set up for secure boot to the existing EFI partition. If secure boot is off in firmware, and all the data is elsewhere, go ahead with a whole-disk installation is my advice. -- Edward Ahlsen-Girard Ft Walton Beach, FL
Re: resize /usr
On Tue, Sep 04, 2018 at 10:06:52AM -0700, Chris Cappuccio wrote: > > Just move /usr/ports back to /usr and remount /dev/sd0g as /usr/local A perfectly reasonable suggestion, something I thought about. I kind of want to tweak this and learn a little bit to make things better so I am going to give the aggressive approach a try as I have a few days down time coming up. I made a quick backup of everything in /etc /usr /home and captured my current installed package list just to be safe. My plan is to split /usr and /usr/ports into /usr /usr/local /usr/ports. Haven't really decided how much space for each. I am going to think about it in the interim. As a development laptop I don't really need a separate /var perhaps. And then I can claim some extra space in home... Perhaps I like to tinker too much... Ken
Re: Lesser evil
On 09/04/18 20:04, Heinz Kampmann wrote: -- *Gesendet:* Dienstag, 04. September 2018 um 23:00 Uhr *Von:* "STeve Andre'" *An:* "Kevin Chadwick" , misc@openbsd.org *Betreff:* Re: Lesser evil On 09/04/18 09:09, Kevin Chadwick wrote: Um, maybe I'm not writing well. I'm talking about a dual-boot Windows OpenBSD system, which gets a Windows virus, which wipes out the disk. Effectively asleep, OpenBSD gets creamed. That's what I mean about dual-booting being a risk. Hi, I understand you in that way, but I thougt win10 can´t read/write ufs-partitions. Maybe I´am wrong. I use Windows for one program (PsyPrax), cause I won´t run it in an emulation. I only trust in OpenBSD. Lean and clean code shifts security - plus the extra work like pledge, KARL, w^x etc. ... and the most reviews praise the high quality code of OpenBSD. Sometimes I use win10 or mac high sierra for amazon prime. best wishes, Heinz Heinz, Think disk, not partitions. Smash the raw disk and it matters not what was on it; it will be obliterated. That's what some Win viri do. --STeve Andre'
Re: make(1) and multiple outputs
On Tue, Sep 4, 2018 at 12:43 AM Marc Espie wrote: > On Mon, Sep 03, 2018 at 12:14:45PM -0900, Philip Guenther wrote: > ... > > Does our make have some logic in the -jN handling to detect and prevent > > that, Marc? > > Philip, is that a rhetorical question ? > Heh, no. Just the question of someone whose head is full of intel grunge, leaving vague memories of other parts of the system. You know quite well it does. > > There's code that looks at the target line for presence of $@, to > desambiguate multiple targets rules from "macro-like" behavior, and the > other targets get locked out while one target is built, so that in effect > all > targets get updated at once. > Woot. Philip Guenther
